The CreateRuleGroupsNamespace operation creates a rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.
Use this operation only to create new rule groups namespaces. To update an existing rule groups namespace, use PutRuleGroupsNamespace.
The CreateRuleGroupsNamespace operation creates a rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.
The combined length of a rule group namespace and a rule group name cannot exceed 721 UTF-8 bytes.
Use this operation only to create new rule groups namespaces. To update an existing rule groups namespace, use PutRuleGroupsNamespace.
The CreateScraper operation creates a scraper to collect metrics. A scraper pulls metrics from Prometheus-compatible sources within an Amazon EKS cluster, and sends them to your Amazon Managed Service for Prometheus workspace. Scrapers are flexible, and can be configured to control what metrics are collected, the frequency of collection, what transformations are applied to the metrics, and more.
An IAM role will be created for you that Amazon Managed Service for Prometheus uses to access the metrics in your cluster. You must configure this role with a policy that allows it to scrape metrics from your cluster. For more information, see Configuring your Amazon EKS cluster in the Amazon Managed Service for Prometheus User Guide.
The scrapeConfiguration parameter contains the base-64 encoded YAML configuration for the scraper.
When creating a scraper, the service creates a Network Interface in each Availability Zone that are passed into CreateScraper through subnets. These network interfaces are used to connect to the Amazon EKS cluster within the VPC for scraping metrics.
For more information about collectors, including what metrics are collected, and how to configure the scraper, see Using an Amazon Web Services managed collector in the Amazon Managed Service for Prometheus User Guide.
The CreateScraper operation creates a scraper to collect metrics. A scraper pulls metrics from Prometheus-compatible sources and sends them to your Amazon Managed Service for Prometheus workspace. You can configure scrapers to collect metrics from Amazon EKS clusters, Amazon MSK clusters, or from VPC-based sources that support DNS-based service discovery. Scrapers are flexible, and can be configured to control what metrics are collected, the frequency of collection, what transformations are applied to the metrics, and more.
An IAM role will be created for you that Amazon Managed Service for Prometheus uses to access the metrics in your source. You must configure this role with a policy that allows it to scrape metrics from your source. For Amazon EKS sources, see Configuring your Amazon EKS cluster in the Amazon Managed Service for Prometheus User Guide.
The scrapeConfiguration parameter contains the base-64 encoded YAML configuration for the scraper.
When creating a scraper, the service creates a Network Interface in each Availability Zone that are passed into CreateScraper through subnets. These network interfaces are used to connect to your source within the VPC for scraping metrics.
For more information about collectors, including what metrics are collected, and how to configure the scraper, see Using an Amazon Web Services managed collector in the Amazon Managed Service for Prometheus User Guide.
Updates an existing rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.
Use this operation only to update existing rule groups namespaces. To create a new rule groups namespace, use CreateRuleGroupsNamespace.
You can't use this operation to add tags to an existing rule groups namespace. Instead, use TagResource.
Updates an existing rule groups namespace within a workspace. A rule groups namespace is associated with exactly one rules file. A workspace can have multiple rule groups namespaces.
The combined length of a rule group namespace and a rule group name cannot exceed 721 UTF-8 bytes.
Use this operation only to update existing rule groups namespaces. To create a new rule groups namespace, use CreateRuleGroupsNamespace.
You can't use this operation to add tags to an existing rule groups namespace. Instead, use TagResource.
The Amazon EKS cluster from which the scraper will collect metrics.
" + "documentation":"The Amazon EKS or Amazon Web Services cluster from which the scraper will collect metrics.
" }, "destination":{ "shape":"Destination", @@ -3383,6 +3383,10 @@ "eksConfiguration":{ "shape":"EksConfiguration", "documentation":"The Amazon EKS cluster from which a scraper collects metrics.
" + }, + "vpcConfiguration":{ + "shape":"VpcConfiguration", + "documentation":"The Amazon VPC configuration for the Prometheus collector when connecting to Amazon MSK clusters. This configuration enables secure, private network connectivity between the collector and your Amazon MSK cluster within your Amazon VPC.
" } }, "documentation":"The source of collected metrics for a scraper.
", @@ -3813,6 +3817,24 @@ "OTHER" ] }, + "VpcConfiguration":{ + "type":"structure", + "required":[ + "securityGroupIds", + "subnetIds" + ], + "members":{ + "securityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"The security group IDs that control network access for the Prometheus collector. These security groups must allow the collector to communicate with your Amazon MSK cluster on the required ports.
" + }, + "subnetIds":{ + "shape":"SubnetIds", + "documentation":"The subnet IDs where the Prometheus collector will be deployed. The subnets must be in the same Amazon VPC as your Amazon MSK cluster and have network connectivity to the cluster.
" + } + }, + "documentation":"The Amazon VPC configuration that specifies the network settings for a Prometheus collector to securely connect to Amazon MSK clusters. This configuration includes the security groups and subnets that control network access and placement for the collector.
" + }, "WorkspaceAlias":{ "type":"string", "documentation":"A user-assigned workspace alias.
", diff --git a/awscli/botocore/data/apigateway/2015-07-09/service-2.json b/awscli/botocore/data/apigateway/2015-07-09/service-2.json index 67b4e67e4637..75201f15dd8b 100644 --- a/awscli/botocore/data/apigateway/2015-07-09/service-2.json +++ b/awscli/botocore/data/apigateway/2015-07-09/service-2.json @@ -2300,6 +2300,15 @@ }, "documentation":"API stage name of the associated API stage in a usage plan.
" }, + "ApiStatus":{ + "type":"string", + "enum":[ + "UPDATING", + "AVAILABLE", + "PENDING", + "FAILED" + ] + }, "Authorizer":{ "type":"structure", "members":{ @@ -2815,7 +2824,11 @@ }, "securityPolicy":{ "shape":"SecurityPolicy", - "documentation":"The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are TLS_1_0 and TLS_1_2.
The Transport Layer Security (TLS) version + cipher suite for this DomainName.
" + }, + "endpointAccessMode":{ + "shape":"EndpointAccessMode", + "documentation":" The endpoint access mode of the DomainName. Only available for DomainNames that use security policies that start with SecurityPolicy_.
Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint
The Transport Layer Security (TLS) version + cipher suite for this RestApi.
" + }, + "endpointAccessMode":{ + "shape":"EndpointAccessMode", + "documentation":" The endpoint access mode of the RestApi. Only available for RestApis that use security policies that start with SecurityPolicy_.
The POST Request to add a new RestApi resource to your collection.
" @@ -3821,7 +3842,11 @@ }, "securityPolicy":{ "shape":"SecurityPolicy", - "documentation":"The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are TLS_1_0 and TLS_1_2.
The Transport Layer Security (TLS) version + cipher suite for this DomainName.
" + }, + "endpointAccessMode":{ + "shape":"EndpointAccessMode", + "documentation":"The endpoint access mode of the DomainName.
" }, "tags":{ "shape":"MapOfStringToString", @@ -3894,7 +3919,8 @@ "UPDATING", "PENDING", "PENDING_CERTIFICATE_REIMPORT", - "PENDING_OWNERSHIP_VERIFICATION" + "PENDING_OWNERSHIP_VERIFICATION", + "FAILED" ] }, "DomainNames":{ @@ -3910,6 +3936,13 @@ "documentation":"Represents a collection of DomainName resources.
" }, "Double":{"type":"double"}, + "EndpointAccessMode":{ + "type":"string", + "enum":[ + "BASIC", + "STRICT" + ] + }, "EndpointConfiguration":{ "type":"structure", "members":{ @@ -5390,6 +5423,14 @@ "tlsConfig":{ "shape":"TlsConfig", "documentation":"Specifies the TLS configuration for an integration.
" + }, + "responseTransferMode":{ + "shape":"ResponseTransferMode", + "documentation":"The response transfer mode of the integration.
" + }, + "integrationTarget":{ + "shape":"String", + "documentation":"The ALB or NLB listener to send the request to.
" } }, "documentation":"Represents an HTTP, HTTP_PROXY, AWS, AWS_PROXY, or Mock integration.
Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds or 29 seconds. You can increase the default value to longer than 29 seconds for Regional or private APIs only.
" }, - "tlsConfig":{"shape":"TlsConfig"} + "tlsConfig":{"shape":"TlsConfig"}, + "responseTransferMode":{ + "shape":"ResponseTransferMode", + "documentation":"The response transfer mode of the integration.
" + }, + "integrationTarget":{ + "shape":"String", + "documentation":"The ALB or NLB listener to send the request to.
" + } }, "documentation":"Sets up a method's integration.
" }, @@ -6318,6 +6367,13 @@ }, "documentation":"Represents a collection of Resource resources.
" }, + "ResponseTransferMode":{ + "type":"string", + "enum":[ + "BUFFERED", + "STREAM" + ] + }, "RestApi":{ "type":"structure", "members":{ @@ -6376,6 +6432,22 @@ "rootResourceId":{ "shape":"String", "documentation":"The API's root resource ID.
" + }, + "securityPolicy":{ + "shape":"SecurityPolicy", + "documentation":"The Transport Layer Security (TLS) version + cipher suite for this RestApi.
" + }, + "endpointAccessMode":{ + "shape":"EndpointAccessMode", + "documentation":"The endpoint access mode of the RestApi.
" + }, + "apiStatus":{ + "shape":"ApiStatus", + "documentation":"The ApiStatus of the RestApi.
" + }, + "apiStatusMessage":{ + "shape":"String", + "documentation":" The status message of the RestApi. When the status message is UPDATING you can still invoke it.
Represents a REST API.
" @@ -6487,7 +6559,16 @@ "type":"string", "enum":[ "TLS_1_0", - "TLS_1_2" + "TLS_1_2", + "SecurityPolicy_TLS13_1_3_2025_09", + "SecurityPolicy_TLS13_1_3_FIPS_2025_09", + "SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09", + "SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09", + "SecurityPolicy_TLS13_1_2_PQ_2025_09", + "SecurityPolicy_TLS13_1_2_2021_06", + "SecurityPolicy_TLS13_2025_EDGE", + "SecurityPolicy_TLS12_PFS_2025_EDGE", + "SecurityPolicy_TLS12_2018_EDGE" ] }, "ServiceUnavailableException":{ diff --git a/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json b/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json index 798a8dbb2e90..0c9022f13b9f 100644 --- a/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json +++ b/awscli/botocore/data/apigatewayv2/2018-11-29/paginators-1.json @@ -65,6 +65,30 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "RoutingRules" + }, + "ListPortalProducts": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListPortals": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListProductPages": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" + }, + "ListProductRestEndpointPages": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Items" } } } diff --git a/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json b/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json index fa0e91c1b3f0..231234326862 100644 --- a/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json +++ b/awscli/botocore/data/apigatewayv2/2018-11-29/service-2.json @@ -290,6 +290,134 @@ ], "documentation": "Creates a Model for an API.
" }, + "CreatePortal": { + "name": "CreatePortal", + "http": { + "method": "POST", + "requestUri": "/v2/portals", + "responseCode": 201 + }, + "input": { + "shape": "CreatePortalRequest" + }, + "output": { + "shape": "CreatePortalResponse", + "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Creates a portal.
" + }, + "CreatePortalProduct": { + "name": "CreatePortalProduct", + "http": { + "method": "POST", + "requestUri": "/v2/portalproducts", + "responseCode": 201 + }, + "input": { + "shape": "CreatePortalProductRequest" + }, + "output": { + "shape": "CreatePortalProductResponse", + "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Creates a new portal product.
" + }, + "CreateProductPage": { + "name": "CreateProductPage", + "http": { + "method": "POST", + "requestUri": "/v2/portalproducts/{portalProductId}/productpages", + "responseCode": 201 + }, + "input": { + "shape": "CreateProductPageRequest" + }, + "output": { + "shape": "CreateProductPageResponse", + "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Creates a new product page for a portal product.
" + }, + "CreateProductRestEndpointPage": { + "name": "CreateProductRestEndpointPage", + "http": { + "method": "POST", + "requestUri": "/v2/portalproducts/{portalProductId}/productrestendpointpages", + "responseCode": 201 + }, + "input": { + "shape": "CreateProductRestEndpointPageRequest" + }, + "output": { + "shape": "CreateProductRestEndpointPageResponse", + "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Creates a product REST endpoint page for a portal product.
" + }, "CreateRoute": { "name": "CreateRoute", "http": { @@ -676,6 +804,152 @@ ], "documentation": "Deletes a Model.
" }, + "DeletePortal": { + "name": "DeletePortal", + "http": { + "method": "DELETE", + "requestUri": "/v2/portals/{portalId}", + "responseCode": 204 + }, + "input": { + "shape": "DeletePortalRequest" + }, + "errors": [ + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Deletes a portal.
" + }, + "DeletePortalProduct": { + "name": "DeletePortalProduct", + "http": { + "method": "DELETE", + "requestUri": "/v2/portalproducts/{portalProductId}", + "responseCode": 204 + }, + "input": { + "shape": "DeletePortalProductRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Deletes a portal product.
" + }, + "DeletePortalProductSharingPolicy": { + "name": "DeletePortalProductSharingPolicy", + "http": { + "method": "DELETE", + "requestUri": "/v2/portalproducts/{portalProductId}/sharingpolicy", + "responseCode": 204 + }, + "input": { + "shape": "DeletePortalProductSharingPolicyRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Deletes the sharing policy for a portal product.
" + }, + "DeleteProductPage": { + "name": "DeleteProductPage", + "http": { + "method": "DELETE", + "requestUri": "/v2/portalproducts/{portalProductId}/productpages/{productPageId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteProductPageRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Deletes a product page of a portal product.
" + }, + "DeleteProductRestEndpointPage": { + "name": "DeleteProductRestEndpointPage", + "http": { + "method": "DELETE", + "requestUri": "/v2/portalproducts/{portalProductId}/productrestendpointpages/{productRestEndpointPageId}", + "responseCode": 204 + }, + "input": { + "shape": "DeleteProductRestEndpointPageRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Deletes a product REST endpoint page.
" + }, "DeleteRoute": { "name": "DeleteRoute", "http": { @@ -868,6 +1142,40 @@ } ] }, + "DisablePortal": { + "name": "DisablePortal", + "http": { + "method": "DELETE", + "requestUri": "/v2/portals/{portalId}/publish", + "responseCode": 204 + }, + "input": { + "shape": "DisablePortalRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Deletes the publication of a portal portal.
" + }, "ResetAuthorizersCache": { "name": "ResetAuthorizersCache", "http": { @@ -1368,8 +1676,178 @@ ], "documentation": "Gets the Models for an API.
" }, - "GetRoute": { - "name": "GetRoute", + "GetPortal": { + "name": "GetPortal", + "http": { + "method": "GET", + "requestUri": "/v2/portals/{portalId}", + "responseCode": 200 + }, + "input": { + "shape": "GetPortalRequest" + }, + "output": { + "shape": "GetPortalResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Gets a portal.
" + }, + "GetPortalProduct": { + "name": "GetPortalProduct", + "http": { + "method": "GET", + "requestUri": "/v2/portalproducts/{portalProductId}", + "responseCode": 200 + }, + "input": { + "shape": "GetPortalProductRequest" + }, + "output": { + "shape": "GetPortalProductResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Gets a portal product.
" + }, + "GetPortalProductSharingPolicy": { + "name": "GetPortalProductSharingPolicy", + "http": { + "method": "GET", + "requestUri": "/v2/portalproducts/{portalProductId}/sharingpolicy", + "responseCode": 200 + }, + "input": { + "shape": "GetPortalProductSharingPolicyRequest" + }, + "output": { + "shape": "GetPortalProductSharingPolicyResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Gets the sharing policy for a portal product.
" + }, + "GetProductPage": { + "name": "GetProductPage", + "http": { + "method": "GET", + "requestUri": "/v2/portalproducts/{portalProductId}/productpages/{productPageId}", + "responseCode": 200 + }, + "input": { + "shape": "GetProductPageRequest" + }, + "output": { + "shape": "GetProductPageResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Gets a product page of a portal product.
" + }, + "GetProductRestEndpointPage": { + "name": "GetProductRestEndpointPage", + "http": { + "method": "GET", + "requestUri": "/v2/portalproducts/{portalProductId}/productrestendpointpages/{productRestEndpointPageId}", + "responseCode": 200 + }, + "input": { + "shape": "GetProductRestEndpointPageRequest" + }, + "output": { + "shape": "GetProductRestEndpointPageResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Gets a product REST endpoint page.
" + }, + "GetRoute": { + "name": "GetRoute", "http": { "method": "GET", "requestUri": "/v2/apis/{apiId}/routes/{routeId}", @@ -1716,26 +2194,21 @@ ], "documentation": "Imports an API.
" }, - "PutRoutingRule": { - "name": "PutRoutingRule", - "documentation": "Updates a routing rule.
", + "ListPortalProducts": { + "name": "ListPortalProducts", "http": { - "method": "PUT", - "requestUri": "/v2/domainnames/{domainName}/routingrules/{routingRuleId}", + "method": "GET", + "requestUri": "/v2/portalproducts", "responseCode": 200 }, "input": { - "shape": "PutRoutingRuleRequest" + "shape": "ListPortalProductsRequest" }, "output": { - "shape": "PutRoutingRuleResponse", + "shape": "ListPortalProductsResponse", "documentation": "Success
" }, "errors": [ - { - "shape": "NotFoundException", - "documentation": "The resource specified in the request was not found.
" - }, { "shape": "TooManyRequestsException", "documentation": "The client is sending more than the allowed number of requests per unit of time.
" @@ -1745,31 +2218,27 @@ "documentation": "One of the parameters in the request is invalid.
" }, { - "shape": "ConflictException", - "documentation": "The resource already exists.
" + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "idempotent": true + "documentation": "Lists portal products.
" }, - "ReimportApi": { - "name": "ReimportApi", + "ListPortals": { + "name": "ListPortals", "http": { - "method": "PUT", - "requestUri": "/v2/apis/{apiId}", - "responseCode": 201 + "method": "GET", + "requestUri": "/v2/portals", + "responseCode": 200 }, "input": { - "shape": "ReimportApiRequest" + "shape": "ListPortalsRequest" }, "output": { - "shape": "ReimportApiResponse", - "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + "shape": "ListPortalsResponse", + "documentation": "Success
" }, "errors": [ - { - "shape": "NotFoundException", - "documentation": "The resource specified in the request was not found.
" - }, { "shape": "TooManyRequestsException", "documentation": "The client is sending more than the allowed number of requests per unit of time.
" @@ -1779,25 +2248,25 @@ "documentation": "One of the parameters in the request is invalid.
" }, { - "shape": "ConflictException", - "documentation": "The resource already exists.
" + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "documentation": "Puts an Api resource.
" + "documentation": "Lists portals.
" }, - "TagResource": { - "name": "TagResource", + "ListProductPages": { + "name": "ListProductPages", "http": { - "method": "POST", - "requestUri": "/v2/tags/{resource-arn}", - "responseCode": 201 + "method": "GET", + "requestUri": "/v2/portalproducts/{portalProductId}/productpages", + "responseCode": 200 }, "input": { - "shape": "TagResourceRequest" + "shape": "ListProductPagesRequest" }, "output": { - "shape": "TagResourceResponse", - "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + "shape": "ListProductPagesResponse", + "documentation": "Success
" }, "errors": [ { @@ -1813,21 +2282,25 @@ "documentation": "One of the parameters in the request is invalid.
" }, { - "shape": "ConflictException", - "documentation": "The resource already exists.
" + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "documentation": "Creates a new Tag resource to represent a tag.
" + "documentation": "Lists the product pages for a portal product.
" }, - "UntagResource": { - "name": "UntagResource", + "ListProductRestEndpointPages": { + "name": "ListProductRestEndpointPages", "http": { - "method": "DELETE", - "requestUri": "/v2/tags/{resource-arn}", - "responseCode": 204 + "method": "GET", + "requestUri": "/v2/portalproducts/{portalProductId}/productrestendpointpages", + "responseCode": 200 }, "input": { - "shape": "UntagResourceRequest" + "shape": "ListProductRestEndpointPagesRequest" + }, + "output": { + "shape": "ListProductRestEndpointPagesResponse", + "documentation": "Success
" }, "errors": [ { @@ -1843,25 +2316,25 @@ "documentation": "One of the parameters in the request is invalid.
" }, { - "shape": "ConflictException", - "documentation": "The resource already exists.
" + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "documentation": "Deletes a Tag.
" + "documentation": "Lists the product REST endpoint pages of a portal product.
" }, - "UpdateApi": { - "name": "UpdateApi", + "PreviewPortal": { + "name": "PreviewPortal", "http": { - "method": "PATCH", - "requestUri": "/v2/apis/{apiId}", - "responseCode": 200 + "method": "POST", + "requestUri": "/v2/portals/{portalId}/preview", + "responseCode": 202 }, "input": { - "shape": "UpdateApiRequest" + "shape": "PreviewPortalRequest" }, "output": { - "shape": "UpdateApiResponse", - "documentation": "Success
" + "shape": "PreviewPortalResponse", + "documentation": "202 response
" }, "errors": [ { @@ -1879,23 +2352,27 @@ { "shape": "ConflictException", "documentation": "The resource already exists.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "documentation": "Updates an Api resource.
" + "documentation": "Creates a portal preview.
" }, - "UpdateApiMapping": { - "name": "UpdateApiMapping", + "PublishPortal": { + "name": "PublishPortal", "http": { - "method": "PATCH", - "requestUri": "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", - "responseCode": 200 + "method": "POST", + "requestUri": "/v2/portals/{portalId}/publish", + "responseCode": 202 }, "input": { - "shape": "UpdateApiMappingRequest" + "shape": "PublishPortalRequest" }, "output": { - "shape": "UpdateApiMappingResponse", - "documentation": "Success
" + "shape": "PublishPortalResponse", + "documentation": "202 response
" }, "errors": [ { @@ -1913,23 +2390,27 @@ { "shape": "ConflictException", "documentation": "The resource already exists.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "documentation": "The API mapping.
" + "documentation": "Publishes a portal.
" }, - "UpdateAuthorizer": { - "name": "UpdateAuthorizer", + "PutPortalProductSharingPolicy": { + "name": "PutPortalProductSharingPolicy", "http": { - "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/authorizers/{authorizerId}", + "method": "PUT", + "requestUri": "/v2/portalproducts/{portalProductId}/sharingpolicy", "responseCode": 200 }, "input": { - "shape": "UpdateAuthorizerRequest" + "shape": "PutPortalProductSharingPolicyRequest" }, "output": { - "shape": "UpdateAuthorizerResponse", - "documentation": "Success
" + "shape": "PutPortalProductSharingPolicyResponse", + "documentation": "200 response
" }, "errors": [ { @@ -1945,24 +2426,25 @@ "documentation": "One of the parameters in the request is invalid.
" }, { - "shape": "ConflictException", - "documentation": "The resource already exists.
" + "shape": "AccessDeniedException", + "documentation": "403 response
" } ], - "documentation": "Updates an Authorizer.
" + "documentation": "Updates the sharing policy for a portal product.
" }, - "UpdateDeployment": { - "name": "UpdateDeployment", + "PutRoutingRule": { + "name": "PutRoutingRule", + "documentation": "Updates a routing rule.
", "http": { - "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/deployments/{deploymentId}", + "method": "PUT", + "requestUri": "/v2/domainnames/{domainName}/routingrules/{routingRuleId}", "responseCode": 200 }, "input": { - "shape": "UpdateDeploymentRequest" + "shape": "PutRoutingRuleRequest" }, "output": { - "shape": "UpdateDeploymentResponse", + "shape": "PutRoutingRuleResponse", "documentation": "Success
" }, "errors": [ @@ -1983,21 +2465,21 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates a Deployment.
" + "idempotent": true }, - "UpdateDomainName": { - "name": "UpdateDomainName", + "ReimportApi": { + "name": "ReimportApi", "http": { - "method": "PATCH", - "requestUri": "/v2/domainnames/{domainName}", - "responseCode": 200 + "method": "PUT", + "requestUri": "/v2/apis/{apiId}", + "responseCode": 201 }, "input": { - "shape": "UpdateDomainNameRequest" + "shape": "ReimportApiRequest" }, "output": { - "shape": "UpdateDomainNameResponse", - "documentation": "Success
" + "shape": "ReimportApiResponse", + "documentation": "The request has succeeded and has resulted in the creation of a resource.
" }, "errors": [ { @@ -2017,20 +2499,84 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates a domain name.
" + "documentation": "Puts an Api resource.
" }, - "UpdateIntegration": { - "name": "UpdateIntegration", + "TagResource": { + "name": "TagResource", + "http": { + "method": "POST", + "requestUri": "/v2/tags/{resource-arn}", + "responseCode": 201 + }, + "input": { + "shape": "TagResourceRequest" + }, + "output": { + "shape": "TagResourceResponse", + "documentation": "The request has succeeded and has resulted in the creation of a resource.
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + } + ], + "documentation": "Creates a new Tag resource to represent a tag.
" + }, + "UntagResource": { + "name": "UntagResource", + "http": { + "method": "DELETE", + "requestUri": "/v2/tags/{resource-arn}", + "responseCode": 204 + }, + "input": { + "shape": "UntagResourceRequest" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + } + ], + "documentation": "Deletes a Tag.
" + }, + "UpdateApi": { + "name": "UpdateApi", "http": { "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}", + "requestUri": "/v2/apis/{apiId}", "responseCode": 200 }, "input": { - "shape": "UpdateIntegrationRequest" + "shape": "UpdateApiRequest" }, "output": { - "shape": "UpdateIntegrationResult", + "shape": "UpdateApiResponse", "documentation": "Success
" }, "errors": [ @@ -2051,20 +2597,20 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates an Integration.
" + "documentation": "Updates an Api resource.
" }, - "UpdateIntegrationResponse": { - "name": "UpdateIntegrationResponse", + "UpdateApiMapping": { + "name": "UpdateApiMapping", "http": { "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", + "requestUri": "/v2/domainnames/{domainName}/apimappings/{apiMappingId}", "responseCode": 200 }, "input": { - "shape": "UpdateIntegrationResponseRequest" + "shape": "UpdateApiMappingRequest" }, "output": { - "shape": "UpdateIntegrationResponseResponse", + "shape": "UpdateApiMappingResponse", "documentation": "Success
" }, "errors": [ @@ -2085,20 +2631,20 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates an IntegrationResponses.
" + "documentation": "The API mapping.
" }, - "UpdateModel": { - "name": "UpdateModel", + "UpdateAuthorizer": { + "name": "UpdateAuthorizer", "http": { "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/models/{modelId}", + "requestUri": "/v2/apis/{apiId}/authorizers/{authorizerId}", "responseCode": 200 }, "input": { - "shape": "UpdateModelRequest" + "shape": "UpdateAuthorizerRequest" }, "output": { - "shape": "UpdateModelResponse", + "shape": "UpdateAuthorizerResponse", "documentation": "Success
" }, "errors": [ @@ -2119,20 +2665,20 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates a Model.
" + "documentation": "Updates an Authorizer.
" }, - "UpdateRoute": { - "name": "UpdateRoute", + "UpdateDeployment": { + "name": "UpdateDeployment", "http": { "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/routes/{routeId}", + "requestUri": "/v2/apis/{apiId}/deployments/{deploymentId}", "responseCode": 200 }, "input": { - "shape": "UpdateRouteRequest" + "shape": "UpdateDeploymentRequest" }, "output": { - "shape": "UpdateRouteResult", + "shape": "UpdateDeploymentResponse", "documentation": "Success
" }, "errors": [ @@ -2153,20 +2699,20 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates a Route.
" + "documentation": "Updates a Deployment.
" }, - "UpdateRouteResponse": { - "name": "UpdateRouteResponse", + "UpdateDomainName": { + "name": "UpdateDomainName", "http": { "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", + "requestUri": "/v2/domainnames/{domainName}", "responseCode": 200 }, "input": { - "shape": "UpdateRouteResponseRequest" + "shape": "UpdateDomainNameRequest" }, "output": { - "shape": "UpdateRouteResponseResponse", + "shape": "UpdateDomainNameResponse", "documentation": "Success
" }, "errors": [ @@ -2187,20 +2733,20 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates a RouteResponse.
" + "documentation": "Updates a domain name.
" }, - "UpdateStage": { - "name": "UpdateStage", + "UpdateIntegration": { + "name": "UpdateIntegration", "http": { "method": "PATCH", - "requestUri": "/v2/apis/{apiId}/stages/{stageName}", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}", "responseCode": 200 }, "input": { - "shape": "UpdateStageRequest" + "shape": "UpdateIntegrationRequest" }, "output": { - "shape": "UpdateStageResponse", + "shape": "UpdateIntegrationResult", "documentation": "Success
" }, "errors": [ @@ -2221,21 +2767,21 @@ "documentation": "The resource already exists.
" } ], - "documentation": "Updates a Stage.
" + "documentation": "Updates an Integration.
" }, - "UpdateVpcLink": { - "name": "UpdateVpcLink", + "UpdateIntegrationResponse": { + "name": "UpdateIntegrationResponse", "http": { "method": "PATCH", - "requestUri": "/v2/vpclinks/{vpcLinkId}", + "requestUri": "/v2/apis/{apiId}/integrations/{integrationId}/integrationresponses/{integrationResponseId}", "responseCode": 200 }, "input": { - "shape": "UpdateVpcLinkRequest" + "shape": "UpdateIntegrationResponseRequest" }, "output": { - "shape": "UpdateVpcLinkResponse", - "documentation": "200 response
" + "shape": "UpdateIntegrationResponseResponse", + "documentation": "Success
" }, "errors": [ { @@ -2249,58 +2795,399 @@ { "shape": "BadRequestException", "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" } ], - "documentation": "Updates a VPC link.
" - } - }, - "shapes": { - "AccessDeniedException": { - "type": "structure", - "members": { - "Message": { - "shape": "__string", - "locationName": "message" - } - }, - "exception": true, - "error": { - "httpStatusCode": 403 - } + "documentation": "Updates an IntegrationResponses.
" }, - "AccessLogSettings": { - "type": "structure", - "members": { - "DestinationArn": { - "shape": "Arn", - "locationName": "destinationArn", - "documentation": "The ARN of the CloudWatch Logs log group to receive access logs.
" - }, - "Format": { - "shape": "StringWithLengthBetween1And1024", - "locationName": "format", - "documentation": "A single line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.
" - } + "UpdateModel": { + "name": "UpdateModel", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/models/{modelId}", + "responseCode": 200 }, - "documentation": "Settings for logging access in a stage.
" - }, - "Api": { - "type": "structure", - "members": { - "ApiEndpoint": { - "shape": "__string", - "locationName": "apiEndpoint", - "documentation": "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.
" + "input": { + "shape": "UpdateModelRequest" + }, + "output": { + "shape": "UpdateModelResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" }, - "ApiGatewayManaged": { - "shape": "__boolean", - "locationName": "apiGatewayManaged", - "documentation": "Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.
" + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" }, - "ApiId": { - "shape": "Id", - "locationName": "apiId", - "documentation": "The API ID.
" + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + } + ], + "documentation": "Updates a Model.
" + }, + "UpdatePortal": { + "name": "UpdatePortal", + "http": { + "method": "PATCH", + "requestUri": "/v2/portals/{portalId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdatePortalRequest" + }, + "output": { + "shape": "UpdatePortalResponse", + "documentation": "200 response
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Updates a portal.
" + }, + "UpdatePortalProduct": { + "name": "UpdatePortalProduct", + "http": { + "method": "PATCH", + "requestUri": "/v2/portalproducts/{portalProductId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdatePortalProductRequest" + }, + "output": { + "shape": "UpdatePortalProductResponse", + "documentation": "200 response
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Updates the portal product.
" + }, + "UpdateProductPage": { + "name": "UpdateProductPage", + "http": { + "method": "PATCH", + "requestUri": "/v2/portalproducts/{portalProductId}/productpages/{productPageId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateProductPageRequest" + }, + "output": { + "shape": "UpdateProductPageResponse", + "documentation": "200 response
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Updates a product page of a portal product.
" + }, + "UpdateProductRestEndpointPage": { + "name": "UpdateProductRestEndpointPage", + "http": { + "method": "PATCH", + "requestUri": "/v2/portalproducts/{portalProductId}/productrestendpointpages/{productRestEndpointPageId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateProductRestEndpointPageRequest" + }, + "output": { + "shape": "UpdateProductRestEndpointPageResponse", + "documentation": "200 response
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "AccessDeniedException", + "documentation": "403 response
" + } + ], + "documentation": "Updates a product REST endpoint page.
" + }, + "UpdateRoute": { + "name": "UpdateRoute", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateRouteRequest" + }, + "output": { + "shape": "UpdateRouteResult", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + } + ], + "documentation": "Updates a Route.
" + }, + "UpdateRouteResponse": { + "name": "UpdateRouteResponse", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/routes/{routeId}/routeresponses/{routeResponseId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateRouteResponseRequest" + }, + "output": { + "shape": "UpdateRouteResponseResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + } + ], + "documentation": "Updates a RouteResponse.
" + }, + "UpdateStage": { + "name": "UpdateStage", + "http": { + "method": "PATCH", + "requestUri": "/v2/apis/{apiId}/stages/{stageName}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateStageRequest" + }, + "output": { + "shape": "UpdateStageResponse", + "documentation": "Success
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + }, + { + "shape": "ConflictException", + "documentation": "The resource already exists.
" + } + ], + "documentation": "Updates a Stage.
" + }, + "UpdateVpcLink": { + "name": "UpdateVpcLink", + "http": { + "method": "PATCH", + "requestUri": "/v2/vpclinks/{vpcLinkId}", + "responseCode": 200 + }, + "input": { + "shape": "UpdateVpcLinkRequest" + }, + "output": { + "shape": "UpdateVpcLinkResponse", + "documentation": "200 response
" + }, + "errors": [ + { + "shape": "NotFoundException", + "documentation": "The resource specified in the request was not found.
" + }, + { + "shape": "TooManyRequestsException", + "documentation": "The client is sending more than the allowed number of requests per unit of time.
" + }, + { + "shape": "BadRequestException", + "documentation": "One of the parameters in the request is invalid.
" + } + ], + "documentation": "Updates a VPC link.
" + } + }, + "shapes": { + "ACMManaged": { + "type": "structure", + "members": { + "CertificateArn": { + "shape": "__stringMin10Max2048", + "locationName": "certificateArn", + "documentation": "The certificate ARN.
" + }, + "DomainName": { + "shape": "__stringMin3Max256", + "locationName": "domainName", + "documentation": "The domain name.
" + } + }, + "documentation": "Represents a domain name and certificate for a portal.
", + "required": [ + "DomainName", + "CertificateArn" + ] + }, + "AccessDeniedException": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message" + } + }, + "exception": true, + "error": { + "httpStatusCode": 403 + } + }, + "AccessDeniedExceptionResponseContent": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The message.
" + } + }, + "documentation": "The error message.
" + }, + "AccessLogSettings": { + "type": "structure", + "members": { + "DestinationArn": { + "shape": "Arn", + "locationName": "destinationArn", + "documentation": "The ARN of the CloudWatch Logs log group to receive access logs.
" + }, + "Format": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "format", + "documentation": "A single line format of the access logs of data, as specified by selected $context variables. The format must include at least $context.requestId.
" + } + }, + "documentation": "Settings for logging access in a stage.
" + }, + "Api": { + "type": "structure", + "members": { + "ApiEndpoint": { + "shape": "__string", + "locationName": "apiEndpoint", + "documentation": "The URI of the API, of the form {api-id}.execute-api.{region}.amazonaws.com. The stage name is typically appended to this URI to form a complete path to a deployed API stage.
" + }, + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "Specifies whether an API is managed by API Gateway. You can't update or delete a managed API by using API Gateway. A managed API can be deleted only through the tooling or service that created it.
" + }, + "ApiId": { + "shape": "Id", + "locationName": "apiId", + "documentation": "The API ID.
" }, "ApiKeySelectionExpression": { "shape": "SelectionExpression", @@ -2446,6 +3333,22 @@ "type": "string", "documentation": "Represents an Amazon Resource Name (ARN).
" }, + "Authorization": { + "type": "structure", + "members": { + "CognitoConfig": { + "shape": "CognitoConfig", + "locationName": "cognitoConfig", + "documentation": "The Amazon Cognito configuration.
" + }, + "None": { + "shape": "None", + "locationName": "none", + "documentation": "Provide no authorization for your portal. This makes your portal publicly accesible on the web.
" + } + }, + "documentation": "Represents an authorization configuration for a portal.
" + }, "AuthorizationScopes": { "type": "list", "documentation": "A list of authorization scopes configured on a route. The scopes are used with a JWT authorizer to authorize the method invocation. The authorization works by matching the route scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any route scope matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the route scope is configured, the client must provide an access token instead of an identity token for authorization purposes.
", @@ -2566,6 +3469,43 @@ "httpStatusCode": 400 } }, + "BadRequestExceptionResponseContent": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The message of the bad request exception response content.
" + } + }, + "documentation": "The response content for bad request exception.
" + }, + "CognitoConfig": { + "type": "structure", + "members": { + "AppClientId": { + "shape": "__stringMin1Max256", + "locationName": "appClientId", + "documentation": "The app client ID.
" + }, + "UserPoolArn": { + "shape": "__stringMin20Max2048", + "locationName": "userPoolArn", + "documentation": "The user pool ARN.
" + }, + "UserPoolDomain": { + "shape": "__stringMin20Max2048", + "locationName": "userPoolDomain", + "documentation": "The user pool domain.
" + } + }, + "documentation": "The configuration for using Amazon Cognito user pools to control access to your portal.
", + "required": [ + "UserPoolDomain", + "AppClientId", + "UserPoolArn" + ] + }, "ConflictException": { "type": "structure", "members": { @@ -2581,6 +3521,17 @@ "httpStatusCode": 409 } }, + "ConflictExceptionResponseContent": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The error message.
" + } + }, + "documentation": "The resource identifier.
" + }, "ConnectionType": { "type": "string", "documentation": "Represents a connection type.
", @@ -3336,26 +4287,226 @@ "locationName": "domainNameConfigurations", "documentation": "The domain name configurations.
" }, - "MutualTlsAuthentication": { - "shape": "MutualTlsAuthentication", - "locationName": "mutualTlsAuthentication", - "documentation": "The mutual TLS authentication configuration for a custom domain name.
" + "MutualTlsAuthentication": { + "shape": "MutualTlsAuthentication", + "locationName": "mutualTlsAuthentication", + "documentation": "The mutual TLS authentication configuration for a custom domain name.
" + }, + "RoutingMode": { + "shape": "RoutingMode", + "locationName": "routingMode", + "documentation": "The routing mode.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags associated with a domain name.
" + } + } + }, + "CreateIntegrationInput": { + "type": "structure", + "members": { + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the integration.
" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "Specifies the integration's HTTP method type.
" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration.
" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + } + }, + "documentation": "Represents the input parameters for a CreateIntegration request.
", + "required": [ + "IntegrationType" + ] + }, + "CreateIntegrationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the integration.
" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "Specifies the integration's HTTP method type.
" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration.
" }, - "RoutingMode": { - "shape": "RoutingMode", - "locationName": "routingMode", - "documentation": "The routing mode.
" + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" }, - "Tags": { - "shape": "Tags", - "locationName": "tags", - "documentation": "The collection of tags associated with a domain name.
" + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" } - } + }, + "documentation": "Creates a new Integration resource to represent an integration.
", + "required": [ + "ApiId", + "IntegrationType" + ] }, - "CreateIntegrationInput": { + "CreateIntegrationResult": { "type": "structure", "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.
" + }, "ConnectionId": { "shape": "StringWithLengthBetween1And1024", "locationName": "connectionId", @@ -3379,13 +4530,23 @@ "Description": { "shape": "StringWithLengthBetween0And1024", "locationName": "description", - "documentation": "The description of the integration.
" + "documentation": "Represents the description of an integration.
" + }, + "IntegrationId": { + "shape": "Id", + "locationName": "integrationId", + "documentation": "Represents the identifier of an integration.
" }, "IntegrationMethod": { "shape": "StringWithLengthBetween1And64", "locationName": "integrationMethod", "documentation": "Specifies the integration's HTTP method type.
" }, + "IntegrationResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "integrationResponseSelectionExpression", + "documentation": "The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.
" + }, "IntegrationSubtype": { "shape": "StringWithLengthBetween1And128", "locationName": "integrationSubtype", @@ -3394,7 +4555,7 @@ "IntegrationType": { "shape": "IntegrationType", "locationName": "integrationType", - "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" }, "IntegrationUri": { "shape": "UriWithLengthBetween1And2048", @@ -3414,7 +4575,7 @@ "RequestParameters": { "shape": "IntegrationParameters", "locationName": "requestParameters", - "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" }, "RequestTemplates": { "shape": "TemplateMap", @@ -3429,7 +4590,7 @@ "TemplateSelectionExpression": { "shape": "SelectionExpression", "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration.
" + "documentation": "The template selection expression for the integration. Supported only for WebSocket APIs.
" }, "TimeoutInMillis": { "shape": "IntegerWithLengthBetween50And30000", @@ -3437,17 +4598,47 @@ "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" }, "TlsConfig": { - "shape": "TlsConfigInput", + "shape": "TlsConfig", "locationName": "tlsConfig", "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" } + } + }, + "CreateIntegrationResponseInput": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "The integration response key.
" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.
" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + } }, - "documentation": "Represents the input parameters for a CreateIntegration request.
", + "documentation": "Represents the input parameters for a CreateIntegrationResponse request.
", "required": [ - "IntegrationType" + "IntegrationResponseKey" ] }, - "CreateIntegrationRequest": { + "CreateIntegrationResponseRequest": { "type": "structure", "members": { "ApiId": { @@ -3456,416 +4647,799 @@ "locationName": "apiId", "documentation": "The API identifier.
" }, - "ConnectionId": { - "shape": "StringWithLengthBetween1And1024", - "locationName": "connectionId", - "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" }, - "ConnectionType": { - "shape": "ConnectionType", - "locationName": "connectionType", - "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "The integration ID.
" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "The integration response key.
" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.
" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + } + }, + "documentation": "Creates a new IntegrationResponse resource to represent an integration response.
", + "required": [ + "ApiId", + "IntegrationId", + "IntegrationResponseKey" + ] + }, + "CreateIntegrationResponseResponse": { + "type": "structure", + "members": { "ContentHandlingStrategy": { "shape": "ContentHandlingStrategy", "locationName": "contentHandlingStrategy", "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" }, - "CredentialsArn": { - "shape": "Arn", - "locationName": "credentialsArn", - "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + "IntegrationResponseId": { + "shape": "Id", + "locationName": "integrationResponseId", + "documentation": "The integration response ID.
" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "The integration response key.
" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.
" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expressions for the integration response.
" + } + } + }, + "CreateModelInput": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" }, "Description": { "shape": "StringWithLengthBetween0And1024", "locationName": "description", - "documentation": "The description of the integration.
" - }, - "IntegrationMethod": { - "shape": "StringWithLengthBetween1And64", - "locationName": "integrationMethod", - "documentation": "Specifies the integration's HTTP method type.
" + "documentation": "The description of the model.
" }, - "IntegrationSubtype": { + "Name": { "shape": "StringWithLengthBetween1And128", - "locationName": "integrationSubtype", - "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + "locationName": "name", + "documentation": "The name of the model. Must be alphanumeric.
" }, - "IntegrationType": { - "shape": "IntegrationType", - "locationName": "integrationType", - "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + } + }, + "documentation": "Represents the input parameters for a CreateModel request.
", + "required": [ + "Schema", + "Name" + ] + }, + "CreateModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" }, - "IntegrationUri": { - "shape": "UriWithLengthBetween1And2048", - "locationName": "integrationUri", - "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the model.
" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "The name of the model. Must be alphanumeric.
" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + } + }, + "documentation": "Creates a new Model.
", + "required": [ + "ApiId", + "Schema", + "Name" + ] + }, + "CreateModelResponse": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" }, - "PassthroughBehavior": { - "shape": "PassthroughBehavior", - "locationName": "passthroughBehavior", - "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the model.
" }, - "PayloadFormatVersion": { - "shape": "StringWithLengthBetween1And64", - "locationName": "payloadFormatVersion", - "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "The model identifier.
" }, - "RequestParameters": { - "shape": "IntegrationParameters", - "locationName": "requestParameters", - "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "The name of the model. Must be alphanumeric.
" }, - "RequestTemplates": { - "shape": "TemplateMap", - "locationName": "requestTemplates", - "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + } + } + }, + "CreatePortalProductRequest": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "A description of the portal product.
" }, - "ResponseParameters": { - "shape": "ResponseParameters", - "locationName": "responseParameters", - "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The name of the portal product as it appears in a published portal.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + }, + "documentation": "The request body for the post operation.
", + "required": [ + "DisplayName" + ] + }, + "CreatePortalProductRequestContent": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "A description of the portal product.
" }, - "TimeoutInMillis": { - "shape": "IntegerWithLengthBetween50And30000", - "locationName": "timeoutInMillis", - "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The name of the portal product as it appears in a published portal.
" }, - "TlsConfig": { - "shape": "TlsConfigInput", - "locationName": "tlsConfig", - "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } }, - "documentation": "Creates a new Integration resource to represent an integration.
", + "documentation": "Creates a portal product.
", "required": [ - "ApiId", - "IntegrationType" + "DisplayName" ] }, - "CreateIntegrationResult": { + "CreatePortalProductResponse": { "type": "structure", "members": { - "ApiGatewayManaged": { - "shape": "__boolean", - "locationName": "apiGatewayManaged", - "documentation": "Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.
" + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "A description of the portal product.
" }, - "ConnectionId": { - "shape": "StringWithLengthBetween1And1024", - "locationName": "connectionId", - "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name for the portal product.
" }, - "ConnectionType": { - "shape": "ConnectionType", - "locationName": "connectionType", - "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The visual ordering of the product pages and product REST endpoint pages in a published portal.
" }, - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" }, - "CredentialsArn": { - "shape": "Arn", - "locationName": "credentialsArn", - "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of the portal product.
" + }, + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + } + }, + "CreatePortalProductResponseContent": { + "type": "structure", + "members": { "Description": { - "shape": "StringWithLengthBetween0And1024", + "shape": "__stringMin0Max1024", "locationName": "description", - "documentation": "Represents the description of an integration.
" - }, - "IntegrationId": { - "shape": "Id", - "locationName": "integrationId", - "documentation": "Represents the identifier of an integration.
" + "documentation": "A description of the portal product.
" }, - "IntegrationMethod": { - "shape": "StringWithLengthBetween1And64", - "locationName": "integrationMethod", - "documentation": "Specifies the integration's HTTP method type.
" - }, - "IntegrationResponseSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "integrationResponseSelectionExpression", - "documentation": "The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name for the portal product.
" }, - "IntegrationSubtype": { - "shape": "StringWithLengthBetween1And128", - "locationName": "integrationSubtype", - "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The visual ordering of the product pages and product REST endpoint pages in a published portal.
" }, - "IntegrationType": { - "shape": "IntegrationType", - "locationName": "integrationType", - "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" }, - "IntegrationUri": { - "shape": "UriWithLengthBetween1And2048", - "locationName": "integrationUri", - "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of the portal product.
" }, - "PassthroughBehavior": { - "shape": "PassthroughBehavior", - "locationName": "passthroughBehavior", - "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "PayloadFormatVersion": { - "shape": "StringWithLengthBetween1And64", - "locationName": "payloadFormatVersion", - "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + }, + "documentation": "Creates a portal product.
", + "required": [ + "LastModified", + "DisplayName", + "PortalProductId", + "PortalProductArn" + ] + }, + "CreatePortalRequest": { + "type": "structure", + "members": { + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authentication configuration for the portal.
" }, - "RequestParameters": { - "shape": "IntegrationParameters", - "locationName": "requestParameters", - "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationRequest", + "locationName": "endpointConfiguration", + "documentation": "The domain configuration for the portal. Use a default domain provided by API Gateway or provide a fully-qualified domain name that you own.
" }, - "RequestTemplates": { - "shape": "TemplateMap", - "locationName": "requestTemplates", - "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "ResponseParameters": { - "shape": "ResponseParameters", - "locationName": "responseParameters", - "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "LogoUri": { + "shape": "__stringMin0Max1092", + "locationName": "logoUri", + "documentation": "The URI for the portal logo image that is displayed in the portal header.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration. Supported only for WebSocket APIs.
" + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "The content of the portal.
" }, - "TimeoutInMillis": { - "shape": "IntegerWithLengthBetween50And30000", - "locationName": "timeoutInMillis", - "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The name of the Amazon CloudWatch RUM app monitor for the portal.
" }, - "TlsConfig": { - "shape": "TlsConfig", - "locationName": "tlsConfig", - "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } - } + }, + "documentation": "The request body for the post operation.
", + "required": [ + "Authorization", + "PortalContent", + "EndpointConfiguration" + ] }, - "CreateIntegrationResponseInput": { + "CreatePortalRequestContent": { "type": "structure", "members": { - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authentication configuration for the portal.
" }, - "IntegrationResponseKey": { - "shape": "SelectionKey", - "locationName": "integrationResponseKey", - "documentation": "The integration response key.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationRequest", + "locationName": "endpointConfiguration", + "documentation": "The domain configuration for the portal. Use a default domain provided by API Gateway or provide a fully-qualified domain name that you own.
" }, - "ResponseParameters": { - "shape": "IntegrationParameters", - "locationName": "responseParameters", - "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "ResponseTemplates": { - "shape": "TemplateMap", - "locationName": "responseTemplates", - "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + "LogoUri": { + "shape": "__stringMin0Max1092", + "locationName": "logoUri", + "documentation": "The URI for the portal logo image that is displayed in the portal header.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "The content of the portal.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The name of the Amazon CloudWatch RUM app monitor for the portal.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } }, - "documentation": "Represents the input parameters for a CreateIntegrationResponse request.
", + "documentation": "Creates a portal.
", "required": [ - "IntegrationResponseKey" + "Authorization", + "PortalContent", + "EndpointConfiguration" ] }, - "CreateIntegrationResponseRequest": { + "CreatePortalResponse": { "type": "structure", "members": { - "ApiId": { - "shape": "__string", - "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization for the portal. Supports Cognito-based user authentication or no authentication.
" }, - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationResponse", + "locationName": "endpointConfiguration", + "documentation": "The endpoint configuration.
" }, - "IntegrationId": { - "shape": "__string", - "location": "uri", - "locationName": "integrationId", - "documentation": "The integration ID.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "IntegrationResponseKey": { - "shape": "SelectionKey", - "locationName": "integrationResponseKey", - "documentation": "The integration response key.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal configuration was last modified.
" + }, + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "A user-written description of the changes made in the last published version of the portal.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "The name, description, and theme for the portal.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The current publishing status of the portal.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The name of the Amazon CloudWatch RUM app monitor.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "Error information for failed portal operations. Contains details about any issues encountered during portal creation or publishing.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + } + }, + "CreatePortalResponseContent": { + "type": "structure", + "members": { + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization for the portal. Supports Cognito-based user authentication or no authentication.
" + }, + "EndpointConfiguration": { + "shape": "EndpointConfigurationResponse", + "locationName": "endpointConfiguration", + "documentation": "The endpoint configuration.
" + }, + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "ResponseParameters": { - "shape": "IntegrationParameters", - "locationName": "responseParameters", - "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where {name} is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where {name} is a valid and unique response header name and {JSON-expression} is a valid JSON expression without the $ prefix.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal configuration was last modified.
" }, - "ResponseTemplates": { - "shape": "TemplateMap", - "locationName": "responseTemplates", - "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "A user-written description of the changes made in the last published version of the portal.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "The name, description, and theme for the portal.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The current publishing status of the portal.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The name of the Amazon CloudWatch RUM app monitor.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "Error information for failed portal operations. Contains details about any issues encountered during portal creation or publishing.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } }, - "documentation": "Creates a new IntegrationResponse resource to represent an integration response.
", + "documentation": "Creates a portal.
", "required": [ - "ApiId", - "IntegrationId", - "IntegrationResponseKey" + "LastModified", + "Authorization", + "IncludedPortalProductArns", + "PortalArn", + "PortalContent", + "EndpointConfiguration", + "PortalId" ] }, - "CreateIntegrationResponseResponse": { + "CreateProductPageRequest": { "type": "structure", "members": { - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" - }, - "IntegrationResponseId": { - "shape": "Id", - "locationName": "integrationResponseId", - "documentation": "The integration response ID.
" + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" }, - "IntegrationResponseKey": { - "shape": "SelectionKey", - "locationName": "integrationResponseKey", - "documentation": "The integration response key.
" + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "documentation": "The request body for the post operation.
", + "required": [ + "PortalProductId", + "DisplayContent" + ] + }, + "CreateProductPageRequestContent": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" + } + }, + "documentation": "Creates a product page.
", + "required": [ + "DisplayContent" + ] + }, + "CreateProductPageResponse": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" }, - "ResponseParameters": { - "shape": "IntegrationParameters", - "locationName": "responseParameters", - "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" }, - "ResponseTemplates": { - "shape": "TemplateMap", - "locationName": "responseTemplates", - "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expressions for the integration response.
" + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" } } }, - "CreateModelInput": { + "CreateProductPageResponseContent": { "type": "structure", "members": { - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model. Must be alphanumeric.
" + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" } }, - "documentation": "Represents the input parameters for a CreateModel request.
", + "documentation": "Creates a product page.
", "required": [ - "Schema", - "Name" + "LastModified", + "ProductPageArn", + "ProductPageId" ] }, - "CreateModelRequest": { + "CreateProductRestEndpointPageRequest": { "type": "structure", "members": { - "ApiId": { + "DisplayContent": { + "shape": "EndpointDisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product REST endpoint page.
" + }, + "PortalProductId": { "shape": "__string", "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of the product REST endpoint page.
" + } + }, + "documentation": "The request body for the post operation.
", + "required": [ + "PortalProductId", + "RestEndpointIdentifier" + ] + }, + "CreateProductRestEndpointPageRequestContent": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "EndpointDisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product REST endpoint page.
" }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model. Must be alphanumeric.
" + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of the product REST endpoint page.
" } }, - "documentation": "Creates a new Model.
", + "documentation": "Creates a product REST endpoint page.
", "required": [ - "ApiId", - "Schema", - "Name" + "RestEndpointIdentifier" ] }, - "CreateModelResponse": { + "CreateProductRestEndpointPageResponse": { "type": "structure", "members": { - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" + "DisplayContent": { + "shape": "EndpointDisplayContentResponse", + "locationName": "displayContent", + "documentation": "The display content.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" + }, + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" + }, + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state.
" + } + } + }, + "CreateProductRestEndpointPageResponseContent": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "EndpointDisplayContentResponse", + "locationName": "displayContent", + "documentation": "The display content.
" }, - "ModelId": { - "shape": "Id", - "locationName": "modelId", - "documentation": "The model identifier.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model. Must be alphanumeric.
" + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state.
" } - } + }, + "documentation": "Creates a product REST endpoint page.
", + "required": [ + "Status", + "LastModified", + "RestEndpointIdentifier", + "ProductRestEndpointPageArn", + "ProductRestEndpointPageId", + "TryItState", + "DisplayContent" + ] }, "CreateRouteInput": { "type": "structure", @@ -4552,6 +6126,50 @@ } } }, + "CustomColors": { + "type": "structure", + "members": { + "AccentColor": { + "shape": "__stringMin1Max16", + "locationName": "accentColor", + "documentation": "Represents the accent color.
" + }, + "BackgroundColor": { + "shape": "__stringMin1Max16", + "locationName": "backgroundColor", + "documentation": "Represents the background color.
" + }, + "ErrorValidationColor": { + "shape": "__stringMin1Max16", + "locationName": "errorValidationColor", + "documentation": "The errorValidationColor.
" + }, + "HeaderColor": { + "shape": "__stringMin1Max16", + "locationName": "headerColor", + "documentation": "Represents the header color.
" + }, + "NavigationColor": { + "shape": "__stringMin1Max16", + "locationName": "navigationColor", + "documentation": "Represents the navigation color.
" + }, + "TextColor": { + "shape": "__stringMin1Max16", + "locationName": "textColor", + "documentation": "Represents the text color.
" + } + }, + "documentation": "Represents custom colors for a published portal.
", + "required": [ + "AccentColor", + "NavigationColor", + "HeaderColor", + "ErrorValidationColor", + "TextColor", + "BackgroundColor" + ] + }, "DeleteAccessLogSettingsRequest": { "type": "structure", "members": { @@ -4748,6 +6366,90 @@ "ApiId" ] }, + "DeletePortalProductRequest": { + "type": "structure", + "members": { + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "required": [ + "PortalProductId" + ] + }, + "DeletePortalProductSharingPolicyRequest": { + "type": "structure", + "members": { + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "required": [ + "PortalProductId" + ] + }, + "DeletePortalRequest": { + "type": "structure", + "members": { + "PortalId": { + "shape": "__string", + "location": "uri", + "locationName": "portalId", + "documentation": "The portal identifier.
" + } + }, + "required": [ + "PortalId" + ] + }, + "DeleteProductPageRequest": { + "type": "structure", + "members": { + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "ProductPageId": { + "shape": "__string", + "location": "uri", + "locationName": "productPageId", + "documentation": "The portal product identifier.
" + } + }, + "required": [ + "PortalProductId", + "ProductPageId" + ] + }, + "DeleteProductRestEndpointPageRequest": { + "type": "structure", + "members": { + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "ProductRestEndpointPageId": { + "shape": "__string", + "location": "uri", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint identifier.
" + } + }, + "required": [ + "ProductRestEndpointPageId", + "PortalProductId" + ] + }, "DeleteRouteRequest": { "type": "structure", "members": { @@ -4964,21 +6666,97 @@ "DEPLOYED" ] }, - "Deployments": { + "Deployments": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfDeployment", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "documentation": "A collection resource that contains zero or more references to your existing deployments, and links that guide you on how to interact with your collection. The collection offers a paginated view of the contained deployments.
" + }, + "DisablePortalRequest": { + "type": "structure", + "members": { + "PortalId": { + "shape": "__string", + "location": "uri", + "locationName": "portalId", + "documentation": "The portal identifier.
" + } + }, + "required": [ + "PortalId" + ] + }, + "DisplayContent": { + "type": "structure", + "members": { + "Body": { + "shape": "__stringMin1Max32768", + "locationName": "body", + "documentation": "The body.
" + }, + "Title": { + "shape": "__stringMin1Max255", + "locationName": "title", + "documentation": "The title.
" + } + }, + "documentation": "The content of the product page.
", + "required": [ + "Title", + "Body" + ] + }, + "DisplayContentOverrides": { + "type": "structure", + "members": { + "Body": { + "shape": "__stringMin1Max32768", + "locationName": "body", + "documentation": "By default, this is the documentation of your REST API from API Gateway. You can provide custom documentation to override this value.
" + }, + "Endpoint": { + "shape": "__stringMin1Max1024", + "locationName": "endpoint", + "documentation": "The URL for your REST API. By default, API Gateway uses the default execute API endpoint. You can provide a custom domain to override this value.
" + }, + "OperationName": { + "shape": "__stringMin1Max255", + "locationName": "operationName", + "documentation": "The operation name of the product REST endpoint.
" + } + }, + "documentation": "Contains any values that override the default configuration generated from API Gateway.
" + }, + "DisplayOrder": { "type": "structure", "members": { - "Items": { - "shape": "__listOfDeployment", - "locationName": "items", - "documentation": "The elements from this collection.
" + "Contents": { + "shape": "__listOfSection", + "locationName": "contents", + "documentation": "Represents a list of sections which include section name and list of product REST endpoints for a product.
" }, - "NextToken": { - "shape": "NextToken", - "locationName": "nextToken", - "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + "OverviewPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "overviewPageArn", + "documentation": "The ARN of the overview page.
" + }, + "ProductPageArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "productPageArns", + "documentation": "The product page ARNs.
" } }, - "documentation": "A collection resource that contains zero or more references to your existing deployments, and links that guide you on how to interact with your collection. The collection offers a paginated view of the contained deployments.
" + "documentation": "The display order.
" }, "DomainName": { "type": "structure", @@ -5117,6 +6895,92 @@ }, "documentation": "Represents a collection of domain names.
" }, + "EndpointConfigurationRequest": { + "type": "structure", + "members": { + "AcmManaged": { + "shape": "ACMManaged", + "locationName": "acmManaged", + "documentation": "Represents a domain name and certificate for a portal.
" + }, + "None": { + "shape": "None", + "locationName": "none", + "documentation": "Use the default portal domain name that is generated and managed by API Gateway.
" + } + }, + "documentation": "Represents an endpoint configuration.
" + }, + "EndpointConfigurationResponse": { + "type": "structure", + "members": { + "CertificateArn": { + "shape": "__stringMin10Max2048", + "locationName": "certificateArn", + "documentation": "The ARN of the ACM certificate.
" + }, + "DomainName": { + "shape": "__stringMin3Max256", + "locationName": "domainName", + "documentation": "The domain name.
" + }, + "PortalDefaultDomainName": { + "shape": "__stringMin3Max256", + "locationName": "portalDefaultDomainName", + "documentation": "The portal default domain name. This domain name is generated and managed by API Gateway.
" + }, + "PortalDomainHostedZoneId": { + "shape": "__stringMin1Max64", + "locationName": "portalDomainHostedZoneId", + "documentation": "The portal domain hosted zone identifier.
" + } + }, + "documentation": "Represents an endpoint configuration.
", + "required": [ + "PortalDomainHostedZoneId", + "PortalDefaultDomainName" + ] + }, + "EndpointDisplayContent": { + "type": "structure", + "members": { + "None": { + "shape": "None", + "locationName": "none", + "documentation": "If your product REST endpoint contains no overrides, the none object is returned.
" + }, + "Overrides": { + "shape": "DisplayContentOverrides", + "locationName": "overrides", + "documentation": "The overrides for endpoint display content.
" + } + }, + "documentation": "Represents the endpoint display content.
" + }, + "EndpointDisplayContentResponse": { + "type": "structure", + "members": { + "Body": { + "shape": "__stringMin1Max32768", + "locationName": "body", + "documentation": "The API documentation.
" + }, + "Endpoint": { + "shape": "__stringMin1Max1024", + "locationName": "endpoint", + "documentation": "The URL to invoke your REST API.
" + }, + "OperationName": { + "shape": "__stringMin1Max255", + "locationName": "operationName", + "documentation": "The operation name.
" + } + }, + "documentation": "The product REST endpoint page.
", + "required": [ + "Endpoint" + ] + }, "EndpointType": { "type": "string", "documentation": "Represents an endpoint type.
", @@ -5683,7 +7547,8 @@ }, "DomainNameArn": { "shape": "Arn", - "locationName": "domainNameArn" + "locationName": "domainNameArn", + "documentation": "The ARN of the DomainName resource.
" }, "DomainNameConfigurations": { "shape": "DomainNameConfigurations", @@ -6005,141 +7870,700 @@ "GetIntegrationsResponse": { "type": "structure", "members": { - "Items": { - "shape": "__listOfIntegration", - "locationName": "items", - "documentation": "The elements from this collection.
" + "Items": { + "shape": "__listOfIntegration", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + } + }, + "GetModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "The model ID.
" + } + }, + "required": [ + "ModelId", + "ApiId" + ] + }, + "GetModelResponse": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the model.
" + }, + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "The model identifier.
" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "The name of the model. Must be alphanumeric.
" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + } + } + }, + "GetModelTemplateRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "The model ID.
" + } + }, + "required": [ + "ModelId", + "ApiId" + ] + }, + "GetModelTemplateResponse": { + "type": "structure", + "members": { + "Value": { + "shape": "__string", + "locationName": "value", + "documentation": "The template value.
" + } + } + }, + "GetModelsRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of elements to be returned for this resource.
" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "required": [ + "ApiId" + ] + }, + "GetModelsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfModel", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + } + }, + "GetPortalProductRequest": { + "type": "structure", + "members": { + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "ResourceOwnerAccountId": { + "shape": "__string", + "location": "querystring", + "locationName": "resourceOwnerAccountId", + "documentation": "The account ID of the resource owner of the portal product.
" + } + }, + "required": [ + "PortalProductId" + ] + }, + "GetPortalProductResponse": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description of a portal product.
" + }, + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name.
" + }, + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The display order.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" + }, + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of the portal product.
" + }, + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + } + }, + "GetPortalProductResponseContent": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description of a portal product.
" + }, + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name.
" + }, + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The display order.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" + }, + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of the portal product.
" + }, + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + }, + "documentation": "Gets a portal product.
", + "required": [ + "LastModified", + "Description", + "DisplayOrder", + "DisplayName", + "PortalProductId", + "PortalProductArn" + ] + }, + "GetPortalProductSharingPolicyRequest": { + "type": "structure", + "members": { + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "required": [ + "PortalProductId" + ] + }, + "GetPortalProductSharingPolicyResponse": { + "type": "structure", + "members": { + "PolicyDocument": { + "shape": "__stringMin1Max307200", + "locationName": "policyDocument", + "documentation": "The product sharing policy.
" }, - "NextToken": { - "shape": "NextToken", - "locationName": "nextToken", - "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" } } }, - "GetModelRequest": { + "GetPortalProductSharingPolicyResponseContent": { "type": "structure", "members": { - "ApiId": { - "shape": "__string", - "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "PolicyDocument": { + "shape": "__stringMin1Max307200", + "locationName": "policyDocument", + "documentation": "The product sharing policy.
" }, - "ModelId": { + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "documentation": "Gets a product sharing policy.
", + "required": [ + "PortalProductId", + "PolicyDocument" + ] + }, + "GetPortalRequest": { + "type": "structure", + "members": { + "PortalId": { "shape": "__string", "location": "uri", - "locationName": "modelId", - "documentation": "The model ID.
" + "locationName": "portalId", + "documentation": "The portal identifier.
" } }, "required": [ - "ModelId", - "ApiId" + "PortalId" ] }, - "GetModelResponse": { + "GetPortalResponse": { "type": "structure", "members": { - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization for the portal.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationResponse", + "locationName": "endpointConfiguration", + "documentation": "The endpoint configuration.
" }, - "ModelId": { - "shape": "Id", - "locationName": "modelId", - "documentation": "The model identifier.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model. Must be alphanumeric.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal was last modified.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "The publish description used when the portal was last published.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "Preview": { + "shape": "Preview", + "locationName": "preview", + "documentation": "Represents the preview endpoint and the any possible error messages during preview generation.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The publish status of a portal.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } } }, - "GetModelTemplateRequest": { + "GetPortalResponseContent": { "type": "structure", "members": { - "ApiId": { + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization for the portal.
" + }, + "EndpointConfiguration": { + "shape": "EndpointConfigurationResponse", + "locationName": "endpointConfiguration", + "documentation": "The endpoint configuration.
" + }, + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal was last modified.
" + }, + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "The publish description used when the portal was last published.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "Preview": { + "shape": "Preview", + "locationName": "preview", + "documentation": "Represents the preview endpoint and the any possible error messages during preview generation.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The publish status of a portal.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + }, + "documentation": "Gets a portal.
", + "required": [ + "IncludedPortalProductArns", + "PortalId", + "LastModified", + "Authorization", + "PortalArn", + "PortalContent", + "EndpointConfiguration" + ] + }, + "GetProductPageRequest": { + "type": "structure", + "members": { + "PortalProductId": { "shape": "__string", "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "ModelId": { + "ProductPageId": { "shape": "__string", "location": "uri", - "locationName": "modelId", - "documentation": "The model ID.
" + "locationName": "productPageId", + "documentation": "The portal product identifier.
" + }, + "ResourceOwnerAccountId": { + "shape": "__string", + "location": "querystring", + "locationName": "resourceOwnerAccountId", + "documentation": "The account ID of the resource owner of the portal product.
" } }, "required": [ - "ModelId", - "ApiId" + "PortalProductId", + "ProductPageId" ] }, - "GetModelTemplateResponse": { + "GetProductPageResponse": { "type": "structure", "members": { - "Value": { - "shape": "__string", - "locationName": "value", - "documentation": "The template value.
" + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" + }, + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" + }, + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" } } }, - "GetModelsRequest": { + "GetProductPageResponseContent": { "type": "structure", "members": { - "ApiId": { + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" + }, + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" + }, + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" + } + }, + "documentation": "Gets a product page.
", + "required": [ + "LastModified", + "ProductPageArn", + "ProductPageId", + "DisplayContent" + ] + }, + "GetProductRestEndpointPageRequest": { + "type": "structure", + "members": { + "IncludeRawDisplayContent": { + "shape": "__string", + "location": "querystring", + "locationName": "includeRawDisplayContent", + "documentation": "The query parameter to include raw display content.
" + }, + "PortalProductId": { "shape": "__string", "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "MaxResults": { + "ProductRestEndpointPageId": { "shape": "__string", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of elements to be returned for this resource.
" + "location": "uri", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint identifier.
" }, - "NextToken": { + "ResourceOwnerAccountId": { "shape": "__string", "location": "querystring", - "locationName": "nextToken", - "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + "locationName": "resourceOwnerAccountId", + "documentation": "The account ID of the resource owner of the portal product.
" } }, "required": [ - "ApiId" + "PortalProductId", + "ProductRestEndpointPageId" ] }, - "GetModelsResponse": { + "GetProductRestEndpointPageResponse": { "type": "structure", "members": { - "Items": { - "shape": "__listOfModel", - "locationName": "items", - "documentation": "The elements from this collection.
" + "DisplayContent": { + "shape": "EndpointDisplayContentResponse", + "locationName": "displayContent", + "documentation": "The content of the product REST endpoint page.
" }, - "NextToken": { - "shape": "NextToken", - "locationName": "nextToken", - "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" + }, + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" + }, + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RawDisplayContent": { + "shape": "__string", + "locationName": "rawDisplayContent", + "documentation": "The raw display content of the product REST endpoint page.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status of the product REST endpoint page.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state.
" } } }, + "GetProductRestEndpointPageResponseContent": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "EndpointDisplayContentResponse", + "locationName": "displayContent", + "documentation": "The content of the product REST endpoint page.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" + }, + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" + }, + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RawDisplayContent": { + "shape": "__string", + "locationName": "rawDisplayContent", + "documentation": "The raw display content of the product REST endpoint page.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status of the product REST endpoint page.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state.
" + } + }, + "documentation": "Gets a product REST endpoint page.
", + "required": [ + "Status", + "LastModified", + "RestEndpointIdentifier", + "ProductRestEndpointPageArn", + "ProductRestEndpointPageId", + "TryItState", + "DisplayContent" + ] + }, "GetRouteRequest": { "type": "structure", "members": { @@ -6363,6 +8787,52 @@ "ApiId" ] }, + "ListRoutingRulesRequest": { + "type": "structure", + "members": { + "DomainName": { + "shape": "__string", + "location": "uri", + "locationName": "domainName", + "documentation": "The domain name.
" + }, + "DomainNameId": { + "shape": "__string", + "location": "querystring", + "locationName": "domainNameId", + "documentation": "The domain name ID.
" + }, + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of elements to be returned for this resource.
" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "required": [ + "DomainName" + ] + }, + "ListRoutingRulesResponse": { + "type": "structure", + "members": { + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken" + }, + "RoutingRules": { + "shape": "__listOfRoutingRule", + "locationName": "routingRules", + "documentation": "The routing rules.
" + } + } + }, "GetRoutesResponse": { "type": "structure", "members": { @@ -6435,52 +8905,6 @@ } } }, - "ListRoutingRulesRequest": { - "type": "structure", - "members": { - "DomainName": { - "shape": "__string", - "location": "uri", - "locationName": "domainName", - "documentation": "
The domain name.
" - }, - "DomainNameId": { - "shape": "__string", - "location": "querystring", - "locationName": "domainNameId", - "documentation": "The domain name ID.
" - }, - "MaxResults": { - "shape": "MaxResults", - "location": "querystring", - "locationName": "maxResults", - "documentation": "The maximum number of elements to be returned for this resource.
" - }, - "NextToken": { - "shape": "__string", - "location": "querystring", - "locationName": "nextToken", - "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" - } - }, - "required": [ - "DomainName" - ] - }, - "ListRoutingRulesResponse": { - "type": "structure", - "members": { - "NextToken": { - "shape": "NextToken", - "locationName": "nextToken" - }, - "RoutingRules": { - "shape": "__listOfRoutingRule", - "locationName": "routingRules", - "documentation": "The routing rules.
" - } - } - }, "GetStageRequest": { "type": "structure", "members": { @@ -6741,6 +9165,38 @@ "type": "string", "documentation": "
The identifier.
" }, + "IdentifierParts": { + "type": "structure", + "members": { + "Method": { + "shape": "__stringMin1Max20", + "locationName": "method", + "documentation": "The method of the product REST endpoint.
" + }, + "Path": { + "shape": "__stringMin1Max4096", + "locationName": "path", + "documentation": "The path of the product REST endpoint.
" + }, + "RestApiId": { + "shape": "__stringMin1Max50", + "locationName": "restApiId", + "documentation": "The REST API ID of the product REST endpoint.
" + }, + "Stage": { + "shape": "__stringMin1Max128", + "locationName": "stage", + "documentation": "The stage of the product REST endpoint.
" + } + }, + "documentation": "The identifier parts of a product REST endpoint.
", + "required": [ + "Path", + "RestApiId", + "Stage", + "Method" + ] + }, "IdentitySourceList": { "type": "list", "documentation": "The identity source for which authorization is requested. For the REQUEST authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an Auth header, a Name query string parameter are defined as identity sources, this value is $method.request.header.Auth, $method.request.querystring.Name. These parameters will be used to derive the authorization caching key and to perform runtime validation of the REQUEST authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional.
", @@ -7051,89 +9507,339 @@ "IntegrationResponseKey" ] }, - "IntegrationResponses": { + "IntegrationResponses": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfIntegrationResponse", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "documentation": "Represents a collection of integration responses.
" + }, + "IntegrationType": { + "type": "string", + "documentation": "Represents an API method integration type.
", + "enum": [ + "AWS", + "HTTP", + "MOCK", + "HTTP_PROXY", + "AWS_PROXY" + ] + }, + "Integrations": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfIntegration", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "NextToken", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "documentation": "Represents a collection of integrations.
" + }, + "IpAddressType": { + "type": "string", + "documentation": "The IP address types that can invoke your API or domain name.
", + "enum": [ + "ipv4", + "dualstack" + ] + }, + "JWTConfiguration": { + "type": "structure", + "members": { + "Audience": { + "shape": "__listOf__string", + "locationName": "audience", + "documentation": "A list of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list. See RFC 7519. Supported only for HTTP APIs.
" + }, + "Issuer": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "issuer", + "documentation": "The base domain of the identity provider that issues JSON Web Tokens. For example, an Amazon Cognito user pool has the following format: https://cognito-idp.
Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
" + }, + "LimitExceededException": { + "type": "structure", + "members": { + "LimitType": { + "shape": "__string", + "locationName": "limitType", + "documentation": "The limit type.
" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "Describes the error encountered.
" + } + }, + "documentation": "A limit has been exceeded. See the accompanying error message for details.
" + }, + "LimitExceededExceptionResponseContent": { + "type": "structure", + "members": { + "LimitType": { + "shape": "__string", + "locationName": "limitType", + "documentation": "The limit type of the limit exceeded exception response content.
" + }, + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The message of the limit exceeded exception response content.
" + } + }, + "documentation": "The response content for limit exceeded exception.
" + }, + "ListPortalProductsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of elements to be returned for this resource.
" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + }, + "ResourceOwner": { + "shape": "__string", + "location": "querystring", + "locationName": "resourceOwner", + "documentation": "The resource owner of the portal product.
" + } + } + }, + "ListPortalProductsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfPortalProductSummary", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "__stringMin1Max2048", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + } + }, + "ListPortalProductsResponseContent": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfPortalProductSummary", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "__stringMin1Max2048", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "documentation": "Lists portal products.
" + }, + "ListPortalsRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of elements to be returned for this resource.
" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + } + }, + "ListPortalsResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfPortalSummary", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "__stringMin1Max2048", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + } + }, + "ListPortalsResponseContent": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfPortalSummary", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "__stringMin1Max2048", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "documentation": "Lists portals.
" + }, + "ListProductPagesRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of elements to be returned for this resource.
" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + }, + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "ResourceOwnerAccountId": { + "shape": "__string", + "location": "querystring", + "locationName": "resourceOwnerAccountId", + "documentation": "The account ID of the resource owner of the portal product.
" + } + }, + "required": [ + "PortalProductId" + ] + }, + "ListProductPagesResponse": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfProductPageSummaryNoBody", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "__stringMin1Max2048", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + } + }, + "ListProductPagesResponseContent": { + "type": "structure", + "members": { + "Items": { + "shape": "__listOfProductPageSummaryNoBody", + "locationName": "items", + "documentation": "The elements from this collection.
" + }, + "NextToken": { + "shape": "__stringMin1Max2048", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + } + }, + "documentation": "Lists product pages.
", + "required": [ + "Items" + ] + }, + "ListProductRestEndpointPagesRequest": { + "type": "structure", + "members": { + "MaxResults": { + "shape": "__string", + "location": "querystring", + "locationName": "maxResults", + "documentation": "The maximum number of elements to be returned for this resource.
" + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" + }, + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "ResourceOwnerAccountId": { + "shape": "__string", + "location": "querystring", + "locationName": "resourceOwnerAccountId", + "documentation": "The account ID of the resource owner of the portal product.
" + } + }, + "required": [ + "PortalProductId" + ] + }, + "ListProductRestEndpointPagesResponse": { "type": "structure", "members": { "Items": { - "shape": "__listOfIntegrationResponse", + "shape": "__listOfProductRestEndpointPageSummaryNoBody", "locationName": "items", "documentation": "The elements from this collection.
" }, "NextToken": { - "shape": "NextToken", + "shape": "__string", "locationName": "nextToken", "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" } - }, - "documentation": "Represents a collection of integration responses.
" - }, - "IntegrationType": { - "type": "string", - "documentation": "Represents an API method integration type.
", - "enum": [ - "AWS", - "HTTP", - "MOCK", - "HTTP_PROXY", - "AWS_PROXY" - ] + } }, - "Integrations": { + "ListProductRestEndpointPagesResponseContent": { "type": "structure", "members": { "Items": { - "shape": "__listOfIntegration", + "shape": "__listOfProductRestEndpointPageSummaryNoBody", "locationName": "items", "documentation": "The elements from this collection.
" }, "NextToken": { - "shape": "NextToken", + "shape": "__string", "locationName": "nextToken", "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" } }, - "documentation": "Represents a collection of integrations.
" - }, - "IpAddressType": { - "type": "string", - "documentation": "The IP address types that can invoke your API or domain name.
", - "enum": [ - "ipv4", - "dualstack" + "documentation": "Lists the product rest endpoint pages in a portal product.
", + "required": [ + "Items" ] }, - "JWTConfiguration": { - "type": "structure", - "members": { - "Audience": { - "shape": "__listOf__string", - "locationName": "audience", - "documentation": "A list of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list. See RFC 7519. Supported only for HTTP APIs.
" - }, - "Issuer": { - "shape": "UriWithLengthBetween1And2048", - "locationName": "issuer", - "documentation": "The base domain of the identity provider that issues JSON Web Tokens. For example, an Amazon Cognito user pool has the following format: https://cognito-idp.
Represents the configuration of a JWT authorizer. Required for the JWT authorizer type. Supported only for HTTP APIs.
" - }, - "LimitExceededException": { - "type": "structure", - "members": { - "LimitType": { - "shape": "__string", - "locationName": "limitType", - "documentation": "The limit type.
" - }, - "Message": { - "shape": "__string", - "locationName": "message", - "documentation": "Describes the error encountered.
" - } - }, - "documentation": "A limit has been exceeded. See the accompanying error message for details.
" - }, "LoggingLevel": { "type": "string", "documentation": "The logging level.
", @@ -7232,6 +9938,11 @@ "type": "string", "documentation": "The next page of elements from this collection. Not valid for the last element of the collection.
" }, + "None": { + "type": "structure", + "members": {}, + "documentation": "The none option.
" + }, "NotFoundException": { "type": "structure", "members": { @@ -7246,39 +9957,454 @@ "documentation": "The resource type.
" } }, - "documentation": "The resource specified in the request was not found. See the message field for more information.
", - "exception": true, - "error": { - "httpStatusCode": 404 - } + "documentation": "The resource specified in the request was not found. See the message field for more information.
", + "exception": true, + "error": { + "httpStatusCode": 404 + } + }, + "NotFoundExceptionResponseContent": { + "type": "structure", + "members": { + "Message": { + "shape": "__string", + "locationName": "message", + "documentation": "The message of the not found exception response content.
" + }, + "ResourceType": { + "shape": "__string", + "locationName": "resourceType", + "documentation": "The resource type of the not found exception response content.
" + } + }, + "documentation": "The response content for not found exception.
" + }, + "ParameterConstraints": { + "type": "structure", + "members": { + "Required": { + "shape": "__boolean", + "locationName": "required", + "documentation": "Whether or not the parameter is required.
" + } + }, + "documentation": "Validation constraints imposed on parameters of a request (path, query string, headers).
" + }, + "PassthroughBehavior": { + "type": "string", + "documentation": "Represents passthrough behavior for an integration response. Supported only for WebSocket APIs.
", + "enum": [ + "WHEN_NO_MATCH", + "NEVER", + "WHEN_NO_TEMPLATES" + ] + }, + "PortalContent": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "A description of the portal.
" + }, + "DisplayName": { + "shape": "__stringMin3Max255", + "locationName": "displayName", + "documentation": "The display name for the portal.
" + }, + "Theme": { + "shape": "PortalTheme", + "locationName": "theme", + "documentation": "The theme for the portal.
" + } + }, + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
", + "required": [ + "DisplayName", + "Theme" + ] + }, + "PortalProductSummary": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description.
" + }, + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name of a portal product.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" + }, + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of a portal product.
" + }, + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + }, + "documentation": "Represents a portal product.
", + "required": [ + "LastModified", + "Description", + "DisplayName", + "PortalProductId", + "PortalProductArn" + ] + }, + "PortalSummary": { + "type": "structure", + "members": { + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization of the portal.
" + }, + "EndpointConfiguration": { + "shape": "EndpointConfigurationResponse", + "locationName": "endpointConfiguration", + "documentation": "The endpoint configuration of the portal.
" + }, + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal was last modified.
" + }, + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "The description of the portal the last time it was published.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "Preview": { + "shape": "Preview", + "locationName": "preview", + "documentation": "Represents the preview endpoint and the any possible error messages during preview generation.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The publish status.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + }, + "documentation": "Represents a portal summary.
", + "required": [ + "IncludedPortalProductArns", + "PortalId", + "LastModified", + "Authorization", + "PortalArn", + "PortalContent", + "EndpointConfiguration" + ] + }, + "PortalTheme": { + "type": "structure", + "members": { + "CustomColors": { + "shape": "CustomColors", + "locationName": "customColors", + "documentation": "Defines custom color values.
" + }, + "LogoLastUploaded": { + "shape": "__timestampIso8601", + "locationName": "logoLastUploaded", + "documentation": "The timestamp when the logo was last uploaded.
" + } + }, + "documentation": "Defines the theme for a portal.
", + "required": [ + "CustomColors" + ] + }, + "Preview": { + "type": "structure", + "members": { + "PreviewStatus": { + "shape": "PreviewStatus", + "locationName": "previewStatus", + "documentation": "The status of the preview.
" + }, + "PreviewUrl": { + "shape": "__string", + "locationName": "previewUrl", + "documentation": "The URL of the preview.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + } + }, + "documentation": "Contains the preview status and preview URL.
", + "required": [ + "PreviewStatus" + ] + }, + "PreviewPortalRequest": { + "type": "structure", + "members": { + "PortalId": { + "shape": "__string", + "location": "uri", + "locationName": "portalId", + "documentation": "The portal identifier.
" + } + }, + "required": [ + "PortalId" + ] + }, + "PreviewPortalResponse": { + "type": "structure", + "members": {} + }, + "PreviewStatus": { + "type": "string", + "documentation": "Represents the preview status.
", + "enum": [ + "PREVIEW_IN_PROGRESS", + "PREVIEW_FAILED", + "PREVIEW_READY" + ] + }, + "ProductPageSummaryNoBody": { + "type": "structure", + "members": { + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" + }, + "PageTitle": { + "shape": "__stringMin1Max255", + "locationName": "pageTitle", + "documentation": "The page title.
" + }, + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" + }, + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" + } + }, + "documentation": "Represents a product page summary without listing any page content.
", + "required": [ + "LastModified", + "ProductPageArn", + "PageTitle", + "ProductPageId" + ] + }, + "ProductRestEndpointPageSummaryNoBody": { + "type": "structure", + "members": { + "Endpoint": { + "shape": "__stringMin1Max1024", + "locationName": "endpoint", + "documentation": "The endpoint of the product REST endpoint page.
" + }, + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" + }, + "OperationName": { + "shape": "__stringMin1Max255", + "locationName": "operationName", + "documentation": "The operation name of the product REST endpoint.
" + }, + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" + }, + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of a product REST endpoint page.
" + } + }, + "documentation": "A summary of a product REST endpoint page, without providing the page content.
", + "required": [ + "Status", + "LastModified", + "Endpoint", + "RestEndpointIdentifier", + "ProductRestEndpointPageArn", + "ProductRestEndpointPageId", + "TryItState" + ] + }, + "ProtocolType": { + "type": "string", + "documentation": "Represents a protocol type.", + "enum": [ + "WEBSOCKET", + "HTTP" + ] + }, + "PublishPortalRequest": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description of the portal. When the portal is published, this description becomes the last published description.
" + }, + "PortalId": { + "shape": "__string", + "location": "uri", + "locationName": "portalId", + "documentation": "The portal identifier.
" + } + }, + "documentation": "The request body for the post operation.
", + "required": [ + "PortalId" + ] + }, + "PublishPortalRequestContent": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description of the portal. When the portal is published, this description becomes the last published description.
" + } + }, + "documentation": "Publish a portal.
" + }, + "PublishPortalResponse": { + "type": "structure", + "members": {} + }, + "PublishStatus": { + "type": "string", + "documentation": "Represents a publish status.
", + "enum": [ + "PUBLISHED", + "PUBLISH_IN_PROGRESS", + "PUBLISH_FAILED", + "DISABLED" + ] + }, + "PutPortalProductSharingPolicyRequest": { + "type": "structure", + "members": { + "PolicyDocument": { + "shape": "__stringMin1Max307200", + "locationName": "policyDocument", + "documentation": "The product sharing policy.
" + }, + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "documentation": "The request body for the put operation.
", + "required": [ + "PortalProductId", + "PolicyDocument" + ] }, - "ParameterConstraints": { + "PutPortalProductSharingPolicyRequestContent": { "type": "structure", "members": { - "Required": { - "shape": "__boolean", - "locationName": "required", - "documentation": "Whether or not the parameter is required.
" + "PolicyDocument": { + "shape": "__stringMin1Max307200", + "locationName": "policyDocument", + "documentation": "The product sharing policy.
" } }, - "documentation": "Validation constraints imposed on parameters of a request (path, query string, headers).
" - }, - "PassthroughBehavior": { - "type": "string", - "documentation": "Represents passthrough behavior for an integration response. Supported only for WebSocket APIs.
", - "enum": [ - "WHEN_NO_MATCH", - "NEVER", - "WHEN_NO_TEMPLATES" + "documentation": "The request content.
", + "required": [ + "PolicyDocument" ] }, - "ProtocolType": { - "type": "string", - "documentation": "Represents a protocol type.", - "enum": [ - "WEBSOCKET", - "HTTP" - ] + "PutPortalProductSharingPolicyResponse": { + "type": "structure", + "members": {} }, "PutRoutingRuleRequest": { "type": "structure", @@ -7502,6 +10628,17 @@ "shape": "IntegrationParameters" } }, + "RestEndpointIdentifier": { + "type": "structure", + "members": { + "IdentifierParts": { + "shape": "IdentifierParts", + "locationName": "identifierParts", + "documentation": "The identifier parts of the REST endpoint identifier.
" + } + }, + "documentation": "The REST API endpoint identifier.
" + }, "Route": { "type": "structure", "members": { @@ -7887,6 +11024,26 @@ } } }, + "Section": { + "type": "structure", + "members": { + "ProductRestEndpointPageArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "productRestEndpointPageArns", + "documentation": "The ARNs of the product REST endpoint pages in a portal product.
" + }, + "SectionName": { + "shape": "__string", + "locationName": "sectionName", + "documentation": "The section name.
" + } + }, + "documentation": "Contains the section name and list of product REST endpoints for a product.
", + "required": [ + "ProductRestEndpointPageArns", + "SectionName" + ] + }, "SecurityGroupIdList": { "type": "list", "documentation": "A list of security group IDs for the VPC link.
", @@ -8015,6 +11172,31 @@ }, "documentation": "A collection of Stage resources that are associated with the ApiKey resource.
" }, + "Status": { + "type": "string", + "documentation": "The status.
", + "enum": [ + "AVAILABLE", + "IN_PROGRESS", + "FAILED" + ] + }, + "StatusException": { + "type": "structure", + "members": { + "Exception": { + "shape": "__stringMin1Max256", + "locationName": "exception", + "documentation": "The exception.
" + }, + "Message": { + "shape": "__stringMin1Max2048", + "locationName": "message", + "documentation": "The error message.
" + } + }, + "documentation": "Represents a StatusException.
" + }, "StringWithLengthBetween0And1024": { "type": "string", "documentation": "A string with a length between [0-1024].
" @@ -8166,6 +11348,14 @@ "httpStatusCode": 429 } }, + "TryItState": { + "type": "string", + "documentation": "Represents the try it state for a product REST endpoint page.
", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, "UntagResourceRequest": { "type": "structure", "members": { @@ -8829,7 +12019,8 @@ }, "DomainNameArn": { "shape": "Arn", - "locationName": "domainNameArn" + "locationName": "domainNameArn", + "documentation": "The ARN of the DomainName resource.
" }, "DomainNameConfigurations": { "shape": "DomainNameConfigurations", @@ -8846,16 +12037,219 @@ "locationName": "routingMode", "documentation": "The routing mode.
" }, - "Tags": { - "shape": "Tags", - "locationName": "tags", - "documentation": "The collection of tags associated with a domain name.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags associated with a domain name.
" + } + } + }, + "UpdateIntegrationInput": { + "type": "structure", + "members": { + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the integration
" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "Specifies the integration's HTTP method type.
" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration.
" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + } + }, + "documentation": "Represents the input parameters for an UpdateIntegration request.
" + }, + "UpdateIntegrationRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "ConnectionId": { + "shape": "StringWithLengthBetween1And1024", + "locationName": "connectionId", + "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + }, + "ConnectionType": { + "shape": "ConnectionType", + "locationName": "connectionType", + "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "CredentialsArn": { + "shape": "Arn", + "locationName": "credentialsArn", + "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the integration
" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "The integration ID.
" + }, + "IntegrationMethod": { + "shape": "StringWithLengthBetween1And64", + "locationName": "integrationMethod", + "documentation": "Specifies the integration's HTTP method type.
" + }, + "IntegrationSubtype": { + "shape": "StringWithLengthBetween1And128", + "locationName": "integrationSubtype", + "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + }, + "IntegrationType": { + "shape": "IntegrationType", + "locationName": "integrationType", + "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + }, + "IntegrationUri": { + "shape": "UriWithLengthBetween1And2048", + "locationName": "integrationUri", + "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + }, + "PassthroughBehavior": { + "shape": "PassthroughBehavior", + "locationName": "passthroughBehavior", + "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + }, + "PayloadFormatVersion": { + "shape": "StringWithLengthBetween1And64", + "locationName": "payloadFormatVersion", + "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + }, + "RequestParameters": { + "shape": "IntegrationParameters", + "locationName": "requestParameters", + "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "RequestTemplates": { + "shape": "TemplateMap", + "locationName": "requestTemplates", + "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + }, + "ResponseParameters": { + "shape": "ResponseParameters", + "locationName": "responseParameters", + "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration.
" + }, + "TimeoutInMillis": { + "shape": "IntegerWithLengthBetween50And30000", + "locationName": "timeoutInMillis", + "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + }, + "TlsConfig": { + "shape": "TlsConfigInput", + "locationName": "tlsConfig", + "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" } - } + }, + "documentation": "Updates an Integration.
", + "required": [ + "ApiId", + "IntegrationId" + ] }, - "UpdateIntegrationInput": { + "UpdateIntegrationResult": { "type": "structure", "members": { + "ApiGatewayManaged": { + "shape": "__boolean", + "locationName": "apiGatewayManaged", + "documentation": "Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.
" + }, "ConnectionId": { "shape": "StringWithLengthBetween1And1024", "locationName": "connectionId", @@ -8879,13 +12273,23 @@ "Description": { "shape": "StringWithLengthBetween0And1024", "locationName": "description", - "documentation": "The description of the integration
" + "documentation": "Represents the description of an integration.
" + }, + "IntegrationId": { + "shape": "Id", + "locationName": "integrationId", + "documentation": "Represents the identifier of an integration.
" }, "IntegrationMethod": { "shape": "StringWithLengthBetween1And64", "locationName": "integrationMethod", "documentation": "Specifies the integration's HTTP method type.
" }, + "IntegrationResponseSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "integrationResponseSelectionExpression", + "documentation": "The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.
" + }, "IntegrationSubtype": { "shape": "StringWithLengthBetween1And128", "locationName": "integrationSubtype", @@ -8894,7 +12298,7 @@ "IntegrationType": { "shape": "IntegrationType", "locationName": "integrationType", - "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" }, "IntegrationUri": { "shape": "UriWithLengthBetween1And2048", @@ -8914,7 +12318,7 @@ "RequestParameters": { "shape": "IntegrationParameters", "locationName": "requestParameters", - "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" }, "RequestTemplates": { "shape": "TemplateMap", @@ -8929,450 +12333,858 @@ "TemplateSelectionExpression": { "shape": "SelectionExpression", "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration.
" + "documentation": "The template selection expression for the integration. Supported only for WebSocket APIs.
" }, "TimeoutInMillis": { "shape": "IntegerWithLengthBetween50And30000", "locationName": "timeoutInMillis", "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" }, - "TlsConfig": { - "shape": "TlsConfigInput", - "locationName": "tlsConfig", - "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + "TlsConfig": { + "shape": "TlsConfig", + "locationName": "tlsConfig", + "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + } + } + }, + "UpdateIntegrationResponseInput": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "The integration response key.
" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.
The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + } + }, + "documentation": "Represents the input parameters for an UpdateIntegrationResponse request.
" + }, + "UpdateIntegrationResponseRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "IntegrationId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationId", + "documentation": "The integration ID.
" + }, + "IntegrationResponseId": { + "shape": "__string", + "location": "uri", + "locationName": "integrationResponseId", + "documentation": "The integration response ID.
" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "The integration response key.
" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.
The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + } + }, + "documentation": "Updates an IntegrationResponses.
", + "required": [ + "ApiId", + "IntegrationResponseId", + "IntegrationId" + ] + }, + "UpdateIntegrationResponseResponse": { + "type": "structure", + "members": { + "ContentHandlingStrategy": { + "shape": "ContentHandlingStrategy", + "locationName": "contentHandlingStrategy", + "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + }, + "IntegrationResponseId": { + "shape": "Id", + "locationName": "integrationResponseId", + "documentation": "The integration response ID.
" + }, + "IntegrationResponseKey": { + "shape": "SelectionKey", + "locationName": "integrationResponseKey", + "documentation": "The integration response key.
" + }, + "ResponseParameters": { + "shape": "IntegrationParameters", + "locationName": "responseParameters", + "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.
" + }, + "ResponseTemplates": { + "shape": "TemplateMap", + "locationName": "responseTemplates", + "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + }, + "TemplateSelectionExpression": { + "shape": "SelectionExpression", + "locationName": "templateSelectionExpression", + "documentation": "The template selection expressions for the integration response.
" + } + } + }, + "UpdateModelInput": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the model.
" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "The name of the model.
" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + } + }, + "documentation": "Represents the input parameters for an UpdateModel request. Supported only for WebSocket APIs.
" + }, + "UpdateModelRequest": { + "type": "structure", + "members": { + "ApiId": { + "shape": "__string", + "location": "uri", + "locationName": "apiId", + "documentation": "The API identifier.
" + }, + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the model.
" + }, + "ModelId": { + "shape": "__string", + "location": "uri", + "locationName": "modelId", + "documentation": "The model ID.
" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "The name of the model.
" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + } + }, + "documentation": "Updates a Model.
", + "required": [ + "ModelId", + "ApiId" + ] + }, + "UpdateModelResponse": { + "type": "structure", + "members": { + "ContentType": { + "shape": "StringWithLengthBetween1And256", + "locationName": "contentType", + "documentation": "The content-type for the model, for example, \"application/json\".
" + }, + "Description": { + "shape": "StringWithLengthBetween0And1024", + "locationName": "description", + "documentation": "The description of the model.
" + }, + "ModelId": { + "shape": "Id", + "locationName": "modelId", + "documentation": "The model identifier.
" + }, + "Name": { + "shape": "StringWithLengthBetween1And128", + "locationName": "name", + "documentation": "The name of the model. Must be alphanumeric.
" + }, + "Schema": { + "shape": "StringWithLengthBetween0And32K", + "locationName": "schema", + "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" } - }, - "documentation": "Represents the input parameters for an UpdateIntegration request.
" + } }, - "UpdateIntegrationRequest": { + "UpdatePortalProductRequest": { "type": "structure", "members": { - "ApiId": { - "shape": "__string", - "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description.
" }, - "ConnectionId": { - "shape": "StringWithLengthBetween1And1024", - "locationName": "connectionId", - "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The displayName.
" }, - "ConnectionType": { - "shape": "ConnectionType", - "locationName": "connectionType", - "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The display order.
" }, - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" + "PortalProductId": { + "shape": "__string", + "location": "uri", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" + } + }, + "documentation": "The request body for the patch operation.
", + "required": [ + "PortalProductId" + ] + }, + "UpdatePortalProductRequestContent": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description.
" }, - "CredentialsArn": { - "shape": "Arn", - "locationName": "credentialsArn", - "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The displayName.
" }, + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The display order.
" + } + }, + "documentation": "Updates a portal product.
" + }, + "UpdatePortalProductResponse": { + "type": "structure", + "members": { "Description": { - "shape": "StringWithLengthBetween0And1024", + "shape": "__stringMin0Max1024", "locationName": "description", - "documentation": "The description of the integration
" - }, - "IntegrationId": { - "shape": "__string", - "location": "uri", - "locationName": "integrationId", - "documentation": "The integration ID.
" + "documentation": "The description of the portal product.
" }, - "IntegrationMethod": { - "shape": "StringWithLengthBetween1And64", - "locationName": "integrationMethod", - "documentation": "Specifies the integration's HTTP method type.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name of a portal product.
" }, - "IntegrationSubtype": { - "shape": "StringWithLengthBetween1And128", - "locationName": "integrationSubtype", - "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The display order that the portal products will appear in a portal.
" }, - "IntegrationType": { - "shape": "IntegrationType", - "locationName": "integrationType", - "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration. For HTTP API private integrations, use an HTTP_PROXY integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" }, - "IntegrationUri": { - "shape": "UriWithLengthBetween1And2048", - "locationName": "integrationUri", - "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of the portal product.
" }, - "PassthroughBehavior": { - "shape": "PassthroughBehavior", - "locationName": "passthroughBehavior", - "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "PayloadFormatVersion": { - "shape": "StringWithLengthBetween1And64", - "locationName": "payloadFormatVersion", - "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" + } + } + }, + "UpdatePortalProductResponseContent": { + "type": "structure", + "members": { + "Description": { + "shape": "__stringMin0Max1024", + "locationName": "description", + "documentation": "The description of the portal product.
" }, - "RequestParameters": { - "shape": "IntegrationParameters", - "locationName": "requestParameters", - "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to the backend. The key should follow the pattern <action>:<header|querystring|path>.<location> where action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "DisplayName": { + "shape": "__stringMin1Max255", + "locationName": "displayName", + "documentation": "The display name of a portal product.
" }, - "RequestTemplates": { - "shape": "TemplateMap", - "locationName": "requestTemplates", - "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + "DisplayOrder": { + "shape": "DisplayOrder", + "locationName": "displayOrder", + "documentation": "The display order that the portal products will appear in a portal.
" }, - "ResponseParameters": { - "shape": "ResponseParameters", - "locationName": "responseParameters", - "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal product was last modified.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration.
" + "PortalProductArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalProductArn", + "documentation": "The ARN of the portal product.
" }, - "TimeoutInMillis": { - "shape": "IntegerWithLengthBetween50And30000", - "locationName": "timeoutInMillis", - "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + "PortalProductId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "TlsConfig": { - "shape": "TlsConfigInput", - "locationName": "tlsConfig", - "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } }, - "documentation": "Updates an Integration.
", + "documentation": "Updates a portal product.
", "required": [ - "ApiId", - "IntegrationId" + "LastModified", + "DisplayName", + "PortalProductId", + "PortalProductArn" ] }, - "UpdateIntegrationResult": { + "UpdatePortalRequest": { "type": "structure", "members": { - "ApiGatewayManaged": { - "shape": "__boolean", - "locationName": "apiGatewayManaged", - "documentation": "Specifies whether an integration is managed by API Gateway. If you created an API using using quick create, the resulting integration is managed by API Gateway. You can update a managed integration, but you can't delete it.
" - }, - "ConnectionId": { - "shape": "StringWithLengthBetween1And1024", - "locationName": "connectionId", - "documentation": "The ID of the VPC link for a private integration. Supported only for HTTP APIs.
" - }, - "ConnectionType": { - "shape": "ConnectionType", - "locationName": "connectionType", - "documentation": "The type of the network connection to the integration endpoint. Specify INTERNET for connections through the public routable internet or VPC_LINK for private connections between API Gateway and resources in a VPC. The default value is INTERNET.
" + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization of the portal.
" }, - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" - }, - "CredentialsArn": { - "shape": "Arn", - "locationName": "credentialsArn", - "documentation": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string arn:aws:iam::*:user/*. To use resource-based permissions on supported AWS services, specify null.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationRequest", + "locationName": "endpointConfiguration", + "documentation": "Represents an endpoint configuration.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "Represents the description of an integration.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "IntegrationId": { - "shape": "Id", - "locationName": "integrationId", - "documentation": "Represents the identifier of an integration.
" + "LogoUri": { + "shape": "__stringMin0Max1092", + "locationName": "logoUri", + "documentation": "The logo URI.
" }, - "IntegrationMethod": { - "shape": "StringWithLengthBetween1And64", - "locationName": "integrationMethod", - "documentation": "Specifies the integration's HTTP method type.
" + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" }, - "IntegrationResponseSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "integrationResponseSelectionExpression", - "documentation": "The integration response selection expression for the integration. Supported only for WebSocket APIs. See Integration Response Selection Expressions.
" + "PortalId": { + "shape": "__string", + "location": "uri", + "locationName": "portalId", + "documentation": "The portal identifier.
" }, - "IntegrationSubtype": { - "shape": "StringWithLengthBetween1And128", - "locationName": "integrationSubtype", - "documentation": "Supported only for HTTP API AWS_PROXY integrations. Specifies the AWS service action to invoke. To learn more, see Integration subtype reference.
" + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + } + }, + "documentation": "The request body for the patch operation.
", + "required": [ + "PortalId" + ] + }, + "UpdatePortalRequestContent": { + "type": "structure", + "members": { + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization of the portal.
" }, - "IntegrationType": { - "shape": "IntegrationType", - "locationName": "integrationType", - "documentation": "The integration type of an integration. One of the following:
AWS: for integrating the route or method request with an AWS service action, including the Lambda function-invoking action. With the Lambda function-invoking action, this is referred to as the Lambda custom integration. With any other AWS service action, this is known as AWS integration. Supported only for WebSocket APIs.
AWS_PROXY: for integrating the route or method request with a Lambda function or other AWS service action. This integration is also referred to as a Lambda proxy integration.
HTTP: for integrating the route or method request with an HTTP endpoint. This integration is also referred to as the HTTP custom integration. Supported only for WebSocket APIs.
HTTP_PROXY: for integrating the route or method request with an HTTP endpoint, with the client request passed through as-is. This is also referred to as HTTP proxy integration.
MOCK: for integrating the route or method request with API Gateway as a \"loopback\" endpoint without invoking any backend. Supported only for WebSocket APIs.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationRequest", + "locationName": "endpointConfiguration", + "documentation": "Represents an endpoint configuration.
" }, - "IntegrationUri": { - "shape": "UriWithLengthBetween1And2048", - "locationName": "integrationUri", - "documentation": "For a Lambda integration, specify the URI of a Lambda function.
For an HTTP integration, specify a fully-qualified URL.
For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service. If you specify the ARN of an AWS Cloud Map service, API Gateway uses DiscoverInstances to identify resources. You can use query parameters to target specific resources. To learn more, see DiscoverInstances. For private integrations, all resources must be owned by the same AWS account.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "PassthroughBehavior": { - "shape": "PassthroughBehavior", - "locationName": "passthroughBehavior", - "documentation": "Specifies the pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the requestTemplates property on the Integration resource. There are three valid values: WHEN_NO_MATCH, WHEN_NO_TEMPLATES, and NEVER. Supported only for WebSocket APIs.
WHEN_NO_MATCH passes the request body for unmapped content types through to the integration backend without transformation.
NEVER rejects unmapped content types with an HTTP 415 Unsupported Media Type response.
WHEN_NO_TEMPLATES allows pass-through when the integration has no content types mapped to templates. However, if there is at least one content type defined, unmapped content types will be rejected with the same HTTP 415 Unsupported Media Type response.
" + "LogoUri": { + "shape": "__stringMin0Max1092", + "locationName": "logoUri", + "documentation": "The logo URI.
" }, - "PayloadFormatVersion": { - "shape": "StringWithLengthBetween1And64", - "locationName": "payloadFormatVersion", - "documentation": "Specifies the format of the payload sent to an integration. Required for HTTP APIs. Supported values for Lambda proxy integrations are 1.0 and 2.0. For all other integrations, 1.0 is the only supported value. To learn more, see Working with AWS Lambda proxy integrations for HTTP APIs.
" + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" }, - "RequestParameters": { - "shape": "IntegrationParameters", - "locationName": "requestParameters", - "documentation": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the backend. The method request parameter value must match the pattern of method.request.
For HTTP API integrations with a specified integrationSubtype, request parameters are a key-value map specifying parameters that are passed to AWS_PROXY integrations. You can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Working with AWS service integrations for HTTP APIs.
For HTTP API integrations, without a specified integrationSubtype request parameters are a key-value map specifying how to transform HTTP requests before sending them to backend integrations. The key should follow the pattern <action>:<header|querystring|path>.<location>. The action can be append, overwrite or remove. For values, you can provide static values, or map request data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + } + }, + "documentation": "Updates a portal.
" + }, + "UpdatePortalResponse": { + "type": "structure", + "members": { + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization for the portal.
" }, - "RequestTemplates": { - "shape": "TemplateMap", - "locationName": "requestTemplates", - "documentation": "Represents a map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client. The content type value is the key in this map, and the template (as a String) is the value. Supported only for WebSocket APIs.
" + "EndpointConfiguration": { + "shape": "EndpointConfigurationResponse", + "locationName": "endpointConfiguration", + "documentation": "The endpoint configuration.
" }, - "ResponseParameters": { - "shape": "ResponseParameters", - "locationName": "responseParameters", - "documentation": "Supported only for HTTP APIs. You use response parameters to transform the HTTP response from a backend integration before returning the response to clients. Specify a key-value map from a selection key to response parameters. The selection key must be a valid HTTP status code within the range of 200-599. Response parameters are a key-value map. The key must match pattern <action>:<header>.<location> or overwrite.statuscode. The action can be append, overwrite or remove. The value can be a static value, or map to response data, stage variables, or context variables that are evaluated at runtime. To learn more, see Transforming API requests and responses.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration. Supported only for WebSocket APIs.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal was last modified.
" }, - "TimeoutInMillis": { - "shape": "IntegerWithLengthBetween50And30000", - "locationName": "timeoutInMillis", - "documentation": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs. The default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.
" + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "The description associated with the last time the portal was published.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "Preview": { + "shape": "Preview", + "locationName": "preview", + "documentation": "Represents the preview endpoint and the any possible error messages during preview generation.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The publishStatus.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" }, - "TlsConfig": { - "shape": "TlsConfig", - "locationName": "tlsConfig", - "documentation": "The TLS configuration for a private integration. If you specify a TLS configuration, private integration traffic uses the HTTPS protocol. Supported only for HTTP APIs.
" + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } } }, - "UpdateIntegrationResponseInput": { + "UpdatePortalResponseContent": { "type": "structure", "members": { - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" - }, - "IntegrationResponseKey": { - "shape": "SelectionKey", - "locationName": "integrationResponseKey", - "documentation": "The integration response key.
" + "Authorization": { + "shape": "Authorization", + "locationName": "authorization", + "documentation": "The authorization for the portal.
" }, - "ResponseParameters": { - "shape": "IntegrationParameters", - "locationName": "responseParameters", - "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.
The endpoint configuration.
" }, - "ResponseTemplates": { - "shape": "TemplateMap", - "locationName": "responseTemplates", - "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + "IncludedPortalProductArns": { + "shape": "__listOf__stringMin20Max2048", + "locationName": "includedPortalProductArns", + "documentation": "The ARNs of the portal products included in the portal.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the portal was last modified.
" + }, + "LastPublished": { + "shape": "__timestampIso8601", + "locationName": "lastPublished", + "documentation": "The timestamp when the portal was last published.
" + }, + "LastPublishedDescription": { + "shape": "__stringMin0Max1024", + "locationName": "lastPublishedDescription", + "documentation": "The description associated with the last time the portal was published.
" + }, + "PortalArn": { + "shape": "__stringMin20Max2048", + "locationName": "portalArn", + "documentation": "The ARN of the portal.
" + }, + "PortalContent": { + "shape": "PortalContent", + "locationName": "portalContent", + "documentation": "Contains the content that is visible to portal consumers including the themes, display names, and description.
" + }, + "PortalId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "portalId", + "documentation": "The portal identifier.
" + }, + "Preview": { + "shape": "Preview", + "locationName": "preview", + "documentation": "Represents the preview endpoint and the any possible error messages during preview generation.
" + }, + "PublishStatus": { + "shape": "PublishStatus", + "locationName": "publishStatus", + "documentation": "The publishStatus.
" + }, + "RumAppMonitorName": { + "shape": "__stringMin0Max255", + "locationName": "rumAppMonitorName", + "documentation": "The CloudWatch RUM app monitor name.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "Tags": { + "shape": "Tags", + "locationName": "tags", + "documentation": "The collection of tags. Each tag element is associated with a given resource.
" } }, - "documentation": "Represents the input parameters for an UpdateIntegrationResponse request.
" + "documentation": "Updates a portal.
", + "required": [ + "IncludedPortalProductArns", + "PortalId", + "LastModified", + "Authorization", + "PortalArn", + "PortalContent", + "EndpointConfiguration" + ] }, - "UpdateIntegrationResponseRequest": { + "UpdateProductPageRequest": { "type": "structure", "members": { - "ApiId": { - "shape": "__string", - "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" }, - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" - }, - "IntegrationId": { + "PortalProductId": { "shape": "__string", "location": "uri", - "locationName": "integrationId", - "documentation": "The integration ID.
" + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "IntegrationResponseId": { + "ProductPageId": { "shape": "__string", "location": "uri", - "locationName": "integrationResponseId", - "documentation": "The integration response ID.
" - }, - "IntegrationResponseKey": { - "shape": "SelectionKey", - "locationName": "integrationResponseKey", - "documentation": "The integration response key.
" - }, - "ResponseParameters": { - "shape": "IntegrationParameters", - "locationName": "responseParameters", - "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.
The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" - }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expression for the integration response. Supported only for WebSocket APIs.
" + "locationName": "productPageId", + "documentation": "The portal product identifier.
" } }, - "documentation": "Updates an IntegrationResponses.
", + "documentation": "The request body for the patch operation.
", "required": [ - "ApiId", - "IntegrationResponseId", - "IntegrationId" + "PortalProductId", + "ProductPageId" ] }, - "UpdateIntegrationResponseResponse": { + "UpdateProductPageRequestContent": { "type": "structure", "members": { - "ContentHandlingStrategy": { - "shape": "ContentHandlingStrategy", - "locationName": "contentHandlingStrategy", - "documentation": "Supported only for WebSocket APIs. Specifies how to handle response payload content type conversions. Supported values are CONVERT_TO_BINARY and CONVERT_TO_TEXT, with the following behaviors:
CONVERT_TO_BINARY: Converts a response payload from a Base64-encoded string to the corresponding binary blob.
CONVERT_TO_TEXT: Converts a response payload from a binary blob to a Base64-encoded string.
If this property is not defined, the response payload will be passed through from the integration response to the route response or method response without modification.
" - }, - "IntegrationResponseId": { - "shape": "Id", - "locationName": "integrationResponseId", - "documentation": "The integration response ID.
" - }, - "IntegrationResponseKey": { - "shape": "SelectionKey", - "locationName": "integrationResponseKey", - "documentation": "The integration response key.
" + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" + } + }, + "documentation": "Update a product page.
" + }, + "UpdateProductPageResponse": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" }, - "ResponseParameters": { - "shape": "IntegrationParameters", - "locationName": "responseParameters", - "documentation": "A key-value map specifying response parameters that are passed to the method response from the backend. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of method.response.header.{name}, where name is a valid and unique header name. The mapped non-static value must match the pattern of integration.response.header.{name} or integration.response.body.{JSON-expression}, where name is a valid and unique response header name and JSON-expression is a valid JSON expression without the $ prefix.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" }, - "ResponseTemplates": { - "shape": "TemplateMap", - "locationName": "responseTemplates", - "documentation": "The collection of response templates for the integration response as a string-to-string map of key-value pairs. Response templates are represented as a key/value map, with a content-type as the key and a template as the value.
" + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" }, - "TemplateSelectionExpression": { - "shape": "SelectionExpression", - "locationName": "templateSelectionExpression", - "documentation": "The template selection expressions for the integration response.
" + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" } } }, - "UpdateModelInput": { + "UpdateProductPageResponseContent": { "type": "structure", "members": { - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" + "DisplayContent": { + "shape": "DisplayContent", + "locationName": "displayContent", + "documentation": "The content of the product page.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product page was last modified.
" }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model.
" + "ProductPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productPageArn", + "documentation": "The ARN of the product page.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "ProductPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productPageId", + "documentation": "The product page identifier.
" } }, - "documentation": "Represents the input parameters for an UpdateModel request. Supported only for WebSocket APIs.
" + "documentation": "Updates a product page.
", + "required": [ + "LastModified", + "ProductPageArn", + "ProductPageId" + ] }, - "UpdateModelRequest": { + "UpdateProductRestEndpointPageRequest": { "type": "structure", "members": { - "ApiId": { + "DisplayContent": { + "shape": "EndpointDisplayContent", + "locationName": "displayContent", + "documentation": "The display content.
" + }, + "PortalProductId": { "shape": "__string", "location": "uri", - "locationName": "apiId", - "documentation": "The API identifier.
" - }, - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" - }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "locationName": "portalProductId", + "documentation": "The portal product identifier.
" }, - "ModelId": { + "ProductRestEndpointPageId": { "shape": "__string", "location": "uri", - "locationName": "modelId", - "documentation": "The model ID.
" - }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model.
" + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint identifier.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of a product REST endpoint page.
" } }, - "documentation": "Updates a Model.
", + "documentation": "The request body for the patch operation.
", "required": [ - "ModelId", - "ApiId" + "ProductRestEndpointPageId", + "PortalProductId" ] }, - "UpdateModelResponse": { + "UpdateProductRestEndpointPageRequestContent": { "type": "structure", "members": { - "ContentType": { - "shape": "StringWithLengthBetween1And256", - "locationName": "contentType", - "documentation": "The content-type for the model, for example, \"application/json\".
" + "DisplayContent": { + "shape": "EndpointDisplayContent", + "locationName": "displayContent", + "documentation": "The display content.
" }, - "Description": { - "shape": "StringWithLengthBetween0And1024", - "locationName": "description", - "documentation": "The description of the model.
" + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of a product REST endpoint page.
" + } + }, + "documentation": "Updates a product REST endpoint page.
" + }, + "UpdateProductRestEndpointPageResponse": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "EndpointDisplayContentResponse", + "locationName": "displayContent", + "documentation": "The content of the product REST endpoint page.
" }, - "ModelId": { - "shape": "Id", - "locationName": "modelId", - "documentation": "The model identifier.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" + }, + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" + }, + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of a product REST endpoint page.
" + } + } + }, + "UpdateProductRestEndpointPageResponseContent": { + "type": "structure", + "members": { + "DisplayContent": { + "shape": "EndpointDisplayContentResponse", + "locationName": "displayContent", + "documentation": "The content of the product REST endpoint page.
" }, - "Name": { - "shape": "StringWithLengthBetween1And128", - "locationName": "name", - "documentation": "The name of the model. Must be alphanumeric.
" + "LastModified": { + "shape": "__timestampIso8601", + "locationName": "lastModified", + "documentation": "The timestamp when the product REST endpoint page was last modified.
" }, - "Schema": { - "shape": "StringWithLengthBetween0And32K", - "locationName": "schema", - "documentation": "The schema for the model. For application/json models, this should be JSON schema draft 4 model.
" + "ProductRestEndpointPageArn": { + "shape": "__stringMin20Max2048", + "locationName": "productRestEndpointPageArn", + "documentation": "The ARN of the product REST endpoint page.
" + }, + "ProductRestEndpointPageId": { + "shape": "__stringMin10Max30PatternAZ09", + "locationName": "productRestEndpointPageId", + "documentation": "The product REST endpoint page identifier.
" + }, + "RestEndpointIdentifier": { + "shape": "RestEndpointIdentifier", + "locationName": "restEndpointIdentifier", + "documentation": "The REST endpoint identifier.
" + }, + "Status": { + "shape": "Status", + "locationName": "status", + "documentation": "The status.
" + }, + "StatusException": { + "shape": "StatusException", + "locationName": "statusException", + "documentation": "The status exception information.
" + }, + "TryItState": { + "shape": "TryItState", + "locationName": "tryItState", + "documentation": "The try it state of a product REST endpoint page.
" } - } + }, + "documentation": "Update a product REST endpoint page.
", + "required": [ + "Status", + "LastModified", + "RestEndpointIdentifier", + "ProductRestEndpointPageArn", + "ProductRestEndpointPageId", + "TryItState", + "DisplayContent" + ] }, "UpdateRouteInput": { "type": "structure", @@ -10103,6 +13915,30 @@ "shape": "Model" } }, + "__listOfPortalProductSummary": { + "type": "list", + "member": { + "shape": "PortalProductSummary" + } + }, + "__listOfPortalSummary": { + "type": "list", + "member": { + "shape": "PortalSummary" + } + }, + "__listOfProductPageSummaryNoBody": { + "type": "list", + "member": { + "shape": "ProductPageSummaryNoBody" + } + }, + "__listOfProductRestEndpointPageSummaryNoBody": { + "type": "list", + "member": { + "shape": "ProductRestEndpointPageSummaryNoBody" + } + }, "__listOfRoute": { "type": "list", "member": { @@ -10139,6 +13975,12 @@ "shape": "RoutingRuleMatchHeaderValue" } }, + "__listOfSection": { + "type": "list", + "member": { + "shape": "Section" + } + }, "__listOfSelectionKey": { "type": "list", "member": { @@ -10163,12 +14005,119 @@ "shape": "__string" } }, + "__listOf__stringMin20Max2048": { + "type": "list", + "member": { + "shape": "__stringMin20Max2048" + } + }, "__long": { "type": "long" }, "__string": { "type": "string" }, + "__stringMin0Max1024": { + "type": "string", + "min": 0, + "max": 1024 + }, + "__stringMin0Max1092": { + "type": "string", + "min": 0, + "max": 1092 + }, + "__stringMin0Max255": { + "type": "string", + "min": 0, + "max": 255 + }, + "__stringMin10Max2048": { + "type": "string", + "min": 10, + "max": 2048 + }, + "__stringMin10Max30PatternAZ09": { + "type": "string", + "min": 10, + "max": 30, + "pattern": "^[a-z0-9]+$" + }, + "__stringMin1Max1024": { + "type": "string", + "min": 1, + "max": 1024 + }, + "__stringMin1Max128": { + "type": "string", + "min": 1, + "max": 128 + }, + "__stringMin1Max16": { + "type": "string", + "min": 1, + "max": 16 + }, + "__stringMin1Max20": { + "type": "string", + "min": 1, + "max": 20 + }, + "__stringMin1Max2048": { + "type": "string", + "min": 1, + "max": 2048 + }, + "__stringMin1Max255": { + "type": "string", + "min": 1, + "max": 255 + }, + "__stringMin1Max256": { + "type": "string", + "min": 1, + "max": 256 + }, + "__stringMin1Max307200": { + "type": "string", + "min": 1, + "max": 307200 + }, + "__stringMin1Max32768": { + "type": "string", + "min": 1, + "max": 32768 + }, + "__stringMin1Max4096": { + "type": "string", + "min": 1, + "max": 4096 + }, + "__stringMin1Max50": { + "type": "string", + "min": 1, + "max": 50 + }, + "__stringMin1Max64": { + "type": "string", + "min": 1, + "max": 64 + }, + "__stringMin20Max2048": { + "type": "string", + "min": 20, + "max": 2048 + }, + "__stringMin3Max255": { + "type": "string", + "min": 3, + "max": 255 + }, + "__stringMin3Max256": { + "type": "string", + "min": 3, + "max": 256 + }, "__timestampIso8601": { "type": "timestamp", "timestampFormat": "iso8601" diff --git a/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json b/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json index 21a25e10a2d0..6eef2f11313c 100644 --- a/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json +++ b/awscli/botocore/data/application-signals/2024-04-15/paginators-1.json @@ -41,6 +41,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "ServiceStates" + }, + "ListEntityEvents": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ChangeEvents" } } } diff --git a/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json b/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json index bd323ce017c8..4813a89dc91f 100644 --- a/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json +++ b/awscli/botocore/data/application-signals/2024-04-15/paginators-1.sdk-extras.json @@ -31,6 +31,12 @@ "StartTime", "EndTime" ] + }, + "ListEntityEvents": { + "non_aggregate_keys": [ + "StartTime", + "EndTime" + ] } } } diff --git a/awscli/botocore/data/application-signals/2024-04-15/service-2.json b/awscli/botocore/data/application-signals/2024-04-15/service-2.json index 475bc7b159d2..4b1bf466984b 100644 --- a/awscli/botocore/data/application-signals/2024-04-15/service-2.json +++ b/awscli/botocore/data/application-signals/2024-04-15/service-2.json @@ -75,7 +75,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Deletes a grouping configuration that defines how services are grouped and organized in Application Signals. Once deleted, services will no longer be grouped according to the specified configuration rules.
This operation is irreversible. After deletion, you must recreate the grouping configuration if you want to restore the same grouping behavior.
", + "documentation":"Deletes the grouping configuration for this account. This removes all custom grouping attribute definitions that were previously configured.
", "idempotent":true }, "DeleteServiceLevelObjective":{ @@ -108,7 +108,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns information about a service discovered by Application Signals.
" + "documentation":"Returns information about a service discovered by Application Signals.
", + "readonly":true }, "GetServiceLevelObjective":{ "name":"GetServiceLevelObjective", @@ -124,7 +125,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns information about one SLO created in the account.
" + "documentation":"Returns information about one SLO created in the account.
", + "readonly":true }, "ListAuditFindings":{ "name":"ListAuditFindings", @@ -139,7 +141,24 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves a list of audit findings for Application Signals resources. Audit findings identify potential issues, misconfigurations, or compliance violations in your observability setup.
You can filter findings by time range, auditor type, and target resources to focus on specific areas of concern. This operation supports pagination for large result sets.
" + "documentation":"Returns a list of audit findings that provide automated analysis of service behavior and root cause analysis. These findings help identify the most significant observations about your services, including performance issues, anomalies, and potential problems. The findings are generated using heuristic algorithms based on established troubleshooting patterns.
", + "readonly":true + }, + "ListEntityEvents":{ + "name":"ListEntityEvents", + "http":{ + "method":"POST", + "requestUri":"/events", + "responseCode":200 + }, + "input":{"shape":"ListEntityEventsInput"}, + "output":{"shape":"ListEntityEventsOutput"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Returns a list of change events for a specific entity, such as deployments, configuration changes, or other state-changing activities. This operation helps track the history of changes that may have affected service performance.
", + "readonly":true }, "ListGroupingAttributeDefinitions":{ "name":"ListGroupingAttributeDefinitions", @@ -155,7 +174,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Retrieves the available grouping attribute definitions that can be used to create grouping configurations. These definitions specify the attributes and rules available for organizing services.
Use this operation to discover what grouping options are available before creating or updating grouping configurations.
" + "documentation":"Returns the current grouping configuration for this account, including all custom grouping attribute definitions that have been configured. These definitions determine how services are logically grouped based on telemetry attributes, Amazon Web Services tags, or predefined mappings.
", + "readonly":true }, "ListServiceDependencies":{ "name":"ListServiceDependencies", @@ -170,7 +190,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of service dependencies of the service that you specify. A dependency is an infrastructure component that an operation of this service connects with. Dependencies can include Amazon Web Services services, Amazon Web Services resources, and third-party services.
" + "documentation":"Returns a list of service dependencies of the service that you specify. A dependency is an infrastructure component that an operation of this service connects with. Dependencies can include Amazon Web Services services, Amazon Web Services resources, and third-party services.
", + "readonly":true }, "ListServiceDependents":{ "name":"ListServiceDependents", @@ -185,7 +206,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns the list of dependents that invoked the specified service during the provided time range. Dependents include other services, CloudWatch Synthetics canaries, and clients that are instrumented with CloudWatch RUM app monitors.
" + "documentation":"Returns the list of dependents that invoked the specified service during the provided time range. Dependents include other services, CloudWatch Synthetics canaries, and clients that are instrumented with CloudWatch RUM app monitors.
", + "readonly":true }, "ListServiceLevelObjectiveExclusionWindows":{ "name":"ListServiceLevelObjectiveExclusionWindows", @@ -201,7 +223,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves all exclusion windows configured for a specific SLO.
" + "documentation":"Retrieves all exclusion windows configured for a specific SLO.
", + "readonly":true }, "ListServiceLevelObjectives":{ "name":"ListServiceLevelObjectives", @@ -216,7 +239,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of SLOs created in this account.
" + "documentation":"Returns a list of SLOs created in this account.
", + "readonly":true }, "ListServiceOperations":{ "name":"ListServiceOperations", @@ -231,7 +255,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of the operations of this service that have been discovered by Application Signals. Only the operations that were invoked during the specified time range are returned.
" + "documentation":"Returns a list of the operations of this service that have been discovered by Application Signals. Only the operations that were invoked during the specified time range are returned.
", + "readonly":true }, "ListServiceStates":{ "name":"ListServiceStates", @@ -246,7 +271,7 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the current state information for services monitored by Application Signals. Service states include health status, recent change events, and other operational metadata.
You can filter results by time range, AWS account, and service attributes to focus on specific services or time periods. This operation supports pagination and can include data from linked accounts.
" + "documentation":"Returns information about the last deployment and other change states of services. This API provides visibility into recent changes that may have affected service performance, helping with troubleshooting and change correlation.
" }, "ListServices":{ "name":"ListServices", @@ -261,7 +286,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of services that have been discovered by Application Signals. A service represents a minimum logical and transactional unit that completes a business function. Services are discovered through Application Signals instrumentation.
" + "documentation":"Returns a list of services that have been discovered by Application Signals. A service represents a minimum logical and transactional unit that completes a business function. Services are discovered through Application Signals instrumentation.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -276,7 +302,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Displays the tags associated with a CloudWatch resource. Tags can be assigned to service level objectives.
" + "documentation":"Displays the tags associated with a CloudWatch resource. Tags can be assigned to service level objectives.
", + "readonly":true }, "PutGroupingConfiguration":{ "name":"PutGroupingConfiguration", @@ -292,7 +319,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Creates or updates a grouping configuration that defines how services are organized and grouped in Application Signals dashboards and service maps.
Grouping configurations allow you to logically organize services based on attributes such as environment, team ownership, or business function, making it easier to monitor and manage related services together.
", + "documentation":"Creates or updates the grouping configuration for this account. This operation allows you to define custom grouping attributes that determine how services are logically grouped based on telemetry attributes, Amazon Web Services tags, or predefined mappings. These grouping attributes can then be used to organize and filter services in the Application Signals console and APIs.
", "idempotent":true }, "StartDiscovery":{ @@ -309,7 +336,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Enables this Amazon Web Services account to be able to use CloudWatch Application Signals by creating the AWSServiceRoleForCloudWatchApplicationSignals service-linked role. This service- linked role has the following permissions:
xray:GetServiceGraph
logs:StartQuery
logs:GetQueryResults
cloudwatch:GetMetricData
cloudwatch:ListMetrics
tag:GetResources
autoscaling:DescribeAutoScalingGroups
After completing this step, you still need to instrument your Java and Python applications to send data to Application Signals. For more information, see Enabling Application Signals.
" + "documentation":"Enables this Amazon Web Services account to be able to use CloudWatch Application Signals by creating the AWSServiceRoleForCloudWatchApplicationSignals service-linked role. This service- linked role has the following permissions:
xray:GetServiceGraph
logs:StartQuery
logs:GetQueryResults
cloudwatch:GetMetricData
cloudwatch:ListMetrics
tag:GetResources
autoscaling:DescribeAutoScalingGroups
A service-linked CloudTrail event channel is created to process CloudTrail events and return change event information. This includes last deployment time, userName, eventName, and other event metadata.
After completing this step, you still need to instrument your Java and Python applications to send data to Application Signals. For more information, see Enabling Application Signals.
" }, "TagResource":{ "name":"TagResource", @@ -399,14 +426,14 @@ "members":{ "AttributeFilterName":{ "shape":"AttributeFilterName", - "documentation":"The name of the attribute to filter on. This corresponds to service metadata attributes such as environment, team, or custom tags.
" + "documentation":"The name of the attribute to filter by, such as Platform, Environment, or BusinessUnit.
An array of values to match against the specified attribute. Services with attribute values matching any of these values will be included in the results.
" + "documentation":"An array of values to match for the specified attribute. Services that have any of these values for the attribute will be included in the results.
" } }, - "documentation":"Represents a filter for service attributes. Used to narrow down results based on specific attribute names and values.
" + "documentation":"A structure that defines a filter for narrowing down results based on specific attribute values. This can be used to filter services by platform, environment, or other service characteristics.
" }, "AttributeFilterName":{ "type":"string", @@ -450,30 +477,30 @@ "members":{ "KeyAttributes":{ "shape":"Attributes", - "documentation":"A map of key attributes that identify the resource associated with this audit finding. These attributes help locate and understand the context of the finding.
" + "documentation":"The key attributes that identify the service or entity this audit finding relates to. This is a string-to-string map that includes fields like Type, Name, and Environment.
" }, "AuditorResults":{ "shape":"AuditorResults", - "documentation":"An array of results from different auditors that examined the resource. Each result includes the auditor name, description, and severity level.
" + "documentation":"An array of auditor results that contain the specific findings, descriptions, and severity levels identified by different auditing algorithms.
" }, "Operation":{ "shape":"String", - "documentation":"The operation or action that was being audited when this finding was discovered. This provides context about what was being examined.
" + "documentation":"The name of the operation associated with this audit finding, if the finding is specific to a particular service operation.
" }, "MetricGraph":{ "shape":"MetricGraph", - "documentation":"A metric graph associated with the audit finding, showing relevant performance data that may be related to the identified issue.
" + "documentation":"A structure containing metric data queries and time range information that provides context for the audit finding through relevant performance metrics.
" }, "DependencyGraph":{ "shape":"DependencyGraph", - "documentation":"A dependency graph showing the relationships between services that may be affected by or related to the audit finding.
" + "documentation":"A structure containing nodes and edges that represent the dependency relationships relevant to this audit finding, helping to understand the context and potential impact.
" }, "Type":{ "shape":"String", - "documentation":"The type or category of the audit finding, such as \"Performance\", \"Security\", or \"Configuration\".
" + "documentation":"The type of audit finding.
" } }, - "documentation":"Represents an audit finding that identifies a potential issue, misconfiguration, or compliance violation in Application Signals resources.
" + "documentation":"A structure that contains information about an audit finding, which represents an automated analysis result about service behavior, performance issues, or potential problems identified through heuristic algorithms.
" }, "AuditFindings":{ "type":"list", @@ -490,14 +517,14 @@ "members":{ "Type":{ "shape":"String", - "documentation":"The type of resource being targeted for audit, such as \"Service\", \"SLO\", \"ServiceOperation\", or \"Canary\".
" + "documentation":"The type of entity being audited, such as service, SLO, service_operation, or canary.
The specific data or entity information for the audit target, containing details needed to identify and examine the resource.
" + "documentation":"The specific data identifying the audit target entity.
" } }, - "documentation":"Specifies a target resource for auditing, such as a service, SLO, or operation.
" + "documentation":"A structure that specifies the target entity for audit analysis, such as a service, SLO, service_operation, or canary.
Service Level Objective entity information when the audit target is an SLO.
" + "documentation":"SLO entity information when the audit target is a service level objective.
" }, "ServiceOperation":{ "shape":"ServiceOperationEntity", - "documentation":"Service operation entity information when the audit target is a specific operation within a service.
" + "documentation":"Service operation entity information when the audit target is a specific service operation.
" }, "Canary":{ "shape":"CanaryEntity", "documentation":"Canary entity information when the audit target is a CloudWatch Synthetics canary.
" } }, - "documentation":"A union type that represents different types of entities that can be audited, such as services, SLOs, service operations, or canaries.
", + "documentation":"A union structure that contains the specific entity information for different types of audit targets.
", "union":true }, "AuditTargets":{ @@ -533,18 +560,22 @@ "members":{ "Auditor":{ "shape":"String", - "documentation":"The name or identifier of the auditor that performed the examination and generated this result.
" + "documentation":"The name of the auditor algorithm that generated this result.
" }, "Description":{ "shape":"AuditorResultDescriptionString", - "documentation":"A detailed description of what the auditor found, including any recommendations for remediation or further investigation.
" + "documentation":"A detailed description of the audit finding, explaining what was observed and potential implications.
" + }, + "Data":{ + "shape":"DataMap", + "documentation":"This is a string-to-string map. It contains additional data about the result of an automated audit analysis.
" }, "Severity":{ "shape":"Severity", - "documentation":"The severity level of the finding, such as \"Critical\", \"High\", \"Medium\", or \"Low\". This helps prioritize remediation efforts.
" + "documentation":"The severity level of this audit finding, indicating the importance and potential impact of the issue.
" } }, - "documentation":"Represents the result of an audit performed by a specific auditor on a resource.
" + "documentation":"A structure that contains the result of an automated audit analysis, including the auditor name, description of findings, additional data, and severity level.
" }, "AuditorResultDescriptionString":{ "type":"string", @@ -740,7 +771,7 @@ "documentation":"The name of the CloudWatch Synthetics canary.
" } }, - "documentation":"Represents a CloudWatch Synthetics canary that can be audited for performance and configuration issues.
" + "documentation":"A structure that contains identifying information for a CloudWatch Synthetics canary entity used in audit targeting.
" }, "ChangeEvent":{ "type":"structure", @@ -755,42 +786,51 @@ "members":{ "Timestamp":{ "shape":"Timestamp", - "documentation":"The timestamp when the change event occurred, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The timestamp when this change event occurred. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
" }, "AccountId":{ "shape":"AwsAccountId", - "documentation":"The AWS account ID where the change event occurred.
" + "documentation":"The Amazon Web Services account ID where this change event occurred.
" }, "Region":{ "shape":"String", - "documentation":"The AWS region where the change event occurred.
" + "documentation":"The Amazon Web Services region where this change event occurred.
" }, "Entity":{ "shape":"Attributes", - "documentation":"The entity or resource that was changed, such as a service, deployment, or configuration.
" + "documentation":"The entity (service or resource) that was affected by this change event, including its key attributes.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
AwsAccountId specifies the account where this object is in.
Below is an example of a service.
{ \"Type\": \"Service\", \"Name\": \"visits-service\", \"Environment\": \"petclinic-test\" }
Below is an example of a resource.
{ \"Type\": \"AWS::Resource\", \"ResourceType\": \"AWS::DynamoDB::Table\", \"Identifier\": \"Customers\" }
The type of change that occurred, such as \"Deployment\", \"Configuration\", or \"Infrastructure\".
" + "documentation":"The type of change event that occurred, such as DEPLOYMENT.
A unique identifier for the change event.
" + "documentation":"A unique identifier for this change event. For CloudTrail-based events, this is the CloudTrail event id. For other events, this will be Unknown.
The name of the user or system that initiated the change event.
" + "documentation":"The name of the user who initiated this change event, if available.
" }, "EventName":{ "shape":"String", - "documentation":"A descriptive name for the change event that provides context about what changed.
" + "documentation":"The name or description of this change event.
" } }, - "documentation":"Represents a change event that occurred in the system, such as deployments, configuration changes, or other operational events that may impact service performance.
" + "documentation":"A structure that contains information about a change event that occurred for a service, such as a deployment or configuration change.
" }, "ChangeEventType":{ "type":"string", - "enum":["DEPLOYMENT"] + "enum":[ + "DEPLOYMENT", + "CONFIGURATION" + ] + }, + "ChangeEvents":{ + "type":"list", + "member":{"shape":"ChangeEvent"}, + "max":250, + "min":0 }, "ConflictException":{ "type":"structure", @@ -856,6 +896,11 @@ } } }, + "DataMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} + }, "DeleteGroupingConfigurationOutput":{ "type":"structure", "members":{} @@ -899,14 +944,21 @@ "members":{ "Nodes":{ "shape":"Nodes", - "documentation":"An array of nodes in the dependency graph, where each node represents a service or component.
" + "documentation":"An array of nodes representing the services, resources, or other entities in the dependency graph.
" }, "Edges":{ "shape":"Edges", - "documentation":"An array of edges in the dependency graph, where each edge represents a connection or dependency between two nodes.
" + "documentation":"An array of edges representing the connections and relationships between the nodes in the dependency graph.
" } }, - "documentation":"Represents a graph showing the dependencies between services and components in your application architecture.
" + "documentation":"A structure that represents the dependency relationships relevant to an audit finding, containing nodes and edges that show how services and resources are connected.
" + }, + "DetailLevel":{ + "type":"string", + "enum":[ + "BRIEF", + "DETAILED" + ] }, "Dimension":{ "type":"structure", @@ -960,22 +1012,22 @@ "members":{ "SourceNodeId":{ "shape":"String", - "documentation":"The identifier of the source node in the dependency relationship.
" + "documentation":"The identifier of the source node in this edge connection.
" }, "DestinationNodeId":{ "shape":"String", - "documentation":"The identifier of the destination node in the dependency relationship.
" + "documentation":"The identifier of the destination node in this edge connection.
" }, "Duration":{ "shape":"Double", - "documentation":"The typical duration or latency of interactions along this edge, measured in milliseconds.
" + "documentation":"The duration or latency associated with this connection, if applicable.
" }, "ConnectionType":{ "shape":"ConnectionType", - "documentation":"The type of connection between the nodes, such as \"HTTP\", \"Database\", \"Queue\", or \"Internal\".
" + "documentation":"The type of connection between the nodes, indicating the nature of the relationship.
" } }, - "documentation":"Represents a connection between two nodes in a dependency graph, showing how services or components interact with each other.
" + "documentation":"A structure that represents a connection between two nodes in a dependency graph, showing the relationship and characteristics of the connection.
" }, "Edges":{ "type":"list", @@ -1153,18 +1205,18 @@ "members":{ "GroupingName":{ "shape":"GroupingString", - "documentation":"The name of the grouping attribute, such as \"Environment\", \"Team\", or \"Application\".
" + "documentation":"The friendly name for this grouping attribute, such as BusinessUnit or Environment. This name is used to identify the grouping in the console and APIs.
An array of source attribute keys that will be used to determine the grouping value for each service. These keys correspond to service metadata or tags.
" + "documentation":"An array of source keys used to derive the grouping attribute value from telemetry data, Amazon Web Services tags, or other sources. For example, [\"business_unit\", \"team\"] would look for values in those fields.
" }, "DefaultGroupingValue":{ "shape":"GroupingString", - "documentation":"The default value to use for grouping when a service doesn't have any of the specified source keys, such as \"Unknown\" or \"Unassigned\".
" + "documentation":"The default value to use for this grouping attribute when no value can be derived from the source keys. This ensures all services have a grouping value even if the source data is missing.
" } }, - "documentation":"Defines how services should be grouped based on specific attributes. This allows logical organization of services in dashboards and service maps.
" + "documentation":"A structure that defines how services should be grouped based on specific attributes. This includes the friendly name for the grouping, the source keys to derive values from, and an optional default value.
" }, "GroupingAttributeDefinitions":{ "type":"list", @@ -1179,14 +1231,14 @@ "members":{ "GroupingAttributeDefinitions":{ "shape":"GroupingAttributeDefinitions", - "documentation":"An array of grouping attribute definitions that specify the rules for organizing services into groups.
" + "documentation":"An array of grouping attribute definitions that specify how services should be grouped based on various attributes and source keys.
" }, "UpdatedAt":{ "shape":"Timestamp", - "documentation":"The timestamp when the grouping configuration was last updated, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The timestamp when this grouping configuration was last updated. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
" } }, - "documentation":"Contains the complete configuration for how services are grouped and organized in Application Signals.
" + "documentation":"A structure that contains the complete grouping configuration for an account, including all defined grouping attributes and metadata about when it was last updated.
" }, "GroupingSourceKeyStringList":{ "type":"list", @@ -1245,31 +1297,35 @@ "members":{ "StartTime":{ "shape":"Timestamp", - "documentation":"The start time for the audit findings query. Only findings created on or after this time will be included in the results. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
", + "documentation":"The start of the time period to retrieve audit findings for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057
The end time for the audit findings query. Only findings created before this time will be included in the results. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
", + "documentation":"The end of the time period to retrieve audit findings for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057
An array of auditor names to filter the findings. Only findings generated by the specified auditors will be returned. When not specified, findings from all auditors are included except canary.
" + "documentation":"A list of auditor names to filter the findings by. Only findings generated by the specified auditors will be returned.
The following auditors are available for configuration:
slo - SloAuditor: Identifies SLO violations and detects breached thresholds during the Assessment phase.
operation_metric - OperationMetricAuditor: Detects anomalies in service operation metrics from Application Signals RED metrics during the Assessment phase
Anomaly detection is not supported for sparse metrics (those missing more than 80% of datapoints within the given time period).
service_quota - ServiceQuotaAuditor: Monitors resource utilization against service quotas during the Assessment phase
trace - TraceAuditor: Performs deep-dive analysis of distributed traces, correlating traces with breached SLOs or abnormal RED metrics during the Analysis phase
dependency_metric - CriticalPathAuditor: Analyzes service dependency impacts and maps dependency relationships from Application Signals RED metrics during the Analysis phase
top_contributor - TopContributorAuditor: Identifies infrastructure-level contributors to issues by analyzing EMF logs of Application Signals RED metrics during the Analysis phase
log - LogAuditor: Extracts insights from application logs, categorizing error types and ranking severity by frequency during the Analysis phase
InitAuditor and Summarizer auditors are not configurable as they are automatically triggered during the audit process.
An array of audit target specifications to filter the findings. Only findings related to the specified targets (such as specific services, SLOs, operations or canary) will be returned.
" + "documentation":"A list of audit targets to filter the findings by. You can specify services, SLOs, or service operations to limit the audit findings to specific entities.
" + }, + "DetailLevel":{ + "shape":"DetailLevel", + "documentation":"The level of details of the audit findings. Supported values: BRIEF, DETAILED.
The token for the next set of results. Use this token to retrieve additional pages of audit findings when the result set is large.
" + "documentation":"Include this value, if it was returned by the previous operation, to get the next set of audit findings.
" }, "MaxResults":{ "shape":"ListAuditFindingMaxResults", - "documentation":"The maximum number of audit findings to return in a single request. Valid range is 1 to 100. If not specified, defaults to 50.
" + "documentation":"The maximum number of audit findings to return in one operation. If you omit this parameter, the default of 10 is used.
" } } }, @@ -1277,13 +1333,87 @@ "type":"structure", "required":["AuditFindings"], "members":{ + "StartTime":{ + "shape":"Timestamp", + "documentation":"The start of the time period that the returned audit findings apply to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057
The end of the time period that the returned audit findings apply to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057
An array of audit findings that match the specified criteria. Each finding includes details about the issue, affected resources, and auditor results.
" + "documentation":"An array of structures, where each structure contains information about one audit finding, including the auditor results, severity, and associated metric and dependency graphs.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"Include this value in your next use of this API to get the next set of audit findings.
" + } + } + }, + "ListEntityEventsInput":{ + "type":"structure", + "required":[ + "Entity", + "StartTime", + "EndTime" + ], + "members":{ + "Entity":{ + "shape":"Attributes", + "documentation":"The entity for which to retrieve change events. This specifies the service, resource, or other entity whose event history you want to examine.
This is a string-to-string map. It can include the following fields.
Type designates the type of object this is.
ResourceType specifies the type of the resource. This field is used only when the value of the Type field is Resource or AWS::Resource.
Name specifies the name of the object. This is used only if the value of the Type field is Service, RemoteService, or AWS::Service.
Identifier identifies the resource objects of this resource. This is used only if the value of the Type field is Resource or AWS::Resource.
Environment specifies the location where this object is hosted, or what it belongs to.
AwsAccountId specifies the account where this object is in.
Below is an example of a service.
{ \"Type\": \"Service\", \"Name\": \"visits-service\", \"Environment\": \"petclinic-test\" }
Below is an example of a resource.
{ \"Type\": \"AWS::Resource\", \"ResourceType\": \"AWS::DynamoDB::Table\", \"Identifier\": \"Customers\" }
The start of the time period to retrieve change events for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example: 1698778057
The end of the time period to retrieve change events for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example: 1698778057
The maximum number of change events to return in one operation. If you omit this parameter, the default of 50 is used.
", + "location":"querystring", + "locationName":"MaxResults" }, "NextToken":{ "shape":"NextToken", - "documentation":"The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.
" + "documentation":"Include this value, if it was returned by the previous operation, to get the next set of change events.
", + "location":"querystring", + "locationName":"NextToken" + } + } + }, + "ListEntityEventsMaxResults":{ + "type":"integer", + "box":true, + "max":250, + "min":1 + }, + "ListEntityEventsOutput":{ + "type":"structure", + "required":[ + "StartTime", + "EndTime", + "ChangeEvents" + ], + "members":{ + "StartTime":{ + "shape":"Timestamp", + "documentation":"The start of the time period that the returned change events apply to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example: 1698778057
The end of the time period that the returned change events apply to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example: 1698778057
An array of structures, where each structure contains information about one change event that occurred for the specified entity during the requested time period.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"Include this value in your next use of this API to get the next set of change events.
" } } }, @@ -1292,9 +1422,21 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"The token for the next set of results. Use this token to retrieve additional pages of grouping attribute definitions when the result set is large.
", + "documentation":"Include this value, if it was returned by the previous operation, to get the next set of grouping attribute definitions.
", "location":"querystring", "locationName":"NextToken" + }, + "AwsAccountId":{ + "shape":"AwsAccountId", + "documentation":"The Amazon Web Services account ID to retrieve grouping attribute definitions for. Use this when accessing grouping configurations from a different account in cross-account monitoring scenarios.
", + "location":"querystring", + "locationName":"AwsAccountId" + }, + "IncludeLinkedAccounts":{ + "shape":"Boolean", + "documentation":"If you are using this operation in a monitoring account, specify true to include grouping attributes from source accounts in the returned data.
An array of available grouping attribute definitions that can be used to create grouping configurations.
" + "documentation":"An array of structures, where each structure contains information about one grouping attribute definition, including the grouping name, source keys, and default values.
" }, "UpdatedAt":{ "shape":"Timestamp", - "documentation":"The timestamp when the grouping attribute definitions were last updated. Expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The timestamp when the grouping configuration was last updated. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
" }, "NextToken":{ "shape":"NextToken", - "documentation":"The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.
" + "documentation":"Include this value in your next use of this API to get the next set of grouping attribute definitions.
" } } }, @@ -1645,31 +1787,31 @@ "members":{ "StartTime":{ "shape":"Timestamp", - "documentation":"The start time for the service states query. Only service states from this time onward will be included. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The start of the time period to retrieve service state information for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057.
The end time for the service states query. Only service states before this time will be included. Specify the time as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The end of the time period to retrieve service state information for. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057.
The maximum number of service states to return in a single request. Valid range is 1 to 100. If not specified, defaults to 50.
" + "documentation":"The maximum number of service states to return in one operation. If you omit this parameter, the default of 20 is used.
" }, "NextToken":{ "shape":"NextToken", - "documentation":"The token for the next set of results. Use this token to retrieve additional pages of service states when the result set is large.
" + "documentation":"Include this value, if it was returned by the previous operation, to get the next set of service states.
" }, "IncludeLinkedAccounts":{ "shape":"Boolean", - "documentation":"Specifies whether to include service states from linked AWS accounts in the results. Set to true to include linked accounts, or false to only include the current account. Defaults to false.
If you are using this operation in a monitoring account, specify true to include service states from source accounts in the returned data.
The AWS account ID to filter service states. If specified, only service states from this account will be returned. If not specified, service states from the current account (and linked accounts if enabled) are returned.
" + "documentation":"The Amazon Web Services account ID to filter service states by. Use this to limit results to services from a specific account.
" }, "AttributeFilters":{ "shape":"AttributeFilters", - "documentation":"An array of attribute filters to narrow down the service states returned. Each filter specifies an attribute name and the values to match against.
" + "documentation":"A list of attribute filters to narrow down the services. You can filter by platform, environment, or other service attributes.
" } } }, @@ -1688,19 +1830,19 @@ "members":{ "StartTime":{ "shape":"Timestamp", - "documentation":"The start time of the query range, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The start of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057.
The end time of the query range, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The end of the time period that the returned information applies to. When used in a raw HTTP Query API, it is formatted as epoch time in seconds. For example, 1698778057.
An array of service state objects that match the specified criteria. Each service state includes current status, recent change events, and service metadata.
" + "documentation":"An array of structures, where each structure contains information about the state of one service, including its latest change events such as deployments.
" }, "NextToken":{ "shape":"NextToken", - "documentation":"The token to use for retrieving the next page of results. This value is present only if there are more results available than were returned in the current response.
" + "documentation":"Include this value in your next use of this API to get the next set of service states.
" } } }, @@ -1873,18 +2015,18 @@ "members":{ "MetricDataQueries":{ "shape":"MetricDataQueries", - "documentation":"An array of metric data queries that define what metrics to display in the graph. Each query specifies the metric source, aggregation, and time range.
" + "documentation":"An array of metric data queries that define the metrics to be retrieved and analyzed as part of the audit finding context.
" }, "StartTime":{ "shape":"Timestamp", - "documentation":"The start time for the metric data displayed in the graph, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The start time for the metric data included in this graph. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
" }, "EndTime":{ "shape":"Timestamp", - "documentation":"The end time for the metric data displayed in the graph, expressed as the number of milliseconds since January 1, 1970, 00:00:00 UTC.
" + "documentation":"The end time for the metric data included in this graph. When used in a raw HTTP Query API, it is formatted as epoch time in seconds.
" } }, - "documentation":"Represents a graph of metric data over time, showing performance trends and patterns for monitored resources.
" + "documentation":"A structure that contains metric data queries and time range information that provides context for audit findings through relevant performance metrics.
" }, "MetricId":{ "type":"string", @@ -2009,34 +2151,34 @@ "members":{ "KeyAttributes":{ "shape":"Attributes", - "documentation":"A map of key attributes that identify and describe the node, such as service name, environment, and other metadata.
" + "documentation":"The key attributes that identify this node, including Type, Name, and Environment information.
" }, "Name":{ "shape":"String", - "documentation":"The display name of the node, typically the service or component name.
" + "documentation":"The name of the entity represented by this node.
" }, "NodeId":{ "shape":"String", - "documentation":"A unique identifier for the node within the dependency graph.
" + "documentation":"A unique identifier for this node within the dependency graph.
" }, "Operation":{ "shape":"String", - "documentation":"The specific operation or endpoint within the service that this node represents, if applicable.
" + "documentation":"The operation associated with this node, if applicable.
" }, "Type":{ "shape":"String", - "documentation":"The type of node, such as \"Service\", \"Database\", \"Queue\", or \"External\".
" + "documentation":"The type of entity represented by this node, such as Service or Resource.
The typical response time or processing duration for this node, measured in milliseconds.
" + "documentation":"The duration or processing time associated with this node, if applicable.
" }, "Status":{ "shape":"String", - "documentation":"The current health status of the node, such as \"Healthy\", \"Warning\", or \"Critical\".
" + "documentation":"The status of the entity represented by this node.
" } }, - "documentation":"Represents a node in a dependency graph, typically corresponding to a service or component in your application architecture.
" + "documentation":"A structure that represents a node in a dependency graph, containing information about a service, resource, or other entity and its characteristics.
" }, "Nodes":{ "type":"list", @@ -2060,7 +2202,7 @@ "members":{ "GroupingAttributeDefinitions":{ "shape":"GroupingAttributeDefinitions", - "documentation":"An array of grouping attribute definitions that specify how services should be grouped. Each definition includes the grouping name, source keys, and default values.
" + "documentation":"An array of grouping attribute definitions that specify how services should be grouped. Each definition includes a friendly name, source keys to derive the grouping value from, and an optional default value.
" } } }, @@ -2070,7 +2212,7 @@ "members":{ "GroupingConfiguration":{ "shape":"GroupingConfiguration", - "documentation":"The created or updated grouping configuration, including all attribute definitions and metadata such as the update timestamp.
" + "documentation":"A structure containing the updated grouping configuration, including all grouping attribute definitions and the timestamp when it was last updated.
" } } }, @@ -2264,7 +2406,7 @@ }, "ServiceGroups":{ "shape":"ServiceGroups", - "documentation":"An array of service groups that this service belongs to, based on the configured grouping rules.
" + "documentation":"An array of service groups that this service belongs to, based on the configured grouping attributes.
" }, "MetricReferences":{ "shape":"MetricReferences", @@ -2348,22 +2490,22 @@ "members":{ "Type":{ "shape":"String", - "documentation":"The type of service, such as \"WebService\", \"Database\", \"Queue\", or \"Function\".
" + "documentation":"The type of the service entity.
" }, "Name":{ "shape":"String", - "documentation":"The name of the service as identified by Application Signals.
" + "documentation":"The name of the service.
" }, "Environment":{ "shape":"String", - "documentation":"The environment where the service is deployed, such as \"Production\", \"Staging\", or \"Development\".
" + "documentation":"The environment where the service is deployed.
" }, "AwsAccountId":{ "shape":"String", - "documentation":"The AWS account ID where the service is deployed.
" + "documentation":"The Amazon Web Services account ID where the service is located. Provide this value only for cross-account access.
" } }, - "documentation":"Represents a service entity that is monitored by Application Signals.
" + "documentation":"A structure that contains identifying information for a service entity.
" }, "ServiceErrorMessage":{"type":"string"}, "ServiceGroup":{ @@ -2377,22 +2519,22 @@ "members":{ "GroupName":{ "shape":"GroupName", - "documentation":"The name of the group, such as \"Environment\", \"Team\", or \"Application\".
" + "documentation":"The name of the grouping attribute, such as BusinessUnit or Environment.
The specific value for this group, such as \"Production\", \"TeamA\", or \"WebApp\".
" + "documentation":"The value of the grouping attribute for this service, such as Payments or Production.
The source of the grouping information, such as \"Tag\", \"Attribute\", or \"Manual\".
" + "documentation":"The source of the grouping attribute, such as TAG, OTEL, or DEFAULT.
A unique identifier for the group within the grouping configuration.
" + "documentation":"A unique identifier for this grouping attribute value, used for filtering and API operations.
" } }, - "documentation":"Represents a logical grouping of services based on shared attributes or characteristics.
" + "documentation":"A structure that represents a logical grouping of services based on shared attributes such as business unit, environment, or entry point.
" }, "ServiceGroups":{ "type":"list", @@ -2497,7 +2639,7 @@ }, "MetricName":{ "shape":"MetricName", - "documentation":"The name of the CloudWatch metric used as a service level indicator (SLI) for measuring service performance.
" + "documentation":"The name of the CloudWatch metric to use for the SLO, when using a custom metric rather than Application Signals standard metrics.
" }, "Statistic":{ "shape":"ServiceLevelIndicatorStatistic", @@ -2593,7 +2735,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws:application-signals:[^:]*:[^:]*:slo/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]" + "pattern":"arn:(aws|aws-us-gov):application-signals:[^:]*:[^:]*:slo/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]" }, "ServiceLevelObjectiveBudgetReport":{ "type":"structure", @@ -2709,18 +2851,18 @@ "members":{ "SloName":{ "shape":"String", - "documentation":"The name of the Service Level Objective.
" + "documentation":"The name of the service level objective.
" }, "SloArn":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) of the Service Level Objective.
" + "documentation":"The ARN of the service level objective. The SLO must be provided with ARN for cross-account access.
" } }, - "documentation":"Represents a Service Level Objective (SLO) entity that can be audited for compliance and performance.
" + "documentation":"A structure that contains identifying information for a service level objective entity.
" }, "ServiceLevelObjectiveId":{ "type":"string", - "pattern":"[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$|^arn:aws:application-signals:[^:]*:[^:]*:slo/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]" + "pattern":"[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]$|^arn:(aws|aws-us-gov):application-signals:[^:]*:[^:]*:slo/[0-9A-Za-z][-._0-9A-Za-z ]{0,126}[0-9A-Za-z]" }, "ServiceLevelObjectiveIds":{ "type":"list", @@ -2805,14 +2947,14 @@ }, "Operation":{ "shape":"String", - "documentation":"The name of the specific operation within the service.
" + "documentation":"The name of the operation.
" }, "MetricType":{ "shape":"String", - "documentation":"The type of metric associated with this service operation, such as \"Latency\", \"ErrorRate\", or \"Throughput\".
" + "documentation":"The type of metric associated with this service operation.
" } }, - "documentation":"Represents a specific operation within a service that can be monitored and audited independently.
" + "documentation":"A structure that contains identifying information for a service operation entity.
" }, "ServiceOperations":{ "type":"list", @@ -2842,18 +2984,18 @@ "members":{ "AttributeFilters":{ "shape":"AttributeFilters", - "documentation":"The attribute filters that were applied when retrieving this service state.
" + "documentation":"The attribute filters that were applied when retrieving this service state information.
" }, "Service":{ "shape":"Attributes", - "documentation":"The service entity information for this service state.
" + "documentation":"The key attributes that identify this service, including Type, Name, and Environment information.
" }, "LatestChangeEvents":{ "shape":"LatestChangeEvents", - "documentation":"An array of the most recent change events that may have affected this service, such as deployments or configuration changes.
" + "documentation":"An array containing the most recent change events for this service, such as deployments, with information about when they occurred and who initiated them.
" } }, - "documentation":"Represents the current state and health information for a service monitored by Application Signals.
" + "documentation":"A structure that contains information about the current state of a service, including its latest change events such as deployments and other state-changing activities.
" }, "ServiceStates":{ "type":"list", @@ -2886,7 +3028,7 @@ }, "ServiceGroups":{ "shape":"ServiceGroups", - "documentation":"An array of service groups that this service belongs to, providing a summary view of the service's organizational context.
" + "documentation":"An array of service groups that this service belongs to, based on the configured grouping attributes.
" } }, "documentation":"This structure contains information about one of your services that was discovered by Application Signals
" diff --git a/awscli/botocore/data/appstream/2016-12-01/service-2.json b/awscli/botocore/data/appstream/2016-12-01/service-2.json index f8cb945c0bb5..8bbb9176bee4 100644 --- a/awscli/botocore/data/appstream/2016-12-01/service-2.json +++ b/awscli/botocore/data/appstream/2016-12-01/service-2.json @@ -161,7 +161,7 @@ {"shape":"OperationNotPermittedException"}, {"shape":"ResourceAlreadyExistsException"} ], - "documentation":"Creates an app block.
App blocks are an Amazon AppStream 2.0 resource that stores the details about the virtual hard disk in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. The virtual hard disk includes the application binaries and other files necessary to launch your applications. Multiple applications can be assigned to a single app block.
This is only supported for Elastic fleets.
" + "documentation":"Creates an app block.
App blocks are a WorkSpaces Applications resource that stores the details about the virtual hard disk in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. The virtual hard disk includes the application binaries and other files necessary to launch your applications. Multiple applications can be assigned to a single app block.
This is only supported for Elastic fleets.
" }, "CreateAppBlockBuilder":{ "name":"CreateAppBlockBuilder", @@ -214,7 +214,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Creates an application.
Applications are an Amazon AppStream 2.0 resource that stores the details about how to launch applications on Elastic fleet streaming instances. An application consists of the launch details, icon, and display name. Applications are associated with an app block that contains the application binaries and other files. The applications assigned to an Elastic fleet are the applications users can launch.
This is only supported for Elastic fleets.
" + "documentation":"Creates an application.
Applications are a WorkSpaces Applications resource that stores the details about how to launch applications on Elastic fleet streaming instances. An application consists of the launch details, icon, and display name. Applications are associated with an app block that contains the application binaries and other files. The applications assigned to an Elastic fleet are the applications users can launch.
This is only supported for Elastic fleets.
" }, "CreateDirectoryConfig":{ "name":"CreateDirectoryConfig", @@ -232,7 +232,7 @@ {"shape":"OperationNotPermittedException"}, {"shape":"InvalidRoleException"} ], - "documentation":"Creates a Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.
" + "documentation":"Creates a Directory Config object in WorkSpaces Applications. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.
" }, "CreateEntitlement":{ "name":"CreateEntitlement", @@ -248,7 +248,26 @@ {"shape":"LimitExceededException"}, {"shape":"EntitlementAlreadyExistsException"} ], - "documentation":"Creates a new entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. Amazon AppStream 2.0 user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.
" + "documentation":"Creates a new entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. WorkSpaces Applications user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.
" + }, + "CreateExportImageTask":{ + "name":"CreateExportImageTask", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateExportImageTaskRequest"}, + "output":{"shape":"CreateExportImageTaskResult"}, + "errors":[ + {"shape":"LimitExceededException"}, + {"shape":"InvalidRoleException"}, + {"shape":"InvalidAccountStatusException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"ResourceNotAvailableException"} + ], + "documentation":"Creates a task to export a WorkSpaces Applications image to an EC2 AMI. This allows you to use your customized WorkSpaces Applications images with other AWS services or for backup purposes.
" }, "CreateFleet":{ "name":"CreateFleet", @@ -310,6 +329,26 @@ ], "documentation":"Creates a URL to start an image builder streaming session.
" }, + "CreateImportedImage":{ + "name":"CreateImportedImage", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateImportedImageRequest"}, + "output":{"shape":"CreateImportedImageResult"}, + "errors":[ + {"shape":"LimitExceededException"}, + {"shape":"InvalidAccountStatusException"}, + {"shape":"InvalidRoleException"}, + {"shape":"OperationNotPermittedException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"IncompatibleImageException"}, + {"shape":"DryRunOperationException"} + ], + "documentation":"Creates a custom WorkSpaces Applications image by importing an EC2 AMI. This allows you to use your own customized AMI to create WorkSpaces Applications images that support additional instance types beyond the standard stream.* instances.
" + }, "CreateStack":{ "name":"CreateStack", "http":{ @@ -344,7 +383,7 @@ {"shape":"OperationNotPermittedException"}, {"shape":"InvalidParameterCombinationException"} ], - "documentation":"Creates a temporary URL to start an AppStream 2.0 streaming session for the specified user. A streaming URL enables application streaming to be tested without user setup.
" + "documentation":"Creates a temporary URL to start an WorkSpaces Applications streaming session for the specified user. A streaming URL enables application streaming to be tested without user setup.
" }, "CreateThemeForStack":{ "name":"CreateThemeForStack", @@ -381,7 +420,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"IncompatibleImageException"} ], - "documentation":"Creates a new image with the latest Windows operating system updates, driver updates, and AppStream 2.0 agent software.
For more information, see the \"Update an Image by Using Managed AppStream 2.0 Image Updates\" section in Administer Your AppStream 2.0 Images, in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"Creates a new image with the latest Windows operating system updates, driver updates, and WorkSpaces Applications agent software.
For more information, see the \"Update an Image by Using Managed WorkSpaces Applications Image Updates\" section in Administer Your WorkSpaces Applications Images, in the Amazon WorkSpaces Applications Administration Guide.
" }, "CreateUsageReportSubscription":{ "name":"CreateUsageReportSubscription", @@ -474,7 +513,7 @@ {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Deletes the specified Directory Config object from AppStream 2.0. This object includes the information required to join streaming instances to an Active Directory domain.
" + "documentation":"Deletes the specified Directory Config object from WorkSpaces Applications. This object includes the information required to join streaming instances to an Active Directory domain.
" }, "DeleteEntitlement":{ "name":"DeleteEntitlement", @@ -707,7 +746,7 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves a list that describes one or more specified Directory Config objects for AppStream 2.0, if the names for these objects are provided. Otherwise, all Directory Config objects in the account are described. These objects include the configuration information required to join fleets and image builders to Microsoft Active Directory domains.
Although the response syntax in this topic includes the account password, this password is not returned in the actual response.
" + "documentation":"Retrieves a list that describes one or more specified Directory Config objects for WorkSpaces Applications, if the names for these objects are provided. Otherwise, all Directory Config objects in the account are described. These objects include the configuration information required to join fleets and image builders to Microsoft Active Directory domains.
Although the response syntax in this topic includes the account password, this password is not returned in the actual response.
" }, "DescribeEntitlements":{ "name":"DescribeEntitlements", @@ -885,7 +924,7 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"Disables the specified user in the user pool. Users can't sign in to AppStream 2.0 until they are re-enabled. This action does not delete the user.
" + "documentation":"Disables the specified user in the user pool. Users can't sign in to WorkSpaces Applications until they are re-enabled. This action does not delete the user.
" }, "DisassociateAppBlockBuilderAppBlock":{ "name":"DisassociateAppBlockBuilderAppBlock", @@ -978,7 +1017,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidAccountStatusException"} ], - "documentation":"Enables a user in the user pool. After being enabled, users can sign in to AppStream 2.0 and open applications from the stacks to which they are assigned.
" + "documentation":"Enables a user in the user pool. After being enabled, users can sign in to WorkSpaces Applications and open applications from the stacks to which they are assigned.
" }, "ExpireSession":{ "name":"ExpireSession", @@ -990,6 +1029,20 @@ "output":{"shape":"ExpireSessionResult"}, "documentation":"Immediately stops the specified streaming session.
" }, + "GetExportImageTask":{ + "name":"GetExportImageTask", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetExportImageTaskRequest"}, + "output":{"shape":"GetExportImageTaskResult"}, + "errors":[ + {"shape":"OperationNotPermittedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Retrieves information about an export image task, including its current state, progress, and any error details.
" + }, "ListAssociatedFleets":{ "name":"ListAssociatedFleets", "http":{ @@ -1025,6 +1078,19 @@ ], "documentation":"Retrieves a list of entitled applications.
" }, + "ListExportImageTasks":{ + "name":"ListExportImageTasks", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListExportImageTasksRequest"}, + "output":{"shape":"ListExportImageTasksResult"}, + "errors":[ + {"shape":"OperationNotPermittedException"} + ], + "documentation":"Lists export image tasks, with optional filtering and pagination. Use this operation to monitor the status of multiple export operations.
" + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -1036,7 +1102,7 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves a list of all tags for the specified AppStream 2.0 resource. You can tag AppStream 2.0 image builders, images, fleets, and stacks.
For more information about tags, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"Retrieves a list of all tags for the specified WorkSpaces Applications resource. You can tag WorkSpaces Applications image builders, images, fleets, and stacks.
For more information about tags, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "StartAppBlockBuilder":{ "name":"StartAppBlockBuilder", @@ -1166,7 +1232,7 @@ {"shape":"InvalidAccountStatusException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Adds or overwrites one or more tags for the specified AppStream 2.0 resource. You can tag AppStream 2.0 image builders, images, fleets, and stacks.
Each tag consists of a key and an optional value. If a resource already has a tag with the same key, this operation updates its value.
To list the current tags for your resources, use ListTagsForResource. To disassociate tags from your resources, use UntagResource.
For more information about tags, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"Adds or overwrites one or more tags for the specified WorkSpaces Applications resource. You can tag WorkSpaces Applications image builders, images, fleets, and stacks.
Each tag consists of a key and an optional value. If a resource already has a tag with the same key, this operation updates its value.
To list the current tags for your resources, use ListTagsForResource. To disassociate tags from your resources, use UntagResource.
For more information about tags, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "UntagResource":{ "name":"UntagResource", @@ -1179,7 +1245,7 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"Disassociates one or more specified tags from the specified AppStream 2.0 resource.
To list the current tags for your resources, use ListTagsForResource.
For more information about tags, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"Disassociates one or more specified tags from the specified WorkSpaces Applications resource.
To list the current tags for your resources, use ListTagsForResource.
For more information about tags, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "UpdateAppBlockBuilder":{ "name":"UpdateAppBlockBuilder", @@ -1234,7 +1300,7 @@ {"shape":"InvalidRoleException"}, {"shape":"IncompatibleImageException"} ], - "documentation":"Updates the specified Directory Config object in AppStream 2.0. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.
" + "documentation":"Updates the specified Directory Config object in WorkSpaces Applications. This object includes the configuration information required to join fleets and image builders to Microsoft Active Directory domains.
" }, "UpdateEntitlement":{ "name":"UpdateEntitlement", @@ -1344,7 +1410,7 @@ "documentation":"The identifier (ID) of the VPC in which the interface endpoint is used.
" } }, - "documentation":"Describes an interface VPC endpoint (interface endpoint) that lets you create a private connection between the virtual private cloud (VPC) that you specify and AppStream 2.0. When you specify an interface endpoint for a stack, users of the stack can connect to AppStream 2.0 only through that endpoint. When you specify an interface endpoint for an image builder, administrators can connect to the image builder only through that endpoint.
" + "documentation":"Describes an interface VPC endpoint (interface endpoint) that lets you create a private connection between the virtual private cloud (VPC) that you specify and WorkSpaces Applications. When you specify an interface endpoint for a stack, users of the stack can connect to WorkSpaces Applications only through that endpoint. When you specify an interface endpoint for an image builder, administrators can connect to the image builder only through that endpoint.
" }, "AccessEndpointList":{ "type":"list", @@ -1427,6 +1493,18 @@ }, "documentation":"The collection of license usage records.
" }, + "AgentSoftwareVersion":{ + "type":"string", + "documentation":"The image type is the type of AppStream image resource.", + "enum":[ + "CURRENT_LATEST", + "ALWAYS_LATEST" + ] + }, + "AmiName":{ + "type":"string", + "pattern":"^[a-zA-Z0-9().\\-/_]{3,128}$" + }, "AppBlock":{ "type":"structure", "required":[ @@ -1472,14 +1550,14 @@ }, "State":{ "shape":"AppBlockState", - "documentation":"The state of the app block.
An app block with AppStream 2.0 packaging will be in the INACTIVE state if no application package (VHD) is assigned to it. After an application package (VHD) is created by an app block builder for an app block, it becomes ACTIVE.
Custom app blocks are always in the ACTIVE state and no action is required to use them.
The state of the app block.
An app block with WorkSpaces Applications packaging will be in the INACTIVE state if no application package (VHD) is assigned to it. After an application package (VHD) is created by an app block builder for an app block, it becomes ACTIVE.
Custom app blocks are always in the ACTIVE state and no action is required to use them.
The errors of the app block.
" } }, - "documentation":"Describes an app block.
App blocks are an Amazon AppStream 2.0 resource that stores the details about the virtual hard disk in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. The virtual hard disk includes the application binaries and other files necessary to launch your applications. Multiple applications can be assigned to a single app block.
This is only supported for Elastic fleets.
" + "documentation":"Describes an app block.
App blocks are a WorkSpaces Applications resource that stores the details about the virtual hard disk in an S3 bucket. It also stores the setup script with details about how to mount the virtual hard disk. The virtual hard disk includes the application binaries and other files necessary to launch your applications. Multiple applications can be assigned to a single app block.
This is only supported for Elastic fleets.
" }, "AppBlockBuilder":{ "type":"structure", @@ -1633,6 +1711,21 @@ "type":"list", "member":{"shape":"AppBlock"} }, + "AppCatalogConfig":{ + "type":"list", + "member":{"shape":"ApplicationConfig"}, + "max":50 + }, + "AppDisplayName":{ + "type":"string", + "max":100, + "pattern":"^[a-zA-Z0-9][a-zA-Z0-9_. -]{0,99}$" + }, + "AppName":{ + "type":"string", + "max":100, + "pattern":"^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,99}$" + }, "AppVisibility":{ "type":"string", "enum":[ @@ -1718,6 +1811,45 @@ "member":{"shape":"ApplicationAttribute"}, "max":2 }, + "ApplicationConfig":{ + "type":"structure", + "required":[ + "Name", + "AbsoluteAppPath" + ], + "members":{ + "Name":{ + "shape":"AppName", + "documentation":"The name of the application. This is a required field that must be unique within the application catalog and between 1-100 characters, matching the pattern ^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,99}$.
" + }, + "DisplayName":{ + "shape":"AppDisplayName", + "documentation":"The display name shown to users for this application. This field is optional and can be 0-100 characters, matching the pattern ^[a-zA-Z0-9][a-zA-Z0-9_. -]{0,99}$.
" + }, + "AbsoluteAppPath":{ + "shape":"FilePath", + "documentation":"The absolute path to the executable file that launches the application. This is a required field that can be 1-32767 characters to support Windows extended file paths. Use escaped file path strings like \"C:\\\\\\\\Windows\\\\\\\\System32\\\\\\\\notepad.exe\".
" + }, + "AbsoluteIconPath":{ + "shape":"FilePath", + "documentation":"The absolute path to the icon file for the application. This field is optional and can be 1-32767 characters. If not provided, the icon is derived from the executable. Use PNG images with proper transparency for the best user experience.
" + }, + "AbsoluteManifestPath":{ + "shape":"FilePath", + "documentation":"The absolute path to the prewarm manifest file for this application. This field is optional and only applicable when using application-specific manifests. The path can be 1-32767 characters and should point to a text file containing file paths to prewarm.
" + }, + "WorkingDirectory":{ + "shape":"FilePath", + "documentation":"The working directory to use when launching the application. This field is optional and can be 0-32767 characters. Use escaped file path strings like \"C:\\\\\\\\Path\\\\\\\\To\\\\\\\\Working\\\\\\\\Directory\".
" + }, + "LaunchParameters":{ + "shape":"LaunchParameters", + "documentation":"The launch parameters to pass to the application executable. This field is optional and can be 0-1024 characters. Use escaped strings with the full list of required parameters, such as PowerShell script paths or command-line arguments.
" + } + }, + "documentation":"Configuration for an application in the imported image's application catalog. This structure defines how applications appear and launch for users.
", + "sensitive":true + }, "ApplicationFleetAssociation":{ "type":"structure", "required":[ @@ -2112,7 +2244,7 @@ }, "Tags":{ "shape":"Tags", - "documentation":"The tags to associate with the app block builder. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
If you do not specify a value, the value is set to an empty string.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
For more information, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The tags to associate with the app block builder. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
If you do not specify a value, the value is set to an empty string.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
For more information, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "Platform":{ "shape":"AppBlockBuilderPlatformType", @@ -2132,7 +2264,7 @@ }, "IamRoleArn":{ "shape":"Arn", - "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the app block builder. To assume a role, the app block builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the app block builder. To assume a role, the app block builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "AccessEndpoints":{ "shape":"AccessEndpointList", @@ -2360,6 +2492,45 @@ } } }, + "CreateExportImageTaskRequest":{ + "type":"structure", + "required":[ + "ImageName", + "AmiName", + "IamRoleArn" + ], + "members":{ + "ImageName":{ + "shape":"Name", + "documentation":"The name of the WorkSpaces Applications image to export. The image must be in an available state and owned by your account.
" + }, + "AmiName":{ + "shape":"AmiName", + "documentation":"The name for the exported EC2 AMI. This is a required field that must be unique within your account and region.
" + }, + "IamRoleArn":{ + "shape":"Arn", + "documentation":"The ARN of the IAM role that allows WorkSpaces Applications to create the AMI. The role must have permissions to copy images, describe images, and create tags, with a trust relationship allowing appstream.amazonaws.com to assume the role.
" + }, + "TagSpecifications":{ + "shape":"Tags", + "documentation":"The tags to apply to the exported AMI. These tags help you organize and manage your EC2 AMIs.
" + }, + "AmiDescription":{ + "shape":"Description", + "documentation":"An optional description for the exported AMI. This description will be applied to the resulting EC2 AMI.
" + } + } + }, + "CreateExportImageTaskResult":{ + "type":"structure", + "members":{ + "ExportImageTask":{ + "shape":"ExportImageTask", + "documentation":"Information about the export image task that was created, including the task ID and initial state.
" + } + } + }, "CreateFleetRequest":{ "type":"structure", "required":[ @@ -2381,7 +2552,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"The instance type to use when launching fleet instances. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics-desktop.2xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.24xlarge
stream.graphics-pro.4xlarge
stream.graphics-pro.8xlarge
stream.graphics-pro.16xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The following instance types are available for Elastic fleets:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
The instance type to use when launching fleet instances. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The following instance types are available for Elastic fleets:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
The tags to associate with the fleet. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
If you do not specify a value, the value is set to an empty string.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
For more information, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The tags to associate with the fleet. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
If you do not specify a value, the value is set to an empty string.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
For more information, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "IdleDisconnectTimeoutInSeconds":{ "shape":"Integer", @@ -2429,11 +2600,11 @@ }, "IamRoleArn":{ "shape":"Arn", - "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the fleet. To assume a role, a fleet instance calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the fleet. To assume a role, a fleet instance calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "StreamView":{ "shape":"StreamView", - "documentation":"The AppStream 2.0 view that is displayed to your users when they stream from the fleet. When APP is specified, only the windows of applications opened by users display. When DESKTOP is specified, the standard desktop that is provided by the operating system displays.
The default value is APP.
The WorkSpaces Applications view that is displayed to your users when they stream from the fleet. When APP is specified, only the windows of applications opened by users display. When DESKTOP is specified, the standard desktop that is provided by the operating system displays.
The default value is APP.
The maximum number of user sessions on an instance. This only applies to multi-session fleets.
" + }, + "RootVolumeConfig":{ + "shape":"VolumeConfig", + "documentation":"The configuration for the root volume of fleet instances. Use this to customize storage capacity from 200 GB up to 500 GB based on your application requirements.
" } } }, @@ -2487,7 +2662,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"The instance type to use when launching the image builder. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics-desktop.2xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics-pro.4xlarge
stream.graphics-pro.8xlarge
stream.graphics-pro.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The instance type to use when launching the image builder. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The Amazon Resource Name (ARN) of the IAM role to apply to the image builder. To assume a role, the image builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the image builder. To assume a role, the image builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "EnableDefaultInternetAccess":{ "shape":"BooleanObject", @@ -2515,16 +2690,20 @@ }, "AppstreamAgentVersion":{ "shape":"AppstreamAgentVersion", - "documentation":"The version of the AppStream 2.0 agent to use for this image builder. To use the latest version of the AppStream 2.0 agent, specify [LATEST].
" + "documentation":"The version of the WorkSpaces Applications agent to use for this image builder. To use the latest version of the WorkSpaces Applications agent, specify [LATEST].
" }, "Tags":{ "shape":"Tags", - "documentation":"The tags to associate with the image builder. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
If you do not specify a value, the value is set to an empty string.
For more information about tags, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The tags to associate with the image builder. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
If you do not specify a value, the value is set to an empty string.
For more information about tags, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "AccessEndpoints":{ "shape":"AccessEndpointList", "documentation":"The list of interface VPC endpoint (interface endpoint) objects. Administrators can connect to the image builder only through the specified endpoints.
" }, + "RootVolumeConfig":{ + "shape":"VolumeConfig", + "documentation":"The configuration for the root volume of the image builder. Use this to customize storage capacity from 200 GB up to 500 GB based on your application installation requirements.
" + }, "SoftwaresToInstall":{ "shape":"StringList", "documentation":"The list of license included applications to install on the image builder during creation.
Possible values include the following:
Microsoft_Office_2021_LTSC_Professional_Plus_32Bit
Microsoft_Office_2021_LTSC_Professional_Plus_64Bit
Microsoft_Office_2024_LTSC_Professional_Plus_32Bit
Microsoft_Office_2024_LTSC_Professional_Plus_64Bit
Microsoft_Visio_2021_LTSC_Professional_32Bit
Microsoft_Visio_2021_LTSC_Professional_64Bit
Microsoft_Visio_2024_LTSC_Professional_32Bit
Microsoft_Visio_2024_LTSC_Professional_64Bit
Microsoft_Project_2021_Professional_32Bit
Microsoft_Project_2021_Professional_64Bit
Microsoft_Project_2024_Professional_32Bit
Microsoft_Project_2024_Professional_64Bit
Microsoft_Office_2021_LTSC_Standard_32Bit
Microsoft_Office_2021_LTSC_Standard_64Bit
Microsoft_Office_2024_LTSC_Standard_32Bit
Microsoft_Office_2024_LTSC_Standard_64Bit
Microsoft_Visio_2021_LTSC_Standard_32Bit
Microsoft_Visio_2021_LTSC_Standard_64Bit
Microsoft_Visio_2024_LTSC_Standard_32Bit
Microsoft_Visio_2024_LTSC_Standard_64Bit
Microsoft_Project_2021_Standard_32Bit
Microsoft_Project_2021_Standard_64Bit
Microsoft_Project_2024_Standard_32Bit
Microsoft_Project_2024_Standard_64Bit
The URL to start the AppStream 2.0 streaming session.
" + "documentation":"The URL to start the WorkSpaces Applications streaming session.
" }, "Expires":{ "shape":"Timestamp", @@ -2571,6 +2750,62 @@ } } }, + "CreateImportedImageRequest":{ + "type":"structure", + "required":[ + "Name", + "SourceAmiId", + "IamRoleArn" + ], + "members":{ + "Name":{ + "shape":"Name", + "documentation":"A unique name for the imported image. The name must be between 1 and 100 characters and can contain letters, numbers, underscores, periods, and hyphens.
" + }, + "SourceAmiId":{ + "shape":"PhotonAmiId", + "documentation":"The ID of the EC2 AMI to import. The AMI must meet specific requirements including Windows Server 2022 Full Base, UEFI boot mode, TPM 2.0 support, and proper drivers.
" + }, + "IamRoleArn":{ + "shape":"Arn", + "documentation":"The ARN of the IAM role that allows WorkSpaces Applications to access your AMI. The role must have permissions to modify image attributes and describe images, with a trust relationship allowing appstream.amazonaws.com to assume the role.
" + }, + "Description":{ + "shape":"ImageImportDescription", + "documentation":"An optional description for the imported image. The description must match approved regex patterns and can be up to 256 characters.
" + }, + "DisplayName":{ + "shape":"ImageImportDisplayName", + "documentation":"An optional display name for the imported image. The display name must match approved regex patterns and can be up to 100 characters.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"The tags to apply to the imported image. Tags help you organize and manage your WorkSpaces Applications resources.
" + }, + "RuntimeValidationConfig":{ + "shape":"RuntimeValidationConfig", + "documentation":"Configuration for runtime validation of the imported image. When specified, WorkSpaces Applications provisions an instance to test streaming functionality, which helps ensure the image is suitable for use.
" + }, + "AgentSoftwareVersion":{ + "shape":"AgentSoftwareVersion", + "documentation":"The version of the WorkSpaces Applications agent to use for the imported image. Choose CURRENT_LATEST to use the agent version available at the time of import, or ALWAYS_LATEST to automatically update to the latest agent version when new versions are released.
" + }, + "AppCatalogConfig":{ + "shape":"AppCatalogConfig", + "documentation":"Configuration for the application catalog of the imported image. This allows you to specify applications available for streaming, including their paths, icons, and launch parameters. This field contains sensitive data.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"When set to true, performs validation checks without actually creating the imported image. Use this to verify your configuration before executing the actual import operation.
" + } + } + }, + "CreateImportedImageResult":{ + "type":"structure", + "members":{ + "Image":{"shape":"Image"} + } + }, "CreateStackRequest":{ "type":"structure", "required":["Name"], @@ -2609,15 +2844,15 @@ }, "Tags":{ "shape":"Tags", - "documentation":"The tags to associate with the stack. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
If you do not specify a value, the value is set to an empty string.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
For more information about tags, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The tags to associate with the stack. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
If you do not specify a value, the value is set to an empty string.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
For more information about tags, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "AccessEndpoints":{ "shape":"AccessEndpointList", - "documentation":"The list of interface VPC endpoint (interface endpoint) objects. Users of the stack can connect to AppStream 2.0 only through the specified endpoints.
" + "documentation":"The list of interface VPC endpoint (interface endpoint) objects. Users of the stack can connect to WorkSpaces Applications only through the specified endpoints.
" }, "EmbedHostDomains":{ "shape":"EmbedHostDomains", - "documentation":"The domains where AppStream 2.0 streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded AppStream 2.0 streaming sessions.
" + "documentation":"The domains where WorkSpaces Applications streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded WorkSpaces Applications streaming sessions.
" }, "StreamingExperienceSettings":{ "shape":"StreamingExperienceSettings", @@ -2664,7 +2899,7 @@ }, "SessionContext":{ "shape":"String", - "documentation":"The session context. For more information, see Session Context in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The session context. For more information, see Session Context in the Amazon WorkSpaces Applications Administration Guide.
" } } }, @@ -2673,7 +2908,7 @@ "members":{ "StreamingURL":{ "shape":"String", - "documentation":"The URL to start the AppStream 2.0 streaming session.
" + "documentation":"The URL to start the WorkSpaces Applications streaming session.
" }, "Expires":{ "shape":"Timestamp", @@ -2751,11 +2986,11 @@ }, "newImageTags":{ "shape":"Tags", - "documentation":"The tags to associate with the new image. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
If you do not specify a value, the value is set to an empty string.
For more information about tags, see Tagging Your Resources in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The tags to associate with the new image. A tag is a key-value pair, and the value is optional. For example, Environment=Test. If you do not specify a value, Environment=.
Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following special characters:
_ . : / = + \\ - @
If you do not specify a value, the value is set to an empty string.
For more information about tags, see Tagging Your Resources in the Amazon WorkSpaces Applications Administration Guide.
" }, "dryRun":{ "shape":"Boolean", - "documentation":"Indicates whether to display the status of image update availability before AppStream 2.0 initiates the process of creating a new updated image. If this value is set to true, AppStream 2.0 displays whether image updates are available. If this value is set to false, AppStream 2.0 initiates the process of creating a new updated image without displaying whether image updates are available.
Indicates whether to display the status of image update availability before WorkSpaces Applications initiates the process of creating a new updated image. If this value is set to true, WorkSpaces Applications displays whether image updates are available. If this value is set to false, WorkSpaces Applications initiates the process of creating a new updated image without displaying whether image updates are available.
The Amazon S3 bucket where generated reports are stored.
If you enabled on-instance session scripts and Amazon S3 logging for your session script configuration, AppStream 2.0 created an S3 bucket to store the script output. The bucket is unique to your account and Region. When you enable usage reporting in this case, AppStream 2.0 uses the same bucket to store your usage reports. If you haven't already enabled on-instance session scripts, when you enable usage reports, AppStream 2.0 creates a new S3 bucket.
" + "documentation":"The Amazon S3 bucket where generated reports are stored.
If you enabled on-instance session scripts and Amazon S3 logging for your session script configuration, WorkSpaces Applications created an S3 bucket to store the script output. The bucket is unique to your account and Region. When you enable usage reporting in this case, WorkSpaces Applications uses the same bucket to store your usage reports. If you haven't already enabled on-instance session scripts, when you enable usage reports, WorkSpaces Applications creates a new S3 bucket.
" }, "Schedule":{ "shape":"UsageReportSchedule", @@ -3844,6 +4079,14 @@ "member":{"shape":"Domain"}, "max":50 }, + "DryRunOperationException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"The exception that is thrown when a dry run operation is requested. This indicates that the validation checks have been performed successfully, but no actual resources were created or modified.
", + "exception":true + }, "DynamicAppProvidersEnabled":{ "type":"string", "enum":[ @@ -3937,7 +4180,7 @@ "documentation":"The time when the entitlement was last modified.
" } }, - "documentation":"Specifies an entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. Amazon AppStream 2.0 user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.
" + "documentation":"Specifies an entitlement. Entitlements control access to specific applications within a stack, based on user attributes. Entitlements apply to SAML 2.0 federated user identities. WorkSpaces Applications user pool and streaming URL users are entitled to all applications in a stack. Entitlements don't apply to the desktop stream view application, or to applications managed by a dynamic app provider using the Dynamic Application Framework.
" }, "EntitlementAlreadyExistsException":{ "type":"structure", @@ -3956,14 +4199,14 @@ "members":{ "Name":{ "shape":"String", - "documentation":"A supported AWS IAM SAML PrincipalTag attribute that is matched to the associated value when a user identity federates into an Amazon AppStream 2.0 SAML application.
The following are valid values:
roles
department
organization
groups
title
costCenter
userType
" + "documentation":"
A supported AWS IAM SAML PrincipalTag attribute that is matched to the associated value when a user identity federates into a WorkSpaces Applications SAML application.
The following are valid values:
roles
department
organization
groups
title
costCenter
userType
" }, "Value":{ "shape":"String", - "documentation":"
A value that is matched to a supported SAML attribute name when a user identity federates into an Amazon AppStream 2.0 SAML application.
" + "documentation":"A value that is matched to a supported SAML attribute name when a user identity federates into a WorkSpaces Applications SAML application.
" } }, - "documentation":"An attribute associated with an entitlement. Application entitlements work by matching a supported SAML 2.0 attribute name to a value when a user identity federates to an Amazon AppStream 2.0 SAML application.
" + "documentation":"An attribute associated with an entitlement. Application entitlements work by matching a supported SAML 2.0 attribute name to a value when a user identity federates to a WorkSpaces Applications SAML application.
" }, "EntitlementAttributeList":{ "type":"list", @@ -4018,10 +4261,109 @@ "type":"structure", "members":{} }, + "ExportImageTask":{ + "type":"structure", + "required":[ + "TaskId", + "ImageArn", + "AmiName", + "CreatedDate" + ], + "members":{ + "TaskId":{ + "shape":"UUID", + "documentation":"The unique identifier for the export image task. Use this ID to track the task's progress and retrieve its details.
" + }, + "ImageArn":{ + "shape":"Arn", + "documentation":"The ARN of the WorkSpaces Applications image being exported.
" + }, + "AmiName":{ + "shape":"AmiName", + "documentation":"The name of the EC2 AMI that will be created by this export task.
" + }, + "CreatedDate":{ + "shape":"Timestamp", + "documentation":"The date and time when the export image task was created.
" + }, + "AmiDescription":{ + "shape":"Description", + "documentation":"The description that will be applied to the exported EC2 AMI.
" + }, + "State":{ + "shape":"ExportImageTaskState", + "documentation":"The current state of the export image task, such as PENDING, RUNNING, COMPLETED, or FAILED.
" + }, + "AmiId":{ + "shape":"PhotonAmiId", + "documentation":"The ID of the EC2 AMI that was created by this export task. This field is only populated when the task completes successfully.
" + }, + "TagSpecifications":{ + "shape":"Tags", + "documentation":"The tags that will be applied to the exported EC2 AMI.
" + }, + "ErrorDetails":{ + "shape":"ErrorDetailsList", + "documentation":"Details about any errors that occurred during the export process. This field is only populated when the task fails.
" + } + }, + "documentation":"Information about an export image task, including its current state, timestamps, and any error details.
" + }, + "ExportImageTaskState":{ + "type":"string", + "enum":[ + "EXPORTING", + "COMPLETED", + "FAILED" + ] + }, + "ExportImageTasks":{ + "type":"list", + "member":{"shape":"ExportImageTask"} + }, "FeedbackURL":{ "type":"string", "max":1000 }, + "FilePath":{ + "type":"string", + "max":32767, + "sensitive":true + }, + "Filter":{ + "type":"structure", + "required":[ + "Name", + "Values" + ], + "members":{ + "Name":{ + "shape":"FilterName", + "documentation":"The name of the filter. Valid filter names depend on the operation being performed.
" + }, + "Values":{ + "shape":"FilterValues", + "documentation":"The values for the filter. Multiple values can be specified for a single filter name.
" + } + }, + "documentation":"A filter for narrowing down the results when listing export image tasks. Filters allow you to specify criteria such as task state or creation date.
" + }, + "FilterName":{ + "type":"string", + "pattern":"^[a-zA-Z0-9][a-zA-Z0-9_.-]{0,100}$" + }, + "FilterValue":{ + "type":"string", + "pattern":"^[a-zA-Z0-9][a-zA-Z0-9_:/.-]{0,200}$" + }, + "FilterValues":{ + "type":"list", + "member":{"shape":"FilterValue"} + }, + "Filters":{ + "type":"list", + "member":{"shape":"Filter"} + }, "Fleet":{ "type":"structure", "required":[ @@ -4058,7 +4400,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"The instance type to use when launching fleet instances. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics-desktop.2xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics-pro.4xlarge
stream.graphics-pro.8xlarge
stream.graphics-pro.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The instance type to use when launching fleet instances. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The ARN of the IAM role that is applied to the fleet. To assume a role, the fleet instance calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The ARN of the IAM role that is applied to the fleet. To assume a role, the fleet instance calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "StreamView":{ "shape":"StreamView", - "documentation":"The AppStream 2.0 view that is displayed to your users when they stream from the fleet. When APP is specified, only the windows of applications opened by users display. When DESKTOP is specified, the standard desktop that is provided by the operating system displays.
The default value is APP.
The WorkSpaces Applications view that is displayed to your users when they stream from the fleet. When APP is specified, only the windows of applications opened by users display. When DESKTOP is specified, the standard desktop that is provided by the operating system displays.
The default value is APP.
The maximum number of user sessions on an instance. This only applies to multi-session fleets.
" + }, + "RootVolumeConfig":{ + "shape":"VolumeConfig", + "documentation":"The current configuration of the root volume for fleet instances, including the storage size in GB.
" } }, "documentation":"Describes a fleet.
" @@ -4145,7 +4491,8 @@ "IAM_ROLE_ARN", "USB_DEVICE_FILTER_STRINGS", "SESSION_SCRIPT_S3_LOCATION", - "MAX_SESSIONS_PER_INSTANCE" + "MAX_SESSIONS_PER_INSTANCE", + "VOLUME_CONFIGURATION" ] }, "FleetAttributes":{ @@ -4199,7 +4546,8 @@ "DOMAIN_JOIN_NERR_WORKSTATION_NOT_STARTED", "DOMAIN_JOIN_ERROR_DS_MACHINE_ACCOUNT_QUOTA_EXCEEDED", "DOMAIN_JOIN_NERR_PASSWORD_EXPIRED", - "DOMAIN_JOIN_INTERNAL_SERVICE_ERROR" + "DOMAIN_JOIN_INTERNAL_SERVICE_ERROR", + "VALIDATION_ERROR" ] }, "FleetErrors":{ @@ -4228,6 +4576,24 @@ "ELASTIC" ] }, + "GetExportImageTaskRequest":{ + "type":"structure", + "members":{ + "TaskId":{ + "shape":"UUID", + "documentation":"The unique identifier of the export image task to retrieve information about.
" + } + } + }, + "GetExportImageTaskResult":{ + "type":"structure", + "members":{ + "ExportImageTask":{ + "shape":"ExportImageTask", + "documentation":"Information about the export image task, including its current state, created date, and any error details.
" + } + } + }, "Image":{ "type":"structure", "required":["Name"], @@ -4290,7 +4656,7 @@ }, "AppstreamAgentVersion":{ "shape":"AppstreamAgentVersion", - "documentation":"The version of the AppStream 2.0 agent to use for instances that are launched from this image.
" + "documentation":"The version of the WorkSpaces Applications agent to use for instances that are launched from this image.
" }, "ImagePermissions":{ "shape":"ImagePermissions", @@ -4302,7 +4668,7 @@ }, "LatestAppstreamAgentVersion":{ "shape":"LatestAppstreamAgentVersion", - "documentation":"Indicates whether the image is using the latest AppStream 2.0 agent version or not.
" + "documentation":"Indicates whether the image is using the latest WorkSpaces Applications agent version or not.
" }, "SupportedInstanceFamilies":{ "shape":"StringList", @@ -4310,7 +4676,7 @@ }, "DynamicAppProvidersEnabled":{ "shape":"DynamicAppProvidersEnabled", - "documentation":"Indicates whether dynamic app providers are enabled within an AppStream 2.0 image or not.
" + "documentation":"Indicates whether dynamic app providers are enabled within an WorkSpaces Applications image or not.
" }, "ImageSharedWithOthers":{ "shape":"ImageSharedWithOthers", @@ -4319,6 +4685,10 @@ "ManagedSoftwareIncluded":{ "shape":"Boolean", "documentation":"Indicates whether the image includes license-included applications.
" + }, + "ImageType":{ + "shape":"ImageType", + "documentation":"The type of the image. Images created through AMI import have type \"custom\", while WorkSpaces Applications provided images have type \"native\". Custom images support additional instance types including GeneralPurpose, MemoryOptimized, ComputeOptimized, and Accelerated instance families.
" } }, "documentation":"Describes an image.
" @@ -4353,7 +4723,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"The instance type for the image builder. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics-desktop.2xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics-pro.4xlarge
stream.graphics-pro.8xlarge
stream.graphics-pro.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The instance type for the image builder. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The ARN of the IAM role that is applied to the image builder. To assume a role, the image builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The ARN of the IAM role that is applied to the image builder. To assume a role, the image builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "State":{ "shape":"ImageBuilderState", @@ -4390,15 +4760,19 @@ }, "AppstreamAgentVersion":{ "shape":"AppstreamAgentVersion", - "documentation":"The version of the AppStream 2.0 agent that is currently being used by the image builder.
" + "documentation":"The version of the WorkSpaces Applications agent that is currently being used by the image builder.
" }, "AccessEndpoints":{ "shape":"AccessEndpointList", "documentation":"The list of virtual private cloud (VPC) interface endpoint objects. Administrators can connect to the image builder only through the specified endpoints.
" }, + "RootVolumeConfig":{ + "shape":"VolumeConfig", + "documentation":"The current configuration of the root volume for the image builder, including the storage size in GB.
" + }, "LatestAppstreamAgentVersion":{ "shape":"LatestAppstreamAgentVersion", - "documentation":"Indicates whether the image builder is using the latest AppStream 2.0 agent version or not.
" + "documentation":"Indicates whether the image builder is using the latest WorkSpaces Applications agent version or not.
" } }, "documentation":"Describes a virtual machine that is used to create an image.
" @@ -4422,7 +4796,8 @@ "UPDATING", "PENDING_QUALIFICATION", "PENDING_SYNCING_APPS", - "SYNCING_APPS" + "SYNCING_APPS", + "PENDING_IMAGE_IMPORT" ] }, "ImageBuilderStateChangeReason":{ @@ -4446,6 +4821,16 @@ "IMAGE_UNAVAILABLE" ] }, + "ImageImportDescription":{ + "type":"string", + "max":256, + "pattern":"^[a-zA-Z0-9_.() -]+$" + }, + "ImageImportDisplayName":{ + "type":"string", + "max":100, + "pattern":"^[a-zA-Z0-9_.() -]+$" + }, "ImageList":{ "type":"list", "member":{"shape":"Image"} @@ -4480,7 +4865,8 @@ "COPYING", "DELETING", "CREATING", - "IMPORTING" + "IMPORTING", + "VALIDATING" ] }, "ImageStateChangeReason":{ @@ -4502,7 +4888,17 @@ "enum":[ "INTERNAL_ERROR", "IMAGE_BUILDER_NOT_AVAILABLE", - "IMAGE_COPY_FAILURE" + "IMAGE_COPY_FAILURE", + "IMAGE_UPDATE_FAILURE", + "IMAGE_IMPORT_FAILURE" + ] + }, + "ImageType":{ + "type":"string", + "documentation":"The image type is the type of AppStream image resource.", + "enum":[ + "CUSTOM", + "NATIVE" ] }, "IncompatibleImageException":{ @@ -4513,6 +4909,10 @@ "documentation":"The image can't be updated because it's not compatible for updates.
", "exception":true }, + "InstanceType":{ + "type":"string", + "pattern":"^[a-zA-Z0-9-]+(\\.[a-z0-9-]+)+\\.(small|medium|large|xlarge|\\d+xlarge|metal)$" + }, "Integer":{"type":"integer"}, "InvalidAccountStatusException":{ "type":"structure", @@ -4563,6 +4963,12 @@ "FALSE" ] }, + "LaunchParameters":{ + "type":"string", + "max":1024, + "pattern":"[^\\x00]+", + "sensitive":true + }, "LimitExceededException":{ "type":"structure", "members":{ @@ -4663,6 +5069,36 @@ } } }, + "ListExportImageTasksRequest":{ + "type":"structure", + "members":{ + "Filters":{ + "shape":"Filters", + "documentation":"Optional filters to apply when listing export image tasks. Filters help you narrow down the results based on specific criteria.
" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of export image tasks to return in a single request. The valid range is 1-500, with a default of 50.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token from a previous request. Use this to retrieve the next page of results when there are more tasks than the MaxResults limit.
" + } + } + }, + "ListExportImageTasksResult":{ + "type":"structure", + "members":{ + "ExportImageTasks":{ + "shape":"ExportImageTasks", + "documentation":"The list of export image tasks that match the specified criteria.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token to use for retrieving the next page of results. This field is only present when there are more results available.
" + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["ResourceArn"], @@ -4714,7 +5150,7 @@ }, "EniIpv6Addresses":{ "shape":"StringList", - "documentation":"The IPv6 addresses of the elastic network interface that is attached to instances in your VPC.
" + "documentation":"The IPv6 addresses assigned to the elastic network interface. This field supports IPv6 connectivity for WorkSpaces Applications instances.
" }, "EniId":{ "shape":"String", @@ -4753,6 +5189,10 @@ "DISABLED" ] }, + "PhotonAmiId":{ + "type":"string", + "pattern":"^ami-[a-z0-9]{8,17}$" + }, "PlatformType":{ "type":"string", "enum":[ @@ -4791,7 +5231,7 @@ "members":{ "Message":{"shape":"ErrorMessage"} }, - "documentation":"AppStream 2.0 can’t process the request right now because the Describe calls from your AWS account are being throttled by Amazon EC2. Try again later.
", + "documentation":"WorkSpaces Applications can’t process the request right now because the Describe calls from your AWS account are being throttled by Amazon EC2. Try again later.
", "exception":true }, "ResourceAlreadyExistsException":{ @@ -4854,6 +5294,16 @@ "documentation":"The specified resource was not found.
", "exception":true }, + "RuntimeValidationConfig":{ + "type":"structure", + "members":{ + "IntendedInstanceType":{ + "shape":"InstanceType", + "documentation":"The instance type to use for runtime validation testing. It's recommended to use the same instance type you plan to use for your fleet to ensure accurate validation results.
" + } + }, + "documentation":"Configuration for runtime validation of imported images. This structure specifies the instance type to use for testing the imported image's streaming capabilities.
" + }, "S3Bucket":{ "type":"string", "max":63, @@ -5119,11 +5569,11 @@ }, "AccessEndpoints":{ "shape":"AccessEndpointList", - "documentation":"The list of virtual private cloud (VPC) interface endpoint objects. Users of the stack can connect to AppStream 2.0 only through the specified endpoints.
" + "documentation":"The list of virtual private cloud (VPC) interface endpoint objects. Users of the stack can connect to WorkSpaces Applications only through the specified endpoints.
" }, "EmbedHostDomains":{ "shape":"EmbedHostDomains", - "documentation":"The domains where AppStream 2.0 streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded AppStream 2.0 streaming sessions.
" + "documentation":"The domains where WorkSpaces Applications streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded WorkSpaces Applications streaming sessions.
" }, "StreamingExperienceSettings":{ "shape":"StreamingExperienceSettings", @@ -5224,7 +5674,7 @@ }, "AppstreamAgentVersion":{ "shape":"AppstreamAgentVersion", - "documentation":"The version of the AppStream 2.0 agent to use for this image builder. To use the latest version of the AppStream 2.0 agent, specify [LATEST].
" + "documentation":"The version of the WorkSpaces Applications agent to use for this image builder. To use the latest version of the WorkSpaces Applications agent, specify [LATEST].
" } } }, @@ -5322,7 +5772,7 @@ }, "DomainsRequireAdminConsent":{ "shape":"DomainList", - "documentation":"The OneDrive for Business domains where you require admin consent when users try to link their OneDrive account to AppStream 2.0. The attribute can only be specified when ConnectorType=ONE_DRIVE.
" + "documentation":"The OneDrive for Business domains where you require admin consent when users try to link their OneDrive account to WorkSpaces Applications. The attribute can only be specified when ConnectorType=ONE_DRIVE.
" } }, "documentation":"Describes a connector that enables persistent storage for users.
" @@ -5521,6 +5971,10 @@ "pattern":"^[-@./#&+\\w\\s]*$" }, "Timestamp":{"type":"timestamp"}, + "UUID":{ + "type":"string", + "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -5576,7 +6030,7 @@ }, "IamRoleArn":{ "shape":"Arn", - "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the app block builder. To assume a role, the app block builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the app block builder. To assume a role, the app block builder calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "AccessEndpoints":{ "shape":"AccessEndpointList", @@ -5728,7 +6182,7 @@ }, "InstanceType":{ "shape":"String", - "documentation":"The instance type to use when launching fleet instances. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics-desktop.2xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics-pro.4xlarge
stream.graphics-pro.8xlarge
stream.graphics-pro.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The following instance types are available for Elastic fleets:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
The instance type to use when launching fleet instances. The following instance types are available:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
stream.compute.large
stream.compute.xlarge
stream.compute.2xlarge
stream.compute.4xlarge
stream.compute.8xlarge
stream.memory.large
stream.memory.xlarge
stream.memory.2xlarge
stream.memory.4xlarge
stream.memory.8xlarge
stream.memory.z1d.large
stream.memory.z1d.xlarge
stream.memory.z1d.2xlarge
stream.memory.z1d.3xlarge
stream.memory.z1d.6xlarge
stream.memory.z1d.12xlarge
stream.graphics-design.large
stream.graphics-design.xlarge
stream.graphics-design.2xlarge
stream.graphics-design.4xlarge
stream.graphics.g4dn.xlarge
stream.graphics.g4dn.2xlarge
stream.graphics.g4dn.4xlarge
stream.graphics.g4dn.8xlarge
stream.graphics.g4dn.12xlarge
stream.graphics.g4dn.16xlarge
stream.graphics.g5.xlarge
stream.graphics.g5.2xlarge
stream.graphics.g5.4xlarge
stream.graphics.g5.8xlarge
stream.graphics.g5.16xlarge
stream.graphics.g5.12xlarge
stream.graphics.g5.24xlarge
stream.graphics.g6.xlarge
stream.graphics.g6.2xlarge
stream.graphics.g6.4xlarge
stream.graphics.g6.8xlarge
stream.graphics.g6.16xlarge
stream.graphics.g6.12xlarge
stream.graphics.g6.24xlarge
stream.graphics.gr6.4xlarge
stream.graphics.gr6.8xlarge
stream.graphics.g6f.large
stream.graphics.g6f.xlarge
stream.graphics.g6f.2xlarge
stream.graphics.g6f.4xlarge
stream.graphics.gr6f.4xlarge
The following instance types are available for Elastic fleets:
stream.standard.small
stream.standard.medium
stream.standard.large
stream.standard.xlarge
stream.standard.2xlarge
The Amazon Resource Name (ARN) of the IAM role to apply to the fleet. To assume a role, a fleet instance calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances in the Amazon AppStream 2.0 Administration Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role to apply to the fleet. To assume a role, a fleet instance calls the AWS Security Token Service (STS) AssumeRole API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. WorkSpaces Applications retrieves the temporary credentials and creates the appstream_machine_role credential profile on the instance.
For more information, see Using an IAM Role to Grant Permissions to Applications and Scripts Running on WorkSpaces Applications Streaming Instances in the Amazon WorkSpaces Applications Administration Guide.
" }, "StreamView":{ "shape":"StreamView", - "documentation":"The AppStream 2.0 view that is displayed to your users when they stream from the fleet. When APP is specified, only the windows of applications opened by users display. When DESKTOP is specified, the standard desktop that is provided by the operating system displays.
The default value is APP.
The WorkSpaces Applications view that is displayed to your users when they stream from the fleet. When APP is specified, only the windows of applications opened by users display. When DESKTOP is specified, the standard desktop that is provided by the operating system displays.
The default value is APP.
The maximum number of user sessions on an instance. This only applies to multi-session fleets.
" + }, + "RootVolumeConfig":{ + "shape":"VolumeConfig", + "documentation":"The updated configuration for the root volume of fleet instances. Note that volume size cannot be decreased below the image volume size.
" } } }, @@ -5887,11 +6345,11 @@ }, "AccessEndpoints":{ "shape":"AccessEndpointList", - "documentation":"The list of interface VPC endpoint (interface endpoint) objects. Users of the stack can connect to AppStream 2.0 only through the specified endpoints.
" + "documentation":"The list of interface VPC endpoint (interface endpoint) objects. Users of the stack can connect to WorkSpaces Applications only through the specified endpoints.
" }, "EmbedHostDomains":{ "shape":"EmbedHostDomains", - "documentation":"The domains where AppStream 2.0 streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded AppStream 2.0 streaming sessions.
" + "documentation":"The domains where WorkSpaces Applications streaming sessions can be embedded in an iframe. You must approve the domains that you want to host embedded WorkSpaces Applications streaming sessions.
" }, "StreamingExperienceSettings":{ "shape":"StreamingExperienceSettings", @@ -5972,7 +6430,7 @@ "members":{ "S3BucketName":{ "shape":"String", - "documentation":"The Amazon S3 bucket where generated reports are stored.
If you enabled on-instance session scripts and Amazon S3 logging for your session script configuration, AppStream 2.0 created an S3 bucket to store the script output. The bucket is unique to your account and Region. When you enable usage reporting in this case, AppStream 2.0 uses the same bucket to store your usage reports. If you haven't already enabled on-instance session scripts, when you enable usage reports, AppStream 2.0 creates a new S3 bucket.
" + "documentation":"The Amazon S3 bucket where generated reports are stored.
If you enabled on-instance session scripts and Amazon S3 logging for your session script configuration, WorkSpaces Applications created an S3 bucket to store the script output. The bucket is unique to your account and Region. When you enable usage reporting in this case, WorkSpaces Applications uses the same bucket to store your usage reports. If you haven't already enabled on-instance session scripts, when you enable usage reports, WorkSpaces Applications creates a new S3 bucket.
" }, "Schedule":{ "shape":"UsageReportSchedule", @@ -6163,6 +6621,16 @@ "SHARED" ] }, + "VolumeConfig":{ + "type":"structure", + "members":{ + "VolumeSizeInGb":{ + "shape":"Integer", + "documentation":"The size of the root volume in GB. Valid range is 200-500 GB. The default is 200 GB, which is included in the hourly instance rate. Additional storage beyond 200 GB incurs extra charges and applies to instances regardless of their running state.
" + } + }, + "documentation":"Configuration for the root volume of fleet instances and image builders. This allows you to customize the storage capacity beyond the default 200 GB.
" + }, "VpcConfig":{ "type":"structure", "members":{ @@ -6178,5 +6646,5 @@ "documentation":"Describes VPC configuration information for fleets and image builders.
" } }, - "documentation":"This is the Amazon AppStream 2.0 API Reference. This documentation provides descriptions and syntax for each of the actions and data types in AppStream 2.0. AppStream 2.0 is a fully managed, secure application streaming service that lets you stream desktop applications to users without rewriting applications. AppStream 2.0 manages the AWS resources that are required to host and run your applications, scales automatically, and provides access to your users on demand.
You can call the AppStream 2.0 API operations by using an interface VPC endpoint (interface endpoint). For more information, see Access AppStream 2.0 API Operations and CLI Commands Through an Interface VPC Endpoint in the Amazon AppStream 2.0 Administration Guide.
To learn more about AppStream 2.0, see the following resources:
" + "documentation":"This is the Amazon WorkSpaces Applications API Reference. This documentation provides descriptions and syntax for each of the actions and data types in WorkSpaces Applications. WorkSpaces Applications is a fully managed, secure application streaming service that lets you stream desktop applications to users without rewriting applications. WorkSpaces Applications manages the AWS resources that are required to host and run your applications, scales automatically, and provides access to your users on demand.
You can call the WorkSpaces Applications API operations by using an interface VPC endpoint (interface endpoint). For more information, see Access WorkSpaces Applications API Operations and CLI Commands Through an Interface VPC Endpoint in the Amazon WorkSpaces Applications Administration Guide.
To learn more about WorkSpaces Applications, see the following resources:
" } diff --git a/awscli/botocore/data/athena/2017-05-18/service-2.json b/awscli/botocore/data/athena/2017-05-18/service-2.json index 5de96ff11c9e..9df6159f17ae 100644 --- a/awscli/botocore/data/athena/2017-05-18/service-2.json +++ b/awscli/botocore/data/athena/2017-05-18/service-2.json @@ -464,7 +464,22 @@ {"shape":"InternalServerException"}, {"shape":"InvalidRequestException"} ], - "documentation":"Returns query execution runtime statistics related to a single execution of a query if you have access to the workgroup in which the query ran. Statistics from the Timeline section of the response object are available as soon as QueryExecutionStatus$State is in a SUCCEEDED or FAILED state. The remaining non-timeline statistics in the response (like stage-level input and output row count and data size) are updated asynchronously and may not be available immediately after a query completes. The non-timeline statistics are also not included when a query has row-level filters defined in Lake Formation.
Returns query execution runtime statistics related to a single execution of a query if you have access to the workgroup in which the query ran. Statistics from the Timeline section of the response object are available as soon as QueryExecutionStatus$State is in a SUCCEEDED or FAILED state. The remaining non-timeline statistics in the response (like stage-level input and output row count and data size) are updated asynchronously and may not be available immediately after a query completes or, in some cases, may not be returned. The non-timeline statistics are also not included when a query has row-level filters defined in Lake Formation.
Gets the Live UI/Persistence UI for a session.
" }, "GetSession":{ "name":"GetSession", @@ -481,6 +496,21 @@ ], "documentation":"Gets the full details of a previously created session, including the session status and configuration.
" }, + "GetSessionEndpoint":{ + "name":"GetSessionEndpoint", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetSessionEndpointRequest"}, + "output":{"shape":"GetSessionEndpointResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Gets a connection endpoint and authentication token for a given session Id.
" + }, "GetSessionStatus":{ "name":"GetSessionStatus", "http":{ @@ -1436,12 +1466,53 @@ "min":1, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*" }, + "Classification":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"NameString", + "documentation":"The name of the configuration classification.
" + }, + "Properties":{ + "shape":"ParametersMap", + "documentation":"A set of properties specified within a configuration classification.
" + } + }, + "documentation":"A classification refers to a set of specific configurations.
" + }, + "ClassificationList":{ + "type":"list", + "member":{"shape":"Classification"} + }, "ClientRequestToken":{ "type":"string", "max":36, "min":1, "pattern":"[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" }, + "CloudWatchLoggingConfiguration":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"BoxedBoolean", + "documentation":"Enables CloudWatch logging.
" + }, + "LogGroup":{ + "shape":"LogGroupName", + "documentation":"The name of the log group in Amazon CloudWatch Logs where you want to publish your logs.
" + }, + "LogStreamNamePrefix":{ + "shape":"LogStreamNamePrefix", + "documentation":"Prefix for the CloudWatch log stream name.
" + }, + "LogTypes":{ + "shape":"LogTypesMap", + "documentation":"The types of logs that you want to publish to CloudWatch.
" + } + }, + "documentation":"Configuration settings for delivering logs to Amazon CloudWatch log groups.
" + }, "CodeBlock":{ "type":"string", "max":68000 @@ -2044,6 +2115,10 @@ "max":1024, "min":1 }, + "DpuCount":{ + "type":"double", + "box":true + }, "EncryptionConfiguration":{ "type":"structure", "required":["EncryptionOption"], @@ -2069,7 +2144,6 @@ }, "EngineConfiguration":{ "type":"structure", - "required":["MaxConcurrentDpus"], "members":{ "CoordinatorDpuSize":{ "shape":"CoordinatorDpuSize", @@ -2090,6 +2164,10 @@ "SparkProperties":{ "shape":"ParametersMap", "documentation":"Specifies custom jar files and Spark properties for use cases like cluster encryption, table formats, and general Spark tuning.
" + }, + "Classifications":{ + "shape":"ClassificationList", + "documentation":"The configuration classifications that can be specified for the engine.
" } }, "documentation":"Contains data processing unit (DPU) configuration settings and parameter mappings for a notebook engine.
" @@ -2559,6 +2637,58 @@ } } }, + "GetResourceDashboardRequest":{ + "type":"structure", + "required":["ResourceARN"], + "members":{ + "ResourceARN":{ + "shape":"AmazonResourceName", + "documentation":"The The Amazon Resource Name (ARN) for a session.
" + } + } + }, + "GetResourceDashboardResponse":{ + "type":"structure", + "required":["Url"], + "members":{ + "Url":{ + "shape":"String", + "documentation":"The Live UI/Persistence UI url for a session.
" + } + } + }, + "GetSessionEndpointRequest":{ + "type":"structure", + "required":["SessionId"], + "members":{ + "SessionId":{ + "shape":"SessionId", + "documentation":"The session ID.
" + } + } + }, + "GetSessionEndpointResponse":{ + "type":"structure", + "required":[ + "EndpointUrl", + "AuthToken", + "AuthTokenExpirationTime" + ], + "members":{ + "EndpointUrl":{ + "shape":"String", + "documentation":"The endpoint for connecting to the session.
" + }, + "AuthToken":{ + "shape":"String", + "documentation":"Authentication token for the connection
" + }, + "AuthTokenExpirationTime":{ + "shape":"Timestamp", + "documentation":"Expiration time of the auth token.
" + } + } + }, "GetSessionRequest":{ "type":"structure", "required":["SessionId"], @@ -2596,6 +2726,7 @@ "shape":"NameString", "documentation":"The notebook version.
" }, + "MonitoringConfiguration":{"shape":"MonitoringConfiguration"}, "SessionConfiguration":{ "shape":"SessionConfiguration", "documentation":"Contains the workgroup configuration information used by the session.
" @@ -3307,7 +3438,45 @@ } } }, + "LogGroupName":{ + "type":"string", + "max":512, + "min":1, + "pattern":"^[a-zA-Z0-9._/-]+$" + }, + "LogStreamNamePrefix":{ + "type":"string", + "max":512, + "min":1, + "pattern":"^[^:*]*$" + }, + "LogTypeKey":{"type":"string"}, + "LogTypeValue":{"type":"string"}, + "LogTypeValuesList":{ + "type":"list", + "member":{"shape":"LogTypeValue"} + }, + "LogTypesMap":{ + "type":"map", + "key":{"shape":"LogTypeKey"}, + "value":{"shape":"LogTypeValuesList"} + }, "Long":{"type":"long"}, + "ManagedLoggingConfiguration":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"BoxedBoolean", + "documentation":"Enables mamanged log persistence.
" + }, + "KmsKey":{ + "shape":"KmsKey", + "documentation":"The KMS key ARN to encrypt the logs stored in managed log persistence.
" + } + }, + "documentation":"Configuration settings for delivering logs to Amazon S3 buckets.
" + }, "ManagedQueryResultsConfiguration":{ "type":"structure", "required":["Enabled"], @@ -3371,6 +3540,7 @@ }, "MaxConcurrentDpus":{ "type":"integer", + "box":true, "max":5000, "min":2 }, @@ -3459,6 +3629,24 @@ "documentation":"An exception that Athena received when it called a custom metastore. Occurs if the error is not caused by user input (InvalidRequestException) or from the Athena platform (InternalServerException). For example, if a user-created Lambda function is missing permissions, the Lambda 4XX exception is returned in a MetadataException.
Configuration settings for delivering logs to Amazon CloudWatch log groups.
" + }, + "ManagedLoggingConfiguration":{ + "shape":"ManagedLoggingConfiguration", + "documentation":"Configuration settings for managed log persistence.
" + }, + "S3LoggingConfiguration":{ + "shape":"S3LoggingConfiguration", + "documentation":"Configuration settings for delivering logs to Amazon S3 buckets.
" + } + }, + "documentation":"Contains the configuration settings for managed log persistence, delivering logs to Amazon S3 buckets, Amazon CloudWatch log groups etc.
" + }, "NameString":{ "type":"string", "max":128, @@ -3693,7 +3881,7 @@ }, "StatementType":{ "shape":"StatementType", - "documentation":"The type of query statement that was run. DDL indicates DDL query statements. DML indicates DML (Data Manipulation Language) query statements, such as CREATE TABLE AS SELECT. UTILITY indicates query statements other than DDL and DML, such as SHOW CREATE TABLE, or DESCRIBE TABLE.
The type of query statement that was run. DDL indicates DDL query statements. DML indicates DML (Data Manipulation Language) query statements, such as CREATE TABLE AS SELECT. UTILITY indicates query statements other than DDL and DML, such as SHOW CREATE TABLE, EXPLAIN, DESCRIBE, or SHOW TABLES.
Contains information about whether previous query results were reused for the query.
" + }, + "DpuCount":{ + "shape":"DpuCount", + "documentation":"The number of Data Processing Units (DPUs) that Athena used to run the query.
" } }, "documentation":"The amount of data scanned during the query execution and the amount of time that it took to execute, and the type of statement that was run.
" @@ -3829,7 +4021,7 @@ "members":{ "State":{ "shape":"QueryExecutionState", - "documentation":"The state of query execution. QUEUED indicates that the query has been submitted to the service, and Athena will execute the query as soon as resources are available. RUNNING indicates that the query is in execution phase. SUCCEEDED indicates that the query completed without errors. FAILED indicates that the query experienced an error and did not complete processing. CANCELLED indicates that a user input interrupted query execution.
Athena automatically retries your queries in cases of certain transient errors. As a result, you may see the query state transition from RUNNING or FAILED to QUEUED.
The state of query execution. QUEUED indicates that the query has been submitted to the service, and Athena will execute the query as soon as resources are available. RUNNING indicates that the query is in execution phase. SUCCEEDED indicates that the query completed without errors. FAILED indicates that the query experienced an error and did not complete processing. CANCELLED indicates that a user input interrupted query execution.
For queries that experience certain transient errors, the state transitions from RUNNING back to QUEUED. The FAILED state is always terminal with no automatic retry.
Enables S3 log delivery.
" + }, + "KmsKey":{ + "shape":"KmsKey", + "documentation":"The KMS key ARN to encrypt the logs published to the given Amazon S3 destination.
" + }, + "LogLocation":{ + "shape":"S3OutputLocation", + "documentation":"The Amazon S3 destination URI for log publishing.
" + } + }, + "documentation":"Configuration settings for delivering logs to Amazon S3 buckets.
" + }, + "S3OutputLocation":{ + "type":"string", + "max":1024, + "pattern":"^s3://[a-z0-9][a-z0-9\\-]*[a-z0-9](/.*)?$" + }, "S3Uri":{ "type":"string", "max":1024, @@ -4205,6 +4421,10 @@ "shape":"Long", "documentation":"The idle timeout in seconds for the session.
" }, + "SessionIdleTimeoutInMinutes":{ + "shape":"SessionIdleTimeoutInMinutes", + "documentation":"The idle timeout in seconds for the session.
" + }, "EncryptionConfiguration":{"shape":"EncryptionConfiguration"} }, "documentation":"Contains session configuration information.
" @@ -4382,7 +4602,8 @@ "ResultReuseConfiguration":{ "shape":"ResultReuseConfiguration", "documentation":"Specifies the query result reuse behavior for the query.
" - } + }, + "EngineConfiguration":{"shape":"EngineConfiguration"} } }, "StartQueryExecutionOutput":{ @@ -4413,6 +4634,14 @@ "shape":"EngineConfiguration", "documentation":"Contains engine data processing unit (DPU) configuration settings and parameter mappings.
" }, + "ExecutionRole":{ + "shape":"RoleArn", + "documentation":"The ARN of the execution role used to access user resources for Spark sessions and Identity Center enabled workgroups. This property applies only to Spark enabled workgroups and Identity Center enabled workgroups.
" + }, + "MonitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"Contains the configuration settings for managed log persistence, delivering logs to Amazon S3 buckets, Amazon CloudWatch log groups etc.
" + }, "NotebookVersion":{ "shape":"NameString", "documentation":"The notebook version. This value is supplied automatically for notebook sessions in the Athena console and is not required for programmatic session access. The only valid notebook version is Athena notebook version 1. If you specify a value for NotebookVersion, you must also specify a value for NotebookId. See EngineConfiguration$AdditionalConfigs.
A unique case-sensitive string used to ensure the request to create the session is idempotent (executes only once). If another StartSessionRequest is received, the same response is returned and another session is not created. If a parameter has changed, an error is returned.
This token is listed as not required because Amazon Web Services SDKs (for example the Amazon Web Services SDK for Java) auto-generate the token for users. If you are not using the Amazon Web Services SDK or the Amazon Web Services CLI, you must provide this token or the action will fail.
A list of comma separated tags to add to the session that is created.
" + }, + "CopyWorkGroupTags":{ + "shape":"BoxedBoolean", + "documentation":"Copies the tags from the Workgroup to the Session when.
" } } }, @@ -4969,7 +5206,7 @@ }, "EnforceWorkGroupConfiguration":{ "shape":"BoxedBoolean", - "documentation":"If set to \"true\", the settings for the workgroup override client-side settings. If set to \"false\", client-side settings are used. For more information, see Workgroup Settings Override Client-Side Settings.
" + "documentation":"If set to \"true\", the settings for the workgroup override client-side settings. If set to \"false\", client-side settings are used. This property is not required for Apache Spark enabled workgroups. For more information, see Workgroup Settings Override Client-Side Settings.
" }, "PublishCloudWatchMetricsEnabled":{ "shape":"BoxedBoolean", @@ -4995,6 +5232,11 @@ "shape":"RoleArn", "documentation":"The ARN of the execution role used to access user resources for Spark sessions and IAM Identity Center enabled workgroups. This property applies only to Spark enabled workgroups and IAM Identity Center enabled workgroups. The property is required for IAM Identity Center enabled workgroups.
" }, + "MonitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"Contains the configuration settings for managed log persistence, delivering logs to Amazon S3 buckets, Amazon CloudWatch log groups etc.
" + }, + "EngineConfiguration":{"shape":"EngineConfiguration"}, "CustomerContentEncryptionConfiguration":{ "shape":"CustomerContentEncryptionConfiguration", "documentation":"Specifies the KMS key that is used to encrypt the user's data stores in Athena. This setting does not apply to Athena SQL workgroups.
" @@ -5069,7 +5311,12 @@ "QueryResultsS3AccessGrantsConfiguration":{ "shape":"QueryResultsS3AccessGrantsConfiguration", "documentation":"Specifies whether Amazon S3 access grants are enabled for query results.
" - } + }, + "MonitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"Contains the configuration settings for managed log persistence, delivering logs to Amazon S3 buckets, Amazon CloudWatch log groups etc.
" + }, + "EngineConfiguration":{"shape":"EngineConfiguration"} }, "documentation":"The configuration information that will be updated for this workgroup, which includes the location in Amazon S3 where query and calculation results are stored, the encryption option, if any, used for query results, whether the Amazon CloudWatch Metrics are enabled for the workgroup, whether the workgroup settings override the client-side settings, and the data usage limit for the amount of bytes scanned per query, if it is specified.
" }, diff --git a/awscli/botocore/data/autoscaling/2011-01-01/service-2.json b/awscli/botocore/data/autoscaling/2011-01-01/service-2.json index 1af013746612..58e0353a3327 100644 --- a/awscli/botocore/data/autoscaling/2011-01-01/service-2.json +++ b/awscli/botocore/data/autoscaling/2011-01-01/service-2.json @@ -39,7 +39,8 @@ }, "errors":[ {"shape":"ResourceContentionFault"}, - {"shape":"ServiceLinkedRoleFailure"} + {"shape":"ServiceLinkedRoleFailure"}, + {"shape":"InstanceRefreshInProgressFault"} ], "documentation":"This API operation is superseded by AttachTrafficSources, which can attach multiple traffic sources types. We recommend using AttachTrafficSources to simplify how you manage traffic sources. However, we continue to support AttachLoadBalancerTargetGroups. You can use both the original AttachLoadBalancerTargetGroups API operation and AttachTrafficSources on the same Auto Scaling group.
Attaches one or more target groups to the specified Auto Scaling group.
This operation is used with the following load balancer types:
Application Load Balancer - Operates at the application layer (layer 7) and supports HTTP and HTTPS.
Network Load Balancer - Operates at the transport layer (layer 4) and supports TCP, TLS, and UDP.
Gateway Load Balancer - Operates at the network layer (layer 3).
To describe the target groups for an Auto Scaling group, call the DescribeLoadBalancerTargetGroups API. To detach the target group from the Auto Scaling group, call the DetachLoadBalancerTargetGroups API.
This operation is additive and does not detach existing target groups or Classic Load Balancers from the Auto Scaling group.
For more information, see Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group in the Amazon EC2 Auto Scaling User Guide.
" }, @@ -56,7 +57,8 @@ }, "errors":[ {"shape":"ResourceContentionFault"}, - {"shape":"ServiceLinkedRoleFailure"} + {"shape":"ServiceLinkedRoleFailure"}, + {"shape":"InstanceRefreshInProgressFault"} ], "documentation":"This API operation is superseded by https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_AttachTrafficSources.html, which can attach multiple traffic sources types. We recommend using AttachTrafficSources to simplify how you manage traffic sources. However, we continue to support AttachLoadBalancers. You can use both the original AttachLoadBalancers API operation and AttachTrafficSources on the same Auto Scaling group.
Attaches one or more Classic Load Balancers to the specified Auto Scaling group. Amazon EC2 Auto Scaling registers the running instances with these Classic Load Balancers.
To describe the load balancers for an Auto Scaling group, call the DescribeLoadBalancers API. To detach a load balancer from the Auto Scaling group, call the DetachLoadBalancers API.
This operation is additive and does not detach existing Classic Load Balancers or target groups from the Auto Scaling group.
For more information, see Use Elastic Load Balancing to distribute traffic across the instances in your Auto Scaling group in the Amazon EC2 Auto Scaling User Guide.
" }, @@ -73,7 +75,8 @@ }, "errors":[ {"shape":"ResourceContentionFault"}, - {"shape":"ServiceLinkedRoleFailure"} + {"shape":"ServiceLinkedRoleFailure"}, + {"shape":"InstanceRefreshInProgressFault"} ], "documentation":"Attaches one or more traffic sources to the specified Auto Scaling group.
You can use any of the following as traffic sources for an Auto Scaling group:
Application Load Balancer
Classic Load Balancer
Gateway Load Balancer
Network Load Balancer
VPC Lattice
This operation is additive and does not detach existing traffic sources from the Auto Scaling group.
After the operation completes, use the DescribeTrafficSources API to return details about the state of the attachments between traffic sources and your Auto Scaling group. To detach a traffic source from the Auto Scaling group, call the DetachTrafficSources API.
" }, @@ -794,6 +797,23 @@ ], "documentation":"Retrieves the forecast data for a predictive scaling policy.
Load forecasts are predictions of the hourly load values using historical load data from CloudWatch and an analysis of historical trends. Capacity forecasts are represented as predicted values for the minimum capacity that is needed on an hourly basis, based on the hourly load forecast.
A minimum of 24 hours of data is required to create the initial forecasts. However, having a full 14 days of historical data results in more accurate forecasts.
For more information, see Predictive scaling for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.
" }, + "LaunchInstances":{ + "name":"LaunchInstances", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"LaunchInstancesRequest"}, + "output":{ + "shape":"LaunchInstancesResult", + "resultWrapper":"LaunchInstancesResult" + }, + "errors":[ + {"shape":"ResourceContentionFault"}, + {"shape":"IdempotentParameterMismatchError"} + ], + "documentation":"Launches a specified number of instances in an Auto Scaling group. Returns instance IDs and other details if launch is successful or error details if launch is unsuccessful.
" + }, "PutLifecycleHook":{ "name":"PutLifecycleHook", "http":{ @@ -870,7 +890,8 @@ }, "errors":[ {"shape":"LimitExceededFault"}, - {"shape":"ResourceContentionFault"} + {"shape":"ResourceContentionFault"}, + {"shape":"InstanceRefreshInProgressFault"} ], "documentation":"Creates or updates a warm pool for the specified Auto Scaling group. A warm pool is a pool of pre-initialized EC2 instances that sits alongside the Auto Scaling group. Whenever your application needs to scale out, the Auto Scaling group can draw on the warm pool to meet its new desired capacity.
This operation must be called from the Region in which the Auto Scaling group was created.
You can view the instances in the warm pool using the DescribeWarmPool API call. If you are no longer using a warm pool, you can delete it by calling the DeleteWarmPool API.
For more information, see Warm pools for Amazon EC2 Auto Scaling in the Amazon EC2 Auto Scaling User Guide.
" }, @@ -1534,6 +1555,10 @@ "CapacityReservationSpecification":{ "shape":"CapacityReservationSpecification", "documentation":"The capacity reservation specification.
" + }, + "InstanceLifecyclePolicy":{ + "shape":"InstanceLifecyclePolicy", + "documentation":"The instance lifecycle policy applied to this Auto Scaling group. This policy determines instance behavior when an instance transitions through its lifecycle states. It provides additional control over graceful instance management processes.
" } }, "documentation":"Describes an Auto Scaling group.
" @@ -1637,6 +1662,10 @@ "shape":"LaunchTemplateSpecification", "documentation":"The launch template for the instance.
" }, + "ImageId":{ + "shape":"XmlStringMaxLen255", + "documentation":"The ID of the Amazon Machine Image (AMI) associated with the instance. This field shows the current AMI ID of the instance's root volume. It may differ from the original AMI used when the instance was first launched.
This field appears for:
Instances with root volume replacements through Instance Refresh
Instances launched with AMI overrides
This field won't appear for:
Existing instances launched from Launch Templates without overrides
Existing instances that didn’t have their root volume replaced through Instance Refresh
Indicates whether the instance is protected from termination by Amazon EC2 Auto Scaling when scaling in.
" @@ -1679,6 +1708,11 @@ }, "documentation":"Describes an Availability Zone distribution.
" }, + "AvailabilityZoneIdsLimit1":{ + "type":"list", + "member":{"shape":"XmlStringMaxLen255"}, + "max":1 + }, "AvailabilityZoneImpairmentPolicy":{ "type":"structure", "members":{ @@ -1697,6 +1731,11 @@ "type":"list", "member":{"shape":"XmlStringMaxLen255"} }, + "AvailabilityZonesLimit1":{ + "type":"list", + "member":{"shape":"XmlStringMaxLen255"}, + "max":1 + }, "BakeTime":{ "type":"integer", "max":172800, @@ -1951,6 +1990,12 @@ "type":"list", "member":{"shape":"XmlStringMaxLen255"} }, + "ClientToken":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[A-Za-z0-9\\-_\\/]+" + }, "CompleteLifecycleActionAnswer":{ "type":"structure", "members":{} @@ -2146,6 +2191,10 @@ "CapacityReservationSpecification":{ "shape":"CapacityReservationSpecification", "documentation":"The capacity reservation specification for the Auto Scaling group.
" + }, + "InstanceLifecyclePolicy":{ + "shape":"InstanceLifecyclePolicy", + "documentation":" The instance lifecycle policy for the Auto Scaling group. This policy controls instance behavior when an instance transitions through its lifecycle states. Configure retention triggers to specify when instances should move to a Retained state for manual intervention instead of automatic termination.
Instances in a Retained state will continue to incur standard EC2 charges until terminated.
Indicates that the parameters in the current request do not match the parameters from a previous request with the same client token within the idempotency window.
", + "error":{ + "code":"IdempotentParameterMismatch", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "ImageId":{ + "type":"string", + "max":21, + "min":5, + "pattern":"^ami-[a-z0-9]{1,17}$" + }, "ImpairedZoneHealthCheckBehavior":{ "type":"string", "enum":[ @@ -3220,6 +3288,10 @@ "shape":"LaunchTemplateSpecification", "documentation":"The launch template for the instance.
" }, + "ImageId":{ + "shape":"XmlStringMaxLen255", + "documentation":"The ID of the Amazon Machine Image (AMI) used for the instance's current root volume. This value reflects the most recent AMI applied to the instance, including updates made through root volume replacement operations.
This field appears for:
Instances with root volume replacements through Instance Refresh
Instances launched with AMI overrides
This field won't appear for:
Existing instances launched from Launch Templates without overrides
Existing instances that didn’t have their root volume replaced through Instance Refresh
Indicates whether the instance is protected from termination by Amazon EC2 Auto Scaling when scaling in.
" @@ -3231,6 +3303,40 @@ }, "documentation":"Describes an EC2 instance.
" }, + "InstanceCollection":{ + "type":"structure", + "members":{ + "InstanceType":{ + "shape":"XmlStringMaxLen255", + "documentation":"The instance type of the launched instances.
" + }, + "MarketType":{ + "shape":"XmlStringMaxLen64", + "documentation":"The market type for the instances (On-Demand or Spot).
" + }, + "SubnetId":{ + "shape":"XmlStringMaxLen255", + "documentation":"The ID of the subnet where the instances were launched.
" + }, + "AvailabilityZone":{ + "shape":"XmlStringMaxLen255", + "documentation":"The Availability Zone where the instances were launched.
" + }, + "AvailabilityZoneId":{ + "shape":"XmlStringMaxLen255", + "documentation":"The Availability Zone ID where the instances in this collection were launched.
" + }, + "InstanceIds":{ + "shape":"InstanceIds", + "documentation":"A list of instance IDs for the successfully launched instances.
" + } + }, + "documentation":"Contains details about a collection of instances launched in the Auto Scaling group.
" + }, + "InstanceCollections":{ + "type":"list", + "member":{"shape":"InstanceCollection"} + }, "InstanceGeneration":{ "type":"string", "enum":[ @@ -3246,6 +3352,16 @@ "type":"list", "member":{"shape":"XmlStringMaxLen19"} }, + "InstanceLifecyclePolicy":{ + "type":"structure", + "members":{ + "RetentionTriggers":{ + "shape":"RetentionTriggers", + "documentation":"Specifies the conditions that trigger instance retention behavior. These triggers determine when instances should move to a Retained state instead of being terminated. This allows you to maintain control over instance management when lifecycle operations fail.
" + } + }, + "documentation":"Defines the lifecycle policy for instances in an Auto Scaling group. This policy controls instance behavior when lifecycles transition and operations fail. Use lifecycle policies to ensure graceful shutdown for stateful workloads or applications requiring extended draining periods.
" + }, "InstanceMaintenancePolicy":{ "type":"structure", "members":{ @@ -3358,6 +3474,10 @@ "RollbackDetails":{ "shape":"RollbackDetails", "documentation":"The rollback details.
" + }, + "Strategy":{ + "shape":"RefreshStrategy", + "documentation":"The strategy to use for the instance refresh. This determines how instances in the Auto Scaling group are updated. Default is Rolling.
Rolling – Terminates instances and launches replacements in batches
ReplaceRootVolume – Updates instances by replacing only the root volume without terminating the instance
Describes an instance refresh for an Auto Scaling group.
" @@ -3788,6 +3908,104 @@ } } }, + "LaunchInstancesError":{ + "type":"structure", + "members":{ + "InstanceType":{ + "shape":"XmlStringMaxLen255", + "documentation":"The instance type that failed to launch.
" + }, + "MarketType":{ + "shape":"XmlStringMaxLen64", + "documentation":"The market type (On-Demand or Spot) that encountered the launch error.
" + }, + "SubnetId":{ + "shape":"XmlStringMaxLen255", + "documentation":"The subnet ID where the instance launch was attempted.
" + }, + "AvailabilityZone":{ + "shape":"XmlStringMaxLen255", + "documentation":"The Availability Zone where the instance launch was attempted.
" + }, + "AvailabilityZoneId":{ + "shape":"XmlStringMaxLen255", + "documentation":"The Availability Zone ID where the launch error occurred.
" + }, + "ErrorCode":{ + "shape":"XmlStringMaxLen64", + "documentation":"The error code representing the type of error encountered (e.g., InsufficientInstanceCapacity).
" + }, + "ErrorMessage":{ + "shape":"XmlString", + "documentation":"A descriptive message providing details about the error encountered during the launch attempt.
" + } + }, + "documentation":"Contains details about errors encountered during instance launch attempts.
" + }, + "LaunchInstancesErrors":{ + "type":"list", + "member":{"shape":"LaunchInstancesError"} + }, + "LaunchInstancesRequest":{ + "type":"structure", + "required":[ + "AutoScalingGroupName", + "RequestedCapacity", + "ClientToken" + ], + "members":{ + "AutoScalingGroupName":{ + "shape":"XmlStringMaxLen255", + "documentation":"The name of the Auto Scaling group to launch instances into.
" + }, + "RequestedCapacity":{ + "shape":"RequestedCapacity", + "documentation":"The number of instances to launch. Although this value can exceed 100 for instance weights, the actual instance count is limited to 100 instances per launch.
" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", + "idempotencyToken":true + }, + "AvailabilityZones":{ + "shape":"AvailabilityZonesLimit1", + "documentation":" The Availability Zones for the instance launch. Must match or be included in the Auto Scaling group's Availability Zone configuration. Either AvailabilityZones or SubnetIds must be specified for groups with multiple Availability Zone configurations.
A list of Availability Zone IDs where instances should be launched. Must match or be included in the group's AZ configuration. You cannot specify both AvailabilityZones and AvailabilityZoneIds. Required for multi-AZ groups, optional for single-AZ groups.
" + }, + "SubnetIds":{ + "shape":"SubnetIdsLimit1", + "documentation":" The subnet IDs for the instance launch. Either AvailabilityZones or SubnetIds must be specified. If both are specified, the subnets must reside in the specified Availability Zones.
Specifies whether to retry asynchronously if the synchronous launch fails. Valid values are NONE (default, no async retry) and RETRY_WITH_GROUP_CONFIGURATION (increase desired capacity and retry with group configuration).
" + } + } + }, + "LaunchInstancesResult":{ + "type":"structure", + "members":{ + "AutoScalingGroupName":{ + "shape":"XmlStringMaxLen255", + "documentation":"The name of the Auto Scaling group where the instances were launched.
" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"The idempotency token used for the request, either customer-specified or auto-generated.
" + }, + "Instances":{ + "shape":"InstanceCollections", + "documentation":"A list of successfully launched instances including details such as instance type, Availability Zone, subnet, lifecycle state, and instance IDs.
" + }, + "Errors":{ + "shape":"LaunchInstancesErrors", + "documentation":"A list of errors encountered during the launch attempt including details about failed instance launches with their corresponding error codes and messages.
" + } + } + }, "LaunchTemplate":{ "type":"structure", "members":{ @@ -3826,6 +4044,10 @@ "InstanceRequirements":{ "shape":"InstanceRequirements", "documentation":"The instance requirements. Amazon EC2 Auto Scaling uses your specified requirements to identify instance types. Then, it uses your On-Demand and Spot allocation strategies to launch instances from these instance types.
You can specify up to four separate sets of instance requirements per Auto Scaling group. This is useful for provisioning instances from different Amazon Machine Images (AMIs) in the same Auto Scaling group. To do this, create the AMIs and create a new launch template for each AMI. Then, create a compatible set of instance requirements for each launch template.
If you specify InstanceRequirements, you can't specify InstanceType.
The ID of the Amazon Machine Image (AMI) to use for instances launched with this override. When using Instance Refresh with ReplaceRootVolume strategy, this specifies the AMI for root volume replacement operations.
For ReplaceRootVolume operations:
All overrides in the MixedInstancesPolicy must specify an ImageId
The AMI must contain only a single root volume
Root volume replacement doesn't support multi-volume AMIs
Use this structure to let Amazon EC2 Auto Scaling do the following when the Auto Scaling group has a mixed instances policy:
Override the instance type that is specified in the launch template.
Use multiple instance types.
Specify the instance types that you want, or define your instance requirements instead and let Amazon EC2 Auto Scaling provision the available instance types that meet your requirements. This can provide Amazon EC2 Auto Scaling with a larger selection of instance types to choose from when fulfilling Spot and On-Demand capacities. You can view which instance types are matched before you apply the instance requirements to your Auto Scaling group.
After you define your instance requirements, you don't have to keep updating these settings to get new EC2 instance types automatically. Amazon EC2 Auto Scaling uses the instance requirements of the Auto Scaling group to determine whether a new EC2 instance type can be used.
" @@ -4974,7 +5196,14 @@ }, "RefreshStrategy":{ "type":"string", - "enum":["Rolling"] + "enum":[ + "Rolling", + "ReplaceRootVolume" + ] + }, + "RequestedCapacity":{ + "type":"integer", + "min":1 }, "ResourceContentionFault":{ "type":"structure", @@ -5014,6 +5243,30 @@ "min":1, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\r\\n\\t]*" }, + "RetentionAction":{ + "type":"string", + "enum":[ + "retain", + "terminate" + ] + }, + "RetentionTriggers":{ + "type":"structure", + "members":{ + "TerminateHookAbandon":{ + "shape":"RetentionAction", + "documentation":"Specifies the action when a termination lifecycle hook is abandoned due to failure, timeout, or explicit abandonment (calling CompleteLifecycleAction).
Set to Retain to move instances to a Retained state. Set to Terminate for default termination behavior.
Retained instances don't count toward desired capacity and remain until you call TerminateInstanceInAutoScalingGroup.
Defines the specific triggers that cause instances to be retained in a Retained state rather than terminated. Each trigger corresponds to a different failure scenario during the instance lifecycle. This allows fine-grained control over when to preserve instances for manual intervention.
" + }, + "RetryStrategy":{ + "type":"string", + "enum":[ + "retry-with-group-configuration", + "none" + ] + }, "ReturnData":{"type":"boolean"}, "ReuseOnScaleIn":{"type":"boolean"}, "RollbackDetails":{ @@ -5100,7 +5353,10 @@ "Successful", "Failed", "Cancelled", - "WaitingForConnectionDraining" + "WaitingForConnectionDraining", + "WaitingForInPlaceUpdateToStart", + "WaitingForInPlaceUpdateToFinalize", + "InPlaceUpdateInProgress" ] }, "ScalingPolicies":{ @@ -5464,6 +5720,11 @@ "member":{"shape":"StepAdjustment"} }, "String":{"type":"string"}, + "SubnetIdsLimit1":{ + "type":"list", + "member":{"shape":"XmlStringMaxLen255"}, + "max":1 + }, "SuspendedProcess":{ "type":"structure", "members":{ @@ -5846,6 +6107,10 @@ "CapacityReservationSpecification":{ "shape":"CapacityReservationSpecification", "documentation":"The capacity reservation specification for the Auto Scaling group.
" + }, + "InstanceLifecyclePolicy":{ + "shape":"InstanceLifecyclePolicy", + "documentation":"The instance lifecycle policy for the Auto Scaling group. Use this to add, modify, or remove lifecycle policies that control instance behavior when an instance transitions through its lifecycle states. Configure retention triggers to specify when to preserve instances for manual intervention.
" } } }, diff --git a/awscli/botocore/data/backup/2018-11-15/paginators-1.json b/awscli/botocore/data/backup/2018-11-15/paginators-1.json index dd36bc2d516b..47f58748362e 100644 --- a/awscli/botocore/data/backup/2018-11-15/paginators-1.json +++ b/awscli/botocore/data/backup/2018-11-15/paginators-1.json @@ -113,6 +113,24 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "RestoreAccessBackupVaults" + }, + "ListTieringConfigurations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TieringConfigurations" + }, + "ListScanJobSummaries": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ScanJobSummaries" + }, + "ListScanJobs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ScanJobs" } } } diff --git a/awscli/botocore/data/backup/2018-11-15/paginators-1.sdk-extras.json b/awscli/botocore/data/backup/2018-11-15/paginators-1.sdk-extras.json new file mode 100644 index 000000000000..9a5d767b9355 --- /dev/null +++ b/awscli/botocore/data/backup/2018-11-15/paginators-1.sdk-extras.json @@ -0,0 +1,12 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "ListScanJobSummaries": { + "non_aggregate_keys": [ + "AggregationPeriod" + ] + } + } + } +} \ No newline at end of file diff --git a/awscli/botocore/data/backup/2018-11-15/service-2.json b/awscli/botocore/data/backup/2018-11-15/service-2.json index 1b828883550e..f79b2d465669 100644 --- a/awscli/botocore/data/backup/2018-11-15/service-2.json +++ b/awscli/botocore/data/backup/2018-11-15/service-2.json @@ -235,6 +235,25 @@ "documentation":"This request can be sent after CreateRestoreTestingPlan request returns successfully. This is the second part of creating a resource testing plan, and it must be completed sequentially.
This consists of RestoreTestingSelectionName, ProtectedResourceType, and one of the following:
ProtectedResourceArns
ProtectedResourceConditions
Each protected resource type can have one single value.
A restore testing selection can include a wildcard value (\"*\") for ProtectedResourceArns along with ProtectedResourceConditions. Alternatively, you can include up to 30 specific protected resource ARNs in ProtectedResourceArns.
Cannot select by both protected resource types AND specific ARNs. Request will fail if both are included.
", "idempotent":true }, + "CreateTieringConfiguration":{ + "name":"CreateTieringConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/tiering-configurations" + }, + "input":{"shape":"CreateTieringConfigurationInput"}, + "output":{"shape":"CreateTieringConfigurationOutput"}, + "errors":[ + {"shape":"AlreadyExistsException"}, + {"shape":"ConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"LimitExceededException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Creates a tiering configuration.
A tiering configuration enables automatic movement of backup data to a lower-cost storage tier based on the age of backed-up objects in the backup vault.
Each vault can only have one vault-specific tiering configuration, in addition to any global configuration that applies to all vaults.
", + "idempotent":true + }, "DeleteBackupPlan":{ "name":"DeleteBackupPlan", "http":{ @@ -414,6 +433,23 @@ "documentation":"Input the Restore Testing Plan name and Restore Testing Selection name.
All testing selections associated with a restore testing plan must be deleted before the restore testing plan can be deleted.
", "idempotent":true }, + "DeleteTieringConfiguration":{ + "name":"DeleteTieringConfiguration", + "http":{ + "method":"DELETE", + "requestUri":"/tiering-configurations/{tieringConfigurationName}" + }, + "input":{"shape":"DeleteTieringConfigurationInput"}, + "output":{"shape":"DeleteTieringConfigurationOutput"}, + "errors":[ + {"shape":"MissingParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Deletes the tiering configuration specified by a tiering configuration name.
", + "idempotent":true + }, "DescribeBackupJob":{ "name":"DescribeBackupJob", "http":{ @@ -592,6 +628,24 @@ "documentation":"Returns metadata associated with a restore job that is specified by a job ID.
", "idempotent":true }, + "DescribeScanJob":{ + "name":"DescribeScanJob", + "http":{ + "method":"GET", + "requestUri":"/scan/jobs/{ScanJobId}", + "responseCode":200 + }, + "input":{"shape":"DescribeScanJobInput"}, + "output":{"shape":"DescribeScanJobOutput"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Returns scan job details for the specified ScanJobID.
", + "idempotent":true + }, "DisassociateBackupVaultMpaApprovalTeam":{ "name":"DisassociateBackupVaultMpaApprovalTeam", "http":{ @@ -886,6 +940,23 @@ ], "documentation":"Returns the Amazon Web Services resource types supported by Backup.
" }, + "GetTieringConfiguration":{ + "name":"GetTieringConfiguration", + "http":{ + "method":"GET", + "requestUri":"/tiering-configurations/{tieringConfigurationName}" + }, + "input":{"shape":"GetTieringConfigurationInput"}, + "output":{"shape":"GetTieringConfigurationOutput"}, + "errors":[ + {"shape":"MissingParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Returns TieringConfiguration details for the specified TieringConfigurationName. The details are the body of a tiering configuration in JSON format, in addition to configuration metadata.
Returns a list of restore testing selections. Can be filtered by MaxResults and RestoreTestingPlanName.
This is a request for a summary of scan jobs created or running within the most recent 30 days.
" + }, + "ListScanJobs":{ + "name":"ListScanJobs", + "http":{ + "method":"GET", + "requestUri":"/scan/jobs", + "responseCode":200 + }, + "input":{"shape":"ListScanJobsInput"}, + "output":{"shape":"ListScanJobsOutput"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Returns a list of existing scan jobs for an authenticated account for the last 30 days.
", + "idempotent":true + }, "ListTags":{ "name":"ListTags", "http":{ @@ -1292,6 +1393,21 @@ "documentation":"Returns the tags assigned to the resource, such as a target recovery point, backup plan, or backup vault.
This operation returns results depending on the resource type used in the value for resourceArn. For example, recovery points of Amazon DynamoDB with Advanced Settings have an ARN (Amazon Resource Name) that begins with arn:aws:backup. Recovery points (backups) of DynamoDB without Advanced Settings enabled have an ARN that begins with arn:aws:dynamodb.
When this operation is called and when you include values of resourceArn that have an ARN other than arn:aws:backup, it may return one of the exceptions listed below. To prevent this exception, include only values representing resource types that are fully managed by Backup. These have an ARN that begins arn:aws:backup and they are noted in the Feature availability by resource table.
Returns a list of tiering configurations.
", + "idempotent":true + }, "PutBackupVaultAccessPolicy":{ "name":"PutBackupVaultAccessPolicy", "http":{ @@ -1448,6 +1564,26 @@ "documentation":"Recovers the saved resource identified by an Amazon Resource Name (ARN).
", "idempotent":true }, + "StartScanJob":{ + "name":"StartScanJob", + "http":{ + "method":"PUT", + "requestUri":"/scan/job", + "responseCode":201 + }, + "input":{"shape":"StartScanJobInput"}, + "output":{"shape":"StartScanJobOutput"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"InvalidRequestException"}, + {"shape":"LimitExceededException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Starts scanning jobs for specific resources.
", + "idempotent":true + }, "StopBackupJob":{ "name":"StopBackupJob", "http":{ @@ -1654,6 +1790,26 @@ ], "documentation":"Updates the specified restore testing selection.
Most elements except the RestoreTestingSelectionName can be updated with this request.
You can use either protected resource ARNs or conditions, but not both.
", "idempotent":true + }, + "UpdateTieringConfiguration":{ + "name":"UpdateTieringConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/tiering-configurations/{tieringConfigurationName}" + }, + "input":{"shape":"UpdateTieringConfigurationInput"}, + "output":{"shape":"UpdateTieringConfigurationOutput"}, + "errors":[ + {"shape":"AlreadyExistsException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"LimitExceededException"}, + {"shape":"MissingParameterValueException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"This request will send changes to your specified tiering configuration. TieringConfigurationName cannot be updated after it is created.
ResourceSelection can contain:
Resources
TieringDownSettingsInDays
ResourceType
A Boolean value indicating whether any of the aggregated scans failed.
" + }, + "Findings":{ + "shape":"ScanFindings", + "documentation":"An array of findings discovered across all aggregated scans.
" + }, + "LastComputed":{ + "shape":"timestamp", + "documentation":"The timestamp when the aggregated scan result was last computed, in Unix format and Coordinated Universal Time (UTC).
" + } + }, + "documentation":"Contains aggregated scan results across multiple scan operations, providing a summary of scan status and findings.
" + }, "AggregationPeriod":{ "type":"string", "enum":[ @@ -1971,6 +2145,10 @@ "AdvancedBackupSettings":{ "shape":"AdvancedBackupSettings", "documentation":"Contains a list of BackupOptions for each resource type.
Contains your scanning configuration for the backup plan and includes the Malware scanner, your selected resources, and scanner role.
" } }, "documentation":"Contains an optional backup plan display name and an array of BackupRule objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task and can back up a different selection of Amazon Web Services resources.
Specifies a list of BackupOptions for each resource type. These settings are only available for Windows Volume Shadow Copy Service (VSS) backup jobs.
Contains your scanning configuration for the backup rule and includes the malware scanner, and scan mode of either full or incremental.
" } }, "documentation":"Contains an optional backup plan display name and an array of BackupRule objects, each of which specifies a backup rule. Each rule in a backup plan is a separate scheduled task.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
" }, + "TargetLogicallyAirGappedBackupVaultArn":{ + "shape":"ARN", + "documentation":"The ARN of a logically air-gapped vault. ARN must be in the same account and Region. If provided, supported fully managed resources back up directly to logically air-gapped vault, while other supported resources create a temporary (billable) snapshot in backup vault, then copy it to logically air-gapped vault. Unsupported resources only back up to the specified backup vault.
" + }, "ScheduleExpression":{ "shape":"CronExpression", "documentation":"A cron expression in UTC specifying when Backup initiates a backup job. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).
For more information about Amazon Web Services cron expressions, see Schedule Expressions for Rules in the Amazon CloudWatch Events User Guide.
Two examples of Amazon Web Services cron expressions are 15 * ? * * * (take a backup every hour at 15 minutes past the hour) and 0 12 * * ? * (take a backup every day at 12 noon UTC).
For a table of examples, click the preceding link and scroll down the page.
" @@ -2120,6 +2306,10 @@ "IndexActions":{ "shape":"IndexActions", "documentation":"IndexActions is an array you use to specify how backup data should be indexed.
eEach BackupRule can have 0 or 1 IndexAction, as each backup can have up to one index associated with it.
Within the array is ResourceType. Only one will be accepted for each BackupRule.
" + }, + "ScanActions":{ + "shape":"ScanActions", + "documentation":"Contains your scanning configuration for the backup rule and includes the malware scanner, and scan mode of either full or incremental.
" } }, "documentation":"Specifies a scheduled task used to back up a selection of resources.
" @@ -2139,6 +2329,10 @@ "shape":"BackupVaultName", "documentation":"The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
" }, + "TargetLogicallyAirGappedBackupVaultArn":{ + "shape":"ARN", + "documentation":"The ARN of a logically air-gapped vault. ARN must be in the same account and Region. If provided, supported fully managed resources back up directly to logically air-gapped vault, while other supported resources create a temporary (billable) snapshot in backup vault, then copy it to logically air-gapped vault. Unsupported resources only back up to the specified backup vault.
" + }, "ScheduleExpression":{ "shape":"CronExpression", "documentation":"A CRON expression in UTC specifying when Backup initiates a backup job. When no CRON expression is provided, Backup will use the default expression cron(0 5 ? * * *).
There can up to one IndexAction in each BackupRule, as each backup can have 0 or 1 backup index associated with it.
Within the array is ResourceTypes. Only 1 resource type will be accepted for each BackupRule. Valid values:
EBS for Amazon Elastic Block Store
S3 for Amazon Simple Storage Service (Amazon S3)
Contains your scanning configuration for the backup rule and includes the malware scanner, and scan mode of either full or incremental.
" } }, "documentation":"Specifies a scheduled task used to back up a selection of resources.
" @@ -2358,6 +2556,10 @@ "type":"string", "pattern":"^[a-zA-Z0-9\\-\\_]{2,50}$" }, + "BackupVaultNameOrWildcard":{ + "type":"string", + "pattern":"^(\\*|[a-zA-Z0-9\\-\\_]{2,50})$" + }, "Boolean":{"type":"boolean"}, "CalculatedLifecycle":{ "type":"structure", @@ -2618,6 +2820,10 @@ "documentation":"Specifies the IAM role ARN used to copy the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access.
The backup job ID that initiated this copy job. Only applicable to scheduled copy jobs and automatic copy jobs to logically air-gapped vault.
" + }, "ResourceType":{ "shape":"ResourceType", "documentation":"The type of Amazon Web Services resource to be copied; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
" @@ -3043,7 +3249,7 @@ }, "ReportSetting":{ "shape":"ReportSetting", - "documentation":"Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT, this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT | SCAN_JOB_REPORT
If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT, this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.
A tiering configuration must contain a unique TieringConfigurationName string you create and must contain a BackupVaultName and ResourceSelection. You may optionally include a CreatorRequestId string.
The TieringConfigurationName is a unique string that is the name of the tiering configuration. This cannot be changed after creation, and it must consist of only alphanumeric characters and underscores.
The tags to assign to the tiering configuration.
" + }, + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"This is a unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice. This parameter is optional. If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.
", + "idempotencyToken":true + } + } + }, + "CreateTieringConfigurationOutput":{ + "type":"structure", + "members":{ + "TieringConfigurationArn":{ + "shape":"ARN", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies the created tiering configuration.
" + }, + "TieringConfigurationName":{ + "shape":"string", + "documentation":"This unique string is the name of the tiering configuration.
The name cannot be changed after creation. The name consists of only alphanumeric characters and underscores. Maximum length is 200.
" + }, + "CreationTime":{ + "shape":"timestamp", + "documentation":"The date and time a tiering configuration was created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
The unique name of a tiering configuration.
", + "location":"uri", + "locationName":"tieringConfigurationName" + } + } + }, + "DeleteTieringConfigurationOutput":{ + "type":"structure", + "members":{} + }, "DependencyFailureException":{ "type":"structure", "members":{ @@ -3740,7 +3999,7 @@ "members":{ "GlobalSettings":{ "shape":"GlobalSettings", - "documentation":"The status of the flags isCrossAccountBackupEnabled and isMpaEnabled ('Mpa' refers to multi-party approval).
The status of the flags isCrossAccountBackupEnabled, isMpaEnabled ('Mpa' refers to multi-party approval), and isDelegatedAdministratorEnabled.
The type of encryption key used for the recovery point. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.
" + }, + "ScanResults":{ + "shape":"ScanResults", + "documentation":"Contains the latest scanning results against the recovery point and currently include MalwareScanner, ScanJobState, Findings, and LastScanTimestamp
Uniquely identifies a request to Backup to scan a resource.
", + "location":"uri", + "locationName":"ScanJobId" + } + } + }, + "DescribeScanJobOutput":{ + "type":"structure", + "required":[ + "AccountId", + "BackupVaultArn", + "BackupVaultName", + "CreatedBy", + "CreationDate", + "IamRoleArn", + "MalwareScanner", + "RecoveryPointArn", + "ResourceArn", + "ResourceName", + "ResourceType", + "ScanJobId", + "ScanMode", + "ScannerRoleArn", + "State" + ], + "members":{ + "AccountId":{ + "shape":"String", + "documentation":"Returns the account ID that owns the scan job.
Pattern: ^[0-9]{12}$
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
Pattern: ^[a-zA-Z0-9\\-\\_\\.]{2,50}$
The date and time that a backup index finished creation, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
The date and time that a backup index finished creation, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:iam::123456789012:role/S3Access.
The scanning engine used for the corresponding scan job. Currently only GUARDUTY is supported.
An ARN that uniquely identifies the target recovery point for scanning.; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
An ARN that uniquely identifies the source resource of the corresponding recovery point ARN.
" + }, + "ResourceName":{ + "shape":"String", + "documentation":"The non-unique name of the resource that belongs to the specified backup.
" + }, + "ResourceType":{ + "shape":"ScanResourceType", + "documentation":"The type of Amazon Web Services Resource to be backed up; for example, an Amazon Elastic Block Store (Amazon EBS) volume.
Pattern: ^[a-zA-Z0-9\\-\\_\\.]{1,50}$
An ARN that uniquely identifies the base recovery point for scanning. This field will only be populated when an incremental scan job has taken place.
" + }, + "ScanId":{ + "shape":"String", + "documentation":"The scan ID generated by Amazon GuardDuty for the corresponding Scan Job ID request from Backup.
" + }, + "ScanJobId":{ + "shape":"String", + "documentation":"The scan job ID that uniquely identified the request to Backup.
" + }, + "ScanMode":{ + "shape":"ScanMode", + "documentation":"Specifies the scan type used for the scan job.
" + }, + "ScanResult":{ + "shape":"ScanResultInfo", + "documentation":" Contains the ScanResultsStatus for the scanning job and returns THREATS_FOUND or NO_THREATS_FOUND for completed jobs.
Specifies the scanner IAM role ARN used to for the scan job.
" + }, + "State":{ + "shape":"ScanState", + "documentation":"The current state of a scan job.
" + }, + "StatusMessage":{ + "shape":"String", + "documentation":"A detailed message explaining the status of the job to back up a resource.
" + } + } + }, "DisassociateBackupVaultMpaApprovalTeamInput":{ "type":"structure", "required":["BackupVaultName"], @@ -4780,6 +5154,27 @@ } } }, + "GetTieringConfigurationInput":{ + "type":"structure", + "required":["TieringConfigurationName"], + "members":{ + "TieringConfigurationName":{ + "shape":"TieringConfigurationName", + "documentation":"The unique name of a tiering configuration.
", + "location":"uri", + "locationName":"tieringConfigurationName" + } + } + }, + "GetTieringConfigurationOutput":{ + "type":"structure", + "members":{ + "TieringConfiguration":{ + "shape":"TieringConfiguration", + "documentation":"Specifies the body of a tiering configuration. Includes TieringConfigurationName.
If the value is true, your backup plan transitions supported resources to archive (cold) storage tier in accordance with your lifecycle settings.
" + }, + "DeleteAfterEvent":{ + "shape":"LifecycleDeleteAfterEvent", + "documentation":"The event after which a recovery point is deleted. A recovery point with both DeleteAfterDays and DeleteAfterEvent will delete after whichever condition is satisfied first. Not valid as an input.
Specifies the time period, in days, before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the retention setting must be 90 days greater than the transition to cold after days setting. The transition to cold after days setting can't be changed after a backup has been transitioned to cold.
Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.
To remove the existing lifecycle and retention periods and keep your recovery points indefinitely, specify -1 for MoveToColdStorageAfterDays and DeleteAfterDays.
This is an optional parameter that can be used to filter out jobs with a MessageCategory which matches the value you input.
Example strings may include AccessDenied, SUCCESS, AGGREGATE_ALL, and INVALIDPARAMETERS.
View Monitoring for a list of accepted strings.
The the value ANY returns count of all message categories.
AGGREGATE_ALL aggregates job counts for all message categories and returns the sum.
Filters copy jobs by the specified source recovery point ARN.
", + "location":"querystring", + "locationName":"sourceRecoveryPointArn" } } }, @@ -5954,7 +6363,7 @@ }, "ByStatus":{ "shape":"string", - "documentation":"Returns only report jobs that are in the specified status. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED
Returns only report jobs that are in the specified status. The statuses are:
CREATED | RUNNING | COMPLETED | FAILED | COMPLETED_WITH_ISSUES
Please note that only scanning jobs finish with state completed with issues. For backup jobs this is a console interpretation of a job that finishes in completed state and has a status message.
", "location":"querystring", "locationName":"Status" }, @@ -6330,23 +6739,190 @@ } } }, - "ListTagsInput":{ + "ListScanJobSummariesInput":{ "type":"structure", - "required":["ResourceArn"], "members":{ - "ResourceArn":{ - "shape":"ARN", - "documentation":"An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the type of resource. Valid targets for ListTags are recovery points, backup plans, and backup vaults.
Returns the job count for the specified account.
If the request is sent from a member account or an account not part of Amazon Web Services Organizations, jobs within requestor's account will be returned.
Root, admin, and delegated administrator accounts can use the value ANY to return job counts from every account in the organization.
AGGREGATE_ALL aggregates job counts from all accounts within the authenticated organization, then returns the sum.
The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
Returns the job count for the specified resource type. Use request GetSupportedResourceTypes to obtain strings for supported resource types.
The the value ANY returns count of all resource types.
AGGREGATE_ALL aggregates job counts for all resource types and returns the sum.
Returns only the scan jobs for the specified malware scanner. Currently the only MalwareScanner is GUARDDUTY. But the field also supports ANY, and AGGREGATE_ALL.
Returns only the scan jobs for the specified scan results.
", + "location":"querystring", + "locationName":"ScanResultStatus" + }, + "State":{ + "shape":"ScanJobStatus", + "documentation":"Returns only the scan jobs for the specified scanning job state.
", + "location":"querystring", + "locationName":"State" + }, + "AggregationPeriod":{ + "shape":"AggregationPeriod", + "documentation":"The period for the returned results.
ONE_DAYThe daily job count for the prior 1 day.
SEVEN_DAYSThe daily job count for the prior 7 days.
FOURTEEN_DAYSThe daily job count for the prior 14 days.
The maximum number of items to be returned.
The value is an integer. Range of accepted values is from 1 to 500.
", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"string", + "documentation":"The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
The summary information.
" + }, + "AggregationPeriod":{ + "shape":"string", + "documentation":"The period for the returned results.
ONE_DAYThe daily job count for the prior 1 day.
SEVEN_DAYSThe daily job count for the prior 7 days.
FOURTEEN_DAYSThe daily job count for the prior 14 days.
Valid Values: 'ONE_DAY' | 'SEVEN_DAYS' | 'FOURTEEN_DAYS'
The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
The account ID to list the jobs from. Returns only backup jobs associated with the specified account ID.
If used from an Amazon Web Services Organizations management account, passing * returns all jobs across the organization.
Pattern: ^[0-9]{12}$
Returns only scan jobs that will be stored in the specified backup vault. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
Pattern: ^[a-zA-Z0-9\\-\\_\\.]{2,50}$
Returns only scan jobs completed after a date expressed in Unix format and Coordinated Universal Time (UTC).
", + "location":"querystring", + "locationName":"ByCompleteAfter" + }, + "ByCompleteBefore":{ + "shape":"Timestamp", + "documentation":"Returns only backup jobs completed before a date expressed in Unix format and Coordinated Universal Time (UTC).
", + "location":"querystring", + "locationName":"ByCompleteBefore" + }, + "ByMalwareScanner":{ + "shape":"MalwareScanner", + "documentation":"Returns only the scan jobs for the specified malware scanner. Currently only supports GUARDDUTY.
Returns only the scan jobs that are ran against the specified recovery point.
", + "location":"querystring", + "locationName":"ByRecoveryPointArn" + }, + "ByResourceArn":{ + "shape":"String", + "documentation":"Returns only scan jobs that match the specified resource Amazon Resource Name (ARN).
", + "location":"querystring", + "locationName":"ByResourceArn" + }, + "ByResourceType":{ + "shape":"ScanResourceType", + "documentation":"Returns restore testing selections by the specified restore testing plan name.
EBSfor Amazon Elastic Block Store
EC2for Amazon Elastic Compute Cloud
S3for Amazon Simple Storage Service (Amazon S3)
Pattern: ^[a-zA-Z0-9\\-\\_\\.]{1,50}$
Returns only the scan jobs for the specified scan results:
THREATS_FOUND
NO_THREATS_FOUND
Returns only the scan jobs for the specified scanning job state.
", + "location":"querystring", + "locationName":"ByState" + }, + "MaxResults":{ + "shape":"ListScanJobsInputMaxResultsInteger", + "documentation":"The maximum number of items to be returned.
Valid Range: Minimum value of 1. Maximum value of 1000.
", + "location":"querystring", + "locationName":"MaxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
An array of structures containing metadata about your scan jobs returned in JSON format.
" + } + } + }, + "ListTagsInput":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"ARN", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the type of resource. Valid targets for ListTags are recovery points, backup plans, and backup vaults.
The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
The maximum number of items to be returned.
", "location":"querystring", @@ -6367,7 +6943,41 @@ } } }, + "ListTieringConfigurationsInput":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of items to be returned.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"string", + "documentation":"The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
An array of tiering configurations returned by the ListTieringConfigurations call.
The next item following a partial list of returned items. For example, if a request is made to return MaxResults number of items, NextToken allows you to return more items in your list starting at the location pointed to by the next token.
The type of encryption key used for the recovery point. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.
" + }, + "AggregatedScanResult":{ + "shape":"AggregatedScanResult", + "documentation":"Contains the latest scanning results against the recovery point and currently include FailedScan, Findings, LastComputed.
Contains detailed information about the recovery points stored in a backup vault.
" @@ -6737,6 +7351,10 @@ "EncryptionKeyType":{ "shape":"EncryptionKeyType", "documentation":"The type of encryption key used for the recovery point. Valid values are CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.
" + }, + "AggregatedScanResult":{ + "shape":"AggregatedScanResult", + "documentation":"Contains the latest scanning results against the recovery point and currently include FailedScan, Findings, LastComputed.
Contains detailed information about a saved recovery point.
" @@ -6977,7 +7595,7 @@ "members":{ "ReportTemplate":{ "shape":"string", - "documentation":"Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT
Identifies the report template for the report. Reports are built using a report template. The report templates are:
RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT | SCAN_JOB_REPORT
A resource that is required for the action doesn't exist.
", "exception":true }, + "ResourceSelection":{ + "type":"structure", + "required":[ + "Resources", + "TieringDownSettingsInDays", + "ResourceType" + ], + "members":{ + "Resources":{ + "shape":"ResourceArns", + "documentation":"An array of strings that either contains ARNs of the associated resources or contains a wildcard * to specify all resources. You can specify up to 100 specific resources per tiering configuration.
The number of days after creation within a backup vault that an object can transition to the low cost warm storage tier. Must be a positive integer between 60 and 36500 days.
" + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"The type of Amazon Web Services resource; for example, S3 for Amazon S3. For tiering configurations, this is currently limited to S3.
This contains metadata about resource selection for tiering configurations.
You can specify up to 5 different resource selections per tiering configuration. Data moved to lower-cost tier remains there until deletion (one-way transition).
" + }, + "ResourceSelections":{ + "type":"list", + "member":{"shape":"ResourceSelection"} + }, "ResourceType":{ "type":"string", "pattern":"^[a-zA-Z0-9\\-\\_\\.]{1,50}$" @@ -7666,6 +8311,328 @@ "CONTINUOUS_AND_SNAPSHOTS" ] }, + "ScanAction":{ + "type":"structure", + "members":{ + "MalwareScanner":{ + "shape":"MalwareScanner", + "documentation":"The malware scanner to use for the scan action. Currently only GUARDDUTY is supported.
The scanning mode to use for the scan action.
Valid values: FULL_SCAN | INCREMENTAL_SCAN.
Defines a scanning action that specifies the malware scanner and scan mode to use.
" + }, + "ScanActions":{ + "type":"list", + "member":{"shape":"ScanAction"} + }, + "ScanFinding":{ + "type":"string", + "enum":["MALWARE"] + }, + "ScanFindings":{ + "type":"list", + "member":{"shape":"ScanFinding"} + }, + "ScanJob":{ + "type":"structure", + "required":[ + "AccountId", + "BackupVaultArn", + "BackupVaultName", + "CreatedBy", + "CreationDate", + "IamRoleArn", + "MalwareScanner", + "RecoveryPointArn", + "ResourceArn", + "ResourceName", + "ResourceType", + "ScanJobId", + "ScanMode", + "ScannerRoleArn" + ], + "members":{ + "AccountId":{ + "shape":"String", + "documentation":"The account ID that owns the scan job.
" + }, + "BackupVaultArn":{ + "shape":"String", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.
The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
" + }, + "CompletionDate":{ + "shape":"Timestamp", + "documentation":"The date and time that a scan job is completed, in Unix format and Coordinated Universal Time (UTC). The value of CompletionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Contains identifying information about the creation of a scan job.
" + }, + "CreationDate":{ + "shape":"Timestamp", + "documentation":"The date and time that a scan job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Specifies the IAM role ARN used to create the scan job; for example, arn:aws:iam::123456789012:role/S3Access.
The scanning engine used for the scan job. Currently only GUARDDUTY is supported.
An ARN that uniquely identifies the recovery point being scanned; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
An ARN that uniquely identifies the source resource of the recovery point being scanned.
" + }, + "ResourceName":{ + "shape":"String", + "documentation":"The non-unique name of the resource that belongs to the specified backup.
" + }, + "ResourceType":{ + "shape":"ScanResourceType", + "documentation":"The type of Amazon Web Services resource being scanned; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
" + }, + "ScanBaseRecoveryPointArn":{ + "shape":"String", + "documentation":"An ARN that uniquely identifies the base recovery point for scanning. This field is populated when an incremental scan job has taken place.
" + }, + "ScanId":{ + "shape":"String", + "documentation":"The scan ID generated by the malware scanner for the corresponding scan job.
" + }, + "ScanJobId":{ + "shape":"String", + "documentation":"The unique identifier that identifies the scan job request to Backup.
" + }, + "ScanMode":{ + "shape":"ScanMode", + "documentation":"Specifies the scan type use for the scan job.
Includes:
FULL_SCAN will scan the entire data lineage within the backup.
INCREMENTAL_SCAN will scan the data difference between the target recovery point and base recovery point ARN.
Contains the scan results information, including the status of threats found during scanning.
" + }, + "ScannerRoleArn":{ + "shape":"String", + "documentation":"Specifies the scanner IAM role ARN used for the scan job.
" + }, + "State":{ + "shape":"ScanState", + "documentation":"The current state of the scan job.
Valid values: CREATED | RUNNING | COMPLETED | COMPLETED_WITH_ISSUES | FAILED | CANCELED.
A detailed message explaining the status of the scan job.
" + } + }, + "documentation":"Contains metadata about a scan job, including information about the scanning process, results, and associated resources.
" + }, + "ScanJobCreator":{ + "type":"structure", + "required":[ + "BackupPlanArn", + "BackupPlanId", + "BackupPlanVersion", + "BackupRuleId" + ], + "members":{ + "BackupPlanArn":{ + "shape":"String", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
The ID of the backup plan.
" + }, + "BackupPlanVersion":{ + "shape":"String", + "documentation":"Unique, randomly generated, Unicode, UTF-8 encoded strings that are at most 1,024 bytes long. Version IDs cannot be edited.
" + }, + "BackupRuleId":{ + "shape":"String", + "documentation":"Uniquely identifies the backup rule that initiated the scan job.
" + } + }, + "documentation":"Contains identifying information about the creation of a scan job, including the backup plan and rule that initiated the scan.
" + }, + "ScanJobState":{ + "type":"string", + "enum":[ + "COMPLETED", + "COMPLETED_WITH_ISSUES", + "FAILED", + "CANCELED" + ] + }, + "ScanJobStatus":{ + "type":"string", + "enum":[ + "CREATED", + "COMPLETED", + "COMPLETED_WITH_ISSUES", + "RUNNING", + "FAILED", + "CANCELED", + "AGGREGATE_ALL", + "ANY" + ] + }, + "ScanJobSummary":{ + "type":"structure", + "members":{ + "Region":{ + "shape":"Region", + "documentation":"The Amazon Web Services Region where the scan jobs were executed.
" + }, + "AccountId":{ + "shape":"AccountId", + "documentation":"The account ID that owns the scan jobs included in this summary.
" + }, + "State":{ + "shape":"ScanJobStatus", + "documentation":"The state of the scan jobs included in this summary.
Valid values: CREATED | RUNNING | COMPLETED | COMPLETED_WITH_ISSUES | FAILED | CANCELED.
The type of Amazon Web Services resource for the scan jobs included in this summary.
" + }, + "Count":{ + "shape":"integer", + "documentation":"The number of scan jobs that match the specified criteria.
" + }, + "StartTime":{ + "shape":"timestamp", + "documentation":"The value of time in number format of a job start time.
This value is the time in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
" + }, + "EndTime":{ + "shape":"timestamp", + "documentation":"The value of time in number format of a job end time.
This value is the time in Unix format, Coordinated Universal Time (UTC), and accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
" + }, + "MalwareScanner":{ + "shape":"MalwareScanner", + "documentation":"Specifies the malware scanner used during the scan job. Currently only supports GUARDDUTY.
The scan result status for the scan jobs included in this summary.
Valid values: THREATS_FOUND | NO_THREATS_FOUND.
Contains summary information about scan jobs, including counts and metadata for a specific time period and criteria.
" + }, + "ScanJobSummaryList":{ + "type":"list", + "member":{"shape":"ScanJobSummary"} + }, + "ScanJobs":{ + "type":"list", + "member":{"shape":"ScanJob"} + }, + "ScanMode":{ + "type":"string", + "enum":[ + "FULL_SCAN", + "INCREMENTAL_SCAN" + ] + }, + "ScanResourceType":{ + "type":"string", + "enum":[ + "EBS", + "EC2", + "S3" + ] + }, + "ScanResult":{ + "type":"structure", + "members":{ + "MalwareScanner":{ + "shape":"MalwareScanner", + "documentation":"The malware scanner used to perform the scan. Currently only GUARDDUTY is supported.
The final state of the scan job.
Valid values: COMPLETED | FAILED | CANCELED.
The timestamp of when the last scan was performed, in Unix format and Coordinated Universal Time (UTC).
" + }, + "Findings":{ + "shape":"ScanFindings", + "documentation":"An array of findings discovered during the scan.
" + } + }, + "documentation":"Contains the results of a security scan, including scanner information, scan state, and any findings discovered.
" + }, + "ScanResultInfo":{ + "type":"structure", + "required":["ScanResultStatus"], + "members":{ + "ScanResultStatus":{ + "shape":"ScanResultStatus", + "documentation":"The status of the scan results.
Valid values: THREATS_FOUND | NO_THREATS_FOUND.
Contains information about the results of a scan job.
" + }, + "ScanResultStatus":{ + "type":"string", + "enum":[ + "NO_THREATS_FOUND", + "THREATS_FOUND" + ] + }, + "ScanResults":{ + "type":"list", + "member":{"shape":"ScanResult"}, + "max":5, + "min":0 + }, + "ScanSetting":{ + "type":"structure", + "members":{ + "MalwareScanner":{ + "shape":"MalwareScanner", + "documentation":"The malware scanner to use for scanning. Currently only GUARDDUTY is supported.
An array of resource types to be scanned for malware.
" + }, + "ScannerRoleArn":{ + "shape":"IAMRoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM role that the scanner uses to access resources; for example, arn:aws:iam::123456789012:role/ScannerRole.
Contains configuration settings for malware scanning, including the scanner type, target resource types, and scanner role.
" + }, + "ScanSettings":{ + "type":"list", + "member":{"shape":"ScanSetting"} + }, + "ScanState":{ + "type":"string", + "enum":[ + "CANCELED", + "COMPLETED", + "COMPLETED_WITH_ISSUES", + "CREATED", + "FAILED", + "RUNNING" + ] + }, "ScheduledPlanExecutionMember":{ "type":"structure", "members":{ @@ -7724,6 +8691,10 @@ "shape":"BackupVaultName", "documentation":"The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
" }, + "LogicallyAirGappedBackupVaultArn":{ + "shape":"ARN", + "documentation":"The ARN of a logically air-gapped vault. ARN must be in the same account and Region. If provided, supported fully managed resources back up directly to logically air-gapped vault, while other supported resources create a temporary (billable) snapshot in backup vault, then copy it to logically air-gapped vault. Unsupported resources only back up to the specified backup vault.
" + }, "ResourceArn":{ "shape":"ARN", "documentation":"An Amazon Resource Name (ARN) that uniquely identifies a resource. The format of the ARN depends on the resource type.
" @@ -7903,6 +8874,68 @@ } } }, + "StartScanJobInput":{ + "type":"structure", + "required":[ + "BackupVaultName", + "IamRoleArn", + "MalwareScanner", + "RecoveryPointArn", + "ScanMode", + "ScannerRoleArn" + ], + "members":{ + "BackupVaultName":{ + "shape":"String", + "documentation":"The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.
Pattern: ^[a-zA-Z0-9\\-\\_]{2,50}$
Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access.
A customer-chosen string that you can use to distinguish between otherwise identical calls to StartScanJob. Retrying a successful request with the same idempotency token results in a success message with no action taken.
Specifies the malware scanner used during the scan job. Currently only supports GUARDDUTY.
An Amazon Resource Name (ARN) that uniquely identifies a recovery point. This is your target recovery point for a full scan. If you are running an incremental scan, this will be your a recovery point which has been created after your base recovery point selection.
" + }, + "ScanBaseRecoveryPointArn":{ + "shape":"String", + "documentation":"An ARN that uniquely identifies the base recovery point to be used for incremental scanning.
" + }, + "ScanMode":{ + "shape":"ScanMode", + "documentation":"Specifies the scan type use for the scan job.
Includes:
FULL_SCAN will scan the entire data lineage within the backup.
INCREMENTAL_SCAN will scan the data difference between the target recovery point and base recovery point ARN.
Specified the IAM scanner role ARN.
" + } + } + }, + "StartScanJobOutput":{ + "type":"structure", + "required":[ + "CreationDate", + "ScanJobId" + ], + "members":{ + "CreationDate":{ + "shape":"Timestamp", + "documentation":"The date and time that a backup job is created, in Unix format and Coordinated Universal Time (UTC). The value of CreationDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.
Uniquely identifies a request to Backup to back up a resource.
" + } + } + }, "StopBackupJobInput":{ "type":"structure", "required":["BackupJobId"], @@ -7956,6 +8989,126 @@ "value":{"shape":"TagValue"}, "sensitive":true }, + "TieringConfiguration":{ + "type":"structure", + "required":[ + "TieringConfigurationName", + "BackupVaultName", + "ResourceSelection" + ], + "members":{ + "TieringConfigurationName":{ + "shape":"TieringConfigurationName", + "documentation":"The unique name of the tiering configuration. This cannot be changed after creation, and it must consist of only alphanumeric characters and underscores.
" + }, + "TieringConfigurationArn":{ + "shape":"ARN", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies the tiering configuration.
" + }, + "BackupVaultName":{ + "shape":"BackupVaultNameOrWildcard", + "documentation":"The name of the backup vault where the tiering configuration applies. Use * to apply to all backup vaults.
An array of resource selection objects that specify which resources are included in the tiering configuration and their tiering settings.
" + }, + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"This is a unique string that identifies the request and allows failed requests to be retried without the risk of running the operation twice.
" + }, + "CreationTime":{ + "shape":"timestamp", + "documentation":"The date and time a tiering configuration was created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
The date and time a tiering configuration was updated, in Unix format and Coordinated Universal Time (UTC). The value of LastUpdatedTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
This contains metadata about a tiering configuration.
" + }, + "TieringConfigurationInputForCreate":{ + "type":"structure", + "required":[ + "TieringConfigurationName", + "BackupVaultName", + "ResourceSelection" + ], + "members":{ + "TieringConfigurationName":{ + "shape":"TieringConfigurationName", + "documentation":"The unique name of the tiering configuration. This cannot be changed after creation, and it must consist of only alphanumeric characters and underscores.
" + }, + "BackupVaultName":{ + "shape":"BackupVaultNameOrWildcard", + "documentation":"The name of the backup vault where the tiering configuration applies. Use * to apply to all backup vaults.
An array of resource selection objects that specify which resources are included in the tiering configuration and their tiering settings.
" + } + }, + "documentation":"This contains metadata about a tiering configuration for create operations.
" + }, + "TieringConfigurationInputForUpdate":{ + "type":"structure", + "required":[ + "ResourceSelection", + "BackupVaultName" + ], + "members":{ + "ResourceSelection":{ + "shape":"ResourceSelections", + "documentation":"An array of resource selection objects that specify which resources are included in the tiering configuration and their tiering settings.
" + }, + "BackupVaultName":{ + "shape":"BackupVaultNameOrWildcard", + "documentation":"The name of the backup vault where the tiering configuration applies. Use * to apply to all backup vaults.
This contains metadata about a tiering configuration for update operations.
" + }, + "TieringConfigurationName":{ + "type":"string", + "pattern":"^[a-zA-Z0-9_]{1,200}$" + }, + "TieringConfigurationsList":{ + "type":"list", + "member":{"shape":"TieringConfigurationsListMember"}, + "documentation":"A list of tiering configurations.
" + }, + "TieringConfigurationsListMember":{ + "type":"structure", + "members":{ + "TieringConfigurationArn":{ + "shape":"ARN", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies the tiering configuration.
" + }, + "TieringConfigurationName":{ + "shape":"TieringConfigurationName", + "documentation":"The unique name of the tiering configuration.
" + }, + "BackupVaultName":{ + "shape":"BackupVaultNameOrWildcard", + "documentation":"The name of the backup vault where the tiering configuration applies. Use * to apply to all backup vaults.
The date and time a tiering configuration was created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
The date and time a tiering configuration was updated, in Unix format and Coordinated Universal Time (UTC). The value of LastUpdatedTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
This contains metadata about a tiering configuration returned in a list.
" + }, + "TieringDownSettingsInDays":{ + "type":"integer", + "max":36500, + "min":60 + }, "Timestamp":{"type":"timestamp"}, "Timezone":{"type":"string"}, "UntagResourceInput":{ @@ -8018,6 +9171,10 @@ "AdvancedBackupSettings":{ "shape":"AdvancedBackupSettings", "documentation":"Contains a list of BackupOptions for each resource type.
Contains your scanning configuration for the backup plan and includes the Malware scanner, your selected resources, and scanner role.
" } } }, @@ -8068,7 +9225,7 @@ "members":{ "GlobalSettings":{ "shape":"GlobalSettings", - "documentation":"Inputs can include:
A value for isCrossAccountBackupEnabled and a Region. Example: update-global-settings --global-settings isCrossAccountBackupEnabled=false --region us-west-2.
A value for Multi-party approval, styled as \"Mpa\": isMpaEnabled. Values can be true or false. Example: update-global-settings --global-settings isMpaEnabled=false --region us-west-2.
Inputs can include:
A value for isCrossAccountBackupEnabled and a Region. Example: update-global-settings --global-settings isCrossAccountBackupEnabled=false --region us-west-2.
A value for Multi-party approval, styled as \"Mpa\": isMpaEnabled. Values can be true or false. Example: update-global-settings --global-settings isMpaEnabled=false --region us-west-2.
A value for Backup Service-Linked Role creation, styled asisDelegatedAdministratorEnabled. Values can be true or false. Example: update-global-settings --global-settings isDelegatedAdministratorEnabled=false --region us-west-2.
The name of a tiering configuration to update.
", + "location":"uri", + "locationName":"tieringConfigurationName" + }, + "TieringConfiguration":{ + "shape":"TieringConfigurationInputForUpdate", + "documentation":"Specifies the body of a tiering configuration.
" + } + } + }, + "UpdateTieringConfigurationOutput":{ + "type":"structure", + "members":{ + "TieringConfigurationArn":{ + "shape":"ARN", + "documentation":"An Amazon Resource Name (ARN) that uniquely identifies the updated tiering configuration.
" + }, + "TieringConfigurationName":{ + "shape":"TieringConfigurationName", + "documentation":"This unique string is the name of the tiering configuration.
" + }, + "CreationTime":{ + "shape":"timestamp", + "documentation":"The date and time a tiering configuration was created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
The date and time a tiering configuration was updated, in Unix format and Coordinated Universal Time (UTC). The value of LastUpdatedTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087AM.
Retrieves details of a specific bill estimate.
" + "documentation":"Retrieves details of a specific bill estimate.
", + "readonly":true }, "GetBillScenario":{ "name":"GetBillScenario", @@ -349,7 +350,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves details of a specific bill scenario.
" + "documentation":"Retrieves details of a specific bill scenario.
", + "readonly":true }, "GetPreferences":{ "name":"GetPreferences", @@ -366,7 +368,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the current preferences for Pricing Calculator.
" + "documentation":"Retrieves the current preferences for Pricing Calculator.
", + "readonly":true }, "GetWorkloadEstimate":{ "name":"GetWorkloadEstimate", @@ -384,7 +387,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves details of a specific workload estimate.
" + "documentation":"Retrieves details of a specific workload estimate.
", + "readonly":true }, "ListBillEstimateCommitments":{ "name":"ListBillEstimateCommitments", @@ -402,7 +406,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the commitments associated with a bill estimate.
" + "documentation":"Lists the commitments associated with a bill estimate.
", + "readonly":true }, "ListBillEstimateInputCommitmentModifications":{ "name":"ListBillEstimateInputCommitmentModifications", @@ -420,7 +425,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the input commitment modifications associated with a bill estimate.
" + "documentation":"Lists the input commitment modifications associated with a bill estimate.
", + "readonly":true }, "ListBillEstimateInputUsageModifications":{ "name":"ListBillEstimateInputUsageModifications", @@ -438,7 +444,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the input usage modifications associated with a bill estimate.
" + "documentation":"Lists the input usage modifications associated with a bill estimate.
", + "readonly":true }, "ListBillEstimateLineItems":{ "name":"ListBillEstimateLineItems", @@ -456,7 +463,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the line items associated with a bill estimate.
" + "documentation":"Lists the line items associated with a bill estimate.
", + "readonly":true }, "ListBillEstimates":{ "name":"ListBillEstimates", @@ -473,7 +481,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists all bill estimates for the account.
" + "documentation":"Lists all bill estimates for the account.
", + "readonly":true }, "ListBillScenarioCommitmentModifications":{ "name":"ListBillScenarioCommitmentModifications", @@ -491,7 +500,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the commitment modifications associated with a bill scenario.
" + "documentation":"Lists the commitment modifications associated with a bill scenario.
", + "readonly":true }, "ListBillScenarioUsageModifications":{ "name":"ListBillScenarioUsageModifications", @@ -509,7 +519,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the usage modifications associated with a bill scenario.
" + "documentation":"Lists the usage modifications associated with a bill scenario.
", + "readonly":true }, "ListBillScenarios":{ "name":"ListBillScenarios", @@ -526,7 +537,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists all bill scenarios for the account.
" + "documentation":"Lists all bill scenarios for the account.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -543,7 +555,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists all tags associated with a specified resource.
" + "documentation":"Lists all tags associated with a specified resource.
", + "readonly":true }, "ListWorkloadEstimateUsage":{ "name":"ListWorkloadEstimateUsage", @@ -561,7 +574,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the usage associated with a workload estimate.
" + "documentation":"Lists the usage associated with a workload estimate.
", + "readonly":true }, "ListWorkloadEstimates":{ "name":"ListWorkloadEstimates", @@ -578,7 +592,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists all workload estimates for the account.
" + "documentation":"Lists all workload estimates for the account.
", + "readonly":true }, "TagResource":{ "name":"TagResource", @@ -2045,6 +2060,14 @@ "failureMessage":{ "shape":"String", "documentation":"An error message if the bill scenario creation or processing failed.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" } }, "documentation":"Provides a summary of a bill scenario.
" @@ -2145,6 +2168,12 @@ }, "documentation":"Represents a monetary amount with associated currency.
" }, + "CostCategoryArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:aws[-a-z0-9]*:ce::[0-9]{12}:costcategory/[a-f0-9-]{36}" + }, "CostDifference":{ "type":"structure", "members":{ @@ -2220,6 +2249,18 @@ "expiresAt":{ "shape":"Timestamp", "documentation":"The timestamp of when the Bill estimate will expire. A Bill estimate becomes inaccessible after expiration.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" + }, + "costCategoryGroupSharingPreferenceEffectiveDate":{ + "shape":"Timestamp", + "documentation":"Timestamp of the effective date of the cost category used in the group sharing settings.
" } } }, @@ -2239,6 +2280,14 @@ "tags":{ "shape":"Tags", "documentation":"The tags to apply to the bill scenario.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" } } }, @@ -2273,6 +2322,14 @@ "failureMessage":{ "shape":"String", "documentation":"An error message if the bill scenario creation failed.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" } } }, @@ -2371,8 +2428,7 @@ }, "DeleteBillEstimateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteBillScenarioRequest":{ "type":"structure", @@ -2386,8 +2442,7 @@ }, "DeleteBillScenarioResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteWorkloadEstimateRequest":{ "type":"structure", @@ -2401,8 +2456,7 @@ }, "DeleteWorkloadEstimateResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Double":{ "type":"double", @@ -2519,6 +2573,18 @@ "expiresAt":{ "shape":"Timestamp", "documentation":"The timestamp when the bill estimate will expire.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" + }, + "costCategoryGroupSharingPreferenceEffectiveDate":{ + "shape":"Timestamp", + "documentation":"Timestamp of the effective date of the cost category used in the group sharing settings.
" } } }, @@ -2563,13 +2629,20 @@ "failureMessage":{ "shape":"String", "documentation":"An error message if the bill scenario retrieval failed.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" } } }, "GetPreferencesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetPreferencesResponse":{ "type":"structure", @@ -2645,6 +2718,14 @@ }, "documentation":"Mixin for common fields returned by CRUD APIs
" }, + "GroupSharingPreferenceEnum":{ + "type":"string", + "enum":[ + "OPEN", + "PRIORITIZED", + "RESTRICTED" + ] + }, "HistoricalUsageEntity":{ "type":"structure", "required":[ @@ -3051,7 +3132,9 @@ "type":"string", "enum":[ "STATUS", - "NAME" + "NAME", + "GROUP_SHARING_PREFERENCE", + "COST_CATEGORY_ARN" ] }, "ListBillScenariosFilterValues":{ @@ -3466,8 +3549,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Tags":{ "type":"map", @@ -3517,8 +3599,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateBillEstimateRequest":{ "type":"structure", @@ -3573,6 +3654,18 @@ "expiresAt":{ "shape":"Timestamp", "documentation":"The updated expiration timestamp for the bill estimate.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" + }, + "costCategoryGroupSharingPreferenceEffectiveDate":{ + "shape":"Timestamp", + "documentation":"Timestamp of the effective date of the cost category used in the group sharing settings.
" } } }, @@ -3591,6 +3684,14 @@ "expiresAt":{ "shape":"Timestamp", "documentation":"The new expiration date for the bill scenario.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" } } }, @@ -3625,6 +3726,14 @@ "failureMessage":{ "shape":"String", "documentation":"An error message if the bill scenario update failed.
" + }, + "groupSharingPreference":{ + "shape":"GroupSharingPreferenceEnum", + "documentation":"The setting for the reserved instance and savings plan group sharing used in this estimate.
" + }, + "costCategoryGroupSharingPreferenceArn":{ + "shape":"CostCategoryArn", + "documentation":"The arn of the cost category used in the reserved and prioritized group sharing.
" } } }, diff --git a/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json b/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json index 6ac1d010ed20..7c8052ebb3c4 100644 --- a/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json +++ b/awscli/botocore/data/bedrock-agentcore-control/2023-06-05/service-2.json @@ -1473,7 +1473,8 @@ "type":"string", "enum":[ "CUSTOM_JWT", - "AWS_IAM" + "AWS_IAM", + "NONE" ] }, "AwsAccountId":{ @@ -2153,7 +2154,7 @@ }, "authorizerType":{ "shape":"AuthorizerType", - "documentation":"The type of authorizer to use for the gateway.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
The type of authorizer to use for the gateway.
CUSTOM_JWT - Authorize with a bearer token.
AWS_IAM - Authorize with your Amazon Web Services IAM credentials.
NONE - No authorization
The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
" }, + "interceptorConfigurations":{ + "shape":"GatewayInterceptorConfigurations", + "documentation":"A list of configuration settings for a gateway interceptor. Gateway interceptors allow custom code to be invoked during gateway invocations.
" + }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The Amazon Resource Name (ARN) of the KMS key used to encrypt data associated with the gateway.
" }, + "interceptorConfigurations":{ + "shape":"GatewayInterceptorConfigurations", + "documentation":"The list of interceptor configurations for the created gateway.
" + }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the created gateway.
" @@ -3197,6 +3206,47 @@ "type":"string", "pattern":"([0-9a-z][-]?){1,100}-[0-9a-z]{10}" }, + "GatewayInterceptionPoint":{ + "type":"string", + "enum":[ + "REQUEST", + "RESPONSE" + ] + }, + "GatewayInterceptionPoints":{ + "type":"list", + "member":{"shape":"GatewayInterceptionPoint"}, + "max":2, + "min":1 + }, + "GatewayInterceptorConfiguration":{ + "type":"structure", + "required":[ + "interceptor", + "interceptionPoints" + ], + "members":{ + "interceptor":{ + "shape":"InterceptorConfiguration", + "documentation":"The infrastructure settings of an interceptor configuration. This structure defines how the interceptor can be invoked.
" + }, + "interceptionPoints":{ + "shape":"GatewayInterceptionPoints", + "documentation":"The supported points of interception. This field specifies which points during the gateway invocation to invoke the interceptor
" + }, + "inputConfiguration":{ + "shape":"InterceptorInputConfiguration", + "documentation":"The configuration for the input of the interceptor. This field specifies how the input to the interceptor is constructed
" + } + }, + "documentation":"The configuration for an interceptor on a gateway. This structure defines settings for an interceptor that will be invoked during the invocation of the gateway.
" + }, + "GatewayInterceptorConfigurations":{ + "type":"list", + "member":{"shape":"GatewayInterceptorConfiguration"}, + "max":2, + "min":1 + }, "GatewayMaxResults":{ "type":"integer", "box":true, @@ -3791,6 +3841,10 @@ "shape":"KmsKeyArn", "documentation":"The Amazon Resource Name (ARN) of the KMS key used to encrypt the gateway.
" }, + "interceptorConfigurations":{ + "shape":"GatewayInterceptorConfigurations", + "documentation":"The interceptors configured on the gateway.
" + }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the gateway.
" @@ -4150,6 +4204,28 @@ "type":"integer", "box":true }, + "InterceptorConfiguration":{ + "type":"structure", + "members":{ + "lambda":{ + "shape":"LambdaInterceptorConfiguration", + "documentation":"The details of the lambda function used for the interceptor.
" + } + }, + "documentation":"The interceptor configuration.
", + "union":true + }, + "InterceptorInputConfiguration":{ + "type":"structure", + "required":["passRequestHeaders"], + "members":{ + "passRequestHeaders":{ + "shape":"Boolean", + "documentation":"Indicates whether to pass request headers as input into the interceptor. When set to true, request headers will be passed.
" + } + }, + "documentation":"The input configuration of the interceptor.
" + }, "InternalServerException":{ "type":"structure", "members":{ @@ -4235,6 +4311,17 @@ "min":1, "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:([a-z]{2}(-gov)?-[a-z]+-\\d{1}):(\\d{12}):function:([a-zA-Z0-9-_.]+)(:(\\$LATEST|[a-zA-Z0-9-]+))?" }, + "LambdaInterceptorConfiguration":{ + "type":"structure", + "required":["arn"], + "members":{ + "arn":{ + "shape":"LambdaFunctionArn", + "documentation":"The arn of the lambda function to be invoked for the interceptor.
" + } + }, + "documentation":"The lambda configuration for the interceptor
" + }, "LifecycleConfiguration":{ "type":"structure", "members":{ @@ -6781,6 +6868,10 @@ "shape":"KmsKeyArn", "documentation":"The updated ARN of the KMS key used to encrypt the gateway.
" }, + "interceptorConfigurations":{ + "shape":"GatewayInterceptorConfigurations", + "documentation":"The updated interceptor configurations for the gateway.
" + }, "exceptionLevel":{ "shape":"ExceptionLevel", "documentation":"The level of detail in error messages returned when invoking the gateway.
If the value is DEBUG, granular exception messages are returned to help a user debug the gateway.
If the value is omitted, a generic error message is returned to the end user.
The updated ARN of the KMS key used to encrypt the gateway.
" }, + "interceptorConfigurations":{ + "shape":"GatewayInterceptorConfigurations", + "documentation":"The updated interceptor configurations for the gateway.
" + }, "workloadIdentityDetails":{ "shape":"WorkloadIdentityDetails", "documentation":"The workload identity details for the updated gateway.
" diff --git a/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json b/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json index b1149c23a79a..129086aa545f 100644 --- a/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json +++ b/awscli/botocore/data/bedrock-agentcore/2024-02-28/paginators-1.json @@ -29,6 +29,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "memoryRecordSummaries" + }, + "ListMemoryExtractionJobs": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "jobs" } } } diff --git a/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json b/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json index 4158271f3aa5..268258213f00 100644 --- a/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json +++ b/awscli/botocore/data/bedrock-agentcore/2024-02-28/service-2.json @@ -187,7 +187,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Retrieves detailed information about a specific browser session in Amazon Bedrock. This operation returns the session's configuration, current status, associated streams, and metadata.
To get a browser session, you must specify both the browser identifier and the session ID. The response includes information about the session's viewport configuration, timeout settings, and stream endpoints.
The following operations are related to GetBrowserSession:
Retrieves detailed information about a specific browser session in Amazon Bedrock. This operation returns the session's configuration, current status, associated streams, and metadata.
To get a browser session, you must specify both the browser identifier and the session ID. The response includes information about the session's viewport configuration, timeout settings, and stream endpoints.
The following operations are related to GetBrowserSession:
Retrieves detailed information about a specific code interpreter session in Amazon Bedrock. This operation returns the session's configuration, current status, and metadata.
To get a code interpreter session, you must specify both the code interpreter identifier and the session ID. The response includes information about the session's timeout settings and current status.
The following operations are related to GetCodeInterpreterSession:
Retrieves detailed information about a specific code interpreter session in Amazon Bedrock. This operation returns the session's configuration, current status, and metadata.
To get a code interpreter session, you must specify both the code interpreter identifier and the session ID. The response includes information about the session's timeout settings and current status.
The following operations are related to GetCodeInterpreterSession:
Retrieves information about a specific event in an AgentCore Memory resource.
To use this operation, you must have the bedrock-agentcore:GetEvent permission.
Retrieves information about a specific event in an AgentCore Memory resource.
To use this operation, you must have the bedrock-agentcore:GetEvent permission.
Retrieves a specific memory record from an AgentCore Memory resource.
To use this operation, you must have the bedrock-agentcore:GetMemoryRecord permission.
Retrieves a specific memory record from an AgentCore Memory resource.
To use this operation, you must have the bedrock-agentcore:GetMemoryRecord permission.
Retrieves the API key associated with an API key credential provider.
" + "documentation":"Retrieves the API key associated with an API key credential provider.
", + "readonly":true }, "GetResourceOauth2Token":{ "name":"GetResourceOauth2Token", @@ -283,7 +288,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Returns the OAuth 2.0 token of the provided resource.
" + "documentation":"Returns the OAuth 2.0 token of the provided resource.
", + "readonly":true }, "GetWorkloadAccessToken":{ "name":"GetWorkloadAccessToken", @@ -400,7 +406,8 @@ {"shape":"ThrottledException"}, {"shape":"ServiceException"} ], - "documentation":"Lists all actors in an AgentCore Memory resource. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListActors permission.
Lists all actors in an AgentCore Memory resource. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListActors permission.
Retrieves a list of browser sessions in Amazon Bedrock that match the specified criteria. This operation returns summary information about each session, including identifiers, status, and timestamps.
You can filter the results by browser identifier and session status. The operation supports pagination to handle large result sets efficiently.
We recommend using pagination to ensure that the operation returns quickly and successfully when retrieving large numbers of sessions.
The following operations are related to ListBrowserSessions:
Retrieves a list of browser sessions in Amazon Bedrock that match the specified criteria. This operation returns summary information about each session, including identifiers, status, and timestamps.
You can filter the results by browser identifier and session status. The operation supports pagination to handle large result sets efficiently.
We recommend using pagination to ensure that the operation returns quickly and successfully when retrieving large numbers of sessions.
The following operations are related to ListBrowserSessions:
Retrieves a list of code interpreter sessions in Amazon Bedrock that match the specified criteria. This operation returns summary information about each session, including identifiers, status, and timestamps.
You can filter the results by code interpreter identifier and session status. The operation supports pagination to handle large result sets efficiently.
We recommend using pagination to ensure that the operation returns quickly and successfully when retrieving large numbers of sessions.
The following operations are related to ListCodeInterpreterSessions:
Retrieves a list of code interpreter sessions in Amazon Bedrock that match the specified criteria. This operation returns summary information about each session, including identifiers, status, and timestamps.
You can filter the results by code interpreter identifier and session status. The operation supports pagination to handle large result sets efficiently.
We recommend using pagination to ensure that the operation returns quickly and successfully when retrieving large numbers of sessions.
The following operations are related to ListCodeInterpreterSessions:
Lists events in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListEvents permission.
Lists events in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListEvents permission.
Lists all long-term memory extraction jobs that are eligible to be started with optional filtering.
To use this operation, you must have the bedrock-agentcore:ListMemoryExtractionJobs permission.
Lists memory records in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListMemoryRecords permission.
Lists memory records in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListMemoryRecords permission.
Lists sessions in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListSessions permission.
Lists sessions in an AgentCore Memory resource based on specified criteria. We recommend using pagination to ensure that the operation returns quickly and successfully.
To use this operation, you must have the bedrock-agentcore:ListSessions permission.
Creates and initializes a code interpreter session in Amazon Bedrock. The session enables agents to execute code as part of their response generation, supporting programming languages such as Python for data analysis, visualization, and computation tasks.
To create a session, you must specify a code interpreter identifier and a name. The session remains active until it times out or you explicitly stop it using the StopCodeInterpreterSession operation.
The following operations are related to StartCodeInterpreterSession:
Starts a memory extraction job that processes events that failed extraction previously in an AgentCore Memory resource and produces structured memory records. When earlier extraction attempts have left events unprocessed, this job will pick up and extract those as well.
To use this operation, you must have the bedrock-agentcore:StartMemoryExtractionJob permission.
The unique identifier of the extraction job.
" + } + }, + "documentation":"Represents the metadata of a memory extraction job such as the message identifiers that compose this job.
" + }, + "ExtractionJobFilterInput":{ + "type":"structure", + "members":{ + "strategyId":{ + "shape":"String", + "documentation":"The memory strategy identifier to filter extraction jobs by. If specified, only extraction jobs with this strategy ID are returned.
" + }, + "sessionId":{ + "shape":"String", + "documentation":"The unique identifier of the session. If specified, only extraction jobs with this session ID are returned.
" + }, + "actorId":{ + "shape":"String", + "documentation":"The identifier of the actor. If specified, only extraction jobs with this actor ID are returned.
" + }, + "status":{ + "shape":"ExtractionJobStatus", + "documentation":"The status of the extraction job. If specified, only extraction jobs with this status are returned.
" + } + }, + "documentation":"Filters for querying memory extraction jobs based on various criteria.
" + }, + "ExtractionJobMessages":{ + "type":"structure", + "members":{ + "messagesList":{ + "shape":"MessagesList", + "documentation":"The list of messages that compose this extraction job.
" + } + }, + "documentation":"The list of messages that compose this extraction job.
", + "union":true + }, + "ExtractionJobMetadata":{ + "type":"structure", + "required":[ + "jobID", + "messages" + ], + "members":{ + "jobID":{ + "shape":"String", + "documentation":"The unique identifier for the extraction job.
" + }, + "messages":{ + "shape":"ExtractionJobMessages", + "documentation":"The messages associated with the extraction job.
" + }, + "status":{ + "shape":"ExtractionJobStatus", + "documentation":"The current status of the extraction job.
" + }, + "failureReason":{ + "shape":"String", + "documentation":"The cause of failure, if the job did not complete successfully.
" + }, + "strategyId":{ + "shape":"String", + "documentation":"The identifier of the memory strategy for this extraction job.
" + }, + "sessionId":{ + "shape":"String", + "documentation":"The identifier of the session for this extraction job.
" + }, + "actorId":{ + "shape":"String", + "documentation":"The identifier of the actor for this extraction job.
" + } + }, + "documentation":"Metadata information associated with this extraction job.
" + }, + "ExtractionJobMetadataList":{ + "type":"list", + "member":{"shape":"ExtractionJobMetadata"} + }, + "ExtractionJobStatus":{ + "type":"string", + "enum":["FAILED"] + }, "FilterInput":{ "type":"structure", "members":{ @@ -2202,7 +2344,7 @@ }, "maxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.
" + "documentation":"The maximum number of results to return in a single call. The default value is 20.
" }, "nextToken":{ "shape":"PaginationToken", @@ -2316,13 +2458,13 @@ }, "sessionId":{ "shape":"SessionId", - "documentation":"The identifier of the session for which to list events. If specified, only events from this session are returned.
", + "documentation":"The identifier of the session for which to list events.
", "location":"uri", "locationName":"sessionId" }, "actorId":{ "shape":"ActorId", - "documentation":"The identifier of the actor for which to list events. If specified, only events from this actor are returned.
", + "documentation":"The identifier of the actor for which to list events.
", "location":"uri", "locationName":"actorId" }, @@ -2336,7 +2478,7 @@ }, "maxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.
" + "documentation":"The maximum number of results to return in a single call. The default value is 20.
" }, "nextToken":{ "shape":"PaginationToken", @@ -2358,6 +2500,50 @@ } } }, + "ListMemoryExtractionJobsInput":{ + "type":"structure", + "required":["memoryId"], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"The unique identifier of the memory to list extraction jobs for.
", + "location":"uri", + "locationName":"memoryId" + }, + "maxResults":{ + "shape":"ListMemoryExtractionJobsInputMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call. The default value is 20.
" + }, + "filter":{ + "shape":"ExtractionJobFilterInput", + "documentation":"Filter criteria to apply when listing extraction jobs.
" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
" + } + } + }, + "ListMemoryExtractionJobsInputMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":50, + "min":1 + }, + "ListMemoryExtractionJobsOutput":{ + "type":"structure", + "required":["jobs"], + "members":{ + "jobs":{ + "shape":"ExtractionJobMetadataList", + "documentation":"List of extraction job metadata matching the specified criteria.
" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"Token to retrieve the next page of results, if available.
" + } + } + }, "ListMemoryRecordsInput":{ "type":"structure", "required":[ @@ -2381,7 +2567,7 @@ }, "maxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.
" + "documentation":"The maximum number of results to return in a single call. The default value is 20.
" }, "nextToken":{ "shape":"PaginationToken", @@ -2418,13 +2604,13 @@ }, "actorId":{ "shape":"ActorId", - "documentation":"The identifier of the actor for which to list sessions. If specified, only sessions involving this actor are returned.
", + "documentation":"The identifier of the actor for which to list sessions.
", "location":"uri", "locationName":"actorId" }, "maxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.
" + "documentation":"The maximum number of results to return in a single call. The default value is 20.
" }, "nextToken":{ "shape":"PaginationToken", @@ -2711,6 +2897,28 @@ "min":1, "pattern":"[a-zA-Z0-9][a-zA-Z0-9-_]*" }, + "MessageMetadata":{ + "type":"structure", + "required":[ + "eventId", + "messageIndex" + ], + "members":{ + "eventId":{ + "shape":"String", + "documentation":"The identifier of the event associated with this message.
" + }, + "messageIndex":{ + "shape":"Integer", + "documentation":"The position of this message within that event’s ordered list of messages.
" + } + }, + "documentation":"Metadata information associated with this message.
" + }, + "MessagesList":{ + "type":"list", + "member":{"shape":"MessageMetadata"} + }, "MetadataKey":{ "type":"string", "max":128, @@ -2903,7 +3111,7 @@ }, "namespace":{ "shape":"Namespace", - "documentation":"The namespace to filter memory records by. If specified, only memory records in this namespace are searched.
" + "documentation":"The namespace to filter memory records by.
" }, "searchCriteria":{ "shape":"SearchCriteria", @@ -2915,7 +3123,7 @@ }, "maxResults":{ "shape":"MaxResults", - "documentation":"The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.
" + "documentation":"The maximum number of results to return in a single call. The default value is 20.
" } } }, @@ -3219,6 +3427,40 @@ } } }, + "StartMemoryExtractionJobInput":{ + "type":"structure", + "required":[ + "memoryId", + "extractionJob" + ], + "members":{ + "memoryId":{ + "shape":"MemoryId", + "documentation":"The unique identifier of the memory for which to start extraction jobs.
", + "location":"uri", + "locationName":"memoryId" + }, + "extractionJob":{ + "shape":"ExtractionJob", + "documentation":"Extraction job to start in this operation.
" + }, + "clientToken":{ + "shape":"String", + "documentation":"A unique, case-sensitive identifier to ensure idempotent processing of the request.
", + "idempotencyToken":true + } + } + }, + "StartMemoryExtractionJobOutput":{ + "type":"structure", + "required":["jobId"], + "members":{ + "jobId":{ + "shape":"String", + "documentation":"Extraction Job ID that was attempted to start.
" + } + } + }, "State":{ "type":"string", "max":4096, @@ -3743,5 +3985,5 @@ "sensitive":true } }, - "documentation":"Amazon Bedrock AgentCore is in preview release and is subject to change.
Welcome to the Amazon Bedrock AgentCore Data Plane API reference. Data Plane actions process and handle data or workloads within Amazon Web Services services.
" + "documentation":"Welcome to the Amazon Bedrock AgentCore Data Plane API reference. Data Plane actions process and handle data or workloads within Amazon Web Services services.
" } diff --git a/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json b/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json index 027cfd252e14..3f03e2bc1f82 100644 --- a/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json +++ b/awscli/botocore/data/bedrock-data-automation-runtime/2024-06-13/service-2.json @@ -30,7 +30,25 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"API used to get data automation status.
" + "documentation":"API used to get data automation status.
", + "readonly":true + }, + "InvokeDataAutomation":{ + "name":"InvokeDataAutomation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"InvokeDataAutomationRequest"}, + "output":{"shape":"InvokeDataAutomationResponse"}, + "errors":[ + {"shape":"ServiceUnavailableException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Sync API: Invoke data automation.
" }, "InvokeDataAutomationAsync":{ "name":"InvokeDataAutomationAsync", @@ -133,6 +151,7 @@ "ClientError" ] }, + "Blob":{"type":"blob"}, "Blueprint":{ "type":"structure", "required":["blueprintArn"], @@ -157,7 +176,7 @@ "documentation":"ARN of a Blueprint
", "max":128, "min":0, - "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):blueprint/(bedrock-data-insights-public-[a-zA-Z0-9-_]{1,30}|bedrock-data-automation-public-[a-zA-Z0-9-_]{1,30}|[a-zA-Z0-9-]{12,36})" + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):blueprint/(bedrock-data-insights-public-[a-zA-Z0-9-_]{1,30}|bedrock-data-automation-public-[a-zA-Z0-9-_]{1,30}|[a-zA-Z0-9-]{12,36})" }, "BlueprintList":{ "type":"list", @@ -188,12 +207,20 @@ "type":"boolean", "box":true }, + "CustomOutputStatus":{ + "type":"string", + "documentation":"Custom output status enum
", + "enum":[ + "MATCH", + "NO_MATCH" + ] + }, "DataAutomationArn":{ "type":"string", "documentation":"Data automation arn.
", "max":128, "min":1, - "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-project/[a-zA-Z0-9-_]+" + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-project/[a-zA-Z0-9-_]+" }, "DataAutomationConfiguration":{ "type":"structure", @@ -215,7 +242,7 @@ "documentation":"Data automation profile arn.
", "max":128, "min":1, - "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-profile/[a-zA-Z0-9-_.]+" + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-zA-Z0-9-]*:(aws|[0-9]{12}):data-automation-profile/[a-zA-Z0-9-_.]+" }, "DataAutomationStage":{ "type":"string", @@ -301,6 +328,18 @@ "outputConfiguration":{ "shape":"OutputConfiguration", "documentation":"Output configuration.
" + }, + "jobSubmissionTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"Job Submission time.
" + }, + "jobCompletionTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"Job completion time.
" + }, + "jobDurationInSeconds":{ + "shape":"Integer", + "documentation":"Job duration in seconds.
" } }, "documentation":"Response of GetDataAutomationStatus API.
" @@ -310,7 +349,7 @@ "documentation":"Client specified token used for idempotency checks
", "max":256, "min":1, - "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9])*" + "pattern":"[a-zA-Z0-9](-*[a-zA-Z0-9]){1,256}" }, "InputConfiguration":{ "type":"structure", @@ -327,6 +366,10 @@ }, "documentation":"Input configuration.
" }, + "Integer":{ + "type":"integer", + "box":true + }, "InternalServerException":{ "type":"structure", "members":{ @@ -341,7 +384,7 @@ "documentation":"Invocation arn.
", "max":128, "min":1, - "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:(insights-invocation|data-automation-invocation)/[a-zA-Z0-9-_]+" + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:data-automation-invocation/[a-zA-Z0-9-_]+" }, "InvokeDataAutomationAsyncRequest":{ "type":"structure", @@ -402,6 +445,54 @@ }, "documentation":"Invoke Data Automation Async Response
" }, + "InvokeDataAutomationRequest":{ + "type":"structure", + "required":[ + "inputConfiguration", + "dataAutomationProfileArn" + ], + "members":{ + "inputConfiguration":{ + "shape":"SyncInputConfiguration", + "documentation":"Input configuration.
" + }, + "dataAutomationConfiguration":{ + "shape":"DataAutomationConfiguration", + "documentation":"Data automation configuration.
" + }, + "blueprints":{ + "shape":"BlueprintList", + "documentation":"Blueprint list.
" + }, + "dataAutomationProfileArn":{ + "shape":"DataAutomationProfileArn", + "documentation":"Data automation profile ARN
" + }, + "encryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"Encryption configuration.
" + } + }, + "documentation":"Invoke Data Automation Request
" + }, + "InvokeDataAutomationResponse":{ + "type":"structure", + "required":[ + "semanticModality", + "outputSegments" + ], + "members":{ + "semanticModality":{ + "shape":"SemanticModality", + "documentation":"Detected semantic modality
" + }, + "outputSegments":{ + "shape":"OutputSegmentList", + "documentation":"List of outputs for each logical sub-doc
" + } + }, + "documentation":"Invoke Data Automation Response
" + }, "KMSKeyId":{ "type":"string", "max":2048, @@ -447,6 +538,32 @@ }, "documentation":"Output configuration.
" }, + "OutputSegment":{ + "type":"structure", + "members":{ + "customOutputStatus":{ + "shape":"CustomOutputStatus", + "documentation":"Status of blueprint match
" + }, + "customOutput":{ + "shape":"String", + "documentation":"Custom output response
" + }, + "standardOutput":{ + "shape":"String", + "documentation":"Standard output response
" + } + }, + "documentation":"Results for an output segment
" + }, + "OutputSegmentList":{ + "type":"list", + "member":{ + "shape":"OutputSegment", + "documentation":"Output segment
" + }, + "documentation":"Output segment list
" + }, "ResourceNotFoundException":{ "type":"structure", "members":{ @@ -462,6 +579,16 @@ "min":1, "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/[^\\x00-\\x1F\\x7F\\{^}%`\\]\">\\[~<#|]*)?" }, + "SemanticModality":{ + "type":"string", + "documentation":"Semantic modality enum
", + "enum":[ + "DOCUMENT", + "IMAGE", + "AUDIO", + "VIDEO" + ] + }, "ServiceQuotaExceededException":{ "type":"structure", "members":{ @@ -470,7 +597,34 @@ "documentation":"This exception will be thrown when service quota is exceeded.
", "exception":true }, + "ServiceUnavailableException":{ + "type":"structure", + "members":{ + "message":{"shape":"NonBlankString"} + }, + "documentation":"This exception will be thrown when service is temporarily unavailable.
", + "exception":true, + "fault":true + }, "String":{"type":"string"}, + "SyncInputConfiguration":{ + "type":"structure", + "members":{ + "bytes":{ + "shape":"Blob", + "documentation":"Input data as bytes
" + }, + "s3Uri":{ + "shape":"S3Uri", + "documentation":"S3 URI of the input data
" + } + }, + "documentation":"Input configuration for synchronous API
" + }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, "Tag":{ "type":"structure", "required":[ @@ -517,8 +671,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -532,7 +685,7 @@ "documentation":"ARN of a taggable resource
", "max":1011, "min":20, - "pattern":"arn:aws(|-cn|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:data-automation-invocation/[a-zA-Z0-9-_]+" + "pattern":"arn:aws(|-cn|-iso|-iso-[a-z]|-us-gov):bedrock:[a-zA-Z0-9-]*:[0-9]{12}:data-automation-invocation/[a-zA-Z0-9-_]+" }, "ThrottlingException":{ "type":"structure", @@ -583,8 +736,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "ValidationException":{ "type":"structure", diff --git a/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json b/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json index b02a5fc27877..a3619c37cda9 100644 --- a/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json +++ b/awscli/botocore/data/bedrock-data-automation/2023-07-26/service-2.json @@ -356,7 +356,8 @@ "type":"structure", "members":{ "modalityProcessing":{"shape":"ModalityProcessingConfiguration"}, - "languageConfiguration":{"shape":"AudioLanguageConfiguration"} + "languageConfiguration":{"shape":"AudioLanguageConfiguration"}, + "sensitiveDataConfiguration":{"shape":"SensitiveDataConfiguration"} }, "documentation":"Override Configuration of Audio
" }, @@ -609,6 +610,7 @@ "projectName":{"shape":"DataAutomationProjectName"}, "projectDescription":{"shape":"DataAutomationProjectDescription"}, "projectStage":{"shape":"DataAutomationProjectStage"}, + "projectType":{"shape":"DataAutomationProjectType"}, "standardOutputConfiguration":{"shape":"StandardOutputConfiguration"}, "customOutputConfiguration":{"shape":"CustomOutputConfiguration"}, "overrideConfiguration":{"shape":"OverrideConfiguration"}, @@ -653,6 +655,7 @@ "lastModifiedTime":{"shape":"DateTimestamp"}, "projectName":{"shape":"DataAutomationProjectName"}, "projectStage":{"shape":"DataAutomationProjectStage"}, + "projectType":{"shape":"DataAutomationProjectType"}, "projectDescription":{"shape":"DataAutomationProjectDescription"}, "standardOutputConfiguration":{"shape":"StandardOutputConfiguration"}, "customOutputConfiguration":{"shape":"CustomOutputConfiguration"}, @@ -734,11 +737,20 @@ "members":{ "projectArn":{"shape":"DataAutomationProjectArn"}, "projectStage":{"shape":"DataAutomationProjectStage"}, + "projectType":{"shape":"DataAutomationProjectType"}, "projectName":{"shape":"DataAutomationProjectName"}, "creationTime":{"shape":"DateTimestamp"} }, "documentation":"Summary of a DataAutomationProject
" }, + "DataAutomationProjectType":{ + "type":"string", + "documentation":"Type of the DataAutomationProject
", + "enum":[ + "ASYNC", + "SYNC" + ] + }, "DateTimestamp":{ "type":"timestamp", "documentation":"Time Stamp
", @@ -875,7 +887,8 @@ "type":"structure", "members":{ "splitter":{"shape":"SplitterConfiguration"}, - "modalityProcessing":{"shape":"ModalityProcessingConfiguration"} + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"}, + "sensitiveDataConfiguration":{"shape":"SensitiveDataConfiguration"} }, "documentation":"Override Configuration of Document
" }, @@ -1018,7 +1031,8 @@ "ImageOverrideConfiguration":{ "type":"structure", "members":{ - "modalityProcessing":{"shape":"ModalityProcessingConfiguration"} + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"}, + "sensitiveDataConfiguration":{"shape":"SensitiveDataConfiguration"} }, "documentation":"Override Configuration of Image
" }, @@ -1205,6 +1219,73 @@ }, "documentation":"Override configuration
" }, + "PIIEntitiesConfiguration":{ + "type":"structure", + "members":{ + "piiEntityTypes":{ + "shape":"PIIEntityTypes", + "documentation":"Types of PII entities to detect
" + }, + "redactionMaskMode":{ + "shape":"PIIRedactionMaskMode", + "documentation":"Mode for redacting detected PII
" + } + }, + "documentation":"Configuration for PII entities detection and redaction
" + }, + "PIIEntityType":{ + "type":"string", + "documentation":"Types of PII entities that can be detected, we will support every types that Guardrails can support
", + "enum":[ + "ALL", + "ADDRESS", + "AGE", + "NAME", + "EMAIL", + "PHONE", + "USERNAME", + "PASSWORD", + "DRIVER_ID", + "LICENSE_PLATE", + "VEHICLE_IDENTIFICATION_NUMBER", + "CREDIT_DEBIT_CARD_CVV", + "CREDIT_DEBIT_CARD_EXPIRY", + "CREDIT_DEBIT_CARD_NUMBER", + "PIN", + "INTERNATIONAL_BANK_ACCOUNT_NUMBER", + "SWIFT_CODE", + "IP_ADDRESS", + "MAC_ADDRESS", + "URL", + "AWS_ACCESS_KEY", + "AWS_SECRET_KEY", + "US_BANK_ACCOUNT_NUMBER", + "US_BANK_ROUTING_NUMBER", + "US_INDIVIDUAL_TAX_IDENTIFICATION_NUMBER", + "US_PASSPORT_NUMBER", + "US_SOCIAL_SECURITY_NUMBER", + "CA_HEALTH_NUMBER", + "CA_SOCIAL_INSURANCE_NUMBER", + "UK_NATIONAL_HEALTH_SERVICE_NUMBER", + "UK_NATIONAL_INSURANCE_NUMBER", + "UK_UNIQUE_TAXPAYER_REFERENCE_NUMBER" + ] + }, + "PIIEntityTypes":{ + "type":"list", + "member":{"shape":"PIIEntityType"}, + "documentation":"List of PII entity types
", + "max":32, + "min":1 + }, + "PIIRedactionMaskMode":{ + "type":"string", + "documentation":"Mode for redacting detected PII
", + "enum":[ + "PII", + "ENTITY_TYPE" + ] + }, "ResourceNotFoundException":{ "type":"structure", "members":{ @@ -1225,6 +1306,48 @@ "ACCOUNT" ] }, + "SensitiveDataConfiguration":{ + "type":"structure", + "required":["detectionMode"], + "members":{ + "detectionMode":{ + "shape":"SensitiveDataDetectionMode", + "documentation":"Mode for sensitive data detection
" + }, + "detectionScope":{ + "shape":"SensitiveDataDetectionScope", + "documentation":"Scope of detection - what types of sensitive data to detect
" + }, + "piiEntitiesConfiguration":{ + "shape":"PIIEntitiesConfiguration", + "documentation":"Configuration for PII entities detection and redaction
" + } + }, + "documentation":"Configuration for sensitive data detection and redaction
" + }, + "SensitiveDataDetectionMode":{ + "type":"string", + "documentation":"Mode for sensitive data detection
", + "enum":[ + "DETECTION", + "DETECTION_AND_REDACTION" + ] + }, + "SensitiveDataDetectionScope":{ + "type":"list", + "member":{"shape":"SensitiveDataDetectionScopeType"}, + "documentation":"Scope of sensitive data detection
", + "max":2, + "min":1 + }, + "SensitiveDataDetectionScopeType":{ + "type":"string", + "documentation":"Types of sensitive data detection scope
", + "enum":[ + "STANDARD", + "CUSTOM" + ] + }, "ServiceQuotaExceededException":{ "type":"structure", "members":{ @@ -1498,7 +1621,8 @@ "VideoOverrideConfiguration":{ "type":"structure", "members":{ - "modalityProcessing":{"shape":"ModalityProcessingConfiguration"} + "modalityProcessing":{"shape":"ModalityProcessingConfiguration"}, + "sensitiveDataConfiguration":{"shape":"SensitiveDataConfiguration"} }, "documentation":"Override Configuration of Video
" }, diff --git a/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json b/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json index c7808f4b1263..64648053640d 100644 --- a/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json +++ b/awscli/botocore/data/bedrock-runtime/2023-09-30/service-2.json @@ -253,6 +253,32 @@ "members":{}, "documentation":"The model must request at least one tool (no text is generated). For example, {\"any\" : {}}. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.
The unique ID of the guardrail that was applied.
" + }, + "guardrailVersion":{ + "shape":"GuardrailVersion", + "documentation":"The version of the guardrail that was applied.
" + }, + "guardrailArn":{ + "shape":"GuardrailArn", + "documentation":"The ARN of the guardrail that was applied.
" + }, + "guardrailOrigin":{ + "shape":"GuardrailOriginList", + "documentation":"The origin of how the guardrail was applied. This can be either requested at the API level or enforced at the account or organization level as a default guardrail.
" + }, + "guardrailOwnership":{ + "shape":"GuardrailOwnership", + "documentation":"The ownership type of the guardrail, indicating whether it is owned by the requesting account or is a cross-account guardrail shared from another AWS account.
" + } + }, + "documentation":"Details about the specific guardrail that was applied during this assessment, including its identifier, version, ARN, origin, and ownership information.
" + }, "ApplyGuardrailRequest":{ "type":"structure", "required":[ @@ -505,6 +531,10 @@ "shape":"String", "documentation":"The title or identifier of the source document being cited.
" }, + "source":{ + "shape":"String", + "documentation":"The source from the original search result that provided the cited content.
" + }, "sourceContent":{ "shape":"CitationSourceContentList", "documentation":"The specific content from the source document that was referenced or cited in the generated response.
" @@ -549,6 +579,10 @@ "documentChunk":{ "shape":"DocumentChunkLocation", "documentation":"The chunk-level location within the document where the cited content is found, typically used for documents that have been segmented into logical chunks.
" + }, + "searchResultLocation":{ + "shape":"SearchResultLocation", + "documentation":"The search result location where the cited content is found, including the search result index and block positions within the content array.
" } }, "documentation":"Specifies the precise location within a source document where cited content can be found. This can include character-level positions, page numbers, or document chunks depending on the document type and indexing method.
", @@ -619,6 +653,10 @@ "shape":"String", "documentation":"The title or identifier of the source document being cited.
" }, + "source":{ + "shape":"String", + "documentation":"The source from the original search result that provided the cited content.
" + }, "sourceContent":{ "shape":"CitationSourceContentListDelta", "documentation":"The specific content from the source document that was referenced or cited in the generated response.
" @@ -684,6 +722,10 @@ "citationsContent":{ "shape":"CitationsContentBlock", "documentation":"A content block that contains both generated text and associated citation information, providing traceability between the response and source documents.
" + }, + "searchResult":{ + "shape":"SearchResultBlock", + "documentation":"Search result to include in the message.
" } }, "documentation":"A block of content for a message that you pass to, or receive from, a model with the Converse or ConverseStream API operations.
", @@ -869,6 +911,10 @@ "performanceConfig":{ "shape":"PerformanceConfiguration", "documentation":"Model performance settings for the request.
" + }, + "serviceTier":{ + "shape":"ServiceTier", + "documentation":"Specifies the processing tier configuration used for serving the request.
" } } }, @@ -919,6 +965,10 @@ "performanceConfig":{ "shape":"PerformanceConfiguration", "documentation":"Model performance settings for the request.
" + }, + "serviceTier":{ + "shape":"ServiceTier", + "documentation":"Specifies the processing tier configuration used for serving the request.
" } } }, @@ -944,6 +994,10 @@ "performanceConfig":{ "shape":"PerformanceConfiguration", "documentation":"Model performance configuration metadata for the conversation stream event.
" + }, + "serviceTier":{ + "shape":"ServiceTier", + "documentation":"Specifies the processing tier configuration used for serving the request.
" } }, "documentation":"A conversation stream metadata event.
", @@ -1060,6 +1114,10 @@ "performanceConfig":{ "shape":"PerformanceConfiguration", "documentation":"Model performance settings for the request.
" + }, + "serviceTier":{ + "shape":"ServiceTier", + "documentation":"Specifies the processing tier configuration used for serving the request.
" } } }, @@ -1108,6 +1166,14 @@ "system":{ "shape":"SystemContentBlocks", "documentation":"The system content blocks to count tokens for. System content provides instructions or context to the model about how it should behave or respond. The token count will include any system content provided.
" + }, + "toolConfig":{ + "shape":"ToolConfiguration", + "documentation":"The toolConfig of Converse input request to count tokens for. Configuration information for the tools that the model can use when generating a response.
" + }, + "additionalModelRequestFields":{ + "shape":"Document", + "documentation":"The additionalModelRequestFields of Converse input request to count tokens for. Use this field when you want to pass additional parameters that the model supports.
" } }, "documentation":"The inputs from a Converse API request for token counting.
This structure mirrors the input format for the Converse operation, allowing you to count tokens for conversation-based inference requests.
The invocation metrics for the guardrail assessment.
" - } + }, + "appliedGuardrailDetails":{"shape":"AppliedGuardrailDetails"} }, "documentation":"A behavior assessment of the guardrail policies used in a call to the Converse API.
" }, @@ -1811,10 +1884,6 @@ }, "GuardrailConfiguration":{ "type":"structure", - "required":[ - "guardrailIdentifier", - "guardrailVersion" - ], "members":{ "guardrailIdentifier":{ "shape":"GuardrailIdentifier", @@ -2159,11 +2228,17 @@ "type":"list", "member":{"shape":"GuardrailCustomWord"} }, + "GuardrailId":{ + "type":"string", + "max":2048, + "min":0, + "pattern":"([a-z0-9]+)" + }, "GuardrailIdentifier":{ "type":"string", "max":2048, "min":0, - "pattern":"(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))" + "pattern":"(|([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))" }, "GuardrailImageBlock":{ "type":"structure", @@ -2274,6 +2349,18 @@ "type":"string", "enum":["PROFANITY"] }, + "GuardrailOrigin":{ + "type":"string", + "enum":[ + "REQUEST", + "ACCOUNT_ENFORCED", + "ORGANIZATION_ENFORCED" + ] + }, + "GuardrailOriginList":{ + "type":"list", + "member":{"shape":"GuardrailOrigin"} + }, "GuardrailOutputContent":{ "type":"structure", "members":{ @@ -2296,6 +2383,13 @@ ] }, "GuardrailOutputText":{"type":"string"}, + "GuardrailOwnership":{ + "type":"string", + "enum":[ + "SELF", + "CROSS_ACCOUNT" + ] + }, "GuardrailPiiEntityFilter":{ "type":"structure", "required":[ @@ -2434,10 +2528,6 @@ }, "GuardrailStreamConfiguration":{ "type":"structure", - "required":[ - "guardrailIdentifier", - "guardrailVersion" - ], "members":{ "guardrailIdentifier":{ "shape":"GuardrailIdentifier", @@ -2633,7 +2723,7 @@ }, "GuardrailVersion":{ "type":"string", - "pattern":"(([1-9][0-9]{0,7})|(DRAFT))" + "pattern":"(|([1-9][0-9]{0,7})|(DRAFT))" }, "GuardrailWordPolicyAction":{ "type":"string", @@ -2838,6 +2928,12 @@ "documentation":"Model performance settings for the request.
", "location":"header", "locationName":"X-Amzn-Bedrock-PerformanceConfig-Latency" + }, + "serviceTier":{ + "shape":"ServiceTierType", + "documentation":"Specifies the processing tier type used for serving the request.
", + "location":"header", + "locationName":"X-Amzn-Bedrock-Service-Tier" } }, "payload":"body" @@ -2864,6 +2960,12 @@ "documentation":"Model performance settings for the request.
", "location":"header", "locationName":"X-Amzn-Bedrock-PerformanceConfig-Latency" + }, + "serviceTier":{ + "shape":"ServiceTierType", + "documentation":"Specifies the processing tier type used for serving the request.
", + "location":"header", + "locationName":"X-Amzn-Bedrock-Service-Tier" } }, "payload":"body" @@ -3005,6 +3107,12 @@ "documentation":"Model performance settings for the request.
", "location":"header", "locationName":"X-Amzn-Bedrock-PerformanceConfig-Latency" + }, + "serviceTier":{ + "shape":"ServiceTierType", + "documentation":"Specifies the processing tier type used for serving the request.
", + "location":"header", + "locationName":"X-Amzn-Bedrock-Service-Tier" } }, "payload":"body" @@ -3031,6 +3139,12 @@ "documentation":"Model performance settings for the request.
", "location":"header", "locationName":"X-Amzn-Bedrock-PerformanceConfig-Latency" + }, + "serviceTier":{ + "shape":"ServiceTierType", + "documentation":"Specifies the processing tier type used for serving the request.
", + "location":"header", + "locationName":"X-Amzn-Bedrock-Service-Tier" } }, "payload":"body" @@ -3462,6 +3576,81 @@ "min":1, "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/.*)?" }, + "SearchResultBlock":{ + "type":"structure", + "required":[ + "source", + "title", + "content" + ], + "members":{ + "source":{ + "shape":"String", + "documentation":"The source URL or identifier for the content.
" + }, + "title":{ + "shape":"String", + "documentation":"A descriptive title for the search result.
" + }, + "content":{ + "shape":"SearchResultContentBlocks", + "documentation":"An array of search result content block.
" + }, + "citations":{ + "shape":"CitationsConfig", + "documentation":"Configuration setting for citations
" + } + }, + "documentation":"A search result block that enables natural citations with proper source attribution for retrieved content.
This field is only supported by Anthropic Claude Opus 4.1, Opus 4, Sonnet 4.5, Sonnet 4, Sonnet 3.7, and 3.5 Haiku models.
The actual text content
" + } + }, + "documentation":"A block within a search result that contains the content.
" + }, + "SearchResultContentBlocks":{ + "type":"list", + "member":{"shape":"SearchResultContentBlock"} + }, + "SearchResultLocation":{ + "type":"structure", + "members":{ + "searchResultIndex":{ + "shape":"SearchResultLocationSearchResultIndexInteger", + "documentation":"The index of the search result content block where the cited content is found.
" + }, + "start":{ + "shape":"SearchResultLocationStartInteger", + "documentation":"The starting position in the content array where the cited content begins.
" + }, + "end":{ + "shape":"SearchResultLocationEndInteger", + "documentation":"The ending position in the content array where the cited content ends.
" + } + }, + "documentation":"Specifies a search result location within the content array, providing positioning information for cited content using search result index and block positions.
" + }, + "SearchResultLocationEndInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "SearchResultLocationSearchResultIndexInteger":{ + "type":"integer", + "box":true, + "min":0 + }, + "SearchResultLocationStartInteger":{ + "type":"integer", + "box":true, + "min":0 + }, "ServiceQuotaExceededException":{ "type":"structure", "members":{ @@ -3474,6 +3663,25 @@ }, "exception":true }, + "ServiceTier":{ + "type":"structure", + "required":["type"], + "members":{ + "type":{ + "shape":"ServiceTierType", + "documentation":"Specifies the processing tier type used for serving the request.
" + } + }, + "documentation":"Specifies the processing tier configuration used for serving the request.
" + }, + "ServiceTierType":{ + "type":"string", + "enum":[ + "priority", + "default", + "flex" + ] + }, "ServiceUnavailableException":{ "type":"structure", "members":{ @@ -3873,6 +4081,10 @@ "video":{ "shape":"VideoBlock", "documentation":"A tool result that is video.
" + }, + "searchResult":{ + "shape":"SearchResultBlock", + "documentation":"A tool result that is a search result.
" } }, "documentation":"The tool result content block. For more information, see Call a tool with the Converse API in the Amazon Bedrock User Guide.
", diff --git a/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json b/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json index 8ed1fe36bdad..0cbf0920fbec 100644 --- a/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json +++ b/awscli/botocore/data/bedrock/2023-04-20/paginators-1.json @@ -101,6 +101,11 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "testResults" + }, + "ListEnforcedGuardrailsConfiguration": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "guardrailsConfig" } } } diff --git a/awscli/botocore/data/bedrock/2023-04-20/service-2.json b/awscli/botocore/data/bedrock/2023-04-20/service-2.json index 384ae4adbeb1..59fc7a86ac56 100644 --- a/awscli/botocore/data/bedrock/2023-04-20/service-2.json +++ b/awscli/botocore/data/bedrock/2023-04-20/service-2.json @@ -514,6 +514,25 @@ "documentation":"Deletes a custom model deployment. This operation stops the deployment and removes it from your account. After deletion, the deployment ARN can no longer be used for inference requests.
The following actions are related to the DeleteCustomModelDeployment operation:
Deletes the account-level enforced guardrail configuration.
", + "idempotent":true + }, "DeleteFoundationModelAgreement":{ "name":"DeleteFoundationModelAgreement", "http":{ @@ -1272,6 +1291,25 @@ "documentation":"Returns a list of the custom models that you have created with the CreateModelCustomizationJob operation.
For more information, see Custom models in the Amazon Bedrock User Guide.
", "readonly":true }, + "ListEnforcedGuardrailsConfiguration":{ + "name":"ListEnforcedGuardrailsConfiguration", + "http":{ + "method":"GET", + "requestUri":"/enforcedGuardrailsConfiguration", + "responseCode":200 + }, + "input":{"shape":"ListEnforcedGuardrailsConfigurationRequest"}, + "output":{"shape":"ListEnforcedGuardrailsConfigurationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Lists the account-level enforced guardrail configurations.
", + "readonly":true + }, "ListEvaluationJobs":{ "name":"ListEvaluationJobs", "http":{ @@ -1528,6 +1566,26 @@ ], "documentation":"List the tags associated with the specified resource.
For more information, see Tagging resources in the Amazon Bedrock User Guide.
" }, + "PutEnforcedGuardrailConfiguration":{ + "name":"PutEnforcedGuardrailConfiguration", + "http":{ + "method":"PUT", + "requestUri":"/enforcedGuardrailsConfiguration", + "responseCode":200 + }, + "input":{"shape":"PutEnforcedGuardrailConfigurationRequest"}, + "output":{"shape":"PutEnforcedGuardrailConfigurationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Sets the account-level enforced guardrail configuration.
", + "idempotent":true + }, "PutModelInvocationLoggingConfiguration":{ "name":"PutModelInvocationLoggingConfiguration", "http":{ @@ -1853,6 +1911,85 @@ }, "exception":true }, + "AccountEnforcedGuardrailConfigurationId":{ + "type":"string", + "pattern":"[a-z0-9]+" + }, + "AccountEnforcedGuardrailInferenceInputConfiguration":{ + "type":"structure", + "required":[ + "guardrailIdentifier", + "guardrailVersion", + "inputTags" + ], + "members":{ + "guardrailIdentifier":{ + "shape":"GuardrailIdentifier", + "documentation":"Identifier for the guardrail, could be the ID or the ARN.
" + }, + "guardrailVersion":{ + "shape":"GuardrailNumericalVersion", + "documentation":"Numerical guardrail version.
" + }, + "inputTags":{ + "shape":"InputTags", + "documentation":"Whether to honor or ignore input tags at runtime.
" + } + }, + "documentation":"Account-level enforced guardrail input configuration.
" + }, + "AccountEnforcedGuardrailOutputConfiguration":{ + "type":"structure", + "members":{ + "configId":{ + "shape":"AccountEnforcedGuardrailConfigurationId", + "documentation":"Unique ID for the account enforced configuration.
" + }, + "guardrailArn":{ + "shape":"GuardrailArn", + "documentation":"ARN representation for the guardrail.
" + }, + "guardrailId":{ + "shape":"GuardrailId", + "documentation":"Unique ID for the guardrail.
" + }, + "inputTags":{ + "shape":"InputTags", + "documentation":"Whether to honor or ignore input tags at runtime.
" + }, + "guardrailVersion":{ + "shape":"GuardrailNumericalVersion", + "documentation":"Numerical guardrail version.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"Timestamp.
" + }, + "createdBy":{ + "shape":"String", + "documentation":"The ARN of the role used to update the configuration.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"Timestamp.
" + }, + "updatedBy":{ + "shape":"String", + "documentation":"The ARN of the role used to update the configuration.
" + }, + "owner":{ + "shape":"ConfigurationOwner", + "documentation":"Configuration owner type.
" + } + }, + "documentation":"Account enforced guardrail output configuration.
" + }, + "AccountEnforcedGuardrailsOutputConfiguration":{ + "type":"list", + "member":{"shape":"AccountEnforcedGuardrailOutputConfiguration"}, + "max":1, + "min":1 + }, "AccountId":{ "type":"string", "pattern":"[0-9]{12}" @@ -2597,7 +2734,8 @@ "enum":[ "BUILD_LOG", "QUALITY_REPORT", - "POLICY_DEFINITION" + "POLICY_DEFINITION", + "GENERATED_TEST_CASES" ] }, "AutomatedReasoningPolicyBuildResultAssets":{ @@ -2614,9 +2752,13 @@ "buildLog":{ "shape":"AutomatedReasoningPolicyBuildLog", "documentation":"The complete build log containing detailed information about each step in the policy generation process.
" + }, + "generatedTestCases":{ + "shape":"AutomatedReasoningPolicyGeneratedTestCases", + "documentation":"A comprehensive test suite generated by the build workflow, providing validation capabilities for automated reasoning policies.
" } }, - "documentation":"Contains the various assets generated during a policy build workflow, including logs, quality reports, and the final policy definition.
", + "documentation":"Contains the various assets generated during a policy build workflow, including logs, quality reports, test cases, and the final policy definition.
", "union":true }, "AutomatedReasoningPolicyBuildStep":{ @@ -3228,6 +3370,44 @@ "min":0 }, "AutomatedReasoningPolicyFormatVersion":{"type":"string"}, + "AutomatedReasoningPolicyGeneratedTestCase":{ + "type":"structure", + "required":[ + "queryContent", + "guardContent", + "expectedAggregatedFindingsResult" + ], + "members":{ + "queryContent":{ + "shape":"AutomatedReasoningPolicyTestQueryContent", + "documentation":"The input query or prompt that generated the content. This provides context for the validation.
" + }, + "guardContent":{ + "shape":"AutomatedReasoningPolicyTestGuardContent", + "documentation":"The output content that's validated by the Automated Reasoning policy. This represents the foundation model response that will be checked for accuracy.
" + }, + "expectedAggregatedFindingsResult":{ + "shape":"AutomatedReasoningCheckResult", + "documentation":"The expected results of the generated test case. Possible values include:
VALID - The claims are true. The claims are implied by the premises and the Automated Reasoning policy. Given the Automated Reasoning policy and premises, it is not possible for these claims to be false. In other words, there are no alternative answers that are true that contradict the claims.
INVALID - The claims are false. The claims are not implied by the premises and Automated Reasoning policy. Furthermore, there exists different claims that are consistent with the premises and Automated Reasoning policy.
SATISFIABLE - The claims can be true or false. It depends on what assumptions are made for the claim to be implied from the premises and Automated Reasoning policy rules. In this situation, different assumptions can make input claims false and alternative claims true.
IMPOSSIBLE - Automated Reasoning can’t make a statement about the claims. This can happen if the premises are logically incorrect, or if there is a conflict within the Automated Reasoning policy itself.
Represents a generated test case, consisting of query content, guard content, and expected results.
" + }, + "AutomatedReasoningPolicyGeneratedTestCaseList":{ + "type":"list", + "member":{"shape":"AutomatedReasoningPolicyGeneratedTestCase"} + }, + "AutomatedReasoningPolicyGeneratedTestCases":{ + "type":"structure", + "required":["generatedTestCases"], + "members":{ + "generatedTestCases":{ + "shape":"AutomatedReasoningPolicyGeneratedTestCaseList", + "documentation":"Represents a collection of generated test cases.
" + } + }, + "documentation":"Contains a comprehensive test suite generated by the build workflow, providing validation capabilities for automated reasoning policies.
" + }, "AutomatedReasoningPolicyHash":{ "type":"string", "max":128, @@ -3938,6 +4118,10 @@ "SixMonths" ] }, + "ConfigurationOwner":{ + "type":"string", + "enum":["ACCOUNT"] + }, "ConflictException":{ "type":"structure", "members":{ @@ -5234,6 +5418,22 @@ "type":"structure", "members":{} }, + "DeleteEnforcedGuardrailConfigurationRequest":{ + "type":"structure", + "required":["configId"], + "members":{ + "configId":{ + "shape":"AccountEnforcedGuardrailConfigurationId", + "documentation":"Unique ID for the account enforced configuration.
", + "location":"uri", + "locationName":"configId" + } + } + }, + "DeleteEnforcedGuardrailConfigurationResponse":{ + "type":"structure", + "members":{} + }, "DeleteFoundationModelAgreementRequest":{ "type":"structure", "required":["modelId"], @@ -7432,7 +7632,7 @@ }, "status":{ "shape":"ModelInvocationJobStatus", - "documentation":"The status of the batch inference job.
The following statuses are possible:
Submitted – This job has been submitted to a queue for validation.
Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:
Your IAM service role has access to the Amazon S3 buckets containing your files.
Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.
Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.
Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.
Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.
InProgress – This job has begun. You can start viewing the results in the output S3 location.
Completed – This job has successfully completed. View the output files in the output S3 location.
PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.
Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web ServicesSupport Center.
Stopped – This job was stopped by a user.
Stopping – This job is being stopped by a user.
The status of the batch inference job.
The following statuses are possible:
Submitted – This job has been submitted to a queue for validation.
Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:
Your IAM service role has access to the Amazon S3 buckets containing your files.
Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.
Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.
Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.
Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.
InProgress – This job has begun. You can start viewing the results in the output S3 location.
Completed – This job has successfully completed. View the output files in the output S3 location.
PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.
Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web Services Support Center.
Stopped – This job was stopped by a user.
Stopping – This job is being stopped by a user.
Opaque continuation token of previous paginated response.
", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListEnforcedGuardrailsConfigurationResponse":{ + "type":"structure", + "required":["guardrailsConfig"], + "members":{ + "guardrailsConfig":{ + "shape":"AccountEnforcedGuardrailsOutputConfiguration", + "documentation":"Array of AccountEnforcedGuardrailOutputConfiguration objects.
" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"Opaque continuation token of previous paginated response.
" + } + } + }, "ListEvaluationJobsRequest":{ "type":"structure", "members":{ @@ -10223,7 +10455,7 @@ }, "statusEquals":{ "shape":"ModelInvocationJobStatus", - "documentation":"Specify a status to filter for batch inference jobs whose statuses match the string you specify.
The following statuses are possible:
Submitted – This job has been submitted to a queue for validation.
Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:
Your IAM service role has access to the Amazon S3 buckets containing your files.
Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.
Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.
Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.
Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.
InProgress – This job has begun. You can start viewing the results in the output S3 location.
Completed – This job has successfully completed. View the output files in the output S3 location.
PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.
Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web ServicesSupport Center.
Stopped – This job was stopped by a user.
Stopping – This job is being stopped by a user.
Specify a status to filter for batch inference jobs whose statuses match the string you specify.
The following statuses are possible:
Submitted – This job has been submitted to a queue for validation.
Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:
Your IAM service role has access to the Amazon S3 buckets containing your files.
Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.
Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.
Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.
Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.
InProgress – This job has begun. You can start viewing the results in the output S3 location.
Completed – This job has successfully completed. View the output files in the output S3 location.
PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.
Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web Services Support Center.
Stopped – This job was stopped by a user.
Stopping – This job is being stopped by a user.
The status of the batch inference job.
The following statuses are possible:
Submitted – This job has been submitted to a queue for validation.
Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:
Your IAM service role has access to the Amazon S3 buckets containing your files.
Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.
Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.
Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.
Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.
InProgress – This job has begun. You can start viewing the results in the output S3 location.
Completed – This job has successfully completed. View the output files in the output S3 location.
PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.
Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web ServicesSupport Center.
Stopped – This job was stopped by a user.
Stopping – This job is being stopped by a user.
The status of the batch inference job.
The following statuses are possible:
Submitted – This job has been submitted to a queue for validation.
Validating – This job is being validated for the requirements described in Format and upload your batch inference data. The criteria include the following:
Your IAM service role has access to the Amazon S3 buckets containing your files.
Your files are .jsonl files and each individual record is a JSON object in the correct format. Note that validation doesn't check if the modelInput value matches the request body for the model.
Your files fulfill the requirements for file size and number of records. For more information, see Quotas for Amazon Bedrock.
Scheduled – This job has been validated and is now in a queue. The job will automatically start when it reaches its turn.
Expired – This job timed out because it was scheduled but didn't begin before the set timeout duration. Submit a new job request.
InProgress – This job has begun. You can start viewing the results in the output S3 location.
Completed – This job has successfully completed. View the output files in the output S3 location.
PartiallyCompleted – This job has partially completed. Not all of your records could be processed in time. View the output files in the output S3 location.
Failed – This job has failed. Check the failure message for any further details. For further assistance, reach out to the Amazon Web Services Support Center.
Stopped – This job was stopped by a user.
Stopping – This job is being stopped by a user.
A summary of information about a Provisioned Throughput.
This data type is used in the following API operations:
" }, + "PutEnforcedGuardrailConfigurationRequest":{ + "type":"structure", + "required":["guardrailInferenceConfig"], + "members":{ + "configId":{ + "shape":"AccountEnforcedGuardrailConfigurationId", + "documentation":"Unique ID for the account enforced configuration.
" + }, + "guardrailInferenceConfig":{ + "shape":"AccountEnforcedGuardrailInferenceInputConfiguration", + "documentation":"Account-level enforced guardrail input configuration.
" + } + } + }, + "PutEnforcedGuardrailConfigurationResponse":{ + "type":"structure", + "members":{ + "configId":{ + "shape":"AccountEnforcedGuardrailConfigurationId", + "documentation":"Unique ID for the account enforced configuration.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"Timestamp.
" + }, + "updatedBy":{ + "shape":"String", + "documentation":"The ARN of the role used to update the configuration.
" + } + } + }, "PutModelInvocationLoggingConfigurationRequest":{ "type":"structure", "required":["loggingConfig"], diff --git a/awscli/botocore/data/billing/2023-09-07/service-2.json b/awscli/botocore/data/billing/2023-09-07/service-2.json index 3b6d27447b25..10d4e29a6e1c 100644 --- a/awscli/botocore/data/billing/2023-09-07/service-2.json +++ b/awscli/botocore/data/billing/2023-09-07/service-2.json @@ -479,7 +479,9 @@ "enum":[ "PRIMARY", "BILLING_GROUP", - "CUSTOM" + "CUSTOM", + "BILLING_TRANSFER", + "BILLING_TRANSFER_SHOWBACK" ] }, "BillingViewTypeList":{ @@ -743,6 +745,10 @@ "shape":"BillingViewTypeList", "documentation":"The type of billing view.
" }, + "names":{ + "shape":"StringSearches", + "documentation":"Filters the list of billing views by name. You can specify search criteria to match billing view names based on the search option provided.
" + }, "ownerAccountId":{ "shape":"AccountId", "documentation":"The list of owners of the billing view.
" @@ -909,6 +915,16 @@ "max":1024, "min":1 }, + "SearchOption":{ + "type":"string", + "enum":["STARTS_WITH"] + }, + "SearchValue":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9_\\+=\\.\\-@ ]+" + }, "ServiceCode":{ "type":"string", "max":1024, @@ -945,6 +961,30 @@ "documentation":"You've reached the limit of resources you can create, or exceeded the size of an individual resource.
", "exception":true }, + "StringSearch":{ + "type":"structure", + "required":[ + "searchOption", + "searchValue" + ], + "members":{ + "searchOption":{ + "shape":"SearchOption", + "documentation":"The type of search operation to perform on the string value. Determines how the search value is matched against the target field.
" + }, + "searchValue":{ + "shape":"SearchValue", + "documentation":"The string value to use in the search operation. This value is compared against the target field using the specified search option.
" + } + }, + "documentation":"A structure that defines how to search for string values. You can specify a search option and the value to search for.
" + }, + "StringSearches":{ + "type":"list", + "member":{"shape":"StringSearch"}, + "max":1, + "min":1 + }, "TagKey":{ "type":"string", "max":1024, diff --git a/awscli/botocore/data/billingconductor/2021-07-30/service-2.json b/awscli/botocore/data/billingconductor/2021-07-30/service-2.json index ce6873b57289..32696ec288ab 100644 --- a/awscli/botocore/data/billingconductor/2021-07-30/service-2.json +++ b/awscli/botocore/data/billingconductor/2021-07-30/service-2.json @@ -307,7 +307,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the margin summary report, which includes the Amazon Web Services cost and charged amount (pro forma cost) by Amazon Web Services service for a specific billing group.
" + "documentation":"Retrieves the margin summary report, which includes the Amazon Web Services cost and charged amount (pro forma cost) by Amazon Web Services service for a specific billing group.
", + "readonly":true }, "ListAccountAssociations":{ "name":"ListAccountAssociations", @@ -325,7 +326,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"This is a paginated call to list linked accounts that are linked to the payer account for the specified time period. If no information is provided, the current billing period is used. The response will optionally include the billing group that's associated with the linked account.
" + "documentation":"This is a paginated call to list linked accounts that are linked to the payer account for the specified time period. If no information is provided, the current billing period is used. The response will optionally include the billing group that's associated with the linked account.
", + "readonly":true }, "ListBillingGroupCostReports":{ "name":"ListBillingGroupCostReports", @@ -343,7 +345,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"A paginated call to retrieve a summary report of actual Amazon Web Services charges and the calculated Amazon Web Services charges based on the associated pricing plan of a billing group.
" + "documentation":"A paginated call to retrieve a summary report of actual Amazon Web Services charges and the calculated Amazon Web Services charges based on the associated pricing plan of a billing group.
", + "readonly":true }, "ListBillingGroups":{ "name":"ListBillingGroups", @@ -361,7 +364,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"A paginated call to retrieve a list of billing groups for the given billing period. If you don't provide a billing group, the current billing period is used.
" + "documentation":"A paginated call to retrieve a list of billing groups for the given billing period. If you don't provide a billing group, the current billing period is used.
", + "readonly":true }, "ListCustomLineItemVersions":{ "name":"ListCustomLineItemVersions", @@ -378,7 +382,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"A paginated call to get a list of all custom line item versions.
" + "documentation":"A paginated call to get a list of all custom line item versions.
", + "readonly":true }, "ListCustomLineItems":{ "name":"ListCustomLineItems", @@ -396,7 +401,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"A paginated call to get a list of all custom line items (FFLIs) for the given billing period. If you don't provide a billing period, the current billing period is used.
" + "documentation":"A paginated call to get a list of all custom line items (FFLIs) for the given billing period. If you don't provide a billing period, the current billing period is used.
", + "readonly":true }, "ListPricingPlans":{ "name":"ListPricingPlans", @@ -413,7 +419,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"A paginated call to get pricing plans for the given billing period. If you don't provide a billing period, the current billing period is used.
" + "documentation":"A paginated call to get pricing plans for the given billing period. If you don't provide a billing period, the current billing period is used.
", + "readonly":true }, "ListPricingPlansAssociatedWithPricingRule":{ "name":"ListPricingPlansAssociatedWithPricingRule", @@ -431,7 +438,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"A list of the pricing plans that are associated with a pricing rule.
" + "documentation":"A list of the pricing plans that are associated with a pricing rule.
", + "readonly":true }, "ListPricingRules":{ "name":"ListPricingRules", @@ -448,7 +456,8 @@ {"shape":"ValidationException"}, {"shape":"InternalServerException"} ], - "documentation":"Describes a pricing rule that can be associated to a pricing plan, or set of pricing plans.
" + "documentation":"Describes a pricing rule that can be associated to a pricing plan, or set of pricing plans.
", + "readonly":true }, "ListPricingRulesAssociatedToPricingPlan":{ "name":"ListPricingRulesAssociatedToPricingPlan", @@ -466,7 +475,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists the pricing rules that are associated with a pricing plan.
" + "documentation":"Lists the pricing rules that are associated with a pricing plan.
", + "readonly":true }, "ListResourcesAssociatedToCustomLineItem":{ "name":"ListResourcesAssociatedToCustomLineItem", @@ -484,7 +494,8 @@ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"List the resources that are associated to a custom line item.
" + "documentation":"List the resources that are associated to a custom line item.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -667,7 +678,6 @@ }, "AccountGrouping":{ "type":"structure", - "required":["LinkedAccountIds"], "members":{ "LinkedAccountIds":{ "shape":"AccountIdList", @@ -676,6 +686,10 @@ "AutoAssociate":{ "shape":"Boolean", "documentation":"Specifies if this billing group will automatically associate newly added Amazon Web Services accounts that join your consolidated billing family.
" + }, + "ResponsibilityTransferArn":{ + "shape":"ResponsibilityTransferArn", + "documentation":"The Amazon Resource Name (ARN) that identifies the transfer relationship owned by the Bill Transfer account (caller account). When specified, the PrimaryAccountId is no longer required.
" } }, "documentation":"The set of accounts that will be under the billing group. The set of accounts resemble the linked accounts in a consolidated billing family.
" @@ -694,7 +708,7 @@ "type":"list", "member":{"shape":"AccountId"}, "max":30, - "min":1 + "min":0 }, "AccountName":{ "type":"string", @@ -802,7 +816,7 @@ }, "Association":{ "type":"string", - "pattern":"((arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/)?[0-9]{12}|MONITORED|UNMONITORED)" + "pattern":"((arn:aws(-cn)?:billingconductor::[0-9]{12}:billinggroup/)?[a-zA-Z0-9]{10,12}|MONITORED|UNMONITORED)" }, "Attribute":{ "type":"structure", @@ -1027,6 +1041,10 @@ "AccountGrouping":{ "shape":"ListBillingGroupAccountGrouping", "documentation":"Specifies if the billing group has automatic account association (AutoAssociate) enabled.
The type of billing group.
" } }, "documentation":"A representation of a billing group.
" @@ -1042,7 +1060,8 @@ "type":"string", "enum":[ "ACTIVE", - "PRIMARY_ACCOUNT_MISSING" + "PRIMARY_ACCOUNT_MISSING", + "PENDING" ] }, "BillingGroupStatusList":{ @@ -1052,6 +1071,19 @@ "min":1 }, "BillingGroupStatusReason":{"type":"string"}, + "BillingGroupType":{ + "type":"string", + "enum":[ + "STANDARD", + "TRANSFER_BILLING" + ] + }, + "BillingGroupTypeList":{ + "type":"list", + "member":{"shape":"BillingGroupType"}, + "max":2, + "min":1 + }, "BillingPeriod":{ "type":"string", "pattern":"\\d{4}-(0?[1-9]|1[012])" @@ -1233,8 +1265,14 @@ "shape":"AccountId", "documentation":"The Amazon Web Services account in which this custom line item will be applied to.
" }, - "ComputationRule":{"shape":"ComputationRuleEnum"}, - "PresentationDetails":{"shape":"PresentationObject"} + "ComputationRule":{ + "shape":"ComputationRuleEnum", + "documentation":"Specifies how the custom line item charges are computed.
" + }, + "PresentationDetails":{ + "shape":"PresentationObject", + "documentation":"Details controlling how the custom line item charges are presented in the bill. Contains specifications for which service the charges will be shown under.
" + } } }, "CreateCustomLineItemOutput":{ @@ -1530,11 +1568,11 @@ }, "ComputationRule":{ "shape":"ComputationRuleEnum", - "documentation":"The display settings of the custom line item
" + "documentation":"The computation rule that determines how the custom line item charges are computed and reflected in the bill.
" }, "PresentationDetails":{ "shape":"PresentationObject", - "documentation":"The presentation configuration of the custom line item
" + "documentation":"Configuration details specifying how the custom line item charges are presented, including which service the charges are shown under.
" } }, "documentation":"A representation of a custom line item.
" @@ -1654,11 +1692,11 @@ }, "ComputationRule":{ "shape":"ComputationRuleEnum", - "documentation":"The display settings of the custom line item
" + "documentation":"The computation rule for a specific version of a custom line item, determining how charges are computed and reflected in the bill.
" }, "PresentationDetails":{ "shape":"PresentationObject", - "documentation":"The presentation configuration of the custom line item
" + "documentation":"Presentation configuration for a specific version of a custom line item, specifying how charges are displayed in the bill.
" } }, "documentation":"A representation of a custom line item version.
" @@ -1907,10 +1945,10 @@ }, "Values":{ "shape":"LineItemFilterValuesList", - "documentation":"The values of the line item filter. This specifies the values to filter on. Currently, you can only exclude Savings Plan discounts.
" + "documentation":"The values of the line item filter. This specifies the values to filter on. Currently, you can only exclude Savings Plans discounts.
" } }, - "documentation":"A representation of the line item filter for your custom line item. You can use line item filters to include or exclude specific resource values from the billing group's total cost. For example, if you create a custom line item and you want to filter out a value, such as Savings Plan discounts, you can update LineItemFilter to exclude it.
A representation of the line item filter for your custom line item. You can use line item filters to include or exclude specific resource values from the billing group's total cost. For example, if you create a custom line item and you want to filter out a value, such as Savings Plans discounts, you can update LineItemFilter to exclude it.
Specifies if this billing group will automatically associate newly added Amazon Web Services accounts that join your consolidated billing family.
" + }, + "ResponsibilityTransferArn":{ + "shape":"ResponsibilityTransferArn", + "documentation":"The Amazon Resource Name (ARN) that identifies the transfer relationship for the billing group.
" } }, "documentation":"Specifies if the billing group has the following features enabled.
" @@ -2052,6 +2094,22 @@ "AutoAssociate":{ "shape":"Boolean", "documentation":"Specifies if this billing group will automatically associate newly added Amazon Web Services accounts that join your consolidated billing family.
" + }, + "PrimaryAccountIds":{ + "shape":"PrimaryAccountIdList", + "documentation":"A list of primary account IDs to filter the billing groups.
" + }, + "BillingGroupTypes":{ + "shape":"BillingGroupTypeList", + "documentation":"Filter billing groups by their type.
" + }, + "Names":{ + "shape":"StringSearches", + "documentation":"Filter billing groups by their names.
" + }, + "ResponsibilityTransferArns":{ + "shape":"ResponsibilityTransferArnsList", + "documentation":"Filter billing groups by their responsibility transfer ARNs.
" } }, "documentation":"The filter that specifies the billing groups and pricing plans to retrieve billing group information.
" @@ -2597,10 +2655,10 @@ "members":{ "Service":{ "shape":"Service", - "documentation":"This defines the service of where the custom line item is presented
" + "documentation":" The service under which the custom line item charges will be presented. Must be a string between 1 and 128 characters matching the pattern \"^[a-zA-Z0-9]+$\".
The presentation configuration of the custom line item
" + "documentation":"An object that defines how custom line item charges are presented in the bill, containing specifications for service presentation.
" }, "PricingPlanArn":{ "type":"string", @@ -2781,6 +2839,12 @@ "TIERING" ] }, + "PrimaryAccountIdList":{ + "type":"list", + "member":{"shape":"AccountId"}, + "max":100, + "min":1 + }, "ProformaCost":{"type":"string"}, "ResourceNotFoundException":{ "type":"structure", @@ -2807,7 +2871,27 @@ }, "exception":true }, + "ResponsibilityTransferArn":{ + "type":"string", + "pattern":"arn:[a-z0-9][a-z0-9-.]{0,62}:organizations::\\d{12}:transfer/o-[a-z0-9]{10,32}/(billing)/(inbound|outbound)/rt-[0-9a-z]{8,32}" + }, + "ResponsibilityTransferArnsList":{ + "type":"list", + "member":{"shape":"ResponsibilityTransferArn"}, + "max":30, + "min":1 + }, "RetryAfterSeconds":{"type":"integer"}, + "SearchOption":{ + "type":"string", + "enum":["STARTS_WITH"] + }, + "SearchValue":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[a-zA-Z0-9_\\+=\\.\\-@ ]+" + }, "Service":{ "type":"string", "max":128, @@ -2848,6 +2932,30 @@ "exception":true }, "String":{"type":"string"}, + "StringSearch":{ + "type":"structure", + "required":[ + "SearchOption", + "SearchValue" + ], + "members":{ + "SearchOption":{ + "shape":"SearchOption", + "documentation":"The search option to be applied when performing the string search.
" + }, + "SearchValue":{ + "shape":"SearchValue", + "documentation":"The value to search for within the specified string field.
" + } + }, + "documentation":"A structure that defines string search parameters.
" + }, + "StringSearches":{ + "type":"list", + "member":{"shape":"StringSearch"}, + "max":1, + "min":1 + }, "TagKey":{ "type":"string", "max":128, @@ -2960,6 +3068,10 @@ "AutoAssociate":{ "shape":"Boolean", "documentation":"Specifies if this billing group will automatically associate newly added Amazon Web Services accounts that join your consolidated billing family.
" + }, + "ResponsibilityTransferArn":{ + "shape":"ResponsibilityTransferArn", + "documentation":"The Amazon Resource Name (ARN) that identifies the transfer relationship. Note: Modifications to the ResponsibilityTransferArn are not permitted for existing billing groups.
" } }, "documentation":"Specifies if the billing group has the following features enabled.
" @@ -3391,6 +3503,7 @@ "ILLEGAL_BILLING_ENTITY", "ILLEGAL_MODIFIER_PERCENTAGE", "ILLEGAL_TYPE", + "ILLEGAL_BILLING_GROUP_TYPE", "ILLEGAL_ENDED_BILLINGGROUP", "ILLEGAL_TIERING_INPUT", "ILLEGAL_OPERATION", diff --git a/awscli/botocore/data/braket/2019-09-01/paginators-1.json b/awscli/botocore/data/braket/2019-09-01/paginators-1.json index a5be3333fa88..2f0f69eb75a1 100644 --- a/awscli/botocore/data/braket/2019-09-01/paginators-1.json +++ b/awscli/botocore/data/braket/2019-09-01/paginators-1.json @@ -17,6 +17,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "jobs" + }, + "SearchSpendingLimits": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "spendingLimits" } } } diff --git a/awscli/botocore/data/braket/2019-09-01/service-2.json b/awscli/botocore/data/braket/2019-09-01/service-2.json index f142eb6815f8..4b70194ec278 100644 --- a/awscli/botocore/data/braket/2019-09-01/service-2.json +++ b/awscli/botocore/data/braket/2019-09-01/service-2.json @@ -94,6 +94,43 @@ ], "documentation":"Creates a quantum task.
" }, + "CreateSpendingLimit":{ + "name":"CreateSpendingLimit", + "http":{ + "method":"POST", + "requestUri":"/spending-limit", + "responseCode":201 + }, + "input":{"shape":"CreateSpendingLimitRequest"}, + "output":{"shape":"CreateSpendingLimitResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"DeviceRetiredException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Creates a spending limit for a specified quantum device. Spending limits help you control costs by setting maximum amounts that can be spent on quantum computing tasks within a specified time period. Simulators do not support spending limits.
" + }, + "DeleteSpendingLimit":{ + "name":"DeleteSpendingLimit", + "http":{ + "method":"DELETE", + "requestUri":"/spending-limit/{spendingLimitArn}/delete", + "responseCode":200 + }, + "input":{"shape":"DeleteSpendingLimitRequest"}, + "output":{"shape":"DeleteSpendingLimitResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Deletes an existing spending limit. This operation permanently removes the spending limit and cannot be undone. After deletion, the associated device becomes unrestricted for spending.
", + "idempotent":true + }, "GetDevice":{ "name":"GetDevice", "http":{ @@ -221,6 +258,24 @@ "documentation":"Searches for tasks that match the specified filter values.
", "readonly":true }, + "SearchSpendingLimits":{ + "name":"SearchSpendingLimits", + "http":{ + "method":"POST", + "requestUri":"/spending-limits", + "responseCode":200 + }, + "input":{"shape":"SearchSpendingLimitsRequest"}, + "output":{"shape":"SearchSpendingLimitsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Searches and lists spending limits based on specified filters. This operation supports pagination and allows filtering by various criteria to find specific spending limits. We recommend using pagination to ensure that the operation returns quickly and successfully.
", + "readonly":true + }, "TagResource":{ "name":"TagResource", "http":{ @@ -253,6 +308,25 @@ ], "documentation":"Remove tags from a resource.
", "idempotent":true + }, + "UpdateSpendingLimit":{ + "name":"UpdateSpendingLimit", + "http":{ + "method":"PATCH", + "requestUri":"/spending-limit/{spendingLimitArn}/update", + "responseCode":200 + }, + "input":{"shape":"UpdateSpendingLimitRequest"}, + "output":{"shape":"UpdateSpendingLimitResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Updates an existing spending limit. You can modify the spending amount or time period. Changes take effect immediately.
", + "idempotent":true } }, "shapes":{ @@ -625,6 +699,52 @@ } } }, + "CreateSpendingLimitRequest":{ + "type":"structure", + "required":[ + "clientToken", + "deviceArn", + "spendingLimit" + ], + "members":{ + "clientToken":{ + "shape":"String64", + "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Braket ignores the request, but does not return an error.
", + "idempotencyToken":true + }, + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The Amazon Resource Name (ARN) of the quantum device to apply the spending limit to.
" + }, + "spendingLimit":{ + "shape":"CreateSpendingLimitRequestSpendingLimitString", + "documentation":"The maximum amount that can be spent on the specified device, in USD.
" + }, + "timePeriod":{ + "shape":"TimePeriod", + "documentation":"The time period during which the spending limit is active, including start and end dates.
" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"The tags to apply to the spending limit. Each tag consists of a key and an optional value.
" + } + } + }, + "CreateSpendingLimitRequestSpendingLimitString":{ + "type":"string", + "min":1, + "pattern":"\\d+(\\.\\d{1,2})?" + }, + "CreateSpendingLimitResponse":{ + "type":"structure", + "required":["spendingLimitArn"], + "members":{ + "spendingLimitArn":{ + "shape":"SpendingLimitArn", + "documentation":"The Amazon Resource Name (ARN) of the created spending limit.
" + } + } + }, "DataSource":{ "type":"structure", "required":["s3DataSource"], @@ -636,6 +756,22 @@ }, "documentation":"Information about the source of the input data used by the Amazon Braket hybrid job.
" }, + "DeleteSpendingLimitRequest":{ + "type":"structure", + "required":["spendingLimitArn"], + "members":{ + "spendingLimitArn":{ + "shape":"SpendingLimitArn", + "documentation":"The Amazon Resource Name (ARN) of the spending limit to delete.
", + "location":"uri", + "locationName":"spendingLimitArn" + } + } + }, + "DeleteSpendingLimitResponse":{ + "type":"structure", + "members":{} + }, "DeviceArn":{ "type":"string", "max":256, @@ -1846,6 +1982,82 @@ } } }, + "SearchSpendingLimitsFilter":{ + "type":"structure", + "required":[ + "name", + "values", + "operator" + ], + "members":{ + "name":{ + "shape":"String64", + "documentation":"The name of the field to filter on. Currently only supports deviceArn.
An array of values to match against the specified field.
" + }, + "operator":{ + "shape":"SearchSpendingLimitsFilterOperator", + "documentation":"The comparison operator to use when filtering.
" + } + }, + "documentation":"Specifies filter criteria for searching spending limits. Use filters to narrow down results based on specific attributes.
" + }, + "SearchSpendingLimitsFilterOperator":{ + "type":"string", + "enum":["EQUAL"] + }, + "SearchSpendingLimitsFilterValuesList":{ + "type":"list", + "member":{"shape":"String256"}, + "max":10, + "min":1 + }, + "SearchSpendingLimitsRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"The token to retrieve the next page of results. This value is returned from a previous call to SearchSpendingLimits when there are more results available.
" + }, + "maxResults":{ + "shape":"SearchSpendingLimitsRequestMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call. Minimum value of 1, maximum value of 100. Default is 20.
" + }, + "filters":{ + "shape":"SearchSpendingLimitsRequestFiltersList", + "documentation":"The filters to apply when searching for spending limits. Use filters to narrow down the results based on specific criteria.
" + } + } + }, + "SearchSpendingLimitsRequestFiltersList":{ + "type":"list", + "member":{"shape":"SearchSpendingLimitsFilter"}, + "max":10, + "min":0 + }, + "SearchSpendingLimitsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "SearchSpendingLimitsResponse":{ + "type":"structure", + "required":["spendingLimits"], + "members":{ + "spendingLimits":{ + "shape":"SpendingLimitSummaryList", + "documentation":"An array of spending limit summaries that match the specified filters.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token to retrieve the next page of results. This value is null when there are no more results to return.
" + } + } + }, "ServiceQuotaExceededException":{ "type":"structure", "members":{ @@ -1858,6 +2070,68 @@ }, "exception":true }, + "SpendingLimitArn":{ + "type":"string", + "max":256, + "min":0, + "pattern":"arn:aws[a-z\\-]*:braket:[a-z0-9\\-]+:[0-9]{12}:spending-limit/.*" + }, + "SpendingLimitSummary":{ + "type":"structure", + "required":[ + "spendingLimitArn", + "deviceArn", + "timePeriod", + "spendingLimit", + "queuedSpend", + "totalSpend", + "createdAt", + "updatedAt" + ], + "members":{ + "spendingLimitArn":{ + "shape":"SpendingLimitArn", + "documentation":"The Amazon Resource Name (ARN) that uniquely identifies the spending limit.
" + }, + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The Amazon Resource Name (ARN) of the quantum device associated with this spending limit.
" + }, + "timePeriod":{ + "shape":"TimePeriod", + "documentation":"The time period during which the spending limit is active.
" + }, + "spendingLimit":{ + "shape":"String", + "documentation":"The maximum spending amount allowed for the device during the specified time period, in USD.
" + }, + "queuedSpend":{ + "shape":"String", + "documentation":"The amount currently queued for spending on the device, in USD.
" + }, + "totalSpend":{ + "shape":"String", + "documentation":"The total amount spent on the device so far during the current time period, in USD.
" + }, + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The date and time when the spending limit was created, in epoch seconds.
" + }, + "updatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The date and time when the spending limit was last modified, in epoch seconds.
" + }, + "tags":{ + "shape":"TagsMap", + "documentation":"The tags associated with the spending limit. Each tag consists of a key and an optional value.
" + } + }, + "documentation":"Contains summary information about a spending limit, including current spending status and configuration details.
" + }, + "SpendingLimitSummaryList":{ + "type":"list", + "member":{"shape":"SpendingLimitSummary"} + }, "String":{"type":"string"}, "String1024":{ "type":"string", @@ -1888,6 +2162,10 @@ "type":"timestamp", "timestampFormat":"iso8601" }, + "SyntheticTimestamp_epoch_seconds":{ + "type":"timestamp", + "timestampFormat":"unixTimestamp" + }, "TagKeys":{ "type":"list", "member":{"shape":"String"} @@ -1932,6 +2210,24 @@ }, "exception":true }, + "TimePeriod":{ + "type":"structure", + "required":[ + "startAt", + "endAt" + ], + "members":{ + "startAt":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"The start date and time for the spending limit period, in epoch seconds.
" + }, + "endAt":{ + "shape":"SyntheticTimestamp_epoch_seconds", + "documentation":"The end date and time for the spending limit period, in epoch seconds.
" + } + }, + "documentation":"Defines a time range for spending limits, specifying when the limit is active.
" + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -1957,6 +2253,43 @@ "type":"structure", "members":{} }, + "UpdateSpendingLimitRequest":{ + "type":"structure", + "required":[ + "spendingLimitArn", + "clientToken" + ], + "members":{ + "spendingLimitArn":{ + "shape":"SpendingLimitArn", + "documentation":"The Amazon Resource Name (ARN) of the spending limit to update.
", + "location":"uri", + "locationName":"spendingLimitArn" + }, + "clientToken":{ + "shape":"String64", + "documentation":"A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, Amazon Braket ignores the request, but does not return an error.
", + "idempotencyToken":true + }, + "spendingLimit":{ + "shape":"UpdateSpendingLimitRequestSpendingLimitString", + "documentation":"The new maximum amount that can be spent on the specified device, in USD.
" + }, + "timePeriod":{ + "shape":"TimePeriod", + "documentation":"The new time period during which the spending limit is active, including start and end dates.
" + } + } + }, + "UpdateSpendingLimitRequestSpendingLimitString":{ + "type":"string", + "min":1, + "pattern":"\\d+(\\.\\d{1,2})?" + }, + "UpdateSpendingLimitResponse":{ + "type":"structure", + "members":{} + }, "Uri":{ "type":"string", "max":255, diff --git a/awscli/botocore/data/budgets/2016-10-20/service-2.json b/awscli/botocore/data/budgets/2016-10-20/service-2.json index 0d1b19039942..9ebe5f4fa27d 100644 --- a/awscli/botocore/data/budgets/2016-10-20/service-2.json +++ b/awscli/botocore/data/budgets/2016-10-20/service-2.json @@ -284,7 +284,8 @@ {"shape":"InvalidNextTokenException"}, {"shape":"ExpiredNextTokenException"}, {"shape":"AccessDeniedException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"BillingViewHealthStatusException"} ], "documentation":"Describes the history for DAILY, MONTHLY, and QUARTERLY budgets. Budget history isn't available for ANNUAL budgets.
Updates a budget. You can change every part of a budget except for the budgetName and the calculatedSpend. When you modify a budget, the calculatedSpend drops to zero until Amazon Web Services has new usage data to use for forecasting.
Only one of BudgetLimit or PlannedBudgetLimits can be present in the syntax at one time. Use the syntax that matches your case. The Request Syntax section shows the BudgetLimit syntax. For PlannedBudgetLimits, see the Examples section.
Similarly, only one set of filter and metric selections can be present in the syntax at one time. Either FilterExpression and Metrics or CostFilters and CostTypes, not both or a different combination. We recommend using FilterExpression and Metrics as they provide more flexible and powerful filtering capabilities. The Request Syntax section shows the FilterExpression/Metrics syntax.
You've reached the limit on the number of tags you can associate with a resource.
", + "documentation":"You've reached a Service Quota limit on this resource.
", "exception":true }, "Spend":{ diff --git a/awscli/botocore/data/ce/2017-10-25/service-2.json b/awscli/botocore/data/ce/2017-10-25/service-2.json index ea5322482333..56d25ff29abd 100644 --- a/awscli/botocore/data/ce/2017-10-25/service-2.json +++ b/awscli/botocore/data/ce/2017-10-25/service-2.json @@ -913,13 +913,16 @@ }, "MonitorType":{ "shape":"MonitorType", - "documentation":"The possible type values.
" + "documentation":"The type of the monitor.
Set this to DIMENSIONAL for an Amazon Web Services managed monitor. Amazon Web Services managed monitors automatically track up to the top 5,000 values by cost within a dimension of your choosing. Each dimension value is evaluated independently. If you start incurring cost in a new value of your chosen dimension, it will automatically be analyzed by an Amazon Web Services managed monitor.
Set this to CUSTOM for a customer managed monitor. Customer managed monitors let you select specific dimension values that get monitored in aggregate.
For more information about monitor types, see Monitor types in the Billing and Cost Management User Guide.
" }, "MonitorDimension":{ "shape":"MonitorDimension", - "documentation":"The dimensions to evaluate.
" + "documentation":"For customer managed monitors, do not specify this field.
For Amazon Web Services managed monitors, this field controls which cost dimension is automatically analyzed by the monitor. For TAG and COST_CATEGORY dimensions, you must also specify MonitorSpecification to configure the specific tag or cost category key to analyze.
An Expression object used to control what costs the monitor analyzes for anomalies.
For Amazon Web Services managed monitors:
If MonitorDimension is SERVICE or LINKED_ACCOUNT, do not specify this field
If MonitorDimension is TAG, set this field to { \"Tags\": { \"Key\": \"your tag key\" } }
If MonitorDimension is COST_CATEGORY, set this field to { \"CostCategories\": { \"Key\": \"your cost category key\" } }
For customer managed monitors:
To track linked accounts, set this field to { \"Dimensions\": { \"Key\": \"LINKED_ACCOUNT\", \"Values\": [ \"your list of up to 10 account IDs\" ] } }
To track cost allocation tags, set this field to { \"Tags\": { \"Key\": \"your tag key\", \"Values\": [ \"your list of up to 10 tag values\" ] } }
To track cost categories, set this field to{ \"CostCategories\": { \"Key\": \"your cost category key\", \"Values\": [ \"your cost category value\" ] } }
The value for evaluated dimensions.
" @@ -3978,7 +3981,12 @@ }, "MonitorDimension":{ "type":"string", - "enum":["SERVICE"] + "enum":[ + "SERVICE", + "LINKED_ACCOUNT", + "TAG", + "COST_CATEGORY" + ] }, "MonitorType":{ "type":"string", diff --git a/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json b/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json index f7aa541b851b..55e601fe35ad 100644 --- a/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json +++ b/awscli/botocore/data/cloudformation/2010-05-15/paginators-1.json @@ -28,7 +28,9 @@ "IncludeNestedStacks", "RootChangeSetId", "OnStackFailure", - "ImportExistingResources" + "ImportExistingResources", + "StackDriftStatus", + "DeploymentMode" ] }, "DescribeStackEvents": { @@ -131,6 +133,11 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "StackRefactorSummaries" + }, + "DescribeEvents": { + "input_token": "NextToken", + "output_token": "NextToken", + "result_key": "OperationEvents" } } } diff --git a/awscli/botocore/data/cloudformation/2010-05-15/service-2.json b/awscli/botocore/data/cloudformation/2010-05-15/service-2.json index 0c7d81a32a36..e989f0db7c02 100644 --- a/awscli/botocore/data/cloudformation/2010-05-15/service-2.json +++ b/awscli/botocore/data/cloudformation/2010-05-15/service-2.json @@ -374,7 +374,20 @@ "errors":[ {"shape":"ChangeSetNotFoundException"} ], - "documentation":"Returns hook-related information for the change set and a list of changes that CloudFormation makes when you run the change set.
" + "documentation":"Returns Hook-related information for the change set and a list of changes that CloudFormation makes when you run the change set.
" + }, + "DescribeEvents":{ + "name":"DescribeEvents", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeEventsInput"}, + "output":{ + "shape":"DescribeEventsOutput", + "resultWrapper":"DescribeEventsResult" + }, + "documentation":"Returns CloudFormation events based on flexible query criteria. Groups events by operation ID, enabling you to focus on individual stack operations during deployment.
An operation is any action performed on a stack, including stack lifecycle actions (Create, Update, Delete, Rollback), change set creation, nested stack creation, and automatic rollbacks triggered by failures. Each operation has a unique identifier (Operation ID) and represents a discrete change attempt on the stack.
Returns different types of events including:
Progress events - Status updates during stack operation execution.
Validation errors - Failures from CloudFormation Early Validations.
Provisioning errors - Resource creation and update failures.
Hook invocation errors - Failures from CloudFormation Hook during stack operations.
One of ChangeSetName, OperationId or StackName must be specified as input.
Retrieves a generated template. If the template is in an InProgress or Pending status then the template returned will be the template when the template was last in a Complete status. If the template has not yet been in a Complete status then an empty template will be returned.
Retrieves detailed information and remediation guidance for a Hook invocation result.
If the Hook uses a KMS key to encrypt annotations, callers of the GetHookResult operation must have kms:Decrypt permissions. For more information, see KMS key policy and permissions for encrypting CloudFormation Hooks results at rest in the CloudFormation Hooks User Guide.
An identifier for the evaluation logic that was used when invoking the Hook. For Control Tower, this is the control ID. For Guard, this is the rule ID. For Lambda and custom Hooks, this is a user-defined identifier.
" + }, + "Status":{ + "shape":"AnnotationStatus", + "documentation":"The status of the Hook invocation from the downstream service.
" + }, + "StatusMessage":{ + "shape":"RemediationMessageStatusMessage", + "documentation":"The explanation for the specific status assigned to this Hook invocation. For example, \"Bucket does not block public access\".
" + }, + "RemediationMessage":{ + "shape":"RemediationMessageRemediationMessage", + "documentation":"Suggests what to change if your Hook returns a FAILED status. For example, \"Block public access to the bucket\".
A URL that you can access for additional remediation guidance.
" + }, + "SeverityLevel":{ + "shape":"AnnotationSeverityLevel", + "documentation":"The relative risk associated with any violations of this type.
" + } + }, + "documentation":"The Annotation data type.
A GetHookResult call returns detailed information and remediation guidance from Control Tower, Guard, Lambda, or custom Hooks for a Hook invocation result.
If set to true, stack resources are retained when an account is removed from a target organization or OU. If set to false, stack resources are deleted. Specify only if Enabled is set to True.
A list of StackSet ARNs that this StackSet depends on for auto-deployment operations. When auto-deployment is triggered, operations will be sequenced to ensure all dependencies complete successfully before this StackSet's operation begins.
" } }, "documentation":"Describes whether StackSets automatically deploys to Organizations accounts that are added to a target organization or organizational unit (OU). For more information, see Enable or disable automatic deployments for StackSets in Organizations in the CloudFormation User Guide.
" @@ -1619,8 +1719,23 @@ } } }, + "BeaconStackOperationStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "SUCCEEDED", + "FAILED" + ] + }, "BeforeContext":{"type":"string"}, "BeforeValue":{"type":"string"}, + "BeforeValueFrom":{ + "type":"string", + "enum":[ + "PREVIOUS_DEPLOYMENT_STATE", + "ACTUAL_STATE" + ] + }, "BoxedInteger":{ "type":"integer", "box":true @@ -1717,7 +1832,8 @@ "Modify", "Remove", "Import", - "Dynamic" + "Dynamic", + "SyncWithActual" ] }, "ChangeSetHook":{ @@ -1773,7 +1889,7 @@ "members":{ "TargetType":{ "shape":"HookTargetType", - "documentation":"The name of the type.
" + "documentation":"The Hook target type.
" }, "ResourceTargetDetails":{ "shape":"ChangeSetHookResourceTargetDetails", @@ -1913,7 +2029,8 @@ "ParameterReference", "ResourceAttribute", "DirectModification", - "Automatic" + "Automatic", + "NoModification" ] }, "ChangeType":{ @@ -2006,15 +2123,15 @@ }, "TemplateBody":{ "shape":"TemplateBody", - "documentation":"A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. CloudFormation generates the change set by comparing this template with the template of the stack that you specified.
Conditional: You must specify only TemplateBody or TemplateURL.
A structure that contains the body of the revised template, with a minimum length of 1 byte and a maximum length of 51,200 bytes. CloudFormation generates the change set by comparing this template with the template of the stack that you specified.
Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.
The URL of the file that contains the revised template. The URL must point to a template (max size: 1 MB) that's located in an Amazon S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.
Conditional: You must specify only TemplateBody or TemplateURL.
The URL of the file that contains the revised template. The URL must point to a template (max size: 1 MB) that's located in an Amazon S3 bucket or a Systems Manager document. CloudFormation generates the change set by comparing this template with the stack that you specified. The location for an Amazon S3 bucket must start with https://. URLs from S3 static websites are not supported.
Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.
Whether to reuse the template that's associated with the stack to create the change set.
" + "documentation":"Whether to reuse the template that's associated with the stack to create the change set.
When using templates with the AWS::LanguageExtensions transform, provide the template instead of using UsePreviousTemplate to ensure new parameter values and Systems Manager parameter updates are applied correctly. For more information, see AWS::LanguageExtensions transform.
Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.
In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.
CAPABILITY_IAM and CAPABILITY_NAMED_IAM
Some stack templates might include resources that can affect permissions in your Amazon Web Services account; for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.
The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.
If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.
For more information, see Acknowledging IAM resources in CloudFormation templates.
CAPABILITY_AUTO_EXPAND
Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.
This capacity doesn't apply to creating change sets, and specifying it when creating change sets has no effect.
If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.
For more information about macros, see Perform custom processing on CloudFormation templates with template macros.
Only one of the Capabilities and ResourceType parameters can be specified.
In some cases, you must explicitly acknowledge that your stack template contains certain capabilities in order for CloudFormation to create the stack.
CAPABILITY_IAM and CAPABILITY_NAMED_IAM
Some stack templates might include resources that can affect permissions in your Amazon Web Services account, for example, by creating new IAM users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.
The following IAM resources require you to specify either the CAPABILITY_IAM or CAPABILITY_NAMED_IAM capability.
If you have IAM resources, you can specify either capability.
If you have IAM resources with custom names, you must specify CAPABILITY_NAMED_IAM.
If you don't specify either of these capabilities, CloudFormation returns an InsufficientCapabilities error.
If your stack template contains these resources, we suggest that you review all permissions associated with them and edit their permissions if necessary.
For more information, see Acknowledging IAM resources in CloudFormation templates.
CAPABILITY_AUTO_EXPAND
Some template contain macros. Macros perform custom processing on templates; this can include simple actions like find-and-replace operations, all the way to extensive transformations of entire templates. Because of this, users typically create a change set from the processed template, so that they can review the changes resulting from the macros before actually creating the stack. If your stack template contains one or more macros, and you choose to create a stack directly from the processed template, without first reviewing the resulting changes in a change set, you must acknowledge this capability. This includes the AWS::Include and AWS::Serverless transforms, which are macros hosted by CloudFormation.
This capacity doesn't apply to creating change sets, and specifying it when creating change sets has no effect.
If you want to create a stack from a stack template that contains macros and nested stacks, you must create or update the stack directly from the template using the CreateStack or UpdateStack action, and specifying this capability.
For more information about macros, see Perform custom processing on CloudFormation templates with template macros.
Only one of the Capabilities and ResourceType parameters can be specified.
The template resource types that you have permissions to work with if you execute this change set, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see Control access with Identity and Access Management in the CloudFormation User Guide.
Only one of the Capabilities and ResourceType parameters can be specified.
Specifies which resource types you can work with, such as AWS::EC2::Instance or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource type that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for condition keys in IAM policies for CloudFormation. For more information, see Control CloudFormation access with Identity and Access Management in the CloudFormation User Guide.
Only one of the Capabilities and ResourceType parameters can be specified.
Indicates if the change set auto-imports resources that already exist. For more information, see Import Amazon Web Services resources into a CloudFormation stack automatically in the CloudFormation User Guide.
This parameter can only import resources that have custom names in templates. For more information, see name type in the CloudFormation User Guide. To import resources that do not accept custom names, such as EC2 instances, use the ResourcesToImport parameter instead.
Determines how CloudFormation handles configuration drift during deployment.
REVERT_DRIFT – Creates a drift-aware change set that brings actual resource states in line with template definitions. Provides a three-way comparison between actual state, previous deployment state, and desired state.
For more information, see Using drift-aware change sets in the CloudFormation User Guide.
" } }, "documentation":"The input for the CreateChangeSet action.
" @@ -2166,7 +2287,7 @@ }, "ResourceTypes":{ "shape":"ResourceTypes", - "documentation":"The template resource types that you have permissions to work with for this create stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance. Use the following syntax to describe template resource types: AWS::* (for all Amazon Web Services resources), Custom::* (for all custom resources), Custom::logical_ID (for a specific custom resource), AWS::service_name::* (for all resources of a particular Amazon Web Services service), and AWS::service_name::resource_logical_ID (for a specific Amazon Web Services resource).
If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.
Only one of the Capabilities and ResourceType parameters can be specified.
Specifies which resource types you can work with, such as AWS::EC2::Instance or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource that you're creating, the stack creation fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control CloudFormation access with Identity and Access Management.
Only one of the Capabilities and ResourceType parameters can be specified.
Unique identifier of the stack.
" + }, + "OperationId":{ + "shape":"OperationId", + "documentation":"A unique identifier for this stack operation that can be used to track the operation's progress and events.
" } }, "documentation":"The output for a CreateStack action.
" @@ -2548,6 +2673,10 @@ ] }, "DeletionTime":{"type":"timestamp"}, + "DeploymentMode":{ + "type":"string", + "enum":["REVERT_DRIFT"] + }, "DeploymentTargets":{ "type":"structure", "members":{ @@ -2607,7 +2736,7 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of limits that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } }, "documentation":"The input for the DescribeAccountLimits action.
" @@ -2640,7 +2769,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string, provided by the DescribeChangeSetHooks response output, that identifies the next page of information that you want to retrieve.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "LogicalResourceId":{ "shape":"LogicalResourceId", @@ -2665,7 +2794,7 @@ }, "Status":{ "shape":"ChangeSetHooksStatus", - "documentation":"Provides the status of the change set hook.
" + "documentation":"Provides the status of the change set Hook.
" }, "NextToken":{ "shape":"NextToken", @@ -2695,7 +2824,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string (provided by the DescribeChangeSet response output) that identifies the next page of information that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "IncludePropertyValues":{ "shape":"IncludePropertyValues", @@ -2747,6 +2876,10 @@ "shape":"ChangeSetStatusReason", "documentation":"A description of the change set's status. For example, if your attempt to create a change set failed, CloudFormation shows the error message.
" }, + "StackDriftStatus":{ + "shape":"StackDriftStatus", + "documentation":"The drift status of the stack when the change set was created. Valid values:
DRIFTED – The stack has drifted from its last deployment.
IN_SYNC – The stack is in sync with its last deployment.
NOT_CHECKED – CloudFormation doesn’t currently return this value.
UNKNOWN – The drift status could not be determined.
Only present for drift-aware change sets.
" + }, "NotificationARNs":{ "shape":"NotificationARNs", "documentation":"The ARNs of the Amazon SNS topics that will be associated with the stack if you execute the change set.
" @@ -2790,10 +2923,52 @@ "ImportExistingResources":{ "shape":"ImportExistingResources", "documentation":"Indicates if the change set imports resources that already exist.
This parameter can only import resources that have custom names in templates. To import resources that do not accept custom names, such as EC2 instances, use the resource import feature instead.
The deployment mode specified when the change set was created. Valid value is REVERT_DRIFT. Only present for drift-aware change sets.
The output for the DescribeChangeSet action.
" }, + "DescribeEventsInput":{ + "type":"structure", + "members":{ + "StackName":{ + "shape":"StackNameOrId", + "documentation":"The name or unique stack ID for which you want to retrieve events.
" + }, + "ChangeSetName":{ + "shape":"ChangeSetNameOrId", + "documentation":"The name or Amazon Resource Name (ARN) of the change set for which you want to retrieve events.
" + }, + "OperationId":{ + "shape":"OperationId", + "documentation":"The unique identifier of the operation for which you want to retrieve events.
" + }, + "Filters":{ + "shape":"EventFilter", + "documentation":"Filters to apply when retrieving events.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" + } + } + }, + "DescribeEventsOutput":{ + "type":"structure", + "members":{ + "OperationEvents":{ + "shape":"OperationEvents", + "documentation":"A list of operation events that match the specified criteria.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call DescribeEvents again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.
A string that identifies the next page of events that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } }, "documentation":"The input for DescribeStackEvents action.
" @@ -3125,7 +3301,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of stack resource drift results.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"BoxedMaxResults", @@ -3265,7 +3441,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of stacks that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } }, "documentation":"The input for DescribeStacks action.
" @@ -3562,6 +3738,13 @@ ] }, "DisableRollback":{"type":"boolean"}, + "DriftIgnoredReason":{ + "type":"string", + "enum":[ + "MANAGED_BY_AWS", + "WRITE_ONLY_PROPERTY" + ] + }, "DriftedStackInstancesCount":{ "type":"integer", "min":0 @@ -3613,7 +3796,27 @@ "Dynamic" ] }, + "EventFilter":{ + "type":"structure", + "members":{ + "FailedEvents":{ + "shape":"FailedEventsFilter", + "documentation":"When set to true, only returns failed events within the operation. This helps quickly identify root causes for a failed operation.
" + } + }, + "documentation":"Event filter allows you to focus on specific events in an operation.
" + }, "EventId":{"type":"string"}, + "EventType":{ + "type":"string", + "enum":[ + "STACK_EVENT", + "PROGRESS_EVENT", + "VALIDATION_ERROR", + "PROVISIONING_ERROR", + "HOOK_INVOCATION_ERROR" + ] + }, "ExecuteChangeSetInput":{ "type":"structure", "required":["ChangeSetName"], @@ -3698,6 +3901,7 @@ "type":"list", "member":{"shape":"Export"} }, + "FailedEventsFilter":{"type":"boolean"}, "FailedStackInstancesCount":{ "type":"integer", "min":0 @@ -3795,6 +3999,72 @@ } } }, + "GetHookResultInput":{ + "type":"structure", + "members":{ + "HookResultId":{ + "shape":"HookInvocationId", + "documentation":"The unique identifier (ID) of the Hook invocation result that you want details about. You can get the ID from the ListHookResults operation.
" + } + } + }, + "GetHookResultOutput":{ + "type":"structure", + "members":{ + "HookResultId":{ + "shape":"HookInvocationId", + "documentation":"The unique identifier of the Hook result.
" + }, + "InvocationPoint":{ + "shape":"HookInvocationPoint", + "documentation":"The specific point in the provisioning process where the Hook is invoked.
" + }, + "FailureMode":{ + "shape":"HookFailureMode", + "documentation":"The failure mode of the invocation.
" + }, + "TypeName":{ + "shape":"HookTypeName", + "documentation":"The name of the Hook that was invoked.
" + }, + "OriginalTypeName":{ + "shape":"HookTypeName", + "documentation":"The original public type name of the Hook when an alias is used.
For example, if you activate AWS::Hooks::GuardHook with alias MyCompany::Custom::GuardHook, then TypeName will be MyCompany::Custom::GuardHook and OriginalTypeName will be AWS::Hooks::GuardHook.
The version identifier of the Hook that was invoked.
" + }, + "TypeConfigurationVersionId":{ + "shape":"HookTypeConfigurationVersionId", + "documentation":"The version identifier of the Hook configuration data that was used during invocation.
" + }, + "TypeArn":{ + "shape":"HookTypeArn", + "documentation":"The Amazon Resource Name (ARN) of the Hook.
" + }, + "Status":{ + "shape":"HookStatus", + "documentation":"The status of the Hook invocation. The following statuses are possible:
HOOK_IN_PROGRESS: The Hook is currently running.
HOOK_COMPLETE_SUCCEEDED: The Hook completed successfully.
HOOK_COMPLETE_FAILED: The Hook completed but failed validation.
HOOK_FAILED: The Hook encountered an error during execution.
A message that provides additional details about the Hook invocation status.
" + }, + "InvokedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp when the Hook was invoked.
" + }, + "Target":{ + "shape":"HookTarget", + "documentation":"Information about the target of the Hook invocation.
" + }, + "Annotations":{ + "shape":"AnnotationList", + "documentation":"A list of objects with additional information and guidance that can help you resolve a failed Hook invocation.
" + } + } + }, "GetStackPolicyInput":{ "type":"structure", "required":["StackName"], @@ -3811,7 +4081,7 @@ "members":{ "StackPolicyBody":{ "shape":"StackPolicyBody", - "documentation":"Structure that contains the stack policy body. (For more information, see Prevent updates to stack resources in the CloudFormation User Guide.)
" + "documentation":"Structure that contains the stack policy body. For more information, see Prevent updates to stack resources in the CloudFormation User Guide.
" } }, "documentation":"The output for the GetStackPolicy action.
" @@ -4044,10 +4314,10 @@ }, "HookExecutionTarget":{ "shape":"HookResultId", - "documentation":"The ARN of the target stack or request token of the Cloud Control API operation.
Only shown in responses when the request does not specify TargetType and TargetId filters.
The Amazon Resource Name (ARN) of the target stack or request token of the Cloud Control API operation.
Only shown in responses when the request does not specify TargetType and TargetId filters.
Describes a Hook invocation, its status, and the reason for its status.
" + "documentation":"A ListHookResults call returns a summary of a Hook invocation.
The target type.
" + }, + "TargetTypeName":{ + "shape":"HookTargetTypeName", + "documentation":"The target name, for example, AWS::S3::Bucket.
The unique identifier of the Hook invocation target.
" + }, + "Action":{ + "shape":"HookTargetAction", + "documentation":"The action that invoked the Hook.
" + } + }, + "documentation":"The HookTarget data type.
A string (provided by the ListChangeSets response output) that identifies the next page of change sets that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } }, "documentation":"The input for the ListChangeSets action.
" @@ -4276,7 +4593,7 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"A string (provided by the ListExports response output) that identifies the next page of exported output values that you asked to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } } }, @@ -4298,7 +4615,7 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of resource scan results.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4340,7 +4657,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of events that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } } }, @@ -4384,7 +4701,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string (provided by the ListImports response output) that identifies the next page of stacks that are importing the specified exported output value.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } } }, @@ -4418,7 +4735,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of resource scan results.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"BoxedMaxResults", @@ -4465,7 +4782,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of resource scan results.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"ResourceScannerMaxResults", @@ -4491,7 +4808,7 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of resource scan results.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"ResourceScannerMaxResults", @@ -4531,7 +4848,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4582,7 +4899,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous request didn't return all the remaining results, the response's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackInstances again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4629,7 +4946,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4660,7 +4977,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the request doesn't return all the remaining results, NextToken is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If the request returns all results, NextToken is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4692,7 +5009,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of stack resources that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" } }, "documentation":"The input for the ListStackResource action.
" @@ -4721,7 +5038,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of deployment targets that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4763,7 +5080,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous request didn't return all the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackSetOperationResults again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4802,7 +5119,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackSetOperations again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4832,7 +5149,7 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"If the previous paginated request didn't return all the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call ListStackSets again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "MaxResults":{ "shape":"MaxResults", @@ -4866,7 +5183,7 @@ "members":{ "NextToken":{ "shape":"NextToken", - "documentation":"A string that identifies the next page of stacks that you want to retrieve.
" + "documentation":"The token for the next set of items to return. (You received this token from a previous call.)
" }, "StackStatusFilter":{ "shape":"StackStatusFilter", @@ -4914,7 +5231,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous paginated request didn't return all the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" } } }, @@ -4952,7 +5269,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous paginated request didn't return all of the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" }, "DeprecatedStatus":{ "shape":"DeprecatedStatus", @@ -5006,7 +5323,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"If the previous paginated request didn't return all the remaining results, the response object's NextToken parameter value is set to a token. To retrieve the next set of results, call this action again and assign that token to the request object's NextToken parameter. If there are no remaining results, the previous response object's NextToken parameter is set to null.
The token for the next set of items to return. (You received this token from a previous call.)
" } } }, @@ -5023,6 +5340,24 @@ } } }, + "LiveResourceDrift":{ + "type":"structure", + "members":{ + "PreviousValue":{ + "shape":"ResourceDriftPreviousValue", + "documentation":"The configuration value from the previous CloudFormation deployment.
" + }, + "ActualValue":{ + "shape":"ResourceDriftActualValue", + "documentation":"The current live configuration value of the resource property.
" + }, + "DriftDetectionTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when drift was detected for this resource property.
" + } + }, + "documentation":"Contains drift information for a resource property, including actual value, previous deployment value, and drift detection timestamp.
" + }, "LogGroupName":{ "type":"string", "max":512, @@ -5149,6 +5484,139 @@ "DELETE" ] }, + "OperationEntry":{ + "type":"structure", + "members":{ + "OperationType":{ + "shape":"OperationType", + "documentation":"The type of operation.
" + }, + "OperationId":{ + "shape":"OperationId", + "documentation":"The unique identifier for the operation.
" + } + }, + "documentation":"Contains information about a CloudFormation operation.
" + }, + "OperationEvent":{ + "type":"structure", + "members":{ + "EventId":{ + "shape":"EventId", + "documentation":"A unique identifier for this event.
" + }, + "StackId":{ + "shape":"StackId", + "documentation":"The unique ID name of the instance of the stack.
" + }, + "OperationId":{ + "shape":"OperationId", + "documentation":"The unique identifier of the operation this event belongs to.
" + }, + "OperationType":{ + "shape":"OperationType", + "documentation":"The type of operation.
" + }, + "OperationStatus":{ + "shape":"BeaconStackOperationStatus", + "documentation":"The current status of the operation.
" + }, + "EventType":{ + "shape":"EventType", + "documentation":"The type of event.
" + }, + "LogicalResourceId":{ + "shape":"LogicalResourceId", + "documentation":"The logical name of the resource as specified in the template.
" + }, + "PhysicalResourceId":{ + "shape":"PhysicalResourceId", + "documentation":"The name or unique identifier that corresponds to a physical instance ID of a resource.
" + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"Type of resource.
" + }, + "Timestamp":{ + "shape":"Timestamp", + "documentation":"Time the status was updated.
" + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"The time when the event started.
" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"The time when the event ended.
" + }, + "ResourceStatus":{ + "shape":"ResourceStatus", + "documentation":"Current status of the resource.
" + }, + "ResourceStatusReason":{ + "shape":"ResourceStatusReason", + "documentation":"Success or failure message associated with the resource.
" + }, + "ResourceProperties":{ + "shape":"ResourceProperties", + "documentation":"The properties used to create the resource.
" + }, + "ClientRequestToken":{ + "shape":"ClientRequestToken", + "documentation":"A unique identifier for the request that initiated this operation.
" + }, + "HookType":{ + "shape":"HookType", + "documentation":"The type name of the Hook that was invoked.
" + }, + "HookStatus":{ + "shape":"HookStatus", + "documentation":"The status of the Hook invocation.
" + }, + "HookStatusReason":{ + "shape":"HookStatusReason", + "documentation":"Additional information about the Hook status.
" + }, + "HookInvocationPoint":{ + "shape":"HookInvocationPoint", + "documentation":"The point in the operation lifecycle when the Hook was invoked.
" + }, + "HookFailureMode":{ + "shape":"HookFailureMode", + "documentation":"Specifies how Hook failures are handled.
" + }, + "DetailedStatus":{ + "shape":"DetailedStatus", + "documentation":"Additional status information about the operation.
" + }, + "ValidationFailureMode":{ + "shape":"HookFailureMode", + "documentation":"Specifies how validation failures are handled.
" + }, + "ValidationName":{ + "shape":"ValidationName", + "documentation":"The name of the validation that was performed.
" + }, + "ValidationStatus":{ + "shape":"ValidationStatus", + "documentation":"The status of the validation.
" + }, + "ValidationStatusReason":{ + "shape":"ValidationStatusReason", + "documentation":"Additional information about the validation status.
" + }, + "ValidationPath":{ + "shape":"ValidationPath", + "documentation":"The path within the resource where the validation was applied.
" + } + }, + "documentation":"Contains detailed information about an event that occurred during a CloudFormation operation.
" + }, + "OperationEvents":{ + "type":"list", + "member":{"shape":"OperationEvent"} + }, + "OperationId":{"type":"string"}, "OperationIdAlreadyExistsException":{ "type":"structure", "members":{}, @@ -5231,6 +5699,17 @@ }, "exception":true }, + "OperationType":{ + "type":"string", + "enum":[ + "CREATE_STACK", + "UPDATE_STACK", + "DELETE_STACK", + "CONTINUE_ROLLBACK", + "ROLLBACK", + "CREATE_CHANGESET" + ] + }, "OptionalSecureUrl":{ "type":"string", "max":4096 @@ -5271,7 +5750,7 @@ "documentation":"The name of the export associated with the output.
" } }, - "documentation":"The Output data type.
" + "documentation":"The Output data type.
Read-only. The value that corresponds to a Systems Manager parameter key. This field is returned only for Systems Manager parameter types in the template. For more information, see Specify existing resources at runtime with CloudFormation-supplied parameter types in the CloudFormation User Guide.
" } }, - "documentation":"The Parameter data type.
" + "documentation":"The Parameter data type.
The criteria that CloudFormation uses to validate parameter values.
" } }, - "documentation":"The ParameterDeclaration data type.
" + "documentation":"The ParameterDeclaration data type.
The action that CloudFormation takes on the resource, such as Add (adds a new resource), Modify (changes a resource), Remove (deletes a resource), Import (imports a resource), or Dynamic (exact action for the resource can't be determined).
The action that CloudFormation takes on the resource, such as Add (adds a new resource), Modify (changes a resource), Remove (deletes a resource), Import (imports a resource), Dynamic (exact action for the resource can't be determined), or SyncWithActual (resource will not be changed, only CloudFormation metadata will change).
For the Modify action, indicates which resource attribute is triggering this update, such as a change in the resource attribute's Metadata, Properties, or Tags.
The drift status of the resource. Valid values:
IN_SYNC – The resource matches its template definition.
MODIFIED – Resource properties were modified outside CloudFormation.
DELETED – The resource was deleted outside CloudFormation.
NOT_CHECKED – CloudFormation doesn’t currently return this value.
UNKNOWN – Drift status could not be determined.
UNSUPPORTED – Resource type does not support actual state comparison.
Only present for drift-aware change sets.
" + }, + "ResourceDriftIgnoredAttributes":{ + "shape":"ResourceDriftIgnoredAttributes", + "documentation":"List of resource attributes for which drift was ignored.
" + }, "Details":{ "shape":"ResourceChangeDetails", "documentation":"For the Modify action, a list of ResourceChangeDetail structures that describes the changes that CloudFormation will make to the resource.
An encoded JSON string that contains the context of the resource after the change is executed.
" + }, + "PreviousDeploymentContext":{ + "shape":"PreviousDeploymentContext", + "documentation":"Information about the resource's state from the previous CloudFormation deployment.
" } }, "documentation":"The ResourceChange structure describes the resource and the action that CloudFormation will perform on it if you execute this change set.
The group to which the CausingEntity value belongs. There are five entity groups:
ResourceReference entities are Ref intrinsic functions that refer to resources in the template, such as { \"Ref\" : \"MyEC2InstanceResource\" }.
ParameterReference entities are Ref intrinsic functions that get template parameter values, such as { \"Ref\" : \"MyPasswordParameter\" }.
ResourceAttribute entities are Fn::GetAtt intrinsic functions that get resource attribute values, such as { \"Fn::GetAtt\" : [ \"MyEC2InstanceResource\", \"PublicDnsName\" ] }.
DirectModification entities are changes that are made directly to the template.
Automatic entities are AWS::CloudFormation::Stack resource types, which are also known as nested stacks. If you made no changes to the AWS::CloudFormation::Stack resource, CloudFormation sets the ChangeSource to Automatic because the nested stack's template might have changed. Changes to a nested stack's template aren't visible to CloudFormation until you run an update on the parent stack.
The group to which the CausingEntity value belongs. There are five entity groups:
ResourceReference entities are Ref intrinsic functions that refer to resources in the template, such as { \"Ref\" : \"MyEC2InstanceResource\" }.
ParameterReference entities are Ref intrinsic functions that get template parameter values, such as { \"Ref\" : \"MyPasswordParameter\" }.
ResourceAttribute entities are Fn::GetAtt intrinsic functions that get resource attribute values, such as { \"Fn::GetAtt\" : [ \"MyEC2InstanceResource\", \"PublicDnsName\" ] }.
DirectModification entities are changes that are made directly to the template.
Automatic entities are AWS::CloudFormation::Stack resource types, which are also known as nested stacks. If you made no changes to the AWS::CloudFormation::Stack resource, CloudFormation sets the ChangeSource to Automatic because the nested stack's template might have changed. Changes to a nested stack's template aren't visible to CloudFormation until you run an update on the parent stack.
NoModification entities are changes made to the template that matches the actual state of the resource.
Path of the resource attribute for which drift was ignored.
" + }, + "Reason":{ + "shape":"DriftIgnoredReason", + "documentation":"Reason why drift was ignored for the attribute, can have 2 possible values:
WRITE_ONLY_PROPERTY - Property is not included in read response for the resource’s live state.
MANAGED_BY_AWS - Property is managed by an Amazon Web Services service and is expected to be dynamically modified.
The ResourceDriftIgnoredAttribute data type.
The value of the property after the change is executed. Large values can be truncated.
" }, + "BeforeValueFrom":{ + "shape":"BeforeValueFrom", + "documentation":"Indicates the source of the before value. Valid values:
ACTUAL_STATE – The before value represents current actual state.
PREVIOUS_DEPLOYMENT_STATE – The before value represents the previous CloudFormation deployment state.
Only present for drift-aware change sets.
" + }, + "AfterValueFrom":{ + "shape":"AfterValueFrom", + "documentation":"Indicates the source of the after value. Valid value:
TEMPLATE – The after value comes from the new template.
Only present for drift-aware change sets.
" + }, + "Drift":{ + "shape":"LiveResourceDrift", + "documentation":"Detailed drift information for the resource property, including actual values, previous deployment values, and drift detection timestamps.
" + }, "AttributeChangeType":{ "shape":"AttributeChangeType", - "documentation":"The type of change to be made to the property if the change is executed.
Add The item will be added.
Remove The item will be removed.
Modify The item will be modified.
The type of change to be made to the property if the change is executed.
Add The item will be added.
Remove The item will be removed.
Modify The item will be modified.
SyncWithActual The drift status of this item will be reset but the item will not be modified.
The field that CloudFormation will change, such as the name of a resource's property, and whether the resource will be recreated.
" @@ -6253,6 +6787,10 @@ "StackId":{ "shape":"StackId", "documentation":"Unique identifier of the stack.
" + }, + "OperationId":{ + "shape":"OperationId", + "documentation":"A unique identifier for this rollback operation that can be used to track the operation's progress and events.
" } } }, @@ -6459,7 +6997,7 @@ }, "UniqueId":{ "shape":"ResourceSignalUniqueId", - "documentation":"A unique ID of the signal. When you signal Amazon EC2 instances or Auto Scaling groups, specify the instance ID that you are signaling as the unique ID. If you send multiple signals to a single resource (such as signaling a wait condition), each signal requires a different unique ID.
" + "documentation":"A unique ID of the signal. When you signal Amazon EC2 instances or Amazon EC2 Auto Scaling groups, specify the instance ID that you are signaling as the unique ID. If you send multiple signals to a single resource (such as signaling a wait condition), each signal requires a different unique ID.
" }, "Status":{ "shape":"ResourceSignalStatus", @@ -6575,9 +7113,13 @@ "DetailedStatus":{ "shape":"DetailedStatus", "documentation":"The detailed status of the resource or stack. If CONFIGURATION_COMPLETE is present, the resource or resource configuration phase has completed and the stabilization of the resources is in progress. The StackSets CONFIGURATION_COMPLETE when all of the resources in the stack have reached that event. For more information, see Understand CloudFormation stack creation events in the CloudFormation User Guide.
Information about the most recent operations performed on this stack.
" } }, - "documentation":"The Stack data type.
" + "documentation":"The Stack data type.
The name associated with a stack.
" }, + "OperationId":{ + "shape":"OperationId", + "documentation":"The unique identifier of the operation that generated this stack event.
" + }, "LogicalResourceId":{ "shape":"LogicalResourceId", "documentation":"The logical name of the resource specified in the template.
" @@ -6736,7 +7282,7 @@ "documentation":"An optional field that contains information about the detailed status of the stack event.
CONFIGURATION_COMPLETE - all of the resources in the stack have reached that event. For more information, see Understand CloudFormation stack creation events in the CloudFormation User Guide.
VALIDATION_FAILED - template validation failed because of invalid properties in the template. The ResourceStatusReason field shows what properties are defined incorrectly.
The StackEvent data type.
" + "documentation":"The StackEvent data type.
Contains information about the module from which the resource was created, if the resource was created from a module included in the stack template.
" } }, - "documentation":"The StackResource data type.
" + "documentation":"The StackResource data type.
A structure that contains information about a StackSet. With StackSets, you can provision stacks across Amazon Web Services accounts and Regions from a single CloudFormation template. Each stack is based on the same CloudFormation template, but you can customize individual stacks using parameters.
" }, "StackSetARN":{"type":"string"}, + "StackSetARNList":{ + "type":"list", + "member":{"shape":"StackSetARN"} + }, "StackSetAutoDeploymentTargetSummaries":{ "type":"list", "member":{"shape":"StackSetAutoDeploymentTargetSummary"} @@ -7993,9 +8544,13 @@ "DriftInformation":{ "shape":"StackDriftInformationSummary", "documentation":"Summarizes information about whether a stack's actual configuration differs, or has drifted, from its expected configuration, as defined in the stack template and any values specified as template parameters. For more information, see Detect unmanaged configuration changes to stacks and resources with drift detection.
" + }, + "LastOperations":{ + "shape":"LastOperations", + "documentation":"Information about the most recent operations performed on this stack.
" } }, - "documentation":"The StackSummary Data Type
" + "documentation":"The StackSummary Data Type
User defined description associated with the parameter.
" } }, - "documentation":"The TemplateParameter data type.
" + "documentation":"The TemplateParameter data type.
Reuse the existing template that is associated with the stack that you are updating.
Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.
Reuse the existing template that is associated with the stack that you are updating.
When using templates with the AWS::LanguageExtensions transform, provide the template instead of using UsePreviousTemplate to ensure new parameter values and Systems Manager parameter updates are applied correctly. For more information, see AWS::LanguageExtensions transform.
Conditional: You must specify only one of the following parameters: TemplateBody, TemplateURL, or set the UsePreviousTemplate to true.
The template resource types that you have permissions to work with for this update stack action, such as AWS::EC2::Instance, AWS::EC2::*, or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control access with Identity and Access Management.
Only one of the Capabilities and ResourceType parameters can be specified.
Specifies which resource types you can work with, such as AWS::EC2::Instance or Custom::MyCustomInstance.
If the list of resource types doesn't include a resource that you're updating, the stack update fails. By default, CloudFormation grants permissions to all resource types. IAM uses this parameter for CloudFormation-specific condition keys in IAM policies. For more information, see Control CloudFormation access with Identity and Access Management.
Only one of the Capabilities and ResourceType parameters can be specified.
Unique identifier of the stack.
" + }, + "OperationId":{ + "shape":"OperationId", + "documentation":"A unique identifier for this update operation that can be used to track the operation's progress and events.
" } }, "documentation":"The output for an UpdateStack action.
" @@ -8944,6 +9503,16 @@ }, "documentation":"The output for ValidateTemplate action.
" }, + "ValidationName":{"type":"string"}, + "ValidationPath":{"type":"string"}, + "ValidationStatus":{ + "type":"string", + "enum":[ + "FAILED", + "SKIPPED" + ] + }, + "ValidationStatusReason":{"type":"string"}, "Value":{"type":"string"}, "Version":{"type":"string"}, "VersionBump":{ @@ -9021,5 +9590,5 @@ "documentation":"Contains any warnings returned by the GetTemplateSummary API action.
CloudFormation allows you to create and manage Amazon Web Services infrastructure deployments predictably and repeatedly. You can use CloudFormation to leverage Amazon Web Services products, such as Amazon Elastic Compute Cloud, Amazon Elastic Block Store, Amazon Simple Notification Service, Elastic Load Balancing, and Amazon EC2 Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying Amazon Web Services infrastructure.
With CloudFormation, you declare all your resources and dependencies in a template file. The template defines a collection of resources as a single unit called a stack. CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you.
For more information about CloudFormation, see the CloudFormation product page.
CloudFormation makes use of other Amazon Web Services products. If you need additional technical information about a specific Amazon Web Services product, you can find the product's technical documentation at docs.aws.amazon.com.
" + "documentation":"CloudFormation allows you to create and manage Amazon Web Services infrastructure deployments predictably and repeatedly. You can use CloudFormation to leverage Amazon Web Services products, such as Amazon Elastic Compute Cloud, Amazon Elastic Block Store, Amazon Simple Notification Service, ELB, and Amazon EC2 Auto Scaling to build highly reliable, highly scalable, cost-effective applications without creating or configuring the underlying Amazon Web Services infrastructure.
With CloudFormation, you declare all your resources and dependencies in a template file. The template defines a collection of resources as a single unit called a stack. CloudFormation creates and deletes all member resources of the stack together and manages all dependencies between the resources for you.
For more information about CloudFormation, see the CloudFormation product page.
CloudFormation makes use of other Amazon Web Services products. If you need additional technical information about a specific Amazon Web Services product, you can find the product's technical documentation at docs.aws.amazon.com.
" } diff --git a/awscli/botocore/data/cloudfront/2020-05-31/service-2.json b/awscli/botocore/data/cloudfront/2020-05-31/service-2.json index 8f7ce522be94..f3bf6abea909 100644 --- a/awscli/botocore/data/cloudfront/2020-05-31/service-2.json +++ b/awscli/botocore/data/cloudfront/2020-05-31/service-2.json @@ -3247,6 +3247,10 @@ "shape":"IpAddressType", "documentation":"The IP address type for the Anycast static IP list.
" }, + "IpamConfig":{ + "shape":"IpamConfig", + "documentation":"The IPAM configuration for the Anycast static IP list, that contains the quantity and list of IPAM CIDR configurations.
" + }, "AnycastIps":{ "shape":"AnycastIps", "documentation":"The static IP addresses that are allocated to the Anycast static IP list.
" @@ -3353,6 +3357,10 @@ "ETag":{ "shape":"string", "documentation":"The current version (ETag value) of the Anycast static IP list.
" + }, + "IpamConfig":{ + "shape":"IpamConfig", + "documentation":"The IPAM configuration for the Anycast static IP list, that contains the quantity and list of IPAM CIDR configurations.
" } }, "documentation":"An abbreviated version of the AnycastIpList structure. Omits the allocated static IP addresses (AnycastIpList$AnycastIps).
" @@ -4531,7 +4539,11 @@ "Tags":{"shape":"Tags"}, "IpAddressType":{ "shape":"IpAddressType", - "documentation":"The IP address type for the Anycast static IP list. You can specify one of the following options:
ipv4 - Allocate a list of only IPv4 addresses
ipv6 - Allocate a list of only IPv4 addresses
dualstack - Allocate a list of both IPv4 and IPv6 addresses
The IP address type for the Anycast static IP list. You can specify one of the following options:
ipv4 only
ipv6 only
dualstack - Allocate a list of both IPv4 and IPv6 addresses
A list of IPAM CIDR configurations that specify the IP address ranges and IPAM pool settings for creating the Anycast static IP list.
" } } }, @@ -9245,6 +9257,74 @@ "dualstack" ] }, + "IpamCidrConfig":{ + "type":"structure", + "required":[ + "Cidr", + "IpamPoolArn" + ], + "members":{ + "Cidr":{ + "shape":"string", + "documentation":"The CIDR that specifies the IP address range for this IPAM configuration.
" + }, + "IpamPoolArn":{ + "shape":"string", + "documentation":"The Amazon Resource Name (ARN) of the IPAM pool that the CIDR block is assigned to.
" + }, + "AnycastIp":{ + "shape":"string", + "documentation":"The specified Anycast IP address allocated from the IPAM pool for this CIDR configuration.
" + }, + "Status":{ + "shape":"IpamCidrStatus", + "documentation":"The current status of the IPAM CIDR configuration.
" + } + }, + "documentation":"Configuration for an IPAM CIDR that defines a specific IP address range, IPAM pool, and associated Anycast IP address.
" + }, + "IpamCidrConfigList":{ + "type":"list", + "member":{ + "shape":"IpamCidrConfig", + "locationName":"IpamCidrConfig" + } + }, + "IpamCidrStatus":{ + "type":"string", + "enum":[ + "provisioned", + "failed-provision", + "provisioning", + "deprovisioned", + "failed-deprovision", + "deprovisioning", + "advertised", + "failed-advertise", + "advertising", + "withdrawn", + "failed-withdraw", + "withdrawing" + ] + }, + "IpamConfig":{ + "type":"structure", + "required":[ + "Quantity", + "IpamCidrConfigs" + ], + "members":{ + "Quantity":{ + "shape":"integer", + "documentation":"The number of IPAM CIDR configurations in the IpamCidrConfigs list.
A list of IPAM CIDR configurations that define the IP address ranges, IPAM pools, and associated Anycast IP addresses.
" + } + }, + "documentation":"The configuration IPAM settings that includes the quantity of CIDR configurations and the list of IPAM CIDR configurations.
" + }, "ItemSelection":{ "type":"string", "enum":[ @@ -14168,7 +14248,7 @@ }, "IpAddressType":{ "shape":"IpAddressType", - "documentation":"The IP address type for the Anycast static IP list. You can specify one of the following options:
ipv4 - Allocate a list of only IPv4 addresses
ipv6 - Allocate a list of only IPv4 addresses
dualstack - Allocate a list of both IPv4 and IPv6 addresses
The IP address type for the Anycast static IP list. You can specify one of the following options:
ipv4 only
ipv6 only
dualstack - Allocate a list of both IPv4 and IPv6 addresses
Creates a new event data store.
" }, @@ -287,7 +288,7 @@ {"shape":"NoManagementAccountSLRExistsException"}, {"shape":"InsufficientDependencyServiceAccessPermissionException"} ], - "documentation":"Deletes a trail. This operation must be called from the Region in which the trail was created. DeleteTrail cannot be called on the shadow trails (replicated trails in other Regions) of a trail that is enabled in all Regions.
Deletes a trail. This operation must be called from the Region in which the trail was created. DeleteTrail cannot be called on the shadow trails (replicated trails in other Regions) of a trail that is enabled in all Regions.
While deleting a CloudTrail trail is an irreversible action, CloudTrail does not delete log files in the Amazon S3 bucket for that trail, the Amazon S3 bucket itself, or the CloudWatchlog group to which the trail delivers events. Deleting a multi-Region trail will stop logging of events in all Amazon Web Services Regions enabled in your Amazon Web Services account. Deleting a single-Region trail will stop logging of events in that Region only. It will not stop logging of events in other Regions even if the trails in those other Regions have identical names to the deleted trail.
For information about account closure and deletion of CloudTrail trails, see https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-account-closure.html.
Retrieves the current event configuration settings for the specified event data store, including details about maximum event size and context key selectors configured for the event data store.
", + "documentation":"Retrieves the current event configuration settings for the specified event data store or trail. The response includes maximum event size configuration, the context key selectors configured for the event data store, and any aggregation settings configured for the trail.
", "idempotent":true }, "GetEventDataStore":{ @@ -556,7 +559,7 @@ {"shape":"NoManagementAccountSLRExistsException"}, {"shape":"ThrottlingException"} ], - "documentation":"Describes the settings for the Insights event selectors that you configured for your trail or event data store. GetInsightSelectors shows if CloudTrail Insights event logging is enabled on the trail or event data store, and if it is, which Insights types are enabled. If you run GetInsightSelectors on a trail or event data store that does not have Insights events enabled, the operation throws the exception InsightNotEnabledException
Specify either the EventDataStore parameter to get Insights event selectors for an event data store, or the TrailName parameter to the get Insights event selectors for a trail. You cannot specify these parameters together.
For more information, see Working with CloudTrail Insights in the CloudTrail User Guide.
", + "documentation":"Describes the settings for the Insights event selectors that you configured for your trail or event data store. GetInsightSelectors shows if CloudTrail Insights logging is enabled and which Insights types are configured with corresponding event categories. If you run GetInsightSelectors on a trail or event data store that does not have Insights events enabled, the operation throws the exception InsightNotEnabledException
Specify either the EventDataStore parameter to get Insights event selectors for an event data store, or the TrailName parameter to the get Insights event selectors for a trail. You cannot specify these parameters together.
For more information, see Working with CloudTrail Insights in the CloudTrail User Guide.
", "idempotent":true }, "GetQueryResults":{ @@ -720,6 +723,22 @@ "documentation":" Returns information on all imports, or a select set of imports by ImportStatus or Destination.
Returns Insights events generated on a trail that logs data events. You can list Insights events that occurred in a Region within the last 90 days.
ListInsightsData supports the following Dimensions for Insights events:
Event ID
Event name
Event source
All dimensions are optional. The default number of results returned is 50, with a maximum of 50 possible. The response includes a token that you can use to get the next page of results.
The rate of ListInsightsData requests is limited to two per second, per account, per Region. If this limit is exceeded, a throttling error occurs.
", + "idempotent":true + }, "ListInsightsMetricData":{ "name":"ListInsightsMetricData", "http":{ @@ -730,10 +749,11 @@ "output":{"shape":"ListInsightsMetricDataResponse"}, "errors":[ {"shape":"InvalidParameterException"}, + {"shape":"InvalidTrailNameException"}, {"shape":"OperationNotPermittedException"}, {"shape":"UnsupportedOperationException"} ], - "documentation":"Returns Insights metrics data for trails that have enabled Insights. The request must include the EventSource, EventName, and InsightType parameters.
If the InsightType is set to ApiErrorRateInsight, the request must also include the ErrorCode parameter.
The following are the available time periods for ListInsightsMetricData. Each cutoff is inclusive.
Data points with a period of 60 seconds (1-minute) are available for 15 days.
Data points with a period of 300 seconds (5-minute) are available for 63 days.
Data points with a period of 3600 seconds (1 hour) are available for 90 days.
Access to the ListInsightsMetricData API operation is linked to the cloudtrail:LookupEvents action. To use this operation, you must have permissions to perform the cloudtrail:LookupEvents action.
Returns Insights metrics data for trails that have enabled Insights. The request must include the EventSource, EventName, and InsightType parameters.
If the InsightType is set to ApiErrorRateInsight, the request must also include the ErrorCode parameter.
The following are the available time periods for ListInsightsMetricData. Each cutoff is inclusive.
Data points with a period of 60 seconds (1-minute) are available for 15 days.
Data points with a period of 300 seconds (5-minute) are available for 63 days.
Data points with a period of 3600 seconds (1 hour) are available for 90 days.
To use ListInsightsMetricData operation, you must have the following permissions:
If ListInsightsMetricData is invoked with TrailName parameter, access to the ListInsightsMetricData API operation is linked to the cloudtrail:LookupEvents action and cloudtrail:ListInsightsData. To use this operation, you must have permissions to perform the cloudtrail:LookupEvents and cloudtrail:ListInsightsData action on the specific trail.
If ListInsightsMetricData is invoked without TrailName parameter, access to the ListInsightsMetricData API operation is linked to the cloudtrail:LookupEvents action only. To use this operation, you must have permissions to perform the cloudtrail:LookupEvents action.
Updates the event configuration settings for the specified event data store. You can update the maximum event size and context key selectors.
", + "documentation":"Updates the event configuration settings for the specified event data store or trail. This operation supports updating the maximum event size, adding or modifying context key selectors for event data store, and configuring aggregation settings for the trail.
", "idempotent":true }, "PutEventSelectors":{ @@ -917,7 +940,7 @@ {"shape":"NoManagementAccountSLRExistsException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lets you enable Insights event logging by specifying the Insights selectors that you want to enable on an existing trail or event data store. You also use PutInsightSelectors to turn off Insights event logging, by passing an empty list of Insights types. The valid Insights event types are ApiErrorRateInsight and ApiCallRateInsight.
To enable Insights on an event data store, you must specify the ARNs (or ID suffix of the ARNs) for the source event data store (EventDataStore) and the destination event data store (InsightsDestination). The source event data store logs management events and enables Insights. The destination event data store logs Insights events based upon the management event activity of the source event data store. The source and destination event data stores must belong to the same Amazon Web Services account.
To log Insights events for a trail, you must specify the name (TrailName) of the CloudTrail trail for which you want to change or add Insights selectors.
To log CloudTrail Insights events on API call volume, the trail or event data store must log write management events. To log CloudTrail Insights events on API error rate, the trail or event data store must log read or write management events. You can call GetEventSelectors on a trail to check whether the trail logs management events. You can call GetEventDataStore on an event data store to check whether the event data store logs management events.
For more information, see Working with CloudTrail Insights in the CloudTrail User Guide.
", + "documentation":"Lets you enable Insights event logging on specific event categories by specifying the Insights selectors that you want to enable on an existing trail or event data store. You also use PutInsightSelectors to turn off Insights event logging, by passing an empty list of Insights types. The valid Insights event types are ApiErrorRateInsight and ApiCallRateInsight, and valid EventCategories are Management and Data.
Insights on data events are not supported on event data stores. For event data stores, you can only enable Insights on management events.
To enable Insights on an event data store, you must specify the ARNs (or ID suffix of the ARNs) for the source event data store (EventDataStore) and the destination event data store (InsightsDestination). The source event data store logs management events and enables Insights. The destination event data store logs Insights events based upon the management event activity of the source event data store. The source and destination event data stores must belong to the same Amazon Web Services account.
To log Insights events for a trail, you must specify the name (TrailName) of the CloudTrail trail for which you want to change or add Insights selectors.
For Management events Insights: To log CloudTrail Insights on the API call rate, the trail or event data store must log write management events. To log CloudTrail Insights on the API error rate, the trail or event data store must log read or write management events.
For Data events Insights: To log CloudTrail Insights on the API call rate or API error rate, the trail must log read or write data events. Data events Insights are not supported on event data store.
To log CloudTrail Insights events on API call volume, the trail or event data store must log write management events. To log CloudTrail Insights events on API error rate, the trail or event data store must log read or write management events. You can call GetEventSelectors on a trail to check whether the trail logs management events. You can call GetEventDataStore on an event data store to check whether the event data store logs management events.
For more information, see Working with CloudTrail Insights in the CloudTrail User Guide.
", "idempotent":true }, "PutResourcePolicy":{ @@ -1289,7 +1312,9 @@ {"shape":"OrganizationsNotInUseException"}, {"shape":"NotOrganizationMasterAccountException"}, {"shape":"NoManagementAccountSLRExistsException"}, - {"shape":"OrganizationNotInAllFeaturesModeException"} + {"shape":"OrganizationNotInAllFeaturesModeException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"} ], "documentation":"Updates an event data store. The required EventDataStore value is an ARN or the ID portion of the ARN. Other parameters are optional, but at least one optional parameter must be specified, or CloudTrail throws an error. RetentionPeriod is in days, and valid values are integers between 7 and 3653 if the BillingMode is set to EXTENDABLE_RETENTION_PRICING, or between 7 and 2557 if BillingMode is set to FIXED_RETENTION_PRICING. By default, TerminationProtection is enabled.
For event data stores for CloudTrail events, AdvancedEventSelectors includes or excludes management, data, or network activity events in your event data store. For more information about AdvancedEventSelectors, see AdvancedEventSelectors.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, AdvancedEventSelectors includes events of that type in your event data store.
A list of aggregation templates that can be used to configure event aggregation.
" + }, + "EventCategory":{ + "shape":"EventCategoryAggregation", + "documentation":"Specifies the event category for which aggregation should be performed.
" + } + }, + "documentation":"An object that contains configuration settings for aggregating events.
" + }, + "AggregationConfigurations":{ + "type":"list", + "member":{"shape":"AggregationConfiguration"}, + "max":1 + }, "BillingMode":{ "type":"string", "enum":[ @@ -1875,7 +1923,7 @@ }, "KmsKeyId":{ "shape":"String", - "documentation":"Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
Specifies the KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail. The value can be an alias name prefixed by alias/, a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
Specifies the event category for which aggregation configuration is enabled. Valid value is Data.
", "enum":["insight"] }, + "EventCategoryAggregation":{ + "type":"string", + "enum":["Data"] + }, "EventDataStore":{ "type":"structure", "members":{ @@ -2702,6 +2755,10 @@ "GetEventConfigurationRequest":{ "type":"structure", "members":{ + "TrailName":{ + "shape":"String", + "documentation":"The name of the trail for which you want to retrieve event configuration settings.
" + }, "EventDataStore":{ "shape":"String", "documentation":"The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to retrieve event configuration settings.
" @@ -2711,6 +2768,10 @@ "GetEventConfigurationResponse":{ "type":"structure", "members":{ + "TrailARN":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the trail for which the event configuration settings are returned.
" + }, "EventDataStoreArn":{ "shape":"EventDataStoreArn", "documentation":"The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings are returned.
" @@ -2722,6 +2783,10 @@ "ContextKeySelectors":{ "shape":"ContextKeySelectors", "documentation":"The list of context key selectors that are configured for the event data store.
" + }, + "AggregationConfigurations":{ + "shape":"AggregationConfigurations", + "documentation":"The list of aggregation configurations that are configured for the trail.
" } } }, @@ -2900,7 +2965,7 @@ }, "InsightSelectors":{ "shape":"InsightSelectors", - "documentation":"A JSON string that contains the Insight types you want to log on a trail or event data store. ApiErrorRateInsight and ApiCallRateInsight are supported as Insights types.
Contains the Insights types that are enabled on a trail or event data store. It also specifies the event categories on which a particular Insight type is enabled. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.The EventCategory field can specify Management or Data events or both. For event data store, you can log Insights for management events only.
The type of Insights events to log on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
The type of Insights events to log on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only management API calls or read and write data API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management and data API calls that result in error codes. The error is shown if the API call is unsuccessful.
Select the event category on which Insights should be enabled.
If EventCategories is not provided, the specified Insights types are enabled on management API calls by default.
If EventCategories is provided, the given event categories will overwrite the existing ones. For example, if a trail already has Insights enabled on management events, and then a PutInsightSelectors request is made with only data events specified in EventCategories, Insights on management events will be disabled.
A JSON string that contains a list of Insights types that are logged on a trail or event data store.
" @@ -3693,6 +3762,85 @@ } } }, + "ListInsightsDataDimensionKey":{ + "type":"string", + "enum":[ + "EventId", + "EventName", + "EventSource" + ] + }, + "ListInsightsDataDimensionValue":{ + "type":"string", + "max":2000, + "min":1 + }, + "ListInsightsDataDimensions":{ + "type":"map", + "key":{"shape":"ListInsightsDataDimensionKey"}, + "value":{"shape":"ListInsightsDataDimensionValue"}, + "max":1, + "min":1 + }, + "ListInsightsDataMaxResultsCount":{ + "type":"integer", + "max":50, + "min":1 + }, + "ListInsightsDataRequest":{ + "type":"structure", + "required":[ + "InsightSource", + "DataType" + ], + "members":{ + "InsightSource":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name(ARN) of the trail for which you want to retrieve Insights events.
" + }, + "DataType":{ + "shape":"ListInsightsDataType", + "documentation":"Specifies the category of events returned. To fetch Insights events, specify InsightsEvents as the value of DataType
Contains a map of dimensions. Currently the map can contain only one item.
" + }, + "StartTime":{ + "shape":"Date", + "documentation":"Specifies that only events that occur after or at the specified time are returned. If the specified start time is after the specified end time, an error is returned.
" + }, + "EndTime":{ + "shape":"Date", + "documentation":"Specifies that only events that occur before or at the specified time are returned. If the specified end time is before the specified start time, an error is returned.
" + }, + "MaxResults":{ + "shape":"ListInsightsDataMaxResultsCount", + "documentation":"The number of events to return. Possible values are 1 through 50. The default is 50.
" + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"The token to use to get the next page of results after a previous API call. This token must be passed in with the same parameters that were specified in the original call. For example, if the original call specified a EventName as a dimension with PutObject as a value, the call with NextToken should include those same parameters.
A list of events returned based on the InsightSource, DataType or Dimensions specified. The events list is sorted by time. The most recent event is listed first.
" + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"The token to use to get the next page of results after a previous API call. If the token does not appear, there are no more results to return. The token must be passed in with the same parameters as the previous call. For example, if the original call specified a EventName as a dimension with PutObject as a value, the call with NextToken should include those same parameters.
The Amazon Resource Name(ARN) or name of the trail for which you want to retrieve Insights metrics data. This parameter should only be provided to fetch Insights metrics data generated on trails logging data events. This parameter is not required for Insights metric data generated on trails logging management events.
" + }, "EventSource":{ "shape":"EventSource", "documentation":"The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.
Specifies the ARN of the trail. This is only returned when Insights is enabled on a trail logging data events.
" + }, "EventSource":{ "shape":"EventSource", "documentation":"The Amazon Web Services service to which the request was made, such as iam.amazonaws.com or s3.amazonaws.com.
The name of the trail for which you want to update event configuration settings.
" + }, "EventDataStore":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which you want to update event configuration settings.
" + "documentation":"The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which event configuration settings are updated.
" }, "MaxEventSize":{ "shape":"MaxEventSize", @@ -4177,12 +4333,20 @@ "ContextKeySelectors":{ "shape":"ContextKeySelectors", "documentation":"A list of context key selectors that will be included to provide enriched event data.
" + }, + "AggregationConfigurations":{ + "shape":"AggregationConfigurations", + "documentation":"The list of aggregation configurations that you want to configure for the trail.
" } } }, "PutEventConfigurationResponse":{ "type":"structure", "members":{ + "TrailARN":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the trail that has aggregation enabled.
" + }, "EventDataStoreArn":{ "shape":"EventDataStoreArn", "documentation":"The Amazon Resource Name (ARN) or ID suffix of the ARN of the event data store for which the event configuration settings were updated.
" @@ -4194,6 +4358,10 @@ "ContextKeySelectors":{ "shape":"ContextKeySelectors", "documentation":"The list of context key selectors that are configured for the event data store.
" + }, + "AggregationConfigurations":{ + "shape":"AggregationConfigurations", + "documentation":"A list of aggregation configurations that are configured for the trail.
" } } }, @@ -4242,7 +4410,7 @@ }, "InsightSelectors":{ "shape":"InsightSelectors", - "documentation":"A JSON string that contains the Insights types you want to log on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.
The ApiCallRateInsight Insights type analyzes write-only management API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management API calls that result in error codes. The error is shown if the API call is unsuccessful.
Contains the Insights types you want to log on a specific category of events on a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.The EventCategory field can specify Management or Data events or both. For event data store, you can log Insights for management events only.
The ApiCallRateInsight Insights type analyzes write-only management API calls or read and write data API calls that are aggregated per minute against a baseline API call volume.
The ApiErrorRateInsight Insights type analyzes management and data API calls that result in error codes. The error is shown if the API call is unsuccessful.
A JSON string that contains the Insights event types that you want to log on a trail or event data store. The valid Insights types are ApiErrorRateInsight and ApiCallRateInsight.
Contains the Insights types you want to log on a specific category of events in a trail or event data store. ApiCallRateInsight and ApiErrorRateInsight are valid Insight types.The EventCategory field can specify Management or Data events or both. For event data store, you can only log Insights for management events only.
Contains configuration information about the channel.
" }, + "SourceEventCategories":{ + "type":"list", + "member":{"shape":"SourceEventCategory"} + }, + "SourceEventCategory":{ + "type":"string", + "enum":[ + "Management", + "Data" + ] + }, "StartDashboardRefreshRequest":{ "type":"structure", "required":["DashboardId"], @@ -5135,6 +5314,21 @@ "documentation":"A list of tags.
", "max":200 }, + "Template":{ + "type":"string", + "documentation":"Specifies the type of the aggregation templates in the aggregation configuration. Valid values include API_ACTIVITY, RESOURCE_ACCESS and USER_ACTIONS.
", + "enum":[ + "API_ACTIVITY", + "RESOURCE_ACCESS", + "USER_ACTIONS" + ] + }, + "Templates":{ + "type":"list", + "member":{"shape":"Template"}, + "max":50, + "min":1 + }, "TerminationProtectionEnabled":{"type":"boolean"}, "ThrottlingException":{ "type":"structure", @@ -5204,7 +5398,7 @@ }, "KmsKeyId":{ "shape":"String", - "documentation":"Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
Specifies the KMS key ID that encrypts the logs and digest files delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
Specifies the KMS key ID to use to encrypt the logs delivered by CloudTrail. The value can be an alias name prefixed by \"alias/\", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
Specifies the KMS key ID to use to encrypt the logs and digest files delivered by CloudTrail. The value can be an alias name prefixed by \"alias/\", a fully specified ARN to an alias, a fully specified ARN to a key, or a globally unique identifier.
CloudTrail also supports KMS multi-Region keys. For more information about multi-Region keys, see Using multi-Region keys in the Key Management Service Developer Guide.
Examples:
alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:alias/MyAliasName
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
12345678-1234-1234-1234-123456789012
Specifies the KMS key ID that encrypts the logs delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
Specifies the KMS key ID that encrypts the logs and digest files delivered by CloudTrail. The value is a fully specified ARN to a KMS key in the following format.
arn:aws:kms:us-east-2:123456789012:key/12345678-1234-1234-1234-123456789012
Associates one or more member accounts with your organization's management account, enabling centralized implementation of optimization actions across those accounts. Once associated, the management account (or a delegated administrator) can apply recommended actions to the member account. When you associate a member account, its organization rule mode is automatically set to \"Any allowed,\" which permits the management account to create Automation rules that automatically apply actions to that account. If the member account has not previously enabled the Automation feature, the association process automatically enables it.
Only the management account or a delegated administrator can perform this action.
Creates a new automation rule to apply recommended actions to resources based on specified criteria.
", + "idempotent":true + }, + "DeleteAutomationRule":{ + "name":"DeleteAutomationRule", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteAutomationRuleRequest"}, + "output":{"shape":"DeleteAutomationRuleResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"IdempotencyTokenInUseException"} + ], + "documentation":"Deletes an existing automation rule.
", + "idempotent":true + }, + "DisassociateAccounts":{ + "name":"DisassociateAccounts", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateAccountsRequest"}, + "output":{"shape":"DisassociateAccountsResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"NotManagementAccountException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"IdempotencyTokenInUseException"} + ], + "documentation":"Disassociates member accounts from your organization's management account, removing centralized automation capabilities. Once disassociated, organization rules no longer apply to the member account, and the management account (or delegated administrator) cannot create Automation rules for that account.
Only the management account or a delegated administrator can perform this action.
Retrieves details about a specific automation event.
" + }, + "GetAutomationRule":{ + "name":"GetAutomationRule", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetAutomationRuleRequest"}, + "output":{"shape":"GetAutomationRuleResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves details about a specific automation rule.
" + }, + "GetEnrollmentConfiguration":{ + "name":"GetEnrollmentConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetEnrollmentConfigurationRequest"}, + "output":{"shape":"GetEnrollmentConfigurationResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves the current enrollment configuration for Compute Optimizer Automation.
", + "readonly":true + }, + "ListAccounts":{ + "name":"ListAccounts", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAccountsRequest"}, + "output":{"shape":"ListAccountsResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"NotManagementAccountException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Lists the accounts in your organization that are enrolled in Compute Optimizer and whether they have enabled Automation.
Only the management account or a delegated administrator can perform this action.
Lists the steps for a specific automation event. You can only list steps for events created within the past year.
" + }, + "ListAutomationEventSummaries":{ + "name":"ListAutomationEventSummaries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAutomationEventSummariesRequest"}, + "output":{"shape":"ListAutomationEventSummariesResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Provides a summary of automation events based on specified filters. Only events created within the past year will be included in the summary.
" + }, + "ListAutomationEvents":{ + "name":"ListAutomationEvents", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAutomationEventsRequest"}, + "output":{"shape":"ListAutomationEventsResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Lists automation events based on specified filters. You can retrieve events that were created within the past year.
" + }, + "ListAutomationRulePreview":{ + "name":"ListAutomationRulePreview", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAutomationRulePreviewRequest"}, + "output":{"shape":"ListAutomationRulePreviewResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Returns a preview of the recommended actions that match your Automation rule's configuration and criteria.
", + "readonly":true + }, + "ListAutomationRulePreviewSummaries":{ + "name":"ListAutomationRulePreviewSummaries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAutomationRulePreviewSummariesRequest"}, + "output":{"shape":"ListAutomationRulePreviewSummariesResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Returns a summary of the recommended actions that match your rule preview configuration and criteria.
", + "readonly":true + }, + "ListAutomationRules":{ + "name":"ListAutomationRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAutomationRulesRequest"}, + "output":{"shape":"ListAutomationRulesResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Lists the automation rules that match specified filters.
" + }, + "ListRecommendedActionSummaries":{ + "name":"ListRecommendedActionSummaries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListRecommendedActionSummariesRequest"}, + "output":{"shape":"ListRecommendedActionSummariesResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Provides a summary of recommended actions based on specified filters.
Management accounts and delegated administrators can retrieve recommended actions that include associated member accounts. You can associate a member account using AssociateAccounts.
Lists the recommended actions based that match specified filters.
Management accounts and delegated administrators can retrieve recommended actions that include associated member accounts. You can associate a member account using AssociateAccounts.
Lists the tags for a specified resource.
", + "readonly":true + }, + "RollbackAutomationEvent":{ + "name":"RollbackAutomationEvent", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RollbackAutomationEventRequest"}, + "output":{"shape":"RollbackAutomationEventResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"IdempotencyTokenInUseException"} + ], + "documentation":"Initiates a rollback for a completed automation event.
Management accounts and delegated administrators can only initiate a rollback for events belonging to associated member accounts. You can associate a member account using AssociateAccounts.
Initiates a one-time, on-demand automation for the specified recommended action.
Management accounts and delegated administrators can only initiate recommended actions for associated member accounts. You can associate a member account using AssociateAccounts.
Adds tags to the specified resource.
", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"IdempotencyTokenInUseException"} + ], + "documentation":"Removes tags from the specified resource.
", + "idempotent":true + }, + "UpdateAutomationRule":{ + "name":"UpdateAutomationRule", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateAutomationRuleRequest"}, + "output":{"shape":"UpdateAutomationRuleResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"IdempotencyTokenInUseException"} + ], + "documentation":"Updates an existing automation rule.
", + "idempotent":true + }, + "UpdateEnrollmentConfiguration":{ + "name":"UpdateEnrollmentConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateEnrollmentConfigurationRequest"}, + "output":{"shape":"UpdateEnrollmentConfigurationResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ForbiddenException"}, + {"shape":"OptInRequiredException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"NotManagementAccountException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"IdempotencyTokenInUseException"} + ], + "documentation":"Updates your account’s Compute Optimizer Automation enrollment configuration.
", + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"You do not have sufficient permissions to perform this action.
", + "exception":true + }, + "AccountId":{ + "type":"string", + "pattern":"[0-9]{12}" + }, + "AccountIdList":{ + "type":"list", + "member":{"shape":"AccountId"} + }, + "AccountInfo":{ + "type":"structure", + "required":[ + "accountId", + "status", + "organizationRuleMode", + "lastUpdatedTimestamp" + ], + "members":{ + "accountId":{ + "shape":"AccountId", + "documentation":"The ID of the Amazon Web Services account.
" + }, + "status":{ + "shape":"EnrollmentStatus", + "documentation":"The enrollment status of the account: Active, Inactive, Pending, or Failed.
" + }, + "organizationRuleMode":{ + "shape":"OrganizationRuleMode", + "documentation":"Specifies whether the management account can create Automation rules that implement optimization actions for this account.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"The reason for the current Automation enrollment status.
" + }, + "lastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the account's Automation enrollment status was last updated.
" + } + }, + "documentation":"Contains information about an Amazon Web Services account's enrollment and association status with Compute Optimizer Automation.
" + }, + "AccountInfoList":{ + "type":"list", + "member":{"shape":"AccountInfo"} + }, + "AssociateAccountsRequest":{ + "type":"structure", + "required":["accountIds"], + "members":{ + "accountIds":{ + "shape":"AccountIdList", + "documentation":"The IDs of the member accounts to associate. You can specify up to 50 account IDs.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique identifier to ensure idempotency of the request. Valid for 24 hours after creation.
", + "idempotencyToken":true + } + } + }, + "AssociateAccountsResponse":{ + "type":"structure", + "members":{ + "accountIds":{ + "shape":"AccountIdList", + "documentation":"The IDs of the member accounts that were successfully associated.
" + }, + "errors":{ + "shape":"StringList", + "documentation":"Any errors that occurred during the association process.
" + } + } + }, + "AutomationEvent":{ + "type":"structure", + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The unique identifier for the automation event.
" + }, + "eventDescription":{ + "shape":"String", + "documentation":"A description of the automation event.
" + }, + "eventType":{ + "shape":"EventType", + "documentation":"The type of automation event.
" + }, + "eventStatus":{ + "shape":"EventStatus", + "documentation":"The current status of the automation event.
" + }, + "eventStatusReason":{ + "shape":"String", + "documentation":"The reason for the current event status.
" + }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the resource affected by the automation event.
" + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the resource affected by the automation event.
" + }, + "recommendedActionId":{ + "shape":"RecommendedActionId", + "documentation":"The ID of the recommended action associated with this automation event.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The Amazon Web Services account ID associated with the automation event.
" + }, + "region":{ + "shape":"String", + "documentation":"The Amazon Web Services Region where the automation event occurred.
" + }, + "ruleId":{ + "shape":"RuleId", + "documentation":"The ID of the automation rule that triggered this event.
" + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"The type of resource affected by the automation event.
" + }, + "createdTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation event was created.
" + }, + "completedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation event completed.
" + }, + "estimatedMonthlySavings":{ + "shape":"EstimatedMonthlySavings", + "documentation":"The estimated monthly cost savings associated with this automation event.
" + } + }, + "documentation":"Contains information about an automation event.
" + }, + "AutomationEventFilter":{ + "type":"structure", + "required":[ + "name", + "values" + ], + "members":{ + "name":{ + "shape":"AutomationEventFilterName", + "documentation":"The name of the filter to apply.
" + }, + "values":{ + "shape":"FilterValues", + "documentation":"The values to use for the specified filter.
" + } + }, + "documentation":"A filter to apply when listing automation events.
" + }, + "AutomationEventFilterList":{ + "type":"list", + "member":{"shape":"AutomationEventFilter"} + }, + "AutomationEventFilterName":{ + "type":"string", + "enum":[ + "AccountId", + "ResourceType", + "EventType", + "EventStatus" + ] + }, + "AutomationEventStep":{ + "type":"structure", + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event this step belongs to.
" + }, + "stepId":{ + "shape":"StepId", + "documentation":"The unique identifier for this step.
" + }, + "stepType":{ + "shape":"StepType", + "documentation":"The type of step.
" + }, + "stepStatus":{ + "shape":"StepStatus", + "documentation":"The current status of the step.
" + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the resource being acted upon in this step.
" + }, + "startTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when this automation event step started execution.
" + }, + "completedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when this automation event step completed execution.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"} + }, + "documentation":"Contains information about a step in an automation event.
" + }, + "AutomationEventSteps":{ + "type":"list", + "member":{"shape":"AutomationEventStep"} + }, + "AutomationEventSummary":{ + "type":"structure", + "members":{ + "key":{ + "shape":"String", + "documentation":"The key identifier for this summary grouping.
" + }, + "dimensions":{ + "shape":"SummaryDimensions", + "documentation":"The dimensions used to group this summary, such as event status.
" + }, + "timePeriod":{ + "shape":"TimePeriod", + "documentation":"The time period covered by this summary, with inclusive start time and exclusive end time.
" + }, + "total":{ + "shape":"SummaryTotals", + "documentation":"The aggregated totals for this summary, including event count and estimated savings.
" + } + }, + "documentation":"A summary of automation events grouped by specified dimensions.
" + }, + "AutomationEventSummaryList":{ + "type":"list", + "member":{"shape":"AutomationEventSummary"} + }, + "AutomationEvents":{ + "type":"list", + "member":{"shape":"AutomationEvent"} + }, + "AutomationRule":{ + "type":"structure", + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The Amazon Resource Name (ARN) of the automation rule.
" + }, + "ruleId":{ + "shape":"RuleId", + "documentation":"The unique identifier of the automation rule.
" + }, + "name":{ + "shape":"RuleName", + "documentation":"The name of the automation rule.
" + }, + "description":{ + "shape":"String", + "documentation":"A description of the automation rule.
" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"The type of automation rule (OrganizationRule or AccountRule).
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the automation rule.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The 12-digit Amazon Web Services account ID that owns this automation rule.
" + }, + "organizationConfiguration":{ + "shape":"OrganizationConfiguration", + "documentation":"Configuration settings for organization-wide rules.
" + }, + "priority":{ + "shape":"String", + "documentation":"A string representation of a decimal number between 0 and 1 (having up to 30 digits after the decimal point) that determines the priority of the rule. When multiple rules match the same recommended action, Compute Optimizer assigns the action to the rule with the lowest priority value (highest priority), even if that rule is scheduled to run later than other matching rules.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"List of recommended action types that this rule can execute.
" + }, + "schedule":{ + "shape":"Schedule", + "documentation":"The schedule configuration for when the automation rule should execute.
" + }, + "status":{ + "shape":"RuleStatus", + "documentation":"The current status of the automation rule (Active or Inactive).
" + }, + "createdTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was created.
" + }, + "lastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was last updated.
" + } + }, + "documentation":"Represents a complete automation rule configuration including criteria, schedule, and execution settings.
" + }, + "AutomationRuleFilterName":{ + "type":"string", + "enum":[ + "Name", + "RecommendedActionType", + "Status", + "RuleType", + "OrganizationConfigurationRuleApplyOrder", + "AccountId" + ] + }, + "AutomationRules":{ + "type":"list", + "member":{"shape":"AutomationRule"} + }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "ClientToken":{ + "type":"string", + "pattern":"[a-zA-Z0-9_-]{1,64}" + }, + "ComparisonOperator":{ + "type":"string", + "enum":[ + "StringEquals", + "StringNotEquals", + "StringEqualsIgnoreCase", + "StringNotEqualsIgnoreCase", + "StringLike", + "StringNotLike", + "NumericEquals", + "NumericNotEquals", + "NumericLessThan", + "NumericLessThanEquals", + "NumericGreaterThan", + "NumericGreaterThanEquals" + ] + }, + "CreateAutomationRuleRequest":{ + "type":"structure", + "required":[ + "name", + "ruleType", + "recommendedActionTypes", + "schedule", + "status" + ], + "members":{ + "name":{ + "shape":"RuleName", + "documentation":"The name of the automation rule.
" + }, + "description":{ + "shape":"RuleDescription", + "documentation":"A description of the automation rule.
" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"The type of rule.
Only the management account or a delegated administrator can set the ruleType to be OrganizationRule.
Configuration for organization-level rules. Required for OrganizationRule type.
" + }, + "priority":{ + "shape":"String", + "documentation":"A string representation of a decimal number between 0 and 1 (having up to 30 digits after the decimal point) that determines the priority of the rule. When multiple rules match the same recommended action, Compute Optimizer assigns the action to the rule with the lowest priority value (highest priority), even if that rule is scheduled to run later than other matching rules.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"The types of recommended actions this rule will automate.
" + }, + "criteria":{ + "shape":"Criteria", + "documentation":"A set of conditions that specify which recommended action qualify for implementation. When a rule is active and a recommended action matches these criteria, Compute Optimizer implements the action at the scheduled run time.
" + }, + "schedule":{ + "shape":"Schedule", + "documentation":"The schedule for when the rule should run.
" + }, + "status":{ + "shape":"RuleStatus", + "documentation":"The status of the rule
" + }, + "tags":{ + "shape":"TagList", + "documentation":"The tags to associate with the rule.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique identifier to ensure idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "CreateAutomationRuleResponse":{ + "type":"structure", + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The Amazon Resource Name (ARN) of the created rule.
" + }, + "ruleId":{ + "shape":"RuleId", + "documentation":"The unique identifier of the created rule.
" + }, + "name":{ + "shape":"RuleName", + "documentation":"The name of the automation rule. Must be 1-128 characters long and contain only alphanumeric characters, underscores, and hyphens.
" + }, + "description":{ + "shape":"String", + "documentation":"A description of the automation rule. Can be up to 1024 characters long and contain alphanumeric characters, underscores, hyphens, spaces, and certain special characters.
" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"The type of automation rule. Can be either OrganizationRule for organization-wide rules or AccountRule for account-specific rules.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the automation rule. This is incremented each time the rule is updated.
" + }, + "organizationConfiguration":{ + "shape":"OrganizationConfiguration", + "documentation":"Configuration settings for organization-wide rules, including rule application order and target account IDs.
" + }, + "priority":{ + "shape":"String", + "documentation":"The priority level of the automation rule, used to determine execution order when multiple rules apply to the same resource.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"List of recommended action types that this rule can execute, such as SnapshotAndDeleteUnattachedEbsVolume or UpgradeEbsVolumeType.
" + }, + "criteria":{"shape":"Criteria"}, + "schedule":{ + "shape":"Schedule", + "documentation":"The schedule configuration for when the automation rule should execute, including cron expression, timezone, and execution window.
" + }, + "status":{ + "shape":"RuleStatus", + "documentation":"The current status of the automation rule. Can be Active or Inactive.
" + }, + "tags":{ + "shape":"TagList", + "documentation":"A list of key-value pairs used to categorize and organize the automation rule. Maximum of 200 tags allowed.
" + }, + "createdTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was created.
" + } + } + }, + "Criteria":{ + "type":"structure", + "members":{ + "region":{ + "shape":"StringCriteriaConditionList", + "documentation":"Filter criteria for Amazon Web Services regions where resources must be located.
" + }, + "resourceArn":{ + "shape":"StringCriteriaConditionList", + "documentation":"Filter criteria for specific resource ARNs to include or exclude.
" + }, + "ebsVolumeType":{ + "shape":"StringCriteriaConditionList", + "documentation":"Filter criteria for EBS volume types, such as gp2, gp3, io1, io2, st1, or sc1.
" + }, + "ebsVolumeSizeInGib":{ + "shape":"IntegerCriteriaConditionList", + "documentation":"Filter criteria for EBS volume sizes in gibibytes (GiB).
" + }, + "estimatedMonthlySavings":{ + "shape":"DoubleCriteriaConditionList", + "documentation":"Filter criteria for estimated monthly cost savings from the recommended action.
" + }, + "resourceTag":{ + "shape":"ResourceTagsCriteriaConditionList", + "documentation":"Filter criteria for resource tags, allowing filtering by tag key and value combinations.
" + }, + "lookBackPeriodInDays":{ + "shape":"IntegerCriteriaConditionList", + "documentation":"Filter criteria for the lookback period in days used to analyze resource utilization.
" + }, + "restartNeeded":{ + "shape":"StringCriteriaConditionList", + "documentation":"Filter criteria indicating whether the recommended action requires a resource restart.
" + } + }, + "documentation":"A set of conditions that specify which recommended action qualify for implementation. When a rule is active and a recommended action matches these criteria, Compute Optimizer implements the action at the scheduled run time. You can specify up to 20 conditions per filter criteria and 20 values per condition.
" + }, + "DeleteAutomationRuleRequest":{ + "type":"structure", + "required":[ + "ruleArn", + "ruleRevision" + ], + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the rule to delete.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the rule to delete.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique identifier to ensure idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "DeleteAutomationRuleResponse":{ + "type":"structure", + "members":{} + }, + "DisassociateAccountsRequest":{ + "type":"structure", + "required":["accountIds"], + "members":{ + "accountIds":{ + "shape":"AccountIdList", + "documentation":"The IDs of the member accounts to disassociate.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique identifier to ensure idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "DisassociateAccountsResponse":{ + "type":"structure", + "members":{ + "accountIds":{ + "shape":"AccountIdList", + "documentation":"The IDs of the member accounts that were successfully disassociated.
" + }, + "errors":{ + "shape":"StringList", + "documentation":"Any errors that occurred during the disassociation process.
" + } + } + }, + "Double":{ + "type":"double", + "box":true + }, + "DoubleCriteriaCondition":{ + "type":"structure", + "members":{ + "comparison":{ + "shape":"ComparisonOperator", + "documentation":"The comparison operator to use, such as equals, greater than, less than, etc.
" + }, + "values":{ + "shape":"DoubleList", + "documentation":"The list of double values to compare against using the specified comparison operator.
" + } + }, + "documentation":"Defines a condition for filtering based on double/floating-point numeric values with comparison operators.
" + }, + "DoubleCriteriaConditionList":{ + "type":"list", + "member":{"shape":"DoubleCriteriaCondition"} + }, + "DoubleList":{ + "type":"list", + "member":{"shape":"Double"} + }, + "EbsVolume":{ + "type":"structure", + "members":{ + "configuration":{ + "shape":"EbsVolumeConfiguration", + "documentation":"The configuration details of the EBS volume, including type, size, IOPS, and throughput.
" + } + }, + "documentation":"Represents an Amazon EBS volume with its configuration and snapshot usage information.
" + }, + "EbsVolumeConfiguration":{ + "type":"structure", + "members":{ + "type":{ + "shape":"String", + "documentation":"The EBS volume type, such as gp2, gp3, io1, io2, st1, or sc1.
" + }, + "sizeInGib":{ + "shape":"Integer", + "documentation":"The size of the EBS volume in gibibytes (GiB).
" + }, + "iops":{ + "shape":"Integer", + "documentation":"The number of I/O operations per second (IOPS) provisioned for the volume.
" + }, + "throughput":{ + "shape":"Integer", + "documentation":"The throughput in MiB/s provisioned for the volume (applicable to gp3, io1, and io2bx volumes).
" + } + }, + "documentation":"Configuration details for an Amazon EBS volume.
" + }, + "EnrollmentStatus":{ + "type":"string", + "enum":[ + "Active", + "Inactive", + "Pending", + "Failed" + ] + }, + "EstimatedMonthlySavings":{ + "type":"structure", + "required":[ + "currency", + "beforeDiscountSavings", + "afterDiscountSavings", + "savingsEstimationMode" + ], + "members":{ + "currency":{ + "shape":"String", + "documentation":"The currency of the estimated savings.
" + }, + "beforeDiscountSavings":{ + "shape":"Double", + "documentation":"The estimated monthly savings before applying any discounts.
" + }, + "afterDiscountSavings":{ + "shape":"Double", + "documentation":"The estimated monthly savings after applying any discounts.
" + }, + "savingsEstimationMode":{ + "shape":"SavingsEstimationMode", + "documentation":"The mode used to calculate savings, either BeforeDiscount or AfterDiscount.
" + } + }, + "documentation":"Contains information about estimated monthly cost savings.
" + }, + "EventId":{ + "type":"string", + "pattern":"[0-9A-Za-z]{16}" + }, + "EventStatus":{ + "type":"string", + "enum":[ + "Ready", + "InProgress", + "Complete", + "Failed", + "Cancelled", + "RollbackReady", + "RollbackInProgress", + "RollbackComplete", + "RollbackFailed" + ] + }, + "EventType":{ + "type":"string", + "documentation":"Event type enumeration
", + "enum":[ + "SnapshotAndDeleteUnattachedEbsVolume", + "UpgradeEbsVolumeType" + ] + }, + "Filter":{ + "type":"structure", + "required":[ + "name", + "values" + ], + "members":{ + "name":{ + "shape":"AutomationRuleFilterName", + "documentation":"The name of the filter field to apply.
" + }, + "values":{ + "shape":"FilterValues", + "documentation":"The list of values to filter by for the specified filter field.
" + } + }, + "documentation":"A filter used to narrow down results based on specific criteria.
" + }, + "FilterList":{ + "type":"list", + "member":{"shape":"Filter"} + }, + "FilterValue":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9\\-_\\.\\*\\?\\s]+" + }, + "FilterValues":{ + "type":"list", + "member":{"shape":"FilterValue"} + }, + "ForbiddenException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"You are not authorized to perform this action.
", + "exception":true + }, + "GetAutomationEventRequest":{ + "type":"structure", + "required":["eventId"], + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event to retrieve.
" + } + } + }, + "GetAutomationEventResponse":{ + "type":"structure", + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event to retrieve.
" + }, + "eventDescription":{ + "shape":"String", + "documentation":"A description of the automation event.
" + }, + "eventType":{ + "shape":"EventType", + "documentation":"The type of automation event.
" + }, + "eventStatus":{ + "shape":"EventStatus", + "documentation":"The current status of the automation event.
" + }, + "eventStatusReason":{ + "shape":"String", + "documentation":"The reason for the current event status.
" + }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the resource affected by the automation event.
" + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the resource affected by the automation event.
" + }, + "recommendedActionId":{ + "shape":"RecommendedActionId", + "documentation":"The ID of the recommended action associated with this automation event.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The Amazon Web Services account ID associated with the automation event.
" + }, + "region":{ + "shape":"String", + "documentation":"The Amazon Web Services Region where the automation event occurred.
" + }, + "ruleId":{ + "shape":"RuleId", + "documentation":"The ID of the automation rule that triggered this event.
" + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"The type of resource affected by the automation event.
" + }, + "createdTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation event was created.
" + }, + "completedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation event completed.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"} + } + }, + "GetAutomationRuleRequest":{ + "type":"structure", + "required":["ruleArn"], + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the rule to retrieve.
" + } + } + }, + "GetAutomationRuleResponse":{ + "type":"structure", + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The Amazon Resource Name (ARN) of the automation rule.
" + }, + "ruleId":{ + "shape":"RuleId", + "documentation":"The unique identifier of the automation rule.
" + }, + "name":{ + "shape":"RuleName", + "documentation":"The name of the automation rule.
" + }, + "description":{ + "shape":"String", + "documentation":"A description of the automation rule.
" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"The type of automation rule.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the automation rule.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The 12-digit Amazon Web Services account ID that owns this automation rule.
" + }, + "organizationConfiguration":{"shape":"OrganizationConfiguration"}, + "priority":{ + "shape":"String", + "documentation":"A string representation of a decimal number between 0 and 1 (having up to 30 digits after the decimal point) that determines the priority of the rule.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"List of recommended action types that this rule can execute.
" + }, + "criteria":{"shape":"Criteria"}, + "schedule":{"shape":"Schedule"}, + "status":{ + "shape":"RuleStatus", + "documentation":"The current status of the automation rule (Active or Inactive).
" + }, + "tags":{ + "shape":"TagList", + "documentation":"The tags associated with the automation rule.
" + }, + "createdTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was created.
" + }, + "lastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was last updated.
" + } + } + }, + "GetEnrollmentConfigurationRequest":{ + "type":"structure", + "members":{} + }, + "GetEnrollmentConfigurationResponse":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"EnrollmentStatus", + "documentation":"The current enrollment status.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"The reason for the current enrollment status.
" + }, + "organizationRuleMode":{ + "shape":"OrganizationRuleMode", + "documentation":"Specifies whether the management account can create Automation rules that implement optimization actions for this account.
" + }, + "lastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp of the last update to the enrollment configuration.
" + } + } + }, + "IdempotencyTokenInUseException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The specified client token is already in use.
", + "exception":true + }, + "IdempotentParameterMismatchException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"Exception thrown when the same client token is used with different parameters, indicating a mismatch in idempotent request parameters.
", + "exception":true + }, + "Integer":{ + "type":"integer", + "box":true + }, + "IntegerCriteriaCondition":{ + "type":"structure", + "members":{ + "comparison":{ + "shape":"ComparisonOperator", + "documentation":"The comparison operator to use, such as equals, greater than, less than, etc.
" + }, + "values":{ + "shape":"IntegerList", + "documentation":"The list of integer values to compare against using the specified comparison operator.
" + } + }, + "documentation":"Defines a condition for filtering based on integer values with comparison operators.
" + }, + "IntegerCriteriaConditionList":{ + "type":"list", + "member":{"shape":"IntegerCriteriaCondition"} + }, + "IntegerList":{ + "type":"list", + "member":{"shape":"Integer"} + }, + "InternalServerException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"An internal error occurred while processing the request.
", + "exception":true, + "fault":true + }, + "InvalidParameterValueException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"One or more parameter values are not valid.
", + "exception":true + }, + "ListAccountsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListAccountsRequestMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + } + } + }, + "ListAccountsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":1000, + "min":1 + }, + "ListAccountsResponse":{ + "type":"structure", + "required":["accounts"], + "members":{ + "accounts":{ + "shape":"AccountInfoList", + "documentation":"The list of accounts in your organization enrolled in Compute Optimizer
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results.
" + } + } + }, + "ListAutomationEventStepsRequest":{ + "type":"structure", + "required":["eventId"], + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event.
" + }, + "maxResults":{ + "shape":"ListAutomationEventStepsRequestMaxResultsInteger", + "documentation":"The maximum number of automation event steps to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListAutomationEventStepsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListAutomationEventStepsResponse":{ + "type":"structure", + "members":{ + "automationEventSteps":{ + "shape":"AutomationEventSteps", + "documentation":"The list of steps for the specified automation event.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListAutomationEventSummariesRequest":{ + "type":"structure", + "members":{ + "filters":{ + "shape":"AutomationEventFilterList", + "documentation":"The filters to apply to the list of automation event summaries.
" + }, + "startDateInclusive":{ + "shape":"String", + "documentation":"The start date for filtering automation event summaries, inclusive. Events created on or after this date will be included.
" + }, + "endDateExclusive":{ + "shape":"String", + "documentation":"The end date for filtering automation event summaries, exclusive. Events created before this date will be included.
" + }, + "maxResults":{ + "shape":"ListAutomationEventSummariesRequestMaxResultsInteger", + "documentation":"The maximum number of automation event summaries to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListAutomationEventSummariesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListAutomationEventSummariesResponse":{ + "type":"structure", + "members":{ + "automationEventSummaries":{ + "shape":"AutomationEventSummaryList", + "documentation":"The list of automation event summaries that match the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListAutomationEventsRequest":{ + "type":"structure", + "members":{ + "filters":{ + "shape":"AutomationEventFilterList", + "documentation":"The filters to apply to the list of automation events.
" + }, + "startTimeInclusive":{ + "shape":"Timestamp", + "documentation":"The start of the time range to query for events.
" + }, + "endTimeExclusive":{ + "shape":"Timestamp", + "documentation":"The end of the time range to query for events.
" + }, + "maxResults":{ + "shape":"ListAutomationEventsRequestMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + } + } + }, + "ListAutomationEventsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListAutomationEventsResponse":{ + "type":"structure", + "members":{ + "automationEvents":{ + "shape":"AutomationEvents", + "documentation":"The list of automation events that match the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results.
" + } + } + }, + "ListAutomationRulePreviewRequest":{ + "type":"structure", + "required":[ + "ruleType", + "recommendedActionTypes" + ], + "members":{ + "ruleType":{ + "shape":"RuleType", + "documentation":"The type of rule.
Only the management account or a delegated administrator can set the ruleType to be OrganizationRule.
The organizational scope for the rule preview.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"The types of recommended actions to include in the preview.
" + }, + "criteria":{ + "shape":"Criteria", + "documentation":"A set of conditions that specify which recommended action qualify for implementation. When a rule is active and a recommended action matches these criteria, Compute Optimizer implements the action at the scheduled run time.
" + }, + "maxResults":{ + "shape":"ListAutomationRulePreviewRequestMaxResultsInteger", + "documentation":"The maximum number of automation rule preview results to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListAutomationRulePreviewRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListAutomationRulePreviewResponse":{ + "type":"structure", + "members":{ + "previewResults":{ + "shape":"PreviewResults", + "documentation":"The list of actions that would be taken based on the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListAutomationRulePreviewSummariesRequest":{ + "type":"structure", + "required":[ + "ruleType", + "recommendedActionTypes" + ], + "members":{ + "ruleType":{ + "shape":"RuleType", + "documentation":"The type of rule.
" + }, + "organizationScope":{ + "shape":"OrganizationScope", + "documentation":"The organizational scope for the rule preview.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"The types of recommended actions to include in the preview.
" + }, + "criteria":{"shape":"Criteria"}, + "maxResults":{ + "shape":"ListAutomationRulePreviewSummariesRequestMaxResultsInteger", + "documentation":"The maximum number of automation rule preview summaries to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListAutomationRulePreviewSummariesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListAutomationRulePreviewSummariesResponse":{ + "type":"structure", + "members":{ + "previewResultSummaries":{ + "shape":"PreviewResultSummaries", + "documentation":"The list of automation rule preview summaries that match the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListAutomationRulesRequest":{ + "type":"structure", + "members":{ + "filters":{ + "shape":"FilterList", + "documentation":"The filters to apply to the list of automation rules.
" + }, + "maxResults":{ + "shape":"ListAutomationRulesRequestMaxResultsInteger", + "documentation":"The maximum number of automation rules to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListAutomationRulesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListAutomationRulesResponse":{ + "type":"structure", + "members":{ + "automationRules":{ + "shape":"AutomationRules", + "documentation":"The list of automation rules that match the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListRecommendedActionSummariesRequest":{ + "type":"structure", + "members":{ + "filters":{ + "shape":"RecommendedActionFilterList", + "documentation":"A list of filters to apply when retrieving recommended action summaries. Filters can be based on resource type, action type, account ID, and other criteria.
" + }, + "maxResults":{ + "shape":"ListRecommendedActionSummariesRequestMaxResultsInteger", + "documentation":"The maximum number of recommended action summaries to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListRecommendedActionSummariesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRecommendedActionSummariesResponse":{ + "type":"structure", + "members":{ + "recommendedActionSummaries":{ + "shape":"RecommendedActionSummaries", + "documentation":"The summary of recommended actions that match the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListRecommendedActionsRequest":{ + "type":"structure", + "members":{ + "filters":{ + "shape":"RecommendedActionFilterList", + "documentation":"The filters to apply to the list of recommended actions.
" + }, + "maxResults":{ + "shape":"ListRecommendedActionsRequestMaxResultsInteger", + "documentation":"The maximum number of recommended actions to return in a single response. Valid range is 1-1000.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination to retrieve the next set of results when the response is truncated.
" + } + } + }, + "ListRecommendedActionsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRecommendedActionsResponse":{ + "type":"structure", + "members":{ + "recommendedActions":{ + "shape":"RecommendedActions", + "documentation":"The list of recommended actions that match the specified criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"A token used for pagination. If present, indicates there are more results available and can be used in subsequent requests.
" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the resource to list tags for.
" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagList", + "documentation":"The list of tags associated with the specified resource.
" + } + } + }, + "Long":{ + "type":"long", + "box":true + }, + "NextToken":{ + "type":"string", + "pattern":"[A-Za-z0-9+/=]+" + }, + "NotManagementAccountException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The operation can only be performed by a management account.
", + "exception":true + }, + "OptInRequiredException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The account must be opted in to Compute Optimizer Automation before performing this action.
", + "exception":true + }, + "OrganizationConfiguration":{ + "type":"structure", + "members":{ + "ruleApplyOrder":{ + "shape":"RuleApplyOrder", + "documentation":"Specifies when organization rules should be applied relative to account rules.
" + }, + "accountIds":{ + "shape":"OrganizationConfigurationAccountIds", + "documentation":"List of specific Amazon Web Services account IDs where the organization rule should be applied.
" + } + }, + "documentation":"Configuration settings for organization-wide automation rules.
" + }, + "OrganizationConfigurationAccountIds":{ + "type":"list", + "member":{"shape":"AccountId"}, + "max":50, + "min":1 + }, + "OrganizationRuleMode":{ + "type":"string", + "enum":[ + "AnyAllowed", + "NoneAllowed" + ] + }, + "OrganizationScope":{ + "type":"structure", + "members":{ + "accountIds":{ + "shape":"OrganizationConfigurationAccountIds", + "documentation":"List of Amazon Web Services account IDs to include in the organization scope.
" + } + }, + "documentation":"Defines the scope for organization-level rules when previewing matching actions.
" + }, + "PreviewResult":{ + "type":"structure", + "members":{ + "recommendedActionId":{ + "shape":"RecommendedActionId", + "documentation":"The ID of the recommended action being previewed.
" + }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the resource affected by the recommended action.
" + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the resource affected by the recommended action.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The Amazon Web Services account ID associated with the resource.
" + }, + "region":{ + "shape":"String", + "documentation":"The Amazon Web Services Region where the resource is located.
" + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"The type of resource being evaluated.
" + }, + "lookBackPeriodInDays":{ + "shape":"Integer", + "documentation":"The number of days of historical data used to analyze the resource.
" + }, + "recommendedActionType":{ + "shape":"RecommendedActionType", + "documentation":"The type of recommended action being previewed.
" + }, + "currentResourceSummary":{ + "shape":"String", + "documentation":"A summary of the resource's current configuration.
" + }, + "currentResourceDetails":{"shape":"ResourceDetails"}, + "recommendedResourceSummary":{ + "shape":"String", + "documentation":"A summary of the resource's recommended configuration.
" + }, + "recommendedResourceDetails":{"shape":"ResourceDetails"}, + "restartNeeded":{ + "shape":"Boolean", + "documentation":"Indicates whether implementing the recommended action requires a resource restart.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"}, + "resourceTags":{ + "shape":"TagList", + "documentation":"The tags associated with the resource.
" + } + }, + "documentation":"Contains the results of previewing an automation rule against available recommendations.
" + }, + "PreviewResultSummaries":{ + "type":"list", + "member":{"shape":"PreviewResultSummary"} + }, + "PreviewResultSummary":{ + "type":"structure", + "required":[ + "key", + "total" + ], + "members":{ + "key":{ + "shape":"String", + "documentation":"The key identifier for this preview result summary.
" + }, + "total":{"shape":"RulePreviewTotal"} + }, + "documentation":"Contains a summary of preview results for an automation rule.
" + }, + "PreviewResults":{ + "type":"list", + "member":{"shape":"PreviewResult"} + }, + "RecommendedAction":{ + "type":"structure", + "members":{ + "recommendedActionId":{ + "shape":"RecommendedActionId", + "documentation":"The unique identifier of the recommended action.
" + }, + "resourceArn":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the resource that the recommendation applies to.
" + }, + "resourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the resource that the recommendation applies to.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The Amazon Web Services account ID that owns the resource.
" + }, + "region":{ + "shape":"String", + "documentation":"The Amazon Web Services Region where the resource is located.
" + }, + "resourceType":{ + "shape":"ResourceType", + "documentation":"The type of resource being evaluated.
" + }, + "lookBackPeriodInDays":{ + "shape":"Integer", + "documentation":"The number of days of historical data used to generate the recommendation.
" + }, + "recommendedActionType":{ + "shape":"RecommendedActionType", + "documentation":"The type of action being recommended.
" + }, + "currentResourceSummary":{ + "shape":"String", + "documentation":"A summary of the resource's current configuration.
" + }, + "currentResourceDetails":{"shape":"ResourceDetails"}, + "recommendedResourceSummary":{ + "shape":"String", + "documentation":"A summary of the resource's recommended configuration.
" + }, + "recommendedResourceDetails":{"shape":"ResourceDetails"}, + "restartNeeded":{ + "shape":"Boolean", + "documentation":"Indicates whether implementing the recommended action requires a resource restart.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"}, + "resourceTags":{ + "shape":"TagList", + "documentation":"The tags associated with the resource.
" + } + }, + "documentation":"Contains information about a recommended action that can be applied to optimize an Amazon Web Services resource.
" + }, + "RecommendedActionFilter":{ + "type":"structure", + "required":[ + "name", + "values" + ], + "members":{ + "name":{ + "shape":"RecommendedActionFilterName", + "documentation":"The name of the filter field to apply.
" + }, + "values":{ + "shape":"FilterValues", + "documentation":"List of filter values to match against the specified filter name. Used to narrow down recommended actions based on specific criteria.
" + } + }, + "documentation":"A filter used to narrow down recommended action results based on specific criteria.
" + }, + "RecommendedActionFilterList":{ + "type":"list", + "member":{"shape":"RecommendedActionFilter"} + }, + "RecommendedActionFilterName":{ + "type":"string", + "enum":[ + "ResourceType", + "RecommendedActionType", + "ResourceId", + "LookBackPeriodInDays", + "CurrentResourceDetailsEbsVolumeType", + "ResourceTagsKey", + "ResourceTagsValue", + "AccountId", + "RestartNeeded" + ] + }, + "RecommendedActionId":{ + "type":"string", + "pattern":"[0-9A-Za-z]{16}" + }, + "RecommendedActionSummaries":{ + "type":"list", + "member":{"shape":"RecommendedActionSummary"} + }, + "RecommendedActionSummary":{ + "type":"structure", + "required":[ + "key", + "total" + ], + "members":{ + "key":{ + "shape":"String", + "documentation":"The grouping key used to categorize the recommended actions in this summary.
" + }, + "total":{ + "shape":"RecommendedActionTotal", + "documentation":"Aggregate totals for the recommended actions in this group, including count and estimated savings.
" + } + }, + "documentation":"Summary information about recommended actions, grouped by specific criteria with totals and counts.
" + }, + "RecommendedActionTotal":{ + "type":"structure", + "required":[ + "recommendedActionCount", + "estimatedMonthlySavings" + ], + "members":{ + "recommendedActionCount":{ + "shape":"Integer", + "documentation":"The total number of recommended actions in this group.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"} + }, + "documentation":"Aggregate totals for a group of recommended actions, including count and estimated monthly savings.
" + }, + "RecommendedActionType":{ + "type":"string", + "documentation":"Recommended action type enumeration
", + "enum":[ + "SnapshotAndDeleteUnattachedEbsVolume", + "UpgradeEbsVolumeType" + ] + }, + "RecommendedActionTypeList":{ + "type":"list", + "member":{"shape":"RecommendedActionType"} + }, + "RecommendedActions":{ + "type":"list", + "member":{"shape":"RecommendedAction"} + }, + "ResourceArn":{ + "type":"string", + "pattern":"arn:aws[a-z0-9-]*:[a-z0-9-]+:[a-z0-9-]*:[0-9]{0,12}:[a-zA-Z0-9/_.-]+" + }, + "ResourceDetails":{ + "type":"structure", + "members":{ + "ebsVolume":{ + "shape":"EbsVolume", + "documentation":"Detailed configuration information specific to EBS volumes, including volume type, size, IOPS, and throughput settings.
" + } + }, + "documentation":"Detailed configuration information for a specific Amazon Web Services resource, with type-specific details.
", + "union":true + }, + "ResourceId":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[a-zA-Z0-9_.-]+" + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The specified resource was not found.
", + "exception":true + }, + "ResourceTagsCriteriaCondition":{ + "type":"structure", + "members":{ + "comparison":{ + "shape":"ComparisonOperator", + "documentation":"The comparison operator used to evaluate the tag criteria, such as equals, not equals, or contains.
" + }, + "key":{ + "shape":"StringCriteriaValue", + "documentation":"The tag key to use for comparison when filtering resources.
" + }, + "values":{ + "shape":"StringCriteriaValues", + "documentation":"List of tag values to compare against when filtering resources.
" + } + }, + "documentation":"Criteria condition for filtering resources based on their tags, including comparison operators and values.
" + }, + "ResourceTagsCriteriaConditionList":{ + "type":"list", + "member":{"shape":"ResourceTagsCriteriaCondition"} + }, + "ResourceType":{ + "type":"string", + "enum":["EbsVolume"] + }, + "RollbackAutomationEventRequest":{ + "type":"structure", + "required":["eventId"], + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event to roll back.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Must be 1-64 characters long and contain only alphanumeric characters, underscores, and hyphens.
", + "idempotencyToken":true + } + } + }, + "RollbackAutomationEventResponse":{ + "type":"structure", + "members":{ + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event being rolled back.
" + }, + "eventStatus":{ + "shape":"EventStatus", + "documentation":"The current status of the rollback operation.
" + } + } + }, + "RuleApplyOrder":{ + "type":"string", + "enum":[ + "BeforeAccountRules", + "AfterAccountRules" + ] + }, + "RuleArn":{ + "type":"string", + "pattern":"arn:aws:compute-optimizer::[0-9]{12}:automation-rule/[a-zA-Z0-9_-]+" + }, + "RuleDescription":{ + "type":"string", + "max":1024, + "min":0, + "pattern":"[a-zA-Z0-9_\\-\\s@\\.]*" + }, + "RuleId":{ + "type":"string", + "pattern":"[0-9A-Za-z]{16}" + }, + "RuleName":{ + "type":"string", + "max":128, + "min":0, + "pattern":"[a-zA-Z0-9_-]*" + }, + "RulePreviewTotal":{ + "type":"structure", + "required":[ + "recommendedActionCount", + "estimatedMonthlySavings" + ], + "members":{ + "recommendedActionCount":{ + "shape":"Integer", + "documentation":"The total number of recommended actions matching the rule preview configuration.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"} + }, + "documentation":"Aggregate totals for automation rule preview results, including count and estimated savings.
" + }, + "RuleStatus":{ + "type":"string", + "enum":[ + "Active", + "Inactive" + ] + }, + "RuleType":{ + "type":"string", + "enum":[ + "OrganizationRule", + "AccountRule" + ] + }, + "SavingsEstimationMode":{ + "type":"string", + "enum":[ + "BeforeDiscount", + "AfterDiscount" + ] + }, + "Schedule":{ + "type":"structure", + "members":{ + "scheduleExpression":{ + "shape":"String", + "documentation":"The expression that defines when the schedule runs. cron expression is supported. A cron expression consists of six fields separated by white spaces: (minutes hours day_of_month month day_of_week year)
You can schedule rules to run at most once per day. Your cron expression must use specific values (not wildcards) for the minutes and hours fields. For example: (30 12 * * *) runs daily at 12:30 PM UTC.
The timezone to use when interpreting the schedule expression.
" + }, + "executionWindowInMinutes":{ + "shape":"ScheduleExecutionWindowInMinutesInteger", + "documentation":"The time window in minutes during which the automation rule can start implementing recommended actions.
" + } + }, + "documentation":"Configuration for scheduling when automation rules should execute, including timing and execution windows.
" + }, + "ScheduleExecutionWindowInMinutesInteger":{ + "type":"integer", + "box":true, + "max":1440, + "min":60 + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The request would exceed service quotas.
", + "exception":true + }, + "ServiceUnavailableException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The service is temporarily unavailable.
", + "exception":true, + "fault":true + }, + "StartAutomationEventRequest":{ + "type":"structure", + "required":["recommendedActionId"], + "members":{ + "recommendedActionId":{ + "shape":"RecommendedActionId", + "documentation":"The ID of the recommended action to automate.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Must be 1-64 characters long and contain only alphanumeric characters, underscores, and hyphens.
", + "idempotencyToken":true + } + } + }, + "StartAutomationEventResponse":{ + "type":"structure", + "members":{ + "recommendedActionId":{ + "shape":"RecommendedActionId", + "documentation":"The ID of the recommended action being automated.
" + }, + "eventId":{ + "shape":"EventId", + "documentation":"The ID of the automation event.
" + }, + "eventStatus":{ + "shape":"EventStatus", + "documentation":"The current status of the automation event.
" + } + } + }, + "StepId":{ + "type":"string", + "pattern":"[0-9A-Za-z]{16}" + }, + "StepStatus":{ + "type":"string", + "enum":[ + "Ready", + "InProgress", + "Complete", + "Failed" + ] + }, + "StepType":{ + "type":"string", + "enum":[ + "CreateEbsSnapshot", + "DeleteEbsVolume", + "ModifyEbsVolume", + "CreateEbsVolume" + ] + }, + "String":{"type":"string"}, + "StringCriteriaCondition":{ + "type":"structure", + "members":{ + "comparison":{ + "shape":"ComparisonOperator", + "documentation":"The comparison operator used to evaluate the string criteria, such as equals, not equals, or contains.
" + }, + "values":{ + "shape":"StringCriteriaValues", + "documentation":"List of string values to compare against when applying the criteria condition.
" + } + }, + "documentation":"Criteria condition for filtering based on string values, including comparison operators and target values.
" + }, + "StringCriteriaConditionList":{ + "type":"list", + "member":{"shape":"StringCriteriaCondition"} + }, + "StringCriteriaValue":{ + "type":"string", + "max":512, + "min":1, + "pattern":"[\\w\\s\\.\\-\\:\\/\\=\\+\\@\\*\\?]+" + }, + "StringCriteriaValues":{ + "type":"list", + "member":{"shape":"StringCriteriaValue"} + }, + "StringList":{ + "type":"list", + "member":{"shape":"String"} + }, + "SummaryDimension":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{ + "shape":"SummaryDimensionKey", + "documentation":"The dimension key used for categorizing summary data.
" + }, + "value":{ + "shape":"String", + "documentation":"The specific value for this dimension key used in the summary grouping.
" + } + }, + "documentation":"A key-value pair used to categorize and group summary data for analysis and reporting.
" + }, + "SummaryDimensionKey":{ + "type":"string", + "enum":["EventStatus"] + }, + "SummaryDimensions":{ + "type":"list", + "member":{"shape":"SummaryDimension"} + }, + "SummaryTotals":{ + "type":"structure", + "members":{ + "automationEventCount":{ + "shape":"Integer", + "documentation":"The total number of automation events in this summary group.
" + }, + "estimatedMonthlySavings":{"shape":"EstimatedMonthlySavings"} + }, + "documentation":"Aggregate totals for automation events, including counts and estimated savings.
" + }, + "Tag":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{ + "shape":"TagKey", + "documentation":"The tag key, which can be up to 128 characters long.
" + }, + "value":{ + "shape":"TagValue", + "documentation":"The tag value, which can be up to 256 characters long.
" + } + }, + "documentation":"A key-value pair used to categorize and organize Amazon Web Services resources and automation rules.
" + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\w\\s\\.\\-\\:\\/\\=\\+\\@]+" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"String"} + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"}, + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "ruleRevision", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the resource to tag.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the automation rule to tag. This ensures you're tagging the correct version of the rule.
" + }, + "tags":{ + "shape":"TagList", + "documentation":"The tags to add to the resource.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Must be 1-64 characters long and contain only alphanumeric characters, underscores, and hyphens.
", + "idempotencyToken":true + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"[\\w\\s\\.\\-\\:\\/\\=\\+\\@]*" + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The request was denied due to request throttling.
", + "exception":true + }, + "TimePeriod":{ + "type":"structure", + "members":{ + "startTimeInclusive":{ + "shape":"Timestamp", + "documentation":"The start time of the period, inclusive. Events at or after this time are included.
" + }, + "endTimeExclusive":{ + "shape":"Timestamp", + "documentation":"The end time of the period, exclusive. Events before this time are included.
" + } + }, + "documentation":"Defines a time range with inclusive start time and exclusive end time for filtering and analysis.
" + }, + "Timestamp":{"type":"timestamp"}, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "ruleRevision", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the resource to untag.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the automation rule to untag. This ensures you're untagging the correct version of the rule.
" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"The keys of the tags to remove from the resource.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Must be 1-64 characters long and contain only alphanumeric characters, underscores, and hyphens.
", + "idempotencyToken":true + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateAutomationRuleRequest":{ + "type":"structure", + "required":[ + "ruleArn", + "ruleRevision" + ], + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the rule to update.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The revision number of the rule to update.
" + }, + "name":{ + "shape":"RuleName", + "documentation":"The updated name of the automation rule. Must be 1-128 characters long and contain only alphanumeric characters, underscores, and hyphens.
" + }, + "description":{ + "shape":"RuleDescription", + "documentation":"The updated description of the automation rule. Can be up to 1024 characters long and contain alphanumeric characters, underscores, hyphens, spaces, and certain special characters.
" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"The updated type of automation rule. Can be either OrganizationRule for organization-wide rules or AccountRule for account-specific rules.
" + }, + "organizationConfiguration":{ + "shape":"OrganizationConfiguration", + "documentation":"Updated configuration settings for organization-wide rules, including rule application order and target account IDs.
" + }, + "priority":{ + "shape":"String", + "documentation":"The updated priority level of the automation rule, used to determine execution order when multiple rules apply to the same resource.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"Updated list of recommended action types that this rule can execute, such as SnapshotAndDeleteUnattachedEbsVolume or UpgradeEbsVolumeType.
" + }, + "criteria":{"shape":"Criteria"}, + "schedule":{ + "shape":"Schedule", + "documentation":"The updated schedule configuration for when the automation rule should execute, including cron expression, timezone, and execution window.
" + }, + "status":{ + "shape":"RuleStatus", + "documentation":"The updated status of the automation rule. Can be Active or Inactive.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Must be 1-64 characters long and contain only alphanumeric characters, underscores, and hyphens.
", + "idempotencyToken":true + } + } + }, + "UpdateAutomationRuleResponse":{ + "type":"structure", + "members":{ + "ruleArn":{ + "shape":"RuleArn", + "documentation":"The ARN of the updated rule.
" + }, + "ruleRevision":{ + "shape":"Long", + "documentation":"The new revision number of the updated rule.
" + }, + "name":{ + "shape":"RuleName", + "documentation":"The updated name of the automation rule.
" + }, + "description":{ + "shape":"String", + "documentation":"The updated description of the automation rule.
" + }, + "ruleType":{ + "shape":"RuleType", + "documentation":"The updated type of automation rule.
" + }, + "organizationConfiguration":{ + "shape":"OrganizationConfiguration", + "documentation":"The updated organization configuration settings.
" + }, + "priority":{ + "shape":"String", + "documentation":"The updated priority level of the automation rule.
" + }, + "recommendedActionTypes":{ + "shape":"RecommendedActionTypeList", + "documentation":"The updated list of recommended action types.
" + }, + "criteria":{"shape":"Criteria"}, + "schedule":{ + "shape":"Schedule", + "documentation":"The updated schedule configuration.
" + }, + "status":{ + "shape":"RuleStatus", + "documentation":"The updated status of the automation rule.
" + }, + "createdTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was originally created.
" + }, + "lastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the automation rule was last updated.
" + } + } + }, + "UpdateEnrollmentConfigurationRequest":{ + "type":"structure", + "required":["status"], + "members":{ + "status":{ + "shape":"EnrollmentStatus", + "documentation":"The desired enrollment status.
Active - Enables the Automation feature for your account.
Inactive - Disables the Automation feature for your account and stops all of your automation rules. If you opt in again later, all rules will be inactive, and you must enable the rules you want to run. You must wait at least 24 hours after opting out to opt in again.
The Pending and Failed options cannot be used to update the enrollment status of an account. They are returned in the response of a request to update the enrollment status of an account.
If you are a member account, your account must be disassociated from your organization’s management account before you can disable Automation. Contact your administrator to make this change.
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Must be 1-64 characters long and contain only alphanumeric characters, underscores, and hyphens.
", + "idempotencyToken":true + } + } + }, + "UpdateEnrollmentConfigurationResponse":{ + "type":"structure", + "required":[ + "status", + "lastUpdatedTimestamp" + ], + "members":{ + "status":{ + "shape":"EnrollmentStatus", + "documentation":"The updated enrollment status.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"The reason for the updated enrollment status.
" + }, + "lastUpdatedTimestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp when the enrollment configuration was last updated.
" + } + } + } + }, + "documentation":"Automation is a feature within Amazon Web Services Compute Optimizer that enables you to apply optimization recommendations to your Amazon Web Services resources, reducing costs and improving performance. You can apply recommended actions directly or create automation rules that implement recommendations on a recurring schedule when they match your specified criteria. With automation rules, set criteria such as Amazon Web Services Region and Resource Tags to target specific geographies and workloads. Configure rules to run daily, weekly, or monthly, and Compute Optimizer continuously evaluates new recommendations against your criteria. Track automation events over time, examine detailed step history, estimate savings achieved, and reverse actions directly from Compute Optimizer when needed.
" +} diff --git a/awscli/botocore/data/compute-optimizer-automation/2025-09-22/waiters-2.json b/awscli/botocore/data/compute-optimizer-automation/2025-09-22/waiters-2.json new file mode 100644 index 000000000000..13f60ee66be6 --- /dev/null +++ b/awscli/botocore/data/compute-optimizer-automation/2025-09-22/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff --git a/awscli/botocore/data/connect/2017-08-08/paginators-1.json b/awscli/botocore/data/connect/2017-08-08/paginators-1.json index 945f6017aefc..833c01147594 100644 --- a/awscli/botocore/data/connect/2017-08-08/paginators-1.json +++ b/awscli/botocore/data/connect/2017-08-08/paginators-1.json @@ -445,6 +445,18 @@ ], "output_token": "NextToken", "result_key": "RoutingProfileManualAssignmentQueueConfigSummaryList" + }, + "ListContactFlowModuleAliases": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ContactFlowModuleAliasSummaryList" + }, + "ListContactFlowModuleVersions": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ContactFlowModuleVersionSummaryList" } } } diff --git a/awscli/botocore/data/connect/2017-08-08/service-2.json b/awscli/botocore/data/connect/2017-08-08/service-2.json index 2348ae51b1a8..54deffc643a8 100644 --- a/awscli/botocore/data/connect/2017-08-08/service-2.json +++ b/awscli/botocore/data/connect/2017-08-08/service-2.json @@ -520,6 +520,45 @@ ], "documentation":"Creates a flow module for the specified Amazon Connect instance.
" }, + "CreateContactFlowModuleAlias":{ + "name":"CreateContactFlowModuleAlias", + "http":{ + "method":"PUT", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/alias" + }, + "input":{"shape":"CreateContactFlowModuleAliasRequest"}, + "output":{"shape":"CreateContactFlowModuleAliasResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"DuplicateResourceException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates a named alias that points to a specific version of a contact flow module.
" + }, + "CreateContactFlowModuleVersion":{ + "name":"CreateContactFlowModuleVersion", + "http":{ + "method":"PUT", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/version" + }, + "input":{"shape":"CreateContactFlowModuleVersionRequest"}, + "output":{"shape":"CreateContactFlowModuleVersionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates an immutable snapshot of a contact flow module, preserving its content and settings at a specific point in time for version control and rollback capabilities.
" + }, "CreateContactFlowVersion":{ "name":"CreateContactFlowVersion", "http":{ @@ -1079,6 +1118,42 @@ ], "documentation":"Deletes the specified flow module.
" }, + "DeleteContactFlowModuleAlias":{ + "name":"DeleteContactFlowModuleAlias", + "http":{ + "method":"DELETE", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/alias/{AliasId}" + }, + "input":{"shape":"DeleteContactFlowModuleAliasRequest"}, + "output":{"shape":"DeleteContactFlowModuleAliasResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Removes an alias reference, breaking the named connection to the underlying module version without affecting the version itself.
" + }, + "DeleteContactFlowModuleVersion":{ + "name":"DeleteContactFlowModuleVersion", + "http":{ + "method":"DELETE", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/version/{ContactFlowModuleVersion}" + }, + "input":{"shape":"DeleteContactFlowModuleVersionRequest"}, + "output":{"shape":"DeleteContactFlowModuleVersionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Removes a specific version of a contact flow module.
" + }, "DeleteContactFlowVersion":{ "name":"DeleteContactFlowVersion", "http":{ @@ -1570,6 +1645,24 @@ ], "documentation":"Describes the specified flow module.
Use the $SAVED alias in the request to describe the SAVED content of a Flow. For example, arn:aws:.../contact-flow/{id}:$SAVED. After a flow is published, $SAVED needs to be supplied to view saved content that has not been published.
Retrieves detailed information about a specific alias, including which version it currently points to and its metadata.
" + }, "DescribeEmailAddress":{ "name":"DescribeEmailAddress", "http":{ @@ -2549,6 +2642,42 @@ ], "documentation":"Lists contact evaluations in the specified Amazon Connect instance.
" }, + "ListContactFlowModuleAliases":{ + "name":"ListContactFlowModuleAliases", + "http":{ + "method":"GET", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/aliases" + }, + "input":{"shape":"ListContactFlowModuleAliasesRequest"}, + "output":{"shape":"ListContactFlowModuleAliasesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Lists all aliases associated with a contact flow module, showing their current version mappings and metadata.
" + }, + "ListContactFlowModuleVersions":{ + "name":"ListContactFlowModuleVersions", + "http":{ + "method":"GET", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/versions" + }, + "input":{"shape":"ListContactFlowModuleVersionsRequest"}, + "output":{"shape":"ListContactFlowModuleVersionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Retrieves a paginated list of all versions for a specific contact flow module.
" + }, "ListContactFlowModules":{ "name":"ListContactFlowModules", "http":{ @@ -3926,7 +4055,7 @@ {"shape":"DestinationNotAllowedException"}, {"shape":"OutboundContactNotPermittedException"} ], - "documentation":"Places an outbound call to a contact, and then initiates the flow. It performs the actions in the flow that's specified (in ContactFlowId).
Agents do not initiate the outbound API, which means that they do not dial the contact. If the flow places an outbound call to a contact, and then puts the contact in queue, the call is then routed to the agent, like any other inbound case.
There is a 60-second dialing timeout for this operation. If the call is not connected after 60 seconds, it fails.
UK numbers with a 447 prefix are not allowed by default. Before you can dial these UK mobile numbers, you must submit a service quota increase request. For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.
Campaign calls are not allowed by default. Before you can make a call with TrafficType = CAMPAIGN, you must submit a service quota increase request to the quota Amazon Connect campaigns.
Places an outbound call to a contact, and then initiates the flow. It performs the actions in the flow that's specified (in ContactFlowId).
Agents do not initiate the outbound API, which means that they do not dial the contact. If the flow places an outbound call to a contact, and then puts the contact in queue, the call is then routed to the agent, like any other inbound case.
Dialing timeout for this operation can be configured with the “RingTimeoutInSeconds” parameter. If not specified, the default dialing timeout will be 60 seconds which means if the call is not connected within 60 seconds, it fails.
UK numbers with a 447 prefix are not allowed by default. Before you can dial these UK mobile numbers, you must submit a service quota increase request. For more information, see Amazon Connect Service Quotas in the Amazon Connect Administrator Guide.
Campaign calls are not allowed by default. Before you can make a call with TrafficType = CAMPAIGN, you must submit a service quota increase request to the quota Amazon Connect campaigns.
For Preview dialing mode, only the Amazon Connect outbound campaigns service principal is allowed to assume a role in your account and call this API with OutboundStrategy.
Updates metadata about specified flow.
" }, + "UpdateContactFlowModuleAlias":{ + "name":"UpdateContactFlowModuleAlias", + "http":{ + "method":"POST", + "requestUri":"/contact-flow-modules/{InstanceId}/{ContactFlowModuleId}/alias/{AliasId}" + }, + "input":{"shape":"UpdateContactFlowModuleAliasRequest"}, + "output":{"shape":"UpdateContactFlowModuleAliasResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConditionalOperationFailedException"}, + {"shape":"DuplicateResourceException"} + ], + "documentation":"Updates a specific Aliases metadata, including the version it’s tied to, it’s name, and description.
" + }, "UpdateContactFlowModuleContent":{ "name":"UpdateContactFlowModuleContent", "http":{ @@ -6566,11 +6715,24 @@ }, "PeriodicSessionDuration":{ "shape":"AccessTokenDuration", - "documentation":"The short lived session duration configuration for users logged in to Amazon Connect, in minutes. This value determines the maximum possible time before an agent is authenticated. For more information, see Configure the session duration in the Amazon Connect Administrator Guide.
" + "documentation":"The short lived session duration configuration for users logged in to Amazon Connect, in minutes. This value determines the maximum possible time before an agent is authenticated. For more information, see Configure the session duration in the Amazon Connect Administrator Guide.
", + "deprecated":true, + "deprecatedMessage":"PeriodicSessionDuration is deprecated. Use SessionInactivityDuration instead.", + "deprecatedSince":"10/31/2025" }, "MaxSessionDuration":{ "shape":"RefreshTokenDuration", "documentation":"The long lived session duration for users logged in to Amazon Connect, in minutes. After this time period, users must log in again. For more information, see Configure the session duration in the Amazon Connect Administrator Guide.
" + }, + "SessionInactivityDuration":{ + "shape":"InactivityDuration", + "documentation":"The period, in minutes, before an agent is automatically signed out of the contact center when they go inactive.
", + "box":true + }, + "SessionInactivityHandlingEnabled":{ + "shape":"Boolean", + "documentation":"Determines if automatic logout on user inactivity is enabled.
", + "box":true } }, "documentation":"This API is in preview release for Amazon Connect and is subject to change. To request access to this API, contact Amazon Web Services Support.
Information about an authentication profile. An authentication profile is a resource that stores the authentication settings for users in your contact center. You use authentication profiles to set up IP address range restrictions and session timeouts. For more information, see Set IP address restrictions or session timeouts.
" @@ -7430,6 +7592,10 @@ "shape":"timestamp", "documentation":"The timestamp when the contact was last resumed.
" }, + "RingStartTimestamp":{ + "shape":"timestamp", + "documentation":"The timestamp when ringing started for a campaign call.
" + }, "TotalPauseCount":{ "shape":"TotalPauseCount", "documentation":"Total pause count for a contact.
" @@ -7790,10 +7956,108 @@ "Tags":{ "shape":"TagMap", "documentation":"The tags used to organize, track, or control access for this resource. For example, { \"Tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
" + }, + "FlowModuleContentSha256":{ + "shape":"FlowModuleContentSha256", + "documentation":"Hash of the module content for integrity verification.
" + }, + "Version":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + }, + "VersionDescription":{ + "shape":"ContactFlowModuleDescription", + "documentation":"Description of the version.
" + }, + "Settings":{ + "shape":"FlowModuleSettings", + "documentation":"The configuration settings for the flow module.
" + }, + "ExternalInvocationConfiguration":{ + "shape":"ExternalInvocationConfiguration", + "documentation":"The external invocation configuration for the flow module
" } }, "documentation":"Contains information about a flow module.
" }, + "ContactFlowModuleAlias":{ + "type":"string", + "max":100, + "min":1, + "pattern":"^([$0-9a-zA-Z][_-]?)+$" + }, + "ContactFlowModuleAliasInfo":{ + "type":"structure", + "members":{ + "ContactFlowModuleId":{ + "shape":"ResourceId", + "documentation":"The identifier of the flow module.
" + }, + "ContactFlowModuleArn":{ + "shape":"ARN", + "documentation":"The Amazon Resource Name (ARN) of the flow module.
" + }, + "AliasId":{ + "shape":"ContactFlowModuleAlias", + "documentation":"The identifier of the alias.
" + }, + "Version":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + }, + "Name":{ + "shape":"ContactFlowModuleAlias", + "documentation":"The name of the alias.
" + }, + "Description":{ + "shape":"ContactFlowModuleDescription", + "documentation":"The description of the alias.
" + }, + "LastModifiedRegion":{ + "shape":"RegionName", + "documentation":"The Amazon Web Services Region where this resource was last modified.
" + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"The timestamp when this resource was last modified.
" + } + }, + "documentation":"Contains information about an alias.
" + }, + "ContactFlowModuleAliasSummary":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ARN", + "documentation":"The Amazon Resource Name (ARN) of the flow module alias.
" + }, + "AliasId":{ + "shape":"ResourceId", + "documentation":"The identifier of the alias.
" + }, + "Version":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + }, + "AliasName":{ + "shape":"ContactFlowModuleName", + "documentation":"The name of the alias.
" + }, + "AliasDescription":{ + "shape":"ContactFlowModuleDescription", + "documentation":"The description of the alias.
" + }, + "LastModifiedTime":{ + "shape":"Timestamp", + "documentation":"The timestamp when this resource was last modified.
" + } + }, + "documentation":"Contains information about an alias.
" + }, + "ContactFlowModuleAliasSummaryList":{ + "type":"list", + "member":{"shape":"ContactFlowModuleAliasSummary"} + }, "ContactFlowModuleContent":{ "type":"string", "max":256000, @@ -7890,6 +8154,28 @@ }, "documentation":"Contains summary information about a flow.
" }, + "ContactFlowModuleVersionSummary":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ARN", + "documentation":"The Amazon Resource Name (ARN) of the flow module version.
" + }, + "VersionDescription":{ + "shape":"ContactFlowModuleDescription", + "documentation":"The description of the flow module version.
" + }, + "Version":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + } + }, + "documentation":"Contains information about a version.
" + }, + "ContactFlowModuleVersionSummaryList":{ + "type":"list", + "member":{"shape":"ContactFlowModuleVersionSummary"} + }, "ContactFlowModulesSummaryList":{ "type":"list", "member":{"shape":"ContactFlowModuleSummary"} @@ -8420,6 +8706,54 @@ }, "documentation":"The CreateCase action definition.
The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "Description":{ + "shape":"ContactFlowDescription", + "documentation":"The description of the alias.
" + }, + "ContactFlowModuleId":{ + "shape":"ContactFlowModuleId", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "ContactFlowModuleVersion":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + }, + "AliasName":{ + "shape":"ContactFlowModuleAlias", + "documentation":"The name of the alias.
" + } + } + }, + "CreateContactFlowModuleAliasResponse":{ + "type":"structure", + "members":{ + "ContactFlowModuleArn":{ + "shape":"ARN", + "documentation":"The Amazon Resource Name (ARN) of the flow module.
" + }, + "Id":{ + "shape":"ResourceId", + "documentation":"The identifier of the alias.
" + } + } + }, "CreateContactFlowModuleRequest":{ "type":"structure", "required":[ @@ -8454,6 +8788,14 @@ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If not provided, the Amazon Web Services SDK populates this field. For more information about idempotency, see Making retries safe with idempotent APIs.
", "idempotencyToken":true + }, + "Settings":{ + "shape":"FlowModuleSettings", + "documentation":"The configuration settings for the flow module.
" + }, + "ExternalInvocationConfiguration":{ + "shape":"ExternalInvocationConfiguration", + "documentation":"The external invocation configuration for the flow module.
" } } }, @@ -8470,6 +8812,48 @@ } } }, + "CreateContactFlowModuleVersionRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactFlowModuleId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "Description":{ + "shape":"ContactFlowModuleDescription", + "documentation":"The description of the flow module version.
" + }, + "ContactFlowModuleId":{ + "shape":"ARN", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "FlowModuleContentSha256":{ + "shape":"FlowModuleContentSha256", + "documentation":"Indicates the checksum value of the flow module content.
" + } + } + }, + "CreateContactFlowModuleVersionResponse":{ + "type":"structure", + "members":{ + "ContactFlowModuleArn":{ + "shape":"ARN", + "documentation":"The Amazon Resource Name (ARN) of the flow module.
" + }, + "Version":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + } + } + }, "CreateContactFlowRequest":{ "type":"structure", "required":[ @@ -10355,6 +10739,38 @@ } } }, + "DeleteContactFlowModuleAliasRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactFlowModuleId", + "AliasId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceIdOrArn", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactFlowModuleId":{ + "shape":"ResourceId", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "AliasId":{ + "shape":"ResourceId", + "documentation":"The identifier of the alias.
", + "location":"uri", + "locationName":"AliasId" + } + } + }, + "DeleteContactFlowModuleAliasResponse":{ + "type":"structure", + "members":{} + }, "DeleteContactFlowModuleRequest":{ "type":"structure", "required":[ @@ -10380,6 +10796,38 @@ "type":"structure", "members":{} }, + "DeleteContactFlowModuleVersionRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactFlowModuleId", + "ContactFlowModuleVersion" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactFlowModuleId":{ + "shape":"ARN", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "ContactFlowModuleVersion":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module to delete.
", + "location":"uri", + "locationName":"ContactFlowModuleVersion" + } + } + }, + "DeleteContactFlowModuleVersionResponse":{ + "type":"structure", + "members":{} + }, "DeleteContactFlowRequest":{ "type":"structure", "required":[ @@ -11067,6 +11515,43 @@ } } }, + "DescribeContactFlowModuleAliasRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactFlowModuleId", + "AliasId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceIdOrArn", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactFlowModuleId":{ + "shape":"ContactFlowModuleId", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "AliasId":{ + "shape":"ResourceId", + "documentation":"The identifier of the alias.
", + "location":"uri", + "locationName":"AliasId" + } + } + }, + "DescribeContactFlowModuleAliasResponse":{ + "type":"structure", + "members":{ + "ContactFlowModuleAlias":{ + "shape":"ContactFlowModuleAliasInfo", + "documentation":"Information about the flow module alias.
" + } + } + }, "DescribeContactFlowModuleRequest":{ "type":"structure", "required":[ @@ -14456,6 +14941,16 @@ "type":"list", "member":{"shape":"Expression"} }, + "ExternalInvocationConfiguration":{ + "type":"structure", + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"Enable external invocation.
" + } + }, + "documentation":"The external invocation configuration for the flow module
" + }, "FailedRequest":{ "type":"structure", "members":{ @@ -14676,6 +15171,13 @@ "min":1, "pattern":"^[a-zA-Z0-9]{64}$" }, + "FlowModuleContentSha256":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[a-zA-Z0-9]{64}$" + }, + "FlowModuleSettings":{"type":"string"}, "FormId":{"type":"string"}, "FragmentNumber":{ "type":"string", @@ -15168,15 +15670,15 @@ }, "Filters":{ "shape":"FiltersV2List", - "documentation":"The filters to apply to returned metrics. You can filter on the following resources:
Agents
Campaigns
Channels
Feature
Queues
Routing profiles
Routing step expression
User hierarchy groups
At least one filter must be passed from queues, routing profiles, agents, or user hierarchy groups.
For metrics for outbound campaigns analytics, you can also use campaigns to satisfy at least one filter requirement.
To filter by phone number, see Create a historical metrics report in the Amazon Connect Administrator Guide.
Note the following limits:
Filter keys: A maximum of 5 filter keys are supported in a single request. Valid filter keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CAMPAIGN_EXCLUDED_EVENT_TYPE | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | EVALUATION_FORM | EVALUATION_SECTION | EVALUATION_QUESTION | EVALUATION_SOURCE | FEATURE | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_MODULE_RESOURCE_ID | FLOWS_NEXT_RESOURCE_ID | FLOWS_NEXT_RESOURCE_QUEUE_ID | FLOWS_OUTCOME_TYPE | FLOWS_RESOURCE_ID | FORM_VERSION | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION | QUEUE | Q_CONNECT_ENABLED |
Filter values: A maximum of 100 filter values are supported in a single request. VOICE, CHAT, and TASK are valid filterValue for the CHANNEL filter key. They do not count towards limitation of 100 filter values. For example, a GetMetricDataV2 request can filter by 50 queues, 35 agents, and 15 routing profiles for a total of 100 filter values, along with 3 channel filters.
contact_lens_conversational_analytics is a valid filterValue for the FEATURE filter key. It is available only to contacts analyzed by Contact Lens conversational analytics.
connect:Chat, connect:SMS, connect:Telephony, and connect:WebRTC are valid filterValue examples (not exhaustive) for the contact/segmentAttributes/connect:Subtype filter key.
ROUTING_STEP_EXPRESSION is a valid filter key with a filter value up to 3000 length. This filter is case and order sensitive. JSON string fields must be sorted in ascending order and JSON array order should be kept as is.
Q_CONNECT_ENABLED. TRUE and FALSE are the only valid filterValues for the Q_CONNECT_ENABLED filter key.
TRUE includes all contacts that had Amazon Q in Connect enabled as part of the flow.
FALSE includes all contacts that did not have Amazon Q in Connect enabled as part of the flow
This filter is available only for contact record-driven metrics.
Campaign ARNs are valid filterValues for the CAMPAIGN filter key.
The filters to apply to returned metrics. You can filter on the following resources:
Agents
Campaigns
Channels
Feature
Queues
Routing profiles
Routing step expression
User hierarchy groups
At least one filter must be passed from queues, routing profiles, agents, or user hierarchy groups.
For metrics for outbound campaigns analytics, you can also use campaigns to satisfy at least one filter requirement.
To filter by phone number, see Create a historical metrics report in the Amazon Connect Administrator Guide.
Note the following limits:
Filter keys: A maximum of 5 filter keys are supported in a single request. Valid filter keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CAMPAIGN_EXCLUDED_EVENT_TYPE | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | EVALUATION_FORM | EVALUATION_SECTION | EVALUATION_QUESTION | EVALUATION_SOURCE | EVALUATOR_ID | FEATURE | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_MODULE_RESOURCE_ID | FLOWS_NEXT_RESOURCE_ID | FLOWS_NEXT_RESOURCE_QUEUE_ID | FLOWS_OUTCOME_TYPE | FLOWS_RESOURCE_ID | FORM_VERSION | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION | QUEUE | Q_CONNECT_ENABLED |
Filter values: A maximum of 100 filter values are supported in a single request. VOICE, CHAT, and TASK are valid filterValue for the CHANNEL filter key. They do not count towards limitation of 100 filter values. For example, a GetMetricDataV2 request can filter by 50 queues, 35 agents, and 15 routing profiles for a total of 100 filter values, along with 3 channel filters.
contact_lens_conversational_analytics is a valid filterValue for the FEATURE filter key. It is available only to contacts analyzed by Contact Lens conversational analytics.
connect:Chat, connect:SMS, connect:Telephony, and connect:WebRTC are valid filterValue examples (not exhaustive) for the contact/segmentAttributes/connect:Subtype filter key.
ROUTING_STEP_EXPRESSION is a valid filter key with a filter value up to 3000 length. This filter is case and order sensitive. JSON string fields must be sorted in ascending order and JSON array order should be kept as is.
Q_CONNECT_ENABLED. TRUE and FALSE are the only valid filterValues for the Q_CONNECT_ENABLED filter key.
TRUE includes all contacts that had Amazon Q in Connect enabled as part of the flow.
FALSE includes all contacts that did not have Amazon Q in Connect enabled as part of the flow
This filter is available only for contact record-driven metrics.
Campaign ARNs are valid filterValues for the CAMPAIGN filter key.
The grouping applied to the metrics that are returned. For example, when results are grouped by queue, the metrics returned are grouped by queue. The values that are returned apply to the metrics for each queue. They are not aggregated for all queues.
If no grouping is specified, a summary of all metrics is returned.
Valid grouping keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CAMPAIGN_EXCLUDED_EVENT_TYPE | CAMPAIGN_EXECUTION_TIMESTAMP | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | EVALUATION_FORM | EVALUATION_SECTION | EVALUATION_QUESTION | EVALUATION_SOURCE | FLOWS_RESOURCE_ID | FLOWS_MODULE_RESOURCE_ID | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_OUTCOME_TYPE | FORM_VERSION | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | Q_CONNECT_ENABLED | QUEUE | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION
Type: Array of strings
Array Members: Maximum number of 4 items
Required: No
" + "documentation":"The grouping applied to the metrics that are returned. For example, when results are grouped by queue, the metrics returned are grouped by queue. The values that are returned apply to the metrics for each queue. They are not aggregated for all queues.
If no grouping is specified, a summary of all metrics is returned.
Valid grouping keys: AGENT | AGENT_HIERARCHY_LEVEL_ONE | AGENT_HIERARCHY_LEVEL_TWO | AGENT_HIERARCHY_LEVEL_THREE | AGENT_HIERARCHY_LEVEL_FOUR | AGENT_HIERARCHY_LEVEL_FIVE | ANSWERING_MACHINE_DETECTION_STATUS | BOT_ID | BOT_ALIAS | BOT_VERSION | BOT_LOCALE | BOT_INTENT_NAME | CAMPAIGN | CAMPAIGN_DELIVERY_EVENT_TYPE | CAMPAIGN_EXCLUDED_EVENT_TYPE | CAMPAIGN_EXECUTION_TIMESTAMP | CASE_TEMPLATE_ARN | CASE_STATUS | CHANNEL | contact/segmentAttributes/connect:Subtype | DISCONNECT_REASON | EVALUATION_FORM | EVALUATION_SECTION | EVALUATION_QUESTION | EVALUATION_SOURCE | EVALUATOR_ID | FLOWS_RESOURCE_ID | FLOWS_MODULE_RESOURCE_ID | FLOW_ACTION_ID | FLOW_TYPE | FLOWS_OUTCOME_TYPE | FORM_VERSION | INITIATION_METHOD | INVOKING_RESOURCE_PUBLISHED_TIMESTAMP | INVOKING_RESOURCE_TYPE | PARENT_FLOWS_RESOURCE_ID | Q_CONNECT_ENABLED | QUEUE | RESOURCE_PUBLISHED_TIMESTAMP | ROUTING_PROFILE | ROUTING_STEP_EXPRESSION
Type: Array of strings
Array Members: Maximum number of 4 items
Required: No
" }, "Metrics":{ "shape":"MetricsV2", - "documentation":"The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Metrics definition in the Amazon Connect Administrator Guide.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Abandonment rate
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherent time
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent answer rate
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Non-adherent time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent non-response
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Data for this metric is available starting from October 1, 2023 0:00:00 GMT.
Unit: Percentage
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Occupancy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherence
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Scheduled time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
Valid metric filter key: INITIATION_METHOD
UI name: Average queue abandon time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average active time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average after contact work time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Average agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average agent pause time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Average bot conversation time
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Average bot conversation turns
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average contacts per case
Unit: Seconds
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average case resolution time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average contact duration
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average conversation close time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average conversation duration
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign, Queue, Routing Profile
UI name: Average dials per minute
Unit: Percent
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Section ID, Evaluation Question ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Average evaluation score
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent first response time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Average flow time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent greeting time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression
UI name: Average handle time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer hold time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average holds
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interaction time
Feature is a valid filter but not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruptions
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruption time
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent message length
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average customer message length
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average messages
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent messages
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average bot messages
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average customer messages
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average non-talk time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average queue answer time
Valid metric level filters: INITIATION_METHOD, FEATURE, DISCONNECT_REASON
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent response time
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average customer response time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average resolution time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer talk time
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Seconds
Valid groupings and filters: Campaign
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect, Agent Hierarchy
UI name: Avg. wait time after customer connection - customer first callback
Unit: Percent
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form Id, Evaluation Section ID, Evaluation Question ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Average weighted evaluation score
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Bot conversations completed
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Bot intents completed
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
UI name: Campaign contacts abandoned after X
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Percent
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
This metric is available only for outbound campaigns using the email delivery mode.
Unit: Count
Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE
Valid groupings and filters: Campaign
UI name: Campaign interactions
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Unit: Percent
Valid groupings and filters: Campaign, Campaign Execution Timestamp
UI name: Campaign progress rate
This metric is available only for outbound campaigns.
Unit: Count
Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype
UI name: Campaign send attempts
This metric is available only for outbound campaigns.
Valid metric filter key: CAMPAIGN_EXCLUDED_EVENT_TYPE
Unit: Count
Valid groupings and filters: Campaign, Campaign Excluded Event Type, Campaign Execution Timestamp
UI name: Campaign send exclusions
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases created
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts created
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: Contacts handled
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts hold disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold agent disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold customer disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts put on hold
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out external
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out internal
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts queued
Unit: Count
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype
UI name: Contacts queued (enqueue timestamp)
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts resolved in X
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out by agent
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out queue
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Current cases
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Conversations abandoned
This metric is available only for outbound campaigns.
Unit: Count
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Campaign Delivery EventType, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempts
Campaign Delivery EventType filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Percent
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempt disposition rate
Campaign Delivery Event Type filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Evaluations performed
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows started
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Count
Valid groupings and filters: Agent, Campaign
UI name: Human answered
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Maximum flow time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Maximum queued time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Minimum flow time
Unit: Percent
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Automatic fails percent
Unit: Percent
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Percent bot conversations outcome
Unit: Percent
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Percent bot intents outcome
Unit: Percent
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved on first contact
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid metric filter key: FLOWS_OUTCOME_TYPE
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome percentage.
The FLOWS_OUTCOME_TYPE is not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Non-talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Agent talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Customer talk time percent
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Unit: Count
Valid groupings and filters: Campaign, Campaign Execution Timestamp
UI name: Recipients attempted
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE
Unit: Count
Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype, Campaign Execution Timestamp
UI name: Recipients interacted
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Unit: Count
Valid groupings and filters: Campaign, Campaign Execution Timestamp
UI name: Recipients targeted
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases reopened
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved
You can include up to 20 SERVICE_LEVEL metrics in a request.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Service level X
Unit: Count
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: After contact work time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. This metric only supports the following filter keys as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API | CALLBACK_CUSTOMER_FIRST_DIALED
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Count
Metric filter:
Valid values: API| INCOMING | OUTBOUND | TRANSFER | CALLBACK | QUEUE_TRANSFER| Disconnect | CALLBACK_CUSTOMER_FIRST_DIALED
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: Contact abandoned
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts abandoned in X seconds
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts answered in X seconds
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact flow time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent on contact time
Valid metric filter key: DISCONNECT_REASON
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contact disconnected
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Error status time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact handle time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Customer hold time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent idle time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Agent interaction and hold time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent interaction time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent non-productive time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Online time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Callback attempts
The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Metrics definition in the Amazon Connect Administrator Guide.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Abandonment rate
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherent time
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent answer rate
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Non-adherent time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent non-response
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Data for this metric is available starting from October 1, 2023 0:00:00 GMT.
Unit: Percentage
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Occupancy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Adherence
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Scheduled time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
Valid metric filter key: INITIATION_METHOD
UI name: Average queue abandon time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average active time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average after contact work time
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average agent concurrency
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Average agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Average agent pause time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Average bot conversation time
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Average bot conversation turns
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average contacts per case
Unit: Seconds
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Average case resolution time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average contact duration
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average conversation close time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average conversation duration
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign, Queue, Routing Profile
UI name: Average dials per minute
Unit: Percent
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Section ID, Evaluation Question ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Average evaluation score
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent first response time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Average flow time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent greeting time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression
UI name: Average handle time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer hold time
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average holds
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Seconds
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interaction time
Feature is a valid filter but not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruptions
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent interruption time
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent message length
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average customer message length
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average messages
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent messages
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average bot messages
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average customer messages
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average non-talk time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average queue answer time
Valid metric level filters: INITIATION_METHOD, FEATURE, DISCONNECT_REASON
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average agent response time
Unit: Seconds
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Average customer response time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average resolution time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average agent talk time
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Average customer talk time
This metric is available only for outbound campaigns that use the agent assisted voice and automated voice delivery modes.
Unit: Seconds
Valid groupings and filters: Campaign
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect, Agent Hierarchy
UI name: Avg. wait time after customer connection - customer first callback
Unit: Percent
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form Id, Evaluation Section ID, Evaluation Question ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Average weighted evaluation score
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Bot conversations completed
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Bot intents completed
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
UI name: Campaign contacts abandoned after X
This metric is available only for outbound campaigns using the agent assisted voice and automated voice delivery modes.
Unit: Percent
Valid groupings and filters: Agent, Campaign
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter GT (for Greater than).
This metric is available only for outbound campaigns using the email delivery mode.
Unit: Count
Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE
Valid groupings and filters: Campaign
UI name: Campaign interactions
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Unit: Percent
Valid groupings and filters: Campaign, Campaign Execution Timestamp
UI name: Campaign progress rate
This metric is available only for outbound campaigns.
Unit: Count
Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype
UI name: Campaign send attempts
This metric is available only for outbound campaigns.
Valid metric filter key: CAMPAIGN_EXCLUDED_EVENT_TYPE
Unit: Count
Valid groupings and filters: Campaign, Campaign Excluded Event Type, Campaign Execution Timestamp
UI name: Campaign send exclusions
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases created
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts created
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: Contacts handled
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts hold disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold agent disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts hold customer disconnect
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts put on hold
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out external
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contacts transferred out internal
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts queued
Unit: Count
Valid groupings and filters: Queue, Channel, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype
UI name: Contacts queued (enqueue timestamp)
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts resolved in X
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out by agent
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contacts transferred out queue
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Current cases
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Feature, RoutingStepExpression, Initiation method, Routing Profile, Queue, Q in Connect
UI name: Conversations abandoned
This metric is available only for outbound campaigns.
Unit: Count
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Campaign Delivery EventType, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempts
Campaign Delivery EventType filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Percent
Valid metric filter key: ANSWERING_MACHINE_DETECTION_STATUS, CAMPAIGN_DELIVERY_EVENT_TYPE, DISCONNECT_REASON
Valid groupings and filters: Agent, Answering Machine Detection Status, Campaign, Channel, contact/segmentAttributes/connect:Subtype, Disconnect Reason, Queue, Routing Profile
UI name: Delivery attempt disposition rate
Campaign Delivery Event Type filter and grouping are only available for SMS and Email campaign delivery modes. Agent, Queue, Routing Profile, Answering Machine Detection Status and Disconnect Reason are only available for agent assisted voice and automated voice delivery modes.
Unit: Count
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Evaluations performed
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome
Unit: Count
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows started
This metric is available only for outbound campaigns. Dispositions for the agent assisted voice and automated voice delivery modes are only available with answering machine detection enabled.
Unit: Count
Valid groupings and filters: Agent, Campaign
UI name: Human answered
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Maximum flow time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Maximum queued time
Unit: Seconds
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Minimum flow time
Unit: Percent
Valid groupings and filters: Agent, Agent Hierarchy, Channel, Evaluation Form ID, Evaluation Source, Form Version, Queue, Routing Profile
UI name: Automatic fails percent
Unit: Percent
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Percent bot conversations outcome
Unit: Percent
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Bot ID, Bot alias, Bot version, Bot locale, Bot intent name, Flows resource ID, Flows module resource ID, Flow type, Flow action ID, Invoking resource published timestamp, Initiation method, Invoking resource type, Parent flows resource ID
UI name: Percent bot intents outcome
Unit: Percent
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved on first contact
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Percent
Valid metric filter key: FLOWS_OUTCOME_TYPE
Valid groupings and filters: Channel, contact/segmentAttributes/connect:Subtype, Flow type, Flows module resource ID, Flows next resource ID, Flows next resource queue ID, Flows outcome type, Flows resource ID, Initiation method, Resource published timestamp
UI name: Flows outcome percentage.
The FLOWS_OUTCOME_TYPE is not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Non-talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Agent talk time percent
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Customer talk time percent
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Unit: Count
Valid groupings and filters: Campaign, Campaign Execution Timestamp
UI name: Recipients attempted
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Valid metric filter key: CAMPAIGN_INTERACTION_EVENT_TYPE
Unit: Count
Valid groupings and filters: Campaign, Channel, contact/segmentAttributes/connect:Subtype, Campaign Execution Timestamp
UI name: Recipients interacted
This metric is only available for outbound campaigns initiated using a customer segment. It is not available for event triggered campaigns.
Unit: Count
Valid groupings and filters: Campaign, Campaign Execution Timestamp
UI name: Recipients targeted
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases reopened
Unit: Count
Required filter key: CASE_TEMPLATE_ARN
Valid groupings and filters: CASE_TEMPLATE_ARN, CASE_STATUS
UI name: Cases resolved
You can include up to 20 SERVICE_LEVEL metrics in a request.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Service level X
Unit: Count
Valid groupings and filters: Queue, RoutingStepExpression
UI name: This metric is available in Real-time Metrics UI but not on the Historical Metrics UI.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: After contact work time
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. This metric only supports the following filter keys as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API | CALLBACK_CUSTOMER_FIRST_DIALED
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent API connecting time
The Negate key in metric-level filters is not applicable for this metric.
Unit: Count
Metric filter:
Valid values: API| INCOMING | OUTBOUND | TRANSFER | CALLBACK | QUEUE_TRANSFER| Disconnect | CALLBACK_CUSTOMER_FIRST_DIALED
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, RoutingStepExpression, Q in Connect
UI name: Contact abandoned
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts abandoned in X seconds
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you can use LT (for \"Less than\") or LTE (for \"Less than equal\").
UI name: Contacts answered in X seconds
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact flow time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent on contact time
Valid metric filter key: DISCONNECT_REASON
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Contact disconnected
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Error status time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Contact handle time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Customer hold time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent idle time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Q in Connect
UI name: Agent interaction and hold time
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
UI name: Agent interaction time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Agent non-productive time
Unit: Seconds
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
UI name: Online time
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, contact/segmentAttributes/connect:Subtype, Q in Connect
UI name: Callback attempts
The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactFlowModuleId":{ + "shape":"ARN", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxResult1000", + "documentation":"The maximum number of results to return per page.
", + "box":true, + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListContactFlowModuleAliasesResponse":{ + "type":"structure", + "members":{ + "ContactFlowModuleAliasSummaryList":{ + "shape":"ContactFlowModuleAliasSummaryList", + "documentation":"Information about the flow module aliases.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, this is the token for the next set of results.
" + } + } + }, + "ListContactFlowModuleVersionsRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactFlowModuleId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactFlowModuleId":{ + "shape":"ARN", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "MaxResults":{ + "shape":"MaxResult1000", + "documentation":"The maximum number of results to return per page.
", + "box":true, + "location":"querystring", + "locationName":"maxResults" + } + } + }, + "ListContactFlowModuleVersionsResponse":{ + "type":"structure", + "members":{ + "ContactFlowModuleVersionSummaryList":{ + "shape":"ContactFlowModuleVersionSummaryList", + "documentation":"Information about the flow module versions.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, this is the token for the next set of results.
" + } + } + }, "ListContactFlowModulesRequest":{ "type":"structure", "required":["InstanceId"], @@ -22165,6 +22767,11 @@ "type":"structure", "members":{} }, + "RingTimeoutInSeconds":{ + "type":"integer", + "max":60, + "min":15 + }, "RoutingCriteria":{ "type":"structure", "members":{ @@ -24294,6 +24901,10 @@ "Recipient":{ "shape":"NotificationRecipientType", "documentation":"Notification recipient.
" + }, + "Exclusion":{ + "shape":"NotificationRecipientType", + "documentation":"Recipients to exclude from notification.
" } }, "documentation":"Information about the send notification action.
" @@ -25071,6 +25682,10 @@ "OutboundStrategy":{ "shape":"OutboundStrategy", "documentation":"Information about the outbound strategy.
" + }, + "RingTimeoutInSeconds":{ + "shape":"RingTimeoutInSeconds", + "documentation":"The maximum time the outbound call will wait for the destination to answer the call, in seconds
" } } }, @@ -26457,6 +27072,19 @@ "PeriodicSessionDuration":{ "shape":"AccessTokenDuration", "documentation":"The short lived session duration configuration for users logged in to Amazon Connect, in minutes. This value determines the maximum possible time before an agent is authenticated. For more information, For more information on how to configure IP addresses, see Configure session timeouts in the Amazon Connect Administrator Guide.
", + "box":true, + "deprecated":true, + "deprecatedMessage":"PeriodicSessionDuration is deprecated. Use SessionInactivityDuration instead.", + "deprecatedSince":"10/31/2025" + }, + "SessionInactivityDuration":{ + "shape":"InactivityDuration", + "documentation":"The period, in minutes, before an agent is automatically signed out of the contact center when they go inactive.
", + "box":true + }, + "SessionInactivityHandlingEnabled":{ + "shape":"Boolean", + "documentation":"Determines if automatic logout on user inactivity is enabled.
", "box":true } } @@ -26615,12 +27243,55 @@ "type":"structure", "members":{} }, - "UpdateContactFlowModuleContentRequest":{ + "UpdateContactFlowModuleAliasRequest":{ "type":"structure", "required":[ "InstanceId", "ContactFlowModuleId", - "Content" + "AliasId" + ], + "members":{ + "InstanceId":{ + "shape":"InstanceIdOrArn", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"uri", + "locationName":"InstanceId" + }, + "ContactFlowModuleId":{ + "shape":"ContactFlowModuleId", + "documentation":"The identifier of the flow module.
", + "location":"uri", + "locationName":"ContactFlowModuleId" + }, + "AliasId":{ + "shape":"ResourceId", + "documentation":"The identifier of the alias.
", + "location":"uri", + "locationName":"AliasId" + }, + "Name":{ + "shape":"ContactFlowModuleName", + "documentation":"The name of the alias.
" + }, + "Description":{ + "shape":"ContactFlowModuleDescription", + "documentation":"The description of the alias.
" + }, + "ContactFlowModuleVersion":{ + "shape":"ResourceVersion", + "documentation":"The version of the flow module.
" + } + } + }, + "UpdateContactFlowModuleAliasResponse":{ + "type":"structure", + "members":{} + }, + "UpdateContactFlowModuleContentRequest":{ + "type":"structure", + "required":[ + "InstanceId", + "ContactFlowModuleId" ], "members":{ "InstanceId":{ @@ -26638,6 +27309,10 @@ "Content":{ "shape":"ContactFlowModuleContent", "documentation":"The JSON string that represents the content of the flow. For an example, see Example flow in Amazon Connect Flow language.
" + }, + "Settings":{ + "shape":"FlowModuleSettings", + "documentation":"Serialized JSON string of the flow module Settings schema.
" } } }, diff --git a/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json b/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json index c67c1dfbdabf..49312ad0bc62 100644 --- a/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json +++ b/awscli/botocore/data/connectcampaignsv2/2024-04-23/service-2.json @@ -177,7 +177,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Describes the specific campaign.
" + "documentation":"Describes the specific campaign.
", + "readonly":true }, "GetCampaignState":{ "name":"GetCampaignState", @@ -229,7 +230,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Get the specific Connect instance config.
" + "documentation":"Get the specific Connect instance config.
", + "readonly":true }, "GetInstanceCommunicationLimits":{ "name":"GetInstanceCommunicationLimits", @@ -246,7 +248,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Get the instance communication limits.
" + "documentation":"Get the instance communication limits.
", + "readonly":true }, "GetInstanceOnboardingJobStatus":{ "name":"GetInstanceOnboardingJobStatus", @@ -263,7 +266,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Get the specific instance onboarding job status.
" + "documentation":"Get the specific instance onboarding job status.
", + "readonly":true }, "ListCampaigns":{ "name":"ListCampaigns", @@ -279,7 +283,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Provides summary information about the campaigns under the specified Amazon Connect account.
" + "documentation":"Provides summary information about the campaigns under the specified Amazon Connect account.
", + "readonly":true }, "ListConnectInstanceIntegrations":{ "name":"ListConnectInstanceIntegrations", @@ -297,7 +302,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Provides summary information about the integration under the specified Connect instance.
" + "documentation":"Provides summary information about the integration under the specified Connect instance.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -691,8 +697,7 @@ }, "AgentlessConfig":{ "type":"structure", - "members":{ - }, + "members":{}, "documentation":"Agentless config
" }, "AnswerMachineDetectionConfig":{ @@ -2089,6 +2094,13 @@ }, "documentation":"The request for ResumeCampaign API.
" }, + "RingTimeout":{ + "type":"integer", + "documentation":"Ring timeout for outbound calls
", + "box":true, + "max":60, + "min":15 + }, "Schedule":{ "type":"structure", "required":[ @@ -2347,7 +2359,8 @@ "destinationPhoneNumber":{"shape":"DestinationPhoneNumber"}, "attributes":{"shape":"Attributes"}, "connectSourcePhoneNumber":{"shape":"SourcePhoneNumber"}, - "answerMachineDetectionConfig":{"shape":"AnswerMachineDetectionConfig"} + "answerMachineDetectionConfig":{"shape":"AnswerMachineDetectionConfig"}, + "ringTimeout":{"shape":"RingTimeout"} }, "documentation":"Parameters for the Telephony Channel Subtype
" }, @@ -2357,7 +2370,8 @@ "members":{ "connectContactFlowId":{"shape":"ContactFlowId"}, "connectSourcePhoneNumber":{"shape":"SourcePhoneNumber"}, - "answerMachineDetectionConfig":{"shape":"AnswerMachineDetectionConfig"} + "answerMachineDetectionConfig":{"shape":"AnswerMachineDetectionConfig"}, + "ringTimeout":{"shape":"RingTimeout"} }, "documentation":"Default Telephony Outbound config
" }, diff --git a/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json b/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json index 61f793fe6c99..5842642ed424 100644 --- a/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json +++ b/awscli/botocore/data/controlcatalog/2018-05-10/service-2.json @@ -29,7 +29,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns details about a specific control, most notably a list of Amazon Web Services Regions where this control is supported. Input a value for the ControlArn parameter, in ARN form. GetControl accepts controltower or controlcatalog control ARNs as input. Returns a controlcatalog ARN format.
In the API response, controls that have the value GLOBAL in the Scope field do not show the DeployableRegions field, because it does not apply. Controls that have the value REGIONAL in the Scope field return a value for the DeployableRegions field, as shown in the example.
Returns details about a specific control, most notably a list of Amazon Web Services Regions where this control is supported. Input a value for the ControlArn parameter, in ARN form. GetControl accepts controltower or controlcatalog control ARNs as input. Returns a controlcatalog ARN format.
In the API response, controls that have the value GLOBAL in the Scope field do not show the DeployableRegions field, because it does not apply. Controls that have the value REGIONAL in the Scope field return a value for the DeployableRegions field, as shown in the example.
Returns a paginated list of common controls from the Amazon Web Services Control Catalog.
You can apply an optional filter to see common controls that have a specific objective. If you don’t provide a filter, the operation returns all common controls.
" + "documentation":"Returns a paginated list of common controls from the Amazon Web Services Control Catalog.
You can apply an optional filter to see common controls that have a specific objective. If you don’t provide a filter, the operation returns all common controls.
", + "readonly":true }, "ListControlMappings":{ "name":"ListControlMappings", @@ -63,7 +65,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a paginated list of control mappings from the Control Catalog. Control mappings show relationships between controls and other entities, such as common controls or compliance frameworks.
" + "documentation":"Returns a paginated list of control mappings from the Control Catalog. Control mappings show relationships between controls and other entities, such as common controls or compliance frameworks.
", + "readonly":true }, "ListControls":{ "name":"ListControls", @@ -80,7 +83,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.
" + "documentation":"Returns a paginated list of all available controls in the Control Catalog library. Allows you to discover available controls. The list of controls is given as structures of type controlSummary. The ARN is returned in the global controlcatalog format, as shown in the examples.
", + "readonly":true }, "ListDomains":{ "name":"ListDomains", @@ -97,7 +101,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a paginated list of domains from the Control Catalog.
" + "documentation":"Returns a paginated list of domains from the Control Catalog.
", + "readonly":true }, "ListObjectives":{ "name":"ListObjectives", @@ -114,7 +119,8 @@ {"shape":"ValidationException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a paginated list of objectives from the Control Catalog.
You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives.
" + "documentation":"Returns a paginated list of objectives from the Control Catalog.
You can apply an optional filter to see the objectives that belong to a specific domain. If you don’t provide a filter, the operation returns all objectives.
", + "readonly":true } }, "shapes":{ @@ -290,11 +296,11 @@ }, "MappingType":{ "shape":"MappingType", - "documentation":"The type of mapping relationship between the control and other entities. Indicates whether the mapping is to a framework or common control.
" + "documentation":"The type of mapping relationship between the control and other entities.
" }, "Mapping":{ "shape":"Mapping", - "documentation":"The details of the mapping relationship, containing either framework or common control information.
" + "documentation":"The details of the mapping relationship, for example, containing framework, common control, or related control information.
" } }, "documentation":"A structure that contains information about a control mapping, including the control ARN, mapping type, and mapping details.
" @@ -336,6 +342,14 @@ "type":"list", "member":{"shape":"ControlParameter"} }, + "ControlRelationType":{ + "type":"string", + "enum":[ + "COMPLEMENTARY", + "ALTERNATIVE", + "MUTUALLY_EXCLUSIVE" + ] + }, "ControlScope":{ "type":"string", "enum":[ @@ -823,6 +837,10 @@ "CommonControl":{ "shape":"CommonControlMappingDetails", "documentation":"The common control mapping details when the mapping type relates to a common control.
" + }, + "RelatedControl":{ + "shape":"RelatedControlMappingDetails", + "documentation":"Returns information about controls that are related to the specified control.
" } }, "documentation":"A structure that contains the details of a mapping relationship, which can be either to a framework or to a common control.
", @@ -832,7 +850,8 @@ "type":"string", "enum":[ "FRAMEWORK", - "COMMON_CONTROL" + "COMMON_CONTROL", + "RELATED_CONTROL" ] }, "MappingTypeFilterList":{ @@ -967,6 +986,21 @@ }, "documentation":"Returns information about the control, including the scope of the control, if enabled, and the Regions in which the control is available for deployment. For more information about scope, see Global services.
If you are applying controls through an Amazon Web Services Control Tower landing zone environment, remember that the values returned in the RegionConfiguration API operation are not related to the governed Regions in your landing zone. For example, if you are governing Regions A,B,and C while the control is available in Regions A, B, C, and D, you'd see a response with DeployableRegions of A, B, C, and D for a control with REGIONAL scope, even though you may not intend to deploy the control in Region D, because you do not govern it through your landing zone.
The unique identifier of a control.
" + }, + "RelationType":{ + "shape":"ControlRelationType", + "documentation":"Returns an enumerated value that represents the relationship between two or more controls.
" + } + }, + "documentation":"A structure that describes a control's relationship status with other controls.
" + }, "ResourceNotFoundException":{ "type":"structure", "members":{ diff --git a/awscli/botocore/data/controltower/2018-05-10/service-2.json b/awscli/botocore/data/controltower/2018-05-10/service-2.json index 02420de62891..905077f3306a 100644 --- a/awscli/botocore/data/controltower/2018-05-10/service-2.json +++ b/awscli/botocore/data/controltower/2018-05-10/service-2.json @@ -819,19 +819,12 @@ }, "CreateLandingZoneInput":{ "type":"structure", - "required":[ - "version", - "manifest" - ], + "required":["version"], "members":{ "version":{ "shape":"LandingZoneVersion", "documentation":"The landing zone version, for example, 3.0.
" }, - "manifest":{ - "shape":"Manifest", - "documentation":"The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
" - }, "remediationTypes":{ "shape":"RemediationTypes", "documentation":"Specifies the types of remediation actions to apply when creating the landing zone, such as automatic drift correction or compliance enforcement.
" @@ -839,6 +832,10 @@ "tags":{ "shape":"TagMap", "documentation":"Tags to be applied to the landing zone.
" + }, + "manifest":{ + "shape":"Manifest", + "documentation":"The manifest JSON file is a text file that describes your Amazon Web Services resources. For examples, review Launch your landing zone.
" } } }, @@ -1661,10 +1658,6 @@ "shape":"LandingZoneVersion", "documentation":"The landing zone's current deployed version.
" }, - "manifest":{ - "shape":"Manifest", - "documentation":"The landing zone manifest JSON text file that specifies the landing zone configurations.
" - }, "remediationTypes":{ "shape":"RemediationTypes", "documentation":"The types of remediation actions configured for the landing zone, such as automatic drift correction or compliance enforcement.
" @@ -1684,6 +1677,10 @@ "driftStatus":{ "shape":"LandingZoneDriftStatusSummary", "documentation":"The drift status of the landing zone.
" + }, + "manifest":{ + "shape":"Manifest", + "documentation":"The landing zone manifest JSON text file that specifies the landing zone configurations.
" } }, "documentation":"Information about the landing zone.
" @@ -2406,7 +2403,6 @@ "type":"structure", "required":[ "version", - "manifest", "landingZoneIdentifier" ], "members":{ @@ -2414,10 +2410,6 @@ "shape":"LandingZoneVersion", "documentation":"The landing zone version, for example, 3.2.
" }, - "manifest":{ - "shape":"Manifest", - "documentation":"The manifest file (JSON) is a text file that describes your Amazon Web Services resources. For an example, review Launch your landing zone. The example manifest file contains each of the available parameters. The schema for the landing zone's JSON manifest file is not published, by design.
" - }, "remediationTypes":{ "shape":"RemediationTypes", "documentation":"Specifies the types of remediation actions to apply when updating the landing zone configuration.
" @@ -2425,6 +2417,10 @@ "landingZoneIdentifier":{ "shape":"String", "documentation":"The unique identifier of the landing zone.
" + }, + "manifest":{ + "shape":"Manifest", + "documentation":"The manifest file (JSON) is a text file that describes your Amazon Web Services resources. For an example, review Launch your landing zone. The example manifest file contains each of the available parameters. The schema for the landing zone's JSON manifest file is not published, by design.
" } } }, diff --git a/awscli/botocore/data/cost-optimization-hub/2022-07-26/paginators-1.json b/awscli/botocore/data/cost-optimization-hub/2022-07-26/paginators-1.json index 39460e689e50..79511ab1529f 100644 --- a/awscli/botocore/data/cost-optimization-hub/2022-07-26/paginators-1.json +++ b/awscli/botocore/data/cost-optimization-hub/2022-07-26/paginators-1.json @@ -17,6 +17,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListEfficiencyMetrics": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "efficiencyMetricsByGroup" } } } diff --git a/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json b/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json index e45fac809577..ee89c1c0c424 100644 --- a/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json +++ b/awscli/botocore/data/cost-optimization-hub/2022-07-26/service-2.json @@ -29,7 +29,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a set of preferences for an account in order to add account-specific preferences into the service. These preferences impact how the savings associated with recommendations are presented—estimated savings after discounts or estimated savings before discounts, for example.
" + "documentation":"Returns a set of preferences for an account in order to add account-specific preferences into the service. These preferences impact how the savings associated with recommendations are presented—estimated savings after discounts or estimated savings before discounts, for example.
", + "readonly":true }, "GetRecommendation":{ "name":"GetRecommendation", @@ -46,7 +47,25 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns both the current and recommended resource configuration and the estimated cost impact for a recommendation.
The recommendationId is only valid for up to a maximum of 24 hours as recommendations are refreshed daily. To retrieve the recommendationId, use the ListRecommendations API.
Returns both the current and recommended resource configuration and the estimated cost impact for a recommendation.
The recommendationId is only valid for up to a maximum of 24 hours as recommendations are refreshed daily. To retrieve the recommendationId, use the ListRecommendations API.
Returns cost efficiency metrics aggregated over time and optionally grouped by a specified dimension. The metrics provide insights into your cost optimization progress by tracking estimated savings, spending, and measures how effectively you're optimizing your Cloud resources.
The operation supports both daily and monthly time granularities and allows grouping results by account ID, Amazon Web Services Region. Results are returned as time-series data, enabling you to analyze trends in your cost optimization performance over the specified time period.
", + "readonly":true }, "ListEnrollmentStatuses":{ "name":"ListEnrollmentStatuses", @@ -62,7 +81,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the enrollment status for an account. It can also return the list of accounts that are enrolled under the organization.
" + "documentation":"Retrieves the enrollment status for an account. It can also return the list of accounts that are enrolled under the organization.
", + "readonly":true }, "ListRecommendationSummaries":{ "name":"ListRecommendationSummaries", @@ -78,7 +98,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a concise representation of savings estimates for resources. Also returns de-duped savings across different types of recommendations.
The following filters are not supported for this API: recommendationIds, resourceArns, and resourceIds.
Returns a concise representation of savings estimates for resources. Also returns de-duped savings across different types of recommendations.
The following filters are not supported for this API: recommendationIds, resourceArns, and resourceIds.
Returns a list of recommendations.
" + "documentation":"Returns a list of recommendations.
", + "readonly":true }, "UpdateEnrollmentStatus":{ "name":"UpdateEnrollmentStatus", @@ -110,7 +132,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Updates the enrollment (opt in and opt out) status of an account to the Cost Optimization Hub service.
If the account is a management account or delegated administrator of an organization, this action can also be used to enroll member accounts of the organization.
You must have the appropriate permissions to opt in to Cost Optimization Hub and to view its recommendations. When you opt in, Cost Optimization Hub automatically creates a service-linked role in your account to access its data.
" + "documentation":"Updates the enrollment (opt in and opt out) status of an account to the Cost Optimization Hub service.
If the account is a management account of an organization, this action can also be used to enroll member accounts of the organization.
You must have the appropriate permissions to opt in to Cost Optimization Hub and to view its recommendations. When you opt in, Cost Optimization Hub automatically creates a service-linked role in your account to access its data.
" }, "UpdatePreferences":{ "name":"UpdatePreferences", @@ -500,7 +522,7 @@ }, "instanceFamily":{ "shape":"String", - "documentation":"The instance family of the recommended Savings Plan.
" + "documentation":"The instance family of the recommended Savings Plans.
" }, "savingsPlansRegion":{ "shape":"String", @@ -617,6 +639,32 @@ }, "documentation":"The ECS service configuration used for recommendations.
" }, + "EfficiencyMetricsByGroup":{ + "type":"structure", + "members":{ + "metricsByTime":{ + "shape":"MetricsByTimeList", + "documentation":"A list of time-series data points containing efficiency metrics for this group. Each data point includes an efficiency score, estimated savings, spending, and a timestamp corresponding to the specified granularity. This field is null when efficiency metrics cannot be calculated for the group, in which case the message field provides an explanation.
" + }, + "group":{ + "shape":"String", + "documentation":"The value of the grouping dimension for this set of metrics. For example, if grouped by account ID, this field contains the account ID. If no grouping is specified, this field is empty.
" + }, + "message":{ + "shape":"String", + "documentation":"An explanation of why efficiency metrics could not be calculated for this group when the metricsByTime field is null. Common reasons include insufficient or inconclusive cost and usage data during the specified time period. This field is null or empty when metrics are successfully calculated.
" + } + }, + "documentation":"Contains cost efficiency metrics for a specific group over time. The group is defined by the grouping dimension specified in the request, such as account ID, Amazon Web Services Region.
" + }, + "EfficiencyMetricsByGroupList":{ + "type":"list", + "member":{ + "shape":"EfficiencyMetricsByGroup", + "documentation":"An individual group's cost efficiency metrics over time.
" + }, + "documentation":"A list of cost efficiency metrics grouped by the specified dimension.
" + }, "ElastiCacheReservedInstances":{ "type":"structure", "members":{ @@ -766,8 +814,7 @@ }, "GetPreferencesRequest":{ "type":"structure", - "members":{ - } + "members":{} }, "GetPreferencesResponse":{ "type":"structure", @@ -893,6 +940,14 @@ } } }, + "GranularityType":{ + "type":"string", + "documentation":"The time granularity for aggregating the cost efficiency metrics.
", + "enum":[ + "Daily", + "Monthly" + ] + }, "ImplementationEffort":{ "type":"string", "enum":[ @@ -957,6 +1012,58 @@ }, "documentation":"The Lambda function configuration used for recommendations.
" }, + "ListEfficiencyMetricsRequest":{ + "type":"structure", + "required":[ + "granularity", + "timePeriod" + ], + "members":{ + "groupBy":{ + "shape":"String", + "documentation":"The dimension by which to group the cost efficiency metrics. Valid values include account ID, Amazon Web Services Region. When no grouping is specified, metrics are aggregated across all resources in the specified time period.
" + }, + "granularity":{ + "shape":"GranularityType", + "documentation":"The time granularity for the cost efficiency metrics. Specify Daily for metrics aggregated by day, or Monthly for metrics aggregated by month.
The time period for which to retrieve the cost efficiency metrics. The start date is inclusive and the end date is exclusive. Dates can be specified in either YYYY-MM-DD format or YYYY-MM format depending on the desired granularity.
" + }, + "maxResults":{ + "shape":"ListEfficiencyMetricsRequestMaxResultsInteger", + "documentation":"The maximum number of groups to return in the response. Valid values range from 0 to 1000. Use in conjunction with nextToken to paginate through results when the total number of groups exceeds this limit.
The ordering specification for the results. Defines which dimension to sort by and whether to sort in ascending or descending order.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token to retrieve the next page of results. This value is returned in the response when the number of groups exceeds the specified maxResults value.
A list of cost efficiency metrics grouped by the specified dimension. Each group contains time-series data points with cost efficiency, potential savings, and optimzable spend for the specified time period.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"The token to retrieve the next page of results. When this value is present in the response, additional groups are available. Pass this token in the nextToken parameter of a subsequent request to retrieve the next page.
The MemoryDB reserved instances configuration used for recommendations.
While the API reference uses \"MemoryDB reserved instances\", the user guide and other documentation refer to them as \"MemoryDB reserved nodes\", as the terms are used interchangeably.
The efficiency score for this time period. The score represents a measure of how effectively the cloud resources are being optimized, with higher scores indicating better optimization performance.
" + }, + "savings":{ + "shape":"Double", + "documentation":"The estimated savings amount for this time period, representing the potential cost reduction achieved through optimization recommendations.
" + }, + "spend":{ + "shape":"Double", + "documentation":"The total spending amount for this time period.
" + }, + "timestamp":{ + "shape":"String", + "documentation":"The timestamp for this data point. The format depends on the granularity: YYYY-MM-DD for daily metrics, or YYYY-MM for monthly metrics.
" + } + }, + "documentation":"Contains efficiency metrics for a specific point in time, including an efficiency score, potential savings, optimizable spend, and timestamp.
" + }, + "MetricsByTimeList":{ + "type":"list", + "member":{ + "shape":"MetricsByTime", + "documentation":"A single time-series data point containing efficiency metrics.
" + }, + "documentation":"A list of time-series efficiency metric data points.
" + }, "MixedInstanceConfiguration":{ "type":"structure", "members":{ @@ -1909,22 +2046,22 @@ "members":{ "monthlySavingsPlansEligibleCost":{ "shape":"Double", - "documentation":"The cost of paying for the recommended Savings Plan monthly.
" + "documentation":"The cost of paying for the recommended Savings Plans monthly.
" }, "estimatedMonthlyCommitment":{ "shape":"Double", - "documentation":"Estimated monthly commitment for the Savings Plan.
" + "documentation":"Estimated monthly commitment for the Savings Plans.
" }, "savingsPercentage":{ "shape":"Double", - "documentation":"Estimated savings as a percentage of your overall costs after buying the Savings Plan.
" + "documentation":"Estimated savings as a percentage of your overall costs after buying the Savings Plans.
" }, "estimatedOnDemandCost":{ "shape":"Double", - "documentation":"Estimated On-Demand cost you will pay after buying the Savings Plan.
" + "documentation":"Estimated On-Demand cost you will pay after buying the Savings Plans.
" } }, - "documentation":"Pricing information about a Savings Plan.
" + "documentation":"Pricing information about a Savings Plans.
" }, "Source":{ "type":"string", @@ -2003,6 +2140,24 @@ "documentation":"The request was denied due to request throttling.
", "exception":true }, + "TimePeriod":{ + "type":"structure", + "required":[ + "start", + "end" + ], + "members":{ + "start":{ + "shape":"String", + "documentation":"The beginning of the time period (inclusive). Specify the date in ISO 8601 format, such as 2024-01-01.
" + }, + "end":{ + "shape":"String", + "documentation":"The end of the time period (exclusive). Specify the date in ISO 8601 format, such as 2024-12-31.
" + } + }, + "documentation":"Specifies a date range for retrieving efficiency metrics. The start date is inclusive and the end date is exclusive.
" + }, "Timestamp":{"type":"timestamp"}, "UpdateEnrollmentStatusRequest":{ "type":"structure", diff --git a/awscli/botocore/data/datasync/2018-11-09/service-2.json b/awscli/botocore/data/datasync/2018-11-09/service-2.json index f3af4d237138..4aae9ae9ee63 100644 --- a/awscli/botocore/data/datasync/2018-11-09/service-2.json +++ b/awscli/botocore/data/datasync/2018-11-09/service-2.json @@ -768,7 +768,7 @@ "AgentArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:agent/agent-[0-9a-z]{17}$" }, "AgentArnList":{ "type":"list", @@ -2309,7 +2309,7 @@ }, "Status":{ "shape":"TaskStatus", - "documentation":"The status of your task. For information about what each status means, see Task statuses.
" + "documentation":"The status of your task. For information about what each status means, see Task statuses.
" }, "Name":{ "shape":"TagValue", @@ -2420,7 +2420,7 @@ "Ec2SecurityGroupArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:security-group/sg-[a-f0-9]+$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:security-group/sg-[a-f0-9]+$" }, "Ec2SecurityGroupArnList":{ "type":"list", @@ -2431,17 +2431,17 @@ "Ec2SubnetArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:subnet/.*$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):ec2:[a-z\\-0-9]*:[0-9]{12}:subnet/subnet-[a-f0-9]+$" }, "EfsAccessPointArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$" }, "EfsFilesystemArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]*:[0-9]{12}:file-system/fs-.*$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]+:[0-9]{12}:file-system/fs-[0-9a-f]{8,40}$" }, "EfsInTransitEncryption":{ "type":"string", @@ -2514,7 +2514,7 @@ "FsxFilesystemArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\\-0-9]*:[0-9]{12}:file-system/fs-.*$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):fsx:[a-z\\-0-9]+:[0-9]{12}:file-system/fs-[0-9a-f]+$" }, "FsxLustreSubdirectory":{ "type":"string", @@ -2705,12 +2705,12 @@ "IamRoleArn":{ "type":"string", "max":2048, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$" }, "IamRoleArnOrEmptyString":{ "type":"string", "max":2048, - "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+|)$" + "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):iam::[0-9]{12}:role/[a-zA-Z0-9+=,.@_-]+|)$" }, "InputTagList":{ "type":"list", @@ -2755,7 +2755,7 @@ "KmsKeyArn":{ "type":"string", "max":2048, - "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):kms:[a-z\\-0-9]+:[0-9]{12}:key/.*|)$" + "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):kms:[a-z\\-0-9]+:[0-9]{12}:key/.*|)$" }, "KmsKeyProviderUri":{ "type":"string", @@ -2923,7 +2923,7 @@ "LocationArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:location/loc-[0-9a-z]{17}$" }, "LocationFilter":{ "type":"structure", @@ -2986,7 +2986,7 @@ "LogGroupArn":{ "type":"string", "max":562, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):logs:[a-z\\-0-9]+:[0-9]{12}:log-group:([^:\\*]*)(:\\*)?$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):logs:[a-z\\-0-9]+:[0-9]{12}:log-group:([^:\\*]*)(:\\*)?$" }, "LogLevel":{ "type":"string", @@ -3419,7 +3419,7 @@ "S3BucketArn":{ "type":"string", "max":268, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):s3:[a-z\\-0-9]*:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\\-.]{1,63}$|^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):s3-outposts:[a-z\\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\\-]{1,63}$|^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):s3:::[a-zA-Z0-9.\\-_]{1,255}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):s3:[a-z\\-0-9]*:[0-9]{12}:accesspoint[/:][a-zA-Z0-9\\-.]{1,63}$|^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):s3-outposts:[a-z\\-0-9]+:[0-9]{12}:outpost[/:][a-zA-Z0-9\\-]{1,63}[/:]accesspoint[/:][a-zA-Z0-9\\-]{1,63}$|^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):s3:::[a-zA-Z0-9.\\-_]{1,255}$" }, "S3Config":{ "type":"structure", @@ -3510,7 +3510,7 @@ "SecretArn":{ "type":"string", "max":2048, - "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):secretsmanager:[a-z\\-0-9]+:[0-9]{12}:secret:.*|)$" + "pattern":"^(arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):secretsmanager:[a-z\\-0-9]+:[0-9]{12}:secret:.*|)$" }, "ServerHostname":{ "type":"string", @@ -3639,7 +3639,7 @@ "StorageVirtualMachineArn":{ "type":"string", "max":162, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):fsx:[a-z\\-0-9]+:[0-9]{12}:storage-virtual-machine/fs-[0-9a-f]+/svm-[0-9a-f]{17,}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):fsx:[a-z\\-0-9]+:[0-9]{12}:storage-virtual-machine/fs-[0-9a-f]+/svm-[0-9a-f]{17,}$" }, "TagKey":{ "type":"string", @@ -3699,17 +3699,17 @@ "TaggableResourceArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:(agent|task|location|system)/((agent|task|loc)-[a-f0-9]{17}|storage-system-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})(/execution/exec-[a-f0-9]{17})?$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:(((agent|task|location)/(agent|task|loc)-[a-z0-9]{17}(/execution/exec-[a-f0-9]{17})?)|(system/storage-system-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}(/job/discovery-job-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})?))$" }, "TaskArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]*:[0-9]{12}:task/task-[0-9a-f]{17}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:task/task-[0-9a-f]{17}$" }, "TaskExecutionArn":{ "type":"string", "max":128, - "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]*:[0-9]{12}:task/task-[0-9a-f]{17}/execution/exec-[0-9a-f]{17}$" + "pattern":"^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):datasync:[a-z\\-0-9]+:[0-9]{12}:task/task-[0-9a-f]{17}/execution/exec-[0-9a-f]{17}$" }, "TaskExecutionFilesFailedDetail":{ "type":"structure", @@ -3760,7 +3760,7 @@ }, "Status":{ "shape":"TaskExecutionStatus", - "documentation":"The status of a task execution. For more information, see Task execution statuses.
" + "documentation":"The status of a task execution. For more information, see Task execution statuses.
" }, "TaskMode":{ "shape":"TaskMode", @@ -4482,12 +4482,12 @@ "UpdatedEfsAccessPointArn":{ "type":"string", "max":128, - "pattern":"(^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$)|(^$)" + "pattern":"(^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):elasticfilesystem:[a-z\\-0-9]+:[0-9]{12}:access-point/fsap-[0-9a-f]{8,40}$)|(^$)" }, "UpdatedEfsIamRoleArn":{ "type":"string", "max":2048, - "pattern":"(^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$)|(^$)" + "pattern":"(^arn:(aws|aws-cn|aws-us-gov|aws-eusc|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$)|(^$)" }, "VerifyMode":{ "type":"string", diff --git a/awscli/botocore/data/datazone/2018-05-10/service-2.json b/awscli/botocore/data/datazone/2018-05-10/service-2.json index c69d3af56167..860e9078ad60 100644 --- a/awscli/botocore/data/datazone/2018-05-10/service-2.json +++ b/awscli/botocore/data/datazone/2018-05-10/service-2.json @@ -49,6 +49,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} @@ -139,6 +140,46 @@ ], "documentation":"Associates governed terms with an asset.
" }, + "BatchGetAttributesMetadata":{ + "name":"BatchGetAttributesMetadata", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/attributes-metadata", + "responseCode":200 + }, + "input":{"shape":"BatchGetAttributesMetadataInput"}, + "output":{"shape":"BatchGetAttributesMetadataOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"Gets the attribute metadata.
" + }, + "BatchPutAttributesMetadata":{ + "name":"BatchPutAttributesMetadata", + "http":{ + "method":"PUT", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/attributes-metadata", + "responseCode":200 + }, + "input":{"shape":"BatchPutAttributesMetadataInput"}, + "output":{"shape":"BatchPutAttributesMetadataOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"Writes the attribute metadata.
", + "idempotent":true + }, "CancelMetadataGenerationRun":{ "name":"CancelMetadataGenerationRun", "http":{ @@ -719,6 +760,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, {"shape":"ConflictException"}, {"shape":"ValidationException"}, {"shape":"UnauthorizedException"} @@ -3285,6 +3327,27 @@ "documentation":"Updates a project profile.
", "idempotent":true }, + "UpdateRootDomainUnitOwner":{ + "name":"UpdateRootDomainUnitOwner", + "http":{ + "method":"PATCH", + "requestUri":"/v2/domains/{domainIdentifier}/root-domain-unit-owner", + "responseCode":204 + }, + "input":{"shape":"UpdateRootDomainUnitOwnerInput"}, + "output":{"shape":"UpdateRootDomainUnitOwnerOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"Updates the owner of the root domain unit.
", + "idempotent":true + }, "UpdateRule":{ "name":"UpdateRule", "http":{ @@ -3504,6 +3567,10 @@ "identifier" ], "members":{ + "assetPermissions":{ + "shape":"AssetPermissions", + "documentation":"The asset permissions of the accept subscription request.
" + }, "assetScopes":{ "shape":"AcceptedAssetScopes", "documentation":"The asset scopes of the accept subscription request.
" @@ -4404,6 +4471,28 @@ "min":1, "sensitive":true }, + "AssetPermission":{ + "type":"structure", + "required":[ + "assetId", + "permissions" + ], + "members":{ + "assetId":{ + "shape":"AssetId", + "documentation":"The asset ID as part of the asset permissions.
" + }, + "permissions":{ + "shape":"Permissions", + "documentation":"The details as part of the asset permissions.
" + } + }, + "documentation":"The asset permissions.
" + }, + "AssetPermissions":{ + "type":"list", + "member":{"shape":"AssetPermission"} + }, "AssetRevision":{ "type":"structure", "members":{ @@ -4694,6 +4783,75 @@ "max":128, "min":1 }, + "AttributeEntityType":{ + "type":"string", + "enum":[ + "ASSET", + "LISTING" + ] + }, + "AttributeError":{ + "type":"structure", + "required":[ + "attributeIdentifier", + "code", + "message" + ], + "members":{ + "attributeIdentifier":{ + "shape":"AttributeIdentifier", + "documentation":"The attribute ID as part of the attribute error.
" + }, + "code":{ + "shape":"String", + "documentation":"The code generated as part of the attribute error.
" + }, + "message":{ + "shape":"String", + "documentation":"The message generated as part of the attribute error.
" + } + }, + "documentation":"The attribute error.
" + }, + "AttributeIdentifier":{ + "type":"string", + "max":256, + "min":1 + }, + "AttributeInput":{ + "type":"structure", + "required":[ + "attributeIdentifier", + "forms" + ], + "members":{ + "attributeIdentifier":{ + "shape":"AttributeIdentifier", + "documentation":"The ID of the attribute.
" + }, + "forms":{ + "shape":"FormInputList", + "documentation":"The metadata forms as part of the attribute input.
" + } + }, + "documentation":"The attribute input.
" + }, + "Attributes":{ + "type":"list", + "member":{"shape":"AttributeInput"}, + "max":5, + "min":0 + }, + "AttributesErrors":{ + "type":"list", + "member":{"shape":"AttributeError"} + }, + "AttributesList":{ + "type":"list", + "member":{"shape":"AttributeIdentifier"}, + "max":5, + "min":1 + }, "AuthType":{ "type":"string", "enum":[ @@ -4919,6 +5077,146 @@ "min":0, "pattern":"^\\S+$" }, + "BatchGetAttributeItems":{ + "type":"list", + "member":{"shape":"BatchGetAttributeOutput"} + }, + "BatchGetAttributeOutput":{ + "type":"structure", + "required":["attributeIdentifier"], + "members":{ + "attributeIdentifier":{ + "shape":"AttributeIdentifier", + "documentation":"The attribute ID.
" + }, + "forms":{ + "shape":"FormOutputList", + "documentation":"The metadata forms that are part of the results of the BatchGetAttribute action.
" + } + }, + "documentation":"The results of the BatchGetAttribute action.
" + }, + "BatchGetAttributesMetadataInput":{ + "type":"structure", + "required":[ + "attributeIdentifiers", + "domainIdentifier", + "entityIdentifier", + "entityType" + ], + "members":{ + "attributeIdentifiers":{ + "shape":"AttributesList", + "documentation":"The attribute identifier.
", + "location":"querystring", + "locationName":"attributeIdentifier" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"The domain ID where you want to get the attribute metadata.
", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"EntityId", + "documentation":"The entity ID for which you want to get attribute metadata.
", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityRevision":{ + "shape":"Revision", + "documentation":"The entity revision for which you want to get attribute metadata.
", + "location":"querystring", + "locationName":"entityRevision" + }, + "entityType":{ + "shape":"AttributeEntityType", + "documentation":"The entity type for which you want to get attribute metadata.
", + "location":"uri", + "locationName":"entityType" + } + } + }, + "BatchGetAttributesMetadataOutput":{ + "type":"structure", + "required":["errors"], + "members":{ + "attributes":{ + "shape":"BatchGetAttributeItems", + "documentation":"The results of the BatchGetAttributesMetadata action.
" + }, + "errors":{ + "shape":"AttributesErrors", + "documentation":"The errors generated when the BatchGetAttributesMetadata action is invoked.
" + } + } + }, + "BatchPutAttributeItems":{ + "type":"list", + "member":{"shape":"BatchPutAttributeOutput"} + }, + "BatchPutAttributeOutput":{ + "type":"structure", + "required":["attributeIdentifier"], + "members":{ + "attributeIdentifier":{ + "shape":"AttributeIdentifier", + "documentation":"The attribute ID.
" + } + }, + "documentation":"The results of the BatchPutAttribute action.
" + }, + "BatchPutAttributesMetadataInput":{ + "type":"structure", + "required":[ + "attributes", + "domainIdentifier", + "entityIdentifier", + "entityType" + ], + "members":{ + "attributes":{ + "shape":"Attributes", + "documentation":"The attributes of the metadata.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request. This field is automatically populated if not provided.
", + "idempotencyToken":true + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"The domain ID where you want to write the attribute metadata.
", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"EntityId", + "documentation":"The entity ID for which you want to write the attribute metadata.
", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"AttributeEntityType", + "documentation":"The entity type for which you want to write the attribute metadata.
", + "location":"uri", + "locationName":"entityType" + } + } + }, + "BatchPutAttributesMetadataOutput":{ + "type":"structure", + "members":{ + "attributes":{ + "shape":"BatchPutAttributeItems", + "documentation":"The results of the BatchPutAttributeMetadata action.
" + }, + "errors":{ + "shape":"AttributesErrors", + "documentation":"The errors generated when the BatchPutAttributeMetadata action is invoked.
" + } + } + }, "Boolean":{ "type":"boolean", "box":true @@ -8005,6 +8303,10 @@ "shape":"DomainId", "documentation":"The ID of the Amazon DataZone domain in which the subscription grant is created.
" }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"The environment ID for which subscription grant is created.
" + }, "grantedEntity":{ "shape":"GrantedEntity", "documentation":"The entity to which the subscription is granted.
" @@ -8046,6 +8348,14 @@ "subscribedPrincipals" ], "members":{ + "assetPermissions":{ + "shape":"AssetPermissions", + "documentation":"The asset permissions of the subscription request.
" + }, + "assetScopes":{ + "shape":"AcceptedAssetScopes", + "documentation":"The asset scopes of the subscription request.
" + }, "clientToken":{ "shape":"String", "documentation":"A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.
", @@ -8329,7 +8639,10 @@ "CreateUserProfileOutput":{ "type":"structure", "members":{ - "details":{"shape":"UserProfileDetails"}, + "details":{ + "shape":"UserProfileDetails", + "documentation":"The user profile details.
" + }, "domainId":{ "shape":"DomainId", "documentation":"The identifier of the Amazon DataZone domain in which a user profile is created.
" @@ -9769,6 +10082,10 @@ "shape":"DomainId", "documentation":"The ID of the Amazon DataZone domain in which the subscription grant is deleted.
" }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"The ID of the environment in which the subscription grant is deleted.
" + }, "grantedEntity":{ "shape":"GrantedEntity", "documentation":"The entity to which the subscription is deleted.
" @@ -13690,6 +14007,10 @@ "shape":"DomainId", "documentation":"The ID of the Amazon DataZone domain in which the subscription grant exists.
" }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"The environment ID of the subscription grant.
" + }, "grantedEntity":{ "shape":"GrantedEntity", "documentation":"The entity to which the subscription is granted.
" @@ -14111,7 +14432,10 @@ "GetUserProfileOutput":{ "type":"structure", "members":{ - "details":{"shape":"UserProfileDetails"}, + "details":{ + "shape":"UserProfileDetails", + "documentation":"The user profile details.
" + }, "domainId":{ "shape":"DomainId", "documentation":"the identifier of the Amazon DataZone domain of which you want to get the user profile.
" @@ -14229,10 +14553,26 @@ "ENABLED" ] }, + "GlossaryTermEnforcementDetail":{ + "type":"structure", + "members":{ + "requiredGlossaryTermIds":{ + "shape":"GlossaryTermIdentifiers", + "documentation":"The ID of the required glossary term.
" + } + }, + "documentation":"The enforcement details of a glossary term.
" + }, "GlossaryTermId":{ "type":"string", "pattern":"^[a-zA-Z0-9_-]{1,36}$" }, + "GlossaryTermIdentifiers":{ + "type":"list", + "member":{"shape":"GlossaryTermId"}, + "max":5, + "min":1 + }, "GlossaryTermItem":{ "type":"structure", "required":[ @@ -14952,14 +15292,14 @@ "members":{ "arn":{ "shape":"String", - "documentation":"The ARN of an IAM user profile in Amazon DataZone.
" + "documentation":"The ARN of the IAM user.
" }, "principalId":{ "shape":"String", - "documentation":"Principal ID of the IAM user.
" + "documentation":"The principal ID as part of the IAM user profile details.
" } }, - "documentation":"The details of an IAM user profile in Amazon DataZone.
" + "documentation":"The details of the IAM user profile.
" }, "Import":{ "type":"structure", @@ -17124,15 +17464,29 @@ "location":"querystring", "locationName":"nextToken" }, + "owningGroupId":{ + "shape":"GroupProfileId", + "documentation":"The ID of the owning group.
", + "location":"querystring", + "locationName":"owningGroupId" + }, "owningProjectId":{ "shape":"ProjectId", "documentation":"The ID of the owning project of the subscription grants.
", "location":"querystring", "locationName":"owningProjectId" }, + "owningUserId":{ + "shape":"UserProfileId", + "documentation":"The ID of the owning user.
", + "location":"querystring", + "locationName":"owningUserId" + }, "sortBy":{ "shape":"SortKey", "documentation":"Specifies the way of sorting the results of this action.
", + "deprecated":true, + "deprecatedMessage":"Results are always sorted by updatedAt", "location":"querystring", "locationName":"sortBy" }, @@ -17204,15 +17558,29 @@ "location":"querystring", "locationName":"nextToken" }, + "owningGroupId":{ + "shape":"GroupProfileId", + "documentation":"The ID of the owning group.
", + "location":"querystring", + "locationName":"owningGroupId" + }, "owningProjectId":{ "shape":"ProjectId", "documentation":"The identifier of the project for the subscription requests.
", "location":"querystring", "locationName":"owningProjectId" }, + "owningUserId":{ + "shape":"UserProfileId", + "documentation":"The ID of the owning user.
", + "location":"querystring", + "locationName":"owningUserId" + }, "sortBy":{ "shape":"SortKey", "documentation":"Specifies the way to sort the results of this action.
", + "deprecated":true, + "deprecatedMessage":"Results are always sorted by updatedAt", "location":"querystring", "locationName":"sortBy" }, @@ -17337,15 +17705,29 @@ "location":"querystring", "locationName":"nextToken" }, + "owningGroupId":{ + "shape":"GroupProfileId", + "documentation":"The ID of the owning group.
", + "location":"querystring", + "locationName":"owningGroupId" + }, "owningProjectId":{ "shape":"ProjectId", "documentation":"The identifier of the owning project.
", "location":"querystring", "locationName":"owningProjectId" }, + "owningUserId":{ + "shape":"UserProfileId", + "documentation":"The ID of the owning user.
", + "location":"querystring", + "locationName":"owningUserId" + }, "sortBy":{ "shape":"SortKey", "documentation":"Specifies the way in which the results of this action are to be sorted.
", + "deprecated":true, + "deprecatedMessage":"Results are always sorted by updatedAt", "location":"querystring", "locationName":"sortBy" }, @@ -18341,6 +18723,17 @@ "min":0, "sensitive":true }, + "Permissions":{ + "type":"structure", + "members":{ + "s3":{ + "shape":"S3Permissions", + "documentation":"The S3 details of the asset permissions.
" + } + }, + "documentation":"The asset permissions.
", + "union":true + }, "PhysicalConnectionRequirements":{ "type":"structure", "members":{ @@ -20080,6 +20473,10 @@ "RuleDetail":{ "type":"structure", "members":{ + "glossaryTermEnforcementDetail":{ + "shape":"GlossaryTermEnforcementDetail", + "documentation":"The enforcement details of a glossary term that's part of the metadata rule.
" + }, "metadataFormEnforcementDetail":{ "shape":"MetadataFormEnforcementDetail", "documentation":"The enforcement detail of the metadata form.
" @@ -20196,7 +20593,10 @@ }, "RuleType":{ "type":"string", - "enum":["METADATA_FORM_ENFORCEMENT"] + "enum":[ + "METADATA_FORM_ENFORCEMENT", + "GLOSSARY_TERM_ENFORCEMENT" + ] }, "RunIdentifier":{ "type":"string", @@ -20246,6 +20646,18 @@ "max":20, "min":0 }, + "S3Permission":{ + "type":"string", + "enum":[ + "READ", + "WRITE" + ] + }, + "S3Permissions":{ + "type":"list", + "member":{"shape":"S3Permission"}, + "documentation":"S3 permissions as a simple enum list.
" + }, "S3PropertiesInput":{ "type":"structure", "required":["s3Uri"], @@ -21269,18 +21681,18 @@ "members":{ "firstName":{ "shape":"FirstName", - "documentation":"The first name included in the single sign-on details of the user profile.
" + "documentation":"The first name as part of the SSO user profile detail.
" }, "lastName":{ "shape":"LastName", - "documentation":"The last name included in the single sign-on details of the user profile.
" + "documentation":"The last name as part of the SSO user profile detail.
" }, "username":{ "shape":"UserProfileName", - "documentation":"The username included in the single sign-on details of the user profile.
" + "documentation":"The username as part of the SSO user profile detail.
" } }, - "documentation":"The single sign-on details of the user profile.
" + "documentation":"The SSO user profile detail.
" }, "StartDataSourceRunInput":{ "type":"structure", @@ -21502,6 +21914,10 @@ "shape":"Timestamp", "documentation":"The timestamp of when the subscription grant to the asset is created.
" }, + "permissions":{ + "shape":"Permissions", + "documentation":"The asset permissions.
" + }, "status":{ "shape":"SubscriptionGrantStatus", "documentation":"The status of the asset for which the subscription grant is created.
" @@ -21539,6 +21955,10 @@ "glossaryTerms":{ "shape":"DetailedGlossaryTerms", "documentation":"The glossary terms attached to the published asset for which the subscription grant is created.
" + }, + "permissions":{ + "shape":"Permissions", + "documentation":"The asset permissions.
" } }, "documentation":"The details of the published asset for which the subscription grant is created.
" @@ -21547,6 +21967,30 @@ "type":"list", "member":{"shape":"SubscribedAsset"} }, + "SubscribedGroup":{ + "type":"structure", + "members":{ + "id":{ + "shape":"GroupProfileId", + "documentation":"The ID of the subscribed group.
" + }, + "name":{ + "shape":"GroupProfileName", + "documentation":"The name of the subscribed group.
" + } + }, + "documentation":"The group that subscribes to the asset.
" + }, + "SubscribedGroupInput":{ + "type":"structure", + "members":{ + "identifier":{ + "shape":"GroupProfileId", + "documentation":"The ID of the subscribed group.
" + } + }, + "documentation":"The details of the subscribed group.
" + }, "SubscribedListing":{ "type":"structure", "required":[ @@ -21623,9 +22067,17 @@ "SubscribedPrincipal":{ "type":"structure", "members":{ + "group":{ + "shape":"SubscribedGroup", + "documentation":"The subscribed group.
" + }, "project":{ "shape":"SubscribedProject", "documentation":"The project that has the subscription grant.
" + }, + "user":{ + "shape":"SubscribedUser", + "documentation":"The subscribed user.
" } }, "documentation":"The principal that has the subscription grant for the asset.
", @@ -21634,9 +22086,17 @@ "SubscribedPrincipalInput":{ "type":"structure", "members":{ + "group":{ + "shape":"SubscribedGroupInput", + "documentation":"The subscribed group.
" + }, "project":{ "shape":"SubscribedProjectInput", "documentation":"The project that is to be given a subscription grant.
" + }, + "user":{ + "shape":"SubscribedUserInput", + "documentation":"The subscribed user.
" } }, "documentation":"The principal that is to be given a subscriptiong grant.
", @@ -21702,6 +22162,30 @@ }, "documentation":"The project that is to be given a subscription grant.
" }, + "SubscribedUser":{ + "type":"structure", + "members":{ + "details":{ + "shape":"UserProfileDetails", + "documentation":"The subscribed user details.
" + }, + "id":{ + "shape":"UserProfileId", + "documentation":"The ID of the subscribed user.
" + } + }, + "documentation":"The subscribed user.
" + }, + "SubscribedUserInput":{ + "type":"structure", + "members":{ + "identifier":{ + "shape":"UserProfileId", + "documentation":"The ID of the subscribed user.
" + } + }, + "documentation":"The subscribed user.
" + }, "SubscriptionGrantId":{ "type":"string", "pattern":"^[a-zA-Z0-9_-]{1,36}$" @@ -21760,6 +22244,10 @@ "shape":"DomainId", "documentation":"The identifier of the Amazon DataZone domain in which a subscription grant exists.
" }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"The environment ID of the subscription grant.
" + }, "grantedEntity":{ "shape":"GrantedEntity", "documentation":"The entity to which the subscription is granted.
" @@ -24010,6 +24498,39 @@ } } }, + "UpdateRootDomainUnitOwnerInput":{ + "type":"structure", + "required":[ + "currentOwner", + "domainIdentifier", + "newOwner" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request. This field is automatically populated if not provided.
", + "idempotencyToken":true + }, + "currentOwner":{ + "shape":"UserIdentifier", + "documentation":"The current owner of the root domain unit.
" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"The ID of the domain where the root domain unit owner is to be updated.
", + "location":"uri", + "locationName":"domainIdentifier" + }, + "newOwner":{ + "shape":"String", + "documentation":"The new owner of the root domain unit.
" + } + } + }, + "UpdateRootDomainUnitOwnerOutput":{ + "type":"structure", + "members":{} + }, "UpdateRuleInput":{ "type":"structure", "required":[ @@ -24192,6 +24713,10 @@ "shape":"DomainId", "documentation":"The identifier of the Amazon DataZone domain in which a subscription grant status is to be updated.
" }, + "environmentId":{ + "shape":"EnvironmentId", + "documentation":"The ID of the environment in which the subscription grant is updated.
" + }, "grantedEntity":{ "shape":"GrantedEntity", "documentation":"The granted entity to be updated as part of the UpdateSubscriptionGrantStatus action.
The results of the UpdateUserProfile action.
" + }, "domainId":{ "shape":"DomainId", "documentation":"The identifier of the Amazon DataZone domain in which a user profile is updated.
" @@ -24581,14 +25109,14 @@ "members":{ "iam":{ "shape":"IamUserProfileDetails", - "documentation":"The IAM details included in the user profile details.
" + "documentation":"The IAM details of the user profile.
" }, "sso":{ "shape":"SsoUserProfileDetails", - "documentation":"The single sign-on details included in the user profile details.
" + "documentation":"The SSO details of the user profile.
" } }, - "documentation":"The details of the user profile in Amazon DataZone.
", + "documentation":"The user profile details.
", "union":true }, "UserProfileId":{ diff --git a/awscli/botocore/data/devicefarm/2015-06-23/service-2.json b/awscli/botocore/data/devicefarm/2015-06-23/service-2.json index d9f1b198f2e7..62942f6cf13b 100644 --- a/awscli/botocore/data/devicefarm/2015-06-23/service-2.json +++ b/awscli/botocore/data/devicefarm/2015-06-23/service-2.json @@ -218,7 +218,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceAccountException"} ], - "documentation":"Deletes an AWS Device Farm project, given the project ARN.
Deleting this resource does not stop an in-progress run.
" + "documentation":"Deletes an AWS Device Farm project, given the project ARN. You cannot delete a project if it has an active run or session.
You cannot undo this operation.
Deletes a completed remote access session and its results.
" + "documentation":"Deletes a completed remote access session and its results. You cannot delete a remote access session if it is still active.
You cannot undo this operation.
Deletes the run, given the run ARN.
Deleting this resource does not stop an in-progress run.
" + "documentation":"Deletes the run, given the run ARN. You cannot delete a run if it is still active.
You cannot undo this operation.
Deletes a Selenium testing project and all content generated under it.
You cannot undo this operation.
You cannot delete a project if it has active sessions.
Deletes a Selenium testing project and all content generated under it. You cannot delete a project if it has active sessions.
You cannot undo this operation.
The requested object could not be deleted.
", "exception":true }, - "ClientId":{ - "type":"string", - "max":64, - "min":0 - }, "ContentType":{ "type":"string", "max":64, @@ -1624,6 +1625,14 @@ "vpcConfig":{ "shape":"VpcConfig", "documentation":"The VPC security groups and subnets that are attached to a project.
" + }, + "environmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"A set of environment variables which are used by default for all runs in the project. These environment variables are applied to the test run during the execution of a test spec file.
For more information about using test spec files, please see Custom test environments in AWS Device Farm.
" + }, + "executionRoleArn":{ + "shape":"AmazonRoleResourceName", + "documentation":"An IAM role to be assumed by the test host for all runs in the project.
" } }, "documentation":"Represents a request to the create project operation.
" @@ -1683,37 +1692,20 @@ "shape":"AmazonResourceName", "documentation":"The Amazon Resource Name (ARN) of the device instance for which you want to create a remote access session.
" }, - "sshPublicKey":{ - "shape":"SshPublicKey", - "documentation":"Ignored. The public key of the ssh key pair you want to use for connecting to remote devices in your remote debugging session. This key is required only if remoteDebugEnabled is set to true.
Remote debugging is no longer supported.
" - }, - "remoteDebugEnabled":{ - "shape":"Boolean", - "documentation":"Set to true if you want to access devices remotely for debugging in your remote access session.
Remote debugging is no longer supported.
" - }, - "remoteRecordEnabled":{ - "shape":"Boolean", - "documentation":"Set to true to enable remote recording for the remote access session.
The Amazon Resource Name (ARN) for the app to be recorded in the remote access session.
" - }, "name":{ "shape":"Name", "documentation":"The name of the remote access session to create.
" }, - "clientId":{ - "shape":"ClientId", - "documentation":"Unique identifier for the client. If you want access to multiple devices on the same client, you should pass the same clientId value in each call to CreateRemoteAccessSession. This identifier is required only if remoteDebugEnabled is set to true.
Remote debugging is no longer supported.
" - }, "configuration":{ "shape":"CreateRemoteAccessSessionConfiguration", "documentation":"The configuration information for the remote access session request.
" }, "interactionMode":{ "shape":"InteractionMode", - "documentation":"The interaction mode of the remote access session. Valid values are:
INTERACTIVE: You can interact with the iOS device by viewing, touching, and rotating the screen. You cannot run XCUITest framework-based tests in this mode.
NO_VIDEO: You are connected to the device, but cannot interact with it or view the screen. This mode has the fastest test execution speed. You can run XCUITest framework-based tests in this mode.
VIDEO_ONLY: You can view the screen, but cannot touch or rotate it. You can run XCUITest framework-based tests and watch the screen in this mode.
The interaction mode of the remote access session. Changing the interactive mode of remote access sessions is no longer available.
", + "deprecated":true, + "deprecatedMessage":"Changing the interactive mode of Remote Access sessions is no longer available.", + "deprecatedSince":"2019-09-09" }, "skipAppResign":{ "shape":"Boolean", @@ -2089,7 +2081,10 @@ }, "remoteDebugEnabled":{ "shape":"Boolean", - "documentation":"This flag is set to true if remote debugging is enabled for the device.
Remote debugging is no longer supported.
" + "documentation":"This flag is set to true if remote debugging is enabled for the device.
Remote debugging is no longer supported.
", + "deprecated":true, + "deprecatedMessage":"Direct Device Access is no longer available.", + "deprecatedSince":"2019-09-09" }, "fleetType":{ "shape":"String", @@ -2395,6 +2390,41 @@ "member":{"shape":"Device"} }, "Double":{"type":"double"}, + "EnvironmentVariable":{ + "type":"structure", + "required":[ + "name", + "value" + ], + "members":{ + "name":{ + "shape":"EnvironmentVariableName", + "documentation":"The name of the environment variable.
" + }, + "value":{ + "shape":"EnvironmentVariableValue", + "documentation":"The value of the environment variable.
" + } + }, + "documentation":"Information about an environment variable for a project or a run.
" + }, + "EnvironmentVariableName":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z_][a-zA-Z_0-9]*" + }, + "EnvironmentVariableValue":{ + "type":"string", + "max":256, + "min":1 + }, + "EnvironmentVariables":{ + "type":"list", + "member":{"shape":"EnvironmentVariable"}, + "max":32, + "min":1 + }, "ExceptionMessage":{"type":"string"}, "ExecutionConfiguration":{ "type":"structure", @@ -2858,10 +2888,6 @@ } } }, - "HostAddress":{ - "type":"string", - "max":1024 - }, "IdempotencyException":{ "type":"structure", "members":{ @@ -3513,7 +3539,7 @@ "members":{ "ResourceARN":{ "shape":"DeviceFarmArn", - "documentation":"The Amazon Resource Name (ARN) of the resource or resources for which to list tags. You can associate tags with the following Device Farm resources: PROJECT, RUN, NETWORK_PROFILE, INSTANCE_PROFILE, DEVICE_INSTANCE, SESSION, DEVICE_POOL, DEVICE, and VPCE_CONFIGURATION.
The Amazon Resource Name (ARN) of the resource or resources for which to list tags. You can associate tags with the following Device Farm resources: PROJECT, TESTGRID_PROJECT, RUN, NETWORK_PROFILE, INSTANCE_PROFILE, DEVICE_INSTANCE, SESSION, DEVICE_POOL, DEVICE, and VPCE_CONFIGURATION.
The VPC security groups and subnets that are attached to a project.
" + }, + "environmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"Environment variables associated with the project.
" + }, + "executionRoleArn":{ + "shape":"AmazonRoleResourceName", + "documentation":"The IAM execution role associated with the project.
" } }, "documentation":"Represents an operating-system neutral workspace for running and managing tests.
" @@ -4239,6 +4273,20 @@ "type":"list", "member":{"shape":"RecurringCharge"} }, + "RemoteAccessEndpoints":{ + "type":"structure", + "members":{ + "remoteDriverEndpoint":{ + "shape":"SensitiveURL", + "documentation":"URL for controlling the device using WebDriver-compliant clients, like Appium, during the remote access session.
" + }, + "interactiveEndpoint":{ + "shape":"SensitiveURL", + "documentation":"URL for viewing and interacting with the device during the remote access session.
" + } + }, + "documentation":"Represents the remote endpoints for viewing and controlling a device during a remote access session.
" + }, "RemoteAccessSession":{ "type":"structure", "members":{ @@ -4282,26 +4330,6 @@ "shape":"AmazonResourceName", "documentation":"The ARN of the instance.
" }, - "remoteDebugEnabled":{ - "shape":"Boolean", - "documentation":"This flag is set to true if remote debugging is enabled for the remote access session.
Remote debugging is no longer supported.
" - }, - "remoteRecordEnabled":{ - "shape":"Boolean", - "documentation":"This flag is set to true if remote recording is enabled for the remote access session.
The ARN for the app to be recorded in the remote access session.
" - }, - "hostAddress":{ - "shape":"HostAddress", - "documentation":"IP address of the EC2 host where you need to connect to remotely debug devices. Only returned if remote debugging is enabled for the remote access session.
Remote debugging is no longer supported.
" - }, - "clientId":{ - "shape":"ClientId", - "documentation":"Unique identifier of your client for the remote access session. Only returned if remote debugging is enabled for the remote access session.
Remote debugging is no longer supported.
" - }, "billingMethod":{ "shape":"BillingMethod", "documentation":"The billing method of the remote access session. Possible values include METERED or UNMETERED. For more information about metered devices, see AWS Device Farm terminology.
The endpoint for the remote access sesssion.
" + "documentation":"The endpoint for the remote access session. This field is deprecated, and is replaced by the new endpoints.interactiveEndpoint field.
The interaction mode of the remote access session. Valid values are:
INTERACTIVE: You can interact with the iOS device by viewing, touching, and rotating the screen. You cannot run XCUITest framework-based tests in this mode.
NO_VIDEO: You are connected to the device, but cannot interact with it or view the screen. This mode has the fastest test execution speed. You can run XCUITest framework-based tests in this mode.
VIDEO_ONLY: You can view the screen, but cannot touch or rotate it. You can run XCUITest framework-based tests and watch the screen in this mode.
The interaction mode of the remote access session. Changing the interactive mode of remote access sessions is no longer available.
", + "deprecated":true, + "deprecatedMessage":"Changing the interactive mode of Remote Access sessions is no longer available.", + "deprecatedSince":"2019-09-09" }, "skipAppResign":{ "shape":"SkipAppResign", @@ -4337,7 +4371,8 @@ "appUpload":{ "shape":"AmazonResourceName", "documentation":"The ARN for the app to be installed onto your device.
" - } + }, + "endpoints":{"shape":"RemoteAccessEndpoints"} }, "documentation":"Represents information about the remote access session.
" }, @@ -4574,6 +4609,14 @@ "vpcConfig":{ "shape":"VpcConfig", "documentation":"The VPC security groups and subnets that are attached to a project.
" + }, + "executionRoleArn":{ + "shape":"AmazonRoleResourceName", + "documentation":"The IAM role associated with the run.
" + }, + "environmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"Environment variables associated with the run.
" } }, "documentation":"Represents a test run on a set of devices with a given app package, test parameters, and so on.
" @@ -4668,6 +4711,14 @@ "billingMethod":{ "shape":"BillingMethod", "documentation":"Specifies the billing method for a test run: metered or unmetered. If the parameter is not specified, the default value is metered.
If you have purchased unmetered device slots, you must set this parameter to unmetered to make use of them. Otherwise, your run counts against your metered time.
Environment variables associated with the run.
" + }, + "executionRoleArn":{ + "shape":"AmazonRoleResourceName", + "documentation":"An IAM role to be assumed by the test host for the run.
" } }, "documentation":"Represents the settings for a run. Includes things like location, radio states, auxiliary apps, and network profiles.
" @@ -4769,7 +4820,7 @@ }, "SensitiveURL":{ "type":"string", - "max":2048, + "max":4096, "min":0, "sensitive":true }, @@ -4790,11 +4841,6 @@ "min":0 }, "SkipAppResign":{"type":"boolean"}, - "SshPublicKey":{ - "type":"string", - "max":8192, - "min":0 - }, "StopJobRequest":{ "type":"structure", "required":["arn"], @@ -4983,7 +5029,7 @@ "members":{ "ResourceARN":{ "shape":"DeviceFarmArn", - "documentation":"The Amazon Resource Name (ARN) of the resource or resources to which to add tags. You can associate tags with the following Device Farm resources: PROJECT, RUN, NETWORK_PROFILE, INSTANCE_PROFILE, DEVICE_INSTANCE, SESSION, DEVICE_POOL, DEVICE, and VPCE_CONFIGURATION.
The Amazon Resource Name (ARN) of the resource or resources to which to add tags. You can associate tags with the following Device Farm resources: PROJECT, TESTGRID_PROJECT, RUN, NETWORK_PROFILE, INSTANCE_PROFILE, DEVICE_INSTANCE, SESSION, DEVICE_POOL, DEVICE, and VPCE_CONFIGURATION.
The Amazon Resource Name (ARN) of the resource or resources from which to delete tags. You can associate tags with the following Device Farm resources: PROJECT, RUN, NETWORK_PROFILE, INSTANCE_PROFILE, DEVICE_INSTANCE, SESSION, DEVICE_POOL, DEVICE, and VPCE_CONFIGURATION.
The Amazon Resource Name (ARN) of the resource or resources from which to delete tags. You can associate tags with the following Device Farm resources: PROJECT, TESTGRID_PROJECT, RUN, NETWORK_PROFILE, INSTANCE_PROFILE, DEVICE_INSTANCE, SESSION, DEVICE_POOL, DEVICE, and VPCE_CONFIGURATION.
The VPC security groups and subnets that are attached to a project.
" + }, + "environmentVariables":{ + "shape":"EnvironmentVariables", + "documentation":"A set of environment variables which are used by default for all runs in the project. These environment variables are applied to the test run during the execution of a test spec file.
For more information about using test spec files, please see Custom test environments in AWS Device Farm.
" + }, + "executionRoleArn":{ + "shape":"AmazonRoleResourceName", + "documentation":"An IAM role to be assumed by the test host for all runs in the project.
" } }, "documentation":"Represents a request to the update project operation.
" diff --git a/awscli/botocore/data/dms/2016-01-01/paginators-1.json b/awscli/botocore/data/dms/2016-01-01/paginators-1.json index 054b79c2c971..ae92c8252ca3 100644 --- a/awscli/botocore/data/dms/2016-01-01/paginators-1.json +++ b/awscli/botocore/data/dms/2016-01-01/paginators-1.json @@ -83,6 +83,18 @@ "output_token": "Marker", "limit_key": "MaxRecords", "result_key": "DataMigrations" + }, + "DescribeMetadataModelChildren": { + "input_token": "Marker", + "output_token": "Marker", + "limit_key": "MaxRecords", + "result_key": "MetadataModelChildren" + }, + "DescribeMetadataModelCreations": { + "input_token": "Marker", + "output_token": "Marker", + "limit_key": "MaxRecords", + "result_key": "Requests" } } } diff --git a/awscli/botocore/data/dms/2016-01-01/service-2.json b/awscli/botocore/data/dms/2016-01-01/service-2.json index 22af05bb58e3..0bd7ec6ab7ec 100644 --- a/awscli/botocore/data/dms/2016-01-01/service-2.json +++ b/awscli/botocore/data/dms/2016-01-01/service-2.json @@ -56,6 +56,36 @@ ], "documentation":"End of support notice: On May 20, 2026, Amazon Web Services will end support for Amazon Web Services DMS Fleet Advisor;. After May 20, 2026, you will no longer be able to access the Amazon Web Services DMS Fleet Advisor; console or Amazon Web Services DMS Fleet Advisor; resources. For more information, see Amazon Web Services DMS Fleet Advisor end of support.
Starts the analysis of up to 20 source databases to recommend target engines for each source database. This is a batch version of StartRecommendations.
The result of analysis of each source database is reported individually in the response. Because the batch request can result in a combination of successful and unsuccessful actions, you should check for batch errors even when the call returns an HTTP status code of 200.
Cancels a single metadata model conversion operation that was started with StartMetadataModelConversion.
Cancels a single metadata model creation operation that was started with StartMetadataModelCreation.
Returns a paginated list of instance profiles for your account in the current region.
" }, + "DescribeMetadataModel":{ + "name":"DescribeMetadataModel", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMetadataModelMessage"}, + "output":{"shape":"DescribeMetadataModelResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"Gets detailed information about the specified metadata model, including its definition and corresponding converted objects in the target database if applicable.
" + }, "DescribeMetadataModelAssessments":{ "name":"DescribeMetadataModelAssessments", "http":{ @@ -777,6 +821,20 @@ ], "documentation":"Returns a paginated list of metadata model assessments for your account in the current region.
" }, + "DescribeMetadataModelChildren":{ + "name":"DescribeMetadataModelChildren", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMetadataModelChildrenMessage"}, + "output":{"shape":"DescribeMetadataModelChildrenResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"Gets a list of child metadata models for the specified metadata model in the database hierarchy.
" + }, "DescribeMetadataModelConversions":{ "name":"DescribeMetadataModelConversions", "http":{ @@ -790,6 +848,20 @@ ], "documentation":"Returns a paginated list of metadata model conversions for a migration project.
" }, + "DescribeMetadataModelCreations":{ + "name":"DescribeMetadataModelCreations", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeMetadataModelCreationsMessage"}, + "output":{"shape":"DescribeMetadataModelCreationsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"Returns a paginated list of metadata model creation requests for a migration project.
" + }, "DescribeMetadataModelExportsAsScript":{ "name":"DescribeMetadataModelExportsAsScript", "http":{ @@ -1083,6 +1155,21 @@ ], "documentation":"Saves a copy of a database migration assessment report to your Amazon S3 bucket. DMS can save your assessment report as a comma-separated value (CSV) or a PDF file.
" }, + "GetTargetSelectionRules":{ + "name":"GetTargetSelectionRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetTargetSelectionRulesMessage"}, + "output":{"shape":"GetTargetSelectionRulesResponse"}, + "errors":[ + {"shape":"ResourceNotFoundFault"}, + {"shape":"InvalidResourceStateFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"Converts source selection rules into their target counterparts for schema conversion operations.
" + }, "ImportCertificate":{ "name":"ImportCertificate", "http":{ @@ -1094,7 +1181,8 @@ "errors":[ {"shape":"ResourceAlreadyExistsFault"}, {"shape":"InvalidCertificateFault"}, - {"shape":"ResourceQuotaExceededFault"} + {"shape":"ResourceQuotaExceededFault"}, + {"shape":"KMSKeyNotAccessibleFault"} ], "documentation":"Uploads the specified certificate.
" }, @@ -1483,6 +1571,22 @@ ], "documentation":"Converts your source database objects to a format compatible with the target database.
" }, + "StartMetadataModelCreation":{ + "name":"StartMetadataModelCreation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartMetadataModelCreationMessage"}, + "output":{"shape":"StartMetadataModelCreationResponse"}, + "errors":[ + {"shape":"ResourceAlreadyExistsFault"}, + {"shape":"ResourceNotFoundFault"}, + {"shape":"ResourceQuotaExceededFault"}, + {"shape":"AccessDeniedFault"} + ], + "documentation":"Creates source metadata model of the given type with the specified properties for schema conversion operations.
This action supports only these directions: from SQL Server to Aurora PostgreSQL, or from SQL Server to RDS for PostgreSQL.
The migration project name or Amazon Resource Name (ARN).
" + }, + "RequestIdentifier":{ + "shape":"String", + "documentation":"The identifier for the metadata model conversion operation to cancel. This operation was initiated by StartMetadataModelConversion.
" + } + } + }, + "CancelMetadataModelConversionResponse":{ + "type":"structure", + "members":{ + "Request":{"shape":"SchemaConversionRequest"} + } + }, + "CancelMetadataModelCreationMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "RequestIdentifier" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"The migration project name or Amazon Resource Name (ARN).
" + }, + "RequestIdentifier":{ + "shape":"String", + "documentation":"The identifier for the metadata model creation operation to cancel. This operation was initiated by StartMetadataModelCreation.
The key length of the cryptographic algorithm being used.
" + }, + "KmsKeyId":{ + "shape":"String", + "documentation":"An KMS key identifier that is used to encrypt the certificate.
If you don't specify a value for the KmsKeyId parameter, then DMS uses your default encryption key.
KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.
" } }, "documentation":"The SSL certificate that can be used to encrypt connections between the endpoints and the replication instance.
" @@ -2245,7 +2399,7 @@ }, "Engine":{ "shape":"String", - "documentation":"The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.
The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos, docdb, and sybase. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.
The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.
The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos, docdb, and sybase. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.
The JSON string that specifies which metadata model's children to retrieve. Only one selection rule with \"rule-action\": \"explicit\" can be provided. For more information, see Selection Rules in the DMS User Guide.
" + }, + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"The migration project name or Amazon Resource Name (ARN).
" + }, + "Origin":{ + "shape":"OriginTypeValue", + "documentation":"Specifies whether to retrieve metadata from the source or target tree. Valid values: SOURCE | TARGET
" + }, + "Marker":{ + "shape":"String", + "documentation":"Specifies the unique pagination token that indicates where the next page should start. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
" + }, + "MaxRecords":{ + "shape":"IntegerOptional", + "documentation":"The maximum number of metadata model children to include in the response. If more items exist than the specified MaxRecords value, a marker is included in the response so that the remaining results can be retrieved.
" + } + } + }, + "DescribeMetadataModelChildrenResponse":{ + "type":"structure", + "members":{ + "Marker":{ + "shape":"String", + "documentation":"Specifies the unique pagination token that makes it possible to display the next page of metadata model children. If a marker is returned, there are more metadata model children available.
" + }, + "MetadataModelChildren":{ + "shape":"MetadataModelReferenceList", + "documentation":"A list of child metadata models.
" + } + } + }, "DescribeMetadataModelConversionsMessage":{ "type":"structure", "required":["MigrationProjectIdentifier"], @@ -4321,6 +4519,41 @@ } } }, + "DescribeMetadataModelCreationsMessage":{ + "type":"structure", + "required":["MigrationProjectIdentifier"], + "members":{ + "Filters":{ + "shape":"FilterList", + "documentation":"Filters applied to the metadata model creation requests described in the form of key-value pairs. The supported filters are request-id and status.
" + }, + "Marker":{ + "shape":"String", + "documentation":"Specifies the unique pagination token that makes it possible to display the next page of metadata model creation requests. If Marker is returned by a previous response, there are more metadata model creation requests available.
" + }, + "MaxRecords":{ + "shape":"IntegerOptional", + "documentation":"The maximum number of metadata model creation requests to include in the response. If more requests exist than the specified MaxRecords value, a pagination token is provided in the response so that you can retrieve the remaining results.
" + }, + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"The migration project name or Amazon Resource Name (ARN).
" + } + } + }, + "DescribeMetadataModelCreationsResponse":{ + "type":"structure", + "members":{ + "Marker":{ + "shape":"String", + "documentation":"Specifies the unique pagination token that makes it possible to display the next page of metadata model creation requests. If Marker is returned, there are more metadata model creation requests available.
" + }, + "Requests":{ + "shape":"SchemaConversionRequestList", + "documentation":"A list of metadata model creation requests. The ExportSqlDetails field will never be populated for the DescribeMetadataModelCreations operation.
" + } + } + }, "DescribeMetadataModelExportsAsScriptMessage":{ "type":"structure", "required":["MigrationProjectIdentifier"], @@ -4426,6 +4659,49 @@ } } }, + "DescribeMetadataModelMessage":{ + "type":"structure", + "required":[ + "SelectionRules", + "MigrationProjectIdentifier", + "Origin" + ], + "members":{ + "SelectionRules":{ + "shape":"String", + "documentation":"The JSON string that specifies which metadata model to retrieve. Only one selection rule with \"rule-action\": \"explicit\" can be provided. For more information, see Selection Rules in the DMS User Guide.
" + }, + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"The migration project name or Amazon Resource Name (ARN).
" + }, + "Origin":{ + "shape":"OriginTypeValue", + "documentation":"Specifies whether to retrieve metadata from the source or target tree. Valid values: SOURCE | TARGET
" + } + } + }, + "DescribeMetadataModelResponse":{ + "type":"structure", + "members":{ + "MetadataModelName":{ + "shape":"String", + "documentation":"The name of the metadata model.
" + }, + "MetadataModelType":{ + "shape":"String", + "documentation":"The type of the metadata model.
" + }, + "TargetMetadataModels":{ + "shape":"MetadataModelReferenceList", + "documentation":"A list of counterpart metadata models in the target. This field is populated only when Origin is SOURCE and after the object has been converted by DMS Schema Conversion.
" + }, + "Definition":{ + "shape":"String", + "documentation":"The SQL text of the metadata model. This field might not be populated for some metadata models.
" + } + } + }, "DescribeMigrationProjectsMessage":{ "type":"structure", "members":{ @@ -5250,6 +5526,10 @@ "shape":"String", "documentation":"Value returned by a call to CreateEndpoint that can be used for cross-account validation. Use it on a subsequent call to CreateEndpoint to create the endpoint with a cross-account.
" }, + "IsReadOnly":{ + "shape":"BooleanOptional", + "documentation":"Indicates whether the endpoint is read-only. When set to true, this endpoint is managed by DMS as part of a zero-ETL integration and cannot be modified or deleted directly. You can only modify or delete read-only endpoints through their associated zero-ETL integration.
The settings for the DynamoDB target endpoint. For more information, see the DynamoDBSettings structure.
The settings for the Amazon Timestream target endpoint. For more information, see the TimestreamSettings structure.
Settings in JSON format for the target Lakehouse endpoint. This parameter applies to endpoints that are automatically created by DMS for a Lakehouse data warehouse as part of a zero-ETL integration.
" } }, "documentation":"Describes an endpoint of a database instance in response to operations such as the following:
CreateEndpoint
DescribeEndpoint
ModifyEndpoint
Settings in JSON format for the source GCP MySQL endpoint.
" }, + "GetTargetSelectionRulesMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "SelectionRules" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"The migration project name or Amazon Resource Name (ARN).
" + }, + "SelectionRules":{ + "shape":"String", + "documentation":"The JSON string representing the source selection rules for conversion. Selection rules must contain only supported metadata model types. For more information, see Selection Rules in the DMS User Guide.
" + } + } + }, + "GetTargetSelectionRulesResponse":{ + "type":"structure", + "members":{ + "TargetSelectionRules":{ + "shape":"String", + "documentation":"The JSON string representing the counterpart selection rules in the target.
" + } + } + }, "IBMDb2Settings":{ "type":"structure", "members":{ @@ -5908,6 +6218,10 @@ "Tags":{ "shape":"TagList", "documentation":"The tags associated with the certificate.
" + }, + "KmsKeyId":{ + "shape":"String", + "documentation":"An KMS key identifier that is used to encrypt the certificate.
If you don't specify a value for the KmsKeyId parameter, then DMS uses your default encryption key.
KMS creates the default encryption key for your Amazon Web Services account. Your Amazon Web Services account has a different default encryption key for each Amazon Web Services Region.
" } } }, @@ -6295,6 +6609,17 @@ }, "documentation":"Provides information that describes an Amazon Kinesis Data Stream endpoint. This information includes the output format of records applied to the endpoint and details of transaction and control table data information.
" }, + "LakehouseSettings":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Lakehouse resource that serves as the target for this endpoint.
" + } + }, + "documentation":"Provides information that defines a Lakehouse endpoint. This endpoint type is used for zero-ETL integrations with Lakehouse data warehouses.
" + }, "Limitation":{ "type":"structure", "members":{ @@ -6404,6 +6729,35 @@ "json-unformatted" ] }, + "MetadataModelProperties":{ + "type":"structure", + "members":{ + "StatementProperties":{ + "shape":"StatementProperties", + "documentation":"The properties of the statement.
" + } + }, + "documentation":"The properties of metadata model in JSON format. This object is a Union. Only one member of this object can be specified or returned.
", + "union":true + }, + "MetadataModelReference":{ + "type":"structure", + "members":{ + "MetadataModelName":{ + "shape":"String", + "documentation":"The name of the metadata model.
" + }, + "SelectionRules":{ + "shape":"String", + "documentation":"The JSON string representing metadata model location.
" + } + }, + "documentation":"A reference to a metadata model, including its name and selection rules for location identification.
" + }, + "MetadataModelReferenceList":{ + "type":"list", + "member":{"shape":"MetadataModelReference"} + }, "MicrosoftSQLServerSettings":{ "type":"structure", "members":{ @@ -6673,7 +7027,7 @@ }, "Engine":{ "shape":"String", - "documentation":"The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos and docdb. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.
The type of database engine for the data provider. Valid values include \"aurora\", \"aurora-postgresql\", \"mysql\", \"oracle\", \"postgres\", \"sqlserver\", redshift, mariadb, mongodb, db2, db2-zos, docdb, and sybase. A value of \"aurora\" represents Amazon Aurora MySQL-Compatible Edition.
The name of the database object.
" + }, + "Type":{ + "shape":"String", + "documentation":"The type of the database object. For example, a table, view, procedure, and so on.
" + }, + "EndpointType":{ + "shape":"String", + "documentation":"The type of the data provider. This parameter can store one of the following values: \"SOURCE\" or \"TARGET\".
The database object that the schema conversion operation currently uses.
" + }, + "Progress":{ + "type":"structure", + "members":{ + "ProgressPercent":{ + "shape":"DoubleOptional", + "documentation":"The percent complete for the current step of the schema conversion operation.
" + }, + "TotalObjects":{ + "shape":"Long", + "documentation":"The number of objects in this schema conversion operation.
" + }, + "ProgressStep":{ + "shape":"String", + "documentation":"The step of the schema conversion operation. This parameter can store one of the following values:
IN_PROGRESS – The operation is running.
LOADING_METADATA – Loads metadata from the source database.
COUNTING_OBJECTS – Determines the number of objects involved in the operation.
ANALYZING – Analyzes the source database objects.
CONVERTING – Converts the source database objects to a format compatible with the target database.
APPLYING – Applies the converted code to the target database.
FINISHED – The operation completed successfully.
The name of the database object that the schema conversion operation currently uses.
" + } + }, + "documentation":"Provides information about the progress of the schema conversion operation.
" + }, "ProvisionData":{ "type":"structure", "members":{ @@ -8696,6 +9090,10 @@ "ReplicationDeprovisionTime":{ "shape":"TStamp", "documentation":"The timestamp when DMS will deprovision the replication.
" + }, + "IsReadOnly":{ + "shape":"BooleanOptional", + "documentation":"Indicates whether the serverless replication is read-only. When set to true, this replication is managed by DMS as part of a zero-ETL integration and cannot be modified or deleted directly. You can only modify or delete read-only replications through their associated zero-ETL integration.
Provides information that describes a serverless replication created by the CreateReplication operation.
The time the serverless replication config was updated.
" + }, + "IsReadOnly":{ + "shape":"BooleanOptional", + "documentation":"Indicates whether the replication configuration is read-only. When set to true, this replication configuration is managed by DMS as part of a zero-ETL integration and cannot be modified or deleted directly. You can only modify or delete read-only replication configurations through their associated zero-ETL integration.
This object provides configuration information about a serverless replication.
" @@ -9021,6 +9423,10 @@ "SupportedNetworkTypes":{ "shape":"StringList", "documentation":"The IP addressing protocol supported by the subnet group. This is used by a replication instance with values such as IPv4 only or Dual-stack that supports both IPv4 and IPv6 addressing. IPv6 only is not yet supported.
" + }, + "IsReadOnly":{ + "shape":"BooleanOptional", + "documentation":"Indicates whether the replication subnet group is read-only. When set to true, this subnet group is managed by DMS as part of a zero-ETL integration and cannot be modified or deleted directly. You can only modify or delete read-only subnet groups through their associated zero-ETL integration.
Describes a subnet group in response to a request by the DescribeReplicationSubnetGroups operation.
The migration project ARN.
" }, "Error":{"shape":"ErrorDetails"}, - "ExportSqlDetails":{"shape":"ExportSqlDetails"} + "ExportSqlDetails":{"shape":"ExportSqlDetails"}, + "Progress":{"shape":"Progress"} }, "documentation":"Provides information about a schema conversion action.
" }, @@ -9913,6 +10320,42 @@ } } }, + "StartMetadataModelCreationMessage":{ + "type":"structure", + "required":[ + "MigrationProjectIdentifier", + "SelectionRules", + "MetadataModelName", + "Properties" + ], + "members":{ + "MigrationProjectIdentifier":{ + "shape":"MigrationProjectIdentifier", + "documentation":"The migration project name or Amazon Resource Name (ARN).
" + }, + "SelectionRules":{ + "shape":"String", + "documentation":"The JSON string that specifies the location where the metadata model will be created. Selection rules must specify a single schema. For more information, see Selection Rules in the DMS User Guide.
" + }, + "MetadataModelName":{ + "shape":"String", + "documentation":"The name of the metadata model.
" + }, + "Properties":{ + "shape":"MetadataModelProperties", + "documentation":"The properties of metadata model in JSON format. This object is a Union. Only one member of this object can be specified or returned.
" + } + } + }, + "StartMetadataModelCreationResponse":{ + "type":"structure", + "members":{ + "RequestIdentifier":{ + "shape":"String", + "documentation":"The identifier for the metadata model creation operation.
" + } + } + }, "StartMetadataModelExportAsScriptMessage":{ "type":"structure", "required":[ @@ -10235,6 +10678,17 @@ "reload-target" ] }, + "StatementProperties":{ + "type":"structure", + "required":["Definition"], + "members":{ + "Definition":{ + "shape":"String", + "documentation":"The SQL text of the statement.
" + } + }, + "documentation":"The properties of the statement for metadata model creation.
" + }, "StopDataMigrationMessage":{ "type":"structure", "required":["DataMigrationIdentifier"], @@ -10378,6 +10832,36 @@ "type":"list", "member":{"shape":"SupportedEndpointType"} }, + "SybaseAseDataProviderSettings":{ + "type":"structure", + "members":{ + "ServerName":{ + "shape":"String", + "documentation":"The name of the SAP ASE server.
" + }, + "Port":{ + "shape":"IntegerOptional", + "documentation":"The port value for the SAP ASE data provider.
" + }, + "DatabaseName":{ + "shape":"String", + "documentation":"The database name on the SAP ASE data provider.
" + }, + "SslMode":{ + "shape":"DmsSslModeValue", + "documentation":"The SSL mode used to connect to the SAP ASE data provider. The default value is none.
Specifies whether to encrypt the password when connecting to the Sybase ASE database. When set to true, the connection password is encrypted during transmission. Default is true.
" + }, + "CertificateArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the certificate used for SSL connection.
" + } + }, + "documentation":"Provides information that defines an SAP ASE data provider.
" + }, "SybaseSettings":{ "type":"structure", "members":{ @@ -10420,9 +10904,9 @@ "TablePreparationMode":{ "type":"string", "enum":[ - "do-nothing", + "drop-tables-on-target", "truncate", - "drop-tables-on-target" + "do-nothing" ] }, "TableStatistics":{ diff --git a/awscli/botocore/data/dsql/2018-05-10/service-2.json b/awscli/botocore/data/dsql/2018-05-10/service-2.json index d9ec2285f05f..1a778e1837b7 100644 --- a/awscli/botocore/data/dsql/2018-05-10/service-2.json +++ b/awscli/botocore/data/dsql/2018-05-10/service-2.json @@ -334,6 +334,10 @@ }, "documentation":"A summary of the properties of a cluster.
" }, + "ClusterVpcEndpoint":{ + "type":"string", + "pattern":"[a-zA-Z0-9.-]+" + }, "ConflictException":{ "type":"structure", "required":["message"], @@ -667,6 +671,10 @@ "serviceName":{ "shape":"ServiceName", "documentation":"The VPC endpoint service name.
" + }, + "clusterVpcEndpoint":{ + "shape":"ClusterVpcEndpoint", + "documentation":"The VPC connection endpoint for the cluster.
" } } }, diff --git a/awscli/botocore/data/dynamodb/2012-08-10/service-2.json b/awscli/botocore/data/dynamodb/2012-08-10/service-2.json index 06449c85f60b..5daf2d39a578 100644 --- a/awscli/botocore/data/dynamodb/2012-08-10/service-2.json +++ b/awscli/botocore/data/dynamodb/2012-08-10/service-2.json @@ -3958,7 +3958,6 @@ "KeySchema":{ "type":"list", "member":{"shape":"KeySchemaElement"}, - "max":2, "min":1 }, "KeySchemaAttributeName":{ @@ -5391,7 +5390,7 @@ "documentation":"A list of ThrottlingReason that provide detailed diagnostic information about why the request was throttled.
" } }, - "documentation":"Throughput exceeds the current throughput quota for your account. For detailed information about why the request was throttled and the ARN of the impacted resource, find the ThrottlingReason field in the returned exception. Contact Amazon Web ServicesSupport to request a quota increase.
", + "documentation":"Throughput exceeds the current throughput quota for your account. For detailed information about why the request was throttled and the ARN of the impacted resource, find the ThrottlingReason field in the returned exception. Contact Amazon Web Services Support to request a quota increase.
", "exception":true }, "Resource":{"type":"string"}, diff --git a/awscli/botocore/data/ec2/2016-11-15/paginators-1.json b/awscli/botocore/data/ec2/2016-11-15/paginators-1.json index 30609149344e..04c0e06328f0 100644 --- a/awscli/botocore/data/ec2/2016-11-15/paginators-1.json +++ b/awscli/botocore/data/ec2/2016-11-15/paginators-1.json @@ -985,6 +985,12 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "IpamPrefixListResolverVersions" + }, + "DescribeVpnConcentrators": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "VpnConcentrators" } } } diff --git a/awscli/botocore/data/ec2/2016-11-15/service-2.json b/awscli/botocore/data/ec2/2016-11-15/service-2.json index d32907f0d05e..6b883028a453 100644 --- a/awscli/botocore/data/ec2/2016-11-15/service-2.json +++ b/awscli/botocore/data/ec2/2016-11-15/service-2.json @@ -860,6 +860,16 @@ "output":{"shape":"CreateInternetGatewayResult"}, "documentation":"Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway.
For more information, see Internet gateways in the Amazon VPC User Guide.
" }, + "CreateInterruptibleCapacityReservationAllocation":{ + "name":"CreateInterruptibleCapacityReservationAllocation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateInterruptibleCapacityReservationAllocationRequest"}, + "output":{"shape":"CreateInterruptibleCapacityReservationAllocationResult"}, + "documentation":"Creates an interruptible Capacity Reservation by specifying the number of unused instances you want to allocate from your source reservation. This helps you make unused capacity available for other workloads within your account while maintaining control to reclaim it.
" + }, "CreateIpam":{ "name":"CreateIpam", "http":{ @@ -880,6 +890,16 @@ "output":{"shape":"CreateIpamExternalResourceVerificationTokenResult"}, "documentation":"Create a verification token.
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
" }, + "CreateIpamPolicy":{ + "name":"CreateIpamPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateIpamPolicyRequest"}, + "output":{"shape":"CreateIpamPolicyResult"}, + "documentation":"Creates an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
For more information, see Define public IPv4 allocation strategy with IPAM policies in the Amazon VPC IPAM User Guide.
" + }, "CreateIpamPool":{ "name":"CreateIpamPool", "http":{ @@ -1358,6 +1378,26 @@ "output":{"shape":"CreateTransitGatewayConnectPeerResult"}, "documentation":"Creates a Connect peer for a specified transit gateway Connect attachment between a transit gateway and an appliance.
The peer address and transit gateway address must be the same IP address family (IPv4 or IPv6).
For more information, see Connect peers in the Amazon Web Services Transit Gateways Guide.
" }, + "CreateTransitGatewayMeteringPolicy":{ + "name":"CreateTransitGatewayMeteringPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateTransitGatewayMeteringPolicyRequest"}, + "output":{"shape":"CreateTransitGatewayMeteringPolicyResult"}, + "documentation":"Creates a metering policy for a transit gateway to track and measure network traffic.
" + }, + "CreateTransitGatewayMeteringPolicyEntry":{ + "name":"CreateTransitGatewayMeteringPolicyEntry", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateTransitGatewayMeteringPolicyEntryRequest"}, + "output":{"shape":"CreateTransitGatewayMeteringPolicyEntryResult"}, + "documentation":"Creates an entry in a transit gateway metering policy to define traffic measurement rules.
" + }, "CreateTransitGatewayMulticastDomain":{ "name":"CreateTransitGatewayMulticastDomain", "http":{ @@ -1508,6 +1548,16 @@ "output":{"shape":"CreateVpcBlockPublicAccessExclusionResult"}, "documentation":"Create a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" }, + "CreateVpcEncryptionControl":{ + "name":"CreateVpcEncryptionControl", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateVpcEncryptionControlRequest"}, + "output":{"shape":"CreateVpcEncryptionControlResult"}, + "documentation":"Creates a VPC Encryption Control configuration for a specified VPC. VPC Encryption Control enables you to enforce encryption for all data in transit within and between VPCs to meet compliance requirements for standards like HIPAA, FedRAMP, and PCI DSS.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, "CreateVpcEndpoint":{ "name":"CreateVpcEndpoint", "http":{ @@ -1548,6 +1598,16 @@ "output":{"shape":"CreateVpcPeeringConnectionResult"}, "documentation":"Requests a VPC peering connection between two VPCs: a requester VPC that you own and an accepter VPC with which to create the connection. The accepter VPC can belong to another Amazon Web Services account and can be in a different Region to the requester VPC. The requester VPC and accepter VPC cannot have overlapping CIDR blocks.
Limitations and rules apply to a VPC peering connection. For more information, see the VPC peering limitations in the VPC Peering Guide.
The owner of the accepter VPC must accept the peering request to activate the peering connection. The VPC peering connection request expires after 7 days, after which it cannot be accepted or rejected.
If you create a VPC peering connection request between VPCs with overlapping CIDR blocks, the VPC peering connection has a status of failed.
Creates a VPN concentrator that aggregates multiple VPN connections to a transit gateway.
" + }, "CreateVpnConnection":{ "name":"CreateVpnConnection", "http":{ @@ -1754,6 +1814,16 @@ "output":{"shape":"DeleteIpamExternalResourceVerificationTokenResult"}, "documentation":"Delete a verification token.
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
" }, + "DeleteIpamPolicy":{ + "name":"DeleteIpamPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteIpamPolicyRequest"}, + "output":{"shape":"DeleteIpamPolicyResult"}, + "documentation":"Deletes an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
" + }, "DeleteIpamPool":{ "name":"DeleteIpamPool", "http":{ @@ -2194,6 +2264,26 @@ "output":{"shape":"DeleteTransitGatewayConnectPeerResult"}, "documentation":"Deletes the specified Connect peer.
" }, + "DeleteTransitGatewayMeteringPolicy":{ + "name":"DeleteTransitGatewayMeteringPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteTransitGatewayMeteringPolicyRequest"}, + "output":{"shape":"DeleteTransitGatewayMeteringPolicyResult"}, + "documentation":"Deletes a transit gateway metering policy.
" + }, + "DeleteTransitGatewayMeteringPolicyEntry":{ + "name":"DeleteTransitGatewayMeteringPolicyEntry", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteTransitGatewayMeteringPolicyEntryRequest"}, + "output":{"shape":"DeleteTransitGatewayMeteringPolicyEntryResult"}, + "documentation":"Deletes an entry from a transit gateway metering policy.
" + }, "DeleteTransitGatewayMulticastDomain":{ "name":"DeleteTransitGatewayMulticastDomain", "http":{ @@ -2342,6 +2432,16 @@ "output":{"shape":"DeleteVpcBlockPublicAccessExclusionResult"}, "documentation":"Delete a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" }, + "DeleteVpcEncryptionControl":{ + "name":"DeleteVpcEncryptionControl", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteVpcEncryptionControlRequest"}, + "output":{"shape":"DeleteVpcEncryptionControlResult"}, + "documentation":"Deletes a VPC Encryption Control configuration. This removes the encryption policy enforcement from the specified VPC.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, "DeleteVpcEndpointConnectionNotifications":{ "name":"DeleteVpcEndpointConnectionNotifications", "http":{ @@ -2382,6 +2482,16 @@ "output":{"shape":"DeleteVpcPeeringConnectionResult"}, "documentation":"Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the accepter VPC can delete the VPC peering connection if it's in the active state. The owner of the requester VPC can delete a VPC peering connection in the pending-acceptance state. You cannot delete a VPC peering connection that's in the failed or rejected state.
Deletes the specified VPN concentrator.
" + }, "DeleteVpnConnection":{ "name":"DeleteVpnConnection", "http":{ @@ -3057,7 +3167,7 @@ }, "input":{"shape":"DescribeInstanceAttributeRequest"}, "output":{"shape":"InstanceAttribute"}, - "documentation":"Describes the specified attribute of the specified instance. You can specify only one attribute at a time.
" + "documentation":"Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Available attributes include SQL license exemption configuration for instances registered with the SQL LE service.
" }, "DescribeInstanceConnectEndpoints":{ "name":"DescribeInstanceConnectEndpoints", @@ -3109,6 +3219,26 @@ "output":{"shape":"DescribeInstanceImageMetadataResult"}, "documentation":"Describes the AMI that was used to launch an instance, even if the AMI is deprecated, deregistered, made private (no longer public or shared with your account), or not allowed.
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance.
If you specify an instance ID that is not valid, an instance that doesn't exist, or an instance that you do not own, an error (InvalidInstanceID.NotFound) is returned.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
In the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected Availability Zone, or do not specify any instance IDs at all, the call fails. If you specify only instance IDs that are in an unaffected Availability Zone, the call works normally.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the historical SQL Server High Availability states for Amazon EC2 instances that are enabled for Amazon EC2 High Availability for SQL Server monitoring.
" + }, + "DescribeInstanceSqlHaStates":{ + "name":"DescribeInstanceSqlHaStates", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeInstanceSqlHaStatesRequest"}, + "output":{"shape":"DescribeInstanceSqlHaStatesResult"}, + "documentation":"Describes the SQL Server High Availability states for Amazon EC2 instances that are enabled for Amazon EC2 High Availability for SQL Server monitoring.
" + }, "DescribeInstanceStatus":{ "name":"DescribeInstanceStatus", "http":{ @@ -3117,7 +3247,7 @@ }, "input":{"shape":"DescribeInstanceStatusRequest"}, "output":{"shape":"DescribeInstanceStatusResult"}, - "documentation":"Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.
Instance status includes the following components:
Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.
Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.
Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.
The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the status of the specified instances or all of your instances. By default, only running instances are described, unless you specifically indicate to return the status of all instances.
Instance status includes the following components:
Status checks - Amazon EC2 performs status checks on running EC2 instances to identify hardware and software issues. For more information, see Status checks for your instances and Troubleshoot instances with failed status checks in the Amazon EC2 User Guide.
Scheduled events - Amazon EC2 can schedule events (such as reboot, stop, or terminate) for your instances related to hardware issues, software updates, or system maintenance. For more information, see Scheduled events for your instances in the Amazon EC2 User Guide.
Instance state - You can manage your instances from the moment you launch them through their termination. For more information, see Instance lifecycle in the Amazon EC2 User Guide.
SQL license exemption monitoring - For instances registered with the SQL LE service, status includes SQL license exemption monitoring health and processing status to provide operational visibility into license exemption functionality.
The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the specified instances or all instances.
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.
If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.
The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the specified instances or all instances.
If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully.
The response includes SQL license exemption status information for instances registered with the SQL LE service, providing visibility into license exemption configuration and status.
If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output.
Recently terminated instances might appear in the returned results. This interval is usually less than one hour.
If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally.
The Amazon EC2 API follows an eventual consistency model. This means that the result of an API command you run that creates or modifies resources might not be immediately available to all subsequent commands you run. For guidance on how to manage eventual consistency, see Eventual consistency in the Amazon EC2 API in the Amazon EC2 Developer Guide.
We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describe verification tokens. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
" + "documentation":"Describe verification tokens.
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
" + }, + "DescribeIpamPolicies":{ + "name":"DescribeIpamPolicies", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeIpamPoliciesRequest"}, + "output":{"shape":"DescribeIpamPoliciesResult"}, + "documentation":"Describes one or more IPAM policies.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
" }, "DescribeIpamPools":{ "name":"DescribeIpamPools", @@ -3919,6 +4059,16 @@ "output":{"shape":"DescribeTransitGatewayConnectsResult"}, "documentation":"Describes one or more Connect attachments.
" }, + "DescribeTransitGatewayMeteringPolicies":{ + "name":"DescribeTransitGatewayMeteringPolicies", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeTransitGatewayMeteringPoliciesRequest"}, + "output":{"shape":"DescribeTransitGatewayMeteringPoliciesResult"}, + "documentation":"Describes one or more transit gateway metering policies.
" + }, "DescribeTransitGatewayMulticastDomains":{ "name":"DescribeTransitGatewayMulticastDomains", "http":{ @@ -4139,6 +4289,16 @@ "output":{"shape":"DescribeVpcClassicLinkDnsSupportResult"}, "documentation":"This action is deprecated.
Describes the ClassicLink DNS support status of one or more VPCs. If enabled, the DNS hostname of a linked EC2-Classic instance resolves to its private IP address when addressed from an instance in the VPC to which it's linked. Similarly, the DNS hostname of an instance in a VPC resolves to its private IP address when addressed from a linked EC2-Classic instance.
" }, + "DescribeVpcEncryptionControls":{ + "name":"DescribeVpcEncryptionControls", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeVpcEncryptionControlsRequest"}, + "output":{"shape":"DescribeVpcEncryptionControlsResult"}, + "documentation":"Describes one or more VPC Encryption Control configurations. VPC Encryption Control enables you to enforce encryption for all data in transit within and between VPCs to meet compliance requirements You can filter the results to return information about specific encryption controls or VPCs.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, "DescribeVpcEndpointAssociations":{ "name":"DescribeVpcEndpointAssociations", "http":{ @@ -4229,6 +4389,16 @@ "output":{"shape":"DescribeVpcsResult"}, "documentation":"Describes your VPCs. The default is to describe all your VPCs. Alternatively, you can specify specific VPC IDs or filter the results to include only the VPCs that match specific criteria.
" }, + "DescribeVpnConcentrators":{ + "name":"DescribeVpnConcentrators", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeVpnConcentratorsRequest"}, + "output":{"shape":"DescribeVpnConcentratorsResult"}, + "documentation":"Describes one or more of your VPN concentrators.
" + }, "DescribeVpnConnections":{ "name":"DescribeVpnConnections", "http":{ @@ -4416,6 +4586,16 @@ "output":{"shape":"DisableImageDeregistrationProtectionResult"}, "documentation":"Disables deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered.
If you chose to include a 24-hour cooldown period when you enabled deregistration protection for the AMI, then, when you disable deregistration protection, you won’t immediately be able to deregister the AMI.
For more information, see Protect an Amazon EC2 AMI from deregistration in the Amazon EC2 User Guide.
" }, + "DisableInstanceSqlHaStandbyDetections":{ + "name":"DisableInstanceSqlHaStandbyDetections", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableInstanceSqlHaStandbyDetectionsRequest"}, + "output":{"shape":"DisableInstanceSqlHaStandbyDetectionsResult"}, + "documentation":"Disable Amazon EC2 instances running in an SQL Server High Availability cluster from SQL Server High Availability instance standby detection monitoring. Once disabled, Amazon Web Services no longer monitors the metadata for the instances to determine whether they are active or standby nodes in the SQL Server High Availability cluster.
" + }, "DisableIpamOrganizationAdminAccount":{ "name":"DisableIpamOrganizationAdminAccount", "http":{ @@ -4426,6 +4606,16 @@ "output":{"shape":"DisableIpamOrganizationAdminAccountResult"}, "documentation":"Disable the IPAM account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
" }, + "DisableIpamPolicy":{ + "name":"DisableIpamPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisableIpamPolicyRequest"}, + "output":{"shape":"DisableIpamPolicyResult"}, + "documentation":"Disables an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
" + }, "DisableRouteServerPropagation":{ "name":"DisableRouteServerPropagation", "http":{ @@ -4783,6 +4973,16 @@ "output":{"shape":"EnableImageDeregistrationProtectionResult"}, "documentation":"Enables deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered.
To allow the AMI to be deregistered, you must first disable deregistration protection.
For more information, see Protect an Amazon EC2 AMI from deregistration in the Amazon EC2 User Guide.
" }, + "EnableInstanceSqlHaStandbyDetections":{ + "name":"EnableInstanceSqlHaStandbyDetections", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableInstanceSqlHaStandbyDetectionsRequest"}, + "output":{"shape":"EnableInstanceSqlHaStandbyDetectionsResult"}, + "documentation":"Enable Amazon EC2 instances running in an SQL Server High Availability cluster for SQL Server High Availability instance standby detection monitoring. Once enabled, Amazon Web Services monitors the metadata for the instances to determine whether they are active or standby nodes in the SQL Server High Availability cluster. If the instances are determined to be standby failover nodes, Amazon Web Services automatically applies SQL Server licensing fee waiver for those instances.
To register an instance, it must be running a Windows SQL Server license-included AMI and have the Amazon Web Services Systems Manager agent installed and running. Only Windows Server 2019 and later and SQL Server (Standard and Enterprise editions) 2017 and later are supported. For more information, see Prerequisites for using SQL Server High Availability instance standby detection.
" + }, "EnableIpamOrganizationAdminAccount":{ "name":"EnableIpamOrganizationAdminAccount", "http":{ @@ -4793,6 +4993,16 @@ "output":{"shape":"EnableIpamOrganizationAdminAccountResult"}, "documentation":"Enable an Organizations member account as the IPAM admin account. You cannot select the Organizations management account as the IPAM admin account. For more information, see Enable integration with Organizations in the Amazon VPC IPAM User Guide.
" }, + "EnableIpamPolicy":{ + "name":"EnableIpamPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"EnableIpamPolicyRequest"}, + "output":{"shape":"EnableIpamPolicyResult"}, + "documentation":"Enables an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
For more information, see Define public IPv4 allocation strategy with IPAM policies in the Amazon VPC IPAM User Guide.
" + }, "EnableReachabilityAnalyzerOrganizationSharing":{ "name":"EnableReachabilityAnalyzerOrganizationSharing", "http":{ @@ -5091,6 +5301,16 @@ "output":{"shape":"GetEbsEncryptionByDefaultResult"}, "documentation":"Describes whether EBS encryption by default is enabled for your account in the current Region.
For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
" }, + "GetEnabledIpamPolicy":{ + "name":"GetEnabledIpamPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetEnabledIpamPolicyRequest"}, + "output":{"shape":"GetEnabledIpamPolicyResult"}, + "documentation":"Gets the enabled IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
" + }, "GetFlowLogsIntegrationTemplate":{ "name":"GetFlowLogsIntegrationTemplate", "http":{ @@ -5121,6 +5341,16 @@ "output":{"shape":"GetHostReservationPurchasePreviewResult"}, "documentation":"Preview a reservation purchase with configurations that match those of your Dedicated Host. You must have active Dedicated Hosts in your account before you purchase a reservation.
This is a preview of the PurchaseHostReservation action and does not result in the offering being purchased.
" }, + "GetImageAncestry":{ + "name":"GetImageAncestry", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetImageAncestryRequest"}, + "output":{"shape":"GetImageAncestryResult"}, + "documentation":"Retrieves the ancestry chain of the specified AMI, tracing its lineage back to the root AMI. For more information, see AMI ancestry in Amazon EC2 User Guide.
" + }, "GetImageBlockPublicAccessState":{ "name":"GetImageBlockPublicAccessState", "http":{ @@ -5211,6 +5441,26 @@ "output":{"shape":"GetIpamDiscoveredResourceCidrsResult"}, "documentation":"Returns the resource CIDRs that are monitored as part of a resource discovery. A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses.
" }, + "GetIpamPolicyAllocationRules":{ + "name":"GetIpamPolicyAllocationRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIpamPolicyAllocationRulesRequest"}, + "output":{"shape":"GetIpamPolicyAllocationRulesResult"}, + "documentation":"Gets the allocation rules for an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
" + }, + "GetIpamPolicyOrganizationTargets":{ + "name":"GetIpamPolicyOrganizationTargets", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIpamPolicyOrganizationTargetsRequest"}, + "output":{"shape":"GetIpamPolicyOrganizationTargetsResult"}, + "documentation":"Gets the Amazon Web Services Organizations targets for an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
A target can be an individual Amazon Web Services account or an entity within an Amazon Web Services Organization to which an IPAM policy can be applied.
" + }, "GetIpamPoolAllocations":{ "name":"GetIpamPoolAllocations", "http":{ @@ -5431,6 +5681,16 @@ "output":{"shape":"GetTransitGatewayAttachmentPropagationsResult"}, "documentation":"Lists the route tables to which the specified resource attachment propagates routes.
" }, + "GetTransitGatewayMeteringPolicyEntries":{ + "name":"GetTransitGatewayMeteringPolicyEntries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetTransitGatewayMeteringPolicyEntriesRequest"}, + "output":{"shape":"GetTransitGatewayMeteringPolicyEntriesResult"}, + "documentation":"Retrieves the entries for a transit gateway metering policy.
" + }, "GetTransitGatewayMulticastDomainAssociations":{ "name":"GetTransitGatewayMulticastDomainAssociations", "http":{ @@ -5521,6 +5781,16 @@ "output":{"shape":"GetVerifiedAccessGroupPolicyResult"}, "documentation":"Shows the contents of the Verified Access policy associated with the group.
" }, + "GetVpcResourcesBlockingEncryptionEnforcement":{ + "name":"GetVpcResourcesBlockingEncryptionEnforcement", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetVpcResourcesBlockingEncryptionEnforcementRequest"}, + "output":{"shape":"GetVpcResourcesBlockingEncryptionEnforcementResult"}, + "documentation":"Gets information about resources in a VPC that are blocking encryption enforcement.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, "GetVpnConnectionDeviceSampleConfiguration":{ "name":"GetVpnConnectionDeviceSampleConfiguration", "http":{ @@ -5631,6 +5901,16 @@ "output":{"shape":"ListSnapshotsInRecycleBinResult"}, "documentation":"Lists one or more snapshots that are currently in the Recycle Bin.
" }, + "ListVolumesInRecycleBin":{ + "name":"ListVolumesInRecycleBin", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListVolumesInRecycleBinRequest"}, + "output":{"shape":"ListVolumesInRecycleBinResult"}, + "documentation":"Lists one or more volumes that are currently in the Recycle Bin.
" + }, "LockSnapshot":{ "name":"LockSnapshot", "http":{ @@ -5897,6 +6177,16 @@ "output":{"shape":"ModifyIpamResult"}, "documentation":"Modify the configurations of an IPAM.
" }, + "ModifyIpamPolicyAllocationRules":{ + "name":"ModifyIpamPolicyAllocationRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyIpamPolicyAllocationRulesRequest"}, + "output":{"shape":"ModifyIpamPolicyAllocationRulesResult"}, + "documentation":"Modifies the allocation rules in an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
" + }, "ModifyIpamPool":{ "name":"ModifyIpamPool", "http":{ @@ -6124,6 +6414,16 @@ "output":{"shape":"ModifyTransitGatewayResult"}, "documentation":"Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.
" }, + "ModifyTransitGatewayMeteringPolicy":{ + "name":"ModifyTransitGatewayMeteringPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyTransitGatewayMeteringPolicyRequest"}, + "output":{"shape":"ModifyTransitGatewayMeteringPolicyResult"}, + "documentation":"Modifies a transit gateway metering policy.
" + }, "ModifyTransitGatewayPrefixListReference":{ "name":"ModifyTransitGatewayPrefixListReference", "http":{ @@ -6262,6 +6562,16 @@ "output":{"shape":"ModifyVpcBlockPublicAccessOptionsResult"}, "documentation":"Modify VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" }, + "ModifyVpcEncryptionControl":{ + "name":"ModifyVpcEncryptionControl", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyVpcEncryptionControlRequest"}, + "output":{"shape":"ModifyVpcEncryptionControlResult"}, + "documentation":"Modifies the encryption control configuration for a VPC. You can update the encryption mode and exclusion settings for various gateway types and peering connections.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, "ModifyVpcEndpoint":{ "name":"ModifyVpcEndpoint", "http":{ @@ -6863,6 +7173,16 @@ "output":{"shape":"RestoreSnapshotTierResult"}, "documentation":"Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore period or restore type for a snapshot that was previously temporarily restored.
For more information see Restore an archived snapshot and modify the restore period or restore type for a temporarily restored snapshot in the Amazon EBS User Guide.
" }, + "RestoreVolumeFromRecycleBin":{ + "name":"RestoreVolumeFromRecycleBin", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RestoreVolumeFromRecycleBinRequest"}, + "output":{"shape":"RestoreVolumeFromRecycleBinResult"}, + "documentation":"Restores a volume from the Recycle Bin. For more information, see Restore volumes from the Recycle Bin in the Amazon EBS User Guide.
" + }, "RevokeClientVpnIngress":{ "name":"RevokeClientVpnIngress", "http":{ @@ -7091,6 +7411,16 @@ "output":{"shape":"UpdateCapacityManagerOrganizationsAccessResult"}, "documentation":"Updates the Organizations access setting for EC2 Capacity Manager. This controls whether Capacity Manager can aggregate data from all accounts in your Amazon Web Services Organization or only from the current account.
" }, + "UpdateInterruptibleCapacityReservationAllocation":{ + "name":"UpdateInterruptibleCapacityReservationAllocation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateInterruptibleCapacityReservationAllocationRequest"}, + "output":{"shape":"UpdateInterruptibleCapacityReservationAllocationResult"}, + "documentation":"Modifies the number of instances allocated to an interruptible reservation, allowing you to add more capacity or reclaim capacity to your source Capacity Reservation.
" + }, "UpdateSecurityGroupRuleDescriptionsEgress":{ "name":"UpdateSecurityGroupRuleDescriptionsEgress", "http":{ @@ -7184,7 +7514,14 @@ "v100", "a10g", "h100", - "t4g" + "t4g", + "l40s", + "l4", + "gaudi-hl-205", + "inferentia2", + "trainium", + "trainium2", + "u30" ] }, "AcceleratorNameSet":{ @@ -7229,7 +7566,8 @@ "enum":[ "gpu", "fpga", - "inference" + "inference", + "media" ] }, "AcceleratorTypeSet":{ @@ -9359,6 +9697,14 @@ "DryRun":{ "shape":"Boolean", "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
For regional NAT gateways only: The Availability Zone where you want to associate an Elastic IP address (EIP). The regional NAT gateway uses a separate EIP in each AZ to handle outbound NAT traffic from that AZ.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"For regional NAT gateways only: The ID of the Availability Zone where you want to associate an Elastic IP address (EIP). The regional NAT gateway uses a separate EIP in each AZ to handle outbound NAT traffic from that AZ. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
" } } }, @@ -10449,7 +10795,28 @@ "off" ] }, + "AutoProvisionZonesState":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, "AutoRecoveryFlag":{"type":"boolean"}, + "AutoScalingIpsState":{ + "type":"string", + "enum":[ + "enabled", + "disabled" + ] + }, + "AvailabilityMode":{ + "type":"string", + "enum":[ + "zonal", + "regional" + ] + }, "AvailabilityZone":{ "type":"structure", "members":{ @@ -10516,6 +10883,32 @@ }, "documentation":"Describes Availability Zones, Local Zones, and Wavelength Zones.
" }, + "AvailabilityZoneAddress":{ + "type":"structure", + "members":{ + "AvailabilityZone":{ + "shape":"AvailabilityZoneName", + "documentation":"For regional NAT gateways only: The Availability Zone where this specific NAT gateway configuration will be active. Each AZ in a regional NAT gateway has its own configuration to handle outbound NAT traffic from that AZ.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"For regional NAT gateways only: The ID of the Availability Zone where this specific NAT gateway configuration will be active. Each AZ in a regional NAT gateway has its own configuration to handle outbound NAT traffic from that AZ. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
" + }, + "AllocationIds":{ + "shape":"AllocationIdList", + "documentation":"The allocation IDs of the Elastic IP addresses (EIPs) to be used for handling outbound NAT traffic in this specific Availability Zone.
", + "locationName":"AllocationId" + } + }, + "documentation":"For regional NAT gateways only: The configuration specifying which Elastic IP address (EIP) to use for handling outbound NAT traffic from a specific Availability Zone.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.
" + }, + "AvailabilityZoneAddresses":{ + "type":"list", + "member":{ + "shape":"AvailabilityZoneAddress", + "locationName":"AvailabilityZoneAddress" + } + }, "AvailabilityZoneId":{"type":"string"}, "AvailabilityZoneIdStringList":{ "type":"list", @@ -11029,6 +11422,11 @@ "shape":"String", "documentation":"If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
us-east-1-dfw-2
us-west-2-lax-1
us-west-2-phx-2
You cannot provision or advertise BYOIPv6 address ranges in Local Zones at this time.
Specifies the advertisement method for the BYOIP CIDR. Valid values are:
unicast: IP is advertised from a single location (regional services like EC2)
anycast: IP is advertised from multiple global locations simultaneously (global services like CloudFront)
For more information, see Bring your own IP to CloudFront using IPAM in the Amazon VPC IPAM User Guide.
", + "locationName":"advertisementType" } }, "documentation":"Information about an address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
" @@ -11047,8 +11445,10 @@ "deprovisioned", "failed-deprovision", "failed-provision", + "pending-advertising", "pending-deprovision", "pending-provision", + "pending-withdrawal", "provisioned", "provisioned-not-publicly-advertisable" ] @@ -12216,6 +12616,21 @@ "shape":"CapacityBlockId", "documentation":"The ID of the Capacity Block.
", "locationName":"capacityBlockId" + }, + "Interruptible":{ + "shape":"BoxedBoolean", + "documentation":"Indicates whether this Capacity Reservation is interruptible, meaning instances may be terminated when the owner reclaims capacity.
", + "locationName":"interruptible" + }, + "InterruptibleCapacityAllocation":{ + "shape":"InterruptibleCapacityAllocation", + "documentation":"Contains allocation details for interruptible reservations, including current allocated instances and target instance counts within the interruptibleCapacityAllocation object.
", + "locationName":"interruptibleCapacityAllocation" + }, + "InterruptionInfo":{ + "shape":"InterruptionInfo", + "documentation":"Information about the interruption configuration and association with the source reservation for interruptible Capacity Reservations.
", + "locationName":"interruptionInfo" } }, "documentation":"Describes a Capacity Reservation.
" @@ -13570,6 +13985,21 @@ "shape":"String", "documentation":"Configured log format. Default format is json.
Valid values: json | text
Indicates whether Border Gateway Protocol (BGP) logging is enabled for the VPN connection. Default value is False.
Valid values: True | False
The Amazon Resource Name (ARN) of the CloudWatch log group for BGP logs.
", + "locationName":"bgpLogGroupArn" + }, + "BgpLogOutputFormat":{ + "shape":"String", + "documentation":"The output format for BGP logs sent to CloudWatch. Default format is json.
Valid values: json | text
Options for sending VPN tunnel logs to CloudWatch.
" @@ -13588,6 +14018,18 @@ "LogOutputFormat":{ "shape":"String", "documentation":"Set log format. Default format is json.
Valid values: json | text
Specifies whether to enable BGP logging for the VPN connection. Default value is False.
Valid values: True | False
The Amazon Resource Name (ARN) of the CloudWatch log group where BGP logs will be sent.
" + }, + "BgpLogOutputFormat":{ + "shape":"String", + "documentation":"The desired output format for BGP logs to be sent to CloudWatch. Default format is json.
Valid values: json | text
Options for sending VPN tunnel logs to CloudWatch.
" @@ -14618,7 +15060,7 @@ }, "InstanceCount":{ "shape":"Integer", - "documentation":"The number of instances for which to reserve capacity.
You can request future-dated Capacity Reservations for an instance count with a minimum of 64 vCPUs. For example, if you request a future-dated Capacity Reservation for m5.xlarge instances, you must request at least 25 instances (16 * m5.xlarge = 64 vCPUs).
Valid range: 1 - 1000
" + "documentation":"The number of instances for which to reserve capacity.
You can request future-dated Capacity Reservations for an instance count with a minimum of 32 vCPUs. For example, if you request a future-dated Capacity Reservation for m5.xlarge instances, you must request at least 8 instances (8 * m5.xlarge = 32 vCPUs).
Valid range: 1 - 1000
" }, "EbsOptimized":{ "shape":"Boolean", @@ -15716,6 +16158,62 @@ } } }, + "CreateInterruptibleCapacityReservationAllocationRequest":{ + "type":"structure", + "required":[ + "CapacityReservationId", + "InstanceCount" + ], + "members":{ + "CapacityReservationId":{ + "shape":"CapacityReservationId", + "documentation":"The ID of the source Capacity Reservation from which to create the interruptible Capacity Reservation. Your Capacity Reservation must be in active state with no end date set and have available capacity for allocation.
" + }, + "InstanceCount":{ + "shape":"Integer", + "documentation":"The number of instances to allocate from your source reservation. You can only allocate available instances (also called unused capacity).
" + }, + "ClientToken":{ + "shape":"String", + "documentation":"Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", + "idempotencyToken":true + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response.
" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"The tags to apply to the interruptible Capacity Reservation during creation.
", + "locationName":"TagSpecification" + } + } + }, + "CreateInterruptibleCapacityReservationAllocationResult":{ + "type":"structure", + "members":{ + "SourceCapacityReservationId":{ + "shape":"CapacityReservationId", + "documentation":"The ID of the source Capacity Reservation from which the interruptible Capacity Reservation was created.
", + "locationName":"sourceCapacityReservationId" + }, + "TargetInstanceCount":{ + "shape":"Integer", + "documentation":"The number of instances allocated to the interruptible reservation.
", + "locationName":"targetInstanceCount" + }, + "Status":{ + "shape":"InterruptibleCapacityReservationAllocationStatus", + "documentation":"The current status of the allocation request (creating, active, updating).
", + "locationName":"status" + }, + "InterruptionType":{ + "shape":"InterruptionType", + "documentation":"The type of interruption applied to the interruptible reservation.
", + "locationName":"interruptionType" + } + } + }, "CreateIpamExternalResourceVerificationTokenRequest":{ "type":"structure", "required":["IpamId"], @@ -15750,6 +16248,40 @@ } } }, + "CreateIpamPolicyRequest":{ + "type":"structure", + "required":["IpamId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The tags to assign to the IPAM policy.
", + "locationName":"TagSpecification" + }, + "ClientToken":{ + "shape":"String", + "documentation":"A unique, case-sensitive identifier to ensure the idempotency of the request.
", + "idempotencyToken":true + }, + "IpamId":{ + "shape":"IpamId", + "documentation":"The ID of the IPAM for which you're creating the policy.
" + } + } + }, + "CreateIpamPolicyResult":{ + "type":"structure", + "members":{ + "IpamPolicy":{ + "shape":"IpamPolicy", + "documentation":"Information about the created IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
", + "locationName":"ipamPolicy" + } + } + }, "CreateIpamPoolRequest":{ "type":"structure", "required":[ @@ -16554,8 +17086,11 @@ }, "CreateNatGatewayRequest":{ "type":"structure", - "required":["SubnetId"], "members":{ + "AvailabilityMode":{ + "shape":"AvailabilityMode", + "documentation":"Specifies whether to create a zonal (single-AZ) or regional (multi-AZ) NAT gateway. Defaults to zonal.
A zonal NAT gateway is a NAT Gateway that provides redundancy and scalability within a single availability zone. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.
" + }, "AllocationId":{ "shape":"AllocationId", "documentation":"[Public NAT gateways only] The allocation ID of an Elastic IP address to associate with the NAT gateway. You cannot specify an Elastic IP address with a private NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.
" @@ -16573,6 +17108,15 @@ "shape":"SubnetId", "documentation":"The ID of the subnet in which to create the NAT gateway.
" }, + "VpcId":{ + "shape":"VpcId", + "documentation":"The ID of the VPC where you want to create a regional NAT gateway.
" + }, + "AvailabilityZoneAddresses":{ + "shape":"AvailabilityZoneAddresses", + "documentation":"For regional NAT gateways only: Specifies which Availability Zones you want the NAT gateway to support and the Elastic IP addresses (EIPs) to use in each AZ. The regional NAT gateway uses these EIPs to handle outbound NAT traffic from their respective AZs. If not specified, the NAT gateway will automatically expand to new AZs and associate EIPs upon detection of an elastic network interface. If you specify this parameter, auto-expansion is disabled and you must manually manage AZ coverage.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.
", + "locationName":"AvailabilityZoneAddress" + }, "TagSpecifications":{ "shape":"TagSpecificationList", "documentation":"The tags to assign to the NAT gateway.
", @@ -18120,6 +18664,111 @@ } } }, + "CreateTransitGatewayMeteringPolicyEntryRequest":{ + "type":"structure", + "required":[ + "TransitGatewayMeteringPolicyId", + "PolicyRuleNumber", + "MeteredAccount" + ], + "members":{ + "TransitGatewayMeteringPolicyId":{ + "shape":"TransitGatewayMeteringPolicyId", + "documentation":"The ID of the transit gateway metering policy to add the entry to.
" + }, + "PolicyRuleNumber":{ + "shape":"Integer", + "documentation":"The rule number for the metering policy entry. Rules are processed in order from lowest to highest number.
" + }, + "SourceTransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"The ID of the source transit gateway attachment for traffic matching.
" + }, + "SourceTransitGatewayAttachmentType":{ + "shape":"TransitGatewayAttachmentResourceType", + "documentation":"The type of the source transit gateway attachment for traffic matching. Note that the tgw-peering resource type has been deprecated. To configure metering policies for Connect, use the transport attachment type.
The source CIDR block for traffic matching.
" + }, + "SourcePortRange":{ + "shape":"String", + "documentation":"The source port range for traffic matching.
" + }, + "DestinationTransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"The ID of the destination transit gateway attachment for traffic matching.
" + }, + "DestinationTransitGatewayAttachmentType":{ + "shape":"TransitGatewayAttachmentResourceType", + "documentation":"The type of the destination transit gateway attachment for traffic matching. Note that the tgw-peering resource type has been deprecated. To configure metering policies for Connect, use the transport attachment type.
The destination CIDR block for traffic matching.
" + }, + "DestinationPortRange":{ + "shape":"String", + "documentation":"The destination port range for traffic matching.
" + }, + "Protocol":{ + "shape":"String", + "documentation":"The protocol for traffic matching (1, 6, 17, etc.).
" + }, + "MeteredAccount":{ + "shape":"TransitGatewayMeteringPayerType", + "documentation":"The Amazon Web Services account ID to which the metered traffic should be attributed.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the created transit gateway metering policy entry.
", + "locationName":"transitGatewayMeteringPolicyEntry" + } + } + }, + "CreateTransitGatewayMeteringPolicyRequest":{ + "type":"structure", + "required":["TransitGatewayId"], + "members":{ + "TransitGatewayId":{ + "shape":"TransitGatewayId", + "documentation":"The ID of the transit gateway for which to create the metering policy.
" + }, + "MiddleboxAttachmentIds":{ + "shape":"TransitGatewayAttachmentIdStringList", + "documentation":"The IDs of the middlebox attachments to include in the metering policy.
", + "locationName":"MiddleboxAttachmentId" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"The tags to assign to the metering policy.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the created transit gateway metering policy.
", + "locationName":"transitGatewayMeteringPolicy" + } + } + }, "CreateTransitGatewayMulticastDomainRequest":{ "type":"structure", "required":["TransitGatewayId"], @@ -19117,6 +19766,35 @@ } } }, + "CreateVpcEncryptionControlRequest":{ + "type":"structure", + "required":["VpcId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the VPC for which to create the encryption control configuration.
" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"The tags to apply to the VPC Encryption Control resource.
", + "locationName":"TagSpecification" + } + } + }, + "CreateVpcEncryptionControlResult":{ + "type":"structure", + "members":{ + "VpcEncryptionControl":{ + "shape":"VpcEncryptionControl", + "documentation":"Information about the VPC Encryption Control configuration.
", + "locationName":"vpcEncryptionControl" + } + } + }, "CreateVpcEndpointConnectionNotificationRequest":{ "type":"structure", "required":[ @@ -19400,6 +20078,10 @@ "shape":"String", "documentation":"The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the address to this location.
You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.
Specifies the encryption control configuration to apply to the VPC during creation. VPC Encryption Control enables you to enforce encryption for all data in transit within and between VPCs to meet compliance requirements.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, "TagSpecifications":{ "shape":"TagSpecificationList", "documentation":"The tags to assign to the VPC.
", @@ -19432,6 +20114,39 @@ } } }, + "CreateVpnConcentratorRequest":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"VpnConcentratorType", + "documentation":"The type of VPN concentrator to create.
" + }, + "TransitGatewayId":{ + "shape":"TransitGatewayId", + "documentation":"The ID of the transit gateway to attach the VPN concentrator to.
" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "documentation":"The tags to apply to the VPN concentrator during creation.
", + "locationName":"TagSpecification" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the VPN concentrator.
", + "locationName":"vpnConcentrator" + } + } + }, "CreateVpnConnectionRequest":{ "type":"structure", "required":[ @@ -19455,6 +20170,10 @@ "shape":"TransitGatewayId", "documentation":"The ID of the transit gateway. If you specify a transit gateway, you cannot specify a virtual private gateway.
" }, + "VpnConcentratorId":{ + "shape":"VpnConcentratorId", + "documentation":"The ID of the VPN concentrator to associate with the VPN connection.
" + }, "TagSpecifications":{ "shape":"TagSpecificationList", "documentation":"The tags to apply to the VPN connection.
", @@ -20364,6 +21083,30 @@ } } }, + "DeleteIpamPolicyRequest":{ + "type":"structure", + "required":["IpamPolicyId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the IPAM policy to delete.
" + } + } + }, + "DeleteIpamPolicyResult":{ + "type":"structure", + "members":{ + "IpamPolicy":{ + "shape":"IpamPolicy", + "documentation":"Information about the deleted IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
", + "locationName":"ipamPolicy" + } + } + }, "DeleteIpamPoolRequest":{ "type":"structure", "required":["IpamPoolId"], @@ -21575,6 +22318,61 @@ } } }, + "DeleteTransitGatewayMeteringPolicyEntryRequest":{ + "type":"structure", + "required":[ + "TransitGatewayMeteringPolicyId", + "PolicyRuleNumber" + ], + "members":{ + "TransitGatewayMeteringPolicyId":{ + "shape":"TransitGatewayMeteringPolicyId", + "documentation":"The ID of the transit gateway metering policy containing the entry to delete.
" + }, + "PolicyRuleNumber":{ + "shape":"Integer", + "documentation":"The rule number of the metering policy entry to delete.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the deleted transit gateway metering policy entry.
", + "locationName":"transitGatewayMeteringPolicyEntry" + } + } + }, + "DeleteTransitGatewayMeteringPolicyRequest":{ + "type":"structure", + "required":["TransitGatewayMeteringPolicyId"], + "members":{ + "TransitGatewayMeteringPolicyId":{ + "shape":"TransitGatewayMeteringPolicyId", + "documentation":"The ID of the transit gateway metering policy to delete.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the deleted transit gateway metering policy.
", + "locationName":"transitGatewayMeteringPolicy" + } + } + }, "DeleteTransitGatewayMulticastDomainRequest":{ "type":"structure", "required":["TransitGatewayMulticastDomainId"], @@ -21960,6 +22758,30 @@ } } }, + "DeleteVpcEncryptionControlRequest":{ + "type":"structure", + "required":["VpcEncryptionControlId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the VPC Encryption Control resource to delete.
" + } + } + }, + "DeleteVpcEncryptionControlResult":{ + "type":"structure", + "members":{ + "VpcEncryptionControl":{ + "shape":"VpcEncryptionControl", + "documentation":"Information about the deleted VPC Encryption Control configuration.
", + "locationName":"vpcEncryptionControl" + } + } + }, "DeleteVpcEndpointConnectionNotificationsRequest":{ "type":"structure", "required":["ConnectionNotificationIds"], @@ -22076,6 +22898,30 @@ } } }, + "DeleteVpnConcentratorRequest":{ + "type":"structure", + "required":["VpnConcentratorId"], + "members":{ + "VpnConcentratorId":{ + "shape":"VpnConcentratorId", + "documentation":"The ID of the VPN concentrator to delete.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
The IDs of the SQL Server High Availability instances to describe. If omitted, the API returns historical states for all SQL Server High Availability instances.
", + "locationName":"InstanceId" + }, + "StartTime":{ + "shape":"MillisecondDateTime", + "documentation":"The start data and time of the period for which to get the historical SQL Server High Availability states. If omitted, the API returns all available historical states.
Timezone: UTC
Format: YYYY-MM-DDThh:mm:ss.sssZ
The end data and time of the period for which to get historical SQL Server High Availability states. If omitted, the API returns historical states up to the current date and time.
Timezone: UTC
Format: YYYY-MM-DDThh:mm:ss.sssZ
The token to use to retrieve the next page of results.
" + }, + "MaxResults":{ + "shape":"DescribeInstanceSqlHaStatesRequestMaxResultsInteger", + "documentation":"The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value.
One or more filters to apply to the results. Supported filters include:
tag:<key> - The tag key and value pair assigned to the instance. For example, to find all instances tagged with Owner:TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The tag key assigned to the instance.
haStatus - The SQL Server High Availability status of the SQL Server High Availability instance (processing | active | standby | invalid).
sqlServerLicenseUsage - The license type for the SQL Server license (full | waived).
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the historical SQL Server High Availability states of the SQL Server High Availability instances.
", + "locationName":"instanceSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The IDs of the SQL Server High Availability instances to describe. If omitted, the API returns SQL Server High Availability states for all SQL Server High Availability instances.
", + "locationName":"InstanceId" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results.
" + }, + "MaxResults":{ + "shape":"DescribeInstanceSqlHaStatesRequestMaxResultsInteger", + "documentation":"The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value.
One or more filters to apply to the results. Supported filters include:
tag:<key> - The tag key and value pair assigned to the instance. For example, to find all instances tagged with Owner:TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The tag key assigned to the instance.
haStatus - The SQL Server High Availability status of the SQL Server High Availability instance (processing | active | standby | invalid).
sqlServerLicenseUsage - The license type for the SQL Server license (full | waived).
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the SQL Server High Availability instances.
", + "locationName":"instanceSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The filters.
affinity - The affinity setting for an instance running on a Dedicated Host (default | host).
architecture - The instance architecture (i386 | x86_64 | arm64).
availability-zone - The Availability Zone of the instance.
availability-zone-id - The ID of the Availability Zone of the instance.
block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2022-09-15T17:15:20.000Z.
block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).
block-device-mapping.volume-id - The volume ID of the EBS volume.
boot-mode - The boot mode that was specified by the AMI (legacy-bios | uefi | uefi-preferred).
capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.
capacity-reservation-specification.capacity-reservation-preference - The instance's Capacity Reservation preference (open | none).
capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id - The ID of the targeted Capacity Reservation.
capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn - The ARN of the targeted Capacity Reservation group.
client-token - The idempotency token you provided when you launched the instance.
current-instance-boot-mode - The boot mode that is used to launch the instance at launch or start (legacy-bios | uefi).
dns-name - The public DNS name of the instance.
ebs-optimized - A Boolean that indicates whether the instance is optimized for Amazon EBS I/O.
ena-support - A Boolean that indicates whether the instance is enabled for enhanced networking with ENA.
enclave-options.enabled - A Boolean that indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.
hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.
host-id - The ID of the Dedicated Host on which the instance is running, if applicable.
hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.
iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.
iam-instance-profile.id - The instance profile associated with the instance. Specified as an ID.
image-id - The ID of the image used to launch the instance.
instance-id - The ID of the instance.
instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or a Capacity Block (spot | scheduled | capacity-block).
instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-type - The type of instance (for example, t2.micro).
instance.group-id - The ID of the security group for the instance.
instance.group-name - The name of the security group for the instance.
ip-address - The public IPv4 address of the instance.
ipv6-address - The IPv6 address of the instance.
kernel-id - The kernel ID.
key-name - The name of the key pair used when the instance was launched.
launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).
launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.
maintenance-options.auto-recovery - The current automatic recovery behavior of the instance (disabled | default).
metadata-options.http-endpoint - The status of access to the HTTP metadata endpoint on your instance (enabled | disabled)
metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint is enabled (disabled | enabled).
metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint is enabled (disabled | enabled).
metadata-options.http-put-response-hop-limit - The HTTP metadata request put response hop limit (integer, possible values 1 to 64)
metadata-options.http-tokens - The metadata request authorization state (optional | required)
metadata-options.instance-metadata-tags - The status of access to instance tags from the instance metadata (enabled | disabled)
metadata-options.state - The state of the metadata option changes (pending | applied).
monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).
network-interface.addresses.association.allocation-id - The allocation ID.
network-interface.addresses.association.association-id - The association ID.
network-interface.addresses.association.carrier-ip - The carrier IP address.
network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.
network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.
network-interface.addresses.association.public-dns-name - The public DNS name.
network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.
network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.
network-interface.addresses.private-dns-name - The private DNS name.
network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.
network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.
network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.
network-interface.association.carrier-ip - The customer-owned IP address.
network-interface.association.customer-owned-ip - The customer-owned IP address.
network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.
network-interface.association.public-dns-name - The public DNS name.
network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.
network-interface.attachment.attach-time - The time that the network interface was attached to an instance.
network-interface.attachment.attachment-id - The ID of the interface attachment.
network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.
network-interface.attachment.device-index - The device index to which the network interface is attached.
network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.
network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
network-interface.attachment.network-card-index - The index of the network card.
network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).
network-interface.availability-zone - The Availability Zone for the network interface.
network-interface.deny-all-igw-traffic - A Boolean that indicates whether a network interface with an IPv6 address is unreachable from the public internet.
network-interface.description - The description of the network interface.
network-interface.group-id - The ID of a security group associated with the network interface.
network-interface.group-name - The name of a security group associated with the network interface.
network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.
network-interface.ipv6-address - The IPv6 address associated with the network interface.
network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.
network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this is the primary IPv6 address.
network-interface.ipv6-native - A Boolean that indicates whether this is an IPv6 only network interface.
network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.
network-interface.mac-address - The MAC address of the network interface.
network-interface.network-interface-id - The ID of the network interface.
network-interface.operator.managed - A Boolean that indicates whether the instance has a managed network interface.
network-interface.operator.principal - The principal that manages the network interface. Only valid for instances with managed network interfaces, where managed is true.
network-interface.outpost-arn - The ARN of the Outpost.
network-interface.owner-id - The ID of the owner of the network interface.
network-interface.private-dns-name - The private DNS name of the network interface.
network-interface.private-ip-address - The private IPv4 address.
network-interface.public-dns-name - The public DNS name.
network-interface.requester-id - The requester ID for the network interface.
network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.
network-interface.status - The status of the network interface (available) | in-use).
network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.
network-interface.subnet-id - The ID of the subnet for the network interface.
network-interface.tag-key - The key of a tag assigned to the network interface.
network-interface.tag-value - The value of a tag assigned to the network interface.
network-interface.vpc-id - The ID of the VPC for the network interface.
network-performance-options.bandwidth-weighting - Where the performance boost is applied, if applicable. Valid values: default, vpc-1, ebs-1.
operator.managed - A Boolean that indicates whether this is a managed instance.
operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.
outpost-arn - The Amazon Resource Name (ARN) of the Outpost.
owner-id - The Amazon Web Services account ID of the instance owner.
placement-group-name - The name of the placement group for the instance.
placement-partition-number - The partition in which the instance is located.
platform - The platform. To list only Windows instances, use windows.
platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise Linux with High Availability | Red Hat Enterprise Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard | Windows with SQL Server Web).
private-dns-name - The private IPv4 DNS name of the instance.
private-dns-name-options.enable-resource-name-dns-a-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS A records.
private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.
private-dns-name-options.hostname-type - The type of hostname (ip-name | resource-name).
private-ip-address - The private IPv4 address of the instance. This can only be used to filter by the primary IP address of the network interface attached to the instance. To filter by additional IP addresses assigned to the network interface, use the filter network-interface.addresses.private-ip-address.
product-code - The product code associated with the AMI used to launch the instance.
product-code.type - The type of product code (devpay | marketplace).
ramdisk-id - The RAM disk ID.
reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.
requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Auto Scaling, and so on).
reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.
spot-instance-request-id - The ID of the Spot Instance request.
state-reason-code - The reason code for the state change.
state-reason-message - A message that describes the state change.
subnet-id - The ID of the subnet for the instance.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
tenancy - The tenancy of an instance (dedicated | default | host).
tpm-support - Indicates if the instance is configured for NitroTPM support (v2.0).
usage-operation - The usage operation value for the instance (RunInstances | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 | RunInstances:0006 | RunInstances:0202).
usage-operation-update-time - The time that the usage operation was last updated, for example, 2022-09-15T17:15:20.000Z.
virtualization-type - The virtualization type of the instance (paravirtual | hvm).
vpc-id - The ID of the VPC that the instance is running in.
The filters.
affinity - The affinity setting for an instance running on a Dedicated Host (default | host).
architecture - The instance architecture (i386 | x86_64 | arm64).
availability-zone - The Availability Zone of the instance.
availability-zone-id - The ID of the Availability Zone of the instance.
block-device-mapping.attach-time - The attach time for an EBS volume mapped to the instance, for example, 2022-09-15T17:15:20.000Z.
block-device-mapping.delete-on-termination - A Boolean that indicates whether the EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name specified in the block device mapping (for example, /dev/sdh or xvdh).
block-device-mapping.status - The status for the EBS volume (attaching | attached | detaching | detached).
block-device-mapping.volume-id - The volume ID of the EBS volume.
boot-mode - The boot mode that was specified by the AMI (legacy-bios | uefi | uefi-preferred).
capacity-reservation-id - The ID of the Capacity Reservation into which the instance was launched.
capacity-reservation-specification.capacity-reservation-preference - The instance's Capacity Reservation preference (open | none).
capacity-reservation-specification.capacity-reservation-target.capacity-reservation-id - The ID of the targeted Capacity Reservation.
capacity-reservation-specification.capacity-reservation-target.capacity-reservation-resource-group-arn - The ARN of the targeted Capacity Reservation group.
client-token - The idempotency token you provided when you launched the instance.
current-instance-boot-mode - The boot mode that is used to launch the instance at launch or start (legacy-bios | uefi).
dns-name - The public DNS name of the instance.
ebs-optimized - A Boolean that indicates whether the instance is optimized for Amazon EBS I/O.
ena-support - A Boolean that indicates whether the instance is enabled for enhanced networking with ENA.
enclave-options.enabled - A Boolean that indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves.
hibernation-options.configured - A Boolean that indicates whether the instance is enabled for hibernation. A value of true means that the instance is enabled for hibernation.
host-id - The ID of the Dedicated Host on which the instance is running, if applicable.
hypervisor - The hypervisor type of the instance (ovm | xen). The value xen is used for both Xen and Nitro hypervisors.
iam-instance-profile.arn - The instance profile associated with the instance. Specified as an ARN.
iam-instance-profile.id - The instance profile associated with the instance. Specified as an ID.
image-id - The ID of the image used to launch the instance.
instance-id - The ID of the instance.
instance-lifecycle - Indicates whether this is a Spot Instance, a Scheduled Instance, or a Capacity Block (spot | scheduled | capacity-block).
instance-state-code - The state of the instance, as a 16-bit unsigned integer. The high byte is used for internal purposes and should be ignored. The low byte is set based on the state represented. The valid values are: 0 (pending), 16 (running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running | shutting-down | terminated | stopping | stopped).
instance-type - The type of instance (for example, t2.micro).
instance.group-id - The ID of the security group for the instance.
instance.group-name - The name of the security group for the instance.
ip-address - The public IPv4 address of the instance.
ipv6-address - The IPv6 address of the instance.
kernel-id - The kernel ID.
key-name - The name of the key pair used when the instance was launched.
launch-index - When launching multiple instances, this is the index for the instance in the launch group (for example, 0, 1, 2, and so on).
launch-time - The time when the instance was launched, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ), for example, 2021-09-29T11:04:43.305Z. You can use a wildcard (*), for example, 2021-09-29T*, which matches an entire day.
maintenance-options.auto-recovery - The current automatic recovery behavior of the instance (disabled | default).
metadata-options.http-endpoint - The status of access to the HTTP metadata endpoint on your instance (enabled | disabled)
metadata-options.http-protocol-ipv4 - Indicates whether the IPv4 endpoint is enabled (disabled | enabled).
metadata-options.http-protocol-ipv6 - Indicates whether the IPv6 endpoint is enabled (disabled | enabled).
metadata-options.http-put-response-hop-limit - The HTTP metadata request put response hop limit (integer, possible values 1 to 64)
metadata-options.http-tokens - The metadata request authorization state (optional | required)
metadata-options.instance-metadata-tags - The status of access to instance tags from the instance metadata (enabled | disabled)
metadata-options.state - The state of the metadata option changes (pending | applied).
monitoring-state - Indicates whether detailed monitoring is enabled (disabled | enabled).
network-interface.addresses.association.allocation-id - The allocation ID.
network-interface.addresses.association.association-id - The association ID.
network-interface.addresses.association.carrier-ip - The carrier IP address.
network-interface.addresses.association.customer-owned-ip - The customer-owned IP address.
network-interface.addresses.association.ip-owner-id - The owner ID of the private IPv4 address associated with the network interface.
network-interface.addresses.association.public-dns-name - The public DNS name.
network-interface.addresses.association.public-ip - The ID of the association of an Elastic IP address (IPv4) with a network interface.
network-interface.addresses.primary - Specifies whether the IPv4 address of the network interface is the primary private IPv4 address.
network-interface.addresses.private-dns-name - The private DNS name.
network-interface.addresses.private-ip-address - The private IPv4 address associated with the network interface.
network-interface.association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.
network-interface.association.association-id - The association ID returned when the network interface was associated with an IPv4 address.
network-interface.association.carrier-ip - The customer-owned IP address.
network-interface.association.customer-owned-ip - The customer-owned IP address.
network-interface.association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.
network-interface.association.public-dns-name - The public DNS name.
network-interface.association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.
network-interface.attachment.attach-time - The time that the network interface was attached to an instance.
network-interface.attachment.attachment-id - The ID of the interface attachment.
network-interface.attachment.delete-on-termination - Specifies whether the attachment is deleted when an instance is terminated.
network-interface.attachment.device-index - The device index to which the network interface is attached.
network-interface.attachment.instance-id - The ID of the instance to which the network interface is attached.
network-interface.attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
network-interface.attachment.network-card-index - The index of the network card.
network-interface.attachment.status - The status of the attachment (attaching | attached | detaching | detached).
network-interface.availability-zone - The Availability Zone for the network interface.
network-interface.deny-all-igw-traffic - A Boolean that indicates whether a network interface with an IPv6 address is unreachable from the public internet.
network-interface.description - The description of the network interface.
network-interface.group-id - The ID of a security group associated with the network interface.
network-interface.group-name - The name of a security group associated with the network interface.
network-interface.ipv4-prefixes.ipv4-prefix - The IPv4 prefixes that are assigned to the network interface.
network-interface.ipv6-address - The IPv6 address associated with the network interface.
network-interface.ipv6-addresses.ipv6-address - The IPv6 address associated with the network interface.
network-interface.ipv6-addresses.is-primary-ipv6 - A Boolean that indicates whether this is the primary IPv6 address.
network-interface.ipv6-native - A Boolean that indicates whether this is an IPv6 only network interface.
network-interface.ipv6-prefixes.ipv6-prefix - The IPv6 prefix assigned to the network interface.
network-interface.mac-address - The MAC address of the network interface.
network-interface.network-interface-id - The ID of the network interface.
network-interface.operator.managed - A Boolean that indicates whether the instance has a managed network interface.
network-interface.operator.principal - The principal that manages the network interface. Only valid for instances with managed network interfaces, where managed is true.
network-interface.outpost-arn - The ARN of the Outpost.
network-interface.owner-id - The ID of the owner of the network interface.
network-interface.private-dns-name - The private DNS name of the network interface.
network-interface.private-ip-address - The private IPv4 address.
network-interface.public-dns-name - The public DNS name.
network-interface.requester-id - The requester ID for the network interface.
network-interface.requester-managed - Indicates whether the network interface is being managed by Amazon Web Services.
network-interface.status - The status of the network interface (available) | in-use).
network-interface.source-dest-check - Whether the network interface performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.
network-interface.subnet-id - The ID of the subnet for the network interface.
network-interface.tag-key - The key of a tag assigned to the network interface.
network-interface.tag-value - The value of a tag assigned to the network interface.
network-interface.vpc-id - The ID of the VPC for the network interface.
network-performance-options.bandwidth-weighting - Where the performance boost is applied, if applicable. Valid values: default, vpc-1, ebs-1.
operator.managed - A Boolean that indicates whether this is a managed instance.
operator.principal - The principal that manages the instance. Only valid for managed instances, where managed is true.
outpost-arn - The Amazon Resource Name (ARN) of the Outpost.
owner-id - The Amazon Web Services account ID of the instance owner.
placement-group-name - The name of the placement group for the instance.
placement-partition-number - The partition in which the instance is located.
platform - The platform. To list only Windows instances, use windows.
platform-details - The platform (Linux/UNIX | Red Hat BYOL Linux | Red Hat Enterprise Linux | Red Hat Enterprise Linux with HA | Red Hat Enterprise Linux with High Availability | Red Hat Enterprise Linux with SQL Server Standard and HA | Red Hat Enterprise Linux with SQL Server Enterprise and HA | Red Hat Enterprise Linux with SQL Server Standard | Red Hat Enterprise Linux with SQL Server Web | Red Hat Enterprise Linux with SQL Server Enterprise | SQL Server Enterprise | SQL Server Standard | SQL Server Web | SUSE Linux | Ubuntu Pro | Windows | Windows BYOL | Windows with SQL Server Enterprise | Windows with SQL Server Standard | Windows with SQL Server Web).
private-dns-name - The private IPv4 DNS name of the instance.
private-dns-name-options.enable-resource-name-dns-a-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS A records.
private-dns-name-options.enable-resource-name-dns-aaaa-record - A Boolean that indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.
private-dns-name-options.hostname-type - The type of hostname (ip-name | resource-name).
private-ip-address - The private IPv4 address of the instance. This can only be used to filter by the primary IP address of the network interface attached to the instance. To filter by additional IP addresses assigned to the network interface, use the filter network-interface.addresses.private-ip-address.
product-code - The product code associated with the AMI used to launch the instance.
product-code.type - The type of product code (devpay | marketplace).
ramdisk-id - The RAM disk ID.
reason - The reason for the current state of the instance (for example, shows \"User Initiated [date]\" when you stop or terminate the instance). Similar to the state-reason-code filter.
requester-id - The ID of the entity that launched the instance on your behalf (for example, Amazon Web Services Management Console, Amazon EC2 Auto Scaling, and so on).
reservation-id - The ID of the instance's reservation. A reservation ID is created any time you launch an instance. A reservation ID has a one-to-one relationship with an instance launch request, but can be associated with more than one instance if you launch multiple instances using the same launch request. For example, if you launch one instance, you get one reservation ID. If you launch ten instances using the same launch request, you also get one reservation ID.
root-device-name - The device name of the root device volume (for example, /dev/sda1).
root-device-type - The type of the root device volume (ebs | instance-store).
source-dest-check - Indicates whether the instance performs source/destination checking. A value of true means that checking is enabled, and false means that checking is disabled. The value must be false for the instance to perform network address translation (NAT) in your VPC.
spot-instance-request-id - The ID of the Spot Instance request.
state-reason-code - The reason code for the state change.
state-reason-message - A message that describes the state change.
subnet-id - The ID of the subnet for the instance.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources that have a tag with a specific key, regardless of the tag value.
tenancy - The tenancy of an instance (dedicated | default | host).
tpm-support - Indicates if the instance is configured for NitroTPM support (v2.0).
usage-operation - The usage operation value for the instance (RunInstances | RunInstances:00g0 | RunInstances:0010 | RunInstances:1010 | RunInstances:1014 | RunInstances:1110 | RunInstances:0014 | RunInstances:0210 | RunInstances:0110 | RunInstances:0100 | RunInstances:0004 | RunInstances:0200 | RunInstances:000g | RunInstances:0g00 | RunInstances:0002 | RunInstances:0800 | RunInstances:0102 | RunInstances:0006 | RunInstances:0202).
usage-operation-update-time - The time that the usage operation was last updated, for example, 2022-09-15T17:15:20.000Z.
virtualization-type - The virtualization type of the instance (paravirtual | hvm).
vpc-id - The ID of the VPC that the instance is running in.
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
One or more filters for the IPAM policy description.
", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"IpamMaxResults", + "documentation":"The maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + }, + "IpamPolicyIds":{ + "shape":"ValueStringList", + "documentation":"The IDs of the IPAM policies to describe.
", + "locationName":"IpamPolicyId" + } + } + }, + "DescribeIpamPoliciesResult":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Information about the IPAM policies.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
", + "locationName":"ipamPolicySet" + } + } + }, "DescribeIpamPoolsRequest":{ "type":"structure", "members":{ @@ -25749,7 +26734,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"Specify the pagination token from a previous request to retrieve the next page of results.
" + "documentation":"The token for the next page of results.
" }, "MaxResults":{ "shape":"IpamMaxResults", @@ -25772,7 +26757,7 @@ }, "NextToken":{ "shape":"NextToken", - "documentation":"Specify the pagination token from a previous request to retrieve the next page of results.
", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Specify the pagination token from a previous request to retrieve the next page of results.
", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The IDs of the transit gateway metering policies to describe.
" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"One or more filters to apply when describing transit gateway metering policies.
", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"TransitGatewayMaxResults", + "documentation":"The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
The token for the next page of results.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the transit gateway metering policies.
", + "locationName":"transitGatewayMeteringPolicies" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The filters to apply to the request.
", + "locationName":"Filter" + }, + "VpcEncryptionControlIds":{ + "shape":"VpcEncryptionControlIdList", + "documentation":"The IDs of the VPC Encryption Control configurations to describe.
", + "locationName":"VpcEncryptionControlId" + }, + "VpcIds":{ + "shape":"VpcIdStringList", + "documentation":"The IDs of the VPCs to describe encryption control configurations for.
", + "locationName":"VpcId" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
" + }, + "MaxResults":{ + "shape":"DescribeVpcEncryptionControlsMaxResults", + "documentation":"The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
" + } + } + }, + "DescribeVpcEncryptionControlsResult":{ + "type":"structure", + "members":{ + "VpcEncryptionControls":{ + "shape":"VpcEncryptionControlList", + "documentation":"Information about the VPC Encryption Control configurations.
", + "locationName":"vpcEncryptionControlSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to include in another request to get the next page of items. This value is null when there are no more items to return.
One or more VPN concentrator IDs.
", + "locationName":"VpnConcentratorId" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"One or more filters to limit the results.
", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"GVCDMaxResults", + "documentation":"The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
The token for the next page of results.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the VPN concentrators.
", + "locationName":"vpnConcentratorSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The IDs of the instances to disable from SQL Server High Availability standby detection monitoring.
", + "locationName":"InstanceId" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the instances that were disabled from SQL Server High Availability standby detection monitoring.
", + "locationName":"instanceSet" + } + } + }, "DisableIpamOrganizationAdminAccountRequest":{ "type":"structure", "required":["DelegatedAdminAccountId"], @@ -31167,6 +32312,34 @@ } } }, + "DisableIpamPolicyRequest":{ + "type":"structure", + "required":["IpamPolicyId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the IPAM policy to disable.
" + }, + "OrganizationTargetId":{ + "shape":"String", + "documentation":"The ID of the Amazon Web Services Organizations target for which to disable the IPAM policy. This parameter is required only when IPAM is integrated with Amazon Web Services Organizations. When IPAM is not integrated with Amazon Web Services Organizations, omit this parameter and the policy will be disabled for the current account.
A target can be an individual Amazon Web Services account or an entity within an Amazon Web Services Organization to which an IPAM policy can be applied.
" + } + } + }, + "DisableIpamPolicyResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "documentation":"Returns true if the IPAM policy was successfully disabled.
", + "locationName":"return" + } + } + }, "DisableRouteServerPropagationRequest":{ "type":"structure", "required":[ @@ -32529,6 +33702,11 @@ "shape":"InstanceConnectEndpointPublicDnsNames", "documentation":"The public DNS names of the endpoint.
", "locationName":"publicDnsNames" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"The ID of the Availability Zone of the EC2 Instance Connect Endpoint.
", + "locationName":"availabilityZoneId" } }, "documentation":"Describes an EC2 Instance Connect Endpoint.
" @@ -33401,6 +34579,35 @@ } } }, + "EnableInstanceSqlHaStandbyDetectionsRequest":{ + "type":"structure", + "required":["InstanceIds"], + "members":{ + "InstanceIds":{ + "shape":"InstanceIdUpdateStringList", + "documentation":"The IDs of the instances to enable for SQL Server High Availability standby detection monitoring.
", + "locationName":"InstanceId" + }, + "SqlServerCredentials":{ + "shape":"SecretArn", + "documentation":"The ARN of the Secrets Manager secret containing the SQL Server access credentials. The specified secret must contain valid SQL Server credentials for the specified instances. If not specified, deafult local user credentials will be used by the Amazon Web Services Systems Manager agent. To enable instances with different credentials, you must make separate requests.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the instances that were enabled for SQL Server High Availability standby detection monitoring.
", + "locationName":"instanceSet" + } + } + }, "EnableIpamOrganizationAdminAccountRequest":{ "type":"structure", "required":["DelegatedAdminAccountId"], @@ -33425,6 +34632,34 @@ } } }, + "EnableIpamPolicyRequest":{ + "type":"structure", + "required":["IpamPolicyId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the IPAM policy to enable.
" + }, + "OrganizationTargetId":{ + "shape":"String", + "documentation":"The ID of the Amazon Web Services Organizations target for which to enable the IPAM policy. This parameter is required only when IPAM is integrated with Amazon Web Services Organizations. When IPAM is not integrated with Amazon Web Services Organizations, omit this parameter and the policy will apply to the current account.
A target can be an individual Amazon Web Services account or an entity within an Amazon Web Services Organization to which an IPAM policy can be applied.
" + } + } + }, + "EnableIpamPolicyResult":{ + "type":"structure", + "members":{ + "IpamPolicyId":{ + "shape":"IpamPolicyId", + "documentation":"The ID of the IPAM policy that was enabled.
", + "locationName":"ipamPolicyId" + } + } + }, "EnableReachabilityAnalyzerOrganizationSharingRequest":{ "type":"structure", "members":{ @@ -33655,6 +34890,38 @@ "documentation":"Indicates whether the instance is enabled for Amazon Web Services Nitro Enclaves. For more information, see What is Amazon Web Services Nitro Enclaves? in the Amazon Web Services Nitro Enclaves User Guide.
" }, "EncryptionInTransitSupported":{"type":"boolean"}, + "EncryptionStateValue":{ + "type":"string", + "enum":[ + "enabling", + "enabled", + "disabling", + "disabled" + ] + }, + "EncryptionSupport":{ + "type":"structure", + "members":{ + "EncryptionState":{ + "shape":"EncryptionStateValue", + "documentation":"The current encryption state of the resource.
", + "locationName":"encryptionState" + }, + "StateMessage":{ + "shape":"String", + "documentation":"A message describing the encryption state.
", + "locationName":"stateMessage" + } + }, + "documentation":"Describes the encryption support status for a transit gateway.
" + }, + "EncryptionSupportOptionValue":{ + "type":"string", + "enum":[ + "enable", + "disable" + ] + }, "EndDateType":{ "type":"string", "enum":[ @@ -34511,7 +35778,7 @@ "documentation":"The identifier for the external resource managing this scope. For Infoblox integrations, this is the Infoblox resource identifier in the format <version>.identity.account.<entity_realm>.<entity_id>.
The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.
For more information, see Integrate VPC IPAM with Infoblox infrastructure in the Amazon VPC IPAM User Guide..
" + "documentation":"The configuration that links an Amazon VPC IPAM scope to an external authority system. It specifies the type of external system and the external resource identifier that identifies your account or instance in that system.
For more information, see Integrate VPC IPAM with Infoblox infrastructure in the Amazon VPC IPAM User Guide.
" }, "FailedCapacityReservationFleetCancellationResult":{ "type":"structure", @@ -35546,7 +36813,8 @@ "Subnet", "NetworkInterface", "TransitGateway", - "TransitGatewayAttachment" + "TransitGatewayAttachment", + "RegionalNatGateway" ] }, "FpgaDeviceCount":{"type":"integer"}, @@ -36199,6 +37467,21 @@ "shape":"InstanceUsageSet", "documentation":"Information about the Capacity Reservation usage.
", "locationName":"instanceUsageSet" + }, + "Interruptible":{ + "shape":"BoxedBoolean", + "documentation":"Indicates whether the Capacity Reservation is interruptible, meaning instances may be terminated when the owner reclaims capacity.
", + "locationName":"interruptible" + }, + "InterruptibleCapacityAllocation":{ + "shape":"InterruptibleCapacityAllocation", + "documentation":"Information about the capacity allocated to the interruptible Capacity Reservation, including instance counts and allocation status.
", + "locationName":"interruptibleCapacityAllocation" + }, + "InterruptionInfo":{ + "shape":"InterruptionInfo", + "documentation":"Details about the interruption configuration and source reservation for interruptible Capacity Reservations.
", + "locationName":"interruptionInfo" } } }, @@ -36457,6 +37740,35 @@ } } }, + "GetEnabledIpamPolicyRequest":{ + "type":"structure", + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Indicates whether the IPAM policy is enabled.
", + "locationName":"ipamPolicyEnabled" + }, + "IpamPolicyId":{ + "shape":"IpamPolicyId", + "documentation":"The ID of the enabled IPAM policy.
", + "locationName":"ipamPolicyId" + }, + "ManagedBy":{ + "shape":"IpamPolicyManagedBy", + "documentation":"The entity that manages the IPAM policy.
", + "locationName":"managedBy" + } + } + }, "GetFlowLogsIntegrationTemplateRequest":{ "type":"structure", "required":[ @@ -36578,6 +37890,30 @@ } } }, + "GetImageAncestryRequest":{ + "type":"structure", + "required":["ImageId"], + "members":{ + "ImageId":{ + "shape":"ImageId", + "documentation":"The ID of the AMI whose ancestry you want to trace.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
A list of entries in the AMI ancestry chain, from the specified AMI to the root AMI.
", + "locationName":"imageAncestryEntrySet" + } + } + }, "GetImageBlockPublicAccessStateRequest":{ "type":"structure", "members":{ @@ -36964,6 +38300,98 @@ } } }, + "GetIpamPolicyAllocationRulesRequest":{ + "type":"structure", + "required":["IpamPolicyId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the IPAM policy for which to get allocation rules.
" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"One or more filters for the allocation rules.
", + "locationName":"Filter" + }, + "Locale":{ + "shape":"String", + "documentation":"The locale for which to get the allocation rules.
" + }, + "ResourceType":{ + "shape":"IpamPolicyResourceType", + "documentation":"The resource type for which to get the allocation rules.
The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:
Elastic IP addresses
The maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + } + } + }, + "GetIpamPolicyAllocationRulesResult":{ + "type":"structure", + "members":{ + "IpamPolicyDocuments":{ + "shape":"IpamPolicyDocumentSet", + "documentation":"The IPAM policy documents containing the allocation rules.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
", + "locationName":"ipamPolicyDocumentSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results.
", + "locationName":"nextToken" + } + } + }, + "GetIpamPolicyOrganizationTargetsRequest":{ + "type":"structure", + "required":["IpamPolicyId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + }, + "IpamPolicyId":{ + "shape":"IpamPolicyId", + "documentation":"The ID of the IPAM policy for which to get Amazon Web Services Organizations targets.
" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"One or more filters for the Amazon Web Services Organizations targets.
", + "locationName":"Filter" + } + } + }, + "GetIpamPolicyOrganizationTargetsResult":{ + "type":"structure", + "members":{ + "OrganizationTargets":{ + "shape":"IpamPolicyOrganizationTargetSet", + "documentation":"The Amazon Web Services Organizations targets for an IPAM policy.
", + "locationName":"organizationTargetSet" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use to retrieve the next page of results.
", + "locationName":"nextToken" + } + } + }, "GetIpamPoolAllocationsMaxResults":{ "type":"integer", "max":100000, @@ -37889,6 +39317,48 @@ } } }, + "GetTransitGatewayMeteringPolicyEntriesRequest":{ + "type":"structure", + "required":["TransitGatewayMeteringPolicyId"], + "members":{ + "TransitGatewayMeteringPolicyId":{ + "shape":"TransitGatewayMeteringPolicyId", + "documentation":"The ID of the transit gateway metering policy to retrieve entries for.
" + }, + "Filters":{ + "shape":"FilterList", + "documentation":"One or more filters to apply when retrieving metering policy entries.
", + "locationName":"Filter" + }, + "MaxResults":{ + "shape":"TransitGatewayMaxResults", + "documentation":"The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
The token for the next page of results.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the transit gateway metering policy entries.
", + "locationName":"transitGatewayMeteringPolicyEntries" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to use to retrieve the next page of results. This value is null when there are no more results to return.
The ID of the VPC to check for resources blocking encryption enforcement.
" + }, + "MaxResults":{ + "shape":"GetVpcResourcesBlockingEncryptionEnforcementMaxResults", + "documentation":"The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about resources that are blocking encryption enforcement.
", + "locationName":"nonCompliantResourceSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to include in another request to get the next page of items. This value is null when there are no more items to return.
Describes an image.
" }, + "ImageAncestryEntry":{ + "type":"structure", + "members":{ + "CreationDate":{ + "shape":"MillisecondDateTime", + "documentation":"The date and time when this AMI was created.
", + "locationName":"creationDate" + }, + "ImageId":{ + "shape":"ImageId", + "documentation":"The ID of this AMI.
", + "locationName":"imageId" + }, + "ImageOwnerAlias":{ + "shape":"String", + "documentation":"The owner alias (amazon | aws-backup-vault | aws-marketplace ) of this AMI, if one is assigned. Otherwise, the value is null.
The ID of the parent AMI.
", + "locationName":"sourceImageId" + }, + "SourceImageRegion":{ + "shape":"String", + "documentation":"The Amazon Web Services Region of the parent AMI.
", + "locationName":"sourceImageRegion" + } + }, + "documentation":"Information about a single AMI in the ancestry chain and its source (parent) AMI.
" + }, + "ImageAncestryEntryList":{ + "type":"list", + "member":{ + "shape":"ImageAncestryEntry", + "locationName":"item" + } + }, "ImageAttribute":{ "type":"structure", "members":{ @@ -41745,6 +43304,15 @@ "locationName":"InstanceId" } }, + "InstanceIdUpdateStringList":{ + "type":"list", + "member":{ + "shape":"InstanceId", + "locationName":"item" + }, + "max":30, + "min":1 + }, "InstanceIdWithVolumeResolver":{"type":"string"}, "InstanceIdsSet":{ "type":"list", @@ -41912,7 +43480,8 @@ "enum":[ "spot", "scheduled", - "capacity-block" + "capacity-block", + "interruptible-capacity-reservation" ] }, "InstanceList":{ @@ -42575,7 +44144,7 @@ }, "AcceleratorTypes":{ "shape":"AcceleratorTypeSet", - "documentation":"The accelerator types that must be on the instance type.
For instance types with FPGA accelerators, specify fpga.
For instance types with GPU accelerators, specify gpu.
For instance types with Inference accelerators, specify inference.
Default: Any accelerator type
", + "documentation":"The accelerator types that must be on the instance type.
For instance types with FPGA accelerators, specify fpga.
For instance types with GPU accelerators, specify gpu.
For instance types with Inference accelerators, specify inference.
For instance types with Media accelerators, specify media.
Default: Any accelerator type
", "locationName":"acceleratorTypeSet" }, "AcceleratorCount":{ @@ -42590,7 +44159,7 @@ }, "AcceleratorNames":{ "shape":"AcceleratorNameSet", - "documentation":"The accelerators that must be on the instance type.
For instance types with NVIDIA A10G GPUs, specify a10g.
For instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA H100 GPUs, specify h100.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA T4G GPUs, specify t4g.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with NVIDIA V100 GPUs, specify v100.
Default: Any accelerator
", + "documentation":"The accelerators that must be on the instance type.
For instance types with NVIDIA A10G GPUs, specify a10g.
For instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA H100 GPUs, specify h100.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with Amazon Web Services Inferentia2 chips, specify inferentia2.
For instance types with Habana Gaudi HL-205 GPUs, specify gaudi-hl-205.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA L4 GPUs, specify l4.
For instance types with NVIDIA L40S GPUs, specify l40s.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with Amazon Web Services Trainium chips, specify trainium.
For instance types with Amazon Web Services Trainium2 chips, specify trainium2.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA T4G GPUs, specify t4g.
For instance types with Xilinx U30 cards, specify u30.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with NVIDIA V100 GPUs, specify v100.
Default: Any accelerator
", "locationName":"acceleratorNameSet" }, "AcceleratorTotalMemoryMiB":{ @@ -42703,7 +44272,7 @@ }, "AcceleratorTypes":{ "shape":"AcceleratorTypeSet", - "documentation":"The accelerator types that must be on the instance type.
For instance types with FPGA accelerators, specify fpga.
For instance types with GPU accelerators, specify gpu.
For instance types with Inference accelerators, specify inference.
Default: Any accelerator type
", + "documentation":"The accelerator types that must be on the instance type.
For instance types with FPGA accelerators, specify fpga.
For instance types with GPU accelerators, specify gpu.
For instance types with Inference accelerators, specify inference.
For instance types with Media accelerators, specify media.
Default: Any accelerator type
", "locationName":"AcceleratorType" }, "AcceleratorCount":{ @@ -42717,7 +44286,7 @@ }, "AcceleratorNames":{ "shape":"AcceleratorNameSet", - "documentation":"The accelerators that must be on the instance type.
For instance types with NVIDIA A10G GPUs, specify a10g.
For instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA H100 GPUs, specify h100.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA T4G GPUs, specify t4g.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with NVIDIA V100 GPUs, specify v100.
Default: Any accelerator
", + "documentation":"The accelerators that must be on the instance type.
For instance types with NVIDIA A10G GPUs, specify a10g.
For instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA H100 GPUs, specify h100.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with Amazon Web Services Inferentia2 chips, specify inferentia2.
For instance types with Habana Gaudi HL-205 GPUs, specify gaudi-hl-205.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA L4 GPUs, specify l4.
For instance types with NVIDIA L40S GPUs, specify l40s.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with Amazon Web Services Trainium chips, specify trainium.
For instance types with Amazon Web Services Trainium2 chips, specify trainium2.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA T4G GPUs, specify t4g.
For instance types with Xilinx U30 cards, specify u30.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with NVIDIA V100 GPUs, specify v100.
Default: Any accelerator
", "locationName":"AcceleratorName" }, "AcceleratorTotalMemoryMiB":{ @@ -44558,6 +46127,68 @@ "locationName":"item" } }, + "InterruptibleCapacityAllocation":{ + "type":"structure", + "members":{ + "InstanceCount":{ + "shape":"Integer", + "documentation":"The current number of instances allocated to the interruptible reservation.
", + "locationName":"instanceCount" + }, + "TargetInstanceCount":{ + "shape":"Integer", + "documentation":"After your modify request, the requested number of instances allocated to interruptible reservation.
", + "locationName":"targetInstanceCount" + }, + "Status":{ + "shape":"InterruptibleCapacityReservationAllocationStatus", + "documentation":"The current status of the allocation (updating during reclamation, active when complete).
", + "locationName":"status" + }, + "InterruptibleCapacityReservationId":{ + "shape":"String", + "documentation":"The ID of the interruptible Capacity Reservation created from the allocation.
", + "locationName":"interruptibleCapacityReservationId" + }, + "InterruptionType":{ + "shape":"InterruptionType", + "documentation":"The type of interruption policy applied to the interruptible reservation.
", + "locationName":"interruptionType" + } + }, + "documentation":"Represents the allocation of capacity from a source reservation to an interruptible reservation, tracking current and target instance counts for allocation management.
" + }, + "InterruptibleCapacityReservationAllocationStatus":{ + "type":"string", + "enum":[ + "pending", + "active", + "updating", + "canceling", + "canceled", + "failed" + ] + }, + "InterruptionInfo":{ + "type":"structure", + "members":{ + "SourceCapacityReservationId":{ + "shape":"String", + "documentation":"The ID of the source Capacity Reservation from which the interruptible reservation was created.
", + "locationName":"sourceCapacityReservationId" + }, + "InterruptionType":{ + "shape":"InterruptionType", + "documentation":"The interruption type that determines how instances are terminated when capacity is reclaimed.
", + "locationName":"interruptionType" + } + }, + "documentation":"Contains information about how and when instances in an interruptible reservation can be terminated when capacity is reclaimed.
" + }, + "InterruptionType":{ + "type":"string", + "enum":["adhoc"] + }, "IpAddress":{ "type":"string", "max":15, @@ -45303,6 +46934,179 @@ "ignored" ] }, + "IpamPolicy":{ + "type":"structure", + "members":{ + "OwnerId":{ + "shape":"String", + "documentation":"The account ID that owns the IPAM policy.
", + "locationName":"ownerId" + }, + "IpamPolicyId":{ + "shape":"IpamPolicyId", + "documentation":"The ID of the IPAM policy.
", + "locationName":"ipamPolicyId" + }, + "IpamPolicyArn":{ + "shape":"ResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the IPAM policy.
", + "locationName":"ipamPolicyArn" + }, + "IpamPolicyRegion":{ + "shape":"String", + "documentation":"The Region of the IPAM policy.
", + "locationName":"ipamPolicyRegion" + }, + "State":{ + "shape":"IpamPolicyState", + "documentation":"The state of the IPAM policy.
", + "locationName":"state" + }, + "StateMessage":{ + "shape":"String", + "documentation":"A message about the state of the IPAM policy.
", + "locationName":"stateMessage" + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags assigned to the IPAM policy.
", + "locationName":"tagSet" + }, + "IpamId":{ + "shape":"IpamId", + "documentation":"The ID of the IPAM this policy belongs to.
", + "locationName":"ipamId" + } + }, + "documentation":"Information about an IPAM policy.
An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.
" + }, + "IpamPolicyAllocationRule":{ + "type":"structure", + "members":{ + "SourceIpamPoolId":{ + "shape":"IpamPoolId", + "documentation":"The ID of the source IPAM pool for the allocation rule.
An IPAM pool is a collection of IP addresses in IPAM that can be allocated to Amazon Web Services resources.
", + "locationName":"sourceIpamPoolId" + } + }, + "documentation":"Information about an IPAM policy allocation rule.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
" + }, + "IpamPolicyAllocationRuleList":{ + "type":"list", + "member":{ + "shape":"IpamPolicyAllocationRule", + "locationName":"item" + } + }, + "IpamPolicyAllocationRuleListRequest":{ + "type":"list", + "member":{ + "shape":"IpamPolicyAllocationRuleRequest", + "locationName":"item" + } + }, + "IpamPolicyAllocationRuleRequest":{ + "type":"structure", + "members":{ + "SourceIpamPoolId":{ + "shape":"IpamPoolId", + "documentation":"The ID of the source IPAM pool for the requested allocation rule.
An IPAM pool is a collection of IP addresses in IPAM that can be allocated to Amazon Web Services resources.
" + } + }, + "documentation":"Information about a requested IPAM policy allocation rule.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
" + }, + "IpamPolicyDocument":{ + "type":"structure", + "members":{ + "IpamPolicyId":{ + "shape":"IpamPolicyId", + "documentation":"The ID of the IPAM policy.
", + "locationName":"ipamPolicyId" + }, + "Locale":{ + "shape":"String", + "documentation":"The locale of the IPAM policy document.
", + "locationName":"locale" + }, + "ResourceType":{ + "shape":"IpamPolicyResourceType", + "documentation":"The resource type of the IPAM policy document.
The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:
Elastic IP addresses
The allocation rules in the IPAM policy document.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
", + "locationName":"allocationRuleSet" + } + }, + "documentation":"Information about an IPAM policy.
" + }, + "IpamPolicyDocumentSet":{ + "type":"list", + "member":{ + "shape":"IpamPolicyDocument", + "locationName":"item" + } + }, + "IpamPolicyId":{"type":"string"}, + "IpamPolicyManagedBy":{ + "type":"string", + "enum":[ + "account", + "delegated-administrator-for-ipam" + ] + }, + "IpamPolicyOrganizationTarget":{ + "type":"structure", + "members":{ + "OrganizationTargetId":{ + "shape":"String", + "documentation":"The ID of a Amazon Web Services Organizations target for an IPAM policy.
", + "locationName":"organizationTargetId" + } + }, + "documentation":"The Amazon Web Services Organizations target for an IPAM policy.
" + }, + "IpamPolicyOrganizationTargetSet":{ + "type":"list", + "member":{ + "shape":"IpamPolicyOrganizationTarget", + "locationName":"item" + } + }, + "IpamPolicyResourceType":{ + "type":"string", + "enum":[ + "alb", + "eip", + "rds", + "rnat" + ] + }, + "IpamPolicySet":{ + "type":"list", + "member":{ + "shape":"IpamPolicy", + "locationName":"item" + } + }, + "IpamPolicyState":{ + "type":"string", + "enum":[ + "create-in-progress", + "create-complete", + "create-failed", + "modify-in-progress", + "modify-complete", + "modify-failed", + "delete-in-progress", + "delete-complete", + "delete-failed", + "isolate-in-progress", + "isolate-complete", + "restore-in-progress" + ] + }, "IpamPool":{ "type":"structure", "members":{ @@ -45493,7 +47297,8 @@ "ec2-public-ipv4-pool", "custom", "subnet", - "eip" + "eip", + "anycast-ip-list" ] }, "IpamPoolAllocationSet":{ @@ -45505,7 +47310,10 @@ }, "IpamPoolAwsService":{ "type":"string", - "enum":["ec2"] + "enum":[ + "ec2", + "global-services" + ] }, "IpamPoolCidr":{ "type":"structure", @@ -46094,6 +47902,7 @@ "site-to-site-vpn", "load-balancer", "global-accelerator", + "cloudfront", "other" ] }, @@ -46162,7 +47971,8 @@ "amazon-owned-eip", "amazon-owned-contig", "byoip", - "ec2-public-ip" + "ec2-public-ip", + "anycast-ip-list-ip" ] }, "IpamResourceCidr":{ @@ -46461,7 +48271,8 @@ "eip", "public-ipv4-pool", "ipv6-pool", - "eni" + "eni", + "anycast-ip-list" ] }, "IpamScope":{ @@ -48567,6 +50378,43 @@ } } }, + "ListVolumesInRecycleBinRequest":{ + "type":"structure", + "members":{ + "VolumeIds":{ + "shape":"VolumeIdStringList", + "documentation":"The IDs of the volumes to list. Omit this parameter to list all of the volumes that are in the Recycle Bin.
", + "locationName":"VolumeId" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
Valid range: 5 - 500
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
" + } + } + }, + "ListVolumesInRecycleBinResult":{ + "type":"structure", + "members":{ + "Volumes":{ + "shape":"VolumeRecycleBinInfoList", + "documentation":"Information about the volumes.
", + "locationName":"volumeSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to include in another request to get the next page of items. This value is null when there are no more items to return.
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the IPAM policy whose allocation rules you want to modify.
" + }, + "Locale":{ + "shape":"String", + "documentation":"The locale for which to modify the allocation rules.
" + }, + "ResourceType":{ + "shape":"IpamPolicyResourceType", + "documentation":"The resource type for which to modify the allocation rules.
The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:
Elastic IP addresses
The new allocation rules to apply to the IPAM policy.
Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.
", + "locationName":"AllocationRule" + } + } + }, + "ModifyIpamPolicyAllocationRulesResult":{ + "type":"structure", + "members":{ + "IpamPolicyDocument":{ + "shape":"IpamPolicyDocument", + "documentation":"The modified IPAM policy containing the updated allocation rules.
", + "locationName":"ipamPolicyDocument" + } + } + }, "ModifyIpamPoolRequest":{ "type":"structure", "required":["IpamPoolId"], @@ -52055,6 +53945,40 @@ } } }, + "ModifyTransitGatewayMeteringPolicyRequest":{ + "type":"structure", + "required":["TransitGatewayMeteringPolicyId"], + "members":{ + "TransitGatewayMeteringPolicyId":{ + "shape":"TransitGatewayMeteringPolicyId", + "documentation":"The ID of the transit gateway metering policy to modify.
" + }, + "AddMiddleboxAttachmentIds":{ + "shape":"TransitGatewayAttachmentIdStringList", + "documentation":"The IDs of middlebox attachments to add to the metering policy.
", + "locationName":"AddMiddleboxAttachmentId" + }, + "RemoveMiddleboxAttachmentIds":{ + "shape":"TransitGatewayAttachmentIdStringList", + "documentation":"The IDs of middlebox attachments to remove from the metering policy.
", + "locationName":"RemoveMiddleboxAttachmentId" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Information about the modified transit gateway metering policy.
", + "locationName":"transitGatewayMeteringPolicy" + } + } + }, "ModifyTransitGatewayOptions":{ "type":"structure", "members":{ @@ -52101,6 +54025,10 @@ "AmazonSideAsn":{ "shape":"Long", "documentation":"A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.
The modify ASN operation is not allowed on a transit gateway if it has the following attachments:
Dynamic VPN
Static VPN
Direct Connect Gateway
Connect
You must first delete all transit gateway attachments configured prior to modifying the ASN on the transit gateway.
" + }, + "EncryptionSupport":{ + "shape":"EncryptionSupportOptionValue", + "documentation":"Enable or disable encryption support for VPC Encryption Control.
" } }, "documentation":"The transit gateway options.
" @@ -52872,6 +54800,66 @@ } } }, + "ModifyVpcEncryptionControlRequest":{ + "type":"structure", + "required":["VpcEncryptionControlId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the VPC Encryption Control resource to modify.
" + }, + "Mode":{ + "shape":"VpcEncryptionControlMode", + "documentation":"The encryption mode for the VPC Encryption Control configuration.
" + }, + "InternetGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude internet gateway traffic from encryption enforcement.
" + }, + "EgressOnlyInternetGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude egress-only internet gateway traffic from encryption enforcement.
" + }, + "NatGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude NAT gateway traffic from encryption enforcement.
" + }, + "VirtualPrivateGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude virtual private gateway traffic from encryption enforcement.
" + }, + "VpcPeeringExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude VPC peering connection traffic from encryption enforcement.
" + }, + "LambdaExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude Lambda function traffic from encryption enforcement.
" + }, + "VpcLatticeExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude VPC Lattice traffic from encryption enforcement.
" + }, + "ElasticFileSystemExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude Elastic File System traffic from encryption enforcement.
" + } + } + }, + "ModifyVpcEncryptionControlResult":{ + "type":"structure", + "members":{ + "VpcEncryptionControl":{ + "shape":"VpcEncryptionControl", + "documentation":"Information about the VPC Encryption Control configuration.
", + "locationName":"vpcEncryptionControl" + } + } + }, "ModifyVpcEndpointConnectionNotificationRequest":{ "type":"structure", "required":["ConnectionNotificationId"], @@ -53703,6 +55691,26 @@ "shape":"ConnectivityType", "documentation":"Indicates whether the NAT gateway supports public or private connectivity.
", "locationName":"connectivityType" + }, + "AvailabilityMode":{ + "shape":"AvailabilityMode", + "documentation":"Indicates whether this is a zonal (single-AZ) or regional (multi-AZ) NAT gateway.
A zonal NAT gateway is a NAT Gateway that provides redundancy and scalability within a single availability zone. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.
", + "locationName":"availabilityMode" + }, + "AutoScalingIps":{ + "shape":"AutoScalingIpsState", + "documentation":"For regional NAT gateways only: Indicates whether Amazon Web Services automatically allocates additional Elastic IP addresses (EIPs) in an AZ when the NAT gateway needs more ports due to increased concurrent connections to a single destination from that AZ.
For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.
", + "locationName":"autoScalingIps" + }, + "AutoProvisionZones":{ + "shape":"AutoProvisionZonesState", + "documentation":"For regional NAT gateways only: Indicates whether Amazon Web Services automatically manages AZ coverage. When enabled, the NAT gateway associates EIPs in all AZs where your VPC has subnets to handle outbound NAT traffic, expands to new AZs when you create subnets there, and retracts from AZs where you've removed all subnets. When disabled, you must manually manage which AZs the NAT gateway supports and their corresponding EIPs.
A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.
For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.
", + "locationName":"autoProvisionZones" + }, + "RouteTableId":{ + "shape":"String", + "documentation":"For regional NAT gateways only, this is the ID of the NAT gateway.
", + "locationName":"routeTableId" } }, "documentation":"Describes a NAT gateway.
" @@ -53749,6 +55757,16 @@ "shape":"NatGatewayAddressStatus", "documentation":"The address status.
", "locationName":"status" + }, + "AvailabilityZone":{ + "shape":"AvailabilityZoneName", + "documentation":"The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.
", + "locationName":"availabilityZone" + }, + "AvailabilityZoneId":{ + "shape":"AvailabilityZoneId", + "documentation":"The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.
", + "locationName":"availabilityZoneId" } }, "documentation":"Describes the IP addresses and network interface associated with a NAT gateway.
" @@ -57916,6 +59934,54 @@ } } }, + "RegisteredInstance":{ + "type":"structure", + "members":{ + "InstanceId":{ + "shape":"InstanceId", + "documentation":"The ID of the SQL Server High Availability instance.
", + "locationName":"instanceId" + }, + "SqlServerLicenseUsage":{ + "shape":"SqlServerLicenseUsage", + "documentation":"The license type for the SQL Server license. Valid values include:
full - The SQL Server High Availability instance is using a full SQL Server license.
waived - The SQL Server High Availability instance is waived from the SQL Server license.
The SQL Server High Availability status of the instance. Valid values are:
processing - The SQL Server High Availability status for the SQL Server High Availability instance is being updated.
active - The SQL Server High Availability instance is an active node in an SQL Server High Availability cluster.
standby - The SQL Server High Availability instance is a standby failover node in an SQL Server High Availability cluster.
invalid - An error occurred due to misconfigured permissions, or unable to dertemine SQL Server High Availability status for the SQL Server High Availability instance.
A brief description of the SQL Server High Availability status. If the instance is in the invalid High Availability status, this parameter includes the error message.
The date and time when the instance's SQL Server High Availability status was last updated, in the ISO 8601 format in the UTC time zone (YYYY-MM-DDThh:mm:ss.sssZ).
The ARN of the Secrets Manager secret containing the SQL Server access credentials for the SQL Server High Availability instance. If not specified, deafult local user credentials will be used by the Amazon Web Services Systems Manager agent.
", + "locationName":"sqlServerCredentials" + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags assigned to the SQL Server High Availability instance.
", + "locationName":"tagSet" + } + }, + "documentation":"Describes an Amazon EC2 instance that is enabled for SQL Server High Availability standby detection monitoring.
" + }, + "RegisteredInstanceList":{ + "type":"list", + "member":{ + "shape":"RegisteredInstance", + "locationName":"item" + } + }, "RejectCapacityReservationBillingOwnershipRequest":{ "type":"structure", "required":["CapacityReservationId"], @@ -60045,6 +62111,7 @@ "transit-gateway-connect-peer", "transit-gateway-multicast-domain", "transit-gateway-policy-table", + "transit-gateway-metering-policy", "transit-gateway-route-table", "transit-gateway-route-table-announcement", "volume", @@ -60067,6 +62134,7 @@ "verified-access-trust-provider", "vpn-connection-device-type", "vpc-block-public-access-exclusion", + "vpc-encryption-control", "route-server", "route-server-endpoint", "route-server-peer", @@ -60078,8 +62146,10 @@ "capacity-block", "mac-modification-task", "ipam-prefix-list-resolver", + "ipam-policy", "ipam-prefix-list-resolver-target", - "capacity-manager-data-export" + "capacity-manager-data-export", + "vpn-concentrator" ] }, "ResourceTypeOption":{ @@ -60543,6 +62613,30 @@ } } }, + "RestoreVolumeFromRecycleBinRequest":{ + "type":"structure", + "required":["VolumeId"], + "members":{ + "VolumeId":{ + "shape":"VolumeId", + "documentation":"The ID of the volume to restore.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
The ID of the transit gateway metering policy.
", + "locationName":"transitGatewayMeteringPolicyId" + }, + "TransitGatewayId":{ + "shape":"TransitGatewayId", + "documentation":"The ID of the transit gateway associated with the metering policy.
", + "locationName":"transitGatewayId" + }, + "MiddleboxAttachmentIds":{ + "shape":"ValueStringList", + "documentation":"The IDs of the middlebox attachments associated with the metering policy.
", + "locationName":"middleboxAttachmentIdSet" + }, + "State":{ + "shape":"TransitGatewayMeteringPolicyState", + "documentation":"The state of the transit gateway metering policy.
", + "locationName":"state" + }, + "UpdateEffectiveAt":{ + "shape":"MillisecondDateTime", + "documentation":"The date and time when the metering policy update becomes effective.
", + "locationName":"updateEffectiveAt" + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags assigned to the transit gateway metering policy.
", + "locationName":"tagSet" + } + }, + "documentation":"Describes a transit gateway metering policy.
" + }, + "TransitGatewayMeteringPolicyEntry":{ + "type":"structure", + "members":{ + "PolicyRuleNumber":{ + "shape":"String", + "documentation":"The rule number of the metering policy entry.
", + "locationName":"policyRuleNumber" + }, + "MeteredAccount":{ + "shape":"TransitGatewayMeteringPayerType", + "documentation":"The Amazon Web Services account ID to which the metered traffic is attributed.
", + "locationName":"meteredAccount" + }, + "State":{ + "shape":"TransitGatewayMeteringPolicyEntryState", + "documentation":"The state of the metering policy entry.
", + "locationName":"state" + }, + "UpdatedAt":{ + "shape":"MillisecondDateTime", + "documentation":"The date and time when the metering policy entry was last updated.
", + "locationName":"updatedAt" + }, + "UpdateEffectiveAt":{ + "shape":"MillisecondDateTime", + "documentation":"The date and time when the metering policy entry update becomes effective.
", + "locationName":"updateEffectiveAt" + }, + "MeteringPolicyRule":{ + "shape":"TransitGatewayMeteringPolicyRule", + "documentation":"The metering policy rule that defines traffic matching criteria.
", + "locationName":"meteringPolicyRule" + } + }, + "documentation":"Describes an entry in a transit gateway metering policy.
" + }, + "TransitGatewayMeteringPolicyEntryList":{ + "type":"list", + "member":{ + "shape":"TransitGatewayMeteringPolicyEntry", + "locationName":"item" + } + }, + "TransitGatewayMeteringPolicyEntryState":{ + "type":"string", + "enum":[ + "available", + "deleted" + ] + }, + "TransitGatewayMeteringPolicyId":{"type":"string"}, + "TransitGatewayMeteringPolicyIdStringList":{ + "type":"list", + "member":{ + "shape":"TransitGatewayMeteringPolicyId", + "locationName":"item" + } + }, + "TransitGatewayMeteringPolicyList":{ + "type":"list", + "member":{ + "shape":"TransitGatewayMeteringPolicy", + "locationName":"item" + } + }, + "TransitGatewayMeteringPolicyRule":{ + "type":"structure", + "members":{ + "SourceTransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"The ID of the source transit gateway attachment.
", + "locationName":"sourceTransitGatewayAttachmentId" + }, + "SourceTransitGatewayAttachmentType":{ + "shape":"TransitGatewayAttachmentResourceType", + "documentation":"The type of the source transit gateway attachment. Note that the tgw-peering resource type has been deprecated. To configure metering policies for Connect, use the transport attachment type.
The source CIDR block for the rule.
", + "locationName":"sourceCidrBlock" + }, + "SourcePortRange":{ + "shape":"String", + "documentation":"The source port range for the rule.
", + "locationName":"sourcePortRange" + }, + "DestinationTransitGatewayAttachmentId":{ + "shape":"TransitGatewayAttachmentId", + "documentation":"The ID of the destination transit gateway attachment.
", + "locationName":"destinationTransitGatewayAttachmentId" + }, + "DestinationTransitGatewayAttachmentType":{ + "shape":"TransitGatewayAttachmentResourceType", + "documentation":"The type of the destination transit gateway attachment. Note that the tgw-peering resource type has been deprecated. To configure metering policies for Connect, use the transport attachment type.
The destination CIDR block for the rule.
", + "locationName":"destinationCidrBlock" + }, + "DestinationPortRange":{ + "shape":"String", + "documentation":"The destination port range for the rule.
", + "locationName":"destinationPortRange" + }, + "Protocol":{ + "shape":"String", + "documentation":"The protocol for the rule (1, 6, 17, etc.).
", + "locationName":"protocol" + } + }, + "documentation":"Describes the traffic matching criteria for a transit gateway metering policy rule.
" + }, + "TransitGatewayMeteringPolicyState":{ + "type":"string", + "enum":[ + "available", + "deleted", + "pending", + "modifying", + "deleting" + ] + }, "TransitGatewayMulitcastDomainAssociationState":{ "type":"string", "enum":[ @@ -67434,6 +69711,11 @@ "shape":"MulticastSupportValue", "documentation":"Indicates whether multicast is enabled on the transit gateway
", "locationName":"multicastSupport" + }, + "EncryptionSupport":{ + "shape":"EncryptionSupport", + "documentation":"Defines if the Transit Gateway supports VPC Encryption Control.
", + "locationName":"encryptionSupport" } }, "documentation":"Describes the options for a transit gateway.
" @@ -68786,6 +71068,62 @@ } } }, + "UpdateInterruptibleCapacityReservationAllocationRequest":{ + "type":"structure", + "required":[ + "CapacityReservationId", + "TargetInstanceCount" + ], + "members":{ + "CapacityReservationId":{ + "shape":"CapacityReservationId", + "documentation":"The ID of the source Capacity Reservation containing the interruptible allocation to modify.
" + }, + "TargetInstanceCount":{ + "shape":"Integer", + "documentation":"The new number of instances to allocate. Enter a higher number to add more capacity to share, or a lower number to reclaim capacity to your source Capacity Reservation.
" + }, + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response.
" + } + } + }, + "UpdateInterruptibleCapacityReservationAllocationResult":{ + "type":"structure", + "members":{ + "InterruptibleCapacityReservationId":{ + "shape":"CapacityReservationId", + "documentation":"The ID of the interruptible Capacity Reservation that was modified.
", + "locationName":"interruptibleCapacityReservationId" + }, + "SourceCapacityReservationId":{ + "shape":"CapacityReservationId", + "documentation":"The ID of the source Capacity Reservation to which capacity was reclaimed or from which capacity was allocated.
", + "locationName":"sourceCapacityReservationId" + }, + "InstanceCount":{ + "shape":"Integer", + "documentation":"The current number of instances allocated to the interruptible reservation.
", + "locationName":"instanceCount" + }, + "TargetInstanceCount":{ + "shape":"Integer", + "documentation":"The requested number of instances for the interruptible Capacity Reservation.
", + "locationName":"targetInstanceCount" + }, + "Status":{ + "shape":"InterruptibleCapacityReservationAllocationStatus", + "documentation":"The current status of the allocation (updating during reclamation, active when complete).
", + "locationName":"status" + }, + "InterruptionType":{ + "shape":"InterruptionType", + "documentation":"The interruption type for the interruptible reservation.
", + "locationName":"interruptionType" + } + } + }, "UpdateSecurityGroupRuleDescriptionsEgressRequest":{ "type":"structure", "members":{ @@ -70479,6 +72817,94 @@ "failed" ] }, + "VolumeRecycleBinInfo":{ + "type":"structure", + "members":{ + "VolumeId":{ + "shape":"VolumeId", + "documentation":"The ID of the volume.
", + "locationName":"volumeId" + }, + "VolumeType":{ + "shape":"VolumeType", + "documentation":"The volume type.
", + "locationName":"volumeType" + }, + "State":{ + "shape":"VolumeState", + "documentation":"The state of the volume.
", + "locationName":"state" + }, + "Size":{ + "shape":"Integer", + "documentation":"The size of the volume, in GiB.
", + "locationName":"size" + }, + "Iops":{ + "shape":"Integer", + "documentation":"The number of I/O operations per second (IOPS) for the volume.
", + "locationName":"iops" + }, + "Throughput":{ + "shape":"Integer", + "documentation":"The throughput that the volume supports, in MiB/s.
", + "locationName":"throughput" + }, + "OutpostArn":{ + "shape":"String", + "documentation":"The ARN of the Outpost on which the volume is stored. For more information, see Amazon EBS volumes on Outposts in the Amazon EBS User Guide.
", + "locationName":"outpostArn" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone for the volume.
", + "locationName":"availabilityZone" + }, + "AvailabilityZoneId":{ + "shape":"String", + "documentation":"The ID of the Availability Zone for the volume.
", + "locationName":"availabilityZoneId" + }, + "SourceVolumeId":{ + "shape":"String", + "documentation":"The ID of the source volume.
", + "locationName":"sourceVolumeId" + }, + "SnapshotId":{ + "shape":"String", + "documentation":"The snapshot from which the volume was created, if applicable.
", + "locationName":"snapshotId" + }, + "Operator":{ + "shape":"OperatorResponse", + "documentation":"The service provider that manages the volume.
", + "locationName":"operator" + }, + "CreateTime":{ + "shape":"DateTime", + "documentation":"The time stamp when volume creation was initiated.
", + "locationName":"createTime" + }, + "RecycleBinEnterTime":{ + "shape":"MillisecondDateTime", + "documentation":"The date and time when the volume entered the Recycle Bin.
", + "locationName":"recycleBinEnterTime" + }, + "RecycleBinExitTime":{ + "shape":"MillisecondDateTime", + "documentation":"The date and time when the volume is to be permanently deleted from the Recycle Bin.
", + "locationName":"recycleBinExitTime" + } + }, + "documentation":"Information about a volume that is currently in the Recycle Bin.
" + }, + "VolumeRecycleBinInfoList":{ + "type":"list", + "member":{ + "shape":"VolumeRecycleBinInfo", + "locationName":"item" + } + }, "VolumeState":{ "type":"string", "enum":[ @@ -71049,46 +73475,100 @@ "members":{ "VpcId":{ "shape":"VpcId", + "documentation":"The ID of the VPC associated with the encryption control configuration.
", "locationName":"vpcId" }, "VpcEncryptionControlId":{ "shape":"VpcEncryptionControlId", + "documentation":"The ID of the VPC Encryption Control configuration.
", "locationName":"vpcEncryptionControlId" }, "Mode":{ "shape":"VpcEncryptionControlMode", + "documentation":"The encryption mode for the VPC Encryption Control configuration.
", "locationName":"mode" }, "State":{ "shape":"VpcEncryptionControlState", + "documentation":"The current state of the VPC Encryption Control configuration.
", "locationName":"state" }, "StateMessage":{ "shape":"String", + "documentation":"A message providing additional information about the encryption control state.
", "locationName":"stateMessage" }, "ResourceExclusions":{ "shape":"VpcEncryptionControlExclusions", + "documentation":"Information about resource exclusions for the VPC Encryption Control configuration.
", "locationName":"resourceExclusions" }, "Tags":{ "shape":"TagList", + "documentation":"The tags assigned to the VPC Encryption Control configuration.
", "locationName":"tagSet" } - } + }, + "documentation":"Describes the configuration and state of VPC encryption controls.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, + "VpcEncryptionControlConfiguration":{ + "type":"structure", + "required":["Mode"], + "members":{ + "Mode":{ + "shape":"VpcEncryptionControlMode", + "documentation":"The encryption mode for the VPC Encryption Control configuration.
" + }, + "InternetGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude internet gateway traffic from encryption enforcement.
" + }, + "EgressOnlyInternetGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude egress-only internet gateway traffic from encryption enforcement.
" + }, + "NatGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude NAT gateway traffic from encryption enforcement.
" + }, + "VirtualPrivateGatewayExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude virtual private gateway traffic from encryption enforcement.
" + }, + "VpcPeeringExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude VPC peering connection traffic from encryption enforcement.
" + }, + "LambdaExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude Lambda function traffic from encryption enforcement.
" + }, + "VpcLatticeExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude VPC Lattice traffic from encryption enforcement.
" + }, + "ElasticFileSystemExclusion":{ + "shape":"VpcEncryptionControlExclusionStateInput", + "documentation":"Specifies whether to exclude Elastic File System traffic from encryption enforcement.
" + } + }, + "documentation":"Describes the configuration settings for VPC Encryption Control.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" }, "VpcEncryptionControlExclusion":{ "type":"structure", "members":{ "State":{ "shape":"VpcEncryptionControlExclusionState", + "documentation":"The current state of the exclusion configuration.
", "locationName":"state" }, "StateMessage":{ "shape":"String", + "documentation":"A message providing additional information about the exclusion state.
", "locationName":"stateMessage" } - } + }, + "documentation":"Describes an exclusion configuration for VPC Encryption Control.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" }, "VpcEncryptionControlExclusionState":{ "type":"string", @@ -71099,44 +73579,74 @@ "disabled" ] }, + "VpcEncryptionControlExclusionStateInput":{ + "type":"string", + "enum":[ + "enable", + "disable" + ] + }, "VpcEncryptionControlExclusions":{ "type":"structure", "members":{ "InternetGateway":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for internet gateway traffic.
", "locationName":"internetGateway" }, "EgressOnlyInternetGateway":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for egress-only internet gateway traffic.
", "locationName":"egressOnlyInternetGateway" }, "NatGateway":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for NAT gateway traffic.
", "locationName":"natGateway" }, "VirtualPrivateGateway":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for virtual private gateway traffic.
", "locationName":"virtualPrivateGateway" }, "VpcPeering":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for VPC peering connection traffic.
", "locationName":"vpcPeering" }, "Lambda":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for Lambda function traffic.
", "locationName":"lambda" }, "VpcLattice":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for VPC Lattice traffic.
", "locationName":"vpcLattice" }, "ElasticFileSystem":{ "shape":"VpcEncryptionControlExclusion", + "documentation":"The exclusion configuration for Elastic File System traffic.
", "locationName":"elasticFileSystem" } - } + }, + "documentation":"Describes the exclusion configurations for various resource types in VPC Encryption Control.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" }, "VpcEncryptionControlId":{"type":"string"}, + "VpcEncryptionControlIdList":{ + "type":"list", + "member":{ + "shape":"VpcEncryptionControlId", + "locationName":"item" + } + }, + "VpcEncryptionControlList":{ + "type":"list", + "member":{ + "shape":"VpcEncryptionControl", + "locationName":"item" + } + }, "VpcEncryptionControlMode":{ "type":"string", "enum":[ @@ -71158,6 +73668,39 @@ "delete-failed" ] }, + "VpcEncryptionNonCompliantResource":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"String", + "documentation":"The ID of the non-compliant resource.
", + "locationName":"id" + }, + "Type":{ + "shape":"String", + "documentation":"The type of the non-compliant resource.
", + "locationName":"type" + }, + "Description":{ + "shape":"String", + "documentation":"A description of the non-compliant resource.
", + "locationName":"description" + }, + "IsExcludable":{ + "shape":"Boolean", + "documentation":"Indicates whether the resource can be excluded from encryption enforcement.
", + "locationName":"isExcludable" + } + }, + "documentation":"Describes a resource that is not compliant with VPC encryption requirements.
For more information, see Enforce VPC encryption in transit in the Amazon VPC User Guide.
" + }, + "VpcEncryptionNonCompliantResourceList":{ + "type":"list", + "member":{ + "shape":"VpcEncryptionNonCompliantResource", + "locationName":"item" + } + }, "VpcEndpoint":{ "type":"structure", "members":{ @@ -71708,6 +74251,61 @@ "type":"string", "enum":["default"] }, + "VpnConcentrator":{ + "type":"structure", + "members":{ + "VpnConcentratorId":{ + "shape":"String", + "documentation":"The ID of the VPN concentrator.
", + "locationName":"vpnConcentratorId" + }, + "State":{ + "shape":"String", + "documentation":"The current state of the VPN concentrator.
", + "locationName":"state" + }, + "TransitGatewayId":{ + "shape":"String", + "documentation":"The ID of the transit gateway associated with the VPN concentrator.
", + "locationName":"transitGatewayId" + }, + "TransitGatewayAttachmentId":{ + "shape":"String", + "documentation":"The ID of the transit gateway attachment for the VPN concentrator.
", + "locationName":"transitGatewayAttachmentId" + }, + "Type":{ + "shape":"String", + "documentation":"The type of VPN concentrator.
", + "locationName":"type" + }, + "Tags":{ + "shape":"TagList", + "documentation":"Any tags assigned to the VPN concentrator.
", + "locationName":"tagSet" + } + }, + "documentation":"Describes a VPN concentrator.
" + }, + "VpnConcentratorId":{"type":"string"}, + "VpnConcentratorIdStringList":{ + "type":"list", + "member":{ + "shape":"VpnConcentratorId", + "locationName":"VpnConcentratorId" + } + }, + "VpnConcentratorList":{ + "type":"list", + "member":{ + "shape":"VpnConcentrator", + "locationName":"item" + } + }, + "VpnConcentratorType":{ + "type":"string", + "enum":["ipsec.1"] + }, "VpnConnection":{ "type":"structure", "members":{ @@ -71721,6 +74319,11 @@ "documentation":"The ID of the transit gateway associated with the VPN connection.
", "locationName":"transitGatewayId" }, + "VpnConcentratorId":{ + "shape":"String", + "documentation":"The ID of the VPN concentrator associated with the VPN connection.
", + "locationName":"vpnConcentratorId" + }, "CoreNetworkArn":{ "shape":"String", "documentation":"The ARN of the core network.
", diff --git a/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json b/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json index 7748ad4a45ef..3594031049dd 100644 --- a/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json +++ b/awscli/botocore/data/ecr/2015-09-21/endpoint-rule-set-1.json @@ -1,12 +1,6 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "string" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, @@ -26,6 +20,12 @@ "required": false, "documentation": "Override the endpoint used to send this request", "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,202 +57,201 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ { - "ref": "UseDualStack" - }, - true - ] + "ref": "Region" + } + ], + "assign": "PartitionResult" } ], "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], - "rules": [ + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [ + "fn": "stringEquals", + "argv": [ { - "fn": "stringEquals", + "fn": "getAttr", "argv": [ - "aws", { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } + "ref": "PartitionResult" + }, + "name" ] - } - ], - "endpoint": { - "url": "https://ecr-fips.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + }, + "aws" + ] }, { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "stringEquals", - "argv": [ - "aws-us-gov", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] - } - ], - "endpoint": { - "url": "https://ecr-fips.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "ref": "UseFIPS" + }, + true + ] }, { - "conditions": [], - "endpoint": { - "url": "https://api.ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - } - ], - "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ { "fn": "getAttr", @@ -260,230 +259,1462 @@ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, true ] } ], - "rules": [ + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ { - "conditions": [ + "fn": "stringEquals", + "argv": [ { - "fn": "stringEquals", + "fn": "getAttr", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] + "ref": "PartitionResult" }, - "aws" + "name" ] - } - ], - "endpoint": { - "url": "https://ecr-fips.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + }, + "aws-us-gov" + ] }, { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "stringEquals", - "argv": [ - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - }, - "aws-us-gov" - ] - } - ], - "endpoint": { - "url": "https://ecr-fips.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "ref": "UseFIPS" + }, + false + ] }, { - "conditions": [], - "endpoint": { - "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } ], - "type": "tree" + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-us-gov" ] - } - ], - "rules": [ + }, { - "conditions": [ + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-e" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-e" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-e" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-e" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsDualStack" ] } ] } ], - "endpoint": { - "url": "https://ecr.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-cn", { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] - } + }, + true ] } ], - "endpoint": { - "url": "https://ecr.{Region}.api.amazonwebservices.com.cn", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://api.ecr-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-us-gov", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsDualStack" ] } ] } ], - "endpoint": { - "url": "https://ecr.{Region}.api.aws", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" }, { "conditions": [], - "endpoint": { - "url": "https://api.ecr.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://api.ecr.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff --git a/awscli/botocore/data/ecr/2015-09-21/service-2.json b/awscli/botocore/data/ecr/2015-09-21/service-2.json index f26e37ad5d2a..40ea39bc36bf 100644 --- a/awscli/botocore/data/ecr/2015-09-21/service-2.json +++ b/awscli/botocore/data/ecr/2015-09-21/service-2.json @@ -255,6 +255,38 @@ ], "documentation":"Deletes the repository policy associated with the specified repository.
" }, + "DeleteSigningConfiguration":{ + "name":"DeleteSigningConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteSigningConfigurationRequest"}, + "output":{"shape":"DeleteSigningConfigurationResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"ValidationException"}, + {"shape":"SigningConfigurationNotFoundException"} + ], + "documentation":"Deletes the registry's signing configuration. Images pushed after deletion of the signing configuration will no longer be automatically signed.
For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.
Deleting the signing configuration does not affect existing image signatures.
Removes a principal from the pull time update exclusion list for a registry. Once removed, Amazon ECR will resume updating the pull time if the specified principal pulls an image.
" + }, "DescribeImageReplicationStatus":{ "name":"DescribeImageReplicationStatus", "http":{ @@ -290,6 +322,23 @@ ], "documentation":"Returns the scan findings for the specified image.
" }, + "DescribeImageSigningStatus":{ + "name":"DescribeImageSigningStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeImageSigningStatusRequest"}, + "output":{"shape":"DescribeImageSigningStatusResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ValidationException"}, + {"shape":"ImageNotFoundException"}, + {"shape":"RepositoryNotFoundException"} + ], + "documentation":"Returns the signing status for a specified image. If the image matched signing rules that reference different signing profiles, a status is returned for each profile.
For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.
" + }, "DescribeImages":{ "name":"DescribeImages", "http":{ @@ -495,6 +544,22 @@ ], "documentation":"Retrieves the repository policy for the specified repository.
" }, + "GetSigningConfiguration":{ + "name":"GetSigningConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetSigningConfigurationRequest"}, + "output":{"shape":"GetSigningConfigurationResponse"}, + "errors":[ + {"shape":"ServerException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ValidationException"}, + {"shape":"SigningConfigurationNotFoundException"} + ], + "documentation":"Retrieves the registry's signing configuration, which defines rules for automatically signing images using Amazon Web Services Signer.
For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.
" + }, "InitiateLayerUpload":{ "name":"InitiateLayerUpload", "http":{ @@ -511,6 +576,22 @@ ], "documentation":"Notifies Amazon ECR that you intend to upload an image layer.
When an image is pushed, the InitiateLayerUpload API is called once per image layer that has not already been uploaded. Whether or not an image layer has been uploaded is determined by the BatchCheckLayerAvailability API action.
This operation is used by the Amazon ECR proxy and is not generally used by customers for pulling and pushing images. In most cases, you should use the docker CLI to pull, tag, and push images.
Lists the artifacts associated with a specified subject image.
" + }, "ListImages":{ "name":"ListImages", "http":{ @@ -526,6 +607,22 @@ ], "documentation":"Lists all the image IDs for the specified repository.
You can filter images based on whether or not they are tagged by using the tagStatus filter and specifying either TAGGED, UNTAGGED or ANY. For example, you can filter your results to return only UNTAGGED images and then pipe that result to a BatchDeleteImage operation to delete them. Or, you can filter your results to return only TAGGED images to list all of the tags in your repository.
Lists the IAM principals that are excluded from having their image pull times recorded.
" + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -652,7 +749,8 @@ "errors":[ {"shape":"ServerException"}, {"shape":"InvalidParameterException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"BlockedByOrganizationPolicyException"} ], "documentation":"Creates or updates the scanning configuration for your private registry.
" }, @@ -671,6 +769,38 @@ ], "documentation":"Creates or updates the replication configuration for a registry. The existing replication configuration for a repository can be retrieved with the DescribeRegistry API action. The first time the PutReplicationConfiguration API is called, a service-linked IAM role is created in your account for the replication process. For more information, see Using service-linked roles for Amazon ECR in the Amazon Elastic Container Registry User Guide. For more information on the custom role for replication, see Creating an IAM role for replication.
When configuring cross-account replication, the destination account must grant the source account permission to replicate. This permission is controlled using a registry permissions policy. For more information, see PutRegistryPolicy.
Creates or updates the registry's signing configuration, which defines rules for automatically signing images with Amazon Web Services Signer.
For more information, see Managed signing in the Amazon Elastic Container Registry User Guide.
To successfully generate a signature, the IAM principal pushing images must have permission to sign payloads with the Amazon Web Services Signer signing profile referenced in the signing configuration.
Adds an IAM principal to the pull time update exclusion list for a registry. Amazon ECR will not record the pull time if an excluded principal pulls an image.
" + }, "SetRepositoryPolicy":{ "name":"SetRepositoryPolicy", "http":{ @@ -701,7 +831,8 @@ {"shape":"LimitExceededException"}, {"shape":"RepositoryNotFoundException"}, {"shape":"ImageNotFoundException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ImageArchivedException"} ], "documentation":"Starts a basic image vulnerability scan.
A basic image scan can only be started once per 24 hours on an individual image. This limit includes if an image was scanned on initial push. You can start up to 100,000 basic scans per 24 hours. This limit includes both scans on initial push and scans initiated by the StartImageScan API. For more information, see Basic scanning in the Amazon Elastic Container Registry User Guide.
" }, @@ -757,6 +888,24 @@ ], "documentation":"Deletes specified tags from a resource.
" }, + "UpdateImageStorageClass":{ + "name":"UpdateImageStorageClass", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateImageStorageClassRequest"}, + "output":{"shape":"UpdateImageStorageClassResponse"}, + "errors":[ + {"shape":"InvalidParameterException"}, + {"shape":"ImageNotFoundException"}, + {"shape":"ImageStorageClassUpdateNotSupportedException"}, + {"shape":"RepositoryNotFoundException"}, + {"shape":"ServerException"}, + {"shape":"ValidationException"} + ], + "documentation":"Transitions an image between storage classes. You can transition images from Amazon ECR standard storage class to Amazon ECR archival storage class for long-term storage, or restore archived images back to Amazon ECR standard.
" + }, "UpdatePullThroughCacheRule":{ "name":"UpdatePullThroughCacheRule", "http":{ @@ -835,8 +984,41 @@ "min":1 }, "AccountSettingValue":{"type":"string"}, + "Annotations":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"} + }, "Arch":{"type":"string"}, "Arn":{"type":"string"}, + "ArtifactStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "ARCHIVED", + "ACTIVATING" + ] + }, + "ArtifactStatusFilter":{ + "type":"string", + "enum":[ + "ACTIVE", + "ARCHIVED", + "ACTIVATING", + "ANY" + ] + }, + "ArtifactType":{ + "type":"string", + "max":255, + "min":1 + }, + "ArtifactTypeList":{ + "type":"list", + "member":{"shape":"ArtifactType"}, + "max":1, + "min":0 + }, "Attribute":{ "type":"structure", "required":["key"], @@ -1083,6 +1265,14 @@ "max":100, "min":1 }, + "BlockedByOrganizationPolicyException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"The operation did not succeed because the account is managed by a organization policy.
", + "exception":true + }, "CompleteLayerUploadRequest":{ "type":"structure", "required":[ @@ -1233,7 +1423,7 @@ }, "imageTagMutabilityExclusionFilters":{ "shape":"ImageTagMutabilityExclusionFilters", - "documentation":"Creates a repository creation template with a list of filters that define which image tags can override the default image tag mutability setting.
" + "documentation":"A list of filters that specify which image tags should be excluded from the repository creation template's image tag mutability setting.
" }, "repositoryPolicy":{ "shape":"RepositoryPolicyText", @@ -1288,11 +1478,11 @@ }, "imageTagMutabilityExclusionFilters":{ "shape":"ImageTagMutabilityExclusionFilters", - "documentation":"Creates a repository with a list of filters that define which image tags can override the default image tag mutability setting.
" + "documentation":"A list of filters that specify which image tags should be excluded from the repository's image tag mutability setting.
" }, "imageScanningConfiguration":{ "shape":"ImageScanningConfiguration", - "documentation":"The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
" + "documentation":"The imageScanningConfiguration parameter is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see PutRegistryScanningConfiguration.
The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.
" }, "encryptionConfiguration":{ "shape":"EncryptionConfiguration", @@ -1314,7 +1504,7 @@ "type":"string", "max":612, "min":50, - "pattern":"^arn:aws:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\\-pullthroughcache\\/[a-zA-Z0-9\\/_+=.@-]+$" + "pattern":"^arn:aws(-\\w+)*:secretsmanager:[a-zA-Z0-9-:]+:secret:ecr\\-pullthroughcache\\/[a-zA-Z0-9\\/_+=.@-]+$" }, "CustomRoleArn":{ "type":"string", @@ -1571,6 +1761,42 @@ } } }, + "DeleteSigningConfigurationRequest":{ + "type":"structure", + "members":{} + }, + "DeleteSigningConfigurationResponse":{ + "type":"structure", + "members":{ + "registryId":{ + "shape":"RegistryId", + "documentation":"The Amazon Web Services account ID associated with the registry.
" + }, + "signingConfiguration":{ + "shape":"SigningConfiguration", + "documentation":"The registry's deleted signing configuration.
" + } + } + }, + "DeregisterPullTimeUpdateExclusionRequest":{ + "type":"structure", + "required":["principalArn"], + "members":{ + "principalArn":{ + "shape":"PrincipalArn", + "documentation":"The ARN of the IAM principal to remove from the pull time update exclusion list.
" + } + } + }, + "DeregisterPullTimeUpdateExclusionResponse":{ + "type":"structure", + "members":{ + "principalArn":{ + "shape":"PrincipalArn", + "documentation":"The ARN of the IAM principal that was removed from the pull time update exclusion list.
" + } + } + }, "DescribeImageReplicationStatusRequest":{ "type":"structure", "required":[ @@ -1655,12 +1881,58 @@ } } }, + "DescribeImageSigningStatusRequest":{ + "type":"structure", + "required":[ + "repositoryName", + "imageId" + ], + "members":{ + "repositoryName":{ + "shape":"RepositoryName", + "documentation":"The name of the repository that contains the image.
" + }, + "imageId":{ + "shape":"ImageIdentifier", + "documentation":"An object containing identifying information for an image.
" + }, + "registryId":{ + "shape":"RegistryId", + "documentation":"The Amazon Web Services account ID associated with the registry that contains the repository. If you do not specify a registry, the default registry is assumed.
" + } + } + }, + "DescribeImageSigningStatusResponse":{ + "type":"structure", + "members":{ + "repositoryName":{ + "shape":"RepositoryName", + "documentation":"The name of the repository.
" + }, + "imageId":{ + "shape":"ImageIdentifier", + "documentation":"An object with identifying information for the image.
" + }, + "registryId":{ + "shape":"RegistryId", + "documentation":"The Amazon Web Services account ID associated with the registry.
" + }, + "signingStatuses":{ + "shape":"ImageSigningStatusList", + "documentation":"A list of signing statuses for the specified image. Each status corresponds to a signing profile.
" + } + } + }, "DescribeImagesFilter":{ "type":"structure", "members":{ "tagStatus":{ "shape":"TagStatus", "documentation":"The tag status with which to filter your DescribeImages results. You can filter results based on whether they are TAGGED or UNTAGGED.
The image status with which to filter your DescribeImages results. Valid values are ACTIVE, ARCHIVED, and ACTIVATING.
An object representing a filter on a DescribeImages operation.
" @@ -1957,8 +2229,29 @@ "Epoch":{"type":"integer"}, "EvaluationTimestamp":{"type":"timestamp"}, "ExceptionMessage":{"type":"string"}, + "ExclusionAlreadyExistsException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"The specified pull time update exclusion already exists for the registry.
", + "exception":true + }, + "ExclusionNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"The specified pull time update exclusion was not found.
", + "exception":true + }, "ExpirationTimestamp":{"type":"timestamp"}, "ExploitAvailable":{"type":"string"}, + "FiftyMaxResults":{ + "type":"integer", + "max":50, + "min":1 + }, "FilePath":{"type":"string"}, "FindingArn":{"type":"string"}, "FindingDescription":{"type":"string"}, @@ -2228,6 +2521,23 @@ } } }, + "GetSigningConfigurationRequest":{ + "type":"structure", + "members":{} + }, + "GetSigningConfigurationResponse":{ + "type":"structure", + "members":{ + "registryId":{ + "shape":"RegistryId", + "documentation":"The Amazon Web Services account ID associated with the registry.
" + }, + "signingConfiguration":{ + "shape":"SigningConfiguration", + "documentation":"The registry's signing configuration.
" + } + } + }, "Image":{ "type":"structure", "members":{ @@ -2256,7 +2566,10 @@ }, "ImageActionType":{ "type":"string", - "enum":["EXPIRE"] + "enum":[ + "EXPIRE", + "TRANSITION" + ] }, "ImageAlreadyExistsException":{ "type":"structure", @@ -2269,6 +2582,14 @@ "documentation":"The specified image has already been pushed, and there were no changes to the manifest or image tag after the last push.
", "exception":true }, + "ImageArchivedException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"The specified image is archived and cannot be scanned.
", + "exception":true + }, "ImageCount":{ "type":"integer", "min":0 @@ -2319,6 +2640,22 @@ "lastRecordedPullTime":{ "shape":"RecordedPullTimestamp", "documentation":"The date and time, expressed in standard JavaScript date format, when Amazon ECR recorded the last image pull.
Amazon ECR refreshes the last image pull timestamp at least once every 24 hours. For example, if you pull an image once a day then the lastRecordedPullTime timestamp will indicate the exact time that the image was last pulled. However, if you pull an image once an hour, because Amazon ECR refreshes the lastRecordedPullTime timestamp at least once every 24 hours, the result may not be the exact time that the image was last pulled.
The digest of the subject manifest for images that are referrers.
" + }, + "imageStatus":{ + "shape":"ImageStatus", + "documentation":"The current status of the image.
" + }, + "lastArchivedAt":{ + "shape":"LastArchivedAtTimestamp", + "documentation":"The date and time, expressed in standard JavaScript date format, when the image was last transitioned to Amazon ECR archive.
" + }, + "lastActivatedAt":{ + "shape":"LastActivatedAtTimestamp", + "documentation":"The date and time, expressed in standard JavaScript date format, when the image was last restored from Amazon ECR archive to Amazon ECR standard.
" } }, "documentation":"An object that describes an image returned by a DescribeImages operation.
" @@ -2366,7 +2703,8 @@ "KmsError", "UpstreamAccessDenied", "UpstreamTooManyRequests", - "UpstreamUnavailable" + "UpstreamUnavailable", + "ImageInaccessible" ] }, "ImageFailureList":{ @@ -2411,6 +2749,45 @@ "documentation":"The image requested does not exist in the specified repository.
", "exception":true }, + "ImageReferrer":{ + "type":"structure", + "required":[ + "digest", + "mediaType", + "size" + ], + "members":{ + "digest":{ + "shape":"ImageDigest", + "documentation":"The digest of the artifact manifest.
" + }, + "mediaType":{ + "shape":"MediaType", + "documentation":"The media type of the artifact manifest.
" + }, + "artifactType":{ + "shape":"ArtifactType", + "documentation":"A string identifying the type of artifact.
" + }, + "size":{ + "shape":"ImageSizeInBytes", + "documentation":"The size, in bytes, of the artifact.
" + }, + "annotations":{ + "shape":"Annotations", + "documentation":"A map of annotations associated with the artifact.
" + }, + "artifactStatus":{ + "shape":"ArtifactStatus", + "documentation":"The status of the artifact. Valid values are ACTIVE, ARCHIVED, or ACTIVATING.
An object representing an artifact associated with a subject image.
" + }, + "ImageReferrerList":{ + "type":"list", + "member":{"shape":"ImageReferrer"} + }, "ImageReplicationStatus":{ "type":"structure", "members":{ @@ -2535,7 +2912,58 @@ }, "documentation":"The image scanning configuration for a repository.
" }, + "ImageSigningStatus":{ + "type":"structure", + "members":{ + "signingProfileArn":{ + "shape":"SigningProfileArn", + "documentation":"The ARN of the Amazon Web Services Signer signing profile used to sign the image.
" + }, + "failureCode":{ + "shape":"SigningStatusFailureCode", + "documentation":"The failure code, which is only present if status is FAILED.
A description of why signing the image failed. This field is only present if status is FAILED.
The image's signing status. Possible values are:
IN_PROGRESS - Signing is currently in progress.
COMPLETE - The signature was successfully generated.
FAILED - Signing failed. See failureCode and failureReason for details.
The signing status for an image. Each status corresponds to a signing profile.
" + }, + "ImageSigningStatusList":{ + "type":"list", + "member":{"shape":"ImageSigningStatus"} + }, "ImageSizeInBytes":{"type":"long"}, + "ImageStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "ARCHIVED", + "ACTIVATING" + ] + }, + "ImageStatusFilter":{ + "type":"string", + "enum":[ + "ACTIVE", + "ARCHIVED", + "ACTIVATING", + "ANY" + ] + }, + "ImageStorageClassUpdateNotSupportedException":{ + "type":"structure", + "members":{ + "message":{"shape":"ExceptionMessage"} + }, + "documentation":"The requested image storage class update is not supported.
", + "exception":true + }, "ImageTag":{ "type":"string", "max":300, @@ -2571,14 +2999,14 @@ "members":{ "filterType":{ "shape":"ImageTagMutabilityExclusionFilterType", - "documentation":"Specifies the type of filter to use for excluding image tags from the repository's mutability setting.
" + "documentation":"The type of filter to apply for excluding image tags from mutability settings.
" }, "filter":{ "shape":"ImageTagMutabilityExclusionFilterValue", - "documentation":"The value to use when filtering image tags. Must be either a regular expression pattern or a tag prefix value based on the specified filter type.
" + "documentation":"The filter value used to match image tags for exclusion from mutability settings.
" } }, - "documentation":"Overrides the default image tag mutability setting of the repository for image tags that match the specified filters.
" + "documentation":"A filter that specifies which image tags should be excluded from the repository's image tag mutability setting.
" }, "ImageTagMutabilityExclusionFilterType":{ "type":"string", @@ -2713,6 +3141,8 @@ "min":0, "pattern":"^$|arn:aws:kms:[a-z0-9-]+:[0-9]{12}:key\\/[a-z0-9-]+" }, + "LastActivatedAtTimestamp":{"type":"timestamp"}, + "LastArchivedAtTimestamp":{"type":"timestamp"}, "Layer":{ "type":"structure", "members":{ @@ -2750,7 +3180,8 @@ "type":"string", "enum":[ "AVAILABLE", - "UNAVAILABLE" + "UNAVAILABLE", + "ARCHIVED" ] }, "LayerDigest":{ @@ -2892,6 +3323,10 @@ "appliedRulePriority":{ "shape":"LifecyclePolicyRulePriority", "documentation":"The priority of the applied rule.
" + }, + "storageClass":{ + "shape":"LifecyclePolicyStorageClass", + "documentation":"The storage class of the image.
" } }, "documentation":"The result of the lifecycle policy preview.
" @@ -2915,6 +3350,10 @@ "expiringImageTotalCount":{ "shape":"ImageCount", "documentation":"The number of expiring images.
" + }, + "transitioningImageTotalCounts":{ + "shape":"TransitioningImageTotalCounts", + "documentation":"The total count of images that will be transitioned to each storage class. This field is only present if at least one image will be transitoned in the summary.
" } }, "documentation":"The summary of the lifecycle policy preview request.
" @@ -2925,6 +3364,10 @@ "type":{ "shape":"ImageActionType", "documentation":"The type of action to be taken.
" + }, + "targetStorageClass":{ + "shape":"LifecyclePolicyTargetStorageClass", + "documentation":"The target storage class for the action. This is only present when the type is TRANSITION.
The type of action to be taken.
" @@ -2933,6 +3376,17 @@ "type":"integer", "min":1 }, + "LifecyclePolicyStorageClass":{ + "type":"string", + "enum":[ + "ARCHIVE", + "STANDARD" + ] + }, + "LifecyclePolicyTargetStorageClass":{ + "type":"string", + "enum":["ARCHIVE"] + }, "LifecyclePolicyText":{ "type":"string", "max":30720, @@ -2959,12 +3413,76 @@ "documentation":"The operation did not succeed because it would have exceeded a service limit for your account. For more information, see Amazon ECR service quotas in the Amazon Elastic Container Registry User Guide.
", "exception":true }, + "ListImageReferrersFilter":{ + "type":"structure", + "members":{ + "artifactTypes":{ + "shape":"ArtifactTypeList", + "documentation":"The artifact types with which to filter your ListImageReferrers results.
" + }, + "artifactStatus":{ + "shape":"ArtifactStatusFilter", + "documentation":"The artifact status with which to filter your ListImageReferrers results. Valid values are ACTIVE, ARCHIVED, ACTIVATING, or ANY. If not specified, only artifacts with ACTIVE status are returned.
An object representing a filter on a ListImageReferrers operation.
" + }, + "ListImageReferrersRequest":{ + "type":"structure", + "required":[ + "repositoryName", + "subjectId" + ], + "members":{ + "registryId":{ + "shape":"RegistryId", + "documentation":"The Amazon Web Services account ID associated with the registry that contains the repository in which to list image referrers. If you do not specify a registry, the default registry is assumed.
" + }, + "repositoryName":{ + "shape":"RepositoryName", + "documentation":"The name of the repository that contains the subject image.
" + }, + "subjectId":{ + "shape":"SubjectIdentifier", + "documentation":"An object containing the image digest of the subject image for which to retrieve associated artifacts.
" + }, + "filter":{ + "shape":"ListImageReferrersFilter", + "documentation":"The filter key and value with which to filter your ListImageReferrers results. If no filter is specified, only artifacts with ACTIVE status are returned.
The nextToken value returned from a previous paginated ListImageReferrers request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The maximum number of image referrer results returned by ListImageReferrers in paginated output. When this parameter is used, ListImageReferrers only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListImageReferrers request with the returned nextToken value. This value can be between 1 and 50. If this parameter is not used, then ListImageReferrers returns up to 50 results and a nextToken value, if applicable.
The list of artifacts associated with the subject image.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The nextToken value to include in a future ListImageReferrers request. When the results of a ListImageReferrers request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The tag status with which to filter your ListImages results. You can filter results based on whether they are TAGGED or UNTAGGED.
The tag status with which to filter your ListImages results.
" + }, + "imageStatus":{ + "shape":"ImageStatusFilter", + "documentation":"The image status with which to filter your ListImages results. Valid values are ACTIVE, ARCHIVED, and ACTIVATING.
An object representing a filter on a ListImages operation.
" @@ -3008,6 +3526,32 @@ } } }, + "ListPullTimeUpdateExclusionsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of pull time update exclusion results returned by ListPullTimeUpdateExclusions in paginated output. When this parameter is used, ListPullTimeUpdateExclusions only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListPullTimeUpdateExclusions request with the returned nextToken value. This value can be between 1 and 1000. If this parameter is not used, then ListPullTimeUpdateExclusions returns up to 100 results and a nextToken value, if applicable.
The nextToken value returned from a previous paginated ListPullTimeUpdateExclusions request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value. This value is null when there are no more results to return.
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The list of IAM principal ARNs that are excluded from having their image pull times recorded.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"The nextToken value to include in a future ListPullTimeUpdateExclusions request. When the results of a ListPullTimeUpdateExclusions request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The tag to associate with the image. This parameter is required for images that use the Docker Image Manifest V2 Schema 2 or Open Container Initiative (OCI) formats.
" + "documentation":"The tag to associate with the image. This parameter is optional.
" }, "imageDigest":{ "shape":"ImageDigest", @@ -3311,7 +3866,7 @@ }, "imageTagMutabilityExclusionFilters":{ "shape":"ImageTagMutabilityExclusionFilters", - "documentation":"Creates or updates a repository with filters that define which image tags can override the default image tag mutability setting.
" + "documentation":"A list of filters that specify which image tags should be excluded from the image tag mutability setting being applied.
" } } }, @@ -3332,7 +3887,7 @@ }, "imageTagMutabilityExclusionFilters":{ "shape":"ImageTagMutabilityExclusionFilters", - "documentation":"Returns a list of filters that were defined for a repository. These filters determine which image tags can override the default image tag mutability setting of the repository.
" + "documentation":"The list of filters that specify which image tags are excluded from the repository's image tag mutability setting.
" } } }, @@ -3438,6 +3993,25 @@ } } }, + "PutSigningConfigurationRequest":{ + "type":"structure", + "required":["signingConfiguration"], + "members":{ + "signingConfiguration":{ + "shape":"SigningConfiguration", + "documentation":"The signing configuration to assign to the registry.
" + } + } + }, + "PutSigningConfigurationResponse":{ + "type":"structure", + "members":{ + "signingConfiguration":{ + "shape":"SigningConfiguration", + "documentation":"The registry's updated signing configuration.
" + } + } + }, "RCTAppliedFor":{ "type":"string", "enum":[ @@ -3484,6 +4058,29 @@ "min":2, "pattern":"[0-9a-z-]{2,25}" }, + "RegisterPullTimeUpdateExclusionRequest":{ + "type":"structure", + "required":["principalArn"], + "members":{ + "principalArn":{ + "shape":"PrincipalArn", + "documentation":"The ARN of the IAM principal to exclude from having image pull times recorded.
" + } + } + }, + "RegisterPullTimeUpdateExclusionResponse":{ + "type":"structure", + "members":{ + "principalArn":{ + "shape":"PrincipalArn", + "documentation":"The ARN of the IAM principal that was added to the pull time update exclusion list.
" + }, + "createdAt":{ + "shape":"CreationTimestamp", + "documentation":"The date and time, expressed in standard JavaScript date format, when the exclusion was created.
" + } + } + }, "RegistryId":{ "type":"string", "pattern":"[0-9]{12}" @@ -3649,7 +4246,7 @@ }, "imageTagMutabilityExclusionFilters":{ "shape":"ImageTagMutabilityExclusionFilters", - "documentation":"The image tag mutability exclusion filters associated with the repository. These filters specify which image tags can override the repository's default image tag mutability setting.
" + "documentation":"A list of filters that specify which image tags are excluded from the repository's image tag mutability setting.
" }, "imageScanningConfiguration":{"shape":"ImageScanningConfiguration"}, "encryptionConfiguration":{ @@ -3695,7 +4292,7 @@ }, "imageTagMutabilityExclusionFilters":{ "shape":"ImageTagMutabilityExclusionFilters", - "documentation":"Defines the image tag mutability exclusion filters to apply when creating repositories from this template. These filters specify which image tags can override the repository's default image tag mutability setting.
" + "documentation":"A list of filters that specify which image tags are excluded from the repository creation template's image tag mutability setting.
" }, "repositoryPolicy":{ "shape":"RepositoryPolicyText", @@ -3937,7 +4534,8 @@ "PENDING", "SCAN_ELIGIBILITY_EXPIRED", "FINDINGS_UNAVAILABLE", - "LIMIT_EXCEEDED" + "LIMIT_EXCEEDED", + "IMAGE_ARCHIVED" ] }, "ScanStatusDescription":{"type":"string"}, @@ -4073,6 +4671,101 @@ "type":"integer", "min":0 }, + "SigningConfiguration":{ + "type":"structure", + "required":["rules"], + "members":{ + "rules":{ + "shape":"SigningRuleList", + "documentation":"A list of signing rules. Each rule defines a signing profile and optional repository filters that determine which images are automatically signed. Maximum of 10 rules.
" + } + }, + "documentation":"The signing configuration for a registry, which specifies rules for automatically signing images when pushed.
" + }, + "SigningConfigurationNotFoundException":{ + "type":"structure", + "members":{ + "message":{ + "shape":"ExceptionMessage", + "documentation":"The error message associated with the exception.
" + } + }, + "documentation":"The specified signing configuration was not found. This occurs when attempting to retrieve or delete a signing configuration that does not exist.
", + "exception":true + }, + "SigningProfileArn":{ + "type":"string", + "documentation":"The Amazon Resource Name (ARN) of an Amazon Web Services Signer signing profile. The ARN contains the arn:aws:signer namespace, followed by the region, Amazon Web Services account ID, and signing profile resource path. For example, arn:aws:signer:region:012345678910:/signing-profiles/profile-name.
The filter value used to match repository names. When using WILDCARD_MATCH, the * character matches any sequence of characters.
Examples:
myapp/* - Matches all repositories starting with myapp/
*/production - Matches all repositories ending with /production
*prod* - Matches all repositories containing prod
The type of filter to apply. Currently, only WILDCARD_MATCH is supported, which uses wildcard patterns to match repository names.
A repository filter used to determine which repositories have their images automatically signed on push. Each filter consists of a filter type and filter value.
" + }, + "SigningRepositoryFilterList":{ + "type":"list", + "member":{"shape":"SigningRepositoryFilter"}, + "max":100, + "min":1 + }, + "SigningRepositoryFilterType":{ + "type":"string", + "documentation":"The type of filter to use when determining which repositories should have their images automatically signed.
", + "enum":["WILDCARD_MATCH"] + }, + "SigningRepositoryFilterValue":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^(?:[a-z0-9*]+(?:[._-][a-z0-9*]+)*/)*[a-z0-9*]+(?:[._-][a-z0-9*]+)*$" + }, + "SigningRule":{ + "type":"structure", + "required":["signingProfileArn"], + "members":{ + "signingProfileArn":{ + "shape":"SigningProfileArn", + "documentation":"The ARN of the Amazon Web Services Signer signing profile to use for signing images that match this rule. For more information about signing profiles, see Signing profiles in the Amazon Web Services Signer Developer Guide.
" + }, + "repositoryFilters":{ + "shape":"SigningRepositoryFilterList", + "documentation":"A list of repository filters that determine which repositories have their images signed on push. If no filters are specified, all images pushed to the registry are signed using the rule's signing profile. Maximum of 100 filters per rule.
" + } + }, + "documentation":"A signing rule that specifies a signing profile and optional repository filters. When an image is pushed to a matching repository, a signing job is created using the specified profile.
" + }, + "SigningRuleList":{ + "type":"list", + "member":{"shape":"SigningRule"}, + "max":10, + "min":0 + }, + "SigningStatus":{ + "type":"string", + "documentation":"The image signing status. Possible values include IN_PROGRESS, COMPLETE, and FAILED.
The digest of the image.
" + } + }, + "documentation":"An object that identifies an image subject.
" + }, "Tag":{ "type":"structure", "required":[ @@ -4213,6 +4918,13 @@ "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"} }, + "TargetStorageClass":{ + "type":"string", + "enum":[ + "STANDARD", + "ARCHIVE" + ] + }, "TemplateAlreadyExistsException":{ "type":"structure", "members":{ @@ -4238,6 +4950,24 @@ "documentation":"The list of tags on the repository is over the limit. The maximum number of tags that can be applied to a repository is 50.
", "exception":true }, + "TransitioningImageTotalCount":{ + "type":"structure", + "members":{ + "targetStorageClass":{ + "shape":"LifecyclePolicyTargetStorageClass", + "documentation":"The target storage class.
" + }, + "imageTotalCount":{ + "shape":"ImageCount", + "documentation":"The total number of images transitioning to the storage class.
" + } + }, + "documentation":"The total count of images transitioning to a storage class.
" + }, + "TransitioningImageTotalCounts":{ + "type":"list", + "member":{"shape":"TransitioningImageTotalCount"} + }, "Type":{"type":"string"}, "UnableToAccessSecretException":{ "type":"structure", @@ -4308,6 +5038,47 @@ "type":"structure", "members":{} }, + "UpdateImageStorageClassRequest":{ + "type":"structure", + "required":[ + "repositoryName", + "imageId", + "targetStorageClass" + ], + "members":{ + "registryId":{ + "shape":"RegistryId", + "documentation":"The Amazon Web Services account ID associated with the registry that contains the image to transition. If you do not specify a registry, the default registry is assumed.
" + }, + "repositoryName":{ + "shape":"RepositoryName", + "documentation":"The name of the repository that contains the image to transition.
" + }, + "imageId":{"shape":"ImageIdentifier"}, + "targetStorageClass":{ + "shape":"TargetStorageClass", + "documentation":"The target storage class for the image.
" + } + } + }, + "UpdateImageStorageClassResponse":{ + "type":"structure", + "members":{ + "registryId":{ + "shape":"RegistryId", + "documentation":"The registry ID associated with the request.
" + }, + "repositoryName":{ + "shape":"RepositoryName", + "documentation":"The repository name associated with the request.
" + }, + "imageId":{"shape":"ImageIdentifier"}, + "imageStatus":{ + "shape":"ImageStatus", + "documentation":"The current status of the image after the call to UpdateImageStorageClass is complete. Valid values are ACTIVE, ARCHIVED, and ACTIVATING.
Updates a repository with filters that define which image tags can override the default image tag mutability setting.
" + "documentation":"A list of filters that specify which image tags should be excluded from the repository creation template's image tag mutability setting.
" }, "repositoryPolicy":{ "shape":"RepositoryPolicyText", diff --git a/awscli/botocore/data/ecs/2014-11-13/service-2.json b/awscli/botocore/data/ecs/2014-11-13/service-2.json index 30b7303567cb..89ffe0a98e76 100644 --- a/awscli/botocore/data/ecs/2014-11-13/service-2.json +++ b/awscli/botocore/data/ecs/2014-11-13/service-2.json @@ -50,6 +50,26 @@ ], "documentation":"Creates a new Amazon ECS cluster. By default, your account receives a default cluster when you launch your first container instance. However, you can create your own cluster with a unique name.
When you call the CreateCluster API operation, Amazon ECS attempts to create the Amazon ECS service-linked role for your account. This is so that it can manage required resources in other Amazon Web Services services on your behalf. However, if the user that makes the call doesn't have permissions to create the service-linked role, it isn't created. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Creates an Express service that simplifies deploying containerized web applications on Amazon ECS with managed Amazon Web Services infrastructure. This operation provisions and configures Application Load Balancers, target groups, security groups, and auto-scaling policies automatically.
Specify a primary container configuration with your application image and basic settings. Amazon ECS creates the necessary Amazon Web Services resources for traffic distribution, health monitoring, network access control, and capacity management.
Provide an execution role for task operations and an infrastructure role for managing Amazon Web Services resources on your behalf.
" + }, "CreateService":{ "name":"CreateService", "http":{ @@ -162,6 +182,26 @@ ], "documentation":"Deletes the specified cluster. The cluster transitions to the INACTIVE state. Clusters with an INACTIVE status might remain discoverable in your account for a period of time. However, this behavior is subject to change in the future. We don't recommend that you rely on INACTIVE clusters persisting.
You must deregister all container instances from this cluster before you may delete it. You can list the container instances in a cluster with ListContainerInstances and deregister them with DeregisterContainerInstance.
" }, + "DeleteExpressGatewayService":{ + "name":"DeleteExpressGatewayService", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteExpressGatewayServiceRequest"}, + "output":{"shape":"DeleteExpressGatewayServiceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ClientException"}, + {"shape":"ClusterNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ServerException"}, + {"shape":"ServiceNotFoundException"}, + {"shape":"ServiceNotActiveException"}, + {"shape":"UnsupportedFeatureException"} + ], + "documentation":"Deletes an Express service and removes all associated Amazon Web Services resources. This operation stops service tasks, removes the Application Load Balancer, target groups, security groups, auto-scaling policies, and other managed infrastructure components.
The service enters a DRAINING state where existing tasks complete current requests without starting new tasks. After all tasks stop, the service and infrastructure are permanently removed.
This operation cannot be reversed. Back up important data and verify the service is no longer needed before deletion.
" + }, "DeleteService":{ "name":"DeleteService", "http":{ @@ -295,6 +335,25 @@ ], "documentation":"Describes one or more container instances. Returns metadata about each container instance requested.
" }, + "DescribeExpressGatewayService":{ + "name":"DescribeExpressGatewayService", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeExpressGatewayServiceRequest"}, + "output":{"shape":"DescribeExpressGatewayServiceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ClientException"}, + {"shape":"ClusterNotFoundException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ServerException"}, + {"shape":"UnsupportedFeatureException"} + ], + "documentation":"Retrieves detailed information about an Express service, including current status, configuration, managed infrastructure, and service revisions.
Returns comprehensive service details, active service revisions, ingress paths with endpoints, and managed Amazon Web Services resource status including load balancers and auto-scaling policies.
Use the include parameter to retrieve additional information such as resource tags.
Modifies the status of an Amazon ECS container instance.
Once a container instance has reached an ACTIVE state, you can change the status of a container instance to DRAINING to manually remove an instance from a cluster, for example to perform system updates, update the Docker daemon, or scale down the cluster size.
A container instance can't be changed to DRAINING until it has reached an ACTIVE status. If the instance is in any other status, an error will be received.
When you set a container instance to DRAINING, Amazon ECS prevents new tasks from being scheduled for placement on the container instance and replacement service tasks are started on other container instances in the cluster if the resources are available. Service tasks on the container instance that are in the PENDING state are stopped immediately.
Service tasks on the container instance that are in the RUNNING state are stopped and replaced according to the service's deployment configuration parameters, minimumHealthyPercent and maximumPercent. You can change the deployment configuration of your service using UpdateService.
If minimumHealthyPercent is below 100%, the scheduler can ignore desiredCount temporarily during task replacement. For example, desiredCount is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. If the minimum is 100%, the service scheduler can't remove existing tasks until the replacement tasks are considered healthy. Tasks for services that do not use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
The maximumPercent parameter represents an upper limit on the number of running tasks during task replacement. You can use this to define the replacement batch size. For example, if desiredCount is four tasks, a maximum of 200% starts four new tasks before stopping the four tasks to be drained, provided that the cluster resources required to do this are available. If the maximum is 100%, then replacement tasks can't start until the draining tasks have stopped.
Any PENDING or RUNNING tasks that do not belong to a service aren't affected. You must wait for them to finish or stop them manually.
A container instance has completed draining when it has no more RUNNING tasks. You can verify this using ListTasks.
When a container instance has been drained, you can set a container instance to ACTIVE status and once it has reached that status the Amazon ECS scheduler can begin scheduling tasks on the instance again.
Updates an existing Express service configuration. Modifies container settings, resource allocation, auto-scaling configuration, and other service parameters without recreating the service.
Amazon ECS creates a new service revision with updated configuration and performs a rolling deployment to replace existing tasks. The service remains available during updates, ensuring zero-downtime deployments.
Some parameters like the infrastructure role cannot be modified after service creation and require creating a new service.
" + }, "UpdateService":{ "name":"UpdateService", "http":{ @@ -1125,6 +1204,13 @@ "documentation":"You don't have authorization to perform the requested action.
", "exception":true }, + "AccessType":{ + "type":"string", + "enum":[ + "PUBLIC", + "PRIVATE" + ] + }, "AdvancedConfiguration":{ "type":"structure", "members":{ @@ -2362,6 +2448,73 @@ } } }, + "CreateExpressGatewayServiceRequest":{ + "type":"structure", + "required":[ + "executionRoleArn", + "infrastructureRoleArn", + "primaryContainer" + ], + "members":{ + "executionRoleArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make Amazon Web Services API calls on your behalf. This role is required for Amazon ECS to pull container images from Amazon ECR, send container logs to Amazon CloudWatch Logs, and retrieve sensitive data from Amazon Web Services Systems Manager Parameter Store or Amazon Web Services Secrets Manager.
The execution role must include the AmazonECSTaskExecutionRolePolicy managed policy or equivalent permissions. For Express services, this role is used during task startup and runtime for container management operations.
The Amazon Resource Name (ARN) of the infrastructure role that grants Amazon ECS permission to create and manage Amazon Web Services resources on your behalf for the Express service. This role is used to provision and manage Application Load Balancers, target groups, security groups, auto-scaling policies, and other Amazon Web Services infrastructure components.
The infrastructure role must include permissions for Elastic Load Balancing, Application Auto Scaling, Amazon EC2 (for security groups), and other services required for managed infrastructure. This role is only used during Express service creation, updates, and deletion operations.
" + }, + "serviceName":{ + "shape":"String", + "documentation":"The name of the Express service. This name must be unique within the specified cluster and can contain up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens. The name is used to identify the service in the Amazon ECS console and API operations.
If you don't specify a service name, Amazon ECS generates a unique name for the service. The service name becomes part of the service ARN and cannot be changed after the service is created.
" + }, + "cluster":{ + "shape":"String", + "documentation":"The short name or full Amazon Resource Name (ARN) of the cluster on which to create the Express service. If you do not specify a cluster, the default cluster is assumed.
The path on the container that the Application Load Balancer uses for health checks. This should be a valid HTTP endpoint that returns a successful response (HTTP 200) when the application is healthy.
If not specified, the default health check path is /ping. The health check path must start with a forward slash and can include query parameters. Examples: /health, /api/status, /ping?format=json.
The primary container configuration for the Express service. This defines the main application container that will receive traffic from the Application Load Balancer.
The primary container must specify at minimum a container image. You can also configure the container port (defaults to 80), logging configuration, environment variables, secrets, and startup commands. The container image can be from Amazon ECR, Docker Hub, or any other container registry accessible to your execution role.
" + }, + "taskRoleArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume. This role allows your application code to access other Amazon Web Services services securely.
The task role is different from the execution role. While the execution role is used by the Amazon ECS agent to set up the task, the task role is used by your application code running inside the container to make Amazon Web Services API calls. If your application doesn't need to access Amazon Web Services services, you can omit this parameter.
" + }, + "networkConfiguration":{ + "shape":"ExpressGatewayServiceNetworkConfiguration", + "documentation":"The network configuration for the Express service tasks. This specifies the VPC subnets and security groups for the tasks.
For Express services, you can specify custom security groups and subnets. If not provided, Amazon ECS will use the default VPC configuration and create appropriate security groups automatically. The network configuration determines how your service integrates with your VPC and what network access it has.
" + }, + "cpu":{ + "shape":"String", + "documentation":"The number of CPU units used by the task. This parameter determines the CPU allocation for each task in the Express service. The default value for an Express service is 256 (.25 vCPU).
" + }, + "memory":{ + "shape":"String", + "documentation":"The amount of memory (in MiB) used by the task. This parameter determines the memory allocation for each task in the Express service. The default value for an express service is 512 MiB.
" + }, + "scalingTarget":{ + "shape":"ExpressGatewayScalingTarget", + "documentation":"The auto-scaling configuration for the Express service. This defines how the service automatically adjusts the number of running tasks based on demand.
You can specify the minimum and maximum number of tasks, the scaling metric (CPU utilization, memory utilization, or request count per target), and the target value for the metric. If not specified, the default target value for an Express service is 60.
" + }, + "tags":{ + "shape":"Tags", + "documentation":"The metadata that you apply to the Express service to help categorize and organize it. Each tag consists of a key and an optional value. You can apply up to 50 tags to a service.
" + } + } + }, + "CreateExpressGatewayServiceResponse":{ + "type":"structure", + "members":{ + "service":{ + "shape":"ECSExpressGatewayService", + "documentation":"The full description of your Express service following the create operation.
" + } + } + }, "CreateManagedInstancesProviderConfiguration":{ "type":"structure", "required":[ @@ -2380,6 +2533,10 @@ "propagateTags":{ "shape":"PropagateMITags", "documentation":"Specifies whether to propagate tags from the capacity provider to the Amazon ECS Managed Instances. When enabled, tags applied to the capacity provider are automatically applied to all instances launched by this provider.
" + }, + "infrastructureOptimization":{ + "shape":"InfrastructureOptimization", + "documentation":"Defines how Amazon ECS Managed Instances optimizes the infrastastructure in your capacity provider. Provides control over the delay between when EC2 instances become idle or underutilized and when Amazon ECS optimizes them.
" } }, "documentation":"The configuration for creating a Amazon ECS Managed Instances provider. This specifies how Amazon ECS should manage Amazon EC2 instances, including the infrastructure role, instance launch template, and whether to propagate tags from the capacity provider to the instances.
" @@ -2676,6 +2833,25 @@ } } }, + "DeleteExpressGatewayServiceRequest":{ + "type":"structure", + "required":["serviceArn"], + "members":{ + "serviceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Express service to delete. The ARN uniquely identifies the service within your Amazon Web Services account and region.
" + } + } + }, + "DeleteExpressGatewayServiceResponse":{ + "type":"structure", + "members":{ + "service":{ + "shape":"ECSExpressGatewayService", + "documentation":"The full description of the deleted express service.
" + } + } + }, "DeleteServiceRequest":{ "type":"structure", "required":["service"], @@ -3171,6 +3347,29 @@ } } }, + "DescribeExpressGatewayServiceRequest":{ + "type":"structure", + "required":["serviceArn"], + "members":{ + "serviceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Express service to describe. The ARN uniquely identifies the service within your Amazon Web Services account and region.
" + }, + "include":{ + "shape":"ExpressGatewayServiceIncludeList", + "documentation":"Specifies additional information to include in the response. Valid values are TAGS to include resource tags associated with the Express service.
The full description of the described express service.
" + } + } + }, "DescribeServiceDeploymentsRequest":{ "type":"structure", "required":["serviceDeploymentArns"], @@ -3484,6 +3683,78 @@ "member":{"shape":"EBSTagSpecification"} }, "EBSVolumeType":{"type":"string"}, + "ECSExpressGatewayService":{ + "type":"structure", + "members":{ + "cluster":{ + "shape":"String", + "documentation":"The short name or full ARN of the cluster that hosts the Express service.
" + }, + "serviceName":{ + "shape":"String", + "documentation":"The name of the Express service.
" + }, + "serviceArn":{ + "shape":"String", + "documentation":"The ARN that identifies the Express service.
" + }, + "infrastructureRoleArn":{ + "shape":"String", + "documentation":"The ARN of the infrastructure role that manages Amazon Web Services resources for the Express service.
" + }, + "status":{ + "shape":"ExpressGatewayServiceStatus", + "documentation":"The current status of the Express service.
" + }, + "currentDeployment":{ + "shape":"String", + "documentation":"The current deployment configuration for the Express service.
" + }, + "activeConfigurations":{ + "shape":"ExpressGatewayServiceConfigurations", + "documentation":"The list of active service configurations for the Express service.
" + }, + "tags":{ + "shape":"Tags", + "documentation":"The metadata applied to the Express service.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the Express service was created.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the Express service was last updated.
" + } + }, + "documentation":"Represents an Express service, which provides a simplified way to deploy containerized web applications on Amazon ECS with managed Amazon Web Services infrastructure. An Express service automatically provisions and manages Application Load Balancers, target groups, security groups, and auto-scaling policies.
Express services use a service revision architecture where each service can have multiple active configurations, enabling blue-green deployments and gradual rollouts. The service maintains a list of active configurations and manages the lifecycle of the underlying Amazon Web Services resources.
" + }, + "ECSManagedResources":{ + "type":"structure", + "members":{ + "ingressPaths":{ + "shape":"ManagedIngressPaths", + "documentation":"The ingress paths and endpoints for the Express service.
" + }, + "autoScaling":{ + "shape":"ManagedAutoScaling", + "documentation":"The auto-scaling configuration and policies for the Express service.
" + }, + "metricAlarms":{ + "shape":"ManagedMetricAlarms", + "documentation":"The CloudWatch metric alarms associated with the Express service.
" + }, + "serviceSecurityGroups":{ + "shape":"ManagedSecurityGroups", + "documentation":"The security groups managed by the Express service.
" + }, + "logGroups":{ + "shape":"ManagedLogGroups", + "documentation":"The log groups managed by the Express service.
" + } + }, + "documentation":"Represents the Amazon Web Services resources managed by Amazon ECS for an Express service, including ingress paths, auto-scaling policies, metric alarms, and security groups.
" + }, "ECSVolumeName":{"type":"string"}, "EFSAuthorizationConfig":{ "type":"structure", @@ -3703,61 +3974,252 @@ } } }, - "FSxWindowsFileServerAuthorizationConfig":{ + "ExpressGatewayContainer":{ "type":"structure", - "required":[ - "credentialsParameter", - "domain" - ], + "required":["image"], "members":{ - "credentialsParameter":{ + "image":{ "shape":"String", - "documentation":"The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an Secrets Manager secret or SSM Parameter Store parameter. The ARN refers to the stored credentials.
" + "documentation":"The image used to start a container. This string is passed directly to the Docker daemon. Images in the Docker Hub registry are available by default. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest.
For Express services, the image typically contains a web application that listens on the specified container port. The image can be stored in Amazon ECR, Docker Hub, or any other container registry accessible to your execution role.
" }, - "domain":{ + "containerPort":{ + "shape":"BoxedInteger", + "documentation":"The port number on the container that receives traffic from the load balancer. Default is 80.
" + }, + "awsLogsConfiguration":{ + "shape":"ExpressGatewayServiceAwsLogsConfiguration", + "documentation":"The log configuration for the container.
" + }, + "repositoryCredentials":{ + "shape":"ExpressGatewayRepositoryCredentials", + "documentation":"The configuration for repository credentials for private registry authentication.
" + }, + "command":{ + "shape":"StringList", + "documentation":"The command that is passed to the container.
" + }, + "environment":{ + "shape":"EnvironmentVariables", + "documentation":"The environment variables to pass to the container.
" + }, + "secrets":{ + "shape":"SecretList", + "documentation":"The secrets to pass to the container.
" + } + }, + "documentation":"Defines the configuration for the primary container in an Express service. This container receives traffic from the Application Load Balancer and runs your application code.
The container configuration includes the container image, port mapping, logging settings, environment variables, and secrets. The container image is the only required parameter, with sensible defaults provided for other settings.
" + }, + "ExpressGatewayRepositoryCredentials":{ + "type":"structure", + "members":{ + "credentialsParameter":{ "shape":"String", - "documentation":"A fully qualified domain name hosted by an Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.
" + "documentation":"The Amazon Resource Name (ARN) of the secret containing the private repository credentials.
" } }, - "documentation":"The authorization configuration details for Amazon FSx for Windows File Server file system. See FSxWindowsFileServerVolumeConfiguration in the Amazon ECS API Reference.
For more information and the input format, see Amazon FSx for Windows File Server Volumes in the Amazon Elastic Container Service Developer Guide.
" + "documentation":"The repository credentials for private registry authentication to pass to the container.
" }, - "FSxWindowsFileServerVolumeConfiguration":{ + "ExpressGatewayScalingTarget":{ + "type":"structure", + "members":{ + "minTaskCount":{ + "shape":"BoxedInteger", + "documentation":"The minimum number of tasks to run in the Express service.
" + }, + "maxTaskCount":{ + "shape":"BoxedInteger", + "documentation":"The maximum number of tasks to run in the Express service.
" + }, + "autoScalingMetric":{ + "shape":"ExpressGatewayServiceScalingMetric", + "documentation":"The metric used for auto-scaling decisions. The default metric used for an Express service is CPUUtilization.
The target value for the auto-scaling metric. The default value for an Express service is 60.
" + } + }, + "documentation":"Defines the auto-scaling configuration for an Express service. This determines how the service automatically adjusts the number of running tasks based on demand metrics such as CPU utilization, memory utilization, or request count per target.
Auto-scaling helps ensure your application can handle varying levels of traffic while optimizing costs by scaling down during low-demand periods. You can specify the minimum and maximum number of tasks, the scaling metric, and the target value for that metric.
" + }, + "ExpressGatewayServiceAwsLogsConfiguration":{ "type":"structure", "required":[ - "fileSystemId", - "rootDirectory", - "authorizationConfig" + "logGroup", + "logStreamPrefix" ], "members":{ - "fileSystemId":{ + "logGroup":{ "shape":"String", - "documentation":"The Amazon FSx for Windows File Server file system ID to use.
" + "documentation":"The name of the CloudWatch Logs log group to send container logs to.
" }, - "rootDirectory":{ + "logStreamPrefix":{ "shape":"String", - "documentation":"The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.
" - }, - "authorizationConfig":{ - "shape":"FSxWindowsFileServerAuthorizationConfig", - "documentation":"The authorization configuration details for the Amazon FSx for Windows File Server file system.
" + "documentation":"The prefix for the CloudWatch Logs log stream names. The default for an Express service is ecs.
This parameter is specified when you're using Amazon FSx for Windows File Server file system for task storage.
For more information and the input format, see Amazon FSx for Windows File Server volumes in the Amazon Elastic Container Service Developer Guide.
" + "documentation":"Specifies the Amazon CloudWatch Logs configuration for the Express service container.
" }, - "Failure":{ + "ExpressGatewayServiceConfiguration":{ "type":"structure", "members":{ - "arn":{ + "serviceRevisionArn":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) of the failed resource.
" + "documentation":"The ARN of the service revision.
" }, - "reason":{ + "executionRoleArn":{ "shape":"String", - "documentation":"The reason for the failure.
" + "documentation":"The ARN of the task execution role for the service revision.
" }, - "detail":{ + "taskRoleArn":{ "shape":"String", - "documentation":"The details of the failure.
" + "documentation":"The ARN of the task role for the service revision.
" + }, + "cpu":{ + "shape":"String", + "documentation":"The CPU allocation for tasks in this service revision.
" + }, + "memory":{ + "shape":"String", + "documentation":"The memory allocation for tasks in this service revision.
" + }, + "networkConfiguration":{ + "shape":"ExpressGatewayServiceNetworkConfiguration", + "documentation":"The network configuration for tasks in this service revision.
" + }, + "healthCheckPath":{ + "shape":"String", + "documentation":"The health check path for this service revision.
" + }, + "primaryContainer":{ + "shape":"ExpressGatewayContainer", + "documentation":"The primary container configuration for this service revision.
" + }, + "scalingTarget":{ + "shape":"ExpressGatewayScalingTarget", + "documentation":"The auto-scaling configuration for this service revision.
" + }, + "ingressPaths":{ + "shape":"IngressPathSummaries", + "documentation":"The entry point into this service revision.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when this service revision was created.
" + } + }, + "documentation":"Represents a specific configuration revision of an Express service, containing all the settings and parameters for that revision.
" + }, + "ExpressGatewayServiceConfigurations":{ + "type":"list", + "member":{"shape":"ExpressGatewayServiceConfiguration"} + }, + "ExpressGatewayServiceInclude":{ + "type":"string", + "enum":["TAGS"] + }, + "ExpressGatewayServiceIncludeList":{ + "type":"list", + "member":{"shape":"ExpressGatewayServiceInclude"} + }, + "ExpressGatewayServiceNetworkConfiguration":{ + "type":"structure", + "members":{ + "securityGroups":{ + "shape":"StringList", + "documentation":"The IDs of the security groups associated with the Express service.
" + }, + "subnets":{ + "shape":"StringList", + "documentation":"The IDs of the subnets associated with the Express service.
" + } + }, + "documentation":"The network configuration for an Express service. By default, an Express service utilizes subnets and security groups associated with the default VPC.
" + }, + "ExpressGatewayServiceScalingMetric":{ + "type":"string", + "enum":[ + "AVERAGE_CPU", + "AVERAGE_MEMORY", + "REQUEST_COUNT_PER_TARGET" + ] + }, + "ExpressGatewayServiceStatus":{ + "type":"structure", + "members":{ + "statusCode":{ + "shape":"ExpressGatewayServiceStatusCode", + "documentation":"The status of the Express service.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the Express service is in the current status.
" + } + }, + "documentation":"An object that defines the status of Express service creation and information about the status of the service.
" + }, + "ExpressGatewayServiceStatusCode":{ + "type":"string", + "enum":[ + "ACTIVE", + "DRAINING", + "INACTIVE" + ] + }, + "FSxWindowsFileServerAuthorizationConfig":{ + "type":"structure", + "required":[ + "credentialsParameter", + "domain" + ], + "members":{ + "credentialsParameter":{ + "shape":"String", + "documentation":"The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an Secrets Manager secret or SSM Parameter Store parameter. The ARN refers to the stored credentials.
" + }, + "domain":{ + "shape":"String", + "documentation":"A fully qualified domain name hosted by an Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.
" + } + }, + "documentation":"The authorization configuration details for Amazon FSx for Windows File Server file system. See FSxWindowsFileServerVolumeConfiguration in the Amazon ECS API Reference.
For more information and the input format, see Amazon FSx for Windows File Server Volumes in the Amazon Elastic Container Service Developer Guide.
" + }, + "FSxWindowsFileServerVolumeConfiguration":{ + "type":"structure", + "required":[ + "fileSystemId", + "rootDirectory", + "authorizationConfig" + ], + "members":{ + "fileSystemId":{ + "shape":"String", + "documentation":"The Amazon FSx for Windows File Server file system ID to use.
" + }, + "rootDirectory":{ + "shape":"String", + "documentation":"The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.
" + }, + "authorizationConfig":{ + "shape":"FSxWindowsFileServerAuthorizationConfig", + "documentation":"The authorization configuration details for the Amazon FSx for Windows File Server file system.
" + } + }, + "documentation":"This parameter is specified when you're using Amazon FSx for Windows File Server file system for task storage.
For more information and the input format, see Amazon FSx for Windows File Server volumes in the Amazon Elastic Container Service Developer Guide.
" + }, + "Failure":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the failed resource.
" + }, + "reason":{ + "shape":"String", + "documentation":"The reason for the failure.
" + }, + "detail":{ + "shape":"String", + "documentation":"The details of the failure.
" } }, "documentation":"A failed resource. For a list of common causes, see API failure reasons in the Amazon Elastic Container Service Developer Guide.
" @@ -3937,6 +4399,38 @@ "type":"list", "member":{"shape":"InferenceAccelerator"} }, + "InfrastructureOptimization":{ + "type":"structure", + "members":{ + "scaleInAfter":{ + "shape":"BoxedInteger", + "documentation":"This parameter defines the number of seconds Amazon ECS Managed Instances waits before optimizing EC2 instances that have become idle or underutilized. A longer delay increases the likelihood of placing new tasks on idle or underutilized instances instances, reducing startup time. A shorter delay helps reduce infrastructure costs by optimizing idle or underutilized instances,instances more quickly.
Valid values are:
null - Uses the default optimization behavior.
-1 - Disables automatic infrastructure optimization.
A value between 0 and 3600 (inclusive) - Specifies the number of seconds to wait before optimizing instances.
The configuration that controls how Amazon ECS optimizes your infrastructure.
" + }, + "IngressPathSummaries":{ + "type":"list", + "member":{"shape":"IngressPathSummary"} + }, + "IngressPathSummary":{ + "type":"structure", + "required":[ + "accessType", + "endpoint" + ], + "members":{ + "accessType":{ + "shape":"AccessType", + "documentation":"The type of access to the endpoint for the Express service.
" + }, + "endpoint":{ + "shape":"String", + "documentation":"The endpoint for access to the service.
" + } + }, + "documentation":"The entry point into an Express service.
" + }, "InstanceGeneration":{ "type":"string", "enum":[ @@ -4506,6 +5000,10 @@ "schedulingStrategy":{ "shape":"SchedulingStrategy", "documentation":"The scheduling strategy to use when filtering the ListServices results.
The resourceManagementType type to use when filtering the ListServices results.
The Amazon Resource Name (ARN) of the Application Auto Scaling policy associated with the Express service.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of Application Auto Scaling policy creation.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the Application Auto Scaling policy is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the Application Auto Scaling policy was last updated.
" + }, + "policyType":{ + "shape":"String", + "documentation":"The type of Application Auto Scaling policy associated with the Express service. Valid values are TargetTrackingScaling, StepScaling, and PredictiveScaling.
The target value for the auto scaling metric.
" + }, + "metric":{ + "shape":"String", + "documentation":"The metric used for auto scaling decisions. The available metrics are ECSServiceAverageCPUUtilization, ECSServiceAverageMemoryUtilization, and ALBRequestCOuntPerTarget.
The Application Auto Scaling policy created by Amazon ECS when you create an Express service.
" + }, + "ManagedAutoScaling":{ + "type":"structure", + "members":{ + "scalableTarget":{ + "shape":"ManagedScalableTarget", + "documentation":"Represents a scalable target.
" + }, + "applicationAutoScalingPolicies":{ + "shape":"ManagedApplicationAutoScalingPolicies", + "documentation":"The policy used for auto scaling.
" + } + }, + "documentation":"The auto scaling configuration created by Amazon ECS for an Express service.
" + }, + "ManagedCertificate":{ + "type":"structure", + "required":[ + "status", + "updatedAt", + "domainName" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the ACM certificate.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the ACM; certificate.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the ACM certificate is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the ACM certificate was last updated
" + }, + "domainName":{ + "shape":"String", + "documentation":"The fully qualified domain name (FQDN) that is secured with this ACM certificate.
" + } + }, + "documentation":"The ACM certificate associated with the HTTPS domain created for the Express service.
" + }, "ManagedDraining":{ "type":"string", "enum":[ @@ -4822,6 +5410,52 @@ "DISABLED" ] }, + "ManagedIngressPath":{ + "type":"structure", + "required":[ + "accessType", + "endpoint" + ], + "members":{ + "accessType":{ + "shape":"AccessType", + "documentation":"The type of access to the endpoint for the Express service.
" + }, + "endpoint":{ + "shape":"String", + "documentation":"The endpoint for access to the Express service.
" + }, + "loadBalancer":{ + "shape":"ManagedLoadBalancer", + "documentation":"The Application Load Balancer associated with the Express service.
" + }, + "loadBalancerSecurityGroups":{ + "shape":"ManagedSecurityGroups", + "documentation":"The security groups associated with the Application Load Balancer.
" + }, + "certificate":{ + "shape":"ManagedCertificate", + "documentation":"The ACM certificate for the Express service's domain.
" + }, + "listener":{ + "shape":"ManagedListener", + "documentation":"The listeners associated with the Application Load Balancer.
" + }, + "rule":{ + "shape":"ManagedListenerRule", + "documentation":"The listener rules for the Application Load Balancer.
" + }, + "targetGroups":{ + "shape":"ManagedTargetGroups", + "documentation":"The target groups associated with the Application Load Balancer.
" + } + }, + "documentation":"The entry point into the Express service.
" + }, + "ManagedIngressPaths":{ + "type":"list", + "member":{"shape":"ManagedIngressPath"} + }, "ManagedInstancesMonitoringOptions":{ "type":"string", "enum":[ @@ -4857,6 +5491,10 @@ "propagateTags":{ "shape":"PropagateMITags", "documentation":"Determines whether tags from the capacity provider are automatically applied to Amazon ECS Managed Instances. This helps with cost allocation and resource management by ensuring consistent tagging across your infrastructure.
" + }, + "infrastructureOptimization":{ + "shape":"InfrastructureOptimization", + "documentation":"Defines how Amazon ECS Managed Instances optimizes the infrastastructure in your capacity provider. Configure it to turn on or off the infrastructure optimization in your capacity provider, and to control the idle or underutilized EC2 instances optimization delay.
" } }, "documentation":"The configuration for a Amazon ECS Managed Instances provider. Amazon ECS uses this configuration to automatically launch, manage, and terminate Amazon EC2 instances on your behalf. Managed instances provide access to the full range of Amazon EC2 instance types and features while offloading infrastructure management to Amazon Web Services.
" @@ -4871,6 +5509,208 @@ }, "documentation":"The storage configuration for Amazon ECS Managed Instances. This defines the root volume configuration for the instances.
" }, + "ManagedListener":{ + "type":"structure", + "required":[ + "status", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the load balancer listener.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the load balancer listener.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Informaion about why the load balancer listener is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when this listener was most recently updated.
" + } + }, + "documentation":"The listeners associated with the Express service's Application Load Balancer.
" + }, + "ManagedListenerRule":{ + "type":"structure", + "required":[ + "status", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the load balancer listener rule.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the load balancer listener rule.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the load balancer listener rule is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when this listener rule was most recently updated.
" + } + }, + "documentation":"The listener rule associated with the Express service's Application Load Balancer.
" + }, + "ManagedLoadBalancer":{ + "type":"structure", + "required":[ + "status", + "updatedAt", + "scheme" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the load balancer.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the load balancer.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the load balancer is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when this load balancer was most recently updated.
" + }, + "scheme":{ + "shape":"String", + "documentation":"The scheme of the load balancer. By default, the scheme of the load balancer is internet-facing.
The IDs of the subnets associated with the load balancer.
" + }, + "securityGroupIds":{ + "shape":"StringList", + "documentation":"The IDs of the security groups associated with the load balancer.
" + } + }, + "documentation":"The Application Load Balancer associated with the Express service.
" + }, + "ManagedLogGroup":{ + "type":"structure", + "required":[ + "status", + "updatedAt", + "logGroupName" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Cloudwatch Log Group associated with the Express service.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the Cloudwatch LogGroup.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the Cloudwatch LogGroup is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the Cloudwatch LogGroup was last updated
" + }, + "logGroupName":{ + "shape":"String", + "documentation":"The name of the Cloudwatch Log Group associated with the Express service.
" + } + }, + "documentation":"The Cloudwatch Log Group created by Amazon ECS for an Express service.
" + }, + "ManagedLogGroups":{ + "type":"list", + "member":{"shape":"ManagedLogGroup"} + }, + "ManagedMetricAlarm":{ + "type":"structure", + "required":[ + "status", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the CloudWatch metric alarm.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the CloudWatch metric alarm.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the CloudWatch metric alarm is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the CloudWatch metric alarm was last updated.
" + } + }, + "documentation":"The CloudWatch metric alarm associated with the Express service's scaling policy.
" + }, + "ManagedMetricAlarms":{ + "type":"list", + "member":{"shape":"ManagedMetricAlarm"} + }, + "ManagedResourceStatus":{ + "type":"string", + "enum":[ + "PROVISIONING", + "ACTIVE", + "DEPROVISIONING", + "DELETED", + "FAILED" + ] + }, + "ManagedScalableTarget":{ + "type":"structure", + "required":[ + "status", + "updatedAt", + "minCapacity", + "maxCapacity" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The ARN of the scalable target.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the scalable target.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the scalable target is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the target was most recently updated.
" + }, + "minCapacity":{ + "shape":"Integer", + "documentation":"The minimum value to scale to in response to a scale-in activity.
" + }, + "maxCapacity":{ + "shape":"Integer", + "documentation":"The maximum value to scale to in response to a scale-out activity.
" + } + }, + "documentation":"Represents a scalable target.
" + }, "ManagedScaling":{ "type":"structure", "members":{ @@ -4919,6 +5759,36 @@ "max":100, "min":1 }, + "ManagedSecurityGroup":{ + "type":"structure", + "required":[ + "status", + "updatedAt" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The ARN of the security group.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the security group.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the security group is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the security group was last updated.
" + } + }, + "documentation":"A security group associated with the Express service.
" + }, + "ManagedSecurityGroups":{ + "type":"list", + "member":{"shape":"ManagedSecurityGroup"} + }, "ManagedStorageConfiguration":{ "type":"structure", "members":{ @@ -4933,6 +5803,51 @@ }, "documentation":"The managed storage configuration for the cluster.
" }, + "ManagedTargetGroup":{ + "type":"structure", + "required":[ + "status", + "updatedAt", + "healthCheckPath", + "healthCheckPort", + "port" + ], + "members":{ + "arn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the target group.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The status of the target group.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Information about why the target group is in the current status.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the target group was last updated.
" + }, + "healthCheckPath":{ + "shape":"String", + "documentation":"The destination for health checks on the targets.
" + }, + "healthCheckPort":{ + "shape":"Integer", + "documentation":"The port the load balancer uses when performing health checks on targets.
" + }, + "port":{ + "shape":"Integer", + "documentation":"The port on which the targets receive traffic.
" + } + }, + "documentation":"The target group associated with the Express service's Application Load Balancer. For more information about load balancer target groups, see CreateTargetGroup in the Elastic Load Balancing API Reference
" + }, + "ManagedTargetGroups":{ + "type":"list", + "member":{"shape":"ManagedTargetGroup"} + }, "ManagedTerminationProtection":{ "type":"string", "enum":[ @@ -5646,6 +6561,13 @@ "documentation":"The specified resource is in-use and can't be removed.
", "exception":true }, + "ResourceManagementType":{ + "type":"string", + "enum":[ + "CUSTOMER", + "ECS" + ] + }, "ResourceNotFoundException":{ "type":"structure", "members":{}, @@ -5966,6 +6888,14 @@ "shape":"Timestamp", "documentation":"The Unix timestamp for the time when the service was created.
" }, + "currentServiceDeployment":{ + "shape":"String", + "documentation":"The ARN of the current service deployment.
" + }, + "currentServiceRevisions":{ + "shape":"ServiceCurrentRevisionSummaryList", + "documentation":"The list of the service revisions.
" + }, "placementConstraints":{ "shape":"PlacementConstraints", "documentation":"The placement constraints for the tasks in the service.
" @@ -6013,6 +6943,10 @@ "availabilityZoneRebalancing":{ "shape":"AvailabilityZoneRebalancing", "documentation":"Indicates whether to use Availability Zone rebalancing for the service.
For more information, see Balancing an Amazon ECS service across Availability Zones in the Amazon Elastic Container Service Developer Guide .
The default behavior of AvailabilityZoneRebalancing differs between create and update requests:
For create service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults the value to ENABLED.
For update service requests, when no value is specified for AvailabilityZoneRebalancing, Amazon ECS defaults to the existing service’s AvailabilityZoneRebalancing value. If the service never had an AvailabilityZoneRebalancing value set, Amazon ECS treats this as DISABLED.
Identifies whether an ECS Service is an Express Service managed by ECS, or managed by the customer. The valid values are ECS and CUSTOMER
Details on a service within a cluster.
" @@ -6214,6 +7148,32 @@ }, "documentation":"The key that encrypts and decrypts your resources for Service Connect TLS.
" }, + "ServiceCurrentRevisionSummary":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"String", + "documentation":"The ARN of the current service revision.
" + }, + "requestedTaskCount":{ + "shape":"Integer", + "documentation":"The number of requested tasks in the current service revision
" + }, + "runningTaskCount":{ + "shape":"Integer", + "documentation":"The number of running tasks of the current service revision
" + }, + "pendingTaskCount":{ + "shape":"Integer", + "documentation":"The number of pending tasks in the current service revision
" + } + }, + "documentation":"The summary of the current service revision configuration
" + }, + "ServiceCurrentRevisionSummaryList":{ + "type":"list", + "member":{"shape":"ServiceCurrentRevisionSummary"} + }, "ServiceDeployment":{ "type":"structure", "members":{ @@ -6607,6 +7567,10 @@ "resolvedConfiguration":{ "shape":"ResolvedConfiguration", "documentation":"The resolved configuration for the service revision which contains the actual resources your service revision uses, such as which target groups serve traffic.
" + }, + "ecsManagedResources":{ + "shape":"ECSManagedResources", + "documentation":"The resources created and managed by Amazon ECS when you create an Express service for Amazon ECS.
" } }, "documentation":"Information about the service revision.
A service revision contains a record of the workload configuration Amazon ECS is attempting to deploy. Whenever you create or deploy a service, Amazon ECS automatically creates and captures the configuration that you're trying to deploy in the service revision. For information about service revisions, see Amazon ECS service revisions in the Amazon Elastic Container Service Developer Guide .
" @@ -8015,6 +8979,57 @@ } } }, + "UpdateExpressGatewayServiceRequest":{ + "type":"structure", + "required":["serviceArn"], + "members":{ + "serviceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Express service to update.
" + }, + "executionRoleArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the task execution role for the Express service.
" + }, + "healthCheckPath":{ + "shape":"String", + "documentation":"The path on the container for Application Load Balancer health checks.
" + }, + "primaryContainer":{ + "shape":"ExpressGatewayContainer", + "documentation":"The primary container configuration for the Express service.
" + }, + "taskRoleArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the IAM role for containers in this task.
" + }, + "networkConfiguration":{ + "shape":"ExpressGatewayServiceNetworkConfiguration", + "documentation":"The network configuration for the Express service tasks. By default, the network configuration for an Express service uses the default VPC.
" + }, + "cpu":{ + "shape":"String", + "documentation":"The number of CPU units used by the task.
" + }, + "memory":{ + "shape":"String", + "documentation":"The amount of memory (in MiB) used by the task.
" + }, + "scalingTarget":{ + "shape":"ExpressGatewayScalingTarget", + "documentation":"The auto-scaling configuration for the Express service.
" + } + } + }, + "UpdateExpressGatewayServiceResponse":{ + "type":"structure", + "members":{ + "service":{ + "shape":"UpdatedExpressGatewayService", + "documentation":"The full description of your express gateway service following the update call.
" + } + } + }, "UpdateInProgressException":{ "type":"structure", "members":{}, @@ -8039,6 +9054,10 @@ "propagateTags":{ "shape":"PropagateMITags", "documentation":"The updated tag propagation setting. When changed, this affects only new instances launched after the update.
" + }, + "infrastructureOptimization":{ + "shape":"InfrastructureOptimization", + "documentation":"The updated infrastructure optimization configuration. Changes to this setting affect how Amazon ECS optimizes instances going forward.
" } }, "documentation":"The updated configuration for a Amazon ECS Managed Instances provider. You can modify the infrastructure role, instance launch template, and tag propagation settings. Changes apply to new instances launched after the update.
" @@ -8249,6 +9268,40 @@ } } }, + "UpdatedExpressGatewayService":{ + "type":"structure", + "members":{ + "serviceArn":{ + "shape":"String", + "documentation":"The ARN of the Express service that is being updated.
" + }, + "cluster":{ + "shape":"String", + "documentation":"The cluster associated with the Express service that is being updated.
" + }, + "serviceName":{ + "shape":"String", + "documentation":"The name of the Express service that is being updated.
" + }, + "status":{ + "shape":"ExpressGatewayServiceStatus", + "documentation":"The status of the Express service that is being updated.
" + }, + "targetConfiguration":{ + "shape":"ExpressGatewayServiceConfiguration", + "documentation":"The configuration to which the current Express service is being updated to.
" + }, + "createdAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the Express service that is being updated was created.
" + }, + "updatedAt":{ + "shape":"Timestamp", + "documentation":"The Unix timestamp for when the Express service that is being updated was most recently updated.
" + } + }, + "documentation":"An object that describes an Express service to be updated.
" + }, "VCpuCountRangeRequest":{ "type":"structure", "required":["min"], diff --git a/awscli/botocore/data/eks/2017-11-01/service-2.json b/awscli/botocore/data/eks/2017-11-01/service-2.json index 57ab7d587b4d..01e5b5f31a32 100644 --- a/awscli/botocore/data/eks/2017-11-01/service-2.json +++ b/awscli/botocore/data/eks/2017-11-01/service-2.json @@ -122,7 +122,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"UnsupportedAvailabilityZoneException"} ], - "documentation":"Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. The endpoint domain name and IP address family depends on the value of the ipFamily for the cluster. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide.
" + "documentation":"Creates an Amazon EKS control plane.
The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as etcd and the API server. The control plane runs in an account managed by Amazon Web Services, and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances.
The cluster control plane is provisioned across multiple Availability Zones and fronted by an ELB Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support kubectl exec, logs, and proxy data flows).
Amazon EKS nodes run in your Amazon Web Services account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster.
You can use the endpointPublicAccess and endpointPrivateAccess parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. The endpoint domain name and IP address family depends on the value of the ipFamily for the cluster. For more information, see Amazon EKS Cluster Endpoint Access Control in the Amazon EKS User Guide .
You can use the logging parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see Amazon EKS Cluster Control Plane Logs in the Amazon EKS User Guide .
CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see CloudWatch Pricing.
In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see Allowing users to access your cluster and Launching Amazon EKS nodes in the Amazon EKS User Guide.
" }, "CreateEksAnywhereSubscription":{ "name":"CreateEksAnywhereSubscription", @@ -176,7 +176,7 @@ {"shape":"ServerException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"Creates a managed node group for an Amazon EKS cluster.
You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template.
For later updates, you will only be able to update a node group using a launch template only if it was originally deployed with a launch template. Additionally, the launch template ID or name must match what was used when the node group was created. You can update the launch template version with necessary changes. For more information about using launch templates, see Customizing managed nodes with launch templates.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.
Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.
Creates a managed node group for an Amazon EKS cluster.
You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template.
For later updates, you will only be able to update a node group using a launch template only if it was originally deployed with a launch template. Additionally, the launch template ID or name must match what was used when the node group was created. You can update the launch template version with necessary changes. For more information about using launch templates, see Customizing managed nodes with launch templates.
An Amazon EKS managed node group is an Amazon EC2 Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by Amazon Web Services for an Amazon EKS cluster. For more information, see Managed node groups in the Amazon EKS User Guide.
Windows AMI types are only supported for commercial Amazon Web Services Regions that support Windows on Amazon EKS.
The name of the Auto Scaling group associated with an Amazon EKS managed node group.
" + "documentation":"The name of the Amazon EC2 Auto Scaling group associated with an Amazon EKS managed node group.
" } }, - "documentation":"An Auto Scaling group that is associated with an Amazon EKS managed node group.
" + "documentation":"An Amazon EC2 Auto Scaling group that is associated with an Amazon EKS managed node group.
" }, "AutoScalingGroupList":{ "type":"list", @@ -1805,6 +1805,10 @@ "deletionProtection":{ "shape":"BoxedBoolean", "documentation":"The current deletion protection setting for the cluster. When true, deletion protection is enabled and the cluster cannot be deleted until protection is disabled. When false, the cluster can be deleted normally. This setting only applies to clusters in an active state.
The control plane scaling tier configuration. For more information, see EKS Provisioned Control Plane in the Amazon EKS User Guide.
" } }, "documentation":"An object representing an Amazon EKS cluster.
" @@ -2076,6 +2080,16 @@ }, "documentation":"The placement configuration for all the control plane instances of your local Amazon EKS cluster on an Amazon Web Services Outpost. For more information, see Capacity considerations in the Amazon EKS User Guide.
" }, + "ControlPlaneScalingConfig":{ + "type":"structure", + "members":{ + "tier":{ + "shape":"ProvisionedControlPlaneTier", + "documentation":"The control plane scaling tier configuration. Available options are standard, tier-xl, tier-2xl, or tier-4xl. For more information, see EKS Provisioned Control Plane in the Amazon EKS User Guide.
The control plane scaling tier configuration. For more information, see EKS Provisioned Control Plane in the Amazon EKS User Guide.
" + }, "CreateAccessConfigRequest":{ "type":"structure", "members":{ @@ -2274,6 +2288,10 @@ "deletionProtection":{ "shape":"BoxedBoolean", "documentation":"Indicates whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. This helps prevent accidental cluster deletion. Default value is false.
The control plane scaling tier configuration. For more information, see EKS Provisioned Control Plane in the Amazon EKS User Guide.
" } } }, @@ -3964,7 +3982,7 @@ "members":{ "code":{ "shape":"NodegroupIssueCode", - "documentation":"A brief description of the error.
AccessDenied: Amazon EKS or one or more of your managed nodes is failing to authenticate or authorize with your Kubernetes cluster API server.
AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures while attempting to launch instances.
AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.
ClusterUnreachable: Amazon EKS or one or more of your managed nodes is unable to to communicate with your Kubernetes cluster API server. This can happen if there are network disruptions or if API servers are timing out processing requests.
Ec2InstanceTypeDoesNotExist: One or more of the supplied Amazon EC2 instance types do not exist. Amazon EKS checked for the instance types that you provided in this Amazon Web Services Region, and one or more aren't available.
Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.
Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.
Ec2SecurityGroupDeletionFailure: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.
Ec2SecurityGroupNotFound: We couldn't find the cluster security group for the cluster. You must recreate your cluster.
Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the auto-assign public IP address setting for the subnet. See Modifying the public IPv4 addressing attribute for your subnet in the Amazon VPC User Guide.
IamInstanceProfileNotFound: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.
IamNodeRoleNotFound: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.
InstanceLimitExceeded: Your Amazon Web Services account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.
InsufficientFreeAddresses: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.
InternalFailure: These errors are usually caused by an Amazon EKS server-side issue.
NodeCreationFailure: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient node IAM role permissions or lack of outbound internet access for the nodes.
A brief description of the error.
AccessDenied: Amazon EKS or one or more of your managed nodes is failing to authenticate or authorize with your Kubernetes cluster API server.
AsgInstanceLaunchFailures: Your Amazon EC2 Auto Scaling group is experiencing failures while attempting to launch instances.
AutoScalingGroupNotFound: We couldn't find the Amazon EC2 Auto Scaling group associated with the managed node group. You may be able to recreate an Amazon EC2 Auto Scaling group with the same settings to recover.
ClusterUnreachable: Amazon EKS or one or more of your managed nodes is unable to to communicate with your Kubernetes cluster API server. This can happen if there are network disruptions or if API servers are timing out processing requests.
Ec2InstanceTypeDoesNotExist: One or more of the supplied Amazon EC2 instance types do not exist. Amazon EKS checked for the instance types that you provided in this Amazon Web Services Region, and one or more aren't available.
Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.
Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.
Ec2SecurityGroupDeletionFailure: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.
Ec2SecurityGroupNotFound: We couldn't find the cluster security group for the cluster. You must recreate your cluster.
Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the auto-assign public IP address setting for the subnet. See Modifying the public IPv4 addressing attribute for your subnet in the Amazon VPC User Guide.
IamInstanceProfileNotFound: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.
IamNodeRoleNotFound: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.
InstanceLimitExceeded: Your Amazon Web Services account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.
InsufficientFreeAddresses: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.
InternalFailure: These errors are usually caused by an Amazon EKS server-side issue.
NodeCreationFailure: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient node IAM role permissions or lack of outbound internet access for the nodes.
The current number of nodes that the managed node group should maintain.
If you use the Kubernetes Cluster Autoscaler, you shouldn't change the desiredSize value directly, as this can cause the Cluster Autoscaler to suddenly scale up or scale down.
Whenever this parameter changes, the number of worker nodes in the node group is updated to the specified size. If this parameter is given a value that is smaller than the current number of running worker nodes, the necessary number of worker nodes are terminated to match the given value. When using CloudFormation, no action occurs if you remove this parameter from your CFN template.
This parameter can be different from minSize in some cases, such as when starting with extra hosts for testing. This parameter can also be different when you want to start with an estimated number of needed hosts, but let the Cluster Autoscaler reduce the number if there are too many. When the Cluster Autoscaler is used, the desiredSize parameter is altered by the Cluster Autoscaler (but can be out-of-date for short periods of time). the Cluster Autoscaler doesn't scale a managed node group lower than minSize or higher than maxSize.
An object representing the scaling configuration details for the Auto Scaling group that is associated with your node group. When creating a node group, you must specify all or none of the properties. When updating a node group, you can specify any or none of the properties.
" + "documentation":"An object representing the scaling configuration details for the Amazon EC2 Auto Scaling group that is associated with your node group. When creating a node group, you must specify all or none of the properties. When updating a node group, you can specify any or none of the properties.
" }, "NodegroupStatus":{ "type":"string", @@ -5236,6 +5254,15 @@ }, "documentation":"Identifies the Key Management Service (KMS) key used to encrypt the secrets.
" }, + "ProvisionedControlPlaneTier":{ + "type":"string", + "enum":[ + "standard", + "tier-xl", + "tier-2xl", + "tier-4xl" + ] + }, "RegisterClusterRequest":{ "type":"structure", "required":[ @@ -5869,6 +5896,10 @@ "deletionProtection":{ "shape":"BoxedBoolean", "documentation":"Specifies whether to enable or disable deletion protection for the cluster. When enabled (true), the cluster cannot be deleted until deletion protection is explicitly disabled. When disabled (false), the cluster can be deleted normally.
The control plane scaling tier configuration. For more information, see EKS Provisioned Control Plane in the Amazon EKS User Guide.
" } } }, @@ -6035,7 +6066,7 @@ }, "version":{ "shape":"String", - "documentation":"The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
The Kubernetes version to update to. If no version is specified, then the node group will be updated to match the cluster's current Kubernetes version, and the latest available AMI for that version will be used. You can also specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate, and your launch template uses a custom AMI, then don't specify version, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Customizing managed nodes with launch templates in the Amazon EKS User Guide.
Describes the specified rules or the rules for the specified listener. You must specify either a listener or one or more rules.
" + "documentation":"Describes the specified rules or the rules for the specified listener. You must specify either a listener or rules.
" }, "DescribeSSLPolicies":{ "name":"DescribeSSLPolicies", @@ -998,7 +998,7 @@ }, "TargetGroupArn":{ "shape":"TargetGroupArn", - "documentation":"The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to one or more target groups, use ForwardConfig instead.
The Amazon Resource Name (ARN) of the target group. Specify only when Type is forward and you want to route to a single target group. To route to multiple target groups, you must use ForwardConfig instead.
Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when Type is forward. If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
Information for creating an action that distributes requests among multiple target groups. Specify only when Type is forward.
If you specify both ForwardConfig and TargetGroupArn, you can specify only one target group using ForwardConfig and it must be the same target group specified in TargetGroupArn.
[HTTPS listeners] Information for validating JWT access tokens in client requests. Specify only when Type is jwt-validation.
Information about an action.
Each rule must include exactly one of the following types of actions: forward, fixed-response, or redirect, and it must be the last action to be performed.
Information about an action.
Each rule must include exactly one of the following routing actions: forward, fixed-response, or redirect, and it must be the last action to be performed.
Optionally, a rule for an HTTPS listener can also include one of the following user authentication actions: authenticate-oidc, authenticate-cognito, or jwt-validation.
The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, and TCP_UDP. You can’t specify the UDP or TCP_UDP protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
" + "documentation":"The protocol for connections from clients to the load balancer. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, TCP_UDP, QUIC, and TCP_QUIC. You can’t specify the UDP, TCP_UDP, QUIC, or TCP_QUIC protocol if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
" }, "Port":{ "shape":"Port", @@ -1661,7 +1666,7 @@ }, "Protocol":{ "shape":"ProtocolEnum", - "documentation":"The protocol to use for routing traffic to the targets. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, or TCP_UDP. For Gateway Load Balancers, the supported protocol is GENEVE. A TCP_UDP listener must be associated with a TCP_UDP target group. If the target is a Lambda function, this parameter does not apply.
" + "documentation":"The protocol to use for routing traffic to the targets. For Application Load Balancers, the supported protocols are HTTP and HTTPS. For Network Load Balancers, the supported protocols are TCP, TLS, UDP, TCP_UDP, QUIC, or TCP_QUIC. For Gateway Load Balancers, the supported protocol is GENEVE. A TCP_UDP listener must be associated with a TCP_UDP target group. A TCP_QUIC listener must be associated with a TCP_QUIC target group. If the target is a Lambda function, this parameter does not apply.
" }, "ProtocolVersion":{ "shape":"ProtocolVersion", @@ -1677,11 +1682,11 @@ }, "HealthCheckProtocol":{ "shape":"ProtocolEnum", - "documentation":"The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
" + "documentation":"The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. The GENEVE, TLS, UDP, TCP_UDP, QUIC, and TCP_QUIC protocols are not supported for health checks.
" }, "HealthCheckPort":{ "shape":"HealthCheckPort", - "documentation":"The port the load balancer uses when performing health checks on targets. If the protocol is HTTP, HTTPS, TCP, TLS, UDP, or TCP_UDP, the default is traffic-port, which is the port on which each target receives traffic from the load balancer. If the protocol is GENEVE, the default is port 80.
The port the load balancer uses when performing health checks on targets. If the protocol is HTTP, HTTPS, TCP, TLS, UDP, TCP_UDP, QUIC, or TCP_QUIC the default is traffic-port, which is the port on which each target receives traffic from the load balancer. If the protocol is GENEVE, the default is port 80.
The approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. If the target group protocol is TCP, TLS, UDP, TCP_UDP, HTTP or HTTPS, the default is 30 seconds. If the target group protocol is GENEVE, the default is 10 seconds. If the target type is lambda, the default is 35 seconds.
The approximate amount of time, in seconds, between health checks of an individual target. The range is 5-300. If the target group protocol is TCP, TLS, UDP, TCP_UDP, QUIC, TCP_QUIC, HTTP or HTTPS, the default is 30 seconds. If the target group protocol is GENEVE, the default is 10 seconds. If the target type is lambda, the default is 35 seconds.
The number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. If the target group protocol is TCP, TCP_UDP, UDP, TLS, HTTP or HTTPS, the default is 2. For target groups with a protocol of GENEVE, the default is 2. If the target type is lambda, the default is 5.
The number of consecutive health check failures required before considering a target unhealthy. The range is 2-10. If the target group protocol is TCP, TCP_UDP, UDP, TLS, QUIC, TCP_QUIC, HTTP or HTTPS, the default is 2. For target groups with a protocol of GENEVE, the default is 2. If the target type is lambda, the default is 5.
[HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target. For target groups with a protocol of TCP, TCP_UDP, UDP or TLS the range is 200-599. For target groups with a protocol of HTTP or HTTPS, the range is 200-499. For target groups with a protocol of GENEVE, the range is 200-399.
" + "documentation":"[HTTP/HTTPS health checks] The HTTP or gRPC codes to use when checking for a successful response from a target. For target groups with a protocol of TCP, TCP_UDP, UDP, QUIC, TCP_QUIC, or TLS the range is 200-599. For target groups with a protocol of HTTP or HTTPS, the range is 200-499. For target groups with a protocol of GENEVE, the range is 200-399.
" }, "TargetType":{ "shape":"TargetTypeEnum", @@ -1722,6 +1727,10 @@ "IpAddressType":{ "shape":"TargetGroupIpAddressTypeEnum", "documentation":"The IP address type. The default value is ipv4.
The port on which the target control agent and application load balancer exchange management traffic for the target optimizer feature.
" } } }, @@ -2512,7 +2521,7 @@ "members":{ "TargetGroups":{ "shape":"TargetGroupList", - "documentation":"The target groups. For Network Load Balancers, you can specify a single target group.
" + "documentation":"The target groups.
" }, "TargetGroupStickinessConfig":{ "shape":"TargetGroupStickinessConfig", @@ -2803,6 +2812,71 @@ "documentation":"An IPAM pool is a collection of IP address CIDRs. IPAM pools enable you to organize your IP addresses according to your routing and security needs.
" }, "IsDefault":{"type":"boolean"}, + "JwtValidationActionAdditionalClaim":{ + "type":"structure", + "required":[ + "Format", + "Name", + "Values" + ], + "members":{ + "Format":{ + "shape":"JwtValidationActionAdditionalClaimFormatEnum", + "documentation":"The format of the claim value.
" + }, + "Name":{ + "shape":"JwtValidationActionAdditionalClaimName", + "documentation":"The name of the claim. You can't specify exp, iss, nbf, or iat because we validate them by default.
The claim value. The maximum size of the list is 10. Each value can be up to 256 characters in length. If the format is space-separated-values, the values can't include spaces.
Information about an additional claim to validate.
" + }, + "JwtValidationActionAdditionalClaimFormatEnum":{ + "type":"string", + "enum":[ + "single-string", + "string-array", + "space-separated-values" + ] + }, + "JwtValidationActionAdditionalClaimName":{"type":"string"}, + "JwtValidationActionAdditionalClaimValue":{"type":"string"}, + "JwtValidationActionAdditionalClaimValues":{ + "type":"list", + "member":{"shape":"JwtValidationActionAdditionalClaimValue"} + }, + "JwtValidationActionAdditionalClaims":{ + "type":"list", + "member":{"shape":"JwtValidationActionAdditionalClaim"} + }, + "JwtValidationActionConfig":{ + "type":"structure", + "required":[ + "JwksEndpoint", + "Issuer" + ], + "members":{ + "JwksEndpoint":{ + "shape":"JwtValidationActionJwksEndpoint", + "documentation":"The JSON Web Key Set (JWKS) endpoint. This endpoint contains JSON Web Keys (JWK) that are used to validate signatures from the provider.
This must be a full URL, including the HTTPS protocol, the domain, and the path. The maximum length is 256 characters.
" + }, + "Issuer":{ + "shape":"JwtValidationActionIssuer", + "documentation":"The issuer of the JWT. The maximum length is 256 characters.
" + }, + "AdditionalClaims":{ + "shape":"JwtValidationActionAdditionalClaims", + "documentation":"Additional claims to validate. The maximum size of the list is 10. We validate the exp, iss, nbf, and iat claims by default.
Information about a JSON Web Token (JWT) validation action.
" + }, + "JwtValidationActionIssuer":{"type":"string"}, + "JwtValidationActionJwksEndpoint":{"type":"string"}, "LastModifiedTime":{"type":"timestamp"}, "Limit":{ "type":"structure", @@ -3022,7 +3096,7 @@ "members":{ "Key":{ "shape":"LoadBalancerAttributeKey", - "documentation":"The name of the attribute.
The following attributes are supported by all load balancers:
deletion_protection.enabled - Indicates whether deletion protection is enabled. The value is true or false. The default is false.
load_balancing.cross_zone.enabled - Indicates whether cross-zone load balancing is enabled. The possible values are true and false. The default for Network Load Balancers and Gateway Load Balancers is false. The default for Application Load Balancers is true, and can't be changed.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled - Indicates whether access logs are enabled. The value is true or false. The default is false.
access_logs.s3.bucket - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
access_logs.s3.prefix - The prefix for the location in the S3 bucket for the access logs.
ipv6.deny_all_igw_traffic - Blocks internet gateway (IGW) access to the load balancer. It is set to false for internet-facing load balancers and true for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
zonal_shift.config.enabled - Indicates whether zonal shift is enabled. The possible values are true and false. The default is false.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.
client_keep_alive.seconds - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connection_logs.s3.enabled - Indicates whether connection logs are enabled. The value is true or false. The default is false.
connection_logs.s3.bucket - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
connection_logs.s3.prefix - The prefix for the location in the S3 bucket for the connection logs.
routing.http.desync_mitigation_mode - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor, defensive, and strictest. The default is defensive.
routing.http.drop_invalid_header_fields.enabled - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). The default is false.
routing.http.preserve_host_header.enabled - Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. The possible values are true and false. The default is false.
routing.http.x_amzn_tls_version_and_cipher_suite.enabled - Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are true and false. The default is false.
routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false.
routing.http.xff_header_processing.mode - Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are append, preserve, and remove. The default is append.
If the value is append, the Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.
If the value is preserve the Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.
If the value is remove, the Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.
routing.http2.enabled - Indicates whether clients can connect to the load balancer using HTTP/2. If true, clients can connect using HTTP/2 or HTTP/1.1. However, all client requests are subject to the stricter HTTP/2 header validation rules. For example, message header names must contain only alphanumeric characters and hyphens. If false, clients must connect using HTTP/1.1. The default is true.
waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are true and false. The default is false.
The following attributes are supported by only Network Load Balancers:
dns_record.client_routing_policy - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are availability_zone_affinity with 100 percent zonal affinity, partial_availability_zone_affinity with 85 percent zonal affinity, and any_availability_zone with 0 percent zonal affinity.
secondary_ips.auto_assigned.per_subnet - The number of secondary IP addresses to configure for your load balancer nodes. Use to address port allocation errors if you can't add targets. The valid range is 0 to 7. The default is 0. After you set this value, you can't decrease it.
The name of the attribute.
The following attributes are supported by all load balancers:
deletion_protection.enabled - Indicates whether deletion protection is enabled. The value is true or false. The default is false.
load_balancing.cross_zone.enabled - Indicates whether cross-zone load balancing is enabled. The possible values are true and false. The default for Network Load Balancers and Gateway Load Balancers is false. The default for Application Load Balancers is true, and can't be changed.
The following attributes are supported by both Application Load Balancers and Network Load Balancers:
access_logs.s3.enabled - Indicates whether access logs are enabled. The value is true or false. The default is false.
access_logs.s3.bucket - The name of the S3 bucket for the access logs. This attribute is required if access logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
access_logs.s3.prefix - The prefix for the location in the S3 bucket for the access logs.
ipv6.deny_all_igw_traffic - Blocks internet gateway (IGW) access to the load balancer. It is set to false for internet-facing load balancers and true for internal load balancers, preventing unintended access to your internal load balancer through an internet gateway.
zonal_shift.config.enabled - Indicates whether zonal shift is enabled. The possible values are true and false. The default is false.
The following attributes are supported by only Application Load Balancers:
idle_timeout.timeout_seconds - The idle timeout value, in seconds. The valid range is 1-4000 seconds. The default is 60 seconds.
client_keep_alive.seconds - The client keep alive value, in seconds. The valid range is 60-604800 seconds. The default is 3600 seconds.
connection_logs.s3.enabled - Indicates whether connection logs are enabled. The value is true or false. The default is false.
connection_logs.s3.bucket - The name of the S3 bucket for the connection logs. This attribute is required if connection logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
connection_logs.s3.prefix - The prefix for the location in the S3 bucket for the connection logs.
health_check_logs.s3.enabled - Indicates whether health check logs are enabled. The value is true or false. The default is false.
health_check_logs.s3.bucket - The name of the S3 bucket for the health check logs. This attribute is required if health check logs are enabled. The bucket must exist in the same region as the load balancer and have a bucket policy that grants Elastic Load Balancing permissions to write to the bucket.
health_check_logs.s3.prefix - The prefix for the location in the S3 bucket for the health check logs.
routing.http.desync_mitigation_mode - Determines how the load balancer handles requests that might pose a security risk to your application. The possible values are monitor, defensive, and strictest. The default is defensive.
routing.http.drop_invalid_header_fields.enabled - Indicates whether HTTP headers with invalid header fields are removed by the load balancer (true) or routed to targets (false). The default is false.
routing.http.preserve_host_header.enabled - Indicates whether the Application Load Balancer should preserve the Host header in the HTTP request and send it to the target without any change. The possible values are true and false. The default is false.
routing.http.x_amzn_tls_version_and_cipher_suite.enabled - Indicates whether the two headers (x-amzn-tls-version and x-amzn-tls-cipher-suite), which contain information about the negotiated TLS version and cipher suite, are added to the client request before sending it to the target. The x-amzn-tls-version header has information about the TLS protocol version negotiated with the client, and the x-amzn-tls-cipher-suite header has information about the cipher suite negotiated with the client. Both headers are in OpenSSL format. The possible values for the attribute are true and false. The default is false.
routing.http.xff_client_port.enabled - Indicates whether the X-Forwarded-For header should preserve the source port that the client used to connect to the load balancer. The possible values are true and false. The default is false.
routing.http.xff_header_processing.mode - Enables you to modify, preserve, or remove the X-Forwarded-For header in the HTTP request before the Application Load Balancer sends the request to the target. The possible values are append, preserve, and remove. The default is append.
If the value is append, the Application Load Balancer adds the client IP address (of the last hop) to the X-Forwarded-For header in the HTTP request before it sends it to targets.
If the value is preserve the Application Load Balancer preserves the X-Forwarded-For header in the HTTP request, and sends it to targets without any change.
If the value is remove, the Application Load Balancer removes the X-Forwarded-For header in the HTTP request before it sends it to targets.
routing.http2.enabled - Indicates whether clients can connect to the load balancer using HTTP/2. If true, clients can connect using HTTP/2 or HTTP/1.1. However, all client requests are subject to the stricter HTTP/2 header validation rules. For example, message header names must contain only alphanumeric characters and hyphens. If false, clients must connect using HTTP/1.1. The default is true.
waf.fail_open.enabled - Indicates whether to allow a WAF-enabled load balancer to route requests to targets if it is unable to forward the request to Amazon Web Services WAF. The possible values are true and false. The default is false.
The following attributes are supported by only Network Load Balancers:
dns_record.client_routing_policy - Indicates how traffic is distributed among the load balancer Availability Zones. The possible values are availability_zone_affinity with 100 percent zonal affinity, partial_availability_zone_affinity with 85 percent zonal affinity, and any_availability_zone with 0 percent zonal affinity.
secondary_ips.auto_assigned.per_subnet - The number of secondary IP addresses to configure for your load balancer nodes. Use to address port allocation errors if you can't add targets. The valid range is 0 to 7. The default is 0. After you set this value, you can't decrease it.
The protocol for connections from clients to the load balancer. Application Load Balancers support the HTTP and HTTPS protocols. Network Load Balancers support the TCP, TLS, UDP, and TCP_UDP protocols. You can’t change the protocol to UDP or TCP_UDP if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
" + "documentation":"The protocol for connections from clients to the load balancer. Application Load Balancers support the HTTP and HTTPS protocols. Network Load Balancers support the TCP, TLS, UDP, TCP_UDP, QUIC, and TCP_QUIC protocols. You can’t change the protocol to UDP, TCP_UDP, QUIC, or TCP_QUIC if dual-stack mode is enabled. You can't specify a protocol for a Gateway Load Balancer.
" }, "SslPolicy":{ "shape":"SslPolicyName", @@ -3374,7 +3448,7 @@ }, "HealthCheckProtocol":{ "shape":"ProtocolEnum", - "documentation":"The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. It is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The GENEVE, TLS, UDP, and TCP_UDP protocols are not supported for health checks.
" + "documentation":"The protocol the load balancer uses when performing health checks on targets. For Application Load Balancers, the default is HTTP. For Network Load Balancers and Gateway Load Balancers, the default is TCP. The TCP protocol is not supported for health checks if the protocol of the target group is HTTP or HTTPS. It is supported for health checks only if the protocol of the target group is TCP, TLS, UDP, or TCP_UDP. The GENEVE, TLS, UDP, TCP_UDP, QUIC, and TCP_QUIC protocols are not supported for health checks.
" }, "HealthCheckPort":{ "shape":"HealthCheckPort", @@ -3560,7 +3634,9 @@ "TLS", "UDP", "TCP_UDP", - "GENEVE" + "GENEVE", + "QUIC", + "TCP_QUIC" ] }, "ProtocolVersion":{"type":"string"}, @@ -3592,6 +3668,11 @@ "type":"list", "member":{"shape":"QueryStringKeyValuePair"} }, + "QuicServerId":{ + "type":"string", + "max":256, + "min":1 + }, "RedirectActionConfig":{ "type":"structure", "required":["StatusCode"], @@ -4073,7 +4154,7 @@ }, "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{ "shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum", - "documentation":"Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink. The default is on.
Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink. Applies only if the load balancer has an associated security group. The default is on.
An Availability Zone or all. This determines whether the target receives traffic from the load balancer nodes in the specified Availability Zone or from all enabled Availability Zones for the load balancer.
For Application Load Balancer target groups, the specified Availability Zone value is only applicable when cross-zone load balancing is off. Otherwise the parameter is ignored and treated as all.
This parameter is not supported if the target type of the target group is instance or alb.
If the target type is ip and the IP address is in a subnet of the VPC for the target group, the Availability Zone is automatically detected and this parameter is optional. If the IP address is outside the VPC, this parameter is required.
For Application Load Balancer target groups with cross-zone load balancing off, if the target type is ip and the IP address is outside of the VPC for the target group, this should be an Availability Zone inside the VPC for the target group.
If the target type is lambda, this parameter is optional and the only supported value is all.
The server ID for the targets. This value is required if the protocol is QUIC or TCP_QUIC and can't be used with other protocols.
The ID consists of the 0x prefix followed by 16 hexadecimal characters. Any letters must be lowercase. The value must be unique at the listener level. You can't modify the server ID for a registered target. You must deregister the target and then provide a new server ID when you register the target again.
Information about a target.
" @@ -4402,6 +4492,10 @@ "IpAddressType":{ "shape":"TargetGroupIpAddressTypeEnum", "documentation":"The IP address type. The default value is ipv4.
The port on which the target control agent and application load balancer exchange management traffic for the target optimizer feature.
" } }, "documentation":"Information about a target group.
" @@ -4482,7 +4576,7 @@ }, "DurationSeconds":{ "shape":"TargetGroupStickinessDurationSeconds", - "documentation":"The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.
" + "documentation":"[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.
" } }, "documentation":"Information about the target group stickiness for a rule.
" @@ -4517,7 +4611,7 @@ }, "Reason":{ "shape":"TargetHealthReasonEnum", - "documentation":"The reason code.
If the target state is healthy, a reason code is not provided.
If the target state is initial, the reason code can be one of the following values:
Elb.RegistrationInProgress - The target is in the process of being registered with the load balancer.
Elb.InitialHealthChecking - The load balancer is still sending the target the minimum number of health checks required to determine its health status.
If the target state is unhealthy, the reason code can be one of the following values:
Target.ResponseCodeMismatch - The health checks did not return an expected HTTP code. Applies only to Application Load Balancers and Gateway Load Balancers.
Target.Timeout - The health check requests timed out. Applies only to Application Load Balancers and Gateway Load Balancers.
Target.FailedHealthChecks - The load balancer received an error while establishing a connection to the target or the target response was malformed.
Elb.InternalError - The health checks failed due to an internal error. Applies only to Application Load Balancers.
If the target state is unused, the reason code can be one of the following values:
Target.NotRegistered - The target is not registered with the target group.
Target.NotInUse - The target group is not used by any load balancer or the target is in an Availability Zone that is not enabled for its load balancer.
Target.InvalidState - The target is in the stopped or terminated state.
Target.IpUnusable - The target IP address is reserved for use by a load balancer.
If the target state is draining, the reason code can be the following value:
Target.DeregistrationInProgress - The target is in the process of being deregistered and the deregistration delay period has not expired.
If the target state is unavailable, the reason code can be the following value:
Target.HealthCheckDisabled - Health checks are disabled for the target group. Applies only to Application Load Balancers.
Elb.InternalError - Target health is unavailable due to an internal error. Applies only to Network Load Balancers.
The reason code.
If the target state is healthy, a reason code is not provided.
If the target state is initial, the reason code can be one of the following values:
Elb.RegistrationInProgress - The target is in the process of being registered with the load balancer.
Elb.InitialHealthChecking - The load balancer is still sending the target the minimum number of health checks required to determine its health status.
If the target state is unhealthy, the reason code can be one of the following values:
Target.ResponseCodeMismatch - The health checks did not return an expected HTTP code.
Target.Timeout - The health check requests timed out.
Target.FailedHealthChecks - The load balancer received an error while establishing a connection to the target or the target response was malformed.
Elb.InternalError - The health checks failed due to an internal error.
If the target state is unused, the reason code can be one of the following values:
Target.NotRegistered - The target is not registered with the target group.
Target.NotInUse - The target group is not used by any load balancer or the target is in an Availability Zone that is not enabled for its load balancer.
Target.InvalidState - The target is in the stopped or terminated state.
Target.IpUnusable - The target IP address is reserved for use by a load balancer.
If the target state is draining, the reason code can be the following value:
Target.DeregistrationInProgress - The target is in the process of being deregistered and the deregistration delay period has not expired.
If the target state is unavailable, the reason code can be the following value:
Target.HealthCheckDisabled - Health checks are disabled for the target group.
Elb.InternalError - Target health is unavailable due to an internal error.
A load balancer distributes incoming traffic across targets, such as your EC2 instances. This enables you to increase the availability of your application. The load balancer also monitors the health of its registered targets and ensures that it routes traffic only to healthy targets. You configure your load balancer to accept incoming traffic by specifying one or more listeners, which are configured with a protocol and port number for connections from clients to the load balancer. You configure a target group with a protocol and port number for connections from the load balancer to the targets, and with health check settings to be used when checking the health status of the targets.
Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, Gateway Load Balancers, and Classic Load Balancers. This reference covers the following load balancer types:
Application Load Balancer - Operates at the application layer (layer 7) and supports HTTP and HTTPS.
Network Load Balancer - Operates at the transport layer (layer 4) and supports TCP, TLS, and UDP.
Gateway Load Balancer - Operates at the network layer (layer 3).
For more information, see the Elastic Load Balancing User Guide.
All Elastic Load Balancing operations are idempotent, which means that they complete at most one time. If you repeat an operation, it succeeds.
" + "documentation":"A load balancer distributes incoming traffic across targets, such as your EC2 instances. This enables you to increase the availability of your application. The load balancer also monitors the health of its registered targets and ensures that it routes traffic only to healthy targets. You configure your load balancer to accept incoming traffic by specifying one or more listeners, which are configured with a protocol and port number for connections from clients to the load balancer. You configure a target group with a protocol and port number for connections from the load balancer to the targets, and with health check settings to be used when checking the health status of the targets.
Elastic Load Balancing supports the following types of load balancers: Application Load Balancers, Network Load Balancers, Gateway Load Balancers, and Classic Load Balancers. This reference covers the following load balancer types:
Application Load Balancer - Operates at the application layer (layer 7) and supports HTTP and HTTPS.
Network Load Balancer - Operates at the transport layer (layer 4) and supports TCP, TLS, UDP, and QUIC.
Gateway Load Balancer - Operates at the network layer (layer 3).
For more information, see the Elastic Load Balancing User Guide.
All Elastic Load Balancing operations are idempotent, which means that they complete at most one time. If you repeat an operation, it succeeds.
" } diff --git a/awscli/botocore/data/emr/2009-03-31/service-2.json b/awscli/botocore/data/emr/2009-03-31/service-2.json index acd51a447f36..0cf7a2f7fd13 100644 --- a/awscli/botocore/data/emr/2009-03-31/service-2.json +++ b/awscli/botocore/data/emr/2009-03-31/service-2.json @@ -1256,6 +1256,33 @@ }, "documentation":"The definition of a CloudWatch metric alarm, which determines when an automatic scaling activity is triggered. When the defined alarm conditions are satisfied, scaling activity begins.
" }, + "CloudWatchLogConfiguration":{ + "type":"structure", + "required":["Enabled"], + "members":{ + "Enabled":{ + "shape":"Boolean", + "documentation":"Specifies if CloudWatch logging is enabled.
" + }, + "LogGroupName":{ + "shape":"XmlString", + "documentation":"The name of the CloudWatch log group where logs are published.
" + }, + "LogStreamNamePrefix":{ + "shape":"XmlString", + "documentation":"The prefix of the log stream name.
" + }, + "EncryptionKeyArn":{ + "shape":"XmlString", + "documentation":"The ARN of the encryption key used to encrypt the logs.
" + }, + "LogTypes":{ + "shape":"LogTypesMap", + "documentation":"A map of log types to file names for publishing logs to the standard output or standard error streams for CloudWatch. Valid log types include STEP_LOGS, SPARK_DRIVER, and SPARK_EXECUTOR. Valid file names for each type include STDOUT and STDERR.
" + } + }, + "documentation":"Holds CloudWatch log configuration settings and metadata that specify settings like log files to monitor and where to send them.
" + }, "Cluster":{ "type":"structure", "members":{ @@ -1398,6 +1425,10 @@ "ExtendedSupport":{ "shape":"BooleanObject", "documentation":"Reserved.
" + }, + "MonitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"Contains Cloudwatch log configuration metadata and settings.
" } }, "documentation":"The detailed description of the cluster.
" @@ -2881,7 +2912,7 @@ }, "BidPrice":{ "shape":"String", - "documentation":"If specified, indicates that the instance group uses Spot Instances. This is the maximum price you are willing to pay for Spot Instances. Specify OnDemandPrice to set the amount equal to the On-Demand price, or specify an amount in USD.
The bid price for each Amazon EC2 Spot Instance type as defined by InstanceType. Expressed in USD. If neither BidPrice nor BidPriceAsPercentageOfOnDemandPrice is provided, BidPriceAsPercentageOfOnDemandPrice defaults to 100%.
If specified, indicates that the instance group uses Spot Instances. This is the maximum price you are willing to pay for Spot Instances. Specify OnDemandPrice to set the amount equal to the On-Demand price, or specify an amount in USD.
The bid price for each Amazon EC2 Spot Instance type as defined by InstanceType. Expressed in USD. If neither BidPrice nor BidPriceAsPercentageOfOnDemandPrice is provided, BidPriceAsPercentageOfOnDemandPrice defaults to 100%.
If specified, indicates that the instance group uses Spot Instances. This is the maximum price you are willing to pay for Spot Instances. Specify OnDemandPrice to set the amount equal to the On-Demand price, or specify an amount in USD.
The bid price for each Amazon EC2 Spot Instance type as defined by InstanceType. Expressed in USD. If neither BidPrice nor BidPriceAsPercentageOfOnDemandPrice is provided, BidPriceAsPercentageOfOnDemandPrice defaults to 100%.
The bid price for each Amazon EC2 Spot Instance type as defined by InstanceType. Expressed in USD.
The bid price for each Amazon EC2 Spot Instance type as defined by InstanceType. Expressed in USD. If neither BidPrice nor BidPriceAsPercentageOfOnDemandPrice is provided, BidPriceAsPercentageOfOnDemandPrice defaults to 100%.
Change the size of some instance groups.
" }, + "MonitoringConfiguration":{ + "type":"structure", + "members":{ + "CloudWatchLogConfiguration":{ + "shape":"CloudWatchLogConfiguration", + "documentation":"CloudWatch log configuration settings and metadata that specify settings like log files to monitor and where to send them.
" + } + }, + "documentation":"Contains CloudWatch log configuration metadata and settings.
" + }, "NewSupportedProductsList":{ "type":"list", "member":{"shape":"SupportedProductConfig"} @@ -4997,6 +5043,10 @@ "ExtendedSupport":{ "shape":"BooleanObject", "documentation":"Reserved.
" + }, + "MonitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"Contains CloudWatch log configuration metadata and settings.
" } }, "documentation":"Input to the RunJobFlow operation.
" @@ -5015,6 +5065,20 @@ }, "documentation":"The result of the RunJobFlow operation.
" }, + "S3MonitoringConfiguration":{ + "type":"structure", + "members":{ + "LogUri":{ + "shape":"XmlString", + "documentation":"The Amazon S3 destination URI for log publishing.
" + }, + "EncryptionKeyArn":{ + "shape":"XmlString", + "documentation":"The KMS key ARN to encrypt the logs published to the given Amazon S3 destination.
" + } + }, + "documentation":"The Amazon S3 configuration for monitoring log publishing. You can configure your step to send log information to Amazon S3. When it's specified, it takes precedence over the cluster's logging configuration. If you don't specify this configuration entirely, or omit individual fields, EMR falls back to cluster-level logging behavior.
" + }, "ScaleDownBehavior":{ "type":"string", "enum":[ @@ -5489,6 +5553,14 @@ "ExecutionRoleArn":{ "shape":"OptionalArnType", "documentation":"The Amazon Resource Name (ARN) of the runtime role for a step on the cluster. The runtime role can be a cross-account IAM role. The runtime role ARN is a combination of account ID, role name, and role type using the following format: arn:partition:service:region:account:resource.
For example, arn:aws:IAM::1234567890:role/ReadOnly is a correctly formatted runtime role ARN.
The Amazon S3 destination URI for log publishing.
" + }, + "EncryptionKeyArn":{ + "shape":"String", + "documentation":"The KMS key ARN to encrypt the logs published to the given Amazon S3 destination.
" } }, "documentation":"This represents a step in a cluster.
" @@ -5518,6 +5590,10 @@ "HadoopJarStep":{ "shape":"HadoopJarStepConfig", "documentation":"The JAR file used for the step.
" + }, + "StepMonitoringConfiguration":{ + "shape":"StepMonitoringConfiguration", + "documentation":"Object that holds configuration properties for logging.
" } }, "documentation":"Specification for a cluster (job flow) step.
" @@ -5595,6 +5671,16 @@ "type":"list", "member":{"shape":"XmlStringMaxLen256"} }, + "StepMonitoringConfiguration":{ + "type":"structure", + "members":{ + "S3MonitoringConfiguration":{ + "shape":"S3MonitoringConfiguration", + "documentation":"The Amazon S3 configuration for monitoring log publishing. You can configure your step to send log information to Amazon S3. When it's specified, it takes precedence over the cluster's logging configuration. If you don't specify this configuration entirely, or omit individual fields, EMR falls back to cluster-level logging behavior.
" + } + }, + "documentation":"Object that holds configuration properties for logging.
" + }, "StepState":{ "type":"string", "enum":[ @@ -5673,6 +5759,14 @@ "Status":{ "shape":"StepStatus", "documentation":"The current execution status details of the cluster step.
" + }, + "LogUri":{ + "shape":"String", + "documentation":"The Amazon S3 destination URI for log publishing.
" + }, + "EncryptionKeyArn":{ + "shape":"String", + "documentation":"The KMS key ARN to encrypt the logs published to the given Amazon S3 destination.
" } }, "documentation":"The summary of the cluster step.
" diff --git a/awscli/botocore/data/endpoints.json b/awscli/botocore/data/endpoints.json index 162aa21b32cd..97ef05342e78 100644 --- a/awscli/botocore/data/endpoints.json +++ b/awscli/botocore/data/endpoints.json @@ -2720,8 +2720,11 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -2732,6 +2735,7 @@ "deprecated" : true, "hostname" : "appstream2-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -3720,6 +3724,7 @@ }, "bedrock" : { "endpoints" : { + "af-south-1" : { }, "ap-east-2" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, @@ -4021,6 +4026,7 @@ "hostname" : "bedrock.us-west-2.amazonaws.com" }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -4031,6 +4037,8 @@ "eu-west-3" : { }, "il-central-1" : { }, "me-central-1" : { }, + "me-south-1" : { }, + "mx-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -10060,12 +10068,14 @@ "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-5" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "email-fips.ca-central-1.amazonaws.com", "tags" : [ "fips" ] } ] }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -12697,6 +12707,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { }, "ca-west-1" : { }, @@ -17471,6 +17482,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ap-southeast-5" : { }, + "ap-southeast-6" : { }, "ap-southeast-7" : { }, "ca-central-1" : { "variants" : [ { @@ -17756,6 +17768,7 @@ }, "hostname" : "oidc.ap-east-1.amazonaws.com" }, + "ap-east-2" : { }, "ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" @@ -37924,6 +37937,11 @@ "us-isob-west-1" : { } } }, + "bedrock" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "budgets" : { "endpoints" : { "aws-iso-b-global" : { diff --git a/awscli/botocore/data/fsx/2018-03-01/service-2.json b/awscli/botocore/data/fsx/2018-03-01/service-2.json index b526d42941e9..1ffdedb8031f 100644 --- a/awscli/botocore/data/fsx/2018-03-01/service-2.json +++ b/awscli/botocore/data/fsx/2018-03-01/service-2.json @@ -2161,6 +2161,10 @@ "DiskIopsConfiguration":{ "shape":"DiskIopsConfiguration", "documentation":"The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for Windows file system. By default, Amazon FSx automatically provisions 3 IOPS per GiB of storage capacity. You can provision additional IOPS per GiB of storage, up to the maximum limit associated with your chosen throughput capacity.
" + }, + "FsrmConfiguration":{ + "shape":"WindowsFsrmConfiguration", + "documentation":"The File Server Resource Manager (FSRM) configuration that Amazon FSx for Windows File Server uses for the file system. FSRM is disabled by default.
" } }, "documentation":"The configuration object for the Microsoft Windows file system used in CreateFileSystem and CreateFileSystemFromBackup operations.
The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for Windows file system. By default, Amazon FSx automatically provisions 3 IOPS per GiB of storage capacity. You can provision additional IOPS per GiB of storage, up to the maximum limit associated with your chosen throughput capacity.
" + }, + "FsrmConfiguration":{ + "shape":"WindowsFsrmConfiguration", + "documentation":"The File Server Resource Manager (FSRM) configuration that Amazon FSx for Windows File Server uses for the file system. FSRM is disabled by default.
" } }, "documentation":"Updates the configuration for an existing Amazon FSx for Windows File Server file system. Amazon FSx only overwrites existing properties with non-null values provided in the request.
" @@ -7176,9 +7184,28 @@ "PreferredFileServerIpv6":{ "shape":"IpAddress", "documentation":"For MULTI_AZ_1 deployment types, the IPv6 address of the primary, or preferred, file server. Use this IP address when mounting the file system on Linux SMB clients or Windows SMB clients that are not joined to a Microsoft Active Directory. Applicable for all Windows file system deployment types. This IPv6 address is temporarily unavailable when the file system is undergoing maintenance. For Linux and Windows SMB clients that are joined to an Active Directory, use the file system's DNSName instead.
" + }, + "FsrmConfiguration":{ + "shape":"WindowsFsrmConfiguration", + "documentation":"The File Server Resource Manager (FSRM) configuration that Amazon FSx for Windows File Server uses for the file system. FSRM is disabled by default.
" } }, "documentation":"The configuration for this Microsoft Windows file system.
" + }, + "WindowsFsrmConfiguration":{ + "type":"structure", + "required":["FsrmServiceEnabled"], + "members":{ + "FsrmServiceEnabled":{ + "shape":"Flag", + "documentation":"Specifies whether FSRM is enabled or disabled on the file system. When TRUE, the FSRM service is enabled and monitor file operations according to configured policies. When FALSE or omitted, FSRM is disabled. The default value is FALSE.
The Amazon Resource Name (ARN) for the destination of the FSRM event logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN.
The name of the Amazon CloudWatch Logs log group must begin with the /aws/fsx prefix. The name of the Amazon Kinesis Data Firehose delivery stream must begin with the aws-fsx prefix.
The destination ARN (either CloudWatch Logs log group or Kinesis Data Firehose delivery stream) must be in the same Amazon Web Services partition, Amazon Web Services Region, and Amazon Web Services account as your Amazon FSx file system.
" + } + }, + "documentation":"The File Server Resource Manager (FSRM) configuration that Amazon FSx for Windows File Server uses for the file system. When FSRM is enabled, you can manage and monitor storage quotas, file screening, storage reports, and file classification.
" } }, "documentation":"Amazon FSx is a fully managed service that makes it easy for storage and application administrators to launch and use shared file storage.
" diff --git a/awscli/botocore/data/glue/2017-03-31/service-2.json b/awscli/botocore/data/glue/2017-03-31/service-2.json index d060d24e2b7f..c9b953db328c 100644 --- a/awscli/botocore/data/glue/2017-03-31/service-2.json +++ b/awscli/botocore/data/glue/2017-03-31/service-2.json @@ -1169,6 +1169,25 @@ ], "documentation":"Deletes the specified Zero-ETL integration.
" }, + "DeleteIntegrationResourceProperty":{ + "name":"DeleteIntegrationResourceProperty", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteIntegrationResourcePropertyRequest"}, + "output":{"shape":"DeleteIntegrationResourcePropertyResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"EntityNotFoundException"}, + {"shape":"InternalServiceException"}, + {"shape":"InvalidInputException"} + ], + "documentation":"This API is used for deleting the ResourceProperty of the Glue connection (for the source) or Glue database ARN (for the target).
Returns the available entities supported by the connection type.
" }, + "ListIntegrationResourceProperties":{ + "name":"ListIntegrationResourceProperties", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListIntegrationResourcePropertiesRequest"}, + "output":{"shape":"ListIntegrationResourcePropertiesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"EntityNotFoundException"}, + {"shape":"InternalServiceException"}, + {"shape":"InvalidInputException"} + ], + "documentation":"List integration resource properties for a single customer. It supports the filters, maxRecords and markers.
" + }, "ListJobs":{ "name":"ListJobs", "http":{ @@ -9323,11 +9361,11 @@ "documentation":"A unique name for an integration in Glue.
" }, "SourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the source resource for the integration.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the target resource for the integration.
" }, "Description":{ @@ -9361,7 +9399,7 @@ "required":["ResourceArn"], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, "SourceProcessingProperties":{ @@ -9371,6 +9409,10 @@ "TargetProcessingProperties":{ "shape":"TargetProcessingProperties", "documentation":"The resource properties associated with the integration target.
" + }, + "Tags":{ + "shape":"IntegrationTagsList", + "documentation":"Metadata assigned to the resource consisting of a list of key-value pairs.
" } } }, @@ -9379,9 +9421,13 @@ "required":["ResourceArn"], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, + "ResourcePropertyArn":{ + "shape":"String512", + "documentation":"The resource ARN created through this create API. The format is something like arn:aws:glue:<region>:<account_id>:integrationresourceproperty/*
" + }, "SourceProcessingProperties":{ "shape":"SourceProcessingProperties", "documentation":"The resource properties associated with the integration source.
" @@ -9404,11 +9450,11 @@ ], "members":{ "SourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the source resource for the integration.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the target resource for the integration.
" }, "IntegrationName":{ @@ -9465,7 +9511,7 @@ ], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The Amazon Resource Name (ARN) of the target table for which to create integration table properties. Currently, this API only supports creating integration table properties for target tables, and the provided ARN should be the ARN of the target table in the Glue Data Catalog. Support for creating integration table properties for source connections (using the connection ARN) is not yet implemented and will be added in a future release.
" }, "TableName":{ @@ -11797,6 +11843,20 @@ } } }, + "DeleteIntegrationResourcePropertyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String512", + "documentation":"The connection ARN of the source, or the database ARN of the target.
" + } + } + }, + "DeleteIntegrationResourcePropertyResponse":{ + "type":"structure", + "members":{} + }, "DeleteIntegrationResponse":{ "type":"structure", "required":[ @@ -11809,11 +11869,11 @@ ], "members":{ "SourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the source for the integration.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the target for the integration.
" }, "IntegrationName":{ @@ -11866,7 +11926,7 @@ ], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, "TableName":{ @@ -12428,7 +12488,7 @@ "documentation":"The total number of items to return in the output.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The Amazon Resource Name (ARN) of the target resource in the integration.
" } } @@ -13809,6 +13869,14 @@ "max":128, "pattern":"[\\u0020-\\uD7FF\\uE000-\\uFFFD\\uD800\\uDC00-\\uDBFF\\uDFFF\\t]*" }, + "FunctionType":{ + "type":"string", + "enum":[ + "REGULAR_FUNCTION", + "AGGREGATE_FUNCTION", + "STORED_PROCEDURE" + ] + }, "Generic512CharString":{ "type":"string", "max":512, @@ -14973,7 +15041,7 @@ "required":["ResourceArn"], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" } } @@ -14982,9 +15050,13 @@ "type":"structure", "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, + "ResourcePropertyArn":{ + "shape":"String512", + "documentation":"The resource ARN created through this create API. The format is something like arn:aws:glue:<region>:<account_id>:integrationresourceproperty/*
" + }, "SourceProcessingProperties":{ "shape":"SourceProcessingProperties", "documentation":"The resource properties associated with the integration source.
" @@ -15003,7 +15075,7 @@ ], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The Amazon Resource Name (ARN) of the target table for which to retrieve integration table properties. Currently, this API only supports retrieving properties for target tables, and the provided ARN should be the ARN of the target table in the Glue Data Catalog. Support for retrieving integration table properties for source connections (using the connection ARN) is not yet implemented and will be added in a future release.
" }, "TableName":{ @@ -15016,7 +15088,7 @@ "type":"structure", "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The Amazon Resource Name (ARN) of the target table for which to retrieve integration table properties. Currently, this API only supports retrieving properties for target tables, and the provided ARN should be the ARN of the target table in the Glue Data Catalog. Support for retrieving integration table properties for source connections (using the connection ARN) is not yet implemented and will be added in a future release.
" }, "TableName":{ @@ -16601,6 +16673,10 @@ "shape":"NameString", "documentation":"An optional function-name pattern string that filters the function definitions returned.
" }, + "FunctionType":{ + "shape":"FunctionType", + "documentation":"An optional function-type pattern string that filters the function definitions returned from Amazon Redshift Federated Permissions Catalog.
Specify a value of REGULAR_FUNCTION or STORED_PROCEDURE. The STORED_PROCEDURE function type is only compatible with Amazon Redshift Federated Permissions Catalog.
A continuation token, if this is a continuation call.
" @@ -17634,11 +17710,11 @@ ], "members":{ "SourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the source resource for the integration.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the target resource for the integration.
" }, "IntegrationArn":{ @@ -17702,11 +17778,11 @@ ], "members":{ "SourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN for the source of the integration.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN for the target of the integration.
" }, "Description":{ @@ -17766,7 +17842,7 @@ "members":{ "RefreshInterval":{ "shape":"String128", - "documentation":"Specifies the frequency at which CDC (Change Data Capture) pulls or incremental loads should occur. This parameter provides flexibility to align the refresh rate with your specific data update patterns, system load considerations, and performance optimization goals. Time increment can be set from 15 minutes to 8640 minutes (six days). Currently supports creation of RefreshInterval only.
Specifies the frequency at which CDC (Change Data Capture) pulls or incremental loads should occur. This parameter provides flexibility to align the refresh rate with your specific data update patterns, system load considerations, and performance optimization goals. Time increment can be set from 15 minutes to 8640 minutes (six days).
" }, "SourceProperties":{ "shape":"IntegrationSourcePropertiesMap", @@ -17881,6 +17957,55 @@ "documentation":"The data processed through your integration exceeded your quota.
", "exception":true }, + "IntegrationResourceProperty":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String512", + "documentation":"The connection ARN of the source, or the database ARN of the target.
" + }, + "ResourcePropertyArn":{ + "shape":"String512", + "documentation":"The resource ARN created through this create API. The format is something like arn:aws:glue:<region>:<account_id>:integrationresourceproperty/*
" + }, + "SourceProcessingProperties":{ + "shape":"SourceProcessingProperties", + "documentation":"The resource properties associated with the integration source.
" + }, + "TargetProcessingProperties":{ + "shape":"TargetProcessingProperties", + "documentation":"The resource properties associated with the integration target.
" + } + }, + "documentation":"A structure representing an integration resource property.
" + }, + "IntegrationResourcePropertyFilter":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"String128", + "documentation":"The name of the filter. Supported filter keys are SourceArn and TargetArn.
A list of filter values.
" + } + }, + "documentation":"A filter for integration resource properties.
" + }, + "IntegrationResourcePropertyFilterList":{ + "type":"list", + "member":{"shape":"IntegrationResourcePropertyFilter"} + }, + "IntegrationResourcePropertyFilterValues":{ + "type":"list", + "member":{"shape":"String128"} + }, + "IntegrationResourcePropertyList":{ + "type":"list", + "member":{"shape":"IntegrationResourceProperty"} + }, "IntegrationSourcePropertiesMap":{ "type":"map", "key":{"shape":"IntegrationString"}, @@ -19562,6 +19687,36 @@ } } }, + "ListIntegrationResourcePropertiesRequest":{ + "type":"structure", + "members":{ + "Marker":{ + "shape":"String1024", + "documentation":"This is the pagination token for next page, initial value is null.
A list of filters, supported filter Key is SourceArn and TargetArn.
This is total number of items to be evaluated.
" + } + } + }, + "ListIntegrationResourcePropertiesResponse":{ + "type":"structure", + "members":{ + "IntegrationResourcePropertyList":{ + "shape":"IntegrationResourcePropertyList", + "documentation":"A list of integration resource property meeting the filter criteria.
" + }, + "Marker":{ + "shape":"String1024", + "documentation":"This is the pagination token for the next page.
" + } + } + }, "ListJobsRequest":{ "type":"structure", "members":{ @@ -20434,7 +20589,10 @@ "shape":"String2048", "documentation":"Selects source tables for the integration using Maxwell filter syntax.
" }, - "IntegrationConfig":{"shape":"IntegrationConfig"}, + "IntegrationConfig":{ + "shape":"IntegrationConfig", + "documentation":"The configuration settings for the integration. Currently, only the RefreshInterval can be modified.
" + }, "IntegrationName":{ "shape":"String128", "documentation":"A unique name for an integration in Glue.
" @@ -20453,11 +20611,11 @@ ], "members":{ "SourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the source for the integration.
" }, "TargetArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The ARN of the target for the integration.
" }, "IntegrationName":{ @@ -20500,7 +20658,10 @@ "shape":"String2048", "documentation":"Selects source tables for the integration using Maxwell filter syntax.
" }, - "IntegrationConfig":{"shape":"IntegrationConfig"} + "IntegrationConfig":{ + "shape":"IntegrationConfig", + "documentation":"The updated configuration settings for the integration.
" + } } }, "MongoDBTarget":{ @@ -25699,6 +25860,11 @@ "documentation":"Specifies options related to data preview for viewing a sample of your data.
" }, "String":{"type":"string"}, + "String1024":{ + "type":"string", + "max":1024, + "min":1 + }, "String128":{ "type":"string", "max":128, @@ -25709,6 +25875,11 @@ "max":2048, "min":1 }, + "String512":{ + "type":"string", + "max":512, + "min":1 + }, "StringColumnStatisticsData":{ "type":"structure", "required":[ @@ -27528,7 +27699,7 @@ "required":["ResourceArn"], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, "SourceProcessingProperties":{ @@ -27545,9 +27716,13 @@ "type":"structure", "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, + "ResourcePropertyArn":{ + "shape":"String512", + "documentation":"The resource ARN created through this create API. The format is something like arn:aws:glue:<region>:<account_id>:integrationresourceproperty/*
" + }, "SourceProcessingProperties":{ "shape":"SourceProcessingProperties", "documentation":"The resource properties associated with the integration source.
" @@ -27566,7 +27741,7 @@ ], "members":{ "ResourceArn":{ - "shape":"String128", + "shape":"String512", "documentation":"The connection ARN of the source, or the database ARN of the target.
" }, "TableName":{ @@ -28189,6 +28364,10 @@ "shape":"NameString", "documentation":"The owner of the function.
" }, + "FunctionType":{ + "shape":"FunctionType", + "documentation":"The type of the function.
" + }, "OwnerType":{ "shape":"PrincipalType", "documentation":"The owner type.
" @@ -28223,6 +28402,10 @@ "shape":"NameString", "documentation":"The owner of the function.
" }, + "FunctionType":{ + "shape":"FunctionType", + "documentation":"The type of the function.
" + }, "OwnerType":{ "shape":"PrincipalType", "documentation":"The owner type.
" diff --git a/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json b/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json index 05180fe2355d..e38f5e2edf06 100644 --- a/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json +++ b/awscli/botocore/data/guardduty/2017-11-28/paginators-1.json @@ -71,6 +71,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "TrustedEntitySetIds" + }, + "ListMalwareScans": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Scans" } } } diff --git a/awscli/botocore/data/guardduty/2017-11-28/service-2.json b/awscli/botocore/data/guardduty/2017-11-28/service-2.json index fa6c8a5a98a4..204f78ce2e6d 100644 --- a/awscli/botocore/data/guardduty/2017-11-28/service-2.json +++ b/awscli/botocore/data/guardduty/2017-11-28/service-2.json @@ -640,6 +640,22 @@ ], "documentation":"Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.
" }, + "GetMalwareScan":{ + "name":"GetMalwareScan", + "http":{ + "method":"GET", + "requestUri":"/malware-scan/{scanId}", + "responseCode":200 + }, + "input":{"shape":"GetMalwareScanRequest"}, + "output":{"shape":"GetMalwareScanResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Retrieves the detailed information for a specific malware scan. Each member account can view the malware scan details for their own account. An administrator can view malware scan details for all accounts in the organization.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
" + }, "GetMalwareScanSettings":{ "name":"GetMalwareScanSettings", "http":{ @@ -912,6 +928,21 @@ ], "documentation":"Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.
" }, + "ListMalwareScans":{ + "name":"ListMalwareScans", + "http":{ + "method":"POST", + "requestUri":"/malware-scan", + "responseCode":200 + }, + "input":{"shape":"ListMalwareScansRequest"}, + "output":{"shape":"ListMalwareScansResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all of its members' accounts.
" + }, "ListMembers":{ "name":"ListMembers", "http":{ @@ -1018,6 +1049,22 @@ ], "documentation":"Lists the trusted entity sets associated with the specified GuardDuty detector ID. If you use this operation from a member account, the trusted entity sets that are returned as a response, belong to the administrator account.
" }, + "SendObjectMalwareScan":{ + "name":"SendObjectMalwareScan", + "http":{ + "method":"POST", + "requestUri":"/object-malware-scan/send", + "responseCode":200 + }, + "input":{"shape":"SendObjectMalwareScanRequest"}, + "output":{"shape":"SendObjectMalwareScanResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerErrorException"} + ], + "documentation":"Initiates a malware scan for a specific S3 object. This API allows you to perform on-demand malware scanning of individual objects in S3 buckets that have Malware Protection for S3 enabled.
When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.
" + }, "StartMalwareScan":{ "name":"StartMalwareScan", "http":{ @@ -1032,7 +1079,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerErrorException"} ], - "documentation":"Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account.
When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see DescribeMalwareScans.
" + "documentation":"Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account if the resourceArn belongs to an EC2 instance.
When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see ListMalwareScans and GetMalwareScan.
When you use this API, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.
" }, "StartMonitoringMembers":{ "name":"StartMonitoringMembers", @@ -1672,6 +1719,22 @@ "member":{"shape":"Actor"}, "max":400 }, + "AdditionalInfo":{ + "type":"structure", + "members":{ + "VersionId":{ + "shape":"NonEmptyString", + "documentation":"The version ID of the S3 object, if applicable.
", + "locationName":"versionId" + }, + "DeviceName":{ + "shape":"NonEmptyString", + "documentation":"The device name of the EBS volume, if applicable.
", + "locationName":"deviceName" + } + }, + "documentation":"Contains additional information about the detected threat.
" + }, "AdditionalSequenceTypes":{ "type":"list", "member":{"shape":"FindingType"} @@ -3807,6 +3870,13 @@ }, "documentation":"Contains information about the detected behavior.
" }, + "DetectionSource":{ + "type":"string", + "enum":[ + "AMAZON", + "BITDEFENDER" + ] + }, "DetectorAdditionalConfiguration":{ "type":"structure", "members":{ @@ -4079,6 +4149,28 @@ "documentation":"Contains information about the domain.
" }, "Double":{"type":"double"}, + "EbsSnapshot":{ + "type":"structure", + "members":{ + "DeviceName":{ + "shape":"NonEmptyString", + "documentation":"The device name of the EBS snapshot that was scanned.
", + "locationName":"deviceName" + } + }, + "documentation":"Contains information about an EBS snapshot that was scanned for malware.
" + }, + "EbsSnapshotDetails":{ + "type":"structure", + "members":{ + "SnapshotArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the EBS snapshot.
", + "locationName":"snapshotArn" + } + }, + "documentation":"Contains details about the EBS snapshot that was scanned for malware.
" + }, "EbsSnapshotPreservation":{ "type":"string", "enum":[ @@ -4159,6 +4251,17 @@ }, "documentation":"Describes the configuration of scanning EBS volumes as a data source.
" }, + "Ec2ImageDetails":{ + "type":"structure", + "members":{ + "ImageArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the EC2 AMI.
", + "locationName":"imageArn" + } + }, + "documentation":"Contains details about the EC2 AMI that was scanned.
" + }, "Ec2Instance":{ "type":"structure", "members":{ @@ -5307,6 +5410,154 @@ } } }, + "GetMalwareScanRequest":{ + "type":"structure", + "required":["ScanId"], + "members":{ + "ScanId":{ + "shape":"String", + "documentation":"A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.
", + "location":"uri", + "locationName":"scanId" + } + } + }, + "GetMalwareScanResponse":{ + "type":"structure", + "members":{ + "ScanId":{ + "shape":"NonEmptyString", + "documentation":"A unique identifier associated with the malware scan. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.
", + "locationName":"scanId" + }, + "DetectorId":{ + "shape":"DetectorId", + "documentation":"The unique ID of the detector that is associated with the request, if it belongs to an account which is a GuardDuty customer.
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
The unique detector ID of the administrator account that the request is associated with. If the account is an administrator, the AdminDetectorId will be the same as the one used for DetectorId. If the customer is not a GuardDuty customer, this field will not be present..
To find the detectorId in the current Region, see the Settings page in the GuardDuty console, or run the ListDetectors API.
Amazon Resource Name (ARN) of the resource on which a malware scan was invoked.
", + "locationName":"resourceArn" + }, + "ResourceType":{ + "shape":"MalwareProtectionResourceType", + "documentation":"The type of resource that was scanned for malware.
", + "locationName":"resourceType" + }, + "ScannedResourcesCount":{ + "shape":"NonNegativeInteger", + "documentation":"The total number of resources that were successfully scanned. This is dependent on the resource type.
", + "locationName":"scannedResourcesCount" + }, + "SkippedResourcesCount":{ + "shape":"NonNegativeInteger", + "documentation":"The total number of resources that were skipped during the scan.
", + "locationName":"skippedResourcesCount" + }, + "FailedResourcesCount":{ + "shape":"NonNegativeInteger", + "documentation":"The total number of resources that failed to be scanned.
", + "locationName":"failedResourcesCount" + }, + "ScannedResources":{ + "shape":"ScannedResources", + "documentation":"A list of resources along with their metadata that were scanned as part of the malware scan operation.
", + "locationName":"scannedResources" + }, + "ScanConfiguration":{ + "shape":"ScanConfiguration", + "documentation":"Information about the scan configuration used for the malware scan.
", + "locationName":"scanConfiguration" + }, + "ScanCategory":{ + "shape":"ScanCategory", + "documentation":"The category of the malware scan, indicating the type of scan performed.
", + "locationName":"scanCategory" + }, + "ScanStatus":{ + "shape":"MalwareProtectionScanStatus", + "documentation":"A value representing the current status of the malware scan.
", + "locationName":"scanStatus" + }, + "ScanStatusReason":{ + "shape":"ScanStatusReason", + "documentation":"Represents the reason for the current scan status, if applicable.
", + "locationName":"scanStatusReason" + }, + "ScanType":{ + "shape":"MalwareProtectionScanType", + "documentation":"A value representing the initiator of the scan.
", + "locationName":"scanType" + }, + "ScanStartedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp representing when the malware scan was started.
", + "locationName":"scanStartedAt" + }, + "ScanCompletedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp representing when the malware scan was completed.
", + "locationName":"scanCompletedAt" + }, + "ScanResultDetails":{ + "shape":"GetMalwareScanResultDetails", + "documentation":"Detailed information about the results of the malware scan, if the scan completed.
", + "locationName":"scanResultDetails" + } + } + }, + "GetMalwareScanResultDetails":{ + "type":"structure", + "members":{ + "ScanResultStatus":{ + "shape":"ScanResultStatus", + "documentation":"Status indicating whether threats were found for a completed scan.
", + "locationName":"scanResultStatus" + }, + "SkippedFileCount":{ + "shape":"PositiveLong", + "documentation":"The total number of files that were skipped during the scan.
", + "locationName":"skippedFileCount" + }, + "FailedFileCount":{ + "shape":"PositiveLong", + "documentation":"The total number of files that failed to be scanned.
", + "locationName":"failedFileCount" + }, + "ThreatFoundFileCount":{ + "shape":"PositiveLong", + "documentation":"The total number of files in which threats were detected.
", + "locationName":"threatFoundFileCount" + }, + "TotalFileCount":{ + "shape":"PositiveLong", + "documentation":"The total number of files that were processed during the scan.
", + "locationName":"totalFileCount" + }, + "TotalBytes":{ + "shape":"PositiveLong", + "documentation":"The total number of bytes that were scanned.
", + "locationName":"totalBytes" + }, + "UniqueThreatCount":{ + "shape":"PositiveLong", + "documentation":"The total number of unique threats that were detected during the scan.
", + "locationName":"uniqueThreatCount" + }, + "Threats":{ + "shape":"ScanResultThreats", + "documentation":"The threats that were detected during the malware scan.
", + "locationName":"threats" + } + }, + "documentation":"Contains information about the results of the malware scan.
" + }, "GetMalwareScanSettingsRequest":{ "type":"structure", "required":["DetectorId"], @@ -5855,6 +6106,18 @@ }, "documentation":"Contains information about the impersonated user.
" }, + "IncrementalScanDetails":{ + "type":"structure", + "required":["BaselineResourceArn"], + "members":{ + "BaselineResourceArn":{ + "shape":"NonEmptyString", + "documentation":"Amazon Resource Name (ARN) of the baseline resource used for incremental scanning. The scan will only process changes since this baseline resource was created.
", + "locationName":"baselineResourceArn" + } + }, + "documentation":"Contains information about the incremental scan configuration.
" + }, "Indicator":{ "type":"structure", "required":["Key"], @@ -6134,6 +6397,36 @@ "max":50, "min":0 }, + "ItemDetails":{ + "type":"structure", + "members":{ + "ResourceArn":{ + "shape":"NonEmptyString", + "documentation":"Amazon Resource Name (ARN) of the resource where the threat was detected.
", + "locationName":"resourceArn" + }, + "ItemPath":{ + "shape":"NonEmptyString", + "documentation":"The path where the threat was detected.
", + "locationName":"itemPath" + }, + "Hash":{ + "shape":"String", + "documentation":"The hash value of the infected item.
", + "locationName":"hash" + }, + "AdditionalInfo":{ + "shape":"AdditionalInfo", + "documentation":"Additional information about the detected threat item.
", + "locationName":"additionalInfo" + } + }, + "documentation":"Contains detailed information about where a threat was detected.
" + }, + "ItemDetailsList":{ + "type":"list", + "member":{"shape":"ItemDetails"} + }, "ItemPath":{ "type":"structure", "members":{ @@ -6861,6 +7154,95 @@ } } }, + "ListMalwareScansCriterionKey":{ + "type":"string", + "enum":[ + "RESOURCE_ARN", + "SCAN_ID", + "ACCOUNT_ID", + "GUARDDUTY_FINDING_ID", + "RESOURCE_TYPE", + "SCAN_START_TIME", + "SCAN_STATUS", + "SCAN_TYPE" + ] + }, + "ListMalwareScansFilterCriteria":{ + "type":"structure", + "members":{ + "ListMalwareScansFilterCriterion":{ + "shape":"ListMalwareScansFilterCriterionList", + "documentation":"Represents a condition that when matched will be added to the response of the operation.
", + "locationName":"filterCriterion" + } + }, + "documentation":"Represents the criteria used to filter the malware scan entries.
" + }, + "ListMalwareScansFilterCriterion":{ + "type":"structure", + "members":{ + "ListMalwareScansCriterionKey":{ + "shape":"ListMalwareScansCriterionKey", + "documentation":"An enum value representing possible scan properties to match with given scan entries.
", + "locationName":"criterionKey" + }, + "FilterCondition":{ + "shape":"FilterCondition", + "documentation":"Contains information about the condition.
", + "locationName":"filterCondition" + } + }, + "documentation":"Represents a condition that when matched will be added to the response of the operation. Irrespective of using any filter criteria, an administrator account can view the scan entries for all of its member accounts. However, each member account can view the scan entries only for their own account.
" + }, + "ListMalwareScansFilterCriterionList":{ + "type":"list", + "member":{"shape":"ListMalwareScansFilterCriterion"}, + "max":1, + "min":0 + }, + "ListMalwareScansRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "FilterCriteria":{ + "shape":"ListMalwareScansFilterCriteria", + "documentation":"Represents the criteria used to filter the malware scan entries.
", + "locationName":"filterCriteria" + }, + "SortCriteria":{ + "shape":"SortCriteria", + "documentation":"Represents the criteria used for sorting malware scan entries.
", + "locationName":"sortCriteria" + } + } + }, + "ListMalwareScansResponse":{ + "type":"structure", + "required":["Scans"], + "members":{ + "Scans":{ + "shape":"MalwareScans", + "documentation":"The list of malware scans associated with the provided input parameters.
", + "locationName":"scans" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination parameter to be used on the next list operation to retrieve more scans.
", + "locationName":"nextToken" + } + } + }, "ListMembersRequest":{ "type":"structure", "required":["DetectorId"], @@ -7227,6 +7609,21 @@ }, "documentation":"Provides details about Malware Protection when it is enabled as a data source.
" }, + "MalwareProtectionFindingsScanConfiguration":{ + "type":"structure", + "members":{ + "TriggerType":{ + "shape":"TriggerType", + "documentation":"The event that triggered the malware scan.
", + "locationName":"triggerType" + }, + "IncrementalScanDetails":{ + "shape":"IncrementalScanDetails", + "locationName":"incrementalScanDetails" + } + }, + "documentation":"Contains finding configuration details about the malware scan.
" + }, "MalwareProtectionPlanActions":{ "type":"structure", "members":{ @@ -7307,6 +7704,83 @@ "type":"list", "member":{"shape":"MalwareProtectionPlanSummary"} }, + "MalwareProtectionResourceType":{ + "type":"string", + "enum":[ + "EBS_RECOVERY_POINT", + "EBS_SNAPSHOT", + "EBS_VOLUME", + "EC2_AMI", + "EC2_INSTANCE", + "EC2_RECOVERY_POINT", + "S3_RECOVERY_POINT", + "S3_BUCKET" + ] + }, + "MalwareProtectionScanStatus":{ + "type":"string", + "enum":[ + "RUNNING", + "COMPLETED", + "COMPLETED_WITH_ISSUES", + "FAILED", + "SKIPPED" + ] + }, + "MalwareProtectionScanType":{ + "type":"string", + "enum":[ + "BACKUP_INITIATED", + "ON_DEMAND", + "GUARDDUTY_INITIATED" + ] + }, + "MalwareScan":{ + "type":"structure", + "members":{ + "ResourceArn":{ + "shape":"NonEmptyString", + "documentation":"Amazon Resource Name (ARN) of the resource for the given malware scan.
", + "locationName":"resourceArn" + }, + "ResourceType":{ + "shape":"MalwareProtectionResourceType", + "documentation":"The type of resource that was scanned for malware.
", + "locationName":"resourceType" + }, + "ScanId":{ + "shape":"NonEmptyString", + "documentation":"A unique identifier that gets generated when you invoke the API without any error. Each malware scan has a corresponding scan ID. Using this scan ID, you can monitor the status of your malware scan.
", + "locationName":"scanId" + }, + "ScanStatus":{ + "shape":"MalwareProtectionScanStatus", + "documentation":"An enum value representing the current status of the malware scan.
", + "locationName":"scanStatus" + }, + "ScanResultStatus":{ + "shape":"ScanResultStatus", + "documentation":"An enum value representing the result of the malware scan.
", + "locationName":"scanResultStatus" + }, + "ScanType":{ + "shape":"MalwareProtectionScanType", + "documentation":"An enum value representing the type of scan that was initiated.
", + "locationName":"scanType" + }, + "ScanStartedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp representing when the malware scan was started.
", + "locationName":"scanStartedAt" + }, + "ScanCompletedAt":{ + "shape":"Timestamp", + "documentation":"The timestamp representing when the malware scan was completed.
", + "locationName":"scanCompletedAt" + } + }, + "documentation":"Contains information about a particular malware scan.
" + }, "MalwareScanDetails":{ "type":"structure", "members":{ @@ -7314,10 +7788,39 @@ "shape":"Threats", "documentation":"Information about the detected threats associated with the generated GuardDuty finding.
", "locationName":"threats" + }, + "ScanId":{ + "shape":"String", + "documentation":"The unique identifier for the malware scan.
", + "locationName":"scanId" + }, + "ScanType":{ + "shape":"MalwareProtectionScanType", + "documentation":"The type of malware scan performed.
", + "locationName":"scanType" + }, + "ScanCategory":{ + "shape":"ScanCategory", + "documentation":"The category of the malware scan.
", + "locationName":"scanCategory" + }, + "ScanConfiguration":{ + "shape":"MalwareProtectionFindingsScanConfiguration", + "documentation":"The configuration settings used for the malware scan.
", + "locationName":"scanConfiguration" + }, + "UniqueThreatCount":{ + "shape":"Integer", + "documentation":"The number of unique malware threats detected during the scan.
", + "locationName":"uniqueThreatCount" } }, "documentation":"Information about the malware scan that generated a GuardDuty finding.
" }, + "MalwareScans":{ + "type":"list", + "member":{"shape":"MalwareScan"} + }, "ManagementType":{ "type":"string", "enum":[ @@ -7784,6 +8287,10 @@ "max":200, "min":1 }, + "NonNegativeInteger":{ + "type":"integer", + "min":0 + }, "NotEquals":{ "type":"list", "member":{"shape":"String"} @@ -8634,6 +9141,34 @@ }, "documentation":"Indicates that a login attempt was made to the potentially compromised database from a remote IP address.
" }, + "RecoveryPoint":{ + "type":"structure", + "required":["BackupVaultName"], + "members":{ + "BackupVaultName":{ + "shape":"String", + "documentation":"The name of the Amazon Web Services Backup vault that contains the name of the recovery point to be scanned.
", + "locationName":"backupVaultName" + } + }, + "documentation":"Contains information about the recovery point configuration for scanning backup data from Amazon Web Services Backup.
" + }, + "RecoveryPointDetails":{ + "type":"structure", + "members":{ + "RecoveryPointArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the recovery point.
", + "locationName":"recoveryPointArn" + }, + "BackupVaultName":{ + "shape":"String", + "documentation":"The name of the backup vault containing the recovery point.
", + "locationName":"backupVaultName" + } + }, + "documentation":"Contains details about the backup recovery point.
" + }, "RemoteAccountDetails":{ "type":"structure", "members":{ @@ -8768,13 +9303,28 @@ "shape":"LambdaDetails", "documentation":"Contains information about the Lambda function that was involved in a finding.
", "locationName":"lambdaDetails" + }, + "EbsSnapshotDetails":{ + "shape":"EbsSnapshotDetails", + "documentation":"Contains details about the EBS snapshot that was scanned.
", + "locationName":"ebsSnapshotDetails" + }, + "Ec2ImageDetails":{ + "shape":"Ec2ImageDetails", + "documentation":"Contains details about the EC2 image that was scanned.
", + "locationName":"ec2ImageDetails" + }, + "RecoveryPointDetails":{ + "shape":"RecoveryPointDetails", + "documentation":"Contains details about the backup recovery point that was scanned.
", + "locationName":"recoveryPointDetails" } }, "documentation":"Contains information about the Amazon Web Services resource associated with the activity that prompted GuardDuty to generate a finding.
" }, "ResourceArn":{ "type":"string", - "pattern":"^arn:[A-Za-z-]+:[A-Za-z0-9]+:[A-Za-z0-9-]+:\\d+:(([A-Za-z0-9-]+)[:\\/])?[A-Za-z0-9-]*$" + "pattern":"^arn:[A-Za-z-]+:[A-Za-z0-9]+:[A-Za-z0-9-]+:\\d+:(([A-Za-z0-9-]+)[:\\/])?[A-Za-z0-9:-]*$" }, "ResourceData":{ "type":"structure", @@ -9297,6 +9847,27 @@ "type":"list", "member":{"shape":"S3ObjectDetail"} }, + "S3ObjectForSendObjectMalwareScan":{ + "type":"structure", + "members":{ + "Bucket":{ + "shape":"String", + "documentation":"The name of the S3 bucket containing the object to scan. The bucket must have GuardDuty Malware Protection enabled.
", + "locationName":"bucket" + }, + "Key":{ + "shape":"String", + "documentation":"The key (name) of the S3 object to scan for malware. This must be the full key path of the object within the bucket.
", + "locationName":"key" + }, + "VersionId":{ + "shape":"String", + "documentation":"The version ID of the S3 object to scan. If not specified, the latest version of the object is scanned.
", + "locationName":"versionId" + } + }, + "documentation":"The S3 object path to initiate a scan, including bucket name, object key, and optional version ID.
" + }, "S3ObjectUids":{ "type":"list", "member":{"shape":"String"} @@ -9382,6 +9953,13 @@ }, "documentation":"Contains information about malware scans associated with GuardDuty Malware Protection for EC2.
" }, + "ScanCategory":{ + "type":"string", + "enum":[ + "FULL_SCAN", + "INCREMENTAL_SCAN" + ] + }, "ScanCondition":{ "type":"structure", "required":["MapEquals"], @@ -9411,6 +9989,43 @@ }, "documentation":"Represents the key:value pair to be matched against given resource property.
Amazon Resource Name (ARN) of the IAM role that should contain the required permissions for the scan.
", + "locationName":"role" + }, + "TriggerDetails":{ + "shape":"TriggerDetails", + "documentation":"Information about the entity that triggered the malware scan.
", + "locationName":"triggerDetails" + }, + "IncrementalScanDetails":{ + "shape":"IncrementalScanDetails", + "documentation":"Information about the incremental scan configuration, if applicable.
", + "locationName":"incrementalScanDetails" + }, + "RecoveryPoint":{ + "shape":"ScanConfigurationRecoveryPoint", + "documentation":"Information about the recovery point configuration used for the scan, if applicable.
", + "locationName":"recoveryPoint" + } + }, + "documentation":"Contains information about the configuration used for the malware scan.
" + }, + "ScanConfigurationRecoveryPoint":{ + "type":"structure", + "members":{ + "BackupVaultName":{ + "shape":"NonEmptyString", + "documentation":"The name of the Amazon Web Services Backup vault that contains the recovery point for the scanned.
", + "locationName":"backupVaultName" + } + }, + "documentation":"Contains information about the recovery point configuration used in the scan.
" + }, "ScanCriterion":{ "type":"map", "key":{"shape":"ScanCriterionKey"}, @@ -9530,6 +10145,48 @@ }, "documentation":"Represents the result of the scan.
" }, + "ScanResultStatus":{ + "type":"string", + "enum":[ + "NO_THREATS_FOUND", + "THREATS_FOUND" + ] + }, + "ScanResultThreat":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"NonEmptyString", + "documentation":"The name of the detected threat.
", + "locationName":"name" + }, + "Source":{ + "shape":"DetectionSource", + "documentation":"The source that detected this threat.
", + "locationName":"source" + }, + "Count":{ + "shape":"PositiveLong", + "documentation":"The number of instances of this threat that were detected.
", + "locationName":"count" + }, + "Hash":{ + "shape":"NonEmptyString", + "documentation":"The hash value associated with the detected threat.
", + "locationName":"hash" + }, + "ItemDetails":{ + "shape":"ItemDetailsList", + "documentation":"Additional information about where this threat was detected.
", + "locationName":"itemDetails" + } + }, + "documentation":"Contains information about a specific threat that was detected during the malware scan.
" + }, + "ScanResultThreats":{ + "type":"list", + "member":{"shape":"ScanResultThreat"} + }, "ScanStatus":{ "type":"string", "enum":[ @@ -9539,6 +10196,27 @@ "SKIPPED" ] }, + "ScanStatusReason":{ + "type":"string", + "enum":[ + "ACCESS_DENIED", + "RESOURCE_NOT_FOUND", + "SNAPSHOT_SIZE_LIMIT_EXCEEDED", + "RESOURCE_UNAVAILABLE", + "INCONSISTENT_SOURCE", + "INCREMENTAL_NO_DIFFERENCE", + "NO_EBS_VOLUMES_FOUND", + "UNSUPPORTED_PRODUCT_CODE_TYPE", + "AMI_SNAPSHOT_LIMIT_EXCEEDED", + "UNRELATED_RESOURCES", + "BASE_RESOURCE_NOT_SCANNED", + "BASE_CREATED_AFTER_TARGET", + "UNSUPPORTED_FOR_INCREMENTAL", + "UNSUPPORTED_AMI", + "UNSUPPORTED_SNAPSHOT", + "UNSUPPORTED_COMPOSITE_RECOVERY_POINT" + ] + }, "ScanThreatName":{ "type":"structure", "members":{ @@ -9597,6 +10275,57 @@ }, "documentation":"Total number of scanned files.
" }, + "ScannedResource":{ + "type":"structure", + "members":{ + "ScannedResourceArn":{ + "shape":"NonEmptyString", + "documentation":"Amazon Resource Name (ARN) of the scanned resource.
", + "locationName":"scannedResourceArn" + }, + "ScannedResourceType":{ + "shape":"MalwareProtectionResourceType", + "documentation":"The resource type of the scanned resource.
", + "locationName":"scannedResourceType" + }, + "ScannedResourceStatus":{ + "shape":"MalwareProtectionScanStatus", + "documentation":"The status of the scanned resource.
", + "locationName":"scannedResourceStatus" + }, + "ScanStatusReason":{ + "shape":"ScanStatusReason", + "documentation":"The reason for the scan status of this particular resource, if applicable.
", + "locationName":"scanStatusReason" + }, + "ResourceDetails":{ + "shape":"ScannedResourceDetails", + "documentation":"Information about the scanned resource.
", + "locationName":"resourceDetails" + } + }, + "documentation":"Contains information about a resource that was scanned as part of the malware scan operation.
" + }, + "ScannedResourceDetails":{ + "type":"structure", + "members":{ + "EbsVolume":{ + "shape":"VolumeDetail", + "documentation":"Contains information about the EBS volume that was scanned.
", + "locationName":"ebsVolume" + }, + "EbsSnapshot":{ + "shape":"EbsSnapshot", + "documentation":"Contains information about the EBS snapshot that was scanned.
", + "locationName":"ebsSnapshot" + } + }, + "documentation":"Contains additional information about a resource that was scanned.
" + }, + "ScannedResources":{ + "type":"list", + "member":{"shape":"ScannedResource"} + }, "Scans":{ "type":"list", "member":{"shape":"Scan"} @@ -9637,6 +10366,20 @@ "type":"list", "member":{"shape":"SecurityGroup"} }, + "SendObjectMalwareScanRequest":{ + "type":"structure", + "members":{ + "S3Object":{ + "shape":"S3ObjectForSendObjectMalwareScan", + "documentation":"The S3 object information for the object you want to scan. The bucket must have a Malware Protection plan configured to use this API.
", + "locationName":"s3Object" + } + } + }, + "SendObjectMalwareScanResponse":{ + "type":"structure", + "members":{} + }, "SensitiveString":{ "type":"string", "sensitive":true @@ -9981,6 +10724,28 @@ "type":"list", "member":{"shape":"String"} }, + "StartMalwareScanConfiguration":{ + "type":"structure", + "required":["Role"], + "members":{ + "Role":{ + "shape":"NonEmptyString", + "documentation":"Amazon Resource Name (ARN) of the IAM role that is used for scanning the resource.
", + "locationName":"role" + }, + "IncrementalScanDetails":{ + "shape":"IncrementalScanDetails", + "documentation":"Contains information about the incremental scan configuration. When specified, the scan will only process changes since the baseline resource.
", + "locationName":"incrementalScanDetails" + }, + "RecoveryPoint":{ + "shape":"RecoveryPoint", + "documentation":"Contains information about the recovery point configuration for the requested scan.
", + "locationName":"recoveryPoint" + } + }, + "documentation":"Contains information about the configuration to be used for the malware scan.
" + }, "StartMalwareScanRequest":{ "type":"structure", "required":["ResourceArn"], @@ -9989,6 +10754,17 @@ "shape":"ResourceArn", "documentation":"Amazon Resource Name (ARN) of the resource for which you invoked the API.
", "locationName":"resourceArn" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"The idempotency token for the create request.
", + "idempotencyToken":true, + "locationName":"clientToken" + }, + "ScanConfiguration":{ + "shape":"StartMalwareScanConfiguration", + "documentation":"Contains information about the configuration to be used for the malware scan.
", + "locationName":"scanConfiguration" } } }, @@ -10153,6 +10929,21 @@ "shape":"ItemPaths", "documentation":"Information about the nested item path and hash of the protected resource.
", "locationName":"itemPaths" + }, + "Count":{ + "shape":"Long", + "documentation":"The number of occurrences of this specific threat detected during the scan.
", + "locationName":"count" + }, + "Hash":{ + "shape":"String", + "documentation":"The hash identifier of the detected malware threat.
", + "locationName":"hash" + }, + "ItemDetails":{ + "shape":"ItemDetailsList", + "documentation":"Detailed information about the detected malware threat.
", + "locationName":"itemDetails" } }, "documentation":"Information about the detected threats associated with the generated finding.
" @@ -10322,10 +11113,22 @@ "shape":"NonEmptyString", "documentation":"The description of the scan trigger.
", "locationName":"description" + }, + "TriggerType":{ + "shape":"TriggerType", + "documentation":"Specifies the trigger type that started the malware scan.
", + "locationName":"triggerType" } }, "documentation":"Represents the reason the scan was triggered.
" }, + "TriggerType":{ + "type":"string", + "enum":[ + "BACKUP", + "GUARDDUTY" + ] + }, "TrustedEntitySetFormat":{ "type":"string", "enum":[ diff --git a/awscli/botocore/data/health/2016-08-04/service-2.json b/awscli/botocore/data/health/2016-08-04/service-2.json index fdf722977b70..04e9d56c1b8d 100644 --- a/awscli/botocore/data/health/2016-08-04/service-2.json +++ b/awscli/botocore/data/health/2016-08-04/service-2.json @@ -255,7 +255,7 @@ }, "statusCode":{ "shape":"entityStatusCode", - "documentation":"The most recent status of the entity affected by the event. The possible values are IMPAIRED, UNIMPAIRED, and UNKNOWN.
The most recent status of the entity affected by the event. The possible values are IMPAIRED, UNIMPAIRED, UNKNOWN, PENDING, and RESOLVED.
This parameter specifies if the Health event is a public Amazon Web Services service event or an account-specific event.
If the eventScopeCode value is PUBLIC, then the affectedAccounts value is always empty.
If the eventScopeCode value is ACCOUNT_SPECIFIC, then the affectedAccounts value lists the affected Amazon Web Services accounts in your organization. For example, if an event affects a service such as Amazon Elastic Compute Cloud and you have Amazon Web Services accounts that use that service, those account IDs appear in the response.
If the eventScopeCode value is NONE, then the eventArn that you specified in the request is invalid or doesn't exist.
The actionability classification of the event. Possible values are ACTION_REQUIRED, ACTION_MAY_BE_REQUIRED and INFORMATIONAL. Events with ACTION_REQUIRED actionability require customer action to resolve or mitigate the event. Events with ACTION_MAY_BE_REQUIRED actionability indicates that the current status is unknown or conditional and inspection is needed to determine if action is required. Events with INFORMATIONAL actionability are provided for awareness and do not require immediate action.
A list of persona classifications that indicate the target audience for the event. Possible values are OPERATIONS, SECURITY, and BILLING. Events can be associated with multiple personas to indicate relevance to different teams or roles within an organization.
Summary information about an Health event.
Health events can be public or account-specific:
Public events might be service events that are not specific to an Amazon Web Services account. For example, if there is an issue with an Amazon Web Services Region, Health provides information about the event, even if you don't use services or resources in that Region.
Account-specific events are specific to either your Amazon Web Services account or an account in your organization. For example, if there's an issue with Amazon Elastic Compute Cloud in a Region that you use, Health provides information about the event and the affected resources in the account.
You can determine if an event is public or account-specific by using the eventScopeCode parameter. For more information, see eventScopeCode.
The values used to filter results from the DescribeEventDetailsForOrganization and DescribeAffectedEntitiesForOrganization operations.
" }, + "EventActionability":{ + "type":"string", + "enum":[ + "ACTION_REQUIRED", + "ACTION_MAY_BE_REQUIRED", + "INFORMATIONAL" + ] + }, + "EventActionabilityList":{ + "type":"list", + "member":{"shape":"EventActionability"}, + "max":3, + "min":1 + }, "EventAggregate":{ "type":"structure", "members":{ @@ -879,6 +901,10 @@ "EventFilter":{ "type":"structure", "members":{ + "actionabilities":{ + "shape":"EventActionabilityList", + "documentation":"A list of actionability values to filter events. Use this to filter events based on whether they require action (ACTION_REQUIRED), may require action (ACTION_MAY_BE_REQUIRED) or are informational (INFORMATIONAL).
A list of event ARNs (unique identifiers). For example: \"arn:aws:health:us-east-1::event/EC2/EC2_INSTANCE_RETIREMENT_SCHEDULED/EC2_INSTANCE_RETIREMENT_SCHEDULED_ABC123-CDE456\", \"arn:aws:health:us-west-1::event/EBS/AWS_EBS_LOST_VOLUME/AWS_EBS_LOST_VOLUME_CHI789_JKL101\"
A list of event status codes.
" + }, + "personas":{ + "shape":"EventPersonaList", + "documentation":"A list of persona values to filter events. Use this to filter events based on their target audience: OPERATIONS, SECURITY, or BILLING.
The values to use to filter results from the DescribeEvents and DescribeEventAggregates operations.
" @@ -938,6 +968,20 @@ "type":"list", "member":{"shape":"Event"} }, + "EventPersona":{ + "type":"string", + "enum":[ + "OPERATIONS", + "SECURITY", + "BILLING" + ] + }, + "EventPersonaList":{ + "type":"list", + "member":{"shape":"EventPersona"}, + "max":3, + "min":1 + }, "EventType":{ "type":"structure", "members":{ @@ -952,10 +996,32 @@ "category":{ "shape":"eventTypeCategory", "documentation":"A list of event type category codes. Possible values are issue, accountNotification, or scheduledChange. Currently, the investigation value isn't supported at this time.
The actionability classification of the event. Possible values are ACTION_REQUIRED, ACTION_MAY_BE_REQUIRED and INFORMATIONAL. Events with ACTION_REQUIRED actionability require customer action to resolve or mitigate the event. Events with ACTION_MAY_BE_REQUIRED actionability indicates that the current status is unknown or conditional and inspection is needed to determine if action is required. Events with INFORMATIONAL actionability are provided for awareness and do not require immediate action.
A list of persona classifications that indicate the target audience for the event. Possible values are OPERATIONS, SECURITY, and BILLING. Events can be associated with multiple personas to indicate relevance to different teams or roles within an organization.
Contains the metadata about a type of event that is reported by Health. The EventType shows the category, service, and the event type code of the event. For example, an issue might be the category, EC2 the service, and AWS_EC2_SYSTEM_MAINTENANCE_EVENT the event type code.
You can use the DescribeEventTypes API operation to return this information about an event.
You can also use the Amazon CloudWatch Events console to create a rule so that you can get notified or take action when Health delivers a specific event to your Amazon Web Services account. For more information, see Monitor for Health events with Amazon CloudWatch Events in the Health User Guide.
" }, + "EventTypeActionability":{ + "type":"string", + "enum":[ + "ACTION_REQUIRED", + "ACTION_MAY_BE_REQUIRED", + "INFORMATIONAL" + ] + }, + "EventTypeActionabilityList":{ + "type":"list", + "member":{"shape":"EventTypeActionability"}, + "max":3, + "min":1 + }, "EventTypeCategoryList":{ "type":"list", "member":{"shape":"eventTypeCategory"}, @@ -982,6 +1048,14 @@ "eventTypeCategories":{ "shape":"EventTypeCategoryList", "documentation":"A list of event type category codes. Possible values are issue, accountNotification, or scheduledChange. Currently, the investigation value isn't supported at this time.
A list of actionability values to filter event types. Possible values are ACTION_REQUIRED, ACTION_MAY_BE_REQUIRED and INFORMATIONAL.
A list of persona classifications to filter event types. Possible values are OPERATIONS, SECURITY, and BILLING.
The values to use to filter results from the DescribeEventTypes operation.
" @@ -990,6 +1064,20 @@ "type":"list", "member":{"shape":"EventType"} }, + "EventTypePersona":{ + "type":"string", + "enum":[ + "OPERATIONS", + "SECURITY", + "BILLING" + ] + }, + "EventTypePersonaList":{ + "type":"list", + "member":{"shape":"EventTypePersona"}, + "max":3, + "min":1 + }, "InvalidPaginationToken":{ "type":"structure", "members":{ @@ -1106,6 +1194,14 @@ "statusCode":{ "shape":"eventStatusCode", "documentation":"The most recent status of the event. Possible values are open, closed, and upcoming.
The actionability classification of the event. Possible values are ACTION_REQUIRED, ACTION_MAY_BE_REQUIRED and INFORMATIONAL. Events with ACTION_REQUIRED actionability require customer action to resolve or mitigate the event. Events with ACTION_MAY_BE_REQUIRED actionability indicates that the current status is unknown or conditional and inspection is needed to determine if action is required. Events with INFORMATIONAL actionability are provided for awareness and do not require immediate action.
A list of persona classifications that indicate the target audience for the event. Possible values are OPERATIONS, SECURITY, and BILLING. Events can be associated with multiple personas to indicate relevance to different teams or roles within an organization.
Summary information about an event, returned by the DescribeEventsForOrganization operation.
" @@ -1163,6 +1259,10 @@ "OrganizationEventFilter":{ "type":"structure", "members":{ + "actionabilities":{ + "shape":"EventActionabilityList", + "documentation":"A list of actionability values to filter events. Use this to filter events based on whether they require action (ACTION_REQUIRED), may require action (ACTION_MAY_BE_REQUIRED) or are informational (INFORMATIONAL).
A list of unique identifiers for event types. For example, \"AWS_EC2_SYSTEM_MAINTENANCE_EVENT\",\"AWS_RDS_MAINTENANCE_SCHEDULED\".
A list of event status codes.
" + }, + "personas":{ + "shape":"EventPersonaList", + "documentation":"A list of persona values to filter events. Use this to filter events based on their target audience: OPERATIONS, SECURITY, or BILLING.
The values to filter results from the DescribeEventsForOrganization operation.
" diff --git a/awscli/botocore/data/iam/2010-05-08/service-2.json b/awscli/botocore/data/iam/2010-05-08/service-2.json index f073b09ad1c1..d7eeb1b33a8f 100644 --- a/awscli/botocore/data/iam/2010-05-08/service-2.json +++ b/awscli/botocore/data/iam/2010-05-08/service-2.json @@ -15,6 +15,20 @@ "auth":["aws.auth#sigv4"] }, "operations":{ + "AcceptDelegationRequest":{ + "name":"AcceptDelegationRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AcceptDelegationRequestRequest"}, + "errors":[ + {"shape":"NoSuchEntityException"}, + {"shape":"ServiceFailureException"}, + {"shape":"ConcurrentModificationException"} + ], + "documentation":"Accepts a delegation request, granting the requested temporary access.
Once the delegation request is accepted, it is eligible to send the exchange token to the partner. The SendDelegationToken API has to be explicitly called to send the delegation token.
At the time of acceptance, IAM records the details and the state of the identity that called this API. This is the identity that gets mapped to the delegated credential.
An accepted request may be rejected before the exchange token is sent to the partner.
" + }, "AddClientIDToOpenIDConnectProvider":{ "name":"AddClientIDToOpenIDConnectProvider", "http":{ @@ -61,6 +75,21 @@ ], "documentation":"Adds the specified user to the specified group.
" }, + "AssociateDelegationRequest":{ + "name":"AssociateDelegationRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateDelegationRequestRequest"}, + "errors":[ + {"shape":"NoSuchEntityException"}, + {"shape":"ServiceFailureException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"InvalidInputException"} + ], + "documentation":"Associates a delegation request with the current identity.
If the partner that created the delegation request has specified the owner account during creation, only an identity from that owner account can call the AssociateDelegationRequest API for the specified delegation request. Once the AssociateDelegationRequest API call is successful, the ARN of the current calling identity will be stored as the ownerId of the request.
If the partner that created the delegation request has not specified the owner account during creation, any caller from any account can call the AssociateDelegationRequest API for the delegation request. Once this API call is successful, the ARN of the current calling identity will be stored as the ownerId and the Amazon Web Services account ID of the current calling identity will be stored as the ownerAccount of the request.
For more details, see Managing Permissions for Delegation Requests.
" + }, "AttachGroupPolicy":{ "name":"AttachGroupPolicy", "http":{ @@ -178,7 +207,7 @@ {"shape":"LimitExceededException"}, {"shape":"ConcurrentModificationException"} ], - "documentation":"This API is currently unavailable for general use.
" + "documentation":"Creates an IAM delegation request for temporary access delegation.
This API is not available for general use. In order to use this API, a caller first need to go through an onboarding process described in the partner onboarding documentation.
" }, "CreateGroup":{ "name":"CreateGroup", @@ -859,6 +888,17 @@ ], "documentation":"Disables root user sessions for privileged tasks across member accounts in your organization. When you disable this feature, the management account and the delegated administrator for IAM can no longer perform privileged tasks on member accounts in your organization.
" }, + "DisableOutboundWebIdentityFederation":{ + "name":"DisableOutboundWebIdentityFederation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "errors":[ + {"shape":"FeatureDisabledException"} + ], + "documentation":"Disables the outbound identity federation feature for your Amazon Web Services account. When disabled, IAM principals in the account cannot use the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for authentication with external services. This operation does not affect tokens that were issued before the feature was disabled.
Allows the management account or delegated administrator to perform privileged tasks on member accounts in your organization. For more information, see Centrally manage root access for member accounts in the Identity and Access Management User Guide.
Before you enable this feature, you must have an account configured with the following settings:
You must manage your Amazon Web Services accounts in Organizations.
Enable trusted access for Identity and Access Management in Organizations. For details, see IAM and Organizations in the Organizations User Guide.
Enables the outbound identity federation feature for your Amazon Web Services account. When enabled, IAM principals in your account can use the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for secure authentication with external services. This operation also generates a unique issuer URL for your Amazon Web Services account.
Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.
To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.
You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.
For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.
The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.
To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.
Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.
OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.
Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.
To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.
Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.
OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.
Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.
Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.
" + "documentation":"Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.
To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.
You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.
For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.
The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.
To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.
Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.
OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.
Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.
To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.
Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.
OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.
Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.
Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.
" }, "GenerateServiceLastAccessedDetails":{ "name":"GenerateServiceLastAccessedDetails", @@ -964,7 +1019,7 @@ {"shape":"NoSuchEntityException"}, {"shape":"InvalidInputException"} ], - "documentation":"Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for at least the last 400 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked. For more information about services and actions for which action last accessed information is displayed, see IAM action last accessed information services and actions.
The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:
GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.
The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.
To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.
For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
" + "documentation":"Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for at least the last 400 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked. For more information about services and actions for which action last accessed information is displayed, see IAM action last accessed information services and actions.
The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:
GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.
The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.
To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.
For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
" }, "GetAccessKeyLastUsed":{ "name":"GetAccessKeyLastUsed", @@ -1077,6 +1132,23 @@ ], "documentation":"Retrieves a credential report for the Amazon Web Services account. For more information about the credential report, see Getting credential reports in the IAM User Guide.
" }, + "GetDelegationRequest":{ + "name":"GetDelegationRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetDelegationRequestRequest"}, + "output":{ + "shape":"GetDelegationRequestResponse", + "resultWrapper":"GetDelegationRequestResult" + }, + "errors":[ + {"shape":"NoSuchEntityException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Retrieves information about a specific delegation request.
If a delegation request has no owner or owner account, GetDelegationRequest for that delegation request can be called by any account. If the owner account is assigned but there is no owner id, only identities within that owner account can call GetDelegationRequest for the delegation request. Once the delegation request is fully owned, the owner of the request gets a default permission to get that delegation request. For more details, see Managing Permissions for Delegation Requests.
Retrieves the specified inline policy document that is embedded in the specified IAM group.
Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically.
An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.
For more information about policies, see Managed policies and inline policies in the IAM User Guide.
" }, + "GetHumanReadableSummary":{ + "name":"GetHumanReadableSummary", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetHumanReadableSummaryRequest"}, + "output":{ + "shape":"GetHumanReadableSummaryResponse", + "resultWrapper":"GetHumanReadableSummaryResult" + }, + "errors":[ + {"shape":"InvalidInputException"}, + {"shape":"NoSuchEntityException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Retrieves a human readable summary for a given entity. At this time, the only supported entity type is delegation-request
This method uses a Large Language Model (LLM) to generate the summary.
If a delegation request has no owner or owner account, GetHumanReadableSummary for that delegation request can be called by any account. If the owner account is assigned but there is no owner id, only identities within that owner account can call GetHumanReadableSummary for the delegation request to retrieve a summary of that request. Once the delegation request is fully owned, the owner of the request gets a default permission to get that delegation request. For more details, read default permissions granted to delegation requests. These rules are identical to GetDelegationRequest API behavior, such that a party who has permissions to call GetDelegationRequest for a given delegation request will always be able to retrieve the human readable summary for that request.
Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.
Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.
To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
For each service that principals in an account (root user, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.
By default, the list is sorted by service namespace.
" }, + "GetOutboundWebIdentityFederationInfo":{ + "name":"GetOutboundWebIdentityFederationInfo", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "output":{ + "shape":"GetOutboundWebIdentityFederationInfoResponse", + "resultWrapper":"GetOutboundWebIdentityFederationInfoResult" + }, + "errors":[ + {"shape":"FeatureDisabledException"} + ], + "documentation":"Retrieves the configuration information for the outbound identity federation feature in your Amazon Web Services account. The response includes the unique issuer URL for your Amazon Web Services account and the current enabled/disabled status of the feature. Use this operation to obtain the issuer URL that you need to configure trust relationships with external services.
" + }, "GetPolicy":{ "name":"GetPolicy", "http":{ @@ -1491,6 +1596,24 @@ ], "documentation":"Lists all managed policies that are attached to the specified IAM user.
An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use ListUserPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.
You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.
Lists delegation requests based on the specified criteria.
If a delegation request has no owner, even if it is assigned to a specific account, it will not be part of the ListDelegationRequests output for that account.
For more details, see Managing Permissions for Delegation Requests.
" + }, "ListEntitiesForPolicy":{ "name":"ListEntitiesForPolicy", "http":{ @@ -2073,6 +2196,21 @@ ], "documentation":"Adds or updates an inline policy document that is embedded in the specified IAM user.
An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy . To create a new managed policy, use CreatePolicy . For information about policies, see Managed policies and inline policies in the IAM User Guide.
For information about the maximum number of inline policies that you can embed in a user, see IAM and STS quotas in the IAM User Guide.
Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.
Rejects a delegation request, denying the requested temporary access.
Once a request is rejected, it cannot be accepted or updated later. Rejected requests expire after 7 days.
When rejecting a request, an optional explanation can be added using the Notes request parameter.
For more details, see Managing Permissions for Delegation Requests.
" + }, "RemoveClientIDFromOpenIDConnectProvider":{ "name":"RemoveClientIDFromOpenIDConnectProvider", "http":{ @@ -2149,6 +2287,21 @@ ], "documentation":"Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers.
For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.
" }, + "SendDelegationToken":{ + "name":"SendDelegationToken", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"SendDelegationTokenRequest"}, + "errors":[ + {"shape":"NoSuchEntityException"}, + {"shape":"ServiceFailureException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"InvalidInputException"} + ], + "documentation":"Sends the exchange token for an accepted delegation request.
The exchange token is sent to the partner via an asynchronous notification channel, established by the partner.
The delegation request must be in the ACCEPTED state when calling this API. After the SendDelegationToken API call is successful, the request transitions to a FINALIZED state and cannot be rolled back. However, a user may reject an accepted request before the SendDelegationToken API is called.
For more details, see Managing Permissions for Delegation Requests.
" + }, "SetDefaultPolicyVersion":{ "name":"SetDefaultPolicyVersion", "http":{ @@ -2503,6 +2656,21 @@ ], "documentation":"Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the \"role trust policy\". For more information about roles, see Using roles to delegate permissions and federate identities.
" }, + "UpdateDelegationRequest":{ + "name":"UpdateDelegationRequest", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateDelegationRequestRequest"}, + "errors":[ + {"shape":"NoSuchEntityException"}, + {"shape":"ServiceFailureException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"InvalidInputException"} + ], + "documentation":"Updates an existing delegation request with additional information. When the delegation request is updated, it reaches the PENDING_APPROVAL state.
Once a delegation request has an owner, that owner gets a default permission to update the delegation request. For more details, see Managing Permissions for Delegation Requests.
" + }, "UpdateGroup":{ "name":"UpdateGroup", "http":{ @@ -2744,6 +2912,16 @@ } }, "shapes":{ + "AcceptDelegationRequestRequest":{ + "type":"structure", + "required":["DelegationRequestId"], + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier of the delegation request to accept.
" + } + } + }, "AccessAdvisorUsageGranularityType":{ "type":"string", "enum":[ @@ -2935,6 +3113,16 @@ "type":"list", "member":{"shape":"arnType"} }, + "AssociateDelegationRequestRequest":{ + "type":"structure", + "required":["DelegationRequestId"], + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier of the delegation request to associate.
" + } + } + }, "AttachGroupPolicyRequest":{ "type":"structure", "required":[ @@ -3165,39 +3353,39 @@ "members":{ "OwnerAccountId":{ "shape":"accountIdType", - "documentation":"" + "documentation":"The Amazon Web Services account ID this delegation request is targeted to.
If the account ID is not known, this parameter can be omitted, resulting in a request that can be associated by any account. If the account ID passed, then the created delegation request can only be associated with an identity of that target account.
" }, "Description":{ "shape":"delegationRequestDescriptionType", - "documentation":"" + "documentation":"A description of the delegation request.
" }, "Permissions":{ "shape":"DelegationPermission", - "documentation":"" + "documentation":"The permissions to be delegated in this delegation request.
" }, "RequestMessage":{ "shape":"requestMessageType", - "documentation":"" + "documentation":"A message explaining the reason for the delegation request.
Requesters can utilize this field to add a custom note to the delegation request. This field is different from the description such that this is to be utilized for a custom messaging on a case-by-case basis.
For example, if the current delegation request is in response to a previous request being rejected, this explanation can be added to the request via this field.
" }, "RequestorWorkflowId":{ "shape":"requestorWorkflowIdType", - "documentation":"" + "documentation":"The workflow ID associated with the requestor.
This is the unique identifier on the partner side that can be used to track the progress of the request.
IAM maintains a uniqueness check on this workflow id for each request - if a workflow id for an existing request is passed, this API call will fail.
" }, "RedirectUrl":{ "shape":"redirectUrlType", - "documentation":"" + "documentation":"The URL to redirect to after the delegation request is processed.
This URL is used by the IAM console to show a link to the customer to re-load the partner workflow.
" }, "NotificationChannel":{ "shape":"notificationChannelType", - "documentation":"" + "documentation":"The notification channel for updates about the delegation request.
At this time,only SNS topic ARNs are accepted for notification. This topic ARN must have a resource policy granting SNS:Publish permission to the IAM service principal (iam.amazonaws.com). See partner onboarding documentation for more details.
The duration for which the delegated session should remain active, in seconds.
The active time window for the session starts when the customer calls the SendDelegationToken API.
" }, "OnlySendByOwner":{ "shape":"booleanType", - "documentation":"" + "documentation":"Specifies whether the delegation token should only be sent by the owner.
This flag prevents any party other than the owner from calling SendDelegationToken API for this delegation request. This behavior becomes useful when the delegation request owner needs to be present for subsequent partner interactions, but the delegation request was sent to a more privileged user for approval due to the owner lacking sufficient delegation permissions.
A deep link URL to the Amazon Web Services Management Console for managing the delegation request.
For a console based workflow, partners should redirect the customer to this URL. If the customer is not logged in to any Amazon Web Services account, the Amazon Web Services workflow will automatically direct the customer to log in and then display the delegation request approval page.
" }, "DelegationRequestId":{ "shape":"delegationRequestIdType", - "documentation":"" + "documentation":"The unique identifier for the created delegation request.
" } } }, @@ -3667,13 +3855,92 @@ "DelegationPermission":{ "type":"structure", "members":{ - "PolicyTemplateArn":{"shape":"arnType"}, + "PolicyTemplateArn":{ + "shape":"arnType", + "documentation":"This ARN maps to a pre-registered policy content for this partner. See the partner onboarding documentation to understand how to create a delegation template.
" + }, "Parameters":{ "shape":"policyParameterListType", - "documentation":"" + "documentation":"A list of policy parameters that define the scope and constraints of the delegated permissions.
" } }, - "documentation":"" + "documentation":"Contains information about the permissions being delegated in a delegation request.
" + }, + "DelegationRequest":{ + "type":"structure", + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier for the delegation request.
" + }, + "OwnerAccountId":{ + "shape":"accountIdType", + "documentation":"Amazon Web Services account ID of the owner of the delegation request.
" + }, + "Description":{ + "shape":"delegationRequestDescriptionType", + "documentation":"Description of the delegation request. This is a message that is provided by the Amazon Web Services partner that filed the delegation request.
" + }, + "RequestMessage":{ + "shape":"requestMessageType", + "documentation":"A custom message that is added to the delegation request by the partner.
This element is different from the Description element such that this is a request specific message injected by the partner. The Description is typically a generic explanation of what the delegation request is targeted to do.
JSON content of the associated permission policy of this delegation request.
" + }, + "RolePermissionRestrictionArns":{ + "shape":"rolePermissionRestrictionArnListType", + "documentation":"If the PermissionPolicy includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See Permissions boundaries for IAM entities for more details about IAM permission boundaries.
ARN of the owner of this delegation request.
" + }, + "ApproverId":{"shape":"arnType"}, + "State":{ + "shape":"stateType", + "documentation":"The state of this delegation request.
See the Understanding the Request Lifecycle for an explanation of how these states are transitioned.
" + }, + "RequestorId":{ + "shape":"accountIdType", + "documentation":"Identity of the requestor of this delegation request. This will be an Amazon Web Services account ID.
" + }, + "RequestorName":{ + "shape":"requestorNameType", + "documentation":"A friendly name of the requestor.
" + }, + "CreateDate":{ + "shape":"dateType", + "documentation":"Creation date (timestamp) of this delegation request.
" + }, + "SessionDuration":{ + "shape":"sessionDurationType", + "documentation":"The life-time of the requested session credential.
" + }, + "RedirectUrl":{ + "shape":"redirectUrlType", + "documentation":"A URL to be redirected to once the delegation request is approved. Partners provide this URL when creating the delegation request.
" + }, + "Notes":{ + "shape":"notesType", + "documentation":"Notes added to this delegation request, if this request was updated via the UpdateDelegationRequest API.
" + }, + "RejectionReason":{ + "shape":"notesType", + "documentation":"Reasons for rejecting this delegation request, if this request was rejected. See also RejectDelegationRequest API documentation.
" + }, + "OnlySendByOwner":{ + "shape":"booleanType", + "documentation":"A flag indicating whether the SendDelegationToken must be called by the owner of this delegation request. This is set by the requesting partner.
" + }, + "UpdatedTime":{ + "shape":"dateType", + "documentation":"Last updated timestamp of the request.
" + } + }, + "documentation":"Contains information about a delegation request, including its status, permissions, and associated metadata.
" }, "DeleteAccessKeyRequest":{ "type":"structure", @@ -4164,6 +4431,15 @@ } } }, + "EnableOutboundWebIdentityFederationResponse":{ + "type":"structure", + "members":{ + "IssuerIdentifier":{ + "shape":"stringType", + "documentation":"A unique issuer URL for your Amazon Web Services account that hosts the OpenID Connect (OIDC) discovery endpoints at /.well-known/openid-configuration and /.well-known/jwks.json. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.
The request failed because outbound identity federation is already disabled for your Amazon Web Services account. You cannot disable the feature multiple times
", + "error":{ + "code":"FeatureDisabled", + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "FeatureDisabledMessage":{"type":"string"}, + "FeatureEnabledException":{ + "type":"structure", + "members":{ + "message":{"shape":"FeatureEnabledMessage"} + }, + "documentation":"The request failed because outbound identity federation is already enabled for your Amazon Web Services account. You cannot enable the feature multiple times. To fetch the current configuration (including the unique issuer URL), use the GetOutboundWebIdentityFederationInfo operation.
Contains the response to a successful GetCredentialReport request.
" }, + "GetDelegationRequestRequest":{ + "type":"structure", + "required":["DelegationRequestId"], + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier of the delegation request to retrieve.
" + }, + "DelegationPermissionCheck":{ + "shape":"booleanType", + "documentation":"Specifies whether to perform a permission check for the delegation request.
If set to true, the GetDelegationRequest API call will start a permission check process. This process calculates whether the caller has sufficient permissions to cover the asks from this delegation request.
Setting this parameter to true does not guarantee an answer in the response. See the PermissionCheckStatus and the PermissionCheckResult response attributes for further details.
The delegation request object containing all details about the request.
" + }, + "PermissionCheckStatus":{ + "shape":"permissionCheckStatusType", + "documentation":"The status of the permission check for the delegation request.
This value indicates the status of the process to check whether the caller has sufficient permissions to cover the requested actions in the delegation request. Since this is an asynchronous process, there are three potential values:
IN_PROGRESS : The permission check process has started.
COMPLETED : The permission check process has completed. The PermissionCheckResult will include the result.
FAILED : The permission check process has failed.
The result of the permission check, indicating whether the caller has sufficient permissions to cover the requested permissions. This is an approximate result.
ALLOWED : The caller has sufficient permissions cover all the requested permissions.
DENIED : The caller does not have sufficient permissions to cover all the requested permissions.
UNSURE : It is not possible to determine whether the caller has all the permissions needed. This output is most likely for cases when the caller has permissions with conditions.
Contains the response to a successful GetGroup request.
" }, + "GetHumanReadableSummaryRequest":{ + "type":"structure", + "required":["EntityArn"], + "members":{ + "EntityArn":{ + "shape":"arnType", + "documentation":"Arn of the entity to be summarized. At this time, the only supported entity type is delegation-request
A string representing the locale to use for the summary generation. The supported locale strings are based on the Supported languages of the Amazon Web Services Management Console .
" + } + } + }, + "GetHumanReadableSummaryResponse":{ + "type":"structure", + "members":{ + "SummaryContent":{ + "shape":"summaryContentType", + "documentation":"Summary content in the specified locale. Summary content is non-empty only if the SummaryState is AVAILABLE.
The locale that this response was generated for. This maps to the input locale.
" + }, + "SummaryState":{ + "shape":"summaryStateType", + "documentation":"State of summary generation. This generation process is asynchronous and this attribute indicates the state of the generation process.
" + } + } + }, "GetInstanceProfileRequest":{ "type":"structure", "required":["InstanceProfileName"], @@ -4769,11 +5135,11 @@ }, "JobCreationDate":{ "shape":"dateType", - "documentation":"The date and time, in ISO 8601 date-time format, when the report job was created.
" + "documentation":"The date and time, in ISO 8601 date-time format, when the report job was created.
" }, "JobCompletionDate":{ "shape":"dateType", - "documentation":"The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
An object that contains details about the most recent attempt to access the service.
" + "documentation":"An object that contains details about the most recent attempt to access the service.
" }, "IsTruncated":{ "shape":"booleanType", @@ -4798,6 +5164,19 @@ "ErrorDetails":{"shape":"ErrorDetails"} } }, + "GetOutboundWebIdentityFederationInfoResponse":{ + "type":"structure", + "members":{ + "IssuerIdentifier":{ + "shape":"stringType", + "documentation":"A unique issuer URL for your Amazon Web Services account that hosts the OpenID Connect (OIDC) discovery endpoints at /.well-known/openid-configuration and /.well-known/jwks.json. The OpenID Connect (OIDC) discovery endpoints contain verification keys and metadata necessary for token verification.
Indicates whether outbound identity federation is currently enabled for your Amazon Web Services account. When true, IAM principals in the account can call the GetWebIdentityToken API to obtain JSON Web Tokens (JWTs) for authentication with external services.
The date and time, in ISO 8601 date-time format, when the report job was created.
" + "documentation":"The date and time, in ISO 8601 date-time format, when the report job was created.
" }, "ServicesLastAccessed":{ "shape":"ServicesLastAccessed", - "documentation":" A ServiceLastAccessed object that contains details about the most recent attempt to access the service.
A ServiceLastAccessed object that contains details about the most recent attempt to access the service.
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.
To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.
To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
The date and time, in ISO 8601 date-time format, when the report job was created.
" + "documentation":"The date and time, in ISO 8601 date-time format, when the report job was created.
" }, "JobCompletionDate":{ "shape":"dateType", - "documentation":"The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.
This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.
An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified Amazon Web Services service.
An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified Amazon Web Services service.
Contains the response to a successful ListAttachedUserPolicies request.
" }, + "ListDelegationRequestsRequest":{ + "type":"structure", + "members":{ + "OwnerId":{ + "shape":"ownerIdType", + "documentation":"The owner ID to filter delegation requests by.
" + }, + "Marker":{ + "shape":"markerType", + "documentation":"Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the Marker element in the response that you received to indicate where the next call should start.
Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.
If you do not include this parameter, the number of items defaults to 100. Note that IAM may return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.
A list of delegation requests that match the specified criteria.
" + }, + "Marker":{ + "shape":"markerType", + "documentation":"When isTruncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent pagination request.
A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items.
The policy usage method to use for filtering the results.
To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary.
This parameter is optional. If it is not included, all policies are returned.
" + "documentation":"The policy usage method to use for filtering the results.
To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary.
This parameter is optional. If it is not included, all policies are returned.
" }, "Marker":{ "shape":"markerType", @@ -6043,7 +6456,7 @@ }, "ServiceNamespaces":{ "shape":"serviceNamespaceListType", - "documentation":"The service namespace for the Amazon Web Services services whose policies you want to list.
To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
The service namespace for the Amazon Web Services services whose policies you want to list.
To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.
A ListPoliciesGrantingServiceAccess object that contains details about the permissions policies attached to the specified identity (user, group, or role).
A ListPoliciesGrantingServiceAccess object that contains details about the permissions policies attached to the specified identity (user, group, or role).
The policy usage method to use for filtering the results.
To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary.
This parameter is optional. If it is not included, all policies are returned.
" + "documentation":"The policy usage method to use for filtering the results.
To list only permissions policies, set PolicyUsageFilter to PermissionsPolicy. To list only the policies used to set permissions boundaries, set the value to PermissionsBoundary.
This parameter is optional. If it is not included, all policies are returned.
" }, "Marker":{ "shape":"markerType", @@ -7092,18 +7505,18 @@ "members":{ "Name":{ "shape":"policyParameterNameType", - "documentation":"" + "documentation":"The name of the policy parameter.
" }, "Values":{ "shape":"policyParameterValuesListType", - "documentation":"" + "documentation":"The allowed values for the policy parameter.
" }, "Type":{ "shape":"PolicyParameterTypeEnum", - "documentation":"" + "documentation":"The data type of the policy parameter value.
" } }, - "documentation":"" + "documentation":"Contains information about a policy parameter used to customize delegated permissions.
" }, "PolicyParameterTypeEnum":{ "type":"string", @@ -7313,6 +7726,20 @@ "max":100, "min":1 }, + "RejectDelegationRequestRequest":{ + "type":"structure", + "required":["DelegationRequestId"], + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier of the delegation request to reject.
" + }, + "Notes":{ + "shape":"notesType", + "documentation":"Optional notes explaining the reason for rejecting the delegation request.
" + } + } + }, "RemoveClientIDFromOpenIDConnectProviderRequest":{ "type":"structure", "required":[ @@ -7749,6 +8176,16 @@ }, "documentation":"Contains information about an SSH public key, without the key's body or fingerprint.
This data type is used as a response element in the ListSSHPublicKeys operation.
" }, + "SendDelegationTokenRequest":{ + "type":"structure", + "required":["DelegationRequestId"], + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier of the delegation request for which to send the token.
" + } + } + }, "ServerCertificate":{ "type":"structure", "required":[ @@ -8621,6 +9058,20 @@ } } }, + "UpdateDelegationRequestRequest":{ + "type":"structure", + "required":["DelegationRequestId"], + "members":{ + "DelegationRequestId":{ + "shape":"delegationRequestIdType", + "documentation":"The unique identifier of the delegation request to update.
" + }, + "Notes":{ + "shape":"notesType", + "documentation":"Additional notes or comments to add to the delegation request.
" + } + } + }, "UpdateGroupRequest":{ "type":"structure", "required":["GroupName"], @@ -9210,6 +9661,10 @@ "min":16, "pattern":"[\\w-]+" }, + "delegationRequestsListType":{ + "type":"list", + "member":{"shape":"DelegationRequest"} + }, "deleteConflictMessage":{"type":"string"}, "duplicateCertificateMessage":{"type":"string"}, "duplicateSSHPublicKeyMessage":{"type":"string"}, @@ -9310,6 +9765,11 @@ "type":"list", "member":{"shape":"ListPoliciesGrantingServiceAccessEntry"} }, + "localeType":{ + "type":"string", + "max":12, + "min":2 + }, "malformedCertificateMessage":{"type":"string"}, "malformedPolicyDocumentMessage":{"type":"string"}, "markerType":{ @@ -9340,10 +9800,16 @@ "min":6 }, "noSuchEntityMessage":{"type":"string"}, + "notesType":{ + "type":"string", + "max":500, + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*" + }, "notificationChannelType":{ "type":"string", "max":400, - "min":2 + "min":2, + "pattern":"^[a-zA-Z0-9:_.-]+$" }, "openIdIdpCommunicationErrorExceptionMessage":{"type":"string"}, "organizationsEntityPathType":{ @@ -9356,6 +9822,12 @@ "type":"string", "pattern":"^p-[0-9a-zA-Z_]{8,128}$" }, + "ownerIdType":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"^[a-zA-Z0-9:/+=,.@_-]+$" + }, "passwordPolicyViolationMessage":{"type":"string"}, "passwordReusePreventionType":{ "type":"integer", @@ -9382,6 +9854,23 @@ "min":1, "pattern":"(\\u002F)|(\\u002F[\\u0021-\\u007E]+\\u002F)" }, + "permissionCheckResultType":{ + "type":"string", + "enum":[ + "ALLOWED", + "DENIED", + "UNSURE" + ] + }, + "permissionCheckStatusType":{ + "type":"string", + "enum":[ + "COMPLETE", + "IN_PROGRESS", + "FAILED" + ] + }, + "permissionType":{"type":"string"}, "policyDescriptionType":{ "type":"string", "max":1000 @@ -9437,9 +9926,13 @@ "policyParameterNameType":{ "type":"string", "max":256, - "min":5 + "min":5, + "pattern":"[ -~]+" + }, + "policyParameterValueType":{ + "type":"string", + "pattern":"[ -~]+" }, - "policyParameterValueType":{"type":"string"}, "policyParameterValuesListType":{ "type":"list", "member":{"shape":"policyParameterValueType"} @@ -9517,10 +10010,16 @@ "max":200, "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*" }, + "requestorNameType":{ + "type":"string", + "max":30, + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]*" + }, "requestorWorkflowIdType":{ "type":"string", "max":400, - "min":5 + "min":5, + "pattern":"[\\u0009\\u000A\\u000D\\u0020-\\u007E\\u00A1-\\u00FF]+" }, "responseMarkerType":{"type":"string"}, "roleDescriptionType":{ @@ -9548,6 +10047,10 @@ "min":1, "pattern":"[\\w+=,.@-]+" }, + "rolePermissionRestrictionArnListType":{ + "type":"list", + "member":{"shape":"arnType"} + }, "serialNumberType":{ "type":"string", "max":256, @@ -9609,7 +10112,7 @@ "sessionDurationType":{ "type":"integer", "max":43200, - "min":3600 + "min":300 }, "sortKeyType":{ "type":"string", @@ -9620,6 +10123,18 @@ "LAST_AUTHENTICATED_TIME_DESCENDING" ] }, + "stateType":{ + "type":"string", + "enum":[ + "UNASSIGNED", + "ASSIGNED", + "PENDING_APPROVAL", + "FINALIZED", + "ACCEPTED", + "REJECTED", + "EXPIRED" + ] + }, "statusType":{ "type":"string", "enum":[ @@ -9629,6 +10144,11 @@ ] }, "stringType":{"type":"string"}, + "summaryContentType":{ + "type":"string", + "max":10000, + "min":0 + }, "summaryKeyType":{ "type":"string", "enum":[ @@ -9673,6 +10193,15 @@ "key":{"shape":"summaryKeyType"}, "value":{"shape":"summaryValueType"} }, + "summaryStateType":{ + "type":"string", + "enum":[ + "AVAILABLE", + "NOT_AVAILABLE", + "NOT_SUPPORTED", + "FAILED" + ] + }, "summaryValueType":{"type":"integer"}, "tagKeyListType":{ "type":"list", diff --git a/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json b/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json index bad8d1157a0b..c0977e50068d 100644 --- a/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json +++ b/awscli/botocore/data/imagebuilder/2019-12-02/service-2.json @@ -74,7 +74,8 @@ {"shape":"InvalidVersionNumberException"}, {"shape":"ResourceInUseException"}, {"shape":"InvalidParameterCombinationException"}, - {"shape":"ServiceQuotaExceededException"} + {"shape":"ServiceQuotaExceededException"}, + {"shape":"DryRunOperationException"} ], "documentation":"Creates a new component that can be used to build, validate, test, and assess your image. The component is based on a YAML document that you specify using exactly one of the following methods:
Inline, using the data property in the request body.
A URL that points to a YAML document file stored in Amazon S3, using the uri property in the request body.
Create a new workflow or a new version of an existing workflow.
" }, @@ -428,6 +430,30 @@ ], "documentation":"Deletes a specific workflow resource.
" }, + "DistributeImage":{ + "name":"DistributeImage", + "http":{ + "method":"PUT", + "requestUri":"/DistributeImage" + }, + "input":{"shape":"DistributeImageRequest"}, + "output":{"shape":"DistributeImageResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"InvalidRequestException"}, + {"shape":"IdempotentParameterMismatchException"}, + {"shape":"ForbiddenException"}, + {"shape":"CallRateLimitExceededException"}, + {"shape":"ResourceInUseException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"DistributeImage distributes existing AMIs to additional regions and accounts without rebuilding the image.
" + }, "GetComponent":{ "name":"GetComponent", "http":{ @@ -1282,6 +1308,26 @@ ], "documentation":"Applies a policy to an image recipe. We recommend that you call the RAM API CreateResourceShare to share resources. If you call the Image Builder API PutImageRecipePolicy, you must also call the RAM API PromoteResourceShareCreatedFromPolicy in order for the resource to be visible to all principals with whom the resource is shared.
RetryImage retries an image distribution without rebuilding the image.
" + }, "SendWorkflowStepAction":{ "name":"SendWorkflowStepAction", "http":{ @@ -1460,6 +1506,15 @@ } }, "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"You do not have permissions to perform the requested operation.
", + "error":{"httpStatusCode":403}, + "exception":true + }, "AccountAggregation":{ "type":"structure", "members":{ @@ -1632,7 +1687,7 @@ }, "imageBuildVersionArn":{ "shape":"ImageBuildVersionArn", - "documentation":"The ARN of the image whose creation this request canceled.
" + "documentation":"The Amazon Resource Name (ARN) of the image whose creation this request canceled.
" } } }, @@ -2142,7 +2197,7 @@ }, "ContainerRecipeArn":{ "type":"string", - "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws):container-recipe/[a-z0-9-_]+/[0-9]+\\.[0-9]+\\.[0-9]+$" + "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws):container-recipe/[a-z0-9-_]+/(?:[0-9]+|x)\\.(?:[0-9]+|x)\\.(?:[0-9]+|x)$" }, "ContainerRecipeSummary":{ "type":"structure", @@ -2251,6 +2306,10 @@ "shape":"ClientToken", "documentation":"Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.
", "idempotencyToken":true + }, + "dryRun":{ + "shape":"Boolean", + "documentation":"Validates the required permissions for the operation and the request parameters, without actually making the request, and provides an error response. Upon a successful request, the error response is DryRunOperationException.
The Amazon Resource Name (ARN) of the component that the request created.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -2277,7 +2340,6 @@ "containerType", "name", "semanticVersion", - "components", "parentImage", "targetRepository", "clientToken" @@ -2296,12 +2358,12 @@ "documentation":"The description of the container recipe.
" }, "semanticVersion":{ - "shape":"VersionNumber", + "shape":"WildcardVersionNumber", "documentation":"The semantic version of the container recipe. This version follows the semantic version syntax.
The semantic version has four nodes: <major>.<minor>.<patch>/<build>. You can assign values for the first three, and can filter on all of them.
Assignment: For the first three nodes you can assign any positive integer value, including zero, with an upper limit of 2^30-1, or 1073741823 for each node. Image Builder automatically assigns the build number to the fourth node.
Patterns: You can use any numeric pattern that adheres to the assignment requirements for the nodes that you can assign. For example, you might choose a software version pattern, such as 1.0.0, or a date, such as 2021.01.01.
Components for build and test that are included in the container recipe. Recipes require a minimum of one build component, and can have a maximum of 20 build and test components in any combination.
" + "documentation":"The components included in the container recipe.
" }, "instanceConfiguration":{ "shape":"InstanceConfiguration", @@ -2364,6 +2426,10 @@ "containerRecipeArn":{ "shape":"ContainerRecipeArn", "documentation":"Returns the Amazon Resource Name (ARN) of the container recipe that the request created.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -2512,7 +2578,6 @@ "required":[ "name", "semanticVersion", - "components", "parentImage", "clientToken" ], @@ -2526,7 +2591,7 @@ "documentation":"The description of the image recipe.
" }, "semanticVersion":{ - "shape":"VersionNumber", + "shape":"WildcardVersionNumber", "documentation":"The semantic version of the image recipe. This version follows the semantic version syntax.
The semantic version has four nodes: <major>.<minor>.<patch>/<build>. You can assign values for the first three, and can filter on all of them.
Assignment: For the first three nodes you can assign any positive integer value, including zero, with an upper limit of 2^30-1, or 1073741823 for each node. Image Builder automatically assigns the build number to the fourth node.
Patterns: You can use any numeric pattern that adheres to the assignment requirements for the nodes that you can assign. For example, you might choose a software version pattern, such as 1.0.0, or a date, such as 2021.01.01.
The Amazon Resource Name (ARN) of the image recipe that was created by this request.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -2653,6 +2722,10 @@ "imageBuildVersionArn":{ "shape":"ImageBuildVersionArn", "documentation":"The Amazon Resource Name (ARN) of the image that the request created.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -2856,6 +2929,10 @@ "type":{ "shape":"WorkflowType", "documentation":"The phase in the image build process for which the workflow resource is responsible.
" + }, + "dryRun":{ + "shape":"Boolean", + "documentation":"Validates the required permissions for the operation and the request parameters, without actually making the request, and provides an error response. Upon a successful request, the error response is DryRunOperationException.
The Amazon Resource Name (ARN) of the workflow resource that the request created.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -2969,7 +3050,7 @@ }, "componentBuildVersionArn":{ "shape":"ComponentBuildVersionArn", - "documentation":"The ARN of the component build version that this request deleted.
" + "documentation":"The Amazon Resource Name (ARN) of the component build version that this request deleted.
" } } }, @@ -3094,7 +3175,7 @@ }, "imageBuildVersionArn":{ "shape":"ImageBuildVersionArn", - "documentation":"The ARN of the Image Builder image resource that this request deleted.
" + "documentation":"The Amazon Resource Name (ARN) of the Image Builder image resource that this request deleted.
" } } }, @@ -3140,7 +3221,7 @@ "members":{ "lifecyclePolicyArn":{ "shape":"LifecyclePolicyArn", - "documentation":"The ARN of the lifecycle policy that was deleted.
" + "documentation":"The Amazon Resource Name (ARN) of the lifecycle policy that was deleted.
" } } }, @@ -3161,7 +3242,7 @@ "members":{ "workflowBuildVersionArn":{ "shape":"WorkflowBuildVersionArn", - "documentation":"The ARN of the workflow resource that this request deleted.
" + "documentation":"The Amazon Resource Name (ARN) of the workflow resource that this request deleted.
" } } }, @@ -3173,6 +3254,55 @@ "VHD" ] }, + "DistributeImageRequest":{ + "type":"structure", + "required":[ + "sourceImage", + "distributionConfigurationArn", + "executionRole", + "clientToken" + ], + "members":{ + "sourceImage":{ + "shape":"NonEmptyString", + "documentation":"The source image Amazon Resource Name (ARN) to distribute.
" + }, + "distributionConfigurationArn":{ + "shape":"DistributionConfigurationArn", + "documentation":"The Amazon Resource Name (ARN) of the distribution configuration to use.
" + }, + "executionRole":{ + "shape":"RoleNameOrArn", + "documentation":"The IAM role to use for the distribution.
" + }, + "tags":{ + "shape":"TagMap", + "documentation":"The tags to apply to the distributed image.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.
", + "idempotencyToken":true + }, + "loggingConfiguration":{ + "shape":"ImageLoggingConfiguration", + "documentation":"The logging configuration for the distribution.
" + } + } + }, + "DistributeImageResponse":{ + "type":"structure", + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"The client token that uniquely identifies the request.
" + }, + "imageBuildVersionArn":{ + "shape":"ImageBuildVersionArn", + "documentation":"The Amazon Resource Name (ARN) of the image to be distributed.
" + } + } + }, "Distribution":{ "type":"structure", "required":["region"], @@ -3303,6 +3433,15 @@ "min":30 }, "DockerFileTemplate":{"type":"string"}, + "DryRunOperationException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"The dry run operation of the resource was successful, and no resources or mutations were actually performed due to the dry run flag in the request.
", + "error":{"httpStatusCode":412}, + "exception":true + }, "EbsInstanceBlockDeviceSpecification":{ "type":"structure", "members":{ @@ -3539,6 +3678,10 @@ "component":{ "shape":"Component", "documentation":"The component object specified in the request.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -3589,6 +3732,10 @@ "containerRecipe":{ "shape":"ContainerRecipe", "documentation":"The container recipe object that is returned.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -3714,6 +3861,10 @@ "imageRecipe":{ "shape":"ImageRecipe", "documentation":"The image recipe object.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -3739,6 +3890,10 @@ "image":{ "shape":"Image", "documentation":"The image object.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -3807,7 +3962,7 @@ "members":{ "lifecyclePolicy":{ "shape":"LifecyclePolicy", - "documentation":"The ARN of the image lifecycle policy resource that was returned.
" + "documentation":"The Amazon Resource Name (ARN) of the image lifecycle policy resource that was returned.
" } } }, @@ -3940,6 +4095,10 @@ "workflow":{ "shape":"Workflow", "documentation":"The workflow resource specified in the request.
" + }, + "latestVersionReferences":{ + "shape":"LatestVersionReferences", + "documentation":"The resource ARNs with different wildcard variations of semantic versioning.
" } } }, @@ -4403,7 +4562,7 @@ }, "ImageRecipeArn":{ "type":"string", - "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws):image-recipe/[a-z0-9-_]+/[0-9]+\\.[0-9]+\\.[0-9]+$" + "pattern":"^arn:aws[^:]*:imagebuilder:[^:]+:(?:[0-9]{12}|aws):image-recipe/[a-z0-9-_]+/(?:[0-9]+|x)\\.(?:[0-9]+|x)\\.(?:[0-9]+|x)$" }, "ImageRecipeSummary":{ "type":"structure", @@ -5292,6 +5451,28 @@ "error":{"httpStatusCode":400}, "exception":true }, + "LatestVersionReferences":{ + "type":"structure", + "members":{ + "latestVersionArn":{ + "shape":"ImageBuilderArn", + "documentation":"The latest version Amazon Resource Name (ARN) of the Image Builder resource.
" + }, + "latestMajorVersionArn":{ + "shape":"ImageBuilderArn", + "documentation":"The latest version Amazon Resource Name (ARN) with the same major version of the Image Builder resource.
The latest version Amazon Resource Name (ARN) with the same minor version of the Image Builder resource.
The latest version Amazon Resource Name (ARN) with the same patch version of the Image Builder resource.
The resource ARNs with different wildcard variations of semantic versioning.
" + }, "LaunchPermissionConfiguration":{ "type":"structure", "members":{ @@ -6588,7 +6769,7 @@ }, "imageBuildVersionArn":{ "shape":"ImageBuildVersionArn", - "documentation":"The resource ARN of the image build version for which you requested a list of workflow runtime details.
" + "documentation":"The resource Amazon Resource Name (ARN) of the image build version for which you requested a list of workflow runtime details.
" }, "message":{ "shape":"ImageBuildMessage", @@ -6632,7 +6813,7 @@ }, "workflowBuildVersionArn":{ "shape":"WorkflowBuildVersionArn", - "documentation":"The build version ARN for the Image Builder workflow resource that defines the steps for this runtime instance of the workflow.
" + "documentation":"The build version Amazon Resource Name (ARN) for the Image Builder workflow resource that defines the steps for this runtime instance of the workflow.
" }, "workflowExecutionId":{ "shape":"WorkflowExecutionId", @@ -6640,7 +6821,7 @@ }, "imageBuildVersionArn":{ "shape":"ImageBuildVersionArn", - "documentation":"The image build version resource ARN that's associated with the specified runtime instance of the workflow.
" + "documentation":"The image build version resource Amazon Resource Name (ARN) that's associated with the specified runtime instance of the workflow.
" }, "message":{ "shape":"ImageBuildMessage", @@ -7196,6 +7377,37 @@ "max":25, "min":1 }, + "RetryImageRequest":{ + "type":"structure", + "required":[ + "imageBuildVersionArn", + "clientToken" + ], + "members":{ + "imageBuildVersionArn":{ + "shape":"ImageBuildVersionArn", + "documentation":"The source image Amazon Resource Name (ARN) to retry.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference.
", + "idempotencyToken":true + } + } + }, + "RetryImageResponse":{ + "type":"structure", + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"The client token that uniquely identifies the request.
" + }, + "imageBuildVersionArn":{ + "shape":"ImageBuildVersionArn", + "documentation":"The ARN of the image to be retried.
" + } + } + }, "RoleNameOrArn":{ "type":"string", "max":2048, @@ -7458,7 +7670,7 @@ "members":{ "resourceArn":{ "shape":"ImageBuildVersionArn", - "documentation":"The ARN of the Image Builder resource that is updated. The state update might also impact associated resources.
" + "documentation":"The Amazon Resource Name (ARN) of the Image Builder resource that is updated. The state update might also impact associated resources.
" }, "state":{ "shape":"ResourceState", @@ -7496,7 +7708,7 @@ }, "resourceArn":{ "shape":"ImageBuildVersionArn", - "documentation":"The requested ARN of the Image Builder resource for the asynchronous update.
" + "documentation":"The requested Amazon Resource Name (ARN) of the Image Builder resource for the asynchronous update.
" } } }, @@ -7597,6 +7809,15 @@ "min":3, "pattern":"[a-zA-Z0-9]{2,}(?:\\/[a-zA-Z0-9-_+]+)*" }, + "TooManyRequestsException":{ + "type":"structure", + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"You have attempted too many requests for the specific operation.
", + "error":{"httpStatusCode":429}, + "exception":true + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -7889,7 +8110,7 @@ "members":{ "lifecyclePolicyArn":{ "shape":"LifecyclePolicyArn", - "documentation":"The ARN of the image lifecycle policy resource that was updated.
" + "documentation":"The Amazon Resource Name (ARN) of the image lifecycle policy resource that was updated.
" } } }, @@ -7973,6 +8194,10 @@ "type":"list", "member":{"shape":"VulnerablePackage"} }, + "WildcardVersionNumber":{ + "type":"string", + "pattern":"^(?:[0-9]+|x)\\.(?:[0-9]+|x)\\.(?:[0-9]+|x)$" + }, "Workflow":{ "type":"structure", "members":{ @@ -8123,6 +8348,10 @@ "parallelGroup":{ "shape":"ParallelGroup", "documentation":"The name of the test group that included the test workflow resource at runtime.
" + }, + "retried":{ + "shape":"NullableBoolean", + "documentation":"Indicates retry status for this runtime instance of the workflow.
" } }, "documentation":"Metadata that includes details and status from this runtime instance of the workflow.
" @@ -8280,7 +8509,7 @@ }, "workflowBuildVersionArn":{ "shape":"WorkflowBuildVersionArn", - "documentation":"The ARN of the workflow resource that ran.
" + "documentation":"The Amazon Resource Name (ARN) of the workflow resource that ran.
" }, "name":{ "shape":"WorkflowStepName", diff --git a/awscli/botocore/data/inspector2/2020-06-08/service-2.json b/awscli/botocore/data/inspector2/2020-06-08/service-2.json index 2ce0affd5e8f..db9a20ee021b 100644 --- a/awscli/botocore/data/inspector2/2020-06-08/service-2.json +++ b/awscli/botocore/data/inspector2/2020-06-08/service-2.json @@ -588,7 +588,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Retrieves information about a specific code security scan.
" + "documentation":"Retrieves information about a specific code security scan.
", + "readonly":true }, "GetCodeSecurityScanConfiguration":{ "name":"GetCodeSecurityScanConfiguration", @@ -675,7 +676,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Gets an encryption key.
" + "documentation":"Gets an encryption key.
", + "readonly":true }, "GetFindingsReportStatus":{ "name":"GetFindingsReportStatus", @@ -747,7 +749,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists the permissions an account has to configure Amazon Inspector.
" + "documentation":"Lists the permissions an account has to configure Amazon Inspector. If the account is a member account or standalone account with resources managed by an Organizations policy, the operation returns fewer permissions.
" }, "ListCisScanConfigurations":{ "name":"ListCisScanConfigurations", @@ -1000,7 +1002,8 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Lists all tags attached to a given resource.
" + "documentation":"Lists all tags attached to a given resource.
", + "readonly":true }, "ListUsageTotals":{ "name":"ListUsageTotals", @@ -5345,7 +5348,8 @@ "DISASSOCIATE_ALL_MEMBERS", "ACCOUNT_IS_ISOLATED", "EC2_SSM_RESOURCE_DATA_SYNC_LIMIT_EXCEEDED", - "EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED" + "EC2_SSM_ASSOCIATION_VERSION_LIMIT_EXCEEDED", + "BLOCKED_BY_ORGANIZATION_POLICY" ] }, "ErrorMessage":{"type":"string"}, @@ -8991,7 +8995,7 @@ }, "reason":{ "shape":"ScanStatusReason", - "documentation":"The scan status. Possible return values and descriptions are:
ACCESS_DENIED - Resource access policy restricting Amazon Inspector access. Please update the IAM policy.
ACCESS_DENIED_TO_ENCRYPTION_KEY - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy.
DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes.
DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance.
DEEP_INSPECTION_NO_INVENTORY - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance.
DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account.
EC2_INSTANCE_STOPPED - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state.
EXCLUDED_BY_TAG - This resource was not scanned because it has been excluded by a tag.
IMAGE_SIZE_EXCEEDED - Reserved for future use.
INTEGRATION_CONNNECTION_LOST - Amazon Inspector couldn't communicate with the source code management platform.
INTERNAL_ERROR - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user.
NO_INVENTORY - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of InspectorInventoryCollection-do-not-delete association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console.
NO_RESOURCES_FOUND - Reserved for future use.
NO_SCAN_CONFIGURATION_ASSOCIATED - The code repository resource doesn't have an associated scan configuration.
PENDING_DISABLE - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status.
PENDING_INITIAL_SCAN - This resource has been identified for scanning, results will be available soon.
RESOURCE_TERMINATED - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up.
SCAN_ELIGIBILITY_EXPIRED - The configured scan duration has lapsed for this image.
SCAN_FREQUENCY_MANUAL - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration.
SCAN_FREQUENCY_SCAN_ON_PUSH - This image will be scanned one time and will not new findings because of the scan frequency configuration.
SCAN_IN_PROGRESS - The resource is currently being scanned.
STALE_INVENTORY - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console.
SUCCESSFUL - The scan was successful.
UNMANAGED_EC2_INSTANCE - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance.
UNSUPPORTED_CONFIG_FILE - Reserved for future use.
UNSUPPORTED_LANGUAGE - The scan was unsuccessful because the repository contains files in an unsupported programming language.
UNSUPPORTED_MEDIA_TYPE - The ECR image has an unsupported media type.
UNSUPPORTED_OS - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.
UNSUPPORTED_RUNTIME - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.
The scan status. Possible return values and descriptions are:
ACCESS_DENIED - Resource access policy restricting Amazon Inspector access. Please update the IAM policy.
ACCESS_DENIED_TO_ENCRYPTION_KEY - The KMS key policy doesn't allow Amazon Inspector access. Update the key policy.
DEEP_INSPECTION_COLLECTION_TIME_LIMIT_EXCEEDED - Amazon Inspector failed to extract the package inventory because the package collection time exceeding the maximum threshold of 15 minutes.
DEEP_INSPECTION_DAILY_SSM_INVENTORY_LIMIT_EXCEEDED - The SSM agent couldn't send inventory to Amazon Inspector because the SSM quota for Inventory data collected per instance per day has already been reached for this instance.
DEEP_INSPECTION_NO_INVENTORY - The Amazon Inspector plugin hasn't yet been able to collect an inventory of packages for this instance. This is usually the result of a pending scan, however, if this status persists after 6 hours, use SSM to ensure that the required Amazon Inspector associations exist and are running for the instance.
DEEP_INSPECTION_PACKAGE_COLLECTION_LIMIT_EXCEEDED - The instance has exceeded the 5000 package limit for Amazon Inspector Deep inspection. To resume Deep inspection for this instance you can try to adjust the custom paths associated with the account.
EC2_INSTANCE_STOPPED - This EC2 instance is in a stopped state, therefore, Amazon Inspector will pause scanning. The existing findings will continue to exist until the instance is terminated. Once the instance is re-started, Inspector will automatically start scanning the instance again. Please note that you will not be charged for this instance while it's in a stopped state.
EXCLUDED_BY_TAG - This resource was not scanned because it has been excluded by a tag.
IMAGE_SIZE_EXCEEDED - Reserved for future use.
INTEGRATION_CONNNECTION_LOST - Amazon Inspector couldn't communicate with the source code management platform.
INTERNAL_ERROR - Amazon Inspector has encountered an internal error for this resource. Amazon Inspector service will automatically resolve the issue and resume the scanning. No action required from the user.
NO_INVENTORY - Amazon Inspector couldn't find software application inventory to scan for vulnerabilities. This might be caused due to required Amazon Inspector associations being deleted or failing to run on your resource. Please verify the status of InspectorInventoryCollection-do-not-delete association in the SSM console for the resource. Additionally, you can verify the instance's inventory in the SSM Fleet Manager console.
NO_RESOURCES_FOUND - Reserved for future use.
NO_SCAN_CONFIGURATION_ASSOCIATED - The code repository resource doesn't have an associated scan configuration.
PENDING_DISABLE - This resource is pending cleanup during disablement. The customer will not be billed while a resource is in the pending disable status.
PENDING_INITIAL_SCAN - This resource has been identified for scanning, results will be available soon.
RESOURCE_TERMINATED - This resource has been terminated. The findings and coverage associated with this resource are in the process of being cleaned up.
SCAN_ELIGIBILITY_EXPIRED - The configured scan duration has lapsed for this image.
SCAN_FREQUENCY_MANUAL - This image will not be covered by Amazon Inspector due to the repository scan frequency configuration.
SCAN_FREQUENCY_SCAN_ON_PUSH - This image will be scanned one time and will not new findings because of the scan frequency configuration.
SCAN_IN_PROGRESS - The resource is currently being scanned.
STALE_INVENTORY - Amazon Inspector wasn't able to collect an updated software application inventory in the last 7 days. Please confirm the required Amazon Inspector associations still exist and you can still see an updated inventory in the SSM console.
SUCCESSFUL - The scan was successful.
UNMANAGED_EC2_INSTANCE - The EC2 instance is not managed by SSM, please use the following SSM automation to remediate the issue: https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-awssupport-troubleshoot-managed-instance.html. Once the instance becomes managed by SSM, Inspector will automatically begin scanning this instance.
UNSUPPORTED_CONFIG_FILE - Reserved for future use.
UNSUPPORTED_LANGUAGE - The scan was unsuccessful because the repository contains files in an unsupported programming language.
UNSUPPORTED_MEDIA_TYPE - The ECR image has an unsupported media type.
UNSUPPORTED_OS - Amazon Inspector does not support this OS, architecture, or image manifest type at this time. To see a complete list of supported operating systems see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.
UNSUPPORTED_RUNTIME - The function was not scanned because it has an unsupported runtime. To see a complete list of supported runtimes see: https://docs.aws.amazon.com/inspector/latest/user/supported.html.
IMAGE_ARCHIVED - This image has been archived in Amazon ECR and is no longer available for scanning in Amazon Inspector.
The status of the scan.
" @@ -9037,7 +9041,8 @@ "ACCESS_DENIED_TO_ENCRYPTION_KEY", "UNSUPPORTED_LANGUAGE", "NO_SCAN_CONFIGURATION_ASSOCIATED", - "SCAN_IN_PROGRESS" + "SCAN_IN_PROGRESS", + "IMAGE_ARCHIVED" ] }, "ScanType":{ diff --git a/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json b/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json index 431fe97abe17..642fc32399ea 100644 --- a/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json +++ b/awscli/botocore/data/invoicing/2024-12-01/paginators-1.json @@ -11,6 +11,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "InvoiceSummaries" + }, + "ListProcurementPortalPreferences": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "ProcurementPortalPreferences" } } } diff --git a/awscli/botocore/data/invoicing/2024-12-01/service-2.json b/awscli/botocore/data/invoicing/2024-12-01/service-2.json index 382e5bcc35c5..84933143d2d1 100644 --- a/awscli/botocore/data/invoicing/2024-12-01/service-2.json +++ b/awscli/botocore/data/invoicing/2024-12-01/service-2.json @@ -49,6 +49,25 @@ ], "documentation":"This creates a new invoice unit with the provided definition.
" }, + "CreateProcurementPortalPreference":{ + "name":"CreateProcurementPortalPreference", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateProcurementPortalPreferenceRequest"}, + "output":{"shape":"CreateProcurementPortalPreferenceResponse"}, + "errors":[ + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Creates a procurement portal preference configuration for e-invoice delivery and purchase order retrieval. This preference defines how invoices are delivered to a procurement portal and how purchase orders are retrieved.
", + "idempotent":true + }, "DeleteInvoiceUnit":{ "name":"DeleteInvoiceUnit", "http":{ @@ -66,6 +85,24 @@ ], "documentation":"This deletes an invoice unit with the provided invoice unit ARN.
" }, + "DeleteProcurementPortalPreference":{ + "name":"DeleteProcurementPortalPreference", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteProcurementPortalPreferenceRequest"}, + "output":{"shape":"DeleteProcurementPortalPreferenceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Deletes an existing procurement portal preference. This action cannot be undone. Active e-invoice delivery and PO retrieval configurations will be terminated.
" + }, "GetInvoicePDF":{ "name":"GetInvoicePDF", "http":{ @@ -102,6 +139,25 @@ "documentation":"This retrieves the invoice unit definition.
", "readonly":true }, + "GetProcurementPortalPreference":{ + "name":"GetProcurementPortalPreference", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetProcurementPortalPreferenceRequest"}, + "output":{"shape":"GetProcurementPortalPreferenceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Retrieves the details of a specific procurement portal preference configuration.
" + }, "ListInvoiceSummaries":{ "name":"ListInvoiceSummaries", "http":{ @@ -136,6 +192,24 @@ "documentation":"This fetches a list of all invoice unit definitions for a given account, as of the provided AsOf date.
Retrieves a list of procurement portal preferences associated with the Amazon Web Services account.
" + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -154,6 +228,25 @@ "documentation":"Lists the tags for a resource.
", "readonly":true }, + "PutProcurementPortalPreference":{ + "name":"PutProcurementPortalPreference", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"PutProcurementPortalPreferenceRequest"}, + "output":{"shape":"PutProcurementPortalPreferenceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Updates an existing procurement portal preference configuration. This operation can modify settings for e-invoice delivery and purchase order retrieval.
" + }, "TagResource":{ "name":"TagResource", "http":{ @@ -205,6 +298,25 @@ {"shape":"AccessDeniedException"} ], "documentation":"You can update the invoice unit configuration at any time, and Amazon Web Services will use the latest configuration at the end of the month.
" + }, + "UpdateProcurementPortalPreferenceStatus":{ + "name":"UpdateProcurementPortalPreferenceStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateProcurementPortalPreferenceStatusRequest"}, + "output":{"shape":"UpdateProcurementPortalPreferenceStatusResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"InternalServerException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Updates the status of a procurement portal preference, including the activation state of e-invoice delivery and purchase order retrieval features.
" } }, "shapes":{ @@ -302,6 +414,58 @@ }, "documentation":"The billing period for which you want to retrieve invoice-related documents.
" }, + "Boolean":{ + "type":"boolean", + "box":true + }, + "BuyerDomain":{ + "type":"string", + "enum":["NetworkID"] + }, + "ConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"BasicString"}, + "resourceId":{ + "shape":"BasicString", + "documentation":"The identifier of the resource that caused the conflict.
" + }, + "resourceType":{ + "shape":"BasicString", + "documentation":"The type of resource that caused the conflict.
" + } + }, + "documentation":"The request could not be completed due to a conflict with the current state of the resource. This exception occurs when a concurrent modification is detected during an update operation, or when attempting to create a resource that already exists.
", + "exception":true + }, + "ConnectionTestingMethod":{ + "type":"string", + "enum":[ + "PROD_ENV_DOLLAR_TEST", + "TEST_ENV_REPLAY_TEST" + ] + }, + "Contact":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"BasicString", + "documentation":"The name of the contact person or role.
" + }, + "Email":{ + "shape":"EmailString", + "documentation":"The email address of the contact person or role.
" + } + }, + "documentation":"Represents contact information for a person or role associated with the procurement portal preference.
", + "sensitive":true + }, + "Contacts":{ + "type":"list", + "member":{"shape":"Contact"}, + "max":1, + "min":1 + }, "CreateInvoiceUnitRequest":{ "type":"structure", "required":[ @@ -345,6 +509,89 @@ } } }, + "CreateProcurementPortalPreferenceRequest":{ + "type":"structure", + "required":[ + "ProcurementPortalName", + "BuyerDomain", + "BuyerIdentifier", + "SupplierDomain", + "SupplierIdentifier", + "EinvoiceDeliveryEnabled", + "PurchaseOrderRetrievalEnabled", + "Contacts" + ], + "members":{ + "ProcurementPortalName":{ + "shape":"ProcurementPortalName", + "documentation":"The name of the procurement portal.
" + }, + "BuyerDomain":{ + "shape":"BuyerDomain", + "documentation":"The domain identifier for the buyer in the procurement portal.
" + }, + "BuyerIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the buyer in the procurement portal.
" + }, + "SupplierDomain":{ + "shape":"SupplierDomain", + "documentation":"The domain identifier for the supplier in the procurement portal.
" + }, + "SupplierIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the supplier in the procurement portal.
" + }, + "Selector":{"shape":"ProcurementPortalPreferenceSelector"}, + "ProcurementPortalSharedSecret":{ + "shape":"SensitiveBasicStringWithoutSpace", + "documentation":"The shared secret or authentication credential used to establish secure communication with the procurement portal. This value must be encrypted at rest.
" + }, + "ProcurementPortalInstanceEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The endpoint URL where e-invoices will be delivered to the procurement portal. Must be a valid HTTPS URL.
" + }, + "TestEnvPreference":{ + "shape":"TestEnvPreferenceInput", + "documentation":"Configuration settings for the test environment of the procurement portal. Includes test credentials and endpoints that are used for validation before production deployment.
" + }, + "EinvoiceDeliveryEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether e-invoice delivery is enabled for this procurement portal preference. Set to true to enable e-invoice delivery, false to disable.
" + }, + "EinvoiceDeliveryPreference":{ + "shape":"EinvoiceDeliveryPreference", + "documentation":"Specifies the e-invoice delivery configuration including document types, attachment types, and customization settings for the portal.
" + }, + "PurchaseOrderRetrievalEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether purchase order retrieval is enabled for this procurement portal preference. Set to true to enable PO retrieval, false to disable.
" + }, + "Contacts":{ + "shape":"Contacts", + "documentation":"List of contact information for portal administrators and technical contacts responsible for the e-invoice integration.
" + }, + "ResourceTags":{ + "shape":"ResourceTagList", + "documentation":"The tags to apply to this procurement portal preference resource. Each tag consists of a key and an optional value.
" + }, + "ClientToken":{ + "shape":"BasicStringWithoutSpace", + "documentation":"A unique, case-sensitive identifier that you provide to ensure idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "CreateProcurementPortalPreferenceResponse":{ + "type":"structure", + "required":["ProcurementPortalPreferenceArn"], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the created procurement portal preference.
" + } + } + }, "CurrencyCode":{ "type":"string", "max":3, @@ -405,6 +652,26 @@ } } }, + "DeleteProcurementPortalPreferenceRequest":{ + "type":"structure", + "required":["ProcurementPortalPreferenceArn"], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the procurement portal preference to delete.
" + } + } + }, + "DeleteProcurementPortalPreferenceResponse":{ + "type":"structure", + "required":["ProcurementPortalPreferenceArn"], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the deleted procurement portal preference.
" + } + } + }, "DescriptionString":{ "type":"string", "max":500, @@ -447,6 +714,76 @@ "type":"list", "member":{"shape":"DiscountsBreakdownAmount"} }, + "EinvoiceDeliveryAttachmentType":{ + "type":"string", + "enum":[ + "INVOICE_PDF", + "RFP_PDF" + ] + }, + "EinvoiceDeliveryAttachmentTypes":{ + "type":"list", + "member":{"shape":"EinvoiceDeliveryAttachmentType"} + }, + "EinvoiceDeliveryDocumentType":{ + "type":"string", + "enum":[ + "AWS_CLOUD_INVOICE", + "AWS_CLOUD_CREDIT_MEMO", + "AWS_MARKETPLACE_INVOICE", + "AWS_MARKETPLACE_CREDIT_MEMO", + "AWS_REQUEST_FOR_PAYMENT" + ] + }, + "EinvoiceDeliveryDocumentTypes":{ + "type":"list", + "member":{"shape":"EinvoiceDeliveryDocumentType"}, + "max":10, + "min":0 + }, + "EinvoiceDeliveryPreference":{ + "type":"structure", + "required":[ + "EinvoiceDeliveryDocumentTypes", + "Protocol", + "PurchaseOrderDataSources", + "ConnectionTestingMethod", + "EinvoiceDeliveryActivationDate" + ], + "members":{ + "EinvoiceDeliveryDocumentTypes":{ + "shape":"EinvoiceDeliveryDocumentTypes", + "documentation":"The types of e-invoice documents to be delivered.
" + }, + "EinvoiceDeliveryAttachmentTypes":{ + "shape":"EinvoiceDeliveryAttachmentTypes", + "documentation":"The types of attachments to include with the e-invoice delivery.
" + }, + "Protocol":{ + "shape":"Protocol", + "documentation":"The communication protocol to use for e-invoice delivery.
" + }, + "PurchaseOrderDataSources":{ + "shape":"PurchaseOrderDataSources", + "documentation":"The sources of purchase order data to use for e-invoice generation and delivery.
" + }, + "ConnectionTestingMethod":{ + "shape":"ConnectionTestingMethod", + "documentation":"The method to use for testing the connection to the procurement portal.
" + }, + "EinvoiceDeliveryActivationDate":{ + "shape":"Timestamp", + "documentation":"The date when e-invoice delivery should be activated for this preference.
" + } + }, + "documentation":"Specifies the preferences for e-invoice delivery, including document types, attachment types, and customization settings.
" + }, + "EmailString":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}" + }, "Entity":{ "type":"structure", "members":{ @@ -507,6 +844,10 @@ "Accounts":{ "shape":"AccountIdList", "documentation":" You can specify a list of Amazon Web Services account IDs inside filters to return invoice units that match only the specified accounts. If multiple accounts are provided, the result is an OR condition (match any) of the specified accounts. The specified account IDs are matched with either the receiver or the linked accounts in the rules.
A list of Amazon Web Services account account IDs used to filter invoice units. These are payer accounts from other Organizations that have delegated their billing responsibility to the receiver account through the billing transfer feature.
" } }, "documentation":"An optional input to the list API. If multiple filters are specified, the returned list will be a configuration that match all of the provided filters. Supported filter types are InvoiceReceivers, Names, and Accounts.
The Amazon Resource Name (ARN) of the procurement portal preference to retrieve.
" + } + } + }, + "GetProcurementPortalPreferenceResponse":{ + "type":"structure", + "required":["ProcurementPortalPreference"], + "members":{ + "ProcurementPortalPreference":{ + "shape":"ProcurementPortalPreference", + "documentation":"The detailed configuration of the requested procurement portal preference.
" + } + } + }, "Integer":{ "type":"integer", "box":true @@ -818,6 +1179,12 @@ "min":1, "pattern":"arn:aws[-a-z0-9]*:[a-z0-9]+:[-a-z0-9]*:[0-9]{12}:[-a-zA-Z0-9/:_]+" }, + "InvoiceUnitArns":{ + "type":"list", + "member":{"shape":"InvoiceUnitArnString"}, + "max":500, + "min":0 + }, "InvoiceUnitName":{ "type":"string", "max":50, @@ -832,8 +1199,12 @@ "type":"structure", "members":{ "LinkedAccounts":{ - "shape":"AccountIdList", + "shape":"RuleAccountIdList", "documentation":"The list of LINKED_ACCOUNT IDs where charges are included within the invoice unit.
A list of Amazon Web Services account account IDs that have delegated their billing responsibility to the receiver account through transfer billing. Unlike linked accounts, these bill source accounts can be payer accounts from other organizations that have authorized billing transfer to this account.
" } }, "documentation":" This is used to categorize the invoice unit. Values are Amazon Web Services account IDs. Currently, the only supported rule is LINKED_ACCOUNT.
The token for the next set of results. (You received this token from a previous call.)
" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return in a single call. To retrieve the remaining results, make another call with the returned NextToken value.
" + } + } + }, + "ListProcurementPortalPreferencesResponse":{ + "type":"structure", + "members":{ + "ProcurementPortalPreferences":{ + "shape":"ProcurementPortalPreferenceSummaries", + "documentation":"The list of procurement portal preferences associated with the Amazon Web Services account.
" + }, + "NextToken":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The token to use to retrieve the next set of results, or null if there are no more results.
" + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["ResourceArn"], @@ -939,6 +1336,16 @@ } } }, + "Long":{ + "type":"long", + "box":true + }, + "MaxResults":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, "MaxResultsInteger":{ "type":"integer", "box":true, @@ -956,10 +1363,329 @@ "min":1, "pattern":"[\\S\\s]*" }, + "ProcurementPortalName":{ + "type":"string", + "enum":[ + "SAP_BUSINESS_NETWORK", + "COUPA" + ] + }, + "ProcurementPortalPreference":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ProcurementPortalPreferenceArn", + "ProcurementPortalName", + "BuyerDomain", + "BuyerIdentifier", + "SupplierDomain", + "SupplierIdentifier", + "EinvoiceDeliveryEnabled", + "PurchaseOrderRetrievalEnabled", + "Version", + "CreateDate", + "LastUpdateDate" + ], + "members":{ + "AwsAccountId":{ + "shape":"AccountIdString", + "documentation":"The Amazon Web Services account ID associated with this procurement portal preference.
" + }, + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the procurement portal preference.
" + }, + "ProcurementPortalName":{ + "shape":"ProcurementPortalName", + "documentation":"The name of the procurement portal.
" + }, + "BuyerDomain":{ + "shape":"BuyerDomain", + "documentation":"The domain identifier for the buyer in the procurement portal.
" + }, + "BuyerIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the buyer in the procurement portal.
" + }, + "SupplierDomain":{ + "shape":"SupplierDomain", + "documentation":"The domain identifier for the supplier in the procurement portal.
" + }, + "SupplierIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the supplier in the procurement portal.
" + }, + "Selector":{"shape":"ProcurementPortalPreferenceSelector"}, + "ProcurementPortalSharedSecret":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The shared secret or authentication credential used for secure communication with the procurement portal.
" + }, + "ProcurementPortalInstanceEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The endpoint URL where e-invoices are delivered to the procurement portal.
" + }, + "PurchaseOrderRetrievalEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The endpoint URL used for retrieving purchase orders from the procurement portal.
" + }, + "TestEnvPreference":{ + "shape":"TestEnvPreference", + "documentation":"Configuration on settings for the test environment of the procurement portal.
" + }, + "EinvoiceDeliveryEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether e-invoice delivery is enabled for this procurement portal preference.
" + }, + "EinvoiceDeliveryPreference":{ + "shape":"EinvoiceDeliveryPreference", + "documentation":"The configuration settings that specify how e-invoices are delivered to the procurement portal.
" + }, + "PurchaseOrderRetrievalEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether purchase order retrieval is enabled for this procurement portal preference.
" + }, + "Contacts":{ + "shape":"Contacts", + "documentation":"List of contact information for portal administrators and technical contacts.
" + }, + "EinvoiceDeliveryPreferenceStatus":{ + "shape":"ProcurementPortalPreferenceStatus", + "documentation":"The current status of the e-invoice delivery preference.
" + }, + "EinvoiceDeliveryPreferenceStatusReason":{ + "shape":"BasicString", + "documentation":"The reason for the current e-invoice delivery preference status.
" + }, + "PurchaseOrderRetrievalPreferenceStatus":{ + "shape":"ProcurementPortalPreferenceStatus", + "documentation":"The current status of the purchase order retrieval preference.
" + }, + "PurchaseOrderRetrievalPreferenceStatusReason":{ + "shape":"BasicString", + "documentation":"The reason for the current purchase order retrieval preference status.
" + }, + "Version":{ + "shape":"Long", + "documentation":"The version number of the procurement portal preference configuration.
" + }, + "CreateDate":{ + "shape":"Timestamp", + "documentation":"The date and time when the procurement portal preference was created.
" + }, + "LastUpdateDate":{ + "shape":"Timestamp", + "documentation":"The date and time when the procurement portal preference was last updated.
" + } + }, + "documentation":"Represents the full configuration of a procurement portal preference, including settings for e-invoice delivery and purchase order retrieval.
" + }, + "ProcurementPortalPreferenceArnString":{ + "type":"string", + "max":256, + "min":1, + "pattern":"arn:aws:invoicing::[0-9]{12}:procurement-portal-preference/[-a-zA-Z0-9]+" + }, + "ProcurementPortalPreferenceSelector":{ + "type":"structure", + "members":{ + "InvoiceUnitArns":{ + "shape":"InvoiceUnitArns", + "documentation":"The Amazon Resource Name (ARN) of invoice unit identifiers to which this preference applies.
" + }, + "SellerOfRecords":{ + "shape":"SellerOfRecords", + "documentation":"The list of seller of record IDs to which this preference applies.
" + } + }, + "documentation":"Specifies criteria for selecting which invoices should be processed using a particular procurement portal preference.
" + }, + "ProcurementPortalPreferenceStatus":{ + "type":"string", + "enum":[ + "PENDING_VERIFICATION", + "TEST_INITIALIZED", + "TEST_INITIALIZATION_FAILED", + "TEST_FAILED", + "ACTIVE", + "SUSPENDED" + ] + }, + "ProcurementPortalPreferenceSummaries":{ + "type":"list", + "member":{"shape":"ProcurementPortalPreferenceSummary"} + }, + "ProcurementPortalPreferenceSummary":{ + "type":"structure", + "required":[ + "AwsAccountId", + "ProcurementPortalPreferenceArn", + "ProcurementPortalName", + "BuyerDomain", + "BuyerIdentifier", + "SupplierDomain", + "SupplierIdentifier", + "EinvoiceDeliveryEnabled", + "PurchaseOrderRetrievalEnabled", + "Version", + "CreateDate", + "LastUpdateDate" + ], + "members":{ + "AwsAccountId":{ + "shape":"AccountIdString", + "documentation":"The Amazon Web Services account ID associated with this procurement portal preference summary.
" + }, + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the procurement portal preference.
" + }, + "ProcurementPortalName":{ + "shape":"ProcurementPortalName", + "documentation":"The name of the procurement portal.
" + }, + "BuyerDomain":{ + "shape":"BuyerDomain", + "documentation":"The domain identifier for the buyer in the procurement portal.
" + }, + "BuyerIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the buyer in the procurement portal.
" + }, + "SupplierDomain":{ + "shape":"SupplierDomain", + "documentation":"The domain identifier for the supplier in the procurement portal.
" + }, + "SupplierIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the supplier in the procurement portal.
" + }, + "Selector":{"shape":"ProcurementPortalPreferenceSelector"}, + "EinvoiceDeliveryEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether e-invoice delivery is enabled for this procurement portal preference.
" + }, + "PurchaseOrderRetrievalEnabled":{ + "shape":"Boolean", + "documentation":"Indicates whether purchase order retrieval is enabled for this procurement portal preference.
" + }, + "EinvoiceDeliveryPreferenceStatus":{ + "shape":"ProcurementPortalPreferenceStatus", + "documentation":"The current status of the e-invoice delivery preference in this summary.
" + }, + "EinvoiceDeliveryPreferenceStatusReason":{ + "shape":"BasicString", + "documentation":"The reason for the current e-invoice delivery preference status in this summary.
" + }, + "PurchaseOrderRetrievalPreferenceStatus":{ + "shape":"ProcurementPortalPreferenceStatus", + "documentation":"The current status of the purchase order retrieval preference in this summary.
" + }, + "PurchaseOrderRetrievalPreferenceStatusReason":{ + "shape":"BasicString", + "documentation":"The reason for the current purchase order retrieval preference status in this summary.
" + }, + "Version":{ + "shape":"Long", + "documentation":"The version number of the procurement portal preference configuration in this summary.
" + }, + "CreateDate":{ + "shape":"Timestamp", + "documentation":"The date and time when the procurement portal preference was created.
" + }, + "LastUpdateDate":{ + "shape":"Timestamp", + "documentation":"The date and time when the procurement portal preference was last updated.
" + } + }, + "documentation":"Provides a summary of a procurement portal preference, including key identifiers and status information.
" + }, "ProfileList":{ "type":"list", "member":{"shape":"InvoiceProfile"} }, + "Protocol":{ + "type":"string", + "enum":["CXML"] + }, + "PurchaseOrderDataSource":{ + "type":"structure", + "members":{ + "EinvoiceDeliveryDocumentType":{ + "shape":"EinvoiceDeliveryDocumentType", + "documentation":"The type of e-invoice document that requires purchase order data.
" + }, + "PurchaseOrderDataSourceType":{ + "shape":"PurchaseOrderDataSourceType", + "documentation":"The type of source for purchase order data.
" + } + }, + "documentation":"Specifies the source configuration for retrieving purchase order data.
" + }, + "PurchaseOrderDataSourceType":{ + "type":"string", + "enum":[ + "ASSOCIATED_PURCHASE_ORDER_REQUIRED", + "PURCHASE_ORDER_NOT_REQUIRED" + ] + }, + "PurchaseOrderDataSources":{ + "type":"list", + "member":{"shape":"PurchaseOrderDataSource"} + }, + "PutProcurementPortalPreferenceRequest":{ + "type":"structure", + "required":[ + "ProcurementPortalPreferenceArn", + "EinvoiceDeliveryEnabled", + "PurchaseOrderRetrievalEnabled", + "Contacts" + ], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the procurement portal preference to update.
" + }, + "Selector":{"shape":"ProcurementPortalPreferenceSelector"}, + "ProcurementPortalSharedSecret":{ + "shape":"SensitiveBasicStringWithoutSpace", + "documentation":"The updated shared secret or authentication credential for the procurement portal. This value must be encrypted at rest.
" + }, + "ProcurementPortalInstanceEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The updated endpoint URL where e-invoices will be delivered to the procurement portal. Must be a valid HTTPS URL.
" + }, + "TestEnvPreference":{ + "shape":"TestEnvPreferenceInput", + "documentation":"Updated configuration settings for the test environment of the procurement portal.
" + }, + "EinvoiceDeliveryEnabled":{ + "shape":"Boolean", + "documentation":"Updated flag indicating whether e-invoice delivery is enabled for this procurement portal preference.
" + }, + "EinvoiceDeliveryPreference":{ + "shape":"EinvoiceDeliveryPreference", + "documentation":"Updated e-invoice delivery configuration including document types, attachment types, and customization settings for the portal.
" + }, + "PurchaseOrderRetrievalEnabled":{ + "shape":"Boolean", + "documentation":"Updated flag indicating whether purchase order retrieval is enabled for this procurement portal preference.
" + }, + "Contacts":{ + "shape":"Contacts", + "documentation":"Updated list of contact information for portal administrators and technical contacts.
" + } + } + }, + "PutProcurementPortalPreferenceResponse":{ + "type":"structure", + "required":["ProcurementPortalPreferenceArn"], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the updated procurement portal preference.
" + } + } + }, "ReceiverAddress":{ "type":"structure", "members":{ @@ -1055,6 +1781,18 @@ "max":256, "min":0 }, + "RuleAccountIdList":{ + "type":"list", + "member":{"shape":"AccountIdString"}, + "max":1000, + "min":0 + }, + "SellerOfRecords":{ + "type":"list", + "member":{"shape":"BasicStringWithoutSpace"}, + "max":100, + "min":0 + }, "SensitiveBasicStringWithoutSpace":{ "type":"string", "max":1024, @@ -1095,6 +1833,10 @@ "type":"list", "member":{"shape":"SupplementalDocument"} }, + "SupplierDomain":{ + "type":"string", + "enum":["NetworkID"] + }, "TagResourceRequest":{ "type":"structure", "required":[ @@ -1159,6 +1901,82 @@ "type":"list", "member":{"shape":"TaxesBreakdownAmount"} }, + "TestEnvPreference":{ + "type":"structure", + "required":[ + "BuyerDomain", + "BuyerIdentifier", + "SupplierDomain", + "SupplierIdentifier" + ], + "members":{ + "BuyerDomain":{ + "shape":"BuyerDomain", + "documentation":"The domain identifier for the buyer in the test environment of the procurement portal.
" + }, + "BuyerIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the buyer in the test environment of the procurement portal.
" + }, + "SupplierDomain":{ + "shape":"SupplierDomain", + "documentation":"The domain identifier for the supplier in the test environment of the procurement portal.
" + }, + "SupplierIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier for the supplier in the test environment of the procurement portal.
" + }, + "ProcurementPortalSharedSecret":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The shared secret or authentication credential used for secure communication with the test environment.
" + }, + "ProcurementPortalInstanceEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The endpoint URL where e-invoices are delivered in the test environment.
" + }, + "PurchaseOrderRetrievalEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The endpoint URL used for retrieving purchase orders in the test environment.
" + } + }, + "documentation":"Contains configuration settings for testing the procurement portal integration in a non-production environment.
" + }, + "TestEnvPreferenceInput":{ + "type":"structure", + "required":[ + "BuyerDomain", + "BuyerIdentifier", + "SupplierDomain", + "SupplierIdentifier" + ], + "members":{ + "BuyerDomain":{ + "shape":"BuyerDomain", + "documentation":"The domain identifier to use for the buyer in the test environment.
" + }, + "BuyerIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier to use for the buyer in the test environment.
" + }, + "SupplierDomain":{ + "shape":"SupplierDomain", + "documentation":"The domain identifier to use for the supplier in the test environment.
" + }, + "SupplierIdentifier":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The unique identifier to use for the supplier in the test environment.
" + }, + "ProcurementPortalSharedSecret":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The shared secret or authentication credential to use for secure communication in the test environment.
" + }, + "ProcurementPortalInstanceEndpoint":{ + "shape":"BasicStringWithoutSpace", + "documentation":"The endpoint URL where e-invoices will be delivered in the test environment.
" + } + }, + "documentation":"Input parameters for configuring test environment preferences for a procurement portal.
" + }, "ThrottlingException":{ "type":"structure", "members":{ @@ -1221,6 +2039,42 @@ } } }, + "UpdateProcurementPortalPreferenceStatusRequest":{ + "type":"structure", + "required":["ProcurementPortalPreferenceArn"], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the procurement portal preference to update.
" + }, + "EinvoiceDeliveryPreferenceStatus":{ + "shape":"ProcurementPortalPreferenceStatus", + "documentation":"The updated status of the e-invoice delivery preference.
" + }, + "EinvoiceDeliveryPreferenceStatusReason":{ + "shape":"BasicString", + "documentation":"The reason for the e-invoice delivery preference status update, providing context for the change.
" + }, + "PurchaseOrderRetrievalPreferenceStatus":{ + "shape":"ProcurementPortalPreferenceStatus", + "documentation":"The updated status of the purchase order retrieval preference.
" + }, + "PurchaseOrderRetrievalPreferenceStatusReason":{ + "shape":"BasicString", + "documentation":"The reason for the purchase order retrieval preference status update, providing context for the change.
" + } + } + }, + "UpdateProcurementPortalPreferenceStatusResponse":{ + "type":"structure", + "required":["ProcurementPortalPreferenceArn"], + "members":{ + "ProcurementPortalPreferenceArn":{ + "shape":"ProcurementPortalPreferenceArnString", + "documentation":"The Amazon Resource Name (ARN) of the procurement portal preference with updated status.
" + } + } + }, "ValidationException":{ "type":"structure", "members":{ @@ -1289,5 +2143,5 @@ "min":2005 } }, - "documentation":"Amazon Web Services Invoice Configuration
You can use Amazon Web Services Invoice Configuration APIs to programmatically create, update, delete, get, and list invoice units. You can also programmatically fetch the information of the invoice receiver. For example, business legal name, address, and invoicing contacts.
You can use Amazon Web Services Invoice Configuration to receive separate Amazon Web Services invoices based your organizational needs. By using Amazon Web Services Invoice Configuration, you can configure invoice units that are groups of Amazon Web Services accounts that represent your business entities, and receive separate invoices for each business entity. You can also assign a unique member or payer account as the invoice receiver for each invoice unit. As you create new accounts within your Organizations using Amazon Web Services Invoice Configuration APIs, you can automate the creation of new invoice units and subsequently automate the addition of new accounts to your invoice units.
Service endpoint
You can use the following endpoints for Amazon Web Services Invoice Configuration:
https://invoicing.us-east-1.api.aws
Amazon Web Services Invoice Configuration
You can use Amazon Web Services Invoice Configuration APIs to programmatically create, update, delete, get, and list invoice units. You can also programmatically fetch the information of the invoice receiver. For example, business legal name, address, and invoicing contacts.
You can use Amazon Web Services Invoice Configuration to receive separate Amazon Web Services invoices based your organizational needs. By using Amazon Web Services Invoice Configuration, you can configure invoice units that are groups of Amazon Web Services accounts that represent your business entities, and receive separate invoices for each business entity. You can also assign a unique member or payer account as the invoice receiver for each invoice unit. As you create new accounts within your Organizations using Amazon Web Services Invoice Configuration APIs, you can automate the creation of new invoice units and subsequently automate the addition of new accounts to your invoice units.
Amazon Web Services Procurement Portal Preferences
You can use Amazon Web Services Procurement Portal Preferences APIs to programmatically create, update, delete, get, and list procurement portal connections and e-invoice delivery settings. You can also programmatically fetch and modify the status of procurement portal configurations. For example, SAP Business Network or Coupa connections, configure e-invoice delivery and purchase order retrieval features.
You can use Amazon Web Services Procurement Portal Preferences to connect e-invoice delivery to your procurement portals based on your organizational needs. By using Amazon Web Services Procurement Portal Preferences, you can configure connections to SAP Business Network and Coupa procurement portals that retrieve purchase orders and deliver Amazon Web Services invoices on the same day they are generated. You can also set up testing environments to validate invoice delivery without affecting live transactions, and manage contact information for portal setup and support.
Administrative users should understand that billing read-only policies will show all procurement portal connection details. Review your IAM policies to ensure appropriate access controls are in place for procurement portal preferences.
Amazon Web Services Invoice Management
You can use Amazon Web Services Invoice Management APIs to programmatically list invoice summaries and get invoice documents. You can also programmatically fetch invoice documents with S3 pre-signed URLs.
You can use Amazon Web Services Invoice Management to access invoice information based on your organizational needs. By using Amazon Web Services Invoice Management, you can retrieve paginated lists of invoice summaries that include invoice metadata such as invoice IDs, amounts, and currencies without downloading documents. You can also download invoice documents in PDF format using S3 pre-signed URLs with built-in expiration. As you manage invoices across your organization using Amazon Web Services Invoice Management APIs, you can create invoice retrieval processes and integrate invoice data into your financial systems.
Service endpoint
You can use the following endpoints for Amazon Web Services Invoice Configuration, Amazon Web Services Procurement Portal Preferences, and Amazon Web Services Invoice Management:
https://invoicing.us-east-1.api.aws
Get the position information for a given resource.
This action is no longer supported. Calls to retrieve the position information should use the GetResourcePosition API operation instead.
Get the position information for a given resource.
This action is no longer supported. Calls to retrieve the position information should use the GetResourcePosition API operation instead.
Get position configuration for a given resource.
This action is no longer supported. Calls to retrieve the position configuration should use the GetResourcePosition API operation instead.
Get position configuration for a given resource.
This action is no longer supported. Calls to retrieve the position configuration should use the GetResourcePosition API operation instead.
List position configurations for a given resource, such as positioning solvers.
This action is no longer supported. Calls to retrieve position information should use the GetResourcePosition API operation instead.
List position configurations for a given resource, such as positioning solvers.
This action is no longer supported. Calls to retrieve position information should use the GetResourcePosition API operation instead.
List wireless devices that have been added to an import task.
" + "documentation":"List of import tasks and summary information of onboarding status of devices in each import task.
" }, "ListWirelessDevices":{ "name":"ListWirelessDevices", @@ -1500,7 +1500,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServerException"} ], - "documentation":"Put position configuration for a given resource.
This action is no longer supported. Calls to update the position configuration should use the UpdateResourcePosition API operation instead.
Put position configuration for a given resource.
This action is no longer supported. Calls to update the position configuration should use the UpdateResourcePosition API operation instead.
Update the position information of a resource.
This action is no longer supported. Calls to update the position information should use the UpdateResourcePosition API operation instead.
Update the position information of a resource.
This action is no longer supported. Calls to update the position information should use the UpdateResourcePosition API operation instead.
FPort values for the GNSS, stream, and ClockSync functions of the positioning information.
" + "documentation":"The integration status of the Device Location feature for LoRaWAN and Sidewalk devices.
" }, "Sidewalk":{ "shape":"SidewalkCreateWirelessDevice", @@ -4671,6 +4671,10 @@ "shape":"DestinationName", "documentation":"The name of the destination that's assigned to the wireless devices in the import task.
" }, + "Positioning":{ + "shape":"PositioningConfigStatus", + "documentation":"The integration status of the Device Location feature for LoRaWAN and Sidewalk devices.
" + }, "Sidewalk":{ "shape":"SidewalkGetStartImportInfo", "documentation":"The Sidewalk-related information about an import task.
" @@ -4771,7 +4775,7 @@ }, "Positioning":{ "shape":"PositioningConfigStatus", - "documentation":"FPort values for the GNSS, stream, and ClockSync functions of the positioning information.
" + "documentation":"The integration status of the Device Location feature for LoRaWAN and Sidewalk devices.
" } } }, @@ -5432,6 +5436,14 @@ "shape":"DestinationName", "documentation":"The name of the Sidewalk destination that describes the IoT rule to route messages received from devices in an import task that are onboarded to AWS IoT Wireless.
" }, + "Positioning":{ + "shape":"PositioningConfigStatus", + "documentation":"The integration status of the Device Location feature for Sidewalk devices.
" + }, + "Sidewalk":{ + "shape":"SidewalkListDevicesForImportInfo", + "documentation":"The Sidewalk object containing Sidewalk-related device information.
" + }, "ImportedWirelessDeviceList":{ "shape":"ImportedWirelessDeviceList", "documentation":"List of wireless devices in an import task and their onboarding status.
" @@ -5796,7 +5808,7 @@ }, "DestinationName":{ "shape":"DestinationName", - "documentation":"A filter to list only the wireless devices that use this destination.
", + "documentation":"A filter to list only the wireless devices that use as uplink destination.
", "location":"querystring", "locationName":"destinationName" }, @@ -7686,6 +7698,14 @@ "DeviceProfileId":{ "shape":"DeviceProfileId", "documentation":"The ID of the Sidewalk device profile.
" + }, + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" + }, + "SidewalkManufacturingSn":{ + "shape":"SidewalkManufacturingSn", + "documentation":"The Sidewalk manufacturing serial number.
" } }, "documentation":"Sidewalk object for creating a wireless device.
" @@ -7721,6 +7741,10 @@ "Status":{ "shape":"WirelessDeviceSidewalkStatus", "documentation":"The Sidewalk device status, such as provisioned or registered.
" + }, + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" } }, "documentation":"Sidewalk device object.
" @@ -7785,6 +7809,10 @@ "Role":{ "shape":"Role", "documentation":"The IAM role that allows AWS IoT Wireless to access the CSV file in the S3 bucket.
" + }, + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" } }, "documentation":"Sidewalk-related information for devices in an import task that are being onboarded.
" @@ -7820,14 +7848,38 @@ "Status":{ "shape":"WirelessDeviceSidewalkStatus", "documentation":"The status of the Sidewalk devices, such as provisioned or registered.
" + }, + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" } }, "documentation":"Sidewalk object used by list functions.
" }, + "SidewalkListDevicesForImportInfo":{ + "type":"structure", + "members":{ + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" + } + }, + "documentation":"The Sidewalk-related object containing positioning information used to configure Sidewalk devices during import.
" + }, "SidewalkManufacturingSn":{ "type":"string", "max":64 }, + "SidewalkPositioning":{ + "type":"structure", + "members":{ + "DestinationName":{ + "shape":"DestinationName", + "documentation":"The location destination name of the Sidewalk device.
" + } + }, + "documentation":"The Positioning object of the Sidewalk device.
" + }, "SidewalkResourceTypeEventConfiguration":{ "type":"structure", "members":{ @@ -7859,6 +7911,10 @@ "SidewalkManufacturingSn":{ "shape":"SidewalkManufacturingSn", "documentation":"The Sidewalk manufacturing serial number (SMSN) of the device added to the import task.
" + }, + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" } }, "documentation":"Information about an import task created for an individual Sidewalk device.
" @@ -7873,6 +7929,10 @@ "Role":{ "shape":"Role", "documentation":"The IAM role that allows AWS IoT Wireless to access the CSV file in the S3 bucket.
" + }, + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" } }, "documentation":"Information about an import task created for bulk provisioning.
" @@ -7897,6 +7957,16 @@ }, "documentation":"Sidewalk object information for updating an import task.
" }, + "SidewalkUpdateWirelessDevice":{ + "type":"structure", + "members":{ + "Positioning":{ + "shape":"SidewalkPositioning", + "documentation":"The Positioning object of the Sidewalk device.
" + } + }, + "documentation":"Sidewalk object for updating a wireless device.
" + }, "SigningAlg":{ "type":"string", "documentation":"The certificate chain algorithm provided by sidewalk.
", @@ -7994,6 +8064,10 @@ "documentation":"The name of the wireless device for which an import task is being started.
" }, "Tags":{"shape":"TagList"}, + "Positioning":{ + "shape":"PositioningConfigStatus", + "documentation":"The integration status of the Device Location feature for Sidewalk devices.
" + }, "Sidewalk":{ "shape":"SidewalkSingleStartImportInfo", "documentation":"The Sidewalk-related parameters for importing a single wireless device.
" @@ -8034,6 +8108,10 @@ "idempotencyToken":true }, "Tags":{"shape":"TagList"}, + "Positioning":{ + "shape":"PositioningConfigStatus", + "documentation":"The integration status of the Device Location feature for Sidewalk devices.
" + }, "Sidewalk":{ "shape":"SidewalkStartImportInfo", "documentation":"The Sidewalk-related parameters for importing wireless devices that need to be provisioned in bulk.
" @@ -8931,7 +9009,11 @@ }, "Positioning":{ "shape":"PositioningConfigStatus", - "documentation":"FPort values for the GNSS, stream, and ClockSync functions of the positioning information.
" + "documentation":"The integration status of the Device Location feature for LoRaWAN and Sidewalk devices.
" + }, + "Sidewalk":{ + "shape":"SidewalkUpdateWirelessDevice", + "documentation":"The updated sidewalk properties.
" } } }, @@ -9216,6 +9298,10 @@ "shape":"DestinationName", "documentation":"The name of the Sidewalk destination that that describes the IoT rule to route messages from the device in the import task that will be onboarded to AWS IoT Wireless
" }, + "Positioning":{ + "shape":"PositioningConfigStatus", + "documentation":"The integration status of the Device Location feature for Sidewalk devices.
" + }, "Sidewalk":{ "shape":"SidewalkGetStartImportInfo", "documentation":"The Sidewalk-related information of the wireless device import task.
" @@ -9335,7 +9421,11 @@ "shape":"MulticastDeviceStatus", "documentation":"The status of the wireless device in the multicast group.
" }, - "McGroupId":{"shape":"McGroupId"} + "McGroupId":{"shape":"McGroupId"}, + "Positioning":{ + "shape":"PositioningConfigStatus", + "documentation":"The integration status of the Device Location feature for LoRaWAN and Amazon Sidewalk enabled devices.
" + } }, "documentation":"Information about a wireless device's operation.
" }, diff --git a/awscli/botocore/data/kafka/2018-11-14/paginators-1.json b/awscli/botocore/data/kafka/2018-11-14/paginators-1.json index 92e6d9fd11be..158c50c141c4 100644 --- a/awscli/botocore/data/kafka/2018-11-14/paginators-1.json +++ b/awscli/botocore/data/kafka/2018-11-14/paginators-1.json @@ -71,6 +71,18 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Replicators" + }, + "ListTopics": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Topics" + }, + "DescribeTopicPartitions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Partitions" } } } diff --git a/awscli/botocore/data/kafka/2018-11-14/service-2.json b/awscli/botocore/data/kafka/2018-11-14/service-2.json index 7c1e3313c747..cdf031cfe102 100644 --- a/awscli/botocore/data/kafka/2018-11-14/service-2.json +++ b/awscli/botocore/data/kafka/2018-11-14/service-2.json @@ -761,6 +761,82 @@ ], "documentation": "Describes a replicator.
" }, + "DescribeTopic": { + "name": "DescribeTopic", + "http": { + "method": "GET", + "requestUri": "/v1/clusters/{clusterArn}/topics/{topicName}", + "responseCode": 200 + }, + "input": { + "shape": "DescribeTopicRequest" + }, + "output": { + "shape": "DescribeTopicResponse", + "documentation": "\n200 response
\n " + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " + }, + { + "shape": "UnauthorizedException", + "documentation": "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " + }, + { + "shape": "InternalServerErrorException", + "documentation": "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " + }, + { + "shape": "ForbiddenException", + "documentation": "\nAccess forbidden. Check your credentials and then retry your request.
\n " + }, + { + "shape": "NotFoundException", + "documentation": "\nThe resource could not be found due to incorrect input. Correct the input, then retry the request.
\n " + } + ], + "documentation": "\nReturns topic details of this topic on a MSK cluster.
\n " + }, + "DescribeTopicPartitions": { + "name": "DescribeTopicPartitions", + "http": { + "method": "GET", + "requestUri": "/v1/clusters/{clusterArn}/topics/{topicName}/partitions", + "responseCode": 200 + }, + "input": { + "shape": "DescribeTopicPartitionsRequest" + }, + "output": { + "shape": "DescribeTopicPartitionsResponse", + "documentation": "\n200 response
\n " + }, + "errors": [ + { + "shape": "BadRequestException", + "documentation": "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " + }, + { + "shape": "UnauthorizedException", + "documentation": "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " + }, + { + "shape": "InternalServerErrorException", + "documentation": "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " + }, + { + "shape": "ForbiddenException", + "documentation": "\nAccess forbidden. Check your credentials and then retry your request.
\n " + }, + { + "shape": "NotFoundException", + "documentation": "\nThe resource could not be found due to incorrect input. Correct the input, then retry the request.
\n " + } + ], + "documentation": "\nReturns partition details of this topic on a MSK cluster.
\n " + }, "DescribeVpcConnection": { "name": "DescribeVpcConnection", "http": { @@ -1422,6 +1498,44 @@ ], "documentation": "\nReturns a list of all the VPC connections in this Region.
\n " }, + "ListTopics": { + "name": "ListTopics", + "http": { + "method": "GET", + "requestUri": "/v1/clusters/{clusterArn}/topics", + "responseCode": 200 + }, + "input": { + "shape": "ListTopicsRequest" + }, + "output": { + "shape": "ListTopicsResponse", + "documentation": "\n200 response
\n " + }, + "errors": [ + { + "shape": "ServiceUnavailableException", + "documentation": "\n503 response
\n " + }, + { + "shape": "BadRequestException", + "documentation": "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " + }, + { + "shape": "UnauthorizedException", + "documentation": "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " + }, + { + "shape": "InternalServerErrorException", + "documentation": "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " + }, + { + "shape": "ForbiddenException", + "documentation": "\nAccess forbidden. Check your credentials and then retry your request.
\n " + } + ], + "documentation": "\nList topics in a MSK cluster.
\n " + }, "ListVpcConnections": { "name": "ListVpcConnections", "http": { @@ -4102,6 +4216,136 @@ } } }, + "DescribeTopicRequest": { + "type": "structure", + "members": { + "ClusterArn": { + "shape": "__string", + "location": "uri", + "locationName": "clusterArn", + "documentation": "\nThe Amazon Resource Name (ARN) that uniquely identifies the cluster.
\n " + }, + "TopicName": { + "shape": "__string", + "location": "uri", + "locationName": "topicName", + "documentation": "\nThe Kafka topic name that uniquely identifies the topic.
\n " + } + }, + "required": [ + "ClusterArn", + "TopicName" + ] + }, + "DescribeTopicPartitionsRequest": { + "type": "structure", + "members": { + "ClusterArn": { + "shape": "__string", + "location": "uri", + "locationName": "clusterArn", + "documentation": "\nThe Amazon Resource Name (ARN) that uniquely identifies the cluster.
\n " + }, + "TopicName": { + "shape": "__string", + "location": "uri", + "locationName": "topicName", + "documentation": "\nThe Kafka topic name that uniquely identifies the topic.
\n " + }, + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "\nThe maximum number of results to return in the response. If there are more results, the response includes a NextToken parameter.
\n " + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "\nThe paginated results marker. When the result of the operation is truncated, the call returns NextToken in the response. \n To get the next batch, provide this token in your next request.
\n " + } + }, + "required": [ + "ClusterArn", + "TopicName" + ] + }, + "DescribeTopicResponse": { + "type": "structure", + "members": { + "TopicArn": { + "shape": "__string", + "locationName": "topicArn", + "documentation": "\nThe Amazon Resource Name (ARN) of the topic.
\n " + }, + "TopicName": { + "shape": "__string", + "locationName": "topicName", + "documentation": "\nThe Kafka topic name of the topic.
" + }, + "ReplicationFactor": { + "shape": "__integer", + "locationName": "replicationFactor", + "documentation": "\nThe replication factor of the topic.
" + }, + "PartitionCount": { + "shape": "__integer", + "locationName": "partitionCount", + "documentation": "\nThe partition count of the topic.
" + }, + "Configs": { + "shape": "__string", + "locationName": "configs", + "documentation": "\nTopic configurations encoded as a Base64 string.
" + }, + "Status": { + "shape": "TopicState", + "locationName": "status", + "documentation": "\nThe status of the topic.
\n " + } + } + }, + "DescribeTopicPartitionsResponse": { + "type": "structure", + "members": { + "Partitions": { + "shape": "__listOfTopicPartitionInfo", + "locationName": "partitions", + "documentation": "The list of partition information for the topic.
" + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "\nThe paginated results marker. When the result of a DescribeTopicPartitions operation is truncated, the call returns NextToken in the response. \n To get another batch of configurations, provide this token in your next request.
\n " + } + } + }, + "TopicPartitionInfo": { + "type": "structure", + "documentation": "Contains information about a topic partition.
", + "members": { + "Partition": { + "shape": "__integer", + "locationName": "partition", + "documentation": "The partition ID.
" + }, + "Leader": { + "shape": "__integer", + "locationName": "leader", + "documentation": "The leader broker ID for the partition.
" + }, + "Replicas": { + "shape": "__listOf__integer", + "locationName": "replicas", + "documentation": "The list of replica broker IDs for the partition.
" + }, + "Isr": { + "shape": "__listOf__integer", + "locationName": "isr", + "documentation": "The list of in-sync replica broker IDs for the partition.
" + } + } + }, "DescribeVpcConnectionRequest": { "type": "structure", "members": { @@ -5113,6 +5357,53 @@ } } }, + "ListTopicsRequest": { + "type": "structure", + "members": { + "ClusterArn": { + "shape": "__string", + "location": "uri", + "locationName": "clusterArn", + "documentation": "\nThe Amazon Resource Name (ARN) that uniquely identifies the cluster.
\n " + }, + "MaxResults": { + "shape": "MaxResults", + "location": "querystring", + "locationName": "maxResults", + "documentation": "\nThe maximum number of results to return in the response. If there are more results, the response includes a NextToken parameter.
\n " + }, + "NextToken": { + "shape": "__string", + "location": "querystring", + "locationName": "nextToken", + "documentation": "\nThe paginated results marker. When the result of the operation is truncated, the call returns NextToken in the response. \n To get the next batch, provide this token in your next request.
\n " + }, + "TopicNameFilter": { + "shape": "__string", + "location": "querystring", + "locationName": "topicNameFilter", + "documentation": "\nReturns topics starting with given name.
\n " + } + }, + "required": [ + "ClusterArn" + ] + }, + "ListTopicsResponse": { + "type": "structure", + "members": { + "Topics": { + "shape": "__listOfTopicInfo", + "locationName": "topics", + "documentation": "\nList containing topics info.
\n " + }, + "NextToken": { + "shape": "__string", + "locationName": "nextToken", + "documentation": "\nThe paginated results marker. When the result of a ListTopics operation is truncated, the call returns NextToken in the response. \n To get another batch of configurations, provide this token in your next request.
\n " + } + } + }, "ListVpcConnectionsRequest": { "type": "structure", "members": { @@ -5951,6 +6242,37 @@ }, "documentation": "\nDetails for client authentication using TLS.
\n " }, + "TopicInfo": { + "type": "structure", + "members": { + "TopicArn": { + "shape": "__string", + "locationName": "topicArn", + "documentation": "\nThe Amazon Resource Name (ARN) of the topic.
\n " + }, + "TopicName": { + "shape": "__string", + "locationName": "topicName", + "documentation": "\nName for a topic.
\n " + }, + "ReplicationFactor": { + "shape": "__integer", + "locationName": "replicationFactor", + "documentation": "\nReplication factor for a topic.
\n " + }, + "PartitionCount": { + "shape": "__integer", + "locationName": "partitionCount", + "documentation": "\nPartition count for a topic.
\n " + }, + "OutOfSyncReplicaCount": { + "shape": "__integer", + "locationName": "outOfSyncReplicaCount", + "documentation": "\nNumber of out-of-sync replicas for a topic.
\n " + } + }, + "documentation": "\nIncludes identification info about the topic.
\n " + }, "VpcConnectivityTls": { "type": "structure", "members": { @@ -6749,6 +7071,16 @@ }, "documentation": "Description of the VPC connection." }, + "TopicState": { + "type": "string", + "documentation": "\nThe state of a topic request.
\n ", + "enum": [ + "CREATING", + "UPDATING", + "DELETING", + "ACTIVE" + ] + }, "VpcConnectionState": { "type": "string", "documentation": "\nThe state of a VPC connection.
\n ", @@ -6827,6 +7159,10 @@ "min": 1, "max": 16384 }, + "__integerMin1": { + "type": "integer", + "min": 1 + }, "__listOfBrokerEBSVolumeInfo": { "type": "list", "member": { @@ -6947,6 +7283,18 @@ "shape": "ReplicatorSummary" } }, + "__listOfTopicInfo": { + "type": "list", + "member": { + "shape": "TopicInfo" + } + }, + "__listOfTopicPartitionInfo": { + "type": "list", + "member": { + "shape": "TopicPartitionInfo" + } + }, "__listOfVpcConnection": { "type": "list", "member": { @@ -6971,6 +7319,12 @@ "shape": "__string" } }, + "__listOf__integer": { + "type": "list", + "member": { + "shape": "__integer" + } + }, "__long": { "type": "long" }, diff --git a/awscli/botocore/data/kinesis/2013-12-02/service-2.json b/awscli/botocore/data/kinesis/2013-12-02/service-2.json index cad05687db54..a763bb1c49e6 100644 --- a/awscli/botocore/data/kinesis/2013-12-02/service-2.json +++ b/awscli/botocore/data/kinesis/2013-12-02/service-2.json @@ -532,7 +532,7 @@ {"shape":"ResourceInUseException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Registers a consumer with a Kinesis data stream. When you use this operation, the consumer you register can then call SubscribeToShard to receive data from the stream using enhanced fan-out, at a rate of up to 2 MiB per second for every shard you subscribe to. This rate is unaffected by the total number of consumers that read from the same stream.
You can add tags to the registered consumer when making a RegisterStreamConsumer request by setting the Tags parameter. If you pass the Tags parameter, in addition to having the kinesis:RegisterStreamConsumer permission, you must also have the kinesis:TagResource permission for the consumer that will be registered. Tags will take effect from the CREATING status of the consumer.
You can register up to 20 consumers per stream. A given consumer can only be registered with one stream at a time.
For an example of how to use this operation, see Enhanced Fan-Out Using the Kinesis Data Streams API.
The use of this operation has a limit of five transactions per second per account. Also, only 5 consumers can be created simultaneously. In other words, you cannot have more than 5 consumers in a CREATING status at the same time. Registering a 6th consumer while there are 5 in a CREATING status results in a LimitExceededException.
Registers a consumer with a Kinesis data stream. When you use this operation, the consumer you register can then call SubscribeToShard to receive data from the stream using enhanced fan-out, at a rate of up to 2 MiB per second for every shard you subscribe to. This rate is unaffected by the total number of consumers that read from the same stream.
You can add tags to the registered consumer when making a RegisterStreamConsumer request by setting the Tags parameter. If you pass the Tags parameter, in addition to having the kinesis:RegisterStreamConsumer permission, you must also have the kinesis:TagResource permission for the consumer that will be registered. Tags will take effect from the CREATING status of the consumer.
With On-demand Advantage streams, you can register up to 50 consumers per stream to use Enhanced Fan-out. With On-demand Standard and Provisioned streams, you can register up to 20 consumers per stream to use Enhanced Fan-out. A given consumer can only be registered with one stream at a time.
For an example of how to use this operation, see Enhanced Fan-Out Using the Kinesis Data Streams API.
The use of this operation has a limit of five transactions per second per account. Also, only 5 consumers can be created simultaneously. In other words, you cannot have more than 5 consumers in a CREATING status at the same time. Registering a 6th consumer while there are 5 in a CREATING status results in a LimitExceededException.
Returns the most current information about the specified stream. You must specify either the StreamName or the StreamARN.
Retrieves the current storage configuration for the specified Kinesis video stream.
In the request, you must specify either the StreamName or the StreamARN.
You must have permissions for the KinesisVideo:DescribeStreamStorageConfiguration action.
Provides an endpoint for the specified signaling channel to send and receive messages. This API uses the SingleMasterChannelEndpointConfiguration input parameter, which consists of the Protocols and Role properties.
Protocols is used to determine the communication mechanism. For example, if you specify WSS as the protocol, this API produces a secure websocket endpoint. If you specify HTTPS as the protocol, this API generates an HTTPS endpoint.
Role determines the messaging permissions. A MASTER role results in this API generating an endpoint that a client can use to communicate with any of the viewers on the channel. A VIEWER role results in this API generating an endpoint that a client can use to communicate only with a MASTER.
Provides an endpoint for the specified signaling channel to send and receive messages. This API uses the SingleMasterChannelEndpointConfiguration input parameter, which consists of the Protocols and Role properties.
Protocols is used to determine the communication mechanism. For example, if you specify WSS as the protocol, this API produces a secure websocket endpoint. If you specify HTTPS as the protocol, this API generates an HTTPS endpoint. If you specify WEBRTC as the protocol, but the signaling channel isn't configured for ingestion, you will receive the error InvalidArgumentException.
Role determines the messaging permissions. A MASTER role results in this API generating an endpoint that a client can use to communicate with any of the viewers on the channel. A VIEWER role results in this API generating an endpoint that a client can use to communicate only with a MASTER.
Updates stream metadata, such as the device name and media type.
You must provide the stream name or the Amazon Resource Name (ARN) of the stream.
To make sure that you have the latest version of the stream before updating it, you can specify the stream version. Kinesis Video Streams assigns a version to each stream. When you update a stream, Kinesis Video Streams assigns a new version number. To get the latest stream version, use the DescribeStream API.
UpdateStream is an asynchronous operation, and takes time to complete.
Updates the storage configuration for an existing Kinesis video stream.
This operation allows you to modify the storage tier settings for a stream, enabling you to optimize storage costs and performance based on your access patterns.
UpdateStreamStorageConfiguration is an asynchronous operation.
You must have permissions for the KinesisVideo:UpdateStreamStorageConfiguration action.
A structure containing the configuration for the SINGLE_MASTER channel type.
A structure containing the configuration for the SINGLE_MASTER channel type. The default configuration for the channel message's time to live is 60 seconds (1 minute).
The name of the device that is writing to the stream.
In the current implementation, Kinesis Video Streams does not use this name.
The name of the device that is writing to the stream.
In the current implementation, Kinesis Video Streams doesn't use this name.
The ID of the Key Management Service (KMS) key that you want Kinesis Video Streams to use to encrypt stream data.
If no key ID is specified, the default, Kinesis Video-managed key (Amazon Web Services/kinesisvideo) is used.
For more information, see DescribeKey.
" + "documentation":"The ID of the Key Management Service (KMS) key that you want Kinesis Video Streams to use to encrypt stream data.
If no key ID is specified, the default, Kinesis Video-managed key (aws/kinesisvideo) is used.
For more information, see DescribeKey.
" }, "DataRetentionInHours":{ "shape":"DataRetentionInHours", - "documentation":"The number of hours that you want to retain the data in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream.
The default value is 0, indicating that the stream does not persist data.
When the DataRetentionInHours value is 0, consumers can still consume the fragments that remain in the service host buffer, which has a retention time limit of 5 minutes and a retention memory limit of 200 MB. Fragments are removed from the buffer when either limit is reached.
The number of hours that you want to retain the data in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream.
The default value is 0, indicating that the stream does not persist data. The minimum is 1 hour.
When the DataRetentionInHours value is 0, consumers can still consume the fragments that remain in the service host buffer, which has a retention time limit of 5 minutes and a retention memory limit of 200 MB. Fragments are removed from the buffer when either limit is reached.
A list of tags to associate with the specified stream. Each tag is a key-value pair (the value is optional).
" + }, + "StreamStorageConfiguration":{ + "shape":"StreamStorageConfiguration", + "documentation":"The configuration for the stream's storage, including the default storage tier for stream data. This configuration determines how stream data is stored and accessed, with different tiers offering varying levels of performance and cost optimization.
If not specified, the stream will use the default storage configuration with HOT tier for optimal performance.
" } } }, @@ -741,6 +779,13 @@ "type":"integer", "min":0 }, + "DefaultStorageTier":{ + "type":"string", + "enum":[ + "HOT", + "WARM" + ] + }, "DeleteAfterUpload":{"type":"boolean"}, "DeleteEdgeConfigurationInput":{ "type":"structure", @@ -1007,6 +1052,36 @@ } } }, + "DescribeStreamStorageConfigurationInput":{ + "type":"structure", + "members":{ + "StreamName":{ + "shape":"StreamName", + "documentation":"The name of the stream for which you want to retrieve the storage configuration.
" + }, + "StreamARN":{ + "shape":"ResourceARN", + "documentation":"The Amazon Resource Name (ARN) of the stream for which you want to retrieve the storage configuration.
" + } + } + }, + "DescribeStreamStorageConfigurationOutput":{ + "type":"structure", + "members":{ + "StreamName":{ + "shape":"StreamName", + "documentation":"The name of the stream.
" + }, + "StreamARN":{ + "shape":"ResourceARN", + "documentation":"The Amazon Resource Name (ARN) of the stream.
" + }, + "StreamStorageConfiguration":{ + "shape":"StreamStorageConfiguration", + "documentation":"The current storage configuration for the stream, including the default storage tier and other storage-related settings.
" + } + } + }, "DestinationRegion":{ "type":"string", "max":14, @@ -1667,7 +1742,7 @@ "documentation":"The destination information required to deliver a notification to a customer.
" } }, - "documentation":"The structure that contains the notification information for the KVS images delivery. If this parameter is null, the configuration will be deleted from the stream.
" + "documentation":"Use this API to configure Amazon Simple Notification Service (Amazon SNS) notifications for when fragments become available in a stream. If this parameter is null, the configuration will be deleted from the stream.
See Notifications in Kinesis Video Streams for more information.
" }, "NotificationDestinationConfig":{ "type":"structure", @@ -1693,7 +1768,7 @@ "documentation":"The configuration that consists of the ScheduleExpression and the DurationInMinutes details that specify the scheduling to record from a camera, or local media file, onto the Edge Agent. If the ScheduleExpression attribute is not provided, then the Edge Agent will always be set to recording mode.
The recorder configuration consists of the local MediaSourceConfig details that are used as credentials to accesss the local media files streamed on the camera.
The recorder configuration consists of the local MediaSourceConfig details that are used as credentials to access the local media files streamed on the camera.
The Quartz cron expression that takes care of scheduling jobs to record from the camera, or local media file, onto the Edge Agent. If the ScheduleExpression is not provided for the RecorderConfig, then the Edge Agent will always be set to recording mode.
For more information about Quartz, refer to the Cron Trigger Tutorial page to understand the valid expressions and its use.
" + "documentation":"The Quartz cron expression that takes care of scheduling jobs to record from the camera, or local media file, onto the Edge Agent. If the ScheduleExpression is not provided for the RecorderConfig, then the Edge Agent will always be set to recording mode.
For more information about Quartz, refer to the Cron Trigger Tutorial page to understand the valid expressions and its use.
" }, "DurationInSeconds":{ "shape":"DurationInSeconds", @@ -1797,7 +1872,7 @@ "members":{ "MessageTtlSeconds":{ "shape":"MessageTtlSeconds", - "documentation":"The period of time a signaling channel retains undelivered messages before they are discarded.
" + "documentation":"The period of time (in seconds) a signaling channel retains undelivered messages before they are discarded. Use to update this value.
" } }, "documentation":"A structure that contains the configuration for the SINGLE_MASTER channel type.
Specifies the condition that streams must satisfy to be returned when you list streams (see the ListStreams API). A condition has a comparison operation and a value. Currently, you can specify only the BEGINS_WITH operator, which finds streams whose names start with a given prefix.
The default storage tier for the stream data. This setting determines the storage class used for stream data, affecting both performance characteristics and storage costs.
Available storage tiers:
HOT - Optimized for frequent access with the lowest latency and highest performance. Ideal for real-time applications and frequently accessed data.
WARM - Balanced performance and cost for moderately accessed data. Suitable for data that is accessed regularly but not continuously.
The configuration for stream storage, including the default storage tier for stream data. This configuration determines how stream data is stored and accessed, with different tiers offering varying levels of performance and cost optimization.
" + }, "SyncStatus":{ "type":"string", "enum":[ @@ -2222,7 +2308,7 @@ }, "SingleMasterConfiguration":{ "shape":"SingleMasterConfiguration", - "documentation":"The structure containing the configuration for the SINGLE_MASTER type of the signaling channel that you want to update.
The structure containing the configuration for the SINGLE_MASTER type of the signaling channel that you want to update. This parameter and the channel message's time-to-live are required for channels with the SINGLE_MASTER channel type.
The name of the stream for which you want to update the storage configuration.
" + }, + "StreamARN":{ + "shape":"ResourceARN", + "documentation":"The Amazon Resource Name (ARN) of the stream for which you want to update the storage configuration.
" + }, + "CurrentVersion":{ + "shape":"Version", + "documentation":"The version of the stream whose storage configuration you want to change. To get the version, call either the DescribeStream or the ListStreams API.
The new storage configuration for the stream. This includes the default storage tier that determines how stream data is stored and accessed.
Different storage tiers offer varying levels of performance and cost optimization to match your specific use case requirements.
" + } + } + }, + "UpdateStreamStorageConfigurationOutput":{ + "type":"structure", + "members":{} + }, "UploaderConfig":{ "type":"structure", "required":["ScheduleConfig"], diff --git a/awscli/botocore/data/kms/2014-11-01/service-2.json b/awscli/botocore/data/kms/2014-11-01/service-2.json index 155b00a8291c..32261adc8326 100644 --- a/awscli/botocore/data/kms/2014-11-01/service-2.json +++ b/awscli/botocore/data/kms/2014-11-01/service-2.json @@ -212,7 +212,7 @@ {"shape":"KMSInternalException"}, {"shape":"KMSInvalidStateException"} ], - "documentation":"Deletes key material that was previously imported. This operation makes the specified KMS key temporarily unusable. To restore the usability of the KMS key, reimport the same key material. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide.
When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DeleteImportedKeyMaterial (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
" + "documentation":"Deletes key material that was previously imported. This operation makes the specified KMS key temporarily unusable. To restore the usability of the KMS key, reimport the same key material. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide.
When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport.
Considerations for multi-Region symmetric encryption keys
When you delete the key material of a primary Region key that is in PENDING_ROTATION or PENDING_MULTI_REGION_IMPORT_AND_ROTATIONstate, you'll also be deleting the key materials for the replica Region keys.
If you delete any key material of a replica Region key, the primary Region key and other replica Region keys remain unchanged.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DeleteImportedKeyMaterial (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
" }, "DeriveSharedSecret":{ "name":"DeriveSharedSecret", @@ -589,7 +589,7 @@ {"shape":"ExpiredImportTokenException"}, {"shape":"InvalidImportTokenException"} ], - "documentation":"Imports or reimports key material into an existing KMS key that was created without key material. You can also use this operation to set or update the expiration model and expiration date of the imported key material.
By default, KMS creates KMS keys with key material that it generates. You can also generate and import your own key material. For more information about importing key material, see Importing key material.
For asymmetric, HMAC and multi-Region keys, you cannot change the key material after the initial import. You can import multiple key materials into single-Region, symmetric encryption keys and rotate the key material on demand using RotateKeyOnDemand.
After you import key material, you can reimport the same key material into that KMS key or, if the key supports on-demand rotation, import new key material. You can use the ImportType parameter to indicate whether you are importing new key material or re-importing previously imported key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.
Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console.
Before you call ImportKeyMaterial, complete these steps:
Create or identify a KMS key with EXTERNAL origin, which indicates that the KMS key is designed for imported key material.
To create a new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, asymmetric key agreement key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.
Call the GetParametersForImport operation to get a public key and import token set for importing key material.
Use the public key in the GetParametersForImport response to encrypt your key material.
Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:
The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.
The encrypted key material.
The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.
Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.
If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.
When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. For single-Region, symmetric encryption keys, you will need to import all of the key materials associated with the KMS key to change its state to Enabled. Use the ListKeyRotations operation to list the ID and import state of each key material associated with a KMS key.
If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see Create a KMS key with imported key material in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ImportKeyMaterial (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
" + "documentation":"Imports or reimports key material into an existing KMS key that was created without key material. You can also use this operation to set or update the expiration model and expiration date of the imported key material.
By default, KMS creates KMS keys with key material that it generates. You can also generate and import your own key material. For more information about importing key material, see Importing key material.
For asymmetric and HMAC keys, you cannot change the key material after the initial import. You can import multiple key materials into symmetric encryption keys and rotate the key material on demand using RotateKeyOnDemand.
You can import new key materials into multi-Region symmetric encryption keys. To do so, you must import the new key material into the primary Region key. Then you can import the same key materials into the replica Region keys. You cannot directly import new key material into the replica Region keys.
To import new key material for a multi-Region symmetric key, you’ll need to complete the following:
Call ImportKeyMaterial on the primary Region key with the ImportTypeset to NEW_KEY_MATERIAL.
Call ImportKeyMaterial on the replica Region key with the ImportType set to EXISTING_KEY_MATERIAL using the same key material imported to the primary Region key. You must do this for every replica Region key before you can perform the RotateKeyOnDemand operation on the primary Region key.
After you import key material, you can reimport the same key material into that KMS key or, if the key supports on-demand rotation, import new key material. You can use the ImportType parameter to indicate whether you are importing new key material or re-importing previously imported key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.
Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console.
Before you call ImportKeyMaterial, complete these steps:
Create or identify a KMS key with EXTERNAL origin, which indicates that the KMS key is designed for imported key material.
To create a new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, asymmetric key agreement key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.
Call the GetParametersForImport operation to get a public key and import token set for importing key material.
Use the public key in the GetParametersForImport response to encrypt your key material.
Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:
The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport or Enabled. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.
The encrypted key material.
The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.
Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.
If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.
When this operation is successful, the state of the KMS key changes to Enabled, and you can use the KMS key in cryptographic operations. For symmetric encryption keys, you will need to import all of the key materials associated with the KMS key to change its state to Enabled. Use the ListKeyRotations operation to list the ID and import state of each key material associated with a KMS key.
If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see Create a KMS key with imported key material in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ImportKeyMaterial (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
" }, "ListAliases":{ "name":"ListAliases", @@ -830,7 +830,7 @@ {"shape":"LimitExceededException"}, {"shape":"ConflictException"} ], - "documentation":"Immediately initiates rotation of the key material of the specified symmetric encryption KMS key.
You can perform on-demand rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate, as scheduled, on April 14, 2024 and every 730 days thereafter.
You can perform on-demand key rotation a maximum of 10 times per KMS key. You can use the KMS console to view the number of remaining on-demand rotations available for a KMS key.
You can use GetKeyRotationStatus to identify any in progress on-demand rotations. You can use ListKeyRotations to identify the date that completed on-demand rotations were performed. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
On-demand key rotation is supported only on symmetric encryption KMS keys. You cannot perform on-demand rotation of asymmetric KMS keys, HMAC KMS keys, multi-Region KMS keys with imported key material, or KMS keys in a custom key store. When you initiate on-demand key rotation on a symmetric encryption KMS key with imported key material, you must have already imported new key material and that key material's state should be PENDING_ROTATION. Use the ListKeyRotations operation to check the state of all key materials associated with a KMS key. To perform on-demand rotation of a set of related multi-Region keys, invoke the on-demand rotation on the primary key.
You cannot initiate on-demand rotation of Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys is managed by the Amazon Web Services service that owns the key.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:RotateKeyOnDemand (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
" + "documentation":"Immediately initiates rotation of the key material of the specified symmetric encryption KMS key.
You can perform on-demand rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate, as scheduled, on April 14, 2024 and every 730 days thereafter.
You can perform on-demand key rotation a maximum of 10 times per KMS key. You can use the KMS console to view the number of remaining on-demand rotations available for a KMS key.
You can use GetKeyRotationStatus to identify any in progress on-demand rotations. You can use ListKeyRotations to identify the date that completed on-demand rotations were performed. You can monitor rotation of the key material for your KMS keys in CloudTrail and Amazon CloudWatch.
On-demand key rotation is supported only on symmetric encryption KMS keys. You cannot perform on-demand rotation of asymmetric KMS keys, HMAC KMS keys, or KMS keys in a custom key store. When you initiate on-demand key rotation on a symmetric encryption KMS key with imported key material, you must have already imported new key material and that key material's state should be PENDING_ROTATION. Use the ListKeyRotations operation to check the state of all key materials associated with a KMS key. To perform on-demand rotation of a set of related multi-Region keys, import new key material in the primary Region key, import the same key material in each replica Region key, and invoke the on-demand rotation on the primary Region key.
You cannot initiate on-demand rotation of Amazon Web Services managed KMS keys. KMS always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS keys is managed by the Amazon Web Services service that owns the key.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:RotateKeyOnDemand (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
" }, "ScheduleKeyDeletion":{ "name":"ScheduleKeyDeletion", @@ -2567,7 +2567,7 @@ }, "ImportType":{ "shape":"ImportType", - "documentation":"Indicates whether the key material being imported is previously associated with this KMS key or not. This parameter is optional and only usable with symmetric encryption keys. If no key material has ever been imported into the KMS key, and this parameter is omitted, the parameter defaults to NEW_KEY_MATERIAL. After the first key material is imported, if this parameter is omitted then the parameter defaults to EXISTING_KEY_MATERIAL.
Indicates whether the key material being imported is previously associated with this KMS key or not. This parameter is optional and only usable with symmetric encryption keys. If no key material has ever been imported into the KMS key, and this parameter is omitted, the parameter defaults to NEW_KEY_MATERIAL. After the first key material is imported, if this parameter is omitted then the parameter defaults to EXISTING_KEY_MATERIAL.
For multi-Region keys, you must first import new key material into the primary Region key. You should use the NEW_KEY_MATERIAL import type when importing key material into the primary Region key. Then, you can import the same key material into the replica Region key. The import type for the replica Region key should be EXISTING_KEY_MATERIAL.
Identifies the current key material. This value is present for symmetric encryption keys with AWS_KMS origin and single-Region, symmetric encryption keys with EXTERNAL origin. These KMS keys support automatic or on-demand key rotation and can have multiple key materials associated with them. KMS uses the current key material for both encryption and decryption, and the non-current key material for decryption operations only.
Identifies the current key material. This value is present for symmetric encryption keys with AWS_KMS or EXTERNAL origin. These KMS keys support automatic or on-demand key rotation and can have multiple key materials associated with them. KMS uses the current key material for both encryption and decryption, and the non-current key material for decryption operations only.
Contains metadata about a KMS key.
This data type is used as a response element for the CreateKey, DescribeKey, and ReplicateKey operations.
" @@ -3619,7 +3620,7 @@ }, "KeyMaterialState":{ "shape":"KeyMaterialState", - "documentation":"There are three possible values for this field: CURRENT, NON_CURRENT and PENDING_ROTATION. KMS uses CURRENT key material for both encryption and decryption and NON_CURRENT key material only for decryption. PENDING_ROTATION identifies key material that has been imported for on-demand key rotation but the rotation hasn't completed. Key material in PENDING_ROTATION is not permanently associated with the KMS key. You can delete this key material and import different key material in its place. The PENDING_ROTATION value is only used in symmetric encryption keys with imported key material. The other values, CURRENT and NON_CURRENT, are used for all KMS keys that support automatic or on-demand key rotation.
There are four possible values for this field: CURRENT, NON_CURRENT, PENDING_MULTI_REGION_IMPORT_AND_ROTATION and PENDING_ROTATION. KMS uses CURRENT key material for both encryption and decryption and NON_CURRENT key material only for decryption. PENDING_ROTATION identifies key material that has been imported for on-demand key rotation but the rotation hasn't completed. The key material state PENDING_MULTI_REGION_IMPORT_AND_ROTATION is unique to multi-region, symmetric encryption keys with imported key material. It indicates key material that has been imported into the primary Region key but not all of the replica Region keys. When this key material is imported in to all of the replica Region keys, the key material state will change to PENDING_ROTATION. Key material in PENDING_MULTI_REGION_IMPORT_AND_ROTATION or PENDING_ROTATION state is not permanently associated with the KMS key. You can delete this key material and import different key material in its place. The PENDING_MULTI_REGION_IMPORT_AND_ROTATION and PENDING_ROTATION values are only used in symmetric encryption keys with imported key material. The other values, CURRENT and NON_CURRENT, are used for all KMS keys that support automatic or on-demand key rotation.
Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.
This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would look as follows:
Allows a caller to assume an IAM role decorated as the SAML user specified in the SAML assertion included in the request. This decoration allows Lake Formation to enforce access policies against the SAML users and groups. This API operation requires SAML federation setup in the caller’s account as it can only be called with valid SAML assertions. Lake Formation does not scope down the permission of the assumed role. All permissions attached to the role via the SAML federation setup will be included in the role session.
This decorated role is expected to access data in Amazon S3 by getting temporary access from Lake Formation which is authorized via the virtual API GetDataAccess. Therefore, all SAML roles that can be assumed via AssumeDecoratedRoleWithSAML must at a minimum include lakeformation:GetDataAccess in their role policies. A typical IAM policy attached to such a role would include the following actions:
glue:*Database*
glue:*Table*
glue:*Partition*
glue:*UserDefinedFunction*
lakeformation:GetDataAccess
Deletes the specified LF-tag given a key name. If the input parameter tag key was not found, then the operation will throw an exception. When you delete an LF-tag, the LFTagPolicy attached to the LF-tag becomes invalid. If the deleted LF-tag was still assigned to any resource, the tag policy attach to the deleted LF-tag will no longer be applied to the resource.
Deletes an LF-tag by its key name. The operation fails if the specified tag key doesn't exist. When you delete an LF-Tag:
The associated LF-Tag policy becomes invalid.
Resources that had this tag assigned will no longer have the tag policy applied to them.
Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted.
For information about permissions, see Security and Access Control to Metadata and Data.
" + "documentation":"Returns a list of the principal permissions on the resource, filtered by the permissions of the caller. For example, if you are granted an ALTER permission, you are able to see only the principal permissions for ALTER.
This operation returns only those permissions that have been explicitly granted. If both Principal and Resource parameters are provided, the response returns effective permissions rather than the explicitly granted permissions.
For information about permissions, see Security and Access Control to Metadata and Data.
" }, "ListResources":{ "name":"ListResources", @@ -1527,6 +1527,10 @@ "ShareRecipients":{ "shape":"DataLakePrincipalList", "documentation":"A list of Amazon Web Services account IDs and/or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.
If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources.
If the ShareRecipients value is null or the list is empty, no resource share is created.
A list of service integrations for enabling trusted identity propagation with external services such as Redshift.
" } } }, @@ -1940,6 +1944,10 @@ "shape":"DataLakePrincipalList", "documentation":"A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access data managed by Lake Formation.
If the ShareRecipients list includes valid values, a resource share is created with the principals you want to have access to the resources as the ShareRecipients.
If the ShareRecipients value is null or the list is empty, no resource share is created.
A list of service integrations for enabling trusted identity propagation with external services such as Redshift.
" + }, "ResourceShare":{ "shape":"RAMResourceShareArn", "documentation":"The Amazon Resource Name (ARN) of the RAM share.
" @@ -3109,7 +3117,7 @@ }, "IncludeRelated":{ "shape":"TrueFalseString", - "documentation":"Indicates that related permissions should be included in the results.
" + "documentation":"Indicates that related permissions should be included in the results when listing permissions on a table resource.
Set the field to TRUE to show the cell filters on a table resource. Default is FALSE. The Principal parameter must not be specified when requesting cell filter information.
The authorization status for Redshift Connect. Valid values are ENABLED or DISABLED.
" + } + }, + "documentation":"Configuration for enabling trusted identity propagation with Redshift Connect.
" + }, + "RedshiftScopeUnion":{ + "type":"structure", + "members":{ + "RedshiftConnect":{ + "shape":"RedshiftConnect", + "documentation":"Configuration for Redshift Connect integration.
" + } + }, + "documentation":"A union structure representing different Redshift integration scopes.
", + "union":true + }, + "RedshiftServiceIntegrations":{ + "type":"list", + "member":{"shape":"RedshiftScopeUnion"}, + "documentation":"A list of Redshift service integration configurations.
" + }, "RegisterResourceRequest":{ "type":"structure", "required":["ResourceArn"], @@ -3658,7 +3693,7 @@ }, "LFTag":{ "shape":"LFTagKeyResource", - "documentation":"The LF-tag key and values attached to a resource.
" + "documentation":"The LF-Tag key and values attached to a resource.
" }, "LFTagPolicy":{ "shape":"LFTagPolicyResource", @@ -3888,6 +3923,30 @@ } }, "SecretAccessKeyString":{"type":"string"}, + "ServiceAuthorization":{ + "type":"string", + "documentation":"Authorization status for service integrations. Specify a value of ENABLED or DISABLED.
A list of service integrations for trusted identity propagation.
" + }, + "ServiceIntegrationUnion":{ + "type":"structure", + "members":{ + "Redshift":{ + "shape":"RedshiftServiceIntegrations", + "documentation":"Redshift service integration configuration.
" + } + }, + "documentation":"A union structure representing different service integration types.
", + "union":true + }, "SessionTokenString":{"type":"string"}, "StartQueryPlanningRequest":{ "type":"structure", @@ -4346,6 +4405,10 @@ "shape":"DataLakePrincipalList", "documentation":"A list of Amazon Web Services account IDs or Amazon Web Services organization/organizational unit ARNs that are allowed to access to access data managed by Lake Formation.
If the ShareRecipients list includes valid values, then the resource share is updated with the principals you want to have access to the resources.
If the ShareRecipients value is null, both the list of share recipients and the resource share remain unchanged.
If the ShareRecipients value is an empty list, then the existing share recipients list will be cleared, and the resource share will be deleted.
A list of service integrations for enabling trusted identity propagation with external services such as Redshift.
" + }, "ApplicationStatus":{ "shape":"ApplicationStatus", "documentation":"Allows to enable or disable the IAM Identity Center connection.
" diff --git a/awscli/botocore/data/lambda/2015-03-31/service-2.json b/awscli/botocore/data/lambda/2015-03-31/service-2.json index 0fc325b3bb07..e06432675d72 100644 --- a/awscli/botocore/data/lambda/2015-03-31/service-2.json +++ b/awscli/botocore/data/lambda/2015-03-31/service-2.json @@ -103,7 +103,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Creates a mapping between an event source and an Lambda function. Lambda reads items from the event source and invokes the function.
For details about how to configure different event sources, see the following topics.
The following error handling options are available only for DynamoDB and Kinesis event sources:
BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.
MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires
MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
ParallelizationFactor – Process multiple batches from each shard concurrently.
For stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka), the following option is also available:
OnFailure – Send discarded records to an Amazon SQS queue, Amazon SNS topic, or Amazon S3 bucket. For more information, see Adding a destination.
For information about which configuration parameters apply to each event source, see the following topics.
Creates a mapping between an event source and an Lambda function. Lambda reads items from the event source and invokes the function.
For details about how to configure different event sources, see the following topics.
The following error handling options are available for stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka):
BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.
MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires
MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
OnFailure – Send discarded records to an Amazon SQS queue, Amazon SNS topic, Kafka topic, or Amazon S3 bucket. For more information, see Adding a destination.
The following option is available only for DynamoDB and Kinesis event sources:
ParallelizationFactor – Process multiple batches from each shard concurrently.
For information about which configuration parameters apply to each event source, see the following topics.
Updates an event source mapping. You can change the function that Lambda invokes, or pause invocation and resume later from the same location.
For details about how to configure different event sources, see the following topics.
The following error handling options are available only for DynamoDB and Kinesis event sources:
BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.
MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires
MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
ParallelizationFactor – Process multiple batches from each shard concurrently.
For stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka), the following option is also available:
OnFailure – Send discarded records to an Amazon SQS queue, Amazon SNS topic, or Amazon S3 bucket. For more information, see Adding a destination.
For information about which configuration parameters apply to each event source, see the following topics.
Updates an event source mapping. You can change the function that Lambda invokes, or pause invocation and resume later from the same location.
For details about how to configure different event sources, see the following topics.
The following error handling options are available for stream sources (DynamoDB, Kinesis, Amazon MSK, and self-managed Apache Kafka):
BisectBatchOnFunctionError – If the function returns an error, split the batch in two and retry.
MaximumRecordAgeInSeconds – Discard records older than the specified age. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires
MaximumRetryAttempts – Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
OnFailure – Send discarded records to an Amazon SQS queue, Amazon SNS topic, Kafka topic, or Amazon S3 bucket. For more information, see Adding a destination.
The following option is available only for DynamoDB and Kinesis event sources:
ParallelizationFactor – Process multiple batches from each shard concurrently.
For information about which configuration parameters apply to each event source, see the following topics.
Restricts the lambda:InvokeFunction action to function URL calls. When set to true, this prevents the principal from invoking the function by any means other than the function URL. For more information, see Control access to Lambda function URLs.
Restricts the lambda:InvokeFunction action to function URL calls. When specified, this option prevents the principal from invoking the function by any means other than the function URL. For more information, see Control access to Lambda function URLs.
(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Kafka only) A configuration object that specifies the destination of an event after Lambda processes it.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) A configuration object that specifies the destination of an event after Lambda processes it.
" }, "MaximumRecordAgeInSeconds":{ "shape":"MaximumRecordAgeInSeconds", - "documentation":"(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is infinite (-1).
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) Discard records older than the specified age. The default value is infinite (-1).
" }, "BisectBatchOnFunctionError":{ "shape":"BisectBatchOnFunctionError", - "documentation":"(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) If the function returns an error, split the batch in two and retry.
" }, "MaximumRetryAttempts":{ "shape":"MaximumRetryAttemptsEventSourceMapping", - "documentation":"(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
" }, "Tags":{ "shape":"Tags", @@ -1932,7 +1932,7 @@ }, "FunctionResponseTypes":{ "shape":"FunctionResponseTypeList", - "documentation":"(Kinesis, DynamoDB Streams, and Amazon SQS) A list of current response type enums applied to the event source mapping.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, self-managed Apache Kafka, and Amazon SQS) A list of current response type enums applied to the event source mapping.
" }, "AmazonManagedKafkaEventSourceConfig":{ "shape":"AmazonManagedKafkaEventSourceConfig", @@ -1960,7 +1960,7 @@ }, "ProvisionedPollerConfig":{ "shape":"ProvisionedPollerConfig", - "documentation":"(Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.
" + "documentation":"(Amazon SQS, Amazon MSK, and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.
" } } }, @@ -2067,6 +2067,10 @@ "LoggingConfig":{ "shape":"LoggingConfig", "documentation":"The function's Amazon CloudWatch Logs configuration settings.
" + }, + "TenancyConfig":{ + "shape":"TenancyConfig", + "documentation":"Configuration for multi-tenant applications that use Lambda functions. Defines tenant isolation settings and resource allocations. Required for functions supporting multiple tenants.
" } } }, @@ -2333,7 +2337,7 @@ "type":"string", "max":350, "min":0, - "pattern":"$|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:([a-z]{2}(-gov)?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)" + "pattern":"$|kafka://([^.]([a-zA-Z0-9\\-_.]{0,248}))|arn:(aws[a-zA-Z0-9-]*):([a-zA-Z0-9\\-])+:((eusc-)?[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1})?:(\\d{12})?:(.*)" }, "DestinationConfig":{ "type":"structure", @@ -2624,7 +2628,7 @@ }, "DestinationConfig":{ "shape":"DestinationConfig", - "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) A configuration object that specifies the destination of an event after Lambda processes it.
" }, "Topics":{ "shape":"Topics", @@ -2644,15 +2648,15 @@ }, "MaximumRecordAgeInSeconds":{ "shape":"MaximumRecordAgeInSeconds", - "documentation":"(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.
The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records.
The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry. The default value is false.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) If the function returns an error, split the batch in two and retry. The default value is false.
" }, "MaximumRetryAttempts":{ "shape":"MaximumRetryAttemptsEventSourceMapping", - "documentation":"(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, Lambda retries failed records until the record expires in the event source.
" }, "TumblingWindowInSeconds":{ "shape":"TumblingWindowInSeconds", @@ -2660,7 +2664,7 @@ }, "FunctionResponseTypes":{ "shape":"FunctionResponseTypeList", - "documentation":"(Kinesis, DynamoDB Streams, and Amazon SQS) A list of current response type enums applied to the event source mapping.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, self-managed Apache Kafka, and Amazon SQS) A list of current response type enums applied to the event source mapping.
" }, "AmazonManagedKafkaEventSourceConfig":{ "shape":"AmazonManagedKafkaEventSourceConfig", @@ -2696,7 +2700,7 @@ }, "ProvisionedPollerConfig":{ "shape":"ProvisionedPollerConfig", - "documentation":"(Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.
" + "documentation":"(Amazon SQS, Amazon MSK, and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.
" } }, "documentation":"A mapping between an Amazon Web Services resource and a Lambda function. For details, see CreateEventSourceMapping.
" @@ -3036,6 +3040,10 @@ "LoggingConfig":{ "shape":"LoggingConfig", "documentation":"The function's Amazon CloudWatch Logs configuration settings.
" + }, + "TenancyConfig":{ + "shape":"TenancyConfig", + "documentation":"The function's tenant isolation configuration settings. Determines whether the Lambda function runs on a shared or dedicated infrastructure per unique tenant.
" } }, "documentation":"Details about a function's configuration.
" @@ -3858,6 +3866,12 @@ "documentation":"Specify a version or alias to invoke a published version of the function.
", "location":"querystring", "locationName":"Qualifier" + }, + "TenantId":{ + "shape":"TenantId", + "documentation":"The identifier of the tenant in a multi-tenant Lambda function.
", + "location":"header", + "locationName":"X-Amz-Tenant-Id" } }, "payload":"Payload" @@ -4011,6 +4025,12 @@ "Payload":{ "shape":"Blob", "documentation":"The JSON that you want to provide to your Lambda function as input.
You can enter the JSON directly. For example, --payload '{ \"key\": \"value\" }'. You can also specify a file path. For example, --payload file://payload.json.
The identifier of the tenant in a multi-tenant Lambda function.
", + "location":"header", + "locationName":"X-Amz-Tenant-Id" } }, "payload":"Payload" @@ -5020,7 +5040,7 @@ "members":{ "Destination":{ "shape":"DestinationArn", - "documentation":"The Amazon Resource Name (ARN) of the destination resource.
To retain records of unsuccessful asynchronous invocations, you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.
Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending OnFailure event to the destination. For details on this behavior, refer to Retaining records of asynchronous invocations.
To retain records of failed invocations from Kinesis, DynamoDB, self-managed Kafka or Amazon MSK, you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.
" + "documentation":"The Amazon Resource Name (ARN) of the destination resource.
To retain records of failed invocations from Kinesis, DynamoDB, self-managed Apache Kafka, or Amazon MSK, you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, or Kafka topic as the destination.
Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending OnFailure event to the destination. For details on this behavior, refer to Retaining records of asynchronous invocations.
To retain records of failed invocations from Kinesis, DynamoDB, self-managed Kafka or Amazon MSK, you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.
" } }, "documentation":"A destination for events that failed processing. For more information, see Adding a destination.
" @@ -5177,14 +5197,24 @@ "members":{ "MinimumPollers":{ "shape":"MinimumNumberOfPollers", - "documentation":"The minimum number of event pollers this event source can scale down to.
" + "documentation":"The minimum number of event pollers this event source can scale down to. For Amazon SQS events source mappings, default is 2, and minimum 2 required. For Amazon MSK and self-managed Apache Kafka event source mappings, default is 1.
" }, "MaximumPollers":{ "shape":"MaximumNumberOfPollers", - "documentation":"The maximum number of event pollers this event source can scale up to.
" + "documentation":"The maximum number of event pollers this event source can scale up to. For Amazon SQS events source mappings, default is 200, and minimum value allowed is 2. For Amazon MSK and self-managed Apache Kafka event source mappings, default is 200, and minimum value allowed is 1.
" + }, + "PollerGroupName":{ + "shape":"ProvisionedPollerGroupName", + "documentation":"(Amazon MSK and self-managed Apache Kafka) The name of the provisioned poller group. Use this option to group multiple ESMs within the VPC to share Event Poller Unit (EPU) capacity. This option is used to optimize Provisioned mode costs for your ESMs. You can group up to 100 ESMs per poller group and aggregate maximum pollers across all ESMs in a group cannot exceed 2000.
" } }, - "documentation":"The provisioned mode configuration for the event source. Use Provisioned Mode to customize the minimum and maximum number of event pollers for your event source. An event poller is a compute unit that provides approximately 5 MBps of throughput.
" + "documentation":"The provisioned mode configuration for the event source. Use Provisioned Mode to customize the minimum and maximum number of event pollers for your event source.
" + }, + "ProvisionedPollerGroupName":{ + "type":"string", + "max":128, + "min":0, + "pattern":"[a-zA-Z0-9-_]*" }, "PublishLayerVersionRequest":{ "type":"structure", @@ -5754,9 +5784,9 @@ "java21", "python3.13", "nodejs22.x", - "java25", "nodejs24.x", - "python3.14" + "python3.14", + "java25" ] }, "RuntimeVersionArn":{ @@ -6160,6 +6190,27 @@ "min":84, "pattern":".*" }, + "TenancyConfig":{ + "type":"structure", + "required":["TenantIsolationMode"], + "members":{ + "TenantIsolationMode":{ + "shape":"TenantIsolationMode", + "documentation":"Tenant isolation mode allows for invocation to be sent to a corresponding execution environment dedicated to a specific tenant ID.
" + } + }, + "documentation":"Specifies the tenant isolation mode configuration for a Lambda function. This allows you to configure specific tenant isolation strategies for your function invocations. Tenant isolation configuration cannot be modified after function creation.
" + }, + "TenantId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"[a-zA-Z0-9\\._:\\/=+\\-@ ]+" + }, + "TenantIsolationMode":{ + "type":"string", + "enum":["PER_TENANT"] + }, "ThrottleReason":{ "type":"string", "enum":[ @@ -6396,19 +6447,19 @@ }, "DestinationConfig":{ "shape":"DestinationConfig", - "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Kafka only) A configuration object that specifies the destination of an event after Lambda processes it.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) A configuration object that specifies the destination of an event after Lambda processes it.
" }, "MaximumRecordAgeInSeconds":{ "shape":"MaximumRecordAgeInSeconds", - "documentation":"(Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is infinite (-1).
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) Discard records older than the specified age. The default value is infinite (-1).
" }, "BisectBatchOnFunctionError":{ "shape":"BisectBatchOnFunctionError", - "documentation":"(Kinesis and DynamoDB Streams only) If the function returns an error, split the batch in two and retry.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) If the function returns an error, split the batch in two and retry.
" }, "MaximumRetryAttempts":{ "shape":"MaximumRetryAttemptsEventSourceMapping", - "documentation":"(Kinesis and DynamoDB Streams only) Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka) Discard records after the specified number of retries. The default value is infinite (-1). When set to infinite (-1), failed records are retried until the record expires.
" }, "ParallelizationFactor":{ "shape":"ParallelizationFactor", @@ -6424,7 +6475,7 @@ }, "FunctionResponseTypes":{ "shape":"FunctionResponseTypeList", - "documentation":"(Kinesis, DynamoDB Streams, and Amazon SQS) A list of current response type enums applied to the event source mapping.
" + "documentation":"(Kinesis, DynamoDB Streams, Amazon MSK, self-managed Apache Kafka, and Amazon SQS) A list of current response type enums applied to the event source mapping.
" }, "ScalingConfig":{ "shape":"ScalingConfig", @@ -6446,7 +6497,7 @@ }, "ProvisionedPollerConfig":{ "shape":"ProvisionedPollerConfig", - "documentation":"(Amazon MSK and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.
" + "documentation":"(Amazon SQS, Amazon MSK, and self-managed Apache Kafka only) The provisioned mode configuration for the event source. For more information, see provisioned mode.
" } } }, diff --git a/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json b/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json index 2b3c3e2babb6..f02081a01049 100644 --- a/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json +++ b/awscli/botocore/data/lexv2-models/2020-08-07/service-2.json @@ -2985,6 +2985,14 @@ "enum":["UtteranceTimestamp"] }, "AnswerField":{"type":"string"}, + "AssistedNluMode":{ + "type":"string", + "documentation":"Defines the operational mode for Assisted Natural Language Understanding. This enum determines how the enhanced NLU capabilities integrate with standard intent recognition.
", + "enum":[ + "Primary", + "Fallback" + ] + }, "AssociatedTranscript":{ "type":"structure", "members":{ @@ -3778,7 +3786,11 @@ "shape":"ConfidenceThreshold", "documentation":"Determines the threshold where Amazon Lex will insert the AMAZON.FallbackIntent, AMAZON.KendraSearchIntent, or both when returning alternative intents. AMAZON.FallbackIntent and AMAZON.KendraSearchIntent are only inserted if they are configured for the bot.
For example, suppose a bot is configured with the confidence threshold of 0.80 and the AMAZON.FallbackIntent. Amazon Lex returns three alternative intents with the following confidence scores: IntentA (0.70), IntentB (0.60), IntentC (0.50). The response from the PostText operation would be:
AMAZON.FallbackIntent
IntentA
IntentB
IntentC
The sensitivity level for voice activity detection (VAD) in the bot locale. This setting helps optimize speech recognition accuracy by adjusting how the system responds to background noise during voice interactions.
" + } }, "documentation":"Provides the bot locale parameters required for importing a bot locale.
" }, @@ -4907,7 +4919,11 @@ "shape":"VoiceSettings", "documentation":"The Amazon Polly voice ID that Amazon Lex uses for voice interaction with the user.
" }, - "generativeAISettings":{"shape":"GenerativeAISettings"} + "generativeAISettings":{"shape":"GenerativeAISettings"}, + "speechDetectionSensitivity":{ + "shape":"SpeechDetectionSensitivity", + "documentation":"The sensitivity level for voice activity detection (VAD) in the bot locale. This setting helps optimize speech recognition accuracy by adjusting how the system responds to background noise during voice interactions.
" + } } }, "CreateBotLocaleResponse":{ @@ -4949,7 +4965,11 @@ "shape":"Timestamp", "documentation":"A timestamp specifying the date and time that the bot locale was created.
" }, - "generativeAISettings":{"shape":"GenerativeAISettings"} + "generativeAISettings":{"shape":"GenerativeAISettings"}, + "speechDetectionSensitivity":{ + "shape":"SpeechDetectionSensitivity", + "documentation":"The sensitivity level for voice activity detection (VAD) that was specified for the bot locale.
" + } } }, "CreateBotReplicaRequest":{ @@ -5221,6 +5241,10 @@ "shape":"Name", "documentation":"The name of the intent. Intent names must be unique in the locale that contains the intent and cannot match the name of any built-in intent.
" }, + "intentDisplayName":{ + "shape":"DisplayName", + "documentation":"A display name for the intent. If configured, This name will be shown to users during Intent Disambiguation instead of the intent name. Display names should be user-friendly, descriptive and match the intent's purpose to improve user experience during disambiguation.
" + }, "description":{ "shape":"Description", "documentation":"A description of the intent. Use the description to help identify the intent in lists.
" @@ -5304,6 +5328,10 @@ "shape":"Name", "documentation":"The name specified for the intent.
" }, + "intentDisplayName":{ + "shape":"DisplayName", + "documentation":"The display name specified for the intent.
" + }, "description":{ "shape":"Description", "documentation":"The description specified for the intent.
" @@ -5752,6 +5780,11 @@ } } }, + "CustomDisambiguationMessage":{ + "type":"string", + "max":1000, + "min":1 + }, "CustomPayload":{ "type":"structure", "required":["value"], @@ -6668,6 +6701,10 @@ "generativeAISettings":{ "shape":"GenerativeAISettings", "documentation":"Contains settings for Amazon Bedrock's generative AI features for your bot locale.
" + }, + "speechDetectionSensitivity":{ + "shape":"SpeechDetectionSensitivity", + "documentation":"The sensitivity level for voice activity detection (VAD) configured for the bot locale.
" } } }, @@ -7241,6 +7278,10 @@ "shape":"Name", "documentation":"The name specified for the intent.
" }, + "intentDisplayName":{ + "shape":"DisplayName", + "documentation":"The display name specified for the intent.
" + }, "description":{ "shape":"Description", "documentation":"The description of the intent.
" @@ -7871,6 +7912,11 @@ }, "documentation":"The current state of the conversation with the user.
" }, + "DisplayName":{ + "type":"string", + "max":100, + "min":1 + }, "DomainEndpoint":{ "type":"string", "pattern":"^(http|https):\\/\\/+[^\\s]+[\\w]" @@ -8826,6 +8872,25 @@ }, "documentation":"Provides a prompt for making sure that the user is ready for the intent to be fulfilled.
" }, + "IntentDisambiguationSettings":{ + "type":"structure", + "required":["enabled"], + "members":{ + "enabled":{ + "shape":"Enabled", + "documentation":"Determines whether the Intent Disambiguation feature is enabled. When set to true, Amazon Lex will present disambiguation options to users when multiple intents could match their input, with the default being false.
Specifies the maximum number of intent options (2-5) to present to users when disambiguation is needed. This setting determines how many intent options will be shown to users when the system detects ambiguous input. The default value is 3.
" + }, + "customDisambiguationMessage":{ + "shape":"CustomDisambiguationMessage", + "documentation":"Provides a custom message that will be displayed before presenting the disambiguation options to users. This message helps set the context for users and can be customized to match your bot's tone and brand. If not specified, a default message will be used.
" + } + }, + "documentation":"Configures the Intent Disambiguation feature that helps resolve ambiguous user inputs when multiple intents could match. When enabled, the system presents clarifying questions to users, helping them specify their exact intent for improved conversation accuracy.
" + }, "IntentFilter":{ "type":"structure", "required":[ @@ -8976,6 +9041,10 @@ "shape":"Name", "documentation":"The name of the intent.
" }, + "intentDisplayName":{ + "shape":"DisplayName", + "documentation":"The display name of the intent.
" + }, "description":{ "shape":"Description", "documentation":"The description of the intent.
" @@ -10760,6 +10829,12 @@ "type":"string", "max":1024 }, + "MaxDisambiguationIntents":{ + "type":"integer", + "box":true, + "max":5, + "min":2 + }, "MaxResults":{ "type":"integer", "box":true, @@ -10884,10 +10959,18 @@ "members":{ "enabled":{ "shape":"Enabled", - "documentation":"Specifies whether the assisted nlu feature is enabled.
" + "documentation":"Determines whether the Assisted NLU feature is enabled for the bot. When set to true, Amazon Lex uses advanced models to improve intent recognition and slot resolution, with the default being false.
Specifies the mode for Assisted NLU operation. Use Primary to make Assisted NLU the primary intent recognition method, or Fallback to use it only when standard NLU confidence is low.
An object containing specifications for the Intent Disambiguation feature within the Assisted NLU settings. These settings determine how the bot handles ambiguous user inputs that could match multiple intents.
" } }, - "documentation":"Specifies whether the assisted nlu feature is turned on or off.
" + "documentation":"Configures the Assisted Natural Language Understanding (NLU) feature for your bot. This specification determines whether enhanced intent recognition and utterance understanding capabilities are active.
" }, "NonEmptyString":{ "type":"string", @@ -11513,7 +11596,7 @@ }, "nluImprovement":{ "shape":"NluImprovementSpecification", - "documentation":"An object containing specifications for the assisted nlu feature.
" + "documentation":"An object containing specifications for the Assisted NLU feature within the bot's runtime settings. These settings determine how the bot processes and interprets user utterances during conversations.
" } }, "documentation":"Contains specifications about the Amazon Lex runtime generative AI capabilities from Amazon Bedrock that you can turn on for your bot.
" @@ -12418,6 +12501,15 @@ }, "documentation":"Subslot specifications.
" }, + "SpeechDetectionSensitivity":{ + "type":"string", + "documentation":"Determines the sensitivity level for voice activity detection (VAD) in noisy environments. This setting helps optimize speech recognition accuracy by adjusting how the system responds to background noise.
Valid values include:
Default - Standard sensitivity level suitable for most environments
HighNoiseTolerance - Increased tolerance for moderate background noise
MaximumNoiseTolerance - Maximum tolerance for high levels of background noise
Contains settings for generative AI features powered by Amazon Bedrock for your bot locale. Use this object to turn generative AI features on and off. Pricing may differ if you turn a feature on. For more information, see LINK.
" + }, + "speechDetectionSensitivity":{ + "shape":"SpeechDetectionSensitivity", + "documentation":"The new sensitivity level for voice activity detection (VAD) in the bot locale. This setting helps optimize speech recognition accuracy by adjusting how the system responds to background noise during voice interactions.
" } } }, @@ -13852,6 +13948,10 @@ "generativeAISettings":{ "shape":"GenerativeAISettings", "documentation":"Contains settings for generative AI features powered by Amazon Bedrock for your bot locale.
" + }, + "speechDetectionSensitivity":{ + "shape":"SpeechDetectionSensitivity", + "documentation":"The updated sensitivity level for voice activity detection (VAD) in the bot locale.
" } } }, @@ -14110,6 +14210,10 @@ "shape":"Name", "documentation":"The new name for the intent.
" }, + "intentDisplayName":{ + "shape":"DisplayName", + "documentation":"The new display name for the intent.
" + }, "description":{ "shape":"Description", "documentation":"The new description of the intent.
" @@ -14197,6 +14301,10 @@ "shape":"Name", "documentation":"The updated name of the intent.
" }, + "intentDisplayName":{ + "shape":"DisplayName", + "documentation":"The updated display name of the intent.
" + }, "description":{ "shape":"Description", "documentation":"The updated description of the intent.
" diff --git a/awscli/botocore/data/license-manager/2018-08-01/service-2.json b/awscli/botocore/data/license-manager/2018-08-01/service-2.json index 8d05fd2c488a..b2160657d4a4 100644 --- a/awscli/botocore/data/license-manager/2018-08-01/service-2.json +++ b/awscli/botocore/data/license-manager/2018-08-01/service-2.json @@ -155,6 +155,42 @@ ], "documentation":"Creates a license.
" }, + "CreateLicenseAssetGroup":{ + "name":"CreateLicenseAssetGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateLicenseAssetGroupRequest"}, + "output":{"shape":"CreateLicenseAssetGroupResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Creates a license asset group.
" + }, + "CreateLicenseAssetRuleset":{ + "name":"CreateLicenseAssetRuleset", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateLicenseAssetRulesetRequest"}, + "output":{"shape":"CreateLicenseAssetRulesetResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Creates a license asset ruleset.
" + }, "CreateLicenseConfiguration":{ "name":"CreateLicenseConfiguration", "http":{ @@ -290,6 +326,42 @@ ], "documentation":"Deletes the specified license.
" }, + "DeleteLicenseAssetGroup":{ + "name":"DeleteLicenseAssetGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteLicenseAssetGroupRequest"}, + "output":{"shape":"DeleteLicenseAssetGroupResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Deletes a license asset group.
" + }, + "DeleteLicenseAssetRuleset":{ + "name":"DeleteLicenseAssetRuleset", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteLicenseAssetRulesetRequest"}, + "output":{"shape":"DeleteLicenseAssetRulesetResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Deletes a license asset ruleset.
" + }, "DeleteLicenseConfiguration":{ "name":"DeleteLicenseConfiguration", "http":{ @@ -419,6 +491,42 @@ ], "documentation":"Gets detailed information about the specified license.
" }, + "GetLicenseAssetGroup":{ + "name":"GetLicenseAssetGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetLicenseAssetGroupRequest"}, + "output":{"shape":"GetLicenseAssetGroupResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Gets a license asset group.
" + }, + "GetLicenseAssetRuleset":{ + "name":"GetLicenseAssetRuleset", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetLicenseAssetRulesetRequest"}, + "output":{"shape":"GetLicenseAssetRulesetResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Gets a license asset ruleset.
" + }, "GetLicenseConfiguration":{ "name":"GetLicenseConfiguration", "http":{ @@ -507,6 +615,24 @@ ], "documentation":"Gets the License Manager settings for the current Region.
" }, + "ListAssetsForLicenseAssetGroup":{ + "name":"ListAssetsForLicenseAssetGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListAssetsForLicenseAssetGroupRequest"}, + "output":{"shape":"ListAssetsForLicenseAssetGroupResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Lists assets for a license asset group.
" + }, "ListAssociationsForLicenseConfiguration":{ "name":"ListAssociationsForLicenseConfiguration", "http":{ @@ -561,6 +687,42 @@ ], "documentation":"Lists the license configuration operations that failed.
" }, + "ListLicenseAssetGroups":{ + "name":"ListLicenseAssetGroups", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListLicenseAssetGroupsRequest"}, + "output":{"shape":"ListLicenseAssetGroupsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Lists license asset groups.
" + }, + "ListLicenseAssetRulesets":{ + "name":"ListLicenseAssetRulesets", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListLicenseAssetRulesetsRequest"}, + "output":{"shape":"ListLicenseAssetRulesetsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Lists license asset rulesets.
" + }, "ListLicenseConfigurations":{ "name":"ListLicenseConfigurations", "http":{ @@ -579,6 +741,24 @@ ], "documentation":"Lists the license configurations for your account.
" }, + "ListLicenseConfigurationsForOrganization":{ + "name":"ListLicenseConfigurationsForOrganization", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListLicenseConfigurationsForOrganizationRequest"}, + "output":{"shape":"ListLicenseConfigurationsForOrganizationResponse"}, + "errors":[ + {"shape":"InvalidParameterValueException"}, + {"shape":"ServerInternalException"}, + {"shape":"FilterLimitExceededException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"} + ], + "documentation":"Lists license configurations for an organization.
" + }, "ListLicenseConversionTasks":{ "name":"ListLicenseConversionTasks", "http":{ @@ -773,6 +953,7 @@ "output":{"shape":"ListTagsForResourceResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, + {"shape":"ValidationException"}, {"shape":"ServerInternalException"}, {"shape":"AuthorizationException"}, {"shape":"AccessDeniedException"}, @@ -844,6 +1025,7 @@ "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, + {"shape":"ValidationException"}, {"shape":"ServerInternalException"}, {"shape":"AuthorizationException"}, {"shape":"AccessDeniedException"}, @@ -861,6 +1043,7 @@ "output":{"shape":"UntagResourceResponse"}, "errors":[ {"shape":"InvalidParameterValueException"}, + {"shape":"ValidationException"}, {"shape":"ServerInternalException"}, {"shape":"AuthorizationException"}, {"shape":"AccessDeniedException"}, @@ -868,6 +1051,42 @@ ], "documentation":"Removes the specified tags from the specified resource.
" }, + "UpdateLicenseAssetGroup":{ + "name":"UpdateLicenseAssetGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateLicenseAssetGroupRequest"}, + "output":{"shape":"UpdateLicenseAssetGroupResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Updates a license asset group.
" + }, + "UpdateLicenseAssetRuleset":{ + "name":"UpdateLicenseAssetRuleset", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateLicenseAssetRulesetRequest"}, + "output":{"shape":"UpdateLicenseAssetRulesetResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"AuthorizationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"RateLimitExceededException"}, + {"shape":"ServerInternalException"} + ], + "documentation":"Updates a license asset ruleset.
" + }, "UpdateLicenseConfiguration":{ "name":"UpdateLicenseConfiguration", "http":{ @@ -940,7 +1159,9 @@ {"shape":"ServerInternalException"}, {"shape":"AuthorizationException"}, {"shape":"AccessDeniedException"}, - {"shape":"RateLimitExceededException"} + {"shape":"RateLimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Updates License Manager settings for the current Region.
" } @@ -1006,6 +1227,20 @@ "max":8, "min":1 }, + "AndRuleStatement":{ + "type":"structure", + "members":{ + "MatchingRuleStatements":{ + "shape":"MatchingRuleStatementList", + "documentation":"Matching rule statements.
" + }, + "ScriptRuleStatements":{ + "shape":"ScriptRuleStatementList", + "documentation":"Script rule statements.
" + } + }, + "documentation":"AND rule statement.
" + }, "Arn":{ "type":"string", "max":2048, @@ -1015,6 +1250,24 @@ "type":"list", "member":{"shape":"Arn"} }, + "Asset":{ + "type":"structure", + "members":{ + "AssetArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) of the asset.
" + }, + "LatestAssetDiscoveryTime":{ + "shape":"DateTime", + "documentation":"Latest asset discovery time.
" + } + }, + "documentation":"Asset.
" + }, + "AssetList":{ + "type":"list", + "member":{"shape":"Asset"} + }, "AuthorizationException":{ "type":"structure", "members":{ @@ -1399,6 +1652,102 @@ } } }, + "CreateLicenseAssetGroupRequest":{ + "type":"structure", + "required":[ + "Name", + "LicenseAssetGroupConfigurations", + "AssociatedLicenseAssetRulesetARNs", + "ClientToken" + ], + "members":{ + "Name":{ + "shape":"LicenseAssetResourceName", + "documentation":"License asset group name.
" + }, + "Description":{ + "shape":"LicenseAssetResourceDescription", + "documentation":"License asset group description.
" + }, + "LicenseAssetGroupConfigurations":{ + "shape":"LicenseAssetGroupConfigurationList", + "documentation":"License asset group configurations.
" + }, + "AssociatedLicenseAssetRulesetARNs":{ + "shape":"LicenseAssetRulesetArnList", + "documentation":"ARNs of associated license asset rulesets.
" + }, + "Properties":{ + "shape":"LicenseAssetGroupPropertyList", + "documentation":"License asset group properties.
" + }, + "Tags":{ + "shape":"TagList", + "documentation":"Tags to add to the license asset group.
" + }, + "ClientToken":{ + "shape":"String", + "documentation":"Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
" + } + } + }, + "CreateLicenseAssetGroupResponse":{ + "type":"structure", + "required":[ + "LicenseAssetGroupArn", + "Status" + ], + "members":{ + "LicenseAssetGroupArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + }, + "Status":{ + "shape":"String", + "documentation":"License asset group status.
" + } + } + }, + "CreateLicenseAssetRulesetRequest":{ + "type":"structure", + "required":[ + "Name", + "Rules", + "ClientToken" + ], + "members":{ + "Name":{ + "shape":"LicenseAssetResourceName", + "documentation":"License asset ruleset name.
" + }, + "Description":{ + "shape":"LicenseAssetResourceDescription", + "documentation":"License asset ruleset description.
" + }, + "Rules":{ + "shape":"LicenseAssetRuleList", + "documentation":"License asset rules.
" + }, + "Tags":{ + "shape":"TagList", + "documentation":"Tags to add to the license asset ruleset.
" + }, + "ClientToken":{ + "shape":"String", + "documentation":"Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
" + } + } + }, + "CreateLicenseAssetRulesetResponse":{ + "type":"structure", + "required":["LicenseAssetRulesetArn"], + "members":{ + "LicenseAssetRulesetArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) of the license asset ruleset.
" + } + } + }, "CreateLicenseConfigurationRequest":{ "type":"structure", "required":[ @@ -1441,6 +1790,10 @@ "ProductInformationList":{ "shape":"ProductInformationList", "documentation":"Product information.
" + }, + "LicenseExpiry":{ + "shape":"BoxLong", + "documentation":"License configuration expiry.
" } } }, @@ -1743,6 +2096,26 @@ } } }, + "CrossAccountDiscoveryServiceStatus":{ + "type":"structure", + "members":{ + "Message":{ + "shape":"String", + "documentation":"Status message for cross-account discovery service.
" + } + }, + "documentation":"Status information for cross-account discovery service.
" + }, + "CrossRegionDiscoveryStatus":{ + "type":"structure", + "members":{ + "Message":{ + "shape":"RegionStatusMap", + "documentation":"Map of region status messages for cross-region discovery.
" + } + }, + "documentation":"Status information for cross-region discovery.
" + }, "DateTime":{"type":"timestamp"}, "DatetimeRange":{ "type":"structure", @@ -1797,13 +2170,47 @@ } } }, - "DeleteLicenseConfigurationRequest":{ + "DeleteLicenseAssetGroupRequest":{ "type":"structure", - "required":["LicenseConfigurationArn"], + "required":["LicenseAssetGroupArn"], "members":{ - "LicenseConfigurationArn":{ - "shape":"String", - "documentation":"ID of the license configuration.
" + "LicenseAssetGroupArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + } + } + }, + "DeleteLicenseAssetGroupResponse":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"LicenseAssetGroupStatus", + "documentation":"License asset group status.
" + } + } + }, + "DeleteLicenseAssetRulesetRequest":{ + "type":"structure", + "required":["LicenseAssetRulesetArn"], + "members":{ + "LicenseAssetRulesetArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset ruleset.
" + } + } + }, + "DeleteLicenseAssetRulesetResponse":{ + "type":"structure", + "members":{} + }, + "DeleteLicenseConfigurationRequest":{ + "type":"structure", + "required":["LicenseConfigurationArn"], + "members":{ + "LicenseConfigurationArn":{ + "shape":"String", + "documentation":"ID of the license configuration.
" } } }, @@ -2158,6 +2565,46 @@ } } }, + "GetLicenseAssetGroupRequest":{ + "type":"structure", + "required":["LicenseAssetGroupArn"], + "members":{ + "LicenseAssetGroupArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + } + } + }, + "GetLicenseAssetGroupResponse":{ + "type":"structure", + "required":["LicenseAssetGroup"], + "members":{ + "LicenseAssetGroup":{ + "shape":"LicenseAssetGroup", + "documentation":"License asset group.
" + } + } + }, + "GetLicenseAssetRulesetRequest":{ + "type":"structure", + "required":["LicenseAssetRulesetArn"], + "members":{ + "LicenseAssetRulesetArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset ruleset.
" + } + } + }, + "GetLicenseAssetRulesetResponse":{ + "type":"structure", + "required":["LicenseAssetRuleset"], + "members":{ + "LicenseAssetRuleset":{ + "shape":"LicenseAssetRuleset", + "documentation":"License asset ruleset.
" + } + } + }, "GetLicenseConfigurationRequest":{ "type":"structure", "required":["LicenseConfigurationArn"], @@ -2238,6 +2685,10 @@ "DisassociateWhenNotFound":{ "shape":"BoxBoolean", "documentation":"When true, disassociates a resource when software is uninstalled.
" + }, + "LicenseExpiry":{ + "shape":"BoxLong", + "documentation":"License Expiry.
" } } }, @@ -2379,6 +2830,18 @@ "LicenseManagerResourceShareArn":{ "shape":"String", "documentation":"Amazon Resource Name (ARN) of the resource share. The License Manager management account provides member accounts with access to this share.
" + }, + "CrossRegionDiscoveryHomeRegion":{ + "shape":"String", + "documentation":"Cross region discovery home region.
" + }, + "CrossRegionDiscoverySourceRegions":{ + "shape":"StringList", + "documentation":"Cross region discovery source regions.
" + }, + "ServiceStatus":{ + "shape":"ServiceStatus", + "documentation":"Service status.
" } } }, @@ -2536,6 +2999,28 @@ "max":50, "pattern":"^(-?(?:[1-9][0-9]*)?[0-9]{4})-(1[0-2]|0[1-9])-(3[0-1]|0[1-9]|[1-2][0-9])T(2[0-3]|[0-1][0-9]):([0-5][0-9]):([0-5][0-9])(\\.[0-9]+)?(Z|[+-](?:2[ 0-3]|[0-1][0-9]):[0-5][0-9])+$" }, + "InstanceRuleStatement":{ + "type":"structure", + "members":{ + "AndRuleStatement":{ + "shape":"AndRuleStatement", + "documentation":"AND rule statement.
" + }, + "OrRuleStatement":{ + "shape":"OrRuleStatement", + "documentation":"OR rule statement.
" + }, + "MatchingRuleStatement":{ + "shape":"MatchingRuleStatement", + "documentation":"Matching rule statement.
" + }, + "ScriptRuleStatement":{ + "shape":"ScriptRuleStatement", + "documentation":"Script rule statement.
" + } + }, + "documentation":"Instance rule statement.
" + }, "Integer":{"type":"integer"}, "InvalidParameterValueException":{ "type":"structure", @@ -2684,6 +3169,165 @@ }, "documentation":"Software license that is managed in License Manager.
" }, + "LicenseAssetGroup":{ + "type":"structure", + "required":[ + "Name", + "AssociatedLicenseAssetRulesetARNs", + "LicenseAssetGroupArn", + "Status" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"License asset group name.
" + }, + "Description":{ + "shape":"String", + "documentation":"License asset group description.
" + }, + "LicenseAssetGroupConfigurations":{ + "shape":"LicenseAssetGroupConfigurationList", + "documentation":"License asset group configurations.
" + }, + "AssociatedLicenseAssetRulesetARNs":{ + "shape":"LicenseAssetRulesetArnList", + "documentation":"ARNs of associated license asset rulesets.
" + }, + "Properties":{ + "shape":"LicenseAssetGroupPropertyList", + "documentation":"License asset group properties.
" + }, + "LicenseAssetGroupArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + }, + "Status":{ + "shape":"LicenseAssetGroupStatus", + "documentation":"License asset group status.
" + }, + "StatusMessage":{ + "shape":"String", + "documentation":"License asset group status message.
" + }, + "LatestUsageAnalysisTime":{ + "shape":"DateTime", + "documentation":"Latest usage analysis time.
" + }, + "LatestResourceDiscoveryTime":{ + "shape":"DateTime", + "documentation":"Latest resource discovery time.
" + } + }, + "documentation":"License asset group.
" + }, + "LicenseAssetGroupConfiguration":{ + "type":"structure", + "members":{ + "UsageDimension":{ + "shape":"String", + "documentation":"License Asset Group Configuration Usage dimension.
" + } + }, + "documentation":"License asset group configuration.
" + }, + "LicenseAssetGroupConfigurationList":{ + "type":"list", + "member":{"shape":"LicenseAssetGroupConfiguration"} + }, + "LicenseAssetGroupList":{ + "type":"list", + "member":{"shape":"LicenseAssetGroup"} + }, + "LicenseAssetGroupProperty":{ + "type":"structure", + "required":[ + "Key", + "Value" + ], + "members":{ + "Key":{ + "shape":"String", + "documentation":"Property key.
" + }, + "Value":{ + "shape":"String", + "documentation":"Property value.
" + } + }, + "documentation":"License asset group property.
" + }, + "LicenseAssetGroupPropertyList":{ + "type":"list", + "member":{"shape":"LicenseAssetGroupProperty"} + }, + "LicenseAssetGroupStatus":{ + "type":"string", + "documentation":"License asset group status. Allowed values are
ACTIVE
DISABLED
DELETED
Rule statement.
" + } + }, + "documentation":"License asset rule.
" + }, + "LicenseAssetRuleList":{ + "type":"list", + "member":{"shape":"LicenseAssetRule"} + }, + "LicenseAssetRuleset":{ + "type":"structure", + "required":[ + "Name", + "Rules", + "LicenseAssetRulesetArn" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"License asset ruleset name.
" + }, + "Description":{ + "shape":"String", + "documentation":"License asset ruleset description.
" + }, + "Rules":{ + "shape":"LicenseAssetRuleList", + "documentation":"License asset rules.
" + }, + "LicenseAssetRulesetArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset ruleset.
" + } + }, + "documentation":"License asset ruleset.
" + }, + "LicenseAssetRulesetArnList":{ + "type":"list", + "member":{"shape":"Arn"} + }, + "LicenseAssetRulesetList":{ + "type":"list", + "member":{"shape":"LicenseAssetRuleset"} + }, "LicenseConfiguration":{ "type":"structure", "members":{ @@ -2750,6 +3394,10 @@ "AutomatedDiscoveryInformation":{ "shape":"AutomatedDiscoveryInformation", "documentation":"Automated discovery information.
" + }, + "LicenseExpiry":{ + "shape":"BoxLong", + "documentation":"License configuration expiry time in Unix timestamp format.
" } }, "documentation":"A license configuration is an abstraction of a customer license agreement that can be consumed and enforced by License Manager. Components include specifications for the license type (licensing by instance, socket, CPU, or vCPU), allowed tenancy (shared tenancy, Dedicated Instance, Dedicated Host, or all of these), host affinity (how long a VM must be associated with a host), and the number of licenses purchased and used.
" @@ -2784,6 +3432,24 @@ "type":"list", "member":{"shape":"LicenseConfigurationAssociation"} }, + "LicenseConfigurationRuleStatement":{ + "type":"structure", + "members":{ + "AndRuleStatement":{ + "shape":"AndRuleStatement", + "documentation":"AND rule statement.
" + }, + "OrRuleStatement":{ + "shape":"OrRuleStatement", + "documentation":"OR rule statement.
" + }, + "MatchingRuleStatement":{ + "shape":"MatchingRuleStatement", + "documentation":"Matching rule statement.
" + } + }, + "documentation":"License configuration rule statement.
" + }, "LicenseConfigurationStatus":{ "type":"string", "enum":[ @@ -2964,6 +3630,24 @@ "type":"list", "member":{"shape":"LicenseOperationFailure"} }, + "LicenseRuleStatement":{ + "type":"structure", + "members":{ + "AndRuleStatement":{ + "shape":"AndRuleStatement", + "documentation":"AND rule statement.
" + }, + "OrRuleStatement":{ + "shape":"OrRuleStatement", + "documentation":"OR rule statement.
" + }, + "MatchingRuleStatement":{ + "shape":"MatchingRuleStatement", + "documentation":"Matching rule statement.
" + } + }, + "documentation":"License rule statement.
" + }, "LicenseSpecification":{ "type":"structure", "required":["LicenseConfigurationArn"], @@ -3013,6 +3697,44 @@ "documentation":"You do not have enough licenses available to support a new resource launch.
", "exception":true }, + "ListAssetsForLicenseAssetGroupRequest":{ + "type":"structure", + "required":[ + "LicenseAssetGroupArn", + "AssetType" + ], + "members":{ + "LicenseAssetGroupArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + }, + "AssetType":{ + "shape":"String", + "documentation":"Asset type. The possible values are Instance | License | LicenseConfiguration.
Maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, + "ListAssetsForLicenseAssetGroupResponse":{ + "type":"structure", + "members":{ + "Assets":{ + "shape":"AssetList", + "documentation":"Assets.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, "ListAssociationsForLicenseConfigurationRequest":{ "type":"structure", "required":["LicenseConfigurationArn"], @@ -3109,6 +3831,104 @@ } } }, + "ListLicenseAssetGroupsRequest":{ + "type":"structure", + "members":{ + "Filters":{ + "shape":"Filters", + "documentation":"Filters to scope the results. Following filters are supported
LicenseAssetRulesetArn
Maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, + "ListLicenseAssetGroupsResponse":{ + "type":"structure", + "members":{ + "LicenseAssetGroups":{ + "shape":"LicenseAssetGroupList", + "documentation":"License asset groups.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, + "ListLicenseAssetRulesetsRequest":{ + "type":"structure", + "members":{ + "Filters":{ + "shape":"Filters", + "documentation":"Filters to scope the results. Following filters are supported
Name
Specifies whether to show License Manager managed license asset rulesets.
" + }, + "MaxResults":{ + "shape":"BoxInteger", + "documentation":"Maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, + "ListLicenseAssetRulesetsResponse":{ + "type":"structure", + "members":{ + "LicenseAssetRulesets":{ + "shape":"LicenseAssetRulesetList", + "documentation":"License asset rulesets.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, + "ListLicenseConfigurationsForOrganizationRequest":{ + "type":"structure", + "members":{ + "LicenseConfigurationArns":{ + "shape":"StringList", + "documentation":"License configuration ARNs.
" + }, + "MaxResults":{ + "shape":"BoxInteger", + "documentation":"Maximum number of results to return in a single call.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + }, + "Filters":{ + "shape":"Filters", + "documentation":"Filters to scope the results.
" + } + } + }, + "ListLicenseConfigurationsForOrganizationResponse":{ + "type":"structure", + "members":{ + "LicenseConfigurations":{ + "shape":"LicenseConfigurations", + "documentation":"License configurations.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"Token for the next set of results.
" + } + } + }, "ListLicenseConfigurationsRequest":{ "type":"structure", "members":{ @@ -3570,6 +4390,33 @@ "type":"list", "member":{"shape":"ManagedResourceSummary"} }, + "MatchingRuleStatement":{ + "type":"structure", + "required":[ + "KeyToMatch", + "Constraint", + "ValueToMatch" + ], + "members":{ + "KeyToMatch":{ + "shape":"String", + "documentation":"Key to match.
The following keys and are supported when the RuleStatement type is Instance:
Platform - The name of the platform. Logical operators are EQUALS and NOT_EQUALS.
EC2BillingProduct - The billing product code. Logical operators are EQUALS and NOT_EQUALS. Possible values are: windows-server-enterprise | windows-byol | rhel | rhel-byol | rhel-high-availability | ubuntu-pro | suse-linux | sql-server-standard | sql-server-enterprise.
MarketPlaceProductCode - The Marketplace product code. Logical operators are EQUALS and NOT_EQUALS.
AMIId - The ID of the AMI. Logical operators are EQUALS and NOT_EQUALS.
InstanceType - The instance type. Logical operators are EQUALS and NOT_EQUALS.
InstanceId - The ID of the instance. Logical operators are EQUALS and NOT_EQUALS.
HostId - The ID of the host. Logical operators are EQUALS and NOT_EQUALS.
AccountId - The ID of the account. Logical operators are EQUALS and NOT_EQUALS.
The following keys and are supported when the RuleStatement type is License:
LicenseArn - The ARN of a Managed Entitlement License. Logical operators are EQUALS and NOT_EQUALS.
ProductSKU - The productSKU of the license. Logical operators are EQUALS and NOT_EQUALS.
Issuer - The issuer of the license. Logical operators are EQUALS and NOT_EQUALS.
Beneficiary - The beneficiary of the license. Logical operators are EQUALS and NOT_EQUALS.
LicenseStatus - The status of the license. Logical operators are EQUALS and NOT_EQUALS.
HomeRegion - The home region of the license. Logical operators are EQUALS and NOT_EQUALS.
The following keys and are supported when the RuleStatement type is License Configuration:
LicenseConfigurationArn - The ARN of a self-managed license configuration. Logical operators are EQUALS and NOT_EQUALS.
AccountId - The account of the license configuration. Logical operators are EQUALS and NOT_EQUALS.
Constraint.
" + }, + "ValueToMatch":{ + "shape":"StringList", + "documentation":"Value to match.
" + } + }, + "documentation":"Matching rule statement.
" + }, + "MatchingRuleStatementList":{ + "type":"list", + "member":{"shape":"MatchingRuleStatement"} + }, "MaxSize100":{ "type":"integer", "max":100, @@ -3617,6 +4464,20 @@ }, "documentation":"The options you can specify when you create a new version of a grant, such as activation override behavior. For more information, see Granted licenses in License Manager in the License Manager User Guide.
" }, + "OrRuleStatement":{ + "type":"structure", + "members":{ + "MatchingRuleStatements":{ + "shape":"MatchingRuleStatementList", + "documentation":"Matching rule statements.
" + }, + "ScriptRuleStatements":{ + "shape":"ScriptRuleStatementList", + "documentation":"Script rule statements.
" + } + }, + "documentation":"OR rule statement.
" + }, "OrganizationConfiguration":{ "type":"structure", "required":["EnableIntegration"], @@ -3771,6 +4632,21 @@ "documentation":"This is not the correct Region for the resource. Try again.
", "exception":true }, + "RegionStatus":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"String", + "documentation":"Status value for the region.
" + } + }, + "documentation":"Status information for a specific region.
" + }, + "RegionStatusMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"RegionStatus"} + }, "RejectGrantRequest":{ "type":"structure", "required":["GrantArn"], @@ -3808,11 +4684,22 @@ }, "ReportContext":{ "type":"structure", - "required":["licenseConfigurationArns"], "members":{ "licenseConfigurationArns":{ "shape":"ArnList", "documentation":"Amazon Resource Name (ARN) of the license configuration that this generator reports on.
" + }, + "licenseAssetGroupArns":{ + "shape":"ArnList", + "documentation":"Amazon Resource Names (ARNs) of the license asset groups to include in the report.
" + }, + "reportStartDate":{ + "shape":"DateTime", + "documentation":"Start date for the report data collection period.
" + }, + "reportEndDate":{ + "shape":"DateTime", + "documentation":"End date for the report data collection period.
" } }, "documentation":"Details of the license configuration that this generator reports on.
" @@ -3836,7 +4723,8 @@ "enum":[ "DAY", "WEEK", - "MONTH" + "MONTH", + "ONE_TIME" ] }, "ReportGenerator":{ @@ -3910,7 +4798,8 @@ "type":"string", "enum":[ "LicenseConfigurationSummaryReport", - "LicenseConfigurationUsageReport" + "LicenseConfigurationUsageReport", + "LicenseAssetGroupUsageReport" ] }, "ReportTypeList":{ @@ -3943,6 +4832,30 @@ "ResourceOwningAccountId":{ "shape":"String", "documentation":"ID of the account that owns the resource.
" + }, + "MarketplaceProductCodes":{ + "shape":"StringList", + "documentation":"List of Marketplace product codes associated with the resource.
" + }, + "UsageOperation":{ + "shape":"String", + "documentation":"Usage operation value that corresponds to the license type for billing purposes.
" + }, + "AmiId":{ + "shape":"String", + "documentation":"Amazon Machine Image (AMI) ID associated with the resource.
" + }, + "HostId":{ + "shape":"String", + "documentation":"Dedicated Host ID where the resource is running.
" + }, + "Region":{ + "shape":"String", + "documentation":"Region where the resource is located.
" + }, + "InstanceType":{ + "shape":"String", + "documentation":"EC2 instance type of the resource.
" } }, "documentation":"Details about a resource.
" @@ -3977,6 +4890,24 @@ "SYSTEMS_MANAGER_MANAGED_INSTANCE" ] }, + "RuleStatement":{ + "type":"structure", + "members":{ + "LicenseConfigurationRuleStatement":{ + "shape":"LicenseConfigurationRuleStatement", + "documentation":"License configuration rule statement.
" + }, + "LicenseRuleStatement":{ + "shape":"LicenseRuleStatement", + "documentation":"License rule statement.
" + }, + "InstanceRuleStatement":{ + "shape":"InstanceRuleStatement", + "documentation":"Instance rule statement.
" + } + }, + "documentation":"Rule statement.
" + }, "S3Location":{ "type":"structure", "members":{ @@ -3991,6 +4922,28 @@ }, "documentation":"Details of the S3 bucket that report generator reports are published to.
" }, + "ScriptRuleStatement":{ + "type":"structure", + "required":[ + "KeyToMatch", + "Script" + ], + "members":{ + "KeyToMatch":{ + "shape":"String", + "documentation":"Key name to match against in the script rule evaluation.
" + }, + "Script":{ + "shape":"String", + "documentation":"Script code used to evaluate the rule condition.
" + } + }, + "documentation":"Rule statement that uses a script to evaluate license asset conditions.
" + }, + "ScriptRuleStatementList":{ + "type":"list", + "member":{"shape":"ScriptRuleStatement"} + }, "ServerInternalException":{ "type":"structure", "members":{ @@ -4000,6 +4953,20 @@ "exception":true, "fault":true }, + "ServiceStatus":{ + "type":"structure", + "members":{ + "CrossAccountDiscovery":{ + "shape":"CrossAccountDiscoveryServiceStatus", + "documentation":"Status of cross-account discovery service.
" + }, + "CrossRegionDiscovery":{ + "shape":"CrossRegionDiscoveryStatus", + "documentation":"Status of cross-region discovery service.
" + } + }, + "documentation":"Overall service status information for License Manager.
" + }, "SignedToken":{ "type":"string", "min":4096 @@ -4133,6 +5100,105 @@ "type":"structure", "members":{} }, + "UpdateLicenseAssetGroupRequest":{ + "type":"structure", + "required":[ + "AssociatedLicenseAssetRulesetARNs", + "LicenseAssetGroupArn", + "ClientToken" + ], + "members":{ + "Name":{ + "shape":"LicenseAssetResourceName", + "documentation":"License asset group name.
" + }, + "Description":{ + "shape":"LicenseAssetResourceDescription", + "documentation":"License asset group description.
" + }, + "LicenseAssetGroupConfigurations":{ + "shape":"LicenseAssetGroupConfigurationList", + "documentation":"License asset group configurations.
" + }, + "AssociatedLicenseAssetRulesetARNs":{ + "shape":"LicenseAssetRulesetArnList", + "documentation":"ARNs of associated license asset rulesets.
" + }, + "Properties":{ + "shape":"LicenseAssetGroupPropertyList", + "documentation":"License asset group properties.
" + }, + "LicenseAssetGroupArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + }, + "Status":{ + "shape":"LicenseAssetGroupStatus", + "documentation":"License asset group status. The possible values are ACTIVE | DISABLED.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
" + } + } + }, + "UpdateLicenseAssetGroupResponse":{ + "type":"structure", + "required":[ + "LicenseAssetGroupArn", + "Status" + ], + "members":{ + "LicenseAssetGroupArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) of the license asset group.
" + }, + "Status":{ + "shape":"String", + "documentation":"License asset group status.
" + } + } + }, + "UpdateLicenseAssetRulesetRequest":{ + "type":"structure", + "required":[ + "Rules", + "LicenseAssetRulesetArn", + "ClientToken" + ], + "members":{ + "Name":{ + "shape":"LicenseAssetResourceName", + "documentation":"License asset ruleset name.
" + }, + "Description":{ + "shape":"LicenseAssetResourceDescription", + "documentation":"License asset ruleset description.
" + }, + "Rules":{ + "shape":"LicenseAssetRuleList", + "documentation":"License asset rules.
" + }, + "LicenseAssetRulesetArn":{ + "shape":"Arn", + "documentation":"Amazon Resource Name (ARN) of the license asset ruleset.
" + }, + "ClientToken":{ + "shape":"String", + "documentation":"Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
" + } + } + }, + "UpdateLicenseAssetRulesetResponse":{ + "type":"structure", + "required":["LicenseAssetRulesetArn"], + "members":{ + "LicenseAssetRulesetArn":{ + "shape":"String", + "documentation":"Amazon Resource Name (ARN) of the license asset ruleset.
" + } + } + }, "UpdateLicenseConfigurationRequest":{ "type":"structure", "required":["LicenseConfigurationArn"], @@ -4172,6 +5238,10 @@ "DisassociateWhenNotFound":{ "shape":"BoxBoolean", "documentation":"When true, disassociates a resource when software is uninstalled.
" + }, + "LicenseExpiry":{ + "shape":"BoxLong", + "documentation":"License configuration expiry time.
" } } }, @@ -4264,6 +5334,10 @@ "EnableCrossAccountsDiscovery":{ "shape":"BoxBoolean", "documentation":"Activates cross-account discovery.
" + }, + "EnabledDiscoverySourceRegions":{ + "shape":"StringList", + "documentation":"Cross region discovery enabled source regions.
" } } }, diff --git a/awscli/botocore/data/logs/2014-03-28/paginators-1.json b/awscli/botocore/data/logs/2014-03-28/paginators-1.json index 3f07c7255973..a181e273fca2 100644 --- a/awscli/botocore/data/logs/2014-03-28/paginators-1.json +++ b/awscli/botocore/data/logs/2014-03-28/paginators-1.json @@ -98,6 +98,18 @@ "limit_key": "maxResults", "output_token": "nextToken", "result_key": "logGroupIdentifiers" + }, + "GetScheduledQueryHistory": { + "input_token": "nextToken", + "limit_key": "maxResults", + "output_token": "nextToken", + "result_key": "triggerHistory" + }, + "ListScheduledQueries": { + "input_token": "nextToken", + "limit_key": "maxResults", + "output_token": "nextToken", + "result_key": "scheduledQueries" } } } diff --git a/awscli/botocore/data/logs/2014-03-28/paginators-1.sdk-extras.json b/awscli/botocore/data/logs/2014-03-28/paginators-1.sdk-extras.json new file mode 100644 index 000000000000..23b49664f94e --- /dev/null +++ b/awscli/botocore/data/logs/2014-03-28/paginators-1.sdk-extras.json @@ -0,0 +1,13 @@ +{ + "version": 1.0, + "merge": { + "pagination": { + "GetScheduledQueryHistory": { + "non_aggregate_keys": [ + "name", + "scheduledQueryArn" + ] + } + } + } +} \ No newline at end of file diff --git a/awscli/botocore/data/logs/2014-03-28/service-2.json b/awscli/botocore/data/logs/2014-03-28/service-2.json index 4af2382cb5e9..35d314884b3e 100644 --- a/awscli/botocore/data/logs/2014-03-28/service-2.json +++ b/awscli/botocore/data/logs/2014-03-28/service-2.json @@ -129,6 +129,25 @@ ], "documentation":"Creates a log stream for the specified log group. A log stream is a sequence of log events that originate from a single source, such as an application instance or a resource that is being monitored.
There is no limit on the number of log streams that you can create for a log group. There is a limit of 50 TPS on CreateLogStream operations, after which transactions are throttled.
You must use the following guidelines when naming a log stream:
Log stream names must be unique within the log group.
Log stream names can be between 1 and 512 characters long.
Don't use ':' (colon) or '*' (asterisk) characters.
Creates a new Scheduled Query that runs CloudWatch Logs Insights queries on a schedule and delivers results to specified destinations.
" + }, "DeleteAccountPolicy":{ "name":"DeleteAccountPolicy", "http":{ @@ -378,6 +397,23 @@ ], "documentation":"Deletes the specified retention policy.
Log events do not expire if they belong to log groups without a retention policy.
" }, + "DeleteScheduledQuery":{ + "name":"DeleteScheduledQuery", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteScheduledQueryRequest"}, + "output":{"shape":"DeleteScheduledQueryResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes an existing scheduled query and all its associated configurations. This operation permanently removes the scheduled query and cannot be undone.
" + }, "DeleteSubscriptionFilter":{ "name":"DeleteSubscriptionFilter", "http":{ @@ -876,6 +912,40 @@ ], "documentation":"Returns the results from the specified query.
Only the fields requested in the query are returned, along with a @ptr field, which is the identifier for the log record. You can use the value of @ptr in a GetLogRecord operation to get the full log record.
GetQueryResults does not start running a query. To run a query, use StartQuery. For more information about how long results of previous queries are available, see CloudWatch Logs quotas.
If the value of the Status field in the output is Running, this operation returns only partial results. If you see a value of Scheduled or Running for the status, you can retry the operation later to see the final results.
If you are using CloudWatch cross-account observability, you can use this operation in a monitoring account to start queries in linked source accounts. For more information, see CloudWatch cross-account observability.
" }, + "GetScheduledQuery":{ + "name":"GetScheduledQuery", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetScheduledQueryRequest"}, + "output":{"shape":"GetScheduledQueryResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Returns detailed information about a specified scheduled query, including its configuration, current state, and execution history.
" + }, + "GetScheduledQueryHistory":{ + "name":"GetScheduledQueryHistory", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetScheduledQueryHistoryRequest"}, + "output":{"shape":"GetScheduledQueryHistoryResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Retrieves the execution history of a scheduled query within a specified time range, including execution status and destination processing metadata.
" + }, "GetTransformer":{ "name":"GetTransformer", "http":{ @@ -968,6 +1038,22 @@ ], "documentation":"Returns a list of the log groups that were analyzed during a single CloudWatch Logs Insights query. This can be useful for queries that use log group name prefixes or the filterIndex command, because the log groups are dynamically selected in these cases.
For more information about field indexes, see Create field indexes to improve query performance and reduce costs.
" }, + "ListScheduledQueries":{ + "name":"ListScheduledQueries", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListScheduledQueriesRequest"}, + "output":{"shape":"ListScheduledQueriesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists all scheduled queries in the current AWS account and region with optional filtering by state.
" + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -1013,7 +1099,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"Creates an account-level data protection policy, subscription filter policy, field index policy, transformer policy, or metric extraction policy that applies to all log groups or a subset of log groups in the account.
To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are creating.
To create a data protection policy, you must have the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.
To create a subscription filter policy, you must have the logs:PutSubscriptionFilter and logs:PutAccountPolicy permissions.
To create a transformer policy, you must have the logs:PutTransformer and logs:PutAccountPolicy permissions.
To create a field index policy, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.
To create a metric extraction policy, you must have the logs:PutMetricExtractionPolicy and logs:PutAccountPolicy permissions.
Data protection policy
A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.
If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.
For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.
The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
Subscription filter policy
A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
The following destinations are supported for subscription filters:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.
Transformer policy
Creates or updates a log transformer policy for your account. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.
You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.
A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use.
Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.
You can create transformers only for the log groups in the Standard log class.
You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.
CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:
@aws.region
@aws.account
@source.log
traceId
Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.
You can also set up a transformer at the log-group level. For more information, see PutTransformer. If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.
Field index policy
You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes can help lower the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs
To find the fields that are in your log group events, use the GetLogGroupFields operation.
For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId in [value, value, ...] will attempt to process only the log events where the indexed field matches the specified value.
Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing requestId.
You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.
If you create an account-level field index policy in a monitoring account in cross-account observability, the policy is applied only to the monitoring account and not to any source accounts.
If you want to create a field index policy for a single log group, you can use PutIndexPolicy instead of PutAccountPolicy. If you do so, that log group will use only that log-group level policy, and will ignore the account-level policy that you create with PutAccountPolicy.
Metric extraction policy
A metric extraction policy controls whether CloudWatch Metrics can be created through the Embedded Metrics Format (EMF) for log groups in your account. By default, EMF metric creation is enabled for all log groups. You can use metric extraction policies to disable EMF metric creation for your entire account or specific log groups.
When a policy disables EMF metric creation for a log group, log events in the EMF format are still ingested, but no CloudWatch Metrics are created from them.
Creating a policy disables metrics for AWS features that use EMF to create metrics, such as CloudWatch Container Insights and CloudWatch Application Signals. To prevent turning off those features by accident, we recommend that you exclude the underlying log-groups through a selection-criteria such as LogGroupNamePrefix NOT IN [\"/aws/containerinsights\", \"/aws/ecs/containerinsights\", \"/aws/application-signals/data\"].
Each account can have either one account-level metric extraction policy that applies to all log groups, or up to 5 policies that are each scoped to a subset of log groups with the selectionCriteria parameter. The selection criteria supports filtering by LogGroupName and LogGroupNamePrefix using the operators IN and NOT IN. You can specify up to 50 values in each IN or NOT IN list.
The selection criteria can be specified in these formats:
LogGroupName IN [\"log-group-1\", \"log-group-2\"]
LogGroupNamePrefix NOT IN [\"/aws/prefix1\", \"/aws/prefix2\"]
If you have multiple account-level metric extraction policies with selection criteria, no two of them can have overlapping criteria. For example, if you have one policy with selection criteria LogGroupNamePrefix IN [\"my-log\"], you can't have another metric extraction policy with selection criteria LogGroupNamePrefix IN [\"/my-log-prod\"] or LogGroupNamePrefix IN [\"/my-logging\"], as the set of log groups matching these prefixes would be a subset of the log groups matching the first policy's prefix, creating an overlap.
When using NOT IN, only one policy with this operator is allowed per account.
When combining policies with IN and NOT IN operators, the overlap check ensures that policies don't have conflicting effects. Two policies with IN and NOT IN operators do not overlap if and only if every value in the IN policy is completely contained within some value in the NOT IN policy. For example:
If you have a NOT IN policy for prefix \"/aws/lambda\", you can create an IN policy for the exact log group name \"/aws/lambda/function1\" because the set of log groups matching \"/aws/lambda/function1\" is a subset of the log groups matching \"/aws/lambda\".
If you have a NOT IN policy for prefix \"/aws/lambda\", you cannot create an IN policy for prefix \"/aws\" because the set of log groups matching \"/aws\" is not a subset of the log groups matching \"/aws/lambda\".
Creates an account-level data protection policy, subscription filter policy, field index policy, transformer policy, or metric extraction policy that applies to all log groups or a subset of log groups in the account.
To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are creating.
To create a data protection policy, you must have the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.
To create a subscription filter policy, you must have the logs:PutSubscriptionFilter and logs:PutAccountPolicy permissions.
To create a transformer policy, you must have the logs:PutTransformer and logs:PutAccountPolicy permissions.
To create a field index policy, you must have the logs:PutIndexPolicy and logs:PutAccountPolicy permissions.
To create a metric extraction policy, you must have the logs:PutMetricExtractionPolicy and logs:PutAccountPolicy permissions.
Data protection policy
A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.
Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.
If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.
By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.
For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.
To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.
The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.
Subscription filter policy
A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.
The following destinations are supported for subscription filters:
An Kinesis Data Streams data stream in the same account as the subscription policy, for same-account delivery.
An Firehose data stream in the same account as the subscription policy, for same-account delivery.
A Lambda function in the same account as the subscription policy, for same-account delivery.
A logical destination in a different account created with PutDestination, for cross-account delivery. Kinesis Data Streams and Firehose are supported as logical destinations.
Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.
Transformer policy
Creates or updates a log transformer policy for your account. You use log transformers to transform log events into a different format, making them easier for you to process and analyze. You can also transform logs from different sources into standardized formats that contain relevant, source-specific information. After you have created a transformer, CloudWatch Logs performs this transformation at the time of log ingestion. You can then refer to the transformed versions of the logs during operations such as querying with CloudWatch Logs Insights or creating metric filters or subscription filters.
You can also use a transformer to copy metadata from metadata keys into the log events themselves. This metadata can include log group name, log stream name, account ID and Region.
A transformer for a log group is a series of processors, where each processor applies one type of transformation to the log events ingested into this log group. For more information about the available processors to use in a transformer, see Processors that you can use.
Having log events in standardized format enables visibility across your applications for your log analysis, reporting, and alarming needs. CloudWatch Logs provides transformation for common log types with out-of-the-box transformation templates for major Amazon Web Services log sources such as VPC flow logs, Lambda, and Amazon RDS. You can use pre-built transformation templates or create custom transformation policies.
You can create transformers only for the log groups in the Standard log class.
You can have one account-level transformer policy that applies to all log groups in the account. Or you can create as many as 20 account-level transformer policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level transformer policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.
CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:
@logStream
@aws.region
@aws.account
@source.log
traceId
Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.
You can also set up a transformer at the log-group level. For more information, see PutTransformer. If there is both a log-group level transformer created with PutTransformer and an account-level transformer that could apply to the same log group, the log group uses only the log-group level transformer. It ignores the account-level transformer.
Field index policy
You can use field index policies to create indexes on fields found in log events in the log group. Creating field indexes can help lower the scan volume for CloudWatch Logs Insights queries that reference those fields, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, user IDs, or instance IDs. For more information, see Create field indexes to improve query performance and reduce costs
To find the fields that are in your log group events, use the GetLogGroupFields operation.
For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId in [value, value, ...] will attempt to process only the log events where the indexed field matches the specified value.
Matches of log events to the names of indexed fields are case-sensitive. For example, an indexed field of RequestId won't match a log event containing requestId.
You can have one account-level field index policy that applies to all log groups in the account. Or you can create as many as 20 account-level field index policies that are each scoped to a subset of log groups with the selectionCriteria parameter. If you have multiple account-level index policies with selection criteria, no two of them can use the same or overlapping log group name prefixes. For example, if you have one policy filtered to log groups that start with my-log, you can't have another field index policy filtered to my-logpprod or my-logging.
If you create an account-level field index policy in a monitoring account in cross-account observability, the policy is applied only to the monitoring account and not to any source accounts.
If you want to create a field index policy for a single log group, you can use PutIndexPolicy instead of PutAccountPolicy. If you do so, that log group will use only that log-group level policy, and will ignore the account-level policy that you create with PutAccountPolicy.
Metric extraction policy
A metric extraction policy controls whether CloudWatch Metrics can be created through the Embedded Metrics Format (EMF) for log groups in your account. By default, EMF metric creation is enabled for all log groups. You can use metric extraction policies to disable EMF metric creation for your entire account or specific log groups.
When a policy disables EMF metric creation for a log group, log events in the EMF format are still ingested, but no CloudWatch Metrics are created from them.
Creating a policy disables metrics for AWS features that use EMF to create metrics, such as CloudWatch Container Insights and CloudWatch Application Signals. To prevent turning off those features by accident, we recommend that you exclude the underlying log-groups through a selection-criteria such as LogGroupNamePrefix NOT IN [\"/aws/containerinsights\", \"/aws/ecs/containerinsights\", \"/aws/application-signals/data\"].
Each account can have either one account-level metric extraction policy that applies to all log groups, or up to 5 policies that are each scoped to a subset of log groups with the selectionCriteria parameter. The selection criteria supports filtering by LogGroupName and LogGroupNamePrefix using the operators IN and NOT IN. You can specify up to 50 values in each IN or NOT IN list.
The selection criteria can be specified in these formats:
LogGroupName IN [\"log-group-1\", \"log-group-2\"]
LogGroupNamePrefix NOT IN [\"/aws/prefix1\", \"/aws/prefix2\"]
If you have multiple account-level metric extraction policies with selection criteria, no two of them can have overlapping criteria. For example, if you have one policy with selection criteria LogGroupNamePrefix IN [\"my-log\"], you can't have another metric extraction policy with selection criteria LogGroupNamePrefix IN [\"/my-log-prod\"] or LogGroupNamePrefix IN [\"/my-logging\"], as the set of log groups matching these prefixes would be a subset of the log groups matching the first policy's prefix, creating an overlap.
When using NOT IN, only one policy with this operator is allowed per account.
When combining policies with IN and NOT IN operators, the overlap check ensures that policies don't have conflicting effects. Two policies with IN and NOT IN operators do not overlap if and only if every value in the IN policy is completely contained within some value in the NOT IN policy. For example:
If you have a NOT IN policy for prefix \"/aws/lambda\", you can create an IN policy for the exact log group name \"/aws/lambda/function1\" because the set of log groups matching \"/aws/lambda/function1\" is a subset of the log groups matching \"/aws/lambda\".
If you have a NOT IN policy for prefix \"/aws/lambda\", you cannot create an IN policy for prefix \"/aws\" because the set of log groups matching \"/aws\" is not a subset of the log groups matching \"/aws/lambda\".
Creates or updates a field index policy for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see Log classes.
You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes speeds up and lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see Create field indexes to improve query performance and reduce costs.
To find the fields that are in your log group events, use the GetLogGroupFields operation.
For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId IN [value, value, ...] will process fewer log events to reduce costs, and have improved performance.
CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:
@aws.region
@aws.account
@source.log
traceId
Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.
Each index policy has the following quotas and restrictions:
As many as 20 fields can be included in the policy.
Each field name can include as many as 100 characters.
Matches of log events to the names of indexed fields are case-sensitive. For example, a field index of RequestId won't match a log event containing requestId.
Log group-level field index policies created with PutIndexPolicy override account-level field index policies created with PutAccountPolicy. If you use PutIndexPolicy to create a field index policy for a log group, that log group uses only that policy. The log group ignores any account-wide field index policy that you might have created.
Creates or updates a field index policy for the specified log group. Only log groups in the Standard log class support field index policies. For more information about log classes, see Log classes.
You can use field index policies to create field indexes on fields found in log events in the log group. Creating field indexes speeds up and lowers the costs for CloudWatch Logs Insights queries that reference those field indexes, because these queries attempt to skip the processing of log events that are known to not match the indexed field. Good fields to index are fields that you often need to query for and fields or values that match only a small fraction of the total log events. Common examples of indexes include request ID, session ID, userID, and instance IDs. For more information, see Create field indexes to improve query performance and reduce costs.
To find the fields that are in your log group events, use the GetLogGroupFields operation.
For example, suppose you have created a field index for requestId. Then, any CloudWatch Logs Insights query on that log group that includes requestId = value or requestId IN [value, value, ...] will process fewer log events to reduce costs, and have improved performance.
CloudWatch Logs provides default field indexes for all log groups in the Standard log class. Default field indexes are automatically available for the following fields:
@logStream
@aws.region
@aws.account
@source.log
traceId
Default field indexes are in addition to any custom field indexes you define within your policy. Default field indexes are not counted towards your field index quota.
Each index policy has the following quotas and restrictions:
As many as 20 fields can be included in the policy.
Each field name can include as many as 100 characters.
Matches of log events to the names of indexed fields are case-sensitive. For example, a field index of RequestId won't match a log event containing requestId.
Log group-level field index policies created with PutIndexPolicy override account-level field index policies created with PutAccountPolicy. If you use PutIndexPolicy to create a field index policy for a log group, that log group uses only that policy. The log group ignores any account-wide field index policy that you might have created.
Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. An account can have up to 10 resource policies per Amazon Web Services Region.
" + "documentation":"Creates or updates a resource policy allowing other Amazon Web Services services to put log events to this account, such as Amazon Route 53. This API has the following restrictions:
Supported actions - Policy only supports logs:PutLogEvents and logs:CreateLogStream actions
Supported principals - Policy only applies when operations are invoked by Amazon Web Services service principals (not IAM users, roles, or cross-account principals
Policy limits - An account can have a maximum of 10 policies without resourceARN and one per LogGroup resourceARN
Resource policies with actions invoked by non-Amazon Web Services service principals (such as IAM users, roles, or other Amazon Web Services accounts) will not be enforced. For access control involving these principals, use the IAM policies.
Updates an existing log anomaly detector.
" + }, + "UpdateScheduledQuery":{ + "name":"UpdateScheduledQuery", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateScheduledQueryRequest"}, + "output":{"shape":"UpdateScheduledQueryResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Updates the configuration of an existing scheduled query. This operation follows PUT semantics, replacing the existing configuration with the provided values.
" } }, "shapes":{ @@ -1511,6 +1614,15 @@ "documentation":"A structure that contains information about one CloudWatch Logs account policy.
" }, "AccountPolicyDocument":{"type":"string"}, + "ActionStatus":{ + "type":"string", + "enum":[ + "IN_PROGRESS", + "CLIENT_ERROR", + "FAILED", + "COMPLETE" + ] + }, "AddKeyEntries":{ "type":"list", "member":{"shape":"AddKeyEntry"}, @@ -2105,6 +2217,87 @@ } } }, + "CreateScheduledQueryRequest":{ + "type":"structure", + "required":[ + "name", + "queryLanguage", + "queryString", + "scheduleExpression", + "executionRoleArn" + ], + "members":{ + "name":{ + "shape":"ScheduledQueryName", + "documentation":"A unique name for the scheduled query within the region for an AWS account. The name can contain letters, numbers, underscores, hyphens, forward slashes, periods, and hash symbols.
" + }, + "description":{ + "shape":"ScheduledQueryDescription", + "documentation":"An optional description for the scheduled query to help identify its purpose.
" + }, + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language to use for the scheduled query. Valid values are LogsQL (CloudWatch Logs Insights query language), PPL (OpenSearch Service Piped Processing Language), and SQL (OpenSearch Service Structured Query Language).
" + }, + "queryString":{ + "shape":"QueryString", + "documentation":"The CloudWatch Logs Insights query string to execute. This is the actual query that will be run against your log data on the specified schedule.
" + }, + "logGroupIdentifiers":{ + "shape":"ScheduledQueryLogGroupIdentifiers", + "documentation":"The log group identifiers to query. You can specify log group names or log group ARNs. If querying log groups in a source account from a monitoring account, you must specify the ARN of the log group.
" + }, + "scheduleExpression":{ + "shape":"ScheduleExpression", + "documentation":"A cron expression that defines when the scheduled query runs. The format is cron(fields) where fields consist of six space-separated values: minutes, hours, day_of_month, month, day_of_week, year.
" + }, + "timezone":{ + "shape":"ScheduleTimezone", + "documentation":"The timezone in which the schedule expression is evaluated. If not provided, defaults to UTC.
" + }, + "startTimeOffset":{ + "shape":"StartTimeOffset", + "documentation":"Time offset in seconds from the execution time for the start of the query time range. This defines the lookback period for the query (for example, 3600 for the last hour).
" + }, + "destinationConfiguration":{ + "shape":"DestinationConfiguration", + "documentation":"Configuration for destinations where the query results will be delivered after successful execution. You can configure delivery to S3 buckets or EventBridge event buses.
" + }, + "scheduleStartTime":{ + "shape":"Timestamp", + "documentation":"The start time for the query schedule in Unix epoch time (seconds since January 1, 1970, 00:00:00 UTC). If not specified, the schedule starts immediately.
" + }, + "scheduleEndTime":{ + "shape":"Timestamp", + "documentation":"The end time for the query schedule in Unix epoch time (seconds since January 1, 1970, 00:00:00 UTC). If not specified, the schedule runs indefinitely.
" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM role that CloudWatch Logs will assume to execute the scheduled query and deliver results to the specified destinations.
" + }, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"The initial state of the scheduled query. Valid values are ENABLED (the query will run according to its schedule) and DISABLED (the query is paused and will not run). If not provided, defaults to ENABLED.
" + }, + "tags":{ + "shape":"Tags", + "documentation":"An optional list of key-value pairs to associate with the resource.
For more information about tagging, see Tagging Amazon Web Services resources
" + } + } + }, + "CreateScheduledQueryResponse":{ + "type":"structure", + "members":{ + "scheduledQueryArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the created scheduled query.
" + }, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"The current state of the scheduled query (ENABLED or DISABLED).
" + } + } + }, "DashboardViewerPrincipals":{ "type":"list", "member":{"shape":"Arn"} @@ -2392,6 +2585,20 @@ } } }, + "DeleteScheduledQueryRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"ScheduledQueryIdentifier", + "documentation":"The name or ARN of the scheduled query to delete.
" + } + } + }, + "DeleteScheduledQueryResponse":{ + "type":"structure", + "members":{} + }, "DeleteSubscriptionFilterRequest":{ "type":"structure", "required":[ @@ -3145,6 +3352,17 @@ "type":"string", "min":1 }, + "DestinationConfiguration":{ + "type":"structure", + "required":["s3Configuration"], + "members":{ + "s3Configuration":{ + "shape":"S3Configuration", + "documentation":"Configuration for delivering query results to an Amazon S3 bucket.
" + } + }, + "documentation":"Configuration for destinations where scheduled query results are delivered, such as S3 buckets or EventBridge event buses.
" + }, "DestinationField":{ "type":"string", "max":128, @@ -3313,6 +3531,20 @@ "max":10000, "min":1 }, + "ExecutionStatus":{ + "type":"string", + "enum":[ + "Running", + "InvalidQuery", + "Complete", + "Failed", + "Timeout" + ] + }, + "ExecutionStatusList":{ + "type":"list", + "member":{"shape":"ExecutionStatus"} + }, "ExpectedRevisionId":{ "type":"string", "min":1 @@ -3975,6 +4207,147 @@ } } }, + "GetScheduledQueryHistoryMaxResults":{ + "type":"integer", + "max":1000, + "min":1 + }, + "GetScheduledQueryHistoryRequest":{ + "type":"structure", + "required":[ + "identifier", + "startTime", + "endTime" + ], + "members":{ + "identifier":{ + "shape":"ScheduledQueryIdentifier", + "documentation":"The name or ARN of the scheduled query to retrieve history for.
" + }, + "startTime":{ + "shape":"Timestamp", + "documentation":"The start time for the history retrieval window in Unix epoch time.
" + }, + "endTime":{ + "shape":"Timestamp", + "documentation":"The end time for the history retrieval window in Unix epoch time.
" + }, + "executionStatuses":{ + "shape":"ExecutionStatusList", + "documentation":"Filter results by execution status (Running, Complete, Failed, Timeout, or InvalidQuery).
" + }, + "maxResults":{ + "shape":"GetScheduledQueryHistoryMaxResults", + "documentation":"The maximum number of history records to return in a single call.
" + }, + "nextToken":{"shape":"NextToken"} + } + }, + "GetScheduledQueryHistoryResponse":{ + "type":"structure", + "members":{ + "name":{ + "shape":"ScheduledQueryName", + "documentation":"The name of the scheduled query.
" + }, + "scheduledQueryArn":{ + "shape":"Arn", + "documentation":"The ARN of the scheduled query.
" + }, + "triggerHistory":{ + "shape":"TriggerHistoryRecordList", + "documentation":"The list of execution history records for the scheduled query.
" + }, + "nextToken":{"shape":"NextToken"} + } + }, + "GetScheduledQueryRequest":{ + "type":"structure", + "required":["identifier"], + "members":{ + "identifier":{ + "shape":"ScheduledQueryIdentifier", + "documentation":"The name or ARN of the scheduled query to retrieve.
" + } + } + }, + "GetScheduledQueryResponse":{ + "type":"structure", + "members":{ + "scheduledQueryArn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the scheduled query.
" + }, + "name":{ + "shape":"ScheduledQueryName", + "documentation":"The name of the scheduled query.
" + }, + "description":{ + "shape":"ScheduledQueryDescription", + "documentation":"The description of the scheduled query.
" + }, + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language used by the scheduled query (LogsQL, PPL, or SQL).
" + }, + "queryString":{ + "shape":"QueryString", + "documentation":"The CloudWatch Logs Insights query string being executed.
" + }, + "logGroupIdentifiers":{ + "shape":"ScheduledQueryLogGroupIdentifiers", + "documentation":"The log group identifiers being queried by the scheduled query.
" + }, + "scheduleExpression":{ + "shape":"ScheduleExpression", + "documentation":"The cron expression that defines when the scheduled query runs.
" + }, + "timezone":{ + "shape":"ScheduleTimezone", + "documentation":"The timezone in which the schedule expression is evaluated.
" + }, + "startTimeOffset":{ + "shape":"StartTimeOffset", + "documentation":"Time offset in seconds from the execution time for the start of the query time range.
" + }, + "destinationConfiguration":{ + "shape":"DestinationConfiguration", + "documentation":"Configuration for destinations where the query results are delivered.
" + }, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"The current state of the scheduled query (ENABLED or DISABLED).
" + }, + "lastTriggeredTime":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was last executed, in Unix epoch time.
" + }, + "lastExecutionStatus":{ + "shape":"ExecutionStatus", + "documentation":"The status of the last executed query (Running, Complete, Failed, Timeout, or InvalidQuery).
" + }, + "scheduleStartTime":{ + "shape":"Timestamp", + "documentation":"The start time for the query schedule in Unix epoch time.
" + }, + "scheduleEndTime":{ + "shape":"Timestamp", + "documentation":"The end time for the query schedule in Unix epoch time.
" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"The ARN of the IAM role used to execute the scheduled query.
" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was created, in Unix epoch time.
" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was last updated, in Unix epoch time.
" + } + } + }, "GetTransformerRequest":{ "type":"structure", "required":["logGroupIdentifier"], @@ -4174,6 +4547,13 @@ "enum":["OPENSEARCH"] }, "Interleaved":{"type":"boolean"}, + "InternalServerException":{ + "type":"structure", + "members":{}, + "documentation":"An internal server error occurred while processing the request. This is typically a temporary issue and the request can be retried.
", + "exception":true, + "fault":true + }, "InternalStreamingException":{ "type":"structure", "members":{ @@ -4387,6 +4767,35 @@ "nextToken":{"shape":"NextToken"} } }, + "ListScheduledQueriesMaxResults":{ + "type":"integer", + "max":1000, + "min":1 + }, + "ListScheduledQueriesRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"ListScheduledQueriesMaxResults", + "documentation":"The maximum number of scheduled queries to return in a single call.
" + }, + "nextToken":{"shape":"NextToken"}, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"Filter results by the state of scheduled queries (ENABLED or DISABLED).
" + } + } + }, + "ListScheduledQueriesResponse":{ + "type":"structure", + "members":{ + "nextToken":{"shape":"NextToken"}, + "scheduledQueries":{ + "shape":"ScheduledQuerySummaryList", + "documentation":"The list of scheduled queries with summary information.
" + } + } + }, "ListTagsForResourceRequest":{ "type":"structure", "required":["resourceArn"], @@ -4812,6 +5221,12 @@ "documentation":"The query string is not valid. Details about this error are displayed in a QueryCompileError object. For more information, see QueryCompileError.
For more information about valid query syntax, see CloudWatch Logs Insights Query Syntax.
", "exception":true }, + "MappingVersion":{ + "type":"string", + "max":10, + "min":1, + "pattern":"^\\d+\\.\\d+(\\.\\d+)?$" + }, "MatchPattern":{ "type":"string", "min":1 @@ -4992,7 +5407,10 @@ }, "OCSFVersion":{ "type":"string", - "enum":["V1.1"] + "enum":[ + "V1.1", + "V1.5" + ] }, "OpenSearchApplication":{ "type":"structure", @@ -5391,9 +5809,13 @@ "ocsfVersion":{ "shape":"OCSFVersion", "documentation":"Specify which version of the OCSF schema to use for the transformed log events.
" + }, + "mappingVersion":{ + "shape":"MappingVersion", + "documentation":"Identifies the specific release of the Open Cybersecurity Schema Framework (OCSF) transformer being used to parse OCSF data. Defaults to the latest version if not specified. Does not automatically update.
" } }, - "documentation":"This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.
For more information about this processor including examples, see parseToOSCF in the CloudWatch Logs User Guide.
" + "documentation":"This processor converts logs into Open Cybersecurity Schema Framework (OCSF) events.
For more information about this processor including examples, see parseToOCSF in the CloudWatch Logs User Guide.
" }, "ParseVPC":{ "type":"structure", @@ -5761,7 +6183,7 @@ }, "logType":{ "shape":"LogType", - "documentation":"Defines the type of log that the source is sending.
For Amazon Bedrock, the valid value is APPLICATION_LOGS and TRACES.
For CloudFront, the valid value is ACCESS_LOGS.
For Amazon CodeWhisperer, the valid value is EVENT_LOGS.
For Elemental MediaPackage, the valid values are EGRESS_ACCESS_LOGS and INGRESS_ACCESS_LOGS.
For Elemental MediaTailor, the valid values are AD_DECISION_SERVER_LOGS, MANIFEST_SERVICE_LOGS, and TRANSCODE_LOGS.
For Entity Resolution, the valid value is WORKFLOW_LOGS.
For IAM Identity Center, the valid value is ERROR_LOGS.
For PCS, the valid values are PCS_SCHEDULER_LOGS and PCS_JOBCOMP_LOGS.
For Amazon Q, the valid value is EVENT_LOGS.
For Amazon SES mail manager, the valid values are APPLICATION_LOG and TRAFFIC_POLICY_DEBUG_LOGS.
For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, and WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS.
For Amazon VPC Route Server, the valid value is EVENT_LOGS.
Defines the type of log that the source is sending.
For Amazon Bedrock Agents, the valid values are APPLICATION_LOGS and EVENT_LOGS.
For Amazon Bedrock Knowledge Bases, the valid value is APPLICATION_LOGS.
For Amazon Bedrock AgentCore Runtime, the valid values are APPLICATION_LOGS, USAGE_LOGS and TRACES.
For Amazon Bedrock AgentCore Tools, the valid values are APPLICATION_LOGS, USAGE_LOGS and TRACES.
For Amazon Bedrock AgentCore Identity, the valid values are APPLICATION_LOGS and TRACES.
For Amazon Bedrock AgentCore Gateway, the valid values are APPLICATION_LOGS and TRACES.
For CloudFront, the valid value is ACCESS_LOGS.
For Amazon CodeWhisperer, the valid value is EVENT_LOGS.
For Elemental MediaPackage, the valid values are EGRESS_ACCESS_LOGS and INGRESS_ACCESS_LOGS.
For Elemental MediaTailor, the valid values are AD_DECISION_SERVER_LOGS, MANIFEST_SERVICE_LOGS, and TRANSCODE_LOGS.
For Entity Resolution, the valid value is WORKFLOW_LOGS.
For IAM Identity Center, the valid value is ERROR_LOGS.
For Network Load Balancer, the valid value is NLB_ACCESS_LOGS.
For PCS, the valid values are PCS_SCHEDULER_LOGS and PCS_JOBCOMP_LOGS.
For Amazon Web Services RTB Fabric, the valid values is APPLICATION_LOGS.
For Amazon Q, the valid values are EVENT_LOGS and SYNC_JOB_LOGS.
For Amazon SES mail manager, the valid values are APPLICATION_LOGS and TRAFFIC_POLICY_DEBUG_LOGS.
For Amazon WorkMail, the valid values are ACCESS_CONTROL_LOGS, AUTHENTICATION_LOGS, WORKMAIL_AVAILABILITY_PROVIDER_LOGS, WORKMAIL_MAILBOX_ACCESS_LOGS, and WORKMAIL_PERSONAL_ACCESS_TOKEN_LOGS.
For Amazon VPC Route Server, the valid value is EVENT_LOGS.
The S3 URI where query results will be stored (e.g., s3://bucket-name/prefix/).
" + }, + "roleArn":{ + "shape":"RoleArn", + "documentation":"The ARN of the IAM role that CloudWatch Logs will assume to write results to the S3 bucket.
" + } + }, + "documentation":"Configuration details for delivering scheduled query results to an Amazon S3 bucket.
" + }, "S3DeliveryConfiguration":{ "type":"structure", "members":{ @@ -6531,6 +6971,130 @@ }, "documentation":"This structure contains delivery configurations that apply only when the delivery destination resource is an S3 bucket.
" }, + "S3Uri":{ + "type":"string", + "max":1024, + "pattern":"s3://[a-z0-9][\\.\\-a-z0-9]{1,61}[a-z0-9](/.*)?" + }, + "ScheduleExpression":{ + "type":"string", + "max":256 + }, + "ScheduleTimezone":{ + "type":"string", + "min":1 + }, + "ScheduledQueryDescription":{ + "type":"string", + "max":1024 + }, + "ScheduledQueryDestination":{ + "type":"structure", + "members":{ + "destinationType":{ + "shape":"ScheduledQueryDestinationType", + "documentation":"The type of destination (S3).
" + }, + "destinationIdentifier":{ + "shape":"String", + "documentation":"The destination identifier (S3 URI).
" + }, + "status":{ + "shape":"ActionStatus", + "documentation":"The processing status for this destination (IN_PROGRESS, ERROR, FAILED, or COMPLETE).
" + }, + "processedIdentifier":{ + "shape":"String", + "documentation":"The processed identifier returned for the destination (S3 key).
" + }, + "errorMessage":{ + "shape":"String", + "documentation":"Error message if the destination processing failed.
" + } + }, + "documentation":"Information about a destination where scheduled query results are processed and delivered.
" + }, + "ScheduledQueryDestinationList":{ + "type":"list", + "member":{"shape":"ScheduledQueryDestination"} + }, + "ScheduledQueryDestinationType":{ + "type":"string", + "enum":["S3"] + }, + "ScheduledQueryIdentifier":{ + "type":"string", + "pattern":"[\\w#+=/:,.@-]*" + }, + "ScheduledQueryLogGroupIdentifiers":{ + "type":"list", + "member":{"shape":"LogGroupIdentifier"}, + "max":50, + "min":1 + }, + "ScheduledQueryName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"^[a-zA-Z0-9_\\-/.#]+$" + }, + "ScheduledQueryState":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "ScheduledQuerySummary":{ + "type":"structure", + "members":{ + "scheduledQueryArn":{ + "shape":"Arn", + "documentation":"The ARN of the scheduled query.
" + }, + "name":{ + "shape":"ScheduledQueryName", + "documentation":"The name of the scheduled query.
" + }, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"The current state of the scheduled query (ENABLED or DISABLED).
" + }, + "lastTriggeredTime":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was last executed.
" + }, + "lastExecutionStatus":{ + "shape":"ExecutionStatus", + "documentation":"The status of the last execution (Running, Complete, Failed, Timeout, or InvalidQuery).
" + }, + "scheduleExpression":{ + "shape":"ScheduleExpression", + "documentation":"The cron expression that defines when the scheduled query runs.
" + }, + "timezone":{ + "shape":"ScheduleTimezone", + "documentation":"The timezone in which the schedule expression is evaluated.
" + }, + "destinationConfiguration":{ + "shape":"DestinationConfiguration", + "documentation":"Configuration for destinations where the query results are delivered.
" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was created.
" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was last updated.
" + } + }, + "documentation":"Summary information about a scheduled query, used in list operations.
" + }, + "ScheduledQuerySummaryList":{ + "type":"list", + "member":{"shape":"ScheduledQuerySummary"} + }, "Scope":{ "type":"string", "enum":["ALL"] @@ -6791,6 +7355,7 @@ } } }, + "StartTimeOffset":{"type":"long"}, "State":{ "type":"string", "enum":[ @@ -6823,6 +7388,7 @@ "type":"long", "min":0 }, + "String":{"type":"string"}, "SubscriptionFilter":{ "type":"structure", "members":{ @@ -7146,6 +7712,36 @@ "type":"list", "member":{"shape":"TransformedLogRecord"} }, + "TriggerHistoryRecord":{ + "type":"structure", + "members":{ + "queryId":{ + "shape":"QueryId", + "documentation":"The unique identifier for the query execution.
" + }, + "executionStatus":{ + "shape":"ExecutionStatus", + "documentation":"The status of the query execution (Running, Complete, Failed, Timeout, or InvalidQuery).
" + }, + "triggeredTimestamp":{ + "shape":"Timestamp", + "documentation":"The time when the scheduled query was triggered, in Unix epoch time.
" + }, + "errorMessage":{ + "shape":"String", + "documentation":"The error message if the scheduled query execution failed. This field is only populated when the execution status indicates a failure.
" + }, + "destinations":{ + "shape":"ScheduledQueryDestinationList", + "documentation":"The list of destinations where the scheduled query results were delivered for this execution. This includes S3 buckets configured for the scheduled query.
" + } + }, + "documentation":"A record of a scheduled query execution, including its status and destination processing information.
" + }, + "TriggerHistoryRecordList":{ + "type":"list", + "member":{"shape":"TriggerHistoryRecord"} + }, "TrimString":{ "type":"structure", "required":["withKeys"], @@ -7332,6 +7928,147 @@ } } }, + "UpdateScheduledQueryRequest":{ + "type":"structure", + "required":[ + "identifier", + "queryLanguage", + "queryString", + "scheduleExpression", + "executionRoleArn" + ], + "members":{ + "identifier":{ + "shape":"ScheduledQueryIdentifier", + "documentation":"The name or ARN of the scheduled query to update.
" + }, + "description":{ + "shape":"ScheduledQueryDescription", + "documentation":"Updated description for the scheduled query.
" + }, + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"Updated query language to use (LogsQL, PPL, or SQL).
" + }, + "queryString":{ + "shape":"QueryString", + "documentation":"Updated CloudWatch Logs Insights query string to execute.
" + }, + "logGroupIdentifiers":{ + "shape":"ScheduledQueryLogGroupIdentifiers", + "documentation":"Updated log group identifiers to query.
" + }, + "scheduleExpression":{ + "shape":"ScheduleExpression", + "documentation":"Updated cron expression that defines when the scheduled query runs.
" + }, + "timezone":{ + "shape":"ScheduleTimezone", + "documentation":"Updated timezone in which the schedule expression is evaluated.
" + }, + "startTimeOffset":{ + "shape":"StartTimeOffset", + "documentation":"Updated time offset in seconds from the execution time for the start of the query time range.
" + }, + "destinationConfiguration":{ + "shape":"DestinationConfiguration", + "documentation":"Updated configuration for destinations where the query results will be delivered.
" + }, + "scheduleStartTime":{ + "shape":"Timestamp", + "documentation":"Updated start time for the query schedule in Unix epoch time.
" + }, + "scheduleEndTime":{ + "shape":"Timestamp", + "documentation":"Updated end time for the query schedule in Unix epoch time.
" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"Updated ARN of the IAM role that CloudWatch Logs will assume to execute the scheduled query.
" + }, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"Updated state of the scheduled query (ENABLED or DISABLED).
" + } + } + }, + "UpdateScheduledQueryResponse":{ + "type":"structure", + "members":{ + "scheduledQueryArn":{ + "shape":"Arn", + "documentation":"The ARN of the updated scheduled query.
" + }, + "name":{ + "shape":"ScheduledQueryName", + "documentation":"The name of the updated scheduled query.
" + }, + "description":{ + "shape":"ScheduledQueryDescription", + "documentation":"The description of the updated scheduled query.
" + }, + "queryLanguage":{ + "shape":"QueryLanguage", + "documentation":"The query language used by the updated scheduled query.
" + }, + "queryString":{ + "shape":"QueryString", + "documentation":"The query string of the updated scheduled query.
" + }, + "logGroupIdentifiers":{ + "shape":"ScheduledQueryLogGroupIdentifiers", + "documentation":"The log group identifiers of the updated scheduled query.
" + }, + "scheduleExpression":{ + "shape":"ScheduleExpression", + "documentation":"The schedule expression of the updated scheduled query.
" + }, + "timezone":{ + "shape":"ScheduleTimezone", + "documentation":"The timezone of the updated scheduled query.
" + }, + "startTimeOffset":{ + "shape":"StartTimeOffset", + "documentation":"The start time offset of the updated scheduled query.
" + }, + "destinationConfiguration":{ + "shape":"DestinationConfiguration", + "documentation":"The destination configuration of the updated scheduled query.
" + }, + "state":{ + "shape":"ScheduledQueryState", + "documentation":"The state of the updated scheduled query.
" + }, + "lastTriggeredTime":{ + "shape":"Timestamp", + "documentation":"The time when the updated scheduled query was last executed.
" + }, + "lastExecutionStatus":{ + "shape":"ExecutionStatus", + "documentation":"The status of the last execution of the updated scheduled query (Running, Complete, Failed, Timeout, or InvalidQuery).
" + }, + "scheduleStartTime":{ + "shape":"Timestamp", + "documentation":"The schedule start time of the updated scheduled query.
" + }, + "scheduleEndTime":{ + "shape":"Timestamp", + "documentation":"The schedule end time of the updated scheduled query.
" + }, + "executionRoleArn":{ + "shape":"RoleArn", + "documentation":"The execution role ARN of the updated scheduled query.
" + }, + "creationTime":{ + "shape":"Timestamp", + "documentation":"The creation time of the updated scheduled query.
" + }, + "lastUpdatedTime":{ + "shape":"Timestamp", + "documentation":"The last updated time of the scheduled query.
" + } + } + }, "UpperCaseString":{ "type":"structure", "required":["withKeys"], diff --git a/awscli/botocore/data/mailmanager/2023-10-17/service-2.json b/awscli/botocore/data/mailmanager/2023-10-17/service-2.json index 3c5a9229c91f..52ddffb7a434 100644 --- a/awscli/botocore/data/mailmanager/2023-10-17/service-2.json +++ b/awscli/botocore/data/mailmanager/2023-10-17/service-2.json @@ -320,7 +320,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Gets detailed information about an Add On instance.
" + "documentation":"Gets detailed information about an Add On instance.
", + "readonly":true }, "GetAddonSubscription":{ "name":"GetAddonSubscription", @@ -334,7 +335,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Gets detailed information about an Add On subscription.
" + "documentation":"Gets detailed information about an Add On subscription.
", + "readonly":true }, "GetAddressList":{ "name":"GetAddressList", @@ -350,7 +352,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Fetch attributes of an address list.
" + "documentation":"Fetch attributes of an address list.
", + "readonly":true }, "GetAddressListImportJob":{ "name":"GetAddressListImportJob", @@ -366,7 +369,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Fetch attributes of an import job.
" + "documentation":"Fetch attributes of an import job.
", + "readonly":true }, "GetArchive":{ "name":"GetArchive", @@ -382,7 +386,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the full details and current state of a specified email archive.
" + "documentation":"Retrieves the full details and current state of a specified email archive.
", + "readonly":true }, "GetArchiveExport":{ "name":"GetArchiveExport", @@ -412,7 +417,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a pre-signed URL that provides temporary download access to the specific email message stored in the archive.
" + "documentation":"Returns a pre-signed URL that provides temporary download access to the specific email message stored in the archive.
", + "readonly":true }, "GetArchiveMessageContent":{ "name":"GetArchiveMessageContent", @@ -442,7 +448,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the details and current status of a specific email archive search job.
" + "documentation":"Retrieves the details and current status of a specific email archive search job.
", + "readonly":true }, "GetArchiveSearchResults":{ "name":"GetArchiveSearchResults", @@ -458,7 +465,8 @@ {"shape":"ConflictException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns the results of a completed email archive search job.
" + "documentation":"Returns the results of a completed email archive search job.
", + "readonly":true }, "GetIngressPoint":{ "name":"GetIngressPoint", @@ -472,7 +480,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Fetch ingress endpoint resource attributes.
" + "documentation":"Fetch ingress endpoint resource attributes.
", + "readonly":true }, "GetMemberOfAddressList":{ "name":"GetMemberOfAddressList", @@ -488,7 +497,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Fetch attributes of a member in an address list.
" + "documentation":"Fetch attributes of a member in an address list.
", + "readonly":true }, "GetRelay":{ "name":"GetRelay", @@ -502,7 +512,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Fetch the relay resource and it's attributes.
" + "documentation":"Fetch the relay resource and it's attributes.
", + "readonly":true }, "GetRuleSet":{ "name":"GetRuleSet", @@ -516,7 +527,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Fetch attributes of a rule set.
" + "documentation":"Fetch attributes of a rule set.
", + "readonly":true }, "GetTrafficPolicy":{ "name":"GetTrafficPolicy", @@ -530,7 +542,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Fetch attributes of a traffic policy resource.
" + "documentation":"Fetch attributes of a traffic policy resource.
", + "readonly":true }, "ListAddonInstances":{ "name":"ListAddonInstances", @@ -543,7 +556,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"Lists all Add On instances in your account.
" + "documentation":"Lists all Add On instances in your account.
", + "readonly":true }, "ListAddonSubscriptions":{ "name":"ListAddonSubscriptions", @@ -556,7 +570,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"Lists all Add On subscriptions in your account.
" + "documentation":"Lists all Add On subscriptions in your account.
", + "readonly":true }, "ListAddressListImportJobs":{ "name":"ListAddressListImportJobs", @@ -572,7 +587,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists jobs for an address list.
" + "documentation":"Lists jobs for an address list.
", + "readonly":true }, "ListAddressLists":{ "name":"ListAddressLists", @@ -587,7 +603,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists address lists for this account.
" + "documentation":"Lists address lists for this account.
", + "readonly":true }, "ListArchiveExports":{ "name":"ListArchiveExports", @@ -603,7 +620,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of email archive export jobs.
" + "documentation":"Returns a list of email archive export jobs.
", + "readonly":true }, "ListArchiveSearches":{ "name":"ListArchiveSearches", @@ -619,7 +637,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of email archive search jobs.
" + "documentation":"Returns a list of email archive search jobs.
", + "readonly":true }, "ListArchives":{ "name":"ListArchives", @@ -634,7 +653,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], - "documentation":"Returns a list of all email archives in your account.
" + "documentation":"Returns a list of all email archives in your account.
", + "readonly":true }, "ListIngressPoints":{ "name":"ListIngressPoints", @@ -647,7 +667,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"List all ingress endpoint resources.
" + "documentation":"List all ingress endpoint resources.
", + "readonly":true }, "ListMembersOfAddressList":{ "name":"ListMembersOfAddressList", @@ -663,7 +684,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists members of an address list.
" + "documentation":"Lists members of an address list.
", + "readonly":true }, "ListRelays":{ "name":"ListRelays", @@ -676,7 +698,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"Lists all the existing relay resources.
" + "documentation":"Lists all the existing relay resources.
", + "readonly":true }, "ListRuleSets":{ "name":"ListRuleSets", @@ -689,7 +712,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"List rule sets for this account.
" + "documentation":"List rule sets for this account.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -703,7 +727,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the list of tags (keys and values) assigned to the resource.
" + "documentation":"Retrieves the list of tags (keys and values) assigned to the resource.
", + "readonly":true }, "ListTrafficPolicies":{ "name":"ListTrafficPolicies", @@ -716,7 +741,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"List traffic policy resources.
" + "documentation":"List traffic policy resources.
", + "readonly":true }, "RegisterMemberToAddressList":{ "name":"RegisterMemberToAddressList", @@ -3224,7 +3250,7 @@ }, "KmsKeyArn":{ "type":"string", - "pattern":"arn:aws(|-cn|-us-gov):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+" + "pattern":"arn:aws(|-cn|-us-gov|-eusc):kms:[a-z0-9-]{1,20}:[0-9]{12}:(key|alias)/.+" }, "KmsKeyId":{ "type":"string", @@ -4736,7 +4762,7 @@ }, "SecretArn":{ "type":"string", - "pattern":"arn:(aws|aws-cn|aws-us-gov):secretsmanager:[a-z0-9-]+:\\d{12}:secret:[a-zA-Z0-9/_+=,.@-]+" + "pattern":"arn:(aws|aws-cn|aws-us-gov|aws-eusc):secretsmanager:[a-z0-9-]+:\\d{12}:secret:[a-zA-Z0-9/_+=,.@-]+" }, "SendAction":{ "type":"structure", @@ -4820,7 +4846,7 @@ "type":"string", "max":2048, "min":20, - "pattern":"arn:(aws|aws-cn|aws-us-gov):sns:[a-z]{2}-[a-z]+-\\d{1}:\\d{12}:[\\w\\-]{1,256}" + "pattern":"arn:(aws|aws-cn|aws-us-gov|aws-eusc):sns:[a-z0-9-]+:\\d{12}:[\\w\\-]{1,256}" }, "StartAddressListImportJobRequest":{ "type":"structure", @@ -5057,7 +5083,7 @@ "type":"string", "max":1011, "min":20, - "pattern":"arn:aws(|-cn|-us-gov):ses:[a-z0-9-]{1,20}:[0-9]{12}:(mailmanager-|addon-).+" + "pattern":"arn:aws(|-cn|-us-gov|-eusc):ses:[a-z0-9-]{1,20}:[0-9]{12}:(mailmanager-|addon-).+" }, "ThrottlingException":{ "type":"structure", diff --git a/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json b/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json index ea38b3dcf688..68a92f7d9039 100644 --- a/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json +++ b/awscli/botocore/data/marketplace-entitlement/2017-01-11/endpoint-rule-set-1.json @@ -248,6 +248,49 @@ }, "type": "endpoint" }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://entitlement-marketplace.{Region}.amazonaws.eu", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { diff --git a/awscli/botocore/data/mediaconnect/2018-11-14/paginators-1.json b/awscli/botocore/data/mediaconnect/2018-11-14/paginators-1.json index 65df623e53d4..16736a6582f1 100644 --- a/awscli/botocore/data/mediaconnect/2018-11-14/paginators-1.json +++ b/awscli/botocore/data/mediaconnect/2018-11-14/paginators-1.json @@ -41,6 +41,24 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Gateways" + }, + "ListRouterInputs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "RouterInputs" + }, + "ListRouterNetworkInterfaces": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "RouterNetworkInterfaces" + }, + "ListRouterOutputs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "RouterOutputs" } } } diff --git a/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json b/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json index b49ebc9797e9..505a5284d75a 100644 --- a/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json +++ b/awscli/botocore/data/mediaconnect/2018-11-14/service-2.json @@ -130,6 +130,63 @@ ], "documentation":"Adds VPC interfaces to a flow.
" }, + "BatchGetRouterInput":{ + "name":"BatchGetRouterInput", + "http":{ + "method":"GET", + "requestUri":"/v1/routerInputs", + "responseCode":200 + }, + "input":{"shape":"BatchGetRouterInputRequest"}, + "output":{"shape":"BatchGetRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves information about multiple router inputs in AWS Elemental MediaConnect.
", + "readonly":true + }, + "BatchGetRouterNetworkInterface":{ + "name":"BatchGetRouterNetworkInterface", + "http":{ + "method":"GET", + "requestUri":"/v1/routerNetworkInterfaces", + "responseCode":200 + }, + "input":{"shape":"BatchGetRouterNetworkInterfaceRequest"}, + "output":{"shape":"BatchGetRouterNetworkInterfaceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves information about multiple router network interfaces in AWS Elemental MediaConnect.
", + "readonly":true + }, + "BatchGetRouterOutput":{ + "name":"BatchGetRouterOutput", + "http":{ + "method":"GET", + "requestUri":"/v1/routerOutputs", + "responseCode":200 + }, + "input":{"shape":"BatchGetRouterOutputRequest"}, + "output":{"shape":"BatchGetRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves information about multiple router outputs in AWS Elemental MediaConnect.
", + "readonly":true + }, "CreateBridge":{ "name":"CreateBridge", "http":{ @@ -189,6 +246,66 @@ ], "documentation":"Creates a new gateway. The request must include at least one network (up to four).
" }, + "CreateRouterInput":{ + "name":"CreateRouterInput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerInput", + "responseCode":201 + }, + "input":{"shape":"CreateRouterInputRequest"}, + "output":{"shape":"CreateRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"RouterInputServiceQuotaExceededException"} + ], + "documentation":"Creates a new router input in AWS Elemental MediaConnect.
" + }, + "CreateRouterNetworkInterface":{ + "name":"CreateRouterNetworkInterface", + "http":{ + "method":"POST", + "requestUri":"/v1/routerNetworkInterface", + "responseCode":201 + }, + "input":{"shape":"CreateRouterNetworkInterfaceRequest"}, + "output":{"shape":"CreateRouterNetworkInterfaceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"RouterNetworkInterfaceServiceQuotaExceededException"} + ], + "documentation":"Creates a new router network interface in AWS Elemental MediaConnect.
" + }, + "CreateRouterOutput":{ + "name":"CreateRouterOutput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerOutput", + "responseCode":201 + }, + "input":{"shape":"CreateRouterOutputRequest"}, + "output":{"shape":"CreateRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"RouterOutputServiceQuotaExceededException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Creates a new router output in AWS Elemental MediaConnect.
" + }, "DeleteBridge":{ "name":"DeleteBridge", "http":{ @@ -251,6 +368,69 @@ "documentation":"Deletes a gateway. Before you can delete a gateway, you must deregister its instances and delete its bridges.
", "idempotent":true }, + "DeleteRouterInput":{ + "name":"DeleteRouterInput", + "http":{ + "method":"DELETE", + "requestUri":"/v1/routerInput/{Arn}", + "responseCode":200 + }, + "input":{"shape":"DeleteRouterInputRequest"}, + "output":{"shape":"DeleteRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Deletes a router input from AWS Elemental MediaConnect.
", + "idempotent":true + }, + "DeleteRouterNetworkInterface":{ + "name":"DeleteRouterNetworkInterface", + "http":{ + "method":"DELETE", + "requestUri":"/v1/routerNetworkInterface/{Arn}", + "responseCode":200 + }, + "input":{"shape":"DeleteRouterNetworkInterfaceRequest"}, + "output":{"shape":"DeleteRouterNetworkInterfaceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Deletes a router network interface from AWS Elemental MediaConnect.
", + "idempotent":true + }, + "DeleteRouterOutput":{ + "name":"DeleteRouterOutput", + "http":{ + "method":"DELETE", + "requestUri":"/v1/routerOutput/{Arn}", + "responseCode":200 + }, + "input":{"shape":"DeleteRouterOutputRequest"}, + "output":{"shape":"DeleteRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Deletes a router output from AWS Elemental MediaConnect.
", + "idempotent":true + }, "DeregisterGatewayInstance":{ "name":"DeregisterGatewayInstance", "http":{ @@ -433,6 +613,109 @@ "documentation":"Displays the details of a reservation. The response includes the reservation name, state, start date and time, and the details of the offering that make up the rest of the reservation (such as price, duration, and outbound bandwidth).
", "readonly":true }, + "GetRouterInput":{ + "name":"GetRouterInput", + "http":{ + "method":"GET", + "requestUri":"/v1/routerInput/{Arn}", + "responseCode":200 + }, + "input":{"shape":"GetRouterInputRequest"}, + "output":{"shape":"GetRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves information about a specific router input in AWS Elemental MediaConnect.
", + "readonly":true + }, + "GetRouterInputSourceMetadata":{ + "name":"GetRouterInputSourceMetadata", + "http":{ + "method":"GET", + "requestUri":"/v1/routerInput/{Arn}/source-metadata", + "responseCode":200 + }, + "input":{"shape":"GetRouterInputSourceMetadataRequest"}, + "output":{"shape":"GetRouterInputSourceMetadataResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves detailed metadata information about a specific router input source, including stream details and connection state.
", + "readonly":true + }, + "GetRouterInputThumbnail":{ + "name":"GetRouterInputThumbnail", + "http":{ + "method":"GET", + "requestUri":"/v1/routerInput/{Arn}/thumbnail", + "responseCode":200 + }, + "input":{"shape":"GetRouterInputThumbnailRequest"}, + "output":{"shape":"GetRouterInputThumbnailResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves the thumbnail for a router input in AWS Elemental MediaConnect.
", + "readonly":true + }, + "GetRouterNetworkInterface":{ + "name":"GetRouterNetworkInterface", + "http":{ + "method":"GET", + "requestUri":"/v1/routerNetworkInterface/{Arn}", + "responseCode":200 + }, + "input":{"shape":"GetRouterNetworkInterfaceRequest"}, + "output":{"shape":"GetRouterNetworkInterfaceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves information about a specific router network interface in AWS Elemental MediaConnect.
", + "readonly":true + }, + "GetRouterOutput":{ + "name":"GetRouterOutput", + "http":{ + "method":"GET", + "requestUri":"/v1/routerOutput/{Arn}", + "responseCode":200 + }, + "input":{"shape":"GetRouterOutputRequest"}, + "output":{"shape":"GetRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves information about a specific router output in AWS Elemental MediaConnect.
", + "readonly":true + }, "GrantFlowEntitlements":{ "name":"GrantFlowEntitlements", "http":{ @@ -582,6 +865,80 @@ "documentation":"Displays a list of all reservations that have been purchased by this account in the current Amazon Web Services Region. This list includes all reservations in all states (such as active and expired).
", "readonly":true }, + "ListRouterInputs":{ + "name":"ListRouterInputs", + "http":{ + "method":"POST", + "requestUri":"/v1/routerInputs", + "responseCode":200 + }, + "input":{"shape":"ListRouterInputsRequest"}, + "output":{"shape":"ListRouterInputsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves a list of router inputs in AWS Elemental MediaConnect.
", + "readonly":true + }, + "ListRouterNetworkInterfaces":{ + "name":"ListRouterNetworkInterfaces", + "http":{ + "method":"POST", + "requestUri":"/v1/routerNetworkInterfaces", + "responseCode":200 + }, + "input":{"shape":"ListRouterNetworkInterfacesRequest"}, + "output":{"shape":"ListRouterNetworkInterfacesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves a list of router network interfaces in AWS Elemental MediaConnect.
", + "readonly":true + }, + "ListRouterOutputs":{ + "name":"ListRouterOutputs", + "http":{ + "method":"POST", + "requestUri":"/v1/routerOutputs", + "responseCode":200 + }, + "input":{"shape":"ListRouterOutputsRequest"}, + "output":{"shape":"ListRouterOutputsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Retrieves a list of router outputs in AWS Elemental MediaConnect.
", + "readonly":true + }, + "ListTagsForGlobalResource":{ + "name":"ListTagsForGlobalResource", + "http":{ + "method":"GET", + "requestUri":"/tags/global/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"ListTagsForGlobalResourceRequest"}, + "output":{"shape":"ListTagsForGlobalResourceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"} + ], + "documentation":"Lists the tags associated with a global resource in AWS Elemental MediaConnect. The API supports the following global resources: router inputs, router outputs and router network interfaces.
", + "readonly":true + }, "ListTagsForResource":{ "name":"ListTagsForResource", "http":{ @@ -596,7 +953,7 @@ {"shape":"InternalServerErrorException"}, {"shape":"NotFoundException"} ], - "documentation":"List all tags on a MediaConnect resource.
", + "documentation":"List all tags on a MediaConnect resource in the current region.
", "readonly":true }, "PurchaseOffering":{ @@ -740,25 +1097,65 @@ "documentation":"Removes a VPC Interface from an existing flow. This request can be made only on a VPC interface that does not have a Source or Output associated with it. If the VPC interface is referenced by a Source or Output, you must first delete or update the Source or Output to no longer reference the VPC interface.
", "idempotent":true }, - "RevokeFlowEntitlement":{ - "name":"RevokeFlowEntitlement", + "RestartRouterInput":{ + "name":"RestartRouterInput", "http":{ - "method":"DELETE", - "requestUri":"/v1/flows/{FlowArn}/entitlements/{EntitlementArn}", + "method":"POST", + "requestUri":"/v1/routerInput/restart/{Arn}", "responseCode":202 }, - "input":{"shape":"RevokeFlowEntitlementRequest"}, - "output":{"shape":"RevokeFlowEntitlementResponse"}, + "input":{"shape":"RestartRouterInputRequest"}, + "output":{"shape":"RestartRouterInputResponse"}, "errors":[ {"shape":"BadRequestException"}, {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, {"shape":"ForbiddenException"}, {"shape":"InternalServerErrorException"}, {"shape":"NotFoundException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"Revokes an entitlement from a flow. Once an entitlement is revoked, the content becomes unavailable to the subscriber and the associated output is removed.
", - "idempotent":true + "documentation":"Restarts a router input. This operation can be used to recover from errors or refresh the input state.
" + }, + "RestartRouterOutput":{ + "name":"RestartRouterOutput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerOutput/restart/{Arn}", + "responseCode":202 + }, + "input":{"shape":"RestartRouterOutputRequest"}, + "output":{"shape":"RestartRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Restarts a router output. This operation can be used to recover from errors or refresh the output state.
" + }, + "RevokeFlowEntitlement":{ + "name":"RevokeFlowEntitlement", + "http":{ + "method":"DELETE", + "requestUri":"/v1/flows/{FlowArn}/entitlements/{EntitlementArn}", + "responseCode":202 + }, + "input":{"shape":"RevokeFlowEntitlementRequest"}, + "output":{"shape":"RevokeFlowEntitlementResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Revokes an entitlement from a flow. Once an entitlement is revoked, the content becomes unavailable to the subscriber and the associated output is removed.
", + "idempotent":true }, "StartFlow":{ "name":"StartFlow", @@ -779,6 +1176,46 @@ ], "documentation":"Starts a flow.
" }, + "StartRouterInput":{ + "name":"StartRouterInput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerInput/start/{Arn}", + "responseCode":202 + }, + "input":{"shape":"StartRouterInputRequest"}, + "output":{"shape":"StartRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Starts a router input in AWS Elemental MediaConnect.
" + }, + "StartRouterOutput":{ + "name":"StartRouterOutput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerOutput/start/{Arn}", + "responseCode":202 + }, + "input":{"shape":"StartRouterOutputRequest"}, + "output":{"shape":"StartRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Starts a router output in AWS Elemental MediaConnect.
" + }, "StopFlow":{ "name":"StopFlow", "http":{ @@ -798,6 +1235,61 @@ ], "documentation":"Stops a flow.
" }, + "StopRouterInput":{ + "name":"StopRouterInput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerInput/stop/{Arn}", + "responseCode":202 + }, + "input":{"shape":"StopRouterInputRequest"}, + "output":{"shape":"StopRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Stops a router input in AWS Elemental MediaConnect.
" + }, + "StopRouterOutput":{ + "name":"StopRouterOutput", + "http":{ + "method":"POST", + "requestUri":"/v1/routerOutput/stop/{Arn}", + "responseCode":202 + }, + "input":{"shape":"StopRouterOutputRequest"}, + "output":{"shape":"StopRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Stops a router output in AWS Elemental MediaConnect.
" + }, + "TagGlobalResource":{ + "name":"TagGlobalResource", + "http":{ + "method":"POST", + "requestUri":"/tags/global/{ResourceArn}", + "responseCode":204 + }, + "input":{"shape":"TagGlobalResourceRequest"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"} + ], + "documentation":"Adds tags to a global resource in AWS Elemental MediaConnect. The API supports the following global resources: router inputs, router outputs and router network interfaces.
" + }, "TagResource":{ "name":"TagResource", "http":{ @@ -811,7 +1303,44 @@ {"shape":"InternalServerErrorException"}, {"shape":"NotFoundException"} ], - "documentation":" Associates the specified tags to a resource with the specified resourceArn. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well.
Associates the specified tags to a resource with the specified resourceArn in the current region. If existing tags on a resource are not specified in the request parameters, they are not changed. When a resource is deleted, the tags associated with that resource are deleted as well.
Associates a router input with a router output in AWS Elemental MediaConnect.
", + "idempotent":true + }, + "UntagGlobalResource":{ + "name":"UntagGlobalResource", + "http":{ + "method":"DELETE", + "requestUri":"/tags/global/{ResourceArn}", + "responseCode":204 + }, + "input":{"shape":"UntagGlobalResourceRequest"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"} + ], + "documentation":"Removes tags from a global resource in AWS Elemental MediaConnect. The API supports the following global resources: router inputs, router outputs and router network interfaces.
", + "idempotent":true }, "UntagResource":{ "name":"UntagResource", @@ -826,7 +1355,7 @@ {"shape":"InternalServerErrorException"}, {"shape":"NotFoundException"} ], - "documentation":"Deletes specified tags from a resource.
", + "documentation":"Deletes specified tags from a resource in the current region.
", "idempotent":true }, "UpdateBridge":{ @@ -1033,6 +1562,68 @@ ], "documentation":"Updates an existing gateway instance.
", "idempotent":true + }, + "UpdateRouterInput":{ + "name":"UpdateRouterInput", + "http":{ + "method":"PUT", + "requestUri":"/v1/routerInput/{Arn}", + "responseCode":202 + }, + "input":{"shape":"UpdateRouterInputRequest"}, + "output":{"shape":"UpdateRouterInputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Updates the configuration of an existing router input in AWS Elemental MediaConnect.
", + "idempotent":true + }, + "UpdateRouterNetworkInterface":{ + "name":"UpdateRouterNetworkInterface", + "http":{ + "method":"PUT", + "requestUri":"/v1/routerNetworkInterface/{Arn}", + "responseCode":202 + }, + "input":{"shape":"UpdateRouterNetworkInterfaceRequest"}, + "output":{"shape":"UpdateRouterNetworkInterfaceResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Updates the configuration of an existing router network interface in AWS Elemental MediaConnect.
", + "idempotent":true + }, + "UpdateRouterOutput":{ + "name":"UpdateRouterOutput", + "http":{ + "method":"PUT", + "requestUri":"/v1/routerOutput/{Arn}", + "responseCode":202 + }, + "input":{"shape":"UpdateRouterOutputRequest"}, + "output":{"shape":"UpdateRouterOutputResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"ConflictException"}, + {"shape":"ForbiddenException"}, + {"shape":"InternalServerErrorException"}, + {"shape":"NotFoundException"}, + {"shape":"ServiceUnavailableException"} + ], + "documentation":"Updates the configuration of an existing router output in AWS Elemental MediaConnect.
", + "idempotent":true } }, "shapes":{ @@ -1625,6 +2216,15 @@ "shape":"__mapOfString", "documentation":"The key-value pairs that can be used to tag and organize the output.
", "locationName":"outputTags" + }, + "RouterIntegrationState":{ + "shape":"State", + "documentation":"Indicates whether to enable or disable router integration when creating a new flow output.
", + "locationName":"routerIntegrationState" + }, + "RouterIntegrationTransitEncryption":{ + "shape":"FlowTransitEncryption", + "locationName":"routerIntegrationTransitEncryption" } }, "documentation":"A request to add an output to a flow.
" @@ -1648,6 +2248,11 @@ }, "documentation":"Specifies the configuration for audio stream metrics monitoring.
" }, + "AutomaticEncryptionKeyConfiguration":{ + "type":"structure", + "members":{}, + "documentation":"Configuration settings for automatic encryption key management, where MediaConnect handles key creation and rotation.
" + }, "BadRequestException":{ "type":"structure", "required":["Message"], @@ -1664,68 +2269,270 @@ }, "exception":true }, - "BlackFrames":{ + "BatchGetRouterInputError":{ "type":"structure", + "required":[ + "Arn", + "Code", + "Message" + ], "members":{ - "State":{ - "shape":"State", - "documentation":" Indicates whether the BlackFrames metric is enabled or disabled..
The Amazon Resource Name (ARN) of the router input for which the error occurred.
", + "locationName":"arn" }, - "ThresholdSeconds":{ - "shape":"Integer", - "documentation":"Specifies the number of consecutive seconds of black frames that triggers an event or alert.
", - "locationName":"thresholdSeconds" + "Code":{ + "shape":"String", + "documentation":"The error code associated with the error.
", + "locationName":"code" + }, + "Message":{ + "shape":"String", + "documentation":"A message describing the error.
", + "locationName":"message" } }, - "documentation":" Configures settings for the BlackFrames metric.
An error that occurred when retrieving multiple router inputs in the BatchGetRouterInput operation, including the ARN, error code, and error message.
" }, - "Boolean":{ - "type":"boolean", - "box":true + "BatchGetRouterInputErrorList":{ + "type":"list", + "member":{"shape":"BatchGetRouterInputError"} }, - "Bridge":{ + "BatchGetRouterInputRequest":{ + "type":"structure", + "required":["Arns"], + "members":{ + "Arns":{ + "shape":"BatchGetRouterInputRequestArnsList", + "documentation":"The Amazon Resource Names (ARNs) of the router inputs you want to retrieve information about.
", + "location":"querystring", + "locationName":"arns" + } + } + }, + "BatchGetRouterInputRequestArnsList":{ + "type":"list", + "member":{"shape":"RouterInputArn"}, + "max":20, + "min":1 + }, + "BatchGetRouterInputResponse":{ "type":"structure", "required":[ - "BridgeArn", - "BridgeState", - "Name", - "PlacementArn" + "RouterInputs", + "Errors" ], "members":{ - "BridgeArn":{ - "shape":"String", - "documentation":"The Amazon Resource Number (ARN) of the bridge.
", - "locationName":"bridgeArn" - }, - "BridgeMessages":{ - "shape":"__listOfMessageDetail", - "documentation":"Messages with details about the bridge.
", - "locationName":"bridgeMessages" - }, - "BridgeState":{ - "shape":"BridgeState", - "documentation":"The state of the bridge.
", - "locationName":"bridgeState" - }, - "EgressGatewayBridge":{ - "shape":"EgressGatewayBridge", - "documentation":"An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.
", - "locationName":"egressGatewayBridge" + "RouterInputs":{ + "shape":"RouterInputList", + "documentation":"An array of router inputs that were successfully retrieved.
", + "locationName":"routerInputs" }, - "IngressGatewayBridge":{ - "shape":"IngressGatewayBridge", - "documentation":"An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.
", - "locationName":"ingressGatewayBridge" + "Errors":{ + "shape":"BatchGetRouterInputErrorList", + "documentation":"An array of errors that occurred when retrieving the requested router inputs.
", + "locationName":"errors" + } + } + }, + "BatchGetRouterNetworkInterfaceError":{ + "type":"structure", + "required":[ + "Arn", + "Code", + "Message" + ], + "members":{ + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the router network interface for which the error occurred.
", + "locationName":"arn" }, - "Name":{ + "Code":{ "shape":"String", - "documentation":"The name of the bridge.
", - "locationName":"name" + "documentation":"The error code associated with the error.
", + "locationName":"code" }, - "Outputs":{ - "shape":"__listOfBridgeOutput", - "documentation":"The outputs on this bridge.
", + "Message":{ + "shape":"String", + "documentation":"A message describing the error.
", + "locationName":"message" + } + }, + "documentation":"An error that occurred when retrieving multiple router network interfaces in the BatchGetRouterNetworkInterface operation, including the ARN, error code, and error message.
" + }, + "BatchGetRouterNetworkInterfaceErrorList":{ + "type":"list", + "member":{"shape":"BatchGetRouterNetworkInterfaceError"} + }, + "BatchGetRouterNetworkInterfaceRequest":{ + "type":"structure", + "required":["Arns"], + "members":{ + "Arns":{ + "shape":"BatchGetRouterNetworkInterfaceRequestArnsList", + "documentation":"The Amazon Resource Names (ARNs) of the router network interfaces you want to retrieve information about.
", + "location":"querystring", + "locationName":"arns" + } + } + }, + "BatchGetRouterNetworkInterfaceRequestArnsList":{ + "type":"list", + "member":{"shape":"RouterNetworkInterfaceArn"}, + "max":20, + "min":1 + }, + "BatchGetRouterNetworkInterfaceResponse":{ + "type":"structure", + "required":[ + "RouterNetworkInterfaces", + "Errors" + ], + "members":{ + "RouterNetworkInterfaces":{ + "shape":"RouterNetworkInterfaceList", + "documentation":"An array of router network interfaces that were successfully retrieved.
", + "locationName":"routerNetworkInterfaces" + }, + "Errors":{ + "shape":"BatchGetRouterNetworkInterfaceErrorList", + "documentation":"An array of errors that occurred when retrieving the requested router network interfaces.
", + "locationName":"errors" + } + } + }, + "BatchGetRouterOutputError":{ + "type":"structure", + "required":[ + "Arn", + "Code", + "Message" + ], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output for which the error occurred.
", + "locationName":"arn" + }, + "Code":{ + "shape":"String", + "documentation":"The error code associated with the error.
", + "locationName":"code" + }, + "Message":{ + "shape":"String", + "documentation":"A message describing the error.
", + "locationName":"message" + } + }, + "documentation":"An error that occurred when retrieving multiple router outputs in the BatchGetRouterOutput operation, including the ARN, error code, and error message.
" + }, + "BatchGetRouterOutputErrorList":{ + "type":"list", + "member":{"shape":"BatchGetRouterOutputError"} + }, + "BatchGetRouterOutputRequest":{ + "type":"structure", + "required":["Arns"], + "members":{ + "Arns":{ + "shape":"BatchGetRouterOutputRequestArnsList", + "documentation":"The Amazon Resource Names (ARNs) of the router outputs you want to retrieve information about.
", + "location":"querystring", + "locationName":"arns" + } + } + }, + "BatchGetRouterOutputRequestArnsList":{ + "type":"list", + "member":{"shape":"RouterOutputArn"}, + "max":20, + "min":1 + }, + "BatchGetRouterOutputResponse":{ + "type":"structure", + "required":[ + "RouterOutputs", + "Errors" + ], + "members":{ + "RouterOutputs":{ + "shape":"RouterOutputList", + "documentation":"An array of router outputs that were successfully retrieved.
", + "locationName":"routerOutputs" + }, + "Errors":{ + "shape":"BatchGetRouterOutputErrorList", + "documentation":"An array of errors that occurred when retrieving the requested router outputs.
", + "locationName":"errors" + } + } + }, + "BlackFrames":{ + "type":"structure", + "members":{ + "State":{ + "shape":"State", + "documentation":" Indicates whether the BlackFrames metric is enabled or disabled..
Specifies the number of consecutive seconds of black frames that triggers an event or alert.
", + "locationName":"thresholdSeconds" + } + }, + "documentation":" Configures settings for the BlackFrames metric.
The Amazon Resource Number (ARN) of the bridge.
", + "locationName":"bridgeArn" + }, + "BridgeMessages":{ + "shape":"__listOfMessageDetail", + "documentation":"Messages with details about the bridge.
", + "locationName":"bridgeMessages" + }, + "BridgeState":{ + "shape":"BridgeState", + "documentation":"The state of the bridge.
", + "locationName":"bridgeState" + }, + "EgressGatewayBridge":{ + "shape":"EgressGatewayBridge", + "documentation":"An egress bridge is a cloud-to-ground bridge. The content comes from an existing MediaConnect flow and is delivered to your premises.
", + "locationName":"egressGatewayBridge" + }, + "IngressGatewayBridge":{ + "shape":"IngressGatewayBridge", + "documentation":"An ingress bridge is a ground-to-cloud bridge. The content originates at your premises and is delivered to the cloud.
", + "locationName":"ingressGatewayBridge" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the bridge.
", + "locationName":"name" + }, + "Outputs":{ + "shape":"__listOfBridgeOutput", + "documentation":"The outputs on this bridge.
", "locationName":"outputs" }, "PlacementArn":{ @@ -2213,6 +3020,237 @@ } } }, + "CreateRouterInputRequest":{ + "type":"structure", + "required":[ + "Name", + "Configuration", + "MaximumBitrate", + "RoutingScope", + "Tier" + ], + "members":{ + "Name":{ + "shape":"CreateRouterInputRequestNameString", + "documentation":"The name of the router input.
", + "locationName":"name" + }, + "Configuration":{ + "shape":"RouterInputConfiguration", + "documentation":"The configuration settings for the router input, which can include the protocol, network interface, and other details.
", + "locationName":"configuration" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The maximum bitrate for the router input.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Specifies whether the router input can be assigned to outputs in different Regions. REGIONAL (default) - connects only to outputs in same Region. GLOBAL - connects to outputs in any Region.
", + "locationName":"routingScope" + }, + "Tier":{ + "shape":"RouterInputTier", + "documentation":"The tier level for the router input.
", + "locationName":"tier" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region for the router input. Defaults to the current region if not specified.
", + "locationName":"regionName" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone where you want to create the router input. This must be a valid Availability Zone for the region specified by regionName, or the current region if no regionName is provided.
The transit encryption settings for the router input.
", + "locationName":"transitEncryption" + }, + "MaintenanceConfiguration":{ + "shape":"MaintenanceConfiguration", + "documentation":"The maintenance configuration settings for the router input, including preferred maintenance windows and schedules.
", + "locationName":"maintenanceConfiguration" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"Key-value pairs that can be used to tag and organize this router input.
", + "locationName":"tags" + }, + "ClientToken":{ + "shape":"String", + "documentation":"A unique identifier for the request to ensure idempotency.
", + "idempotencyToken":true, + "locationName":"clientToken" + } + } + }, + "CreateRouterInputRequestNameString":{ + "type":"string", + "max":128, + "min":1 + }, + "CreateRouterInputResponse":{ + "type":"structure", + "required":["RouterInput"], + "members":{ + "RouterInput":{ + "shape":"RouterInput", + "documentation":"The newly-created router input.
", + "locationName":"routerInput" + } + } + }, + "CreateRouterNetworkInterfaceRequest":{ + "type":"structure", + "required":[ + "Name", + "Configuration" + ], + "members":{ + "Name":{ + "shape":"CreateRouterNetworkInterfaceRequestNameString", + "documentation":"The name of the router network interface.
", + "locationName":"name" + }, + "Configuration":{ + "shape":"RouterNetworkInterfaceConfiguration", + "documentation":"The configuration settings for the router network interface.
", + "locationName":"configuration" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region for the router network interface. Defaults to the current region if not specified.
", + "locationName":"regionName" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"Key-value pairs that can be used to tag and organize this router network interface.
", + "locationName":"tags" + }, + "ClientToken":{ + "shape":"String", + "documentation":"A unique identifier for the request to ensure idempotency.
", + "idempotencyToken":true, + "locationName":"clientToken" + } + } + }, + "CreateRouterNetworkInterfaceRequestNameString":{ + "type":"string", + "max":128, + "min":1 + }, + "CreateRouterNetworkInterfaceResponse":{ + "type":"structure", + "required":["RouterNetworkInterface"], + "members":{ + "RouterNetworkInterface":{ + "shape":"RouterNetworkInterface", + "documentation":"The newly-created router network interface.
", + "locationName":"routerNetworkInterface" + } + } + }, + "CreateRouterOutputRequest":{ + "type":"structure", + "required":[ + "Name", + "Configuration", + "MaximumBitrate", + "RoutingScope", + "Tier" + ], + "members":{ + "Name":{ + "shape":"CreateRouterOutputRequestNameString", + "documentation":"The name of the router output.
", + "locationName":"name" + }, + "Configuration":{ + "shape":"RouterOutputConfiguration", + "documentation":"The configuration settings for the router output.
", + "locationName":"configuration" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The maximum bitrate for the router output.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Specifies whether the router output can take inputs that are in different Regions. REGIONAL (default) - can only take inputs from same Region. GLOBAL - can take inputs from any Region.
", + "locationName":"routingScope" + }, + "Tier":{ + "shape":"RouterOutputTier", + "documentation":"The tier level for the router output.
", + "locationName":"tier" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region for the router output. Defaults to the current region if not specified.
", + "locationName":"regionName" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone where you want to create the router output. This must be a valid Availability Zone for the region specified by regionName, or the current region if no regionName is provided.
The maintenance configuration settings for the router output, including preferred maintenance windows and schedules.
", + "locationName":"maintenanceConfiguration" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"Key-value pairs that can be used to tag this router output.
", + "locationName":"tags" + }, + "ClientToken":{ + "shape":"String", + "documentation":"A unique identifier for the request to ensure idempotency.
", + "idempotencyToken":true, + "locationName":"clientToken" + } + } + }, + "CreateRouterOutputRequestNameString":{ + "type":"string", + "max":128, + "min":1 + }, + "CreateRouterOutputResponse":{ + "type":"structure", + "required":["RouterOutput"], + "members":{ + "RouterOutput":{ + "shape":"RouterOutput", + "documentation":"The newly-created router output.
", + "locationName":"routerOutput" + } + } + }, + "Day":{ + "type":"string", + "enum":[ + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY", + "SUNDAY" + ] + }, + "DefaultMaintenanceConfiguration":{ + "type":"structure", + "members":{}, + "documentation":"Configuration settings for default maintenance scheduling.
" + }, "DeleteBridgeRequest":{ "type":"structure", "required":["BridgeArn"], @@ -2296,37 +3334,148 @@ } } }, - "DeregisterGatewayInstanceRequest":{ + "DeleteRouterInputRequest":{ "type":"structure", - "required":["GatewayInstanceArn"], + "required":["Arn"], "members":{ - "Force":{ - "shape":"Boolean", - "documentation":"Force the deregistration of an instance. Force will deregister an instance, even if there are bridges running on it.
", - "location":"querystring", - "locationName":"force" - }, - "GatewayInstanceArn":{ - "shape":"DeregisterGatewayInstanceRequestGatewayInstanceArnString", - "documentation":"The Amazon Resource Name (ARN) of the gateway that contains the instance that you want to deregister.
", + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to delete.
", "location":"uri", - "locationName":"GatewayInstanceArn" + "locationName":"Arn" } } }, - "DeregisterGatewayInstanceRequestGatewayInstanceArnString":{ - "type":"string", - "pattern":"arn:.+:mediaconnect.+:gateway:.+:instance:.+" - }, - "DeregisterGatewayInstanceResponse":{ + "DeleteRouterInputResponse":{ "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], "members":{ - "GatewayInstanceArn":{ - "shape":"String", - "documentation":"The ARN of the instance.
", - "locationName":"gatewayInstanceArn" + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the deleted router input.
", + "locationName":"arn" }, - "InstanceState":{ + "Name":{ + "shape":"String", + "documentation":"The name of the deleted router input.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterInputState", + "documentation":"The current state of the deleted router input, indicating where it is in the deletion process.
", + "locationName":"state" + } + } + }, + "DeleteRouterNetworkInterfaceRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the router network interface that you want to delete.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "DeleteRouterNetworkInterfaceResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], + "members":{ + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The ARN of the deleted router network interface.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the deleted router network interface.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterNetworkInterfaceState", + "documentation":"The current state of the deleted router network interface, indicating where it is in the deletion process.
", + "locationName":"state" + } + } + }, + "DeleteRouterOutputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to delete.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "DeleteRouterOutputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The ARN of the deleted router output.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the deleted router output.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterOutputState", + "documentation":"The current state of the deleted router output, indicating where it is in the deletion process.
", + "locationName":"state" + } + } + }, + "DeregisterGatewayInstanceRequest":{ + "type":"structure", + "required":["GatewayInstanceArn"], + "members":{ + "Force":{ + "shape":"Boolean", + "documentation":"Force the deregistration of an instance. Force will deregister an instance, even if there are bridges running on it.
", + "location":"querystring", + "locationName":"force" + }, + "GatewayInstanceArn":{ + "shape":"DeregisterGatewayInstanceRequestGatewayInstanceArnString", + "documentation":"The Amazon Resource Name (ARN) of the gateway that contains the instance that you want to deregister.
", + "location":"uri", + "locationName":"GatewayInstanceArn" + } + } + }, + "DeregisterGatewayInstanceRequestGatewayInstanceArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:gateway:.+:instance:.+" + }, + "DeregisterGatewayInstanceResponse":{ + "type":"structure", + "members":{ + "GatewayInstanceArn":{ + "shape":"String", + "documentation":"The ARN of the instance.
", + "locationName":"gatewayInstanceArn" + }, + "InstanceState":{ "shape":"InstanceState", "documentation":"The status of the instance.
", "locationName":"instanceState" @@ -2823,6 +3972,13 @@ }, "documentation":"The settings for source failover.
" }, + "FailoverInputSourcePriorityMode":{ + "type":"string", + "enum":[ + "NO_PRIORITY", + "PRIMARY_SECONDARY" + ] + }, "FailoverMode":{ "type":"string", "enum":[ @@ -2830,6 +3986,107 @@ "FAILOVER" ] }, + "FailoverRouterInputConfiguration":{ + "type":"structure", + "required":[ + "NetworkInterfaceArn", + "ProtocolConfigurations", + "SourcePriorityMode" + ], + "members":{ + "NetworkInterfaceArn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The ARN of the network interface to use for this failover router input.
", + "locationName":"networkInterfaceArn" + }, + "ProtocolConfigurations":{ + "shape":"FailoverRouterInputProtocolConfigurationList", + "documentation":"A list of exactly two protocol configurations for the failover input sources. Both must use the same protocol type.
", + "locationName":"protocolConfigurations" + }, + "SourcePriorityMode":{ + "shape":"FailoverInputSourcePriorityMode", + "documentation":"The mode for determining source priority in failover configurations.
", + "locationName":"sourcePriorityMode" + }, + "PrimarySourceIndex":{ + "shape":"FailoverRouterInputConfigurationPrimarySourceIndexInteger", + "documentation":"The index (0 or 1) that specifies which source in the protocol configurations list is currently active. Used to control which of the two failover sources is currently selected. This field is ignored when sourcePriorityMode is set to NO_PRIORITY
", + "locationName":"primarySourceIndex" + } + }, + "documentation":"Configuration settings for a failover router input that allows switching between two input sources.
" + }, + "FailoverRouterInputConfigurationPrimarySourceIndexInteger":{ + "type":"integer", + "box":true, + "max":1, + "min":0 + }, + "FailoverRouterInputIndexedStreamDetails":{ + "type":"structure", + "required":["SourceIndex"], + "members":{ + "SourceIndex":{ + "shape":"Integer", + "documentation":"The index number (0 or 1) assigned to this source in the failover configuration.
", + "locationName":"sourceIndex" + }, + "SourceIpAddress":{ + "shape":"String", + "documentation":"The IP address of the source for this indexed stream.
", + "locationName":"sourceIpAddress" + } + }, + "documentation":"Configuration details for an indexed stream in a failover router input setup.
" + }, + "FailoverRouterInputProtocolConfiguration":{ + "type":"structure", + "members":{ + "Rtp":{ + "shape":"RtpRouterInputConfiguration", + "locationName":"rtp" + }, + "Rist":{ + "shape":"RistRouterInputConfiguration", + "locationName":"rist" + }, + "SrtListener":{ + "shape":"SrtListenerRouterInputConfiguration", + "locationName":"srtListener" + }, + "SrtCaller":{ + "shape":"SrtCallerRouterInputConfiguration", + "locationName":"srtCaller" + } + }, + "documentation":"Protocol configuration settings for failover router inputs.
", + "union":true + }, + "FailoverRouterInputProtocolConfigurationList":{ + "type":"list", + "member":{"shape":"FailoverRouterInputProtocolConfiguration"} + }, + "FailoverRouterInputStreamDetails":{ + "type":"structure", + "required":[ + "SourceIndexZeroStreamDetails", + "SourceIndexOneStreamDetails" + ], + "members":{ + "SourceIndexZeroStreamDetails":{ + "shape":"FailoverRouterInputIndexedStreamDetails", + "documentation":"Configuration details for the primary source (index 0) in the failover setup.
", + "locationName":"sourceIndexZeroStreamDetails" + }, + "SourceIndexOneStreamDetails":{ + "shape":"FailoverRouterInputIndexedStreamDetails", + "documentation":"Configuration details for the secondary source (index 1) in the failover setup.
", + "locationName":"sourceIndexOneStreamDetails" + } + }, + "documentation":"Configuration details for a failover router input that can automatically switch between two sources.
" + }, "Flow":{ "type":"structure", "required":[ @@ -2930,7 +4187,14 @@ }, "documentation":"The settings for a flow, including its source, outputs, and entitlements.
" }, - "FlowArn":{"type":"string"}, + "FlowArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):mediaconnect:[a-z0-9-]+:[0-9]{12}:flow:[a-zA-Z0-9-]+:[a-zA-Z0-9_-]+" + }, + "FlowOutputArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):mediaconnect:[a-z0-9-]+:[0-9]{12}:output:[a-zA-Z0-9-]+:[a-zA-Z0-9_-]+" + }, "FlowSize":{ "type":"string", "enum":[ @@ -2938,6 +4202,49 @@ "LARGE" ] }, + "FlowSourceArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):mediaconnect:[a-z0-9-]+:[0-9]{12}:source:[a-zA-Z0-9-]+:[a-zA-Z0-9_-]+" + }, + "FlowTransitEncryption":{ + "type":"structure", + "required":["EncryptionKeyConfiguration"], + "members":{ + "EncryptionKeyType":{ + "shape":"FlowTransitEncryptionKeyType", + "documentation":"The type of encryption key to use for flow transit encryption.
", + "locationName":"encryptionKeyType" + }, + "EncryptionKeyConfiguration":{ + "shape":"FlowTransitEncryptionKeyConfiguration", + "documentation":"The configuration details for the encryption key.
", + "locationName":"encryptionKeyConfiguration" + } + }, + "documentation":"The configuration that defines how content is encrypted during transit between the MediaConnect router and a MediaConnect flow.
" + }, + "FlowTransitEncryptionKeyConfiguration":{ + "type":"structure", + "members":{ + "SecretsManager":{ + "shape":"SecretsManagerEncryptionKeyConfiguration", + "locationName":"secretsManager" + }, + "Automatic":{ + "shape":"AutomaticEncryptionKeyConfiguration", + "locationName":"automatic" + } + }, + "documentation":"Configuration settings for flow transit encryption keys.
", + "union":true + }, + "FlowTransitEncryptionKeyType":{ + "type":"string", + "enum":[ + "SECRETS_MANAGER", + "AUTOMATIC" + ] + }, "Fmtp":{ "type":"structure", "members":{ @@ -3036,6 +4343,13 @@ }, "exception":true }, + "ForwardErrorCorrectionState":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "FrameResolution":{ "type":"structure", "required":[ @@ -3217,6 +4531,149 @@ "DELETED" ] }, + "GetRouterInputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input to retrieve information about.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "GetRouterInputResponse":{ + "type":"structure", + "required":["RouterInput"], + "members":{ + "RouterInput":{ + "shape":"RouterInput", + "documentation":"The details of the requested router input, including its configuration, state, and other attributes.
", + "locationName":"routerInput" + } + } + }, + "GetRouterInputSourceMetadataRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input to retrieve metadata for.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "GetRouterInputSourceMetadataResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "SourceMetadataDetails" + ], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router input.
", + "locationName":"name" + }, + "SourceMetadataDetails":{ + "shape":"RouterInputSourceMetadataDetails", + "documentation":"Detailed metadata information about the router input source, including connection state, timestamps, and stream configuration.
", + "locationName":"sourceMetadataDetails" + } + } + }, + "GetRouterInputThumbnailRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to see a thumbnail of.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "GetRouterInputThumbnailResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "ThumbnailDetails" + ], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the router input.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router input.
", + "locationName":"name" + }, + "ThumbnailDetails":{ + "shape":"RouterInputThumbnailDetails", + "documentation":"The details of the thumbnail associated with the router input, including the thumbnail image, timecode, timestamp, and any associated error messages.
", + "locationName":"thumbnailDetails" + } + } + }, + "GetRouterNetworkInterfaceRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the router network interface that you want to retrieve information about.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "GetRouterNetworkInterfaceResponse":{ + "type":"structure", + "required":["RouterNetworkInterface"], + "members":{ + "RouterNetworkInterface":{ + "shape":"RouterNetworkInterface", + "documentation":"The details of the requested router network interface, including its configuration and other attributes.
", + "locationName":"routerNetworkInterface" + } + } + }, + "GetRouterOutputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to retrieve information about.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "GetRouterOutputResponse":{ + "type":"structure", + "required":["RouterOutput"], + "members":{ + "RouterOutput":{ + "shape":"RouterOutput", + "documentation":"The details of the requested router output, including its configuration, state, and other attributes.
", + "locationName":"routerOutput" + } + } + }, "GrantEntitlementRequest":{ "type":"structure", "required":["Subscribers"], @@ -3683,32 +5140,186 @@ } } }, - "ListTagsForResourceRequest":{ + "ListRouterInputsRequest":{ "type":"structure", - "required":["ResourceArn"], "members":{ - "ResourceArn":{ + "MaxResults":{ + "shape":"ListRouterInputsRequestMaxResultsInteger", + "documentation":"The maximum number of router inputs to return in the response.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ "shape":"String", - "documentation":"The Amazon Resource Name (ARN) that identifies the MediaConnect resource for which to list the tags.
", - "location":"uri", - "locationName":"ResourceArn" + "documentation":"A token used to retrieve the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "Filters":{ + "shape":"RouterInputFilterList", + "documentation":"The filters to apply when retrieving the list of router inputs.
", + "locationName":"filters" } } }, - "ListTagsForResourceResponse":{ + "ListRouterInputsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRouterInputsResponse":{ "type":"structure", + "required":["RouterInputs"], "members":{ - "Tags":{ - "shape":"__mapOfString", - "documentation":"A map from tag keys to values. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
", - "locationName":"tags" + "RouterInputs":{ + "shape":"ListedRouterInputList", + "documentation":"The summary information for the retrieved router inputs.
", + "locationName":"routerInputs" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to use to retrieve the next page of results.
", + "locationName":"nextToken" } } }, - "ListedBridge":{ + "ListRouterNetworkInterfacesRequest":{ "type":"structure", - "required":[ - "BridgeArn", + "members":{ + "MaxResults":{ + "shape":"ListRouterNetworkInterfacesRequestMaxResultsInteger", + "documentation":"The maximum number of router network interfaces to return in the response.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"A token used to retrieve the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "Filters":{ + "shape":"RouterNetworkInterfaceFilterList", + "documentation":"The filters to apply when retrieving the list of router network interfaces.
", + "locationName":"filters" + } + } + }, + "ListRouterNetworkInterfacesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRouterNetworkInterfacesResponse":{ + "type":"structure", + "required":["RouterNetworkInterfaces"], + "members":{ + "RouterNetworkInterfaces":{ + "shape":"ListedRouterNetworkInterfaceList", + "documentation":"The summary information for the retrieved router network interfaces.
", + "locationName":"routerNetworkInterfaces" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to use to retrieve the next page of results.
", + "locationName":"nextToken" + } + } + }, + "ListRouterOutputsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"ListRouterOutputsRequestMaxResultsInteger", + "documentation":"The maximum number of router outputs to return in the response.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"String", + "documentation":"A token used to retrieve the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + }, + "Filters":{ + "shape":"RouterOutputFilterList", + "documentation":"The filters to apply when retrieving the list of router outputs.
", + "locationName":"filters" + } + } + }, + "ListRouterOutputsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRouterOutputsResponse":{ + "type":"structure", + "required":["RouterOutputs"], + "members":{ + "RouterOutputs":{ + "shape":"ListedRouterOutputList", + "documentation":"The summary information for the retrieved router outputs.
", + "locationName":"routerOutputs" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to use to retrieve the next page of results.
", + "locationName":"nextToken" + } + } + }, + "ListTagsForGlobalResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the global resource whose tags you want to list.
", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "ListTagsForGlobalResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"__mapOfString", + "documentation":"A map of tag keys and values associated with the global resource.
", + "locationName":"tags" + } + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) that identifies the MediaConnect resource for which to list the tags.
", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"__mapOfString", + "documentation":"A map from tag keys to values. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.
", + "locationName":"tags" + } + } + }, + "ListedBridge":{ + "type":"structure", + "required":[ + "BridgeArn", "BridgeState", "BridgeType", "Name", @@ -3874,6 +5485,297 @@ }, "documentation":"A summary of an instance.
" }, + "ListedRouterInput":{ + "type":"structure", + "required":[ + "Name", + "Arn", + "Id", + "InputType", + "State", + "RoutedOutputs", + "RegionName", + "AvailabilityZone", + "MaximumBitrate", + "RoutingScope", + "CreatedAt", + "UpdatedAt", + "MessageCount" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the router input.
", + "locationName":"name" + }, + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input.
", + "locationName":"arn" + }, + "Id":{ + "shape":"String", + "documentation":"The unique identifier of the router input.
", + "locationName":"id" + }, + "InputType":{ + "shape":"RouterInputType", + "documentation":"The type of the router input.
", + "locationName":"inputType" + }, + "State":{ + "shape":"RouterInputState", + "documentation":"The overall state of the router input.
", + "locationName":"state" + }, + "RoutedOutputs":{ + "shape":"Integer", + "documentation":"The number of router outputs that are associated with this router input.
", + "locationName":"routedOutputs" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region where the router input is located.
", + "locationName":"regionName" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone of the router input.
", + "locationName":"availabilityZone" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The maximum bitrate of the router input.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Indicates whether the router input is configured for Regional or global routing.
", + "locationName":"routingScope" + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router input was created.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router input was last updated.
", + "locationName":"updatedAt" + }, + "MessageCount":{ + "shape":"Integer", + "documentation":"The number of messages associated with the router input.
", + "locationName":"messageCount" + }, + "NetworkInterfaceArn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The ARN of the network interface associated with the router input.
", + "locationName":"networkInterfaceArn" + }, + "MaintenanceScheduleType":{ + "shape":"MaintenanceScheduleType", + "documentation":"The type of maintenance schedule currently associated with the listed router input.
", + "locationName":"maintenanceScheduleType" + }, + "MaintenanceSchedule":{ + "shape":"MaintenanceSchedule", + "documentation":"The details of the maintenance schedule for the listed router input.
", + "locationName":"maintenanceSchedule" + } + }, + "documentation":"A summary of a router input, including its name, type, ARN, ID, state, and other key details. This structure is used in the response of the ListRouterInputs operation.
" + }, + "ListedRouterInputList":{ + "type":"list", + "member":{"shape":"ListedRouterInput"} + }, + "ListedRouterNetworkInterface":{ + "type":"structure", + "required":[ + "Name", + "Arn", + "Id", + "NetworkInterfaceType", + "AssociatedOutputCount", + "AssociatedInputCount", + "State", + "RegionName", + "CreatedAt", + "UpdatedAt" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the router network interface.
", + "locationName":"name" + }, + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the router network interface.
", + "locationName":"arn" + }, + "Id":{ + "shape":"String", + "documentation":"The unique identifier of the router network interface.
", + "locationName":"id" + }, + "NetworkInterfaceType":{ + "shape":"RouterNetworkInterfaceType", + "documentation":"The type of the router network interface.
", + "locationName":"networkInterfaceType" + }, + "AssociatedOutputCount":{ + "shape":"Integer", + "documentation":"The number of router outputs associated with the network interface.
", + "locationName":"associatedOutputCount" + }, + "AssociatedInputCount":{ + "shape":"Integer", + "documentation":"The number of router inputs associated with the network interface.
", + "locationName":"associatedInputCount" + }, + "State":{ + "shape":"RouterNetworkInterfaceState", + "documentation":"The current state of the router network interface.
", + "locationName":"state" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region where the router network interface is located.
", + "locationName":"regionName" + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the network interface was created.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router network interface was last updated.
", + "locationName":"updatedAt" + } + }, + "documentation":"A summary of a router network interface, including its name, type, ARN, ID, associated input/output counts, state, and other key details. This structure is used in the response of the ListRouterNetworkInterfaces operation.
" + }, + "ListedRouterNetworkInterfaceList":{ + "type":"list", + "member":{"shape":"ListedRouterNetworkInterface"} + }, + "ListedRouterOutput":{ + "type":"structure", + "required":[ + "Name", + "Arn", + "Id", + "OutputType", + "State", + "RoutedState", + "RegionName", + "AvailabilityZone", + "MaximumBitrate", + "RoutingScope", + "CreatedAt", + "UpdatedAt", + "MessageCount" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the router output.
", + "locationName":"name" + }, + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output.
", + "locationName":"arn" + }, + "Id":{ + "shape":"String", + "documentation":"The unique identifier of the router output.
", + "locationName":"id" + }, + "OutputType":{ + "shape":"RouterOutputType", + "documentation":"The type of the router output.
", + "locationName":"outputType" + }, + "State":{ + "shape":"RouterOutputState", + "documentation":"The overall state of the router output.
", + "locationName":"state" + }, + "RoutedState":{ + "shape":"RouterOutputRoutedState", + "documentation":"The current state of the association between the router output and its input.
", + "locationName":"routedState" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region where the router output is located.
", + "locationName":"regionName" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone of the router output.
", + "locationName":"availabilityZone" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The maximum bitrate of the router output.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Indicates whether the router output is configured for Regional or global routing.
", + "locationName":"routingScope" + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router output was created.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router output was last updated.
", + "locationName":"updatedAt" + }, + "MessageCount":{ + "shape":"Integer", + "documentation":"The number of messages associated with the router output.
", + "locationName":"messageCount" + }, + "RoutedInputArn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the router input associated with the output.
", + "locationName":"routedInputArn" + }, + "NetworkInterfaceArn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The ARN of the network interface associated with the router output.
", + "locationName":"networkInterfaceArn" + }, + "MaintenanceScheduleType":{ + "shape":"MaintenanceScheduleType", + "documentation":"The type of maintenance schedule currently associated with the listed router output.
", + "locationName":"maintenanceScheduleType" + }, + "MaintenanceSchedule":{ + "shape":"MaintenanceSchedule", + "documentation":"The details of the maintenance schedule for the listed router output.
", + "locationName":"maintenanceSchedule" + } + }, + "documentation":"A summary of a router output, including its name, type, ARN, ID, state, routed state, and other key details. This structure is used in the response of the ListRouterOutputs operation.
" + }, + "ListedRouterOutputList":{ + "type":"list", + "member":{"shape":"ListedRouterOutput"} + }, + "Long":{ + "type":"long", + "box":true + }, "Maintenance":{ "type":"structure", "members":{ @@ -3900,6 +5802,23 @@ }, "documentation":"The maintenance setting of a flow.
" }, + "MaintenanceConfiguration":{ + "type":"structure", + "members":{ + "PreferredDayTime":{ + "shape":"PreferredDayTimeMaintenanceConfiguration", + "documentation":"Preferred day and time maintenance configuration settings.
", + "locationName":"preferredDayTime" + }, + "Default":{ + "shape":"DefaultMaintenanceConfiguration", + "documentation":"Default maintenance configuration settings.
", + "locationName":"default" + } + }, + "documentation":"The configuration settings for maintenance operations, including preferred maintenance windows and schedules.
", + "union":true + }, "MaintenanceDay":{ "type":"string", "enum":[ @@ -3912,40 +5831,193 @@ "Sunday" ] }, + "MaintenanceSchedule":{ + "type":"structure", + "members":{ + "Window":{ + "shape":"WindowMaintenanceSchedule", + "locationName":"window" + } + }, + "documentation":"The details of the maintenance schedule.
", + "union":true + }, + "MaintenanceScheduleType":{ + "type":"string", + "enum":["WINDOW"] + }, + "MaintenanceType":{ + "type":"string", + "enum":[ + "PREFERRED_DAY_TIME", + "DEFAULT" + ] + }, "MaxResults":{ "type":"integer", "box":true, "max":1000, "min":1 }, - "MediaStream":{ + "MediaConnectFlowRouterInputConfiguration":{ "type":"structure", - "required":[ - "Fmt", - "MediaStreamId", - "MediaStreamName", - "MediaStreamType" - ], + "required":["SourceTransitDecryption"], "members":{ - "Attributes":{ - "shape":"MediaStreamAttributes", - "documentation":"Attributes that are related to the media stream.
", - "locationName":"attributes" - }, - "ClockRate":{ - "shape":"Integer", - "documentation":"The sample rate for the stream. This value is measured in Hz.
", - "locationName":"clockRate" + "FlowArn":{ + "shape":"FlowArn", + "documentation":"The ARN of the flow to connect to.
", + "locationName":"flowArn" }, - "Description":{ - "shape":"String", - "documentation":"A description that can help you quickly identify what your media stream is used for.
", - "locationName":"description" + "FlowOutputArn":{ + "shape":"FlowOutputArn", + "documentation":"The ARN of the flow output to connect to this router input.
", + "locationName":"flowOutputArn" }, - "Fmt":{ - "shape":"Integer", - "documentation":"The format type number (sometimes referred to as RTP payload type) of the media stream. MediaConnect assigns this value to the media stream. For ST 2110 JPEG XS outputs, you need to provide this value to the receiver.
", - "locationName":"fmt" + "SourceTransitDecryption":{ + "shape":"FlowTransitEncryption", + "documentation":"The decryption configuration for the flow source when connected to this router input.
", + "locationName":"sourceTransitDecryption" + } + }, + "documentation":"Configuration settings for connecting a router input to a flow output.
" + }, + "MediaConnectFlowRouterInputStreamDetails":{ + "type":"structure", + "members":{}, + "documentation":"Configuration details for a MediaConnect flow when used as a router input source.
" + }, + "MediaConnectFlowRouterOutputConfiguration":{ + "type":"structure", + "required":["DestinationTransitEncryption"], + "members":{ + "FlowArn":{ + "shape":"FlowArn", + "documentation":"The ARN of the flow to connect to this router output.
", + "locationName":"flowArn" + }, + "FlowSourceArn":{ + "shape":"FlowSourceArn", + "documentation":"The ARN of the flow source to connect to this router output.
", + "locationName":"flowSourceArn" + }, + "DestinationTransitEncryption":{ + "shape":"FlowTransitEncryption", + "documentation":"The encryption configuration for the flow destination when connected to this router output.
", + "locationName":"destinationTransitEncryption" + } + }, + "documentation":"Configuration settings for connecting a router output to a MediaConnect flow source.
" + }, + "MediaConnectFlowRouterOutputStreamDetails":{ + "type":"structure", + "members":{}, + "documentation":"Configuration details for a MediaConnect flow when used as a router output destination.
" + }, + "MediaLiveInputArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):medialive:[a-z0-9-]+:[0-9]{12}:input:[a-zA-Z0-9]+" + }, + "MediaLiveInputPipelineId":{ + "type":"string", + "enum":[ + "PIPELINE_0", + "PIPELINE_1" + ] + }, + "MediaLiveInputRouterOutputConfiguration":{ + "type":"structure", + "required":["DestinationTransitEncryption"], + "members":{ + "MediaLiveInputArn":{ + "shape":"MediaLiveInputArn", + "documentation":"The ARN of the MediaLive input to connect to this router output.
", + "locationName":"mediaLiveInputArn" + }, + "MediaLivePipelineId":{ + "shape":"MediaLiveInputPipelineId", + "documentation":"The index of the MediaLive pipeline to connect to this router output.
", + "locationName":"mediaLivePipelineId" + }, + "DestinationTransitEncryption":{ + "shape":"MediaLiveTransitEncryption", + "documentation":"The encryption configuration for the MediaLive input when connected to this router output.
", + "locationName":"destinationTransitEncryption" + } + }, + "documentation":"Configuration settings for connecting a router output to a MediaLive input.
" + }, + "MediaLiveInputRouterOutputStreamDetails":{ + "type":"structure", + "members":{}, + "documentation":"Configuration details for a MediaLive input when used as a router output destination.
" + }, + "MediaLiveTransitEncryption":{ + "type":"structure", + "required":["EncryptionKeyConfiguration"], + "members":{ + "EncryptionKeyType":{ + "shape":"MediaLiveTransitEncryptionKeyType", + "documentation":"The type of encryption key to use for MediaLive transit encryption.
", + "locationName":"encryptionKeyType" + }, + "EncryptionKeyConfiguration":{ + "shape":"MediaLiveTransitEncryptionKeyConfiguration", + "documentation":"The configuration details for the MediaLive encryption key.
", + "locationName":"encryptionKeyConfiguration" + } + }, + "documentation":"The encryption configuration that defines how content is encrypted during transit between MediaConnect Router and MediaLive. This configuration determines whether encryption keys are automatically managed by the service or manually managed through AWS Secrets Manager.
" + }, + "MediaLiveTransitEncryptionKeyConfiguration":{ + "type":"structure", + "members":{ + "SecretsManager":{ + "shape":"SecretsManagerEncryptionKeyConfiguration", + "locationName":"secretsManager" + }, + "Automatic":{ + "shape":"AutomaticEncryptionKeyConfiguration", + "locationName":"automatic" + } + }, + "documentation":"Configuration settings for the MediaLive transit encryption key.
", + "union":true + }, + "MediaLiveTransitEncryptionKeyType":{ + "type":"string", + "enum":[ + "SECRETS_MANAGER", + "AUTOMATIC" + ] + }, + "MediaStream":{ + "type":"structure", + "required":[ + "Fmt", + "MediaStreamId", + "MediaStreamName", + "MediaStreamType" + ], + "members":{ + "Attributes":{ + "shape":"MediaStreamAttributes", + "documentation":"Attributes that are related to the media stream.
", + "locationName":"attributes" + }, + "ClockRate":{ + "shape":"Integer", + "documentation":"The sample rate for the stream. This value is measured in Hz.
", + "locationName":"clockRate" + }, + "Description":{ + "shape":"String", + "documentation":"A description that can help you quickly identify what your media stream is used for.
", + "locationName":"description" + }, + "Fmt":{ + "shape":"Integer", + "documentation":"The format type number (sometimes referred to as RTP payload type) of the media stream. MediaConnect assigns this value to the media stream. For ST 2110 JPEG XS outputs, you need to provide this value to the receiver.
", + "locationName":"fmt" }, "MediaStreamId":{ "shape":"Integer", @@ -4121,6 +6193,88 @@ "ancillary-data" ] }, + "MergeRouterInputConfiguration":{ + "type":"structure", + "required":[ + "NetworkInterfaceArn", + "ProtocolConfigurations", + "MergeRecoveryWindowMilliseconds" + ], + "members":{ + "NetworkInterfaceArn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The ARN of the network interface to use for this merge router input.
", + "locationName":"networkInterfaceArn" + }, + "ProtocolConfigurations":{ + "shape":"MergeRouterInputProtocolConfigurationList", + "documentation":"A list of exactly two protocol configurations for the merge input sources. Both must use the same protocol type.
", + "locationName":"protocolConfigurations" + }, + "MergeRecoveryWindowMilliseconds":{ + "shape":"Long", + "documentation":"The time window in milliseconds for merging the two input sources.
", + "locationName":"mergeRecoveryWindowMilliseconds" + } + }, + "documentation":"Configuration settings for a merge router input that combines two input sources.
" + }, + "MergeRouterInputIndexedStreamDetails":{ + "type":"structure", + "required":["SourceIndex"], + "members":{ + "SourceIndex":{ + "shape":"Integer", + "documentation":"The index number (0 or 1) assigned to this source in the merge configuration.
", + "locationName":"sourceIndex" + }, + "SourceIpAddress":{ + "shape":"String", + "documentation":"The IP address of the source for this indexed stream in the merge setup.
", + "locationName":"sourceIpAddress" + } + }, + "documentation":"Configuration details for an indexed stream in a merge router input setup.
" + }, + "MergeRouterInputProtocolConfiguration":{ + "type":"structure", + "members":{ + "Rtp":{ + "shape":"RtpRouterInputConfiguration", + "locationName":"rtp" + }, + "Rist":{ + "shape":"RistRouterInputConfiguration", + "locationName":"rist" + } + }, + "documentation":"Protocol configuration settings for merge router inputs.
", + "union":true + }, + "MergeRouterInputProtocolConfigurationList":{ + "type":"list", + "member":{"shape":"MergeRouterInputProtocolConfiguration"} + }, + "MergeRouterInputStreamDetails":{ + "type":"structure", + "required":[ + "SourceIndexZeroStreamDetails", + "SourceIndexOneStreamDetails" + ], + "members":{ + "SourceIndexZeroStreamDetails":{ + "shape":"MergeRouterInputIndexedStreamDetails", + "documentation":"Configuration details for the first source (index 0) in the merge setup.
", + "locationName":"sourceIndexZeroStreamDetails" + }, + "SourceIndexOneStreamDetails":{ + "shape":"MergeRouterInputIndexedStreamDetails", + "documentation":"Configuration details for the second source (index 1) in the merge setup.
", + "locationName":"sourceIndexOneStreamDetails" + } + }, + "documentation":"Configuration details for a merge router input that combines two input sources.
" + }, "MessageDetail":{ "type":"structure", "required":[ @@ -4419,6 +6573,21 @@ "shape":"String", "documentation":"The IP address of the device that is currently receiving content from this output.
For outputs that use protocols where you specify the destination (such as SRT Caller or Zixi Push), this value matches the configured destination address.
For outputs that use listener protocols (such as SRT Listener), this value shows the address of the connected receiver.
Peer IP addresses aren't available for entitlements, managed MediaLive outputs, NDI outputs, and CDI/ST2110 outputs.
The peer IP address might not be visible for flows that haven't been started yet, or flows that were started before May 2025. In these cases, restart your flow to see the peer IP address.
Indicates if router integration is enabled or disabled on the flow output.
", + "locationName":"routerIntegrationState" + }, + "RouterIntegrationTransitEncryption":{ + "shape":"FlowTransitEncryption", + "documentation":"The encryption configuration for the output when router integration is enabled.
", + "locationName":"routerIntegrationTransitEncryption" + }, + "ConnectedRouterInputArn":{ + "shape":"String", + "documentation":"The ARN of the router input that's connected to this flow output.
", + "locationName":"connectedRouterInputArn" } }, "documentation":"The settings for an output.
" @@ -4430,6 +6599,26 @@ "DISABLED" ] }, + "PreferredDayTimeMaintenanceConfiguration":{ + "type":"structure", + "required":[ + "Day", + "Time" + ], + "members":{ + "Day":{ + "shape":"Day", + "documentation":"The preferred day for maintenance operations.
", + "locationName":"day" + }, + "Time":{ + "shape":"String", + "documentation":"The preferred time for maintenance operations.
", + "locationName":"time" + } + }, + "documentation":"Configuration for preferred day and time maintenance settings.
" + }, "PriceUnits":{ "type":"string", "enum":["HOURLY"] @@ -4451,6 +6640,36 @@ "ndi-speed-hq" ] }, + "PublicRouterNetworkInterfaceConfiguration":{ + "type":"structure", + "required":["AllowRules"], + "members":{ + "AllowRules":{ + "shape":"PublicRouterNetworkInterfaceConfigurationAllowRulesList", + "documentation":"The list of allowed CIDR blocks for the public router network interface.
", + "locationName":"allowRules" + } + }, + "documentation":"The configuration settings for a public router network interface, including the list of allowed CIDR blocks.
" + }, + "PublicRouterNetworkInterfaceConfigurationAllowRulesList":{ + "type":"list", + "member":{"shape":"PublicRouterNetworkInterfaceRule"}, + "max":10, + "min":0 + }, + "PublicRouterNetworkInterfaceRule":{ + "type":"structure", + "required":["Cidr"], + "members":{ + "Cidr":{ + "shape":"String", + "documentation":"The CIDR block that is allowed to access the public router network interface.
", + "locationName":"cidr" + } + }, + "documentation":"A rule that allows a specific CIDR block to access the public router network interface.
" + }, "PurchaseOfferingRequest":{ "type":"structure", "required":[ @@ -4816,98 +7035,1260 @@ "documentation":"The name that you assigned to the reservation when you purchased the offering.
", "locationName":"reservationName" }, - "ReservationState":{ - "shape":"ReservationState", - "documentation":"The status of your reservation.
", - "locationName":"reservationState" + "ReservationState":{ + "shape":"ReservationState", + "documentation":"The status of your reservation.
", + "locationName":"reservationState" + }, + "ResourceSpecification":{ + "shape":"ResourceSpecification", + "documentation":"A definition of the amount of outbound bandwidth that you would be reserving if you purchase the offering. MediaConnect defines the values that make up the resourceSpecification in the offering.
", + "locationName":"resourceSpecification" + }, + "Start":{ + "shape":"String", + "documentation":"The day and time that the reservation becomes active. You set this value when you purchase the offering.
", + "locationName":"start" + } + }, + "documentation":"A pricing agreement for a discounted rate for a specific outbound bandwidth that your MediaConnect account will use each month over a specific time period. The discounted rate in the reservation applies to outbound bandwidth for all flows from your account until your account reaches the amount of bandwidth in your reservation. If you use more outbound bandwidth than the agreed upon amount in a single month, the overage is charged at the on-demand rate.
" + }, + "ReservationArn":{"type":"string"}, + "ReservationState":{ + "type":"string", + "enum":[ + "ACTIVE", + "EXPIRED", + "PROCESSING", + "CANCELED" + ] + }, + "ResourceSpecification":{ + "type":"structure", + "required":["ResourceType"], + "members":{ + "ReservedBitrate":{ + "shape":"Integer", + "documentation":"The amount of outbound bandwidth that is discounted in the offering.
", + "locationName":"reservedBitrate" + }, + "ResourceType":{ + "shape":"ResourceType", + "documentation":"The type of resource and the unit that is being billed for.
", + "locationName":"resourceType" + } + }, + "documentation":"A definition of what is being billed for, including the type and amount.
" + }, + "ResourceType":{ + "type":"string", + "enum":["Mbps_Outbound_Bandwidth"] + }, + "RestartRouterInputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to restart.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "RestartRouterInputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the router input that was restarted.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router input that was restarted.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterInputState", + "documentation":"The current state of the router input after the restart operation.
", + "locationName":"state" + } + } + }, + "RestartRouterOutputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to restart.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "RestartRouterOutputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The ARN of the router output that was restarted.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router output that was restarted.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterOutputState", + "documentation":"The current state of the router output after the restart operation.
", + "locationName":"state" + } + } + }, + "RevokeFlowEntitlementRequest":{ + "type":"structure", + "required":[ + "EntitlementArn", + "FlowArn" + ], + "members":{ + "EntitlementArn":{ + "shape":"RevokeFlowEntitlementRequestEntitlementArnString", + "documentation":"The Amazon Resource Name (ARN) of the entitlement that you want to revoke.
", + "location":"uri", + "locationName":"EntitlementArn" + }, + "FlowArn":{ + "shape":"RevokeFlowEntitlementRequestFlowArnString", + "documentation":"The flow that you want to revoke an entitlement from.
", + "location":"uri", + "locationName":"FlowArn" + } + } + }, + "RevokeFlowEntitlementRequestEntitlementArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:entitlement:.+" + }, + "RevokeFlowEntitlementRequestFlowArnString":{ + "type":"string", + "pattern":"arn:.+:mediaconnect.+:flow:.+" + }, + "RevokeFlowEntitlementResponse":{ + "type":"structure", + "members":{ + "EntitlementArn":{ + "shape":"String", + "documentation":"The ARN of the entitlement that was revoked.
", + "locationName":"entitlementArn" + }, + "FlowArn":{ + "shape":"String", + "documentation":"The ARN of the flow that the entitlement was revoked from.
", + "locationName":"flowArn" + } + } + }, + "RistRouterInputConfiguration":{ + "type":"structure", + "required":[ + "Port", + "RecoveryLatencyMilliseconds" + ], + "members":{ + "Port":{ + "shape":"RistRouterInputConfigurationPortInteger", + "documentation":"The port number used for the RIST protocol in the router input configuration.
", + "locationName":"port" + }, + "RecoveryLatencyMilliseconds":{ + "shape":"RistRouterInputConfigurationRecoveryLatencyMillisecondsLong", + "documentation":"The recovery latency in milliseconds for the RIST protocol in the router input configuration.
", + "locationName":"recoveryLatencyMilliseconds" + } + }, + "documentation":"The configuration settings for a router input using the RIST (Reliable Internet Stream Transport) protocol, including the port and recovery latency.
" + }, + "RistRouterInputConfigurationPortInteger":{ + "type":"integer", + "box":true, + "max":30000, + "min":3000 + }, + "RistRouterInputConfigurationRecoveryLatencyMillisecondsLong":{ + "type":"long", + "box":true, + "max":10000, + "min":10 + }, + "RistRouterOutputConfiguration":{ + "type":"structure", + "required":[ + "DestinationAddress", + "DestinationPort" + ], + "members":{ + "DestinationAddress":{ + "shape":"String", + "documentation":"The destination IP address for the RIST protocol in the router output configuration.
", + "locationName":"destinationAddress" + }, + "DestinationPort":{ + "shape":"RistRouterOutputConfigurationDestinationPortInteger", + "documentation":"The destination port number for the RIST protocol in the router output configuration.
", + "locationName":"destinationPort" + } + }, + "documentation":"The configuration settings for a router output using the RIST (Reliable Internet Stream Transport) protocol, including the destination address and port.
" + }, + "RistRouterOutputConfigurationDestinationPortInteger":{ + "type":"integer", + "box":true, + "max":65535, + "min":0 + }, + "RoleArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):iam::[0-9]{12}:role/[a-zA-Z0-9_+=,.@-]+" + }, + "RouterInput":{ + "type":"structure", + "required":[ + "Name", + "Arn", + "Id", + "State", + "InputType", + "Configuration", + "RoutedOutputs", + "RegionName", + "AvailabilityZone", + "MaximumBitrate", + "Tier", + "RoutingScope", + "CreatedAt", + "UpdatedAt", + "Messages", + "TransitEncryption", + "Tags", + "StreamDetails", + "MaintenanceType", + "MaintenanceConfiguration" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the router input.
", + "locationName":"name" + }, + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input.
", + "locationName":"arn" + }, + "Id":{ + "shape":"String", + "documentation":"The unique identifier of the router input.
", + "locationName":"id" + }, + "State":{ + "shape":"RouterInputState", + "documentation":"The current state of the router input.
", + "locationName":"state" + }, + "InputType":{ + "shape":"RouterInputType", + "documentation":"The type of the router input.
", + "locationName":"inputType" + }, + "Configuration":{ + "shape":"RouterInputConfiguration", + "locationName":"configuration" + }, + "RoutedOutputs":{ + "shape":"Integer", + "documentation":"The number of router outputs associated with the router input.
", + "locationName":"routedOutputs" + }, + "MaximumRoutedOutputs":{ + "shape":"Integer", + "documentation":"The maximum number of outputs that can be simultaneously routed to this input.
", + "locationName":"maximumRoutedOutputs" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region where the router input is located.
", + "locationName":"regionName" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone of the router input.
", + "locationName":"availabilityZone" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The maximum bitrate for the router input.
", + "locationName":"maximumBitrate" + }, + "Tier":{ + "shape":"RouterInputTier", + "documentation":"The tier level of the router input.
", + "locationName":"tier" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Indicates whether the router input is configured for Regional or global routing.
", + "locationName":"routingScope" + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router input was created.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router input was last updated.
", + "locationName":"updatedAt" + }, + "Messages":{ + "shape":"RouterInputMessages", + "documentation":"The messages associated with the router input.
", + "locationName":"messages" + }, + "TransitEncryption":{ + "shape":"RouterInputTransitEncryption", + "locationName":"transitEncryption" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"Key-value pairs that can be used to tag and organize this router input.
", + "locationName":"tags" + }, + "StreamDetails":{ + "shape":"RouterInputStreamDetails", + "locationName":"streamDetails" + }, + "IpAddress":{ + "shape":"String", + "documentation":"The IP address of the router input.
", + "locationName":"ipAddress" + }, + "MaintenanceType":{ + "shape":"MaintenanceType", + "documentation":"The type of maintenance configuration applied to this router input.
", + "locationName":"maintenanceType" + }, + "MaintenanceConfiguration":{ + "shape":"MaintenanceConfiguration", + "documentation":"The maintenance configuration settings applied to this router input.
", + "locationName":"maintenanceConfiguration" + }, + "MaintenanceScheduleType":{ + "shape":"MaintenanceScheduleType", + "documentation":"The type of maintenance schedule currently in effect for this router input.
", + "locationName":"maintenanceScheduleType" + }, + "MaintenanceSchedule":{ + "shape":"MaintenanceSchedule", + "documentation":"The current maintenance schedule details for this router input.
", + "locationName":"maintenanceSchedule" + } + }, + "documentation":"A router input in AWS Elemental MediaConnect. A router input is a source of media content that can be routed to one or more router outputs.
" + }, + "RouterInputArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):mediaconnect:[a-z0-9-]+:[0-9]{12}:routerInput:[a-z0-9]{12}" + }, + "RouterInputArnList":{ + "type":"list", + "member":{"shape":"RouterInputArn"} + }, + "RouterInputConfiguration":{ + "type":"structure", + "members":{ + "Standard":{ + "shape":"StandardRouterInputConfiguration", + "locationName":"standard" + }, + "Failover":{ + "shape":"FailoverRouterInputConfiguration", + "locationName":"failover" + }, + "Merge":{ + "shape":"MergeRouterInputConfiguration", + "locationName":"merge" + }, + "MediaConnectFlow":{ + "shape":"MediaConnectFlowRouterInputConfiguration", + "locationName":"mediaConnectFlow" + } + }, + "documentation":"The configuration settings for a router input.
", + "union":true + }, + "RouterInputFilter":{ + "type":"structure", + "members":{ + "RegionNames":{ + "shape":"StringList", + "documentation":"The AWS Regions of the router inputs to include in the filter.
", + "locationName":"regionNames" + }, + "InputTypes":{ + "shape":"RouterInputTypeList", + "documentation":"The types of router inputs to include in the filter.
", + "locationName":"inputTypes" + }, + "NameContains":{ + "shape":"StringList", + "documentation":"The names of the router inputs to include in the filter.
", + "locationName":"nameContains" + }, + "NetworkInterfaceArns":{ + "shape":"RouterNetworkInterfaceArnList", + "documentation":"The Amazon Resource Names (ARNs) of the network interfaces associated with the router inputs to include in the filter.
", + "locationName":"networkInterfaceArns" + }, + "RoutingScopes":{ + "shape":"RoutingScopeList", + "documentation":"Filter criteria to list router inputs based on their routing scope (REGIONAL or GLOBAL).
", + "locationName":"routingScopes" + } + }, + "documentation":"A filter that can be used to retrieve a list of router inputs.
", + "union":true + }, + "RouterInputFilterList":{ + "type":"list", + "member":{"shape":"RouterInputFilter"} + }, + "RouterInputList":{ + "type":"list", + "member":{"shape":"RouterInput"} + }, + "RouterInputMessage":{ + "type":"structure", + "required":[ + "Code", + "Message" + ], + "members":{ + "Code":{ + "shape":"String", + "documentation":"The code associated with the router input message.
", + "locationName":"code" + }, + "Message":{ + "shape":"String", + "documentation":"The message text associated with the router input message.
", + "locationName":"message" + } + }, + "documentation":"A message associated with a router input, including a code and a message.
" + }, + "RouterInputMessages":{ + "type":"list", + "member":{"shape":"RouterInputMessage"} + }, + "RouterInputMetadata":{ + "type":"structure", + "members":{ + "TransportStreamMediaInfo":{ + "shape":"TransportMediaInfo", + "locationName":"transportStreamMediaInfo" + } + }, + "documentation":"Metadata information associated with the router input, including stream details and connection state.
", + "union":true + }, + "RouterInputProtocol":{ + "type":"string", + "enum":[ + "RTP", + "RIST", + "SRT_CALLER", + "SRT_LISTENER" + ] + }, + "RouterInputProtocolConfiguration":{ + "type":"structure", + "members":{ + "Rtp":{ + "shape":"RtpRouterInputConfiguration", + "locationName":"rtp" + }, + "Rist":{ + "shape":"RistRouterInputConfiguration", + "locationName":"rist" + }, + "SrtListener":{ + "shape":"SrtListenerRouterInputConfiguration", + "locationName":"srtListener" + }, + "SrtCaller":{ + "shape":"SrtCallerRouterInputConfiguration", + "locationName":"srtCaller" + } + }, + "documentation":"The protocol configuration settings for a router input.
", + "union":true + }, + "RouterInputServiceQuotaExceededException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"The request to create a new router input would exceed the service quotas for the account.
", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "RouterInputSourceMetadataDetails":{ + "type":"structure", + "required":[ + "SourceMetadataMessages", + "Timestamp" + ], + "members":{ + "SourceMetadataMessages":{ + "shape":"RouterInputMessages", + "documentation":"Collection of metadata messages associated with the router input source.
", + "locationName":"sourceMetadataMessages" + }, + "Timestamp":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the metadata was last updated.
", + "locationName":"timestamp" + }, + "RouterInputMetadata":{ + "shape":"RouterInputMetadata", + "documentation":"Metadata information specific to the router input configuration and state.
", + "locationName":"routerInputMetadata" + } + }, + "documentation":"Detailed metadata information about a router input source.
" + }, + "RouterInputState":{ + "type":"string", + "enum":[ + "CREATING", + "STANDBY", + "STARTING", + "ACTIVE", + "STOPPING", + "DELETING", + "UPDATING", + "ERROR", + "RECOVERING", + "MIGRATING" + ] + }, + "RouterInputStreamDetails":{ + "type":"structure", + "members":{ + "Standard":{ + "shape":"StandardRouterInputStreamDetails", + "locationName":"standard" + }, + "Failover":{ + "shape":"FailoverRouterInputStreamDetails", + "locationName":"failover" + }, + "Merge":{ + "shape":"MergeRouterInputStreamDetails", + "locationName":"merge" + }, + "MediaConnectFlow":{ + "shape":"MediaConnectFlowRouterInputStreamDetails", + "locationName":"mediaConnectFlow" + } + }, + "documentation":"Configuration details for the router input stream.
", + "union":true + }, + "RouterInputThumbnailDetails":{ + "type":"structure", + "required":["ThumbnailMessages"], + "members":{ + "ThumbnailMessages":{ + "shape":"RouterInputMessages", + "documentation":"The messages associated with the router input thumbnail.
", + "locationName":"thumbnailMessages" + }, + "Thumbnail":{ + "shape":"Blob", + "documentation":"The thumbnail image, encoded as a Base64-encoded binary data object.
", + "locationName":"thumbnail" + }, + "Timecode":{ + "shape":"String", + "documentation":"The timecode associated with the thumbnail.
", + "locationName":"timecode" + }, + "Timestamp":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp associated with the thumbnail.
", + "locationName":"timestamp" + } + }, + "documentation":"The details of a thumbnail associated with a router input, including the thumbnail messages, the thumbnail image, the timecode, and the timestamp.
" + }, + "RouterInputTier":{ + "type":"string", + "enum":[ + "INPUT_100", + "INPUT_50", + "INPUT_20" + ] + }, + "RouterInputTransitEncryption":{ + "type":"structure", + "required":["EncryptionKeyConfiguration"], + "members":{ + "EncryptionKeyType":{ + "shape":"RouterInputTransitEncryptionKeyType", + "documentation":"Specifies the type of encryption key to use for transit encryption.
", + "locationName":"encryptionKeyType" + }, + "EncryptionKeyConfiguration":{ + "shape":"RouterInputTransitEncryptionKeyConfiguration", + "documentation":"Contains the configuration details for the encryption key used in transit encryption, including the key source and associated parameters.
", + "locationName":"encryptionKeyConfiguration" + } + }, + "documentation":"The transit encryption settings for a router input.
" + }, + "RouterInputTransitEncryptionKeyConfiguration":{ + "type":"structure", + "members":{ + "SecretsManager":{ + "shape":"SecretsManagerEncryptionKeyConfiguration", + "locationName":"secretsManager" + }, + "Automatic":{ + "shape":"AutomaticEncryptionKeyConfiguration", + "locationName":"automatic" + } + }, + "documentation":"Defines the configuration settings for transit encryption keys.
", + "union":true + }, + "RouterInputTransitEncryptionKeyType":{ + "type":"string", + "enum":[ + "SECRETS_MANAGER", + "AUTOMATIC" + ] + }, + "RouterInputType":{ + "type":"string", + "enum":[ + "STANDARD", + "FAILOVER", + "MERGE", + "MEDIACONNECT_FLOW" + ] + }, + "RouterInputTypeList":{ + "type":"list", + "member":{"shape":"RouterInputType"} + }, + "RouterNetworkInterface":{ + "type":"structure", + "required":[ + "Name", + "Arn", + "Id", + "State", + "NetworkInterfaceType", + "Configuration", + "AssociatedOutputCount", + "AssociatedInputCount", + "RegionName", + "CreatedAt", + "UpdatedAt", + "Tags" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the router network interface.
", + "locationName":"name" + }, + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the router network interface.
", + "locationName":"arn" + }, + "Id":{ + "shape":"String", + "documentation":"The unique identifier of the router network interface.
", + "locationName":"id" + }, + "State":{ + "shape":"RouterNetworkInterfaceState", + "documentation":"The current state of the router network interface.
", + "locationName":"state" + }, + "NetworkInterfaceType":{ + "shape":"RouterNetworkInterfaceType", + "documentation":"The type of the router network interface.
", + "locationName":"networkInterfaceType" + }, + "Configuration":{ + "shape":"RouterNetworkInterfaceConfiguration", + "locationName":"configuration" + }, + "AssociatedOutputCount":{ + "shape":"Integer", + "documentation":"The number of router outputs associated with the network interface.
", + "locationName":"associatedOutputCount" + }, + "AssociatedInputCount":{ + "shape":"Integer", + "documentation":"The number of router inputs associated with the network interface.
", + "locationName":"associatedInputCount" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region where the router network interface is located.
", + "locationName":"regionName" + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router network interface was created.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router network interface was last updated.
", + "locationName":"updatedAt" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"Key-value pairs that can be used to tag and organize this router network interface.
", + "locationName":"tags" + } + }, + "documentation":"A router network interface in AWS Elemental MediaConnect. A router network interface is a network interface that can be associated with one or more router inputs and outputs.
" + }, + "RouterNetworkInterfaceArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):mediaconnect:[a-z0-9-]+:[0-9]{12}:routerNetworkInterface:[a-z0-9]{12}" + }, + "RouterNetworkInterfaceArnList":{ + "type":"list", + "member":{"shape":"RouterNetworkInterfaceArn"} + }, + "RouterNetworkInterfaceConfiguration":{ + "type":"structure", + "members":{ + "Public":{ + "shape":"PublicRouterNetworkInterfaceConfiguration", + "locationName":"public" + }, + "Vpc":{ + "shape":"VpcRouterNetworkInterfaceConfiguration", + "locationName":"vpc" + } + }, + "documentation":"The configuration settings for a router network interface.
", + "union":true + }, + "RouterNetworkInterfaceFilter":{ + "type":"structure", + "members":{ + "RegionNames":{ + "shape":"StringList", + "documentation":"The AWS Regions of the router network interfaces to include in the filter.
", + "locationName":"regionNames" + }, + "NetworkInterfaceTypes":{ + "shape":"RouterNetworkInterfaceTypeList", + "documentation":"The types of router network interfaces to include in the filter.
", + "locationName":"networkInterfaceTypes" + }, + "NameContains":{ + "shape":"StringList", + "documentation":"The names of the router network interfaces to include in the filter.
", + "locationName":"nameContains" + } + }, + "documentation":"A filter that can be used to retrieve a list of router network interfaces.
", + "union":true + }, + "RouterNetworkInterfaceFilterList":{ + "type":"list", + "member":{"shape":"RouterNetworkInterfaceFilter"} + }, + "RouterNetworkInterfaceList":{ + "type":"list", + "member":{"shape":"RouterNetworkInterface"} + }, + "RouterNetworkInterfaceServiceQuotaExceededException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{ + "shape":"String", + "locationName":"message" + } + }, + "documentation":"The request to create a new router network interface would exceed the service quotas (limits) set for the account.
", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true + }, + "RouterNetworkInterfaceState":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "ERROR", + "RECOVERING" + ] + }, + "RouterNetworkInterfaceType":{ + "type":"string", + "enum":[ + "PUBLIC", + "VPC" + ] + }, + "RouterNetworkInterfaceTypeList":{ + "type":"list", + "member":{"shape":"RouterNetworkInterfaceType"} + }, + "RouterOutput":{ + "type":"structure", + "required":[ + "Name", + "Arn", + "Id", + "State", + "OutputType", + "Configuration", + "RoutedState", + "RegionName", + "AvailabilityZone", + "MaximumBitrate", + "RoutingScope", + "Tier", + "CreatedAt", + "UpdatedAt", + "Messages", + "Tags", + "StreamDetails", + "MaintenanceType", + "MaintenanceConfiguration" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the router output.
", + "locationName":"name" + }, + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output.
", + "locationName":"arn" + }, + "Id":{ + "shape":"String", + "documentation":"The unique identifier of the router output.
", + "locationName":"id" + }, + "State":{ + "shape":"RouterOutputState", + "documentation":"The overall state of the router output.
", + "locationName":"state" + }, + "OutputType":{ + "shape":"RouterOutputType", + "documentation":"The type of the router output.
", + "locationName":"outputType" + }, + "Configuration":{ + "shape":"RouterOutputConfiguration", + "locationName":"configuration" + }, + "RoutedState":{ + "shape":"RouterOutputRoutedState", + "documentation":"The current state of the association between the router output and its input.
", + "locationName":"routedState" + }, + "RegionName":{ + "shape":"String", + "documentation":"The AWS Region where the router output is located.
", + "locationName":"regionName" + }, + "AvailabilityZone":{ + "shape":"String", + "documentation":"The Availability Zone of the router output.
", + "locationName":"availabilityZone" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The maximum bitrate for the router output.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Indicates whether the router output is configured for Regional or global routing.
", + "locationName":"routingScope" + }, + "Tier":{ + "shape":"RouterOutputTier", + "documentation":"The tier level of the router output.
", + "locationName":"tier" + }, + "CreatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router output was created.
", + "locationName":"createdAt" + }, + "UpdatedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The timestamp when the router output was last updated.
", + "locationName":"updatedAt" + }, + "Messages":{ + "shape":"RouterOutputMessages", + "documentation":"The messages associated with the router output.
", + "locationName":"messages" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"Key-value pairs that can be used to tag and organize this router output.
", + "locationName":"tags" + }, + "StreamDetails":{ + "shape":"RouterOutputStreamDetails", + "locationName":"streamDetails" + }, + "IpAddress":{ + "shape":"String", + "documentation":"The IP address of the router output.
", + "locationName":"ipAddress" + }, + "RoutedInputArn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input associated with the output.
", + "locationName":"routedInputArn" + }, + "MaintenanceType":{ + "shape":"MaintenanceType", + "documentation":"The type of maintenance configuration applied to this router output.
", + "locationName":"maintenanceType" + }, + "MaintenanceConfiguration":{ + "shape":"MaintenanceConfiguration", + "documentation":"The maintenance configuration settings applied to this router output.
", + "locationName":"maintenanceConfiguration" + }, + "MaintenanceScheduleType":{ + "shape":"MaintenanceScheduleType", + "documentation":"The type of maintenance schedule currently in effect for this router output.
", + "locationName":"maintenanceScheduleType" + }, + "MaintenanceSchedule":{ + "shape":"MaintenanceSchedule", + "documentation":"The current maintenance schedule details for this router output.
", + "locationName":"maintenanceSchedule" + } + }, + "documentation":"A router output in AWS Elemental MediaConnect. A router output is a destination for media content that can receive input from one or more router inputs.
" + }, + "RouterOutputArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):mediaconnect:[a-z0-9-]+:[0-9]{12}:routerOutput:[a-z0-9]{12}" + }, + "RouterOutputConfiguration":{ + "type":"structure", + "members":{ + "Standard":{ + "shape":"StandardRouterOutputConfiguration", + "locationName":"standard" + }, + "MediaConnectFlow":{ + "shape":"MediaConnectFlowRouterOutputConfiguration", + "locationName":"mediaConnectFlow" + }, + "MediaLiveInput":{ + "shape":"MediaLiveInputRouterOutputConfiguration", + "locationName":"mediaLiveInput" + } + }, + "documentation":"The configuration settings for a router output.
", + "union":true + }, + "RouterOutputFilter":{ + "type":"structure", + "members":{ + "RegionNames":{ + "shape":"StringList", + "documentation":"The AWS Regions of the router outputs to include in the filter.
", + "locationName":"regionNames" + }, + "OutputTypes":{ + "shape":"RouterOutputTypeList", + "documentation":"The types of router outputs to include in the filter.
", + "locationName":"outputTypes" + }, + "NameContains":{ + "shape":"StringList", + "documentation":"The names of the router outputs to include in the filter.
", + "locationName":"nameContains" + }, + "NetworkInterfaceArns":{ + "shape":"RouterNetworkInterfaceArnList", + "documentation":"The Amazon Resource Names (ARNs) of the network interfaces associated with the router outputs to include in the filter.
", + "locationName":"networkInterfaceArns" + }, + "RoutedInputArns":{ + "shape":"RouterInputArnList", + "documentation":"The ARNs of the router inputs associated with the router outputs to include in the filter.
", + "locationName":"routedInputArns" + }, + "RoutingScopes":{ + "shape":"RoutingScopeList", + "documentation":"Filter criteria to list router outputs based on their routing scope.
", + "locationName":"routingScopes" + } + }, + "documentation":"A filter that can be used to retrieve a list of router outputs.
", + "union":true + }, + "RouterOutputFilterList":{ + "type":"list", + "member":{"shape":"RouterOutputFilter"} + }, + "RouterOutputList":{ + "type":"list", + "member":{"shape":"RouterOutput"} + }, + "RouterOutputMessage":{ + "type":"structure", + "required":[ + "Code", + "Message" + ], + "members":{ + "Code":{ + "shape":"String", + "documentation":"The code associated with the router output message.
", + "locationName":"code" + }, + "Message":{ + "shape":"String", + "documentation":"The message text associated with the router output message.
", + "locationName":"message" + } + }, + "documentation":"A message associated with a router output.
" + }, + "RouterOutputMessages":{ + "type":"list", + "member":{"shape":"RouterOutputMessage"} + }, + "RouterOutputProtocol":{ + "type":"string", + "enum":[ + "RTP", + "RIST", + "SRT_CALLER", + "SRT_LISTENER" + ] + }, + "RouterOutputProtocolConfiguration":{ + "type":"structure", + "members":{ + "Rtp":{ + "shape":"RtpRouterOutputConfiguration", + "locationName":"rtp" + }, + "Rist":{ + "shape":"RistRouterOutputConfiguration", + "locationName":"rist" }, - "ResourceSpecification":{ - "shape":"ResourceSpecification", - "documentation":"A definition of the amount of outbound bandwidth that you would be reserving if you purchase the offering. MediaConnect defines the values that make up the resourceSpecification in the offering.
", - "locationName":"resourceSpecification" + "SrtListener":{ + "shape":"SrtListenerRouterOutputConfiguration", + "locationName":"srtListener" }, - "Start":{ - "shape":"String", - "documentation":"The day and time that the reservation becomes active. You set this value when you purchase the offering.
", - "locationName":"start" + "SrtCaller":{ + "shape":"SrtCallerRouterOutputConfiguration", + "locationName":"srtCaller" } }, - "documentation":"A pricing agreement for a discounted rate for a specific outbound bandwidth that your MediaConnect account will use each month over a specific time period. The discounted rate in the reservation applies to outbound bandwidth for all flows from your account until your account reaches the amount of bandwidth in your reservation. If you use more outbound bandwidth than the agreed upon amount in a single month, the overage is charged at the on-demand rate.
" + "documentation":"The protocol configuration settings for a router output.
", + "union":true }, - "ReservationArn":{"type":"string"}, - "ReservationState":{ + "RouterOutputRoutedState":{ "type":"string", "enum":[ - "ACTIVE", - "EXPIRED", - "PROCESSING", - "CANCELED" + "ROUTED", + "ROUTING", + "UNROUTED" ] }, - "ResourceSpecification":{ + "RouterOutputServiceQuotaExceededException":{ "type":"structure", - "required":["ResourceType"], + "required":["Message"], "members":{ - "ReservedBitrate":{ - "shape":"Integer", - "documentation":"The amount of outbound bandwidth that is discounted in the offering.
", - "locationName":"reservedBitrate" - }, - "ResourceType":{ - "shape":"ResourceType", - "documentation":"The type of resource and the unit that is being billed for.
", - "locationName":"resourceType" + "Message":{ + "shape":"String", + "locationName":"message" } }, - "documentation":"A definition of what is being billed for, including the type and amount.
" + "documentation":"The request to create a new router output would exceed the service quotas (limits) set for the account.
", + "error":{ + "httpStatusCode":420, + "senderFault":true + }, + "exception":true }, - "ResourceType":{ + "RouterOutputState":{ "type":"string", - "enum":["Mbps_Outbound_Bandwidth"] + "enum":[ + "CREATING", + "STANDBY", + "STARTING", + "ACTIVE", + "STOPPING", + "DELETING", + "UPDATING", + "ERROR", + "RECOVERING", + "MIGRATING" + ] }, - "RevokeFlowEntitlementRequest":{ + "RouterOutputStreamDetails":{ "type":"structure", - "required":[ - "EntitlementArn", - "FlowArn" - ], "members":{ - "EntitlementArn":{ - "shape":"RevokeFlowEntitlementRequestEntitlementArnString", - "documentation":"The Amazon Resource Name (ARN) of the entitlement that you want to revoke.
", - "location":"uri", - "locationName":"EntitlementArn" + "Standard":{ + "shape":"StandardRouterOutputStreamDetails", + "locationName":"standard" }, - "FlowArn":{ - "shape":"RevokeFlowEntitlementRequestFlowArnString", - "documentation":"The flow that you want to revoke an entitlement from.
", - "location":"uri", - "locationName":"FlowArn" + "MediaConnectFlow":{ + "shape":"MediaConnectFlowRouterOutputStreamDetails", + "locationName":"mediaConnectFlow" + }, + "MediaLiveInput":{ + "shape":"MediaLiveInputRouterOutputStreamDetails", + "locationName":"mediaLiveInput" } - } + }, + "documentation":"Information about the router output's stream, including connection state and destination details. The specific details provided vary based on the router output type.
", + "union":true }, - "RevokeFlowEntitlementRequestEntitlementArnString":{ + "RouterOutputTier":{ "type":"string", - "pattern":"arn:.+:mediaconnect.+:entitlement:.+" + "enum":[ + "OUTPUT_100", + "OUTPUT_50", + "OUTPUT_20" + ] }, - "RevokeFlowEntitlementRequestFlowArnString":{ + "RouterOutputType":{ "type":"string", - "pattern":"arn:.+:mediaconnect.+:flow:.+" + "enum":[ + "STANDARD", + "MEDIACONNECT_FLOW", + "MEDIALIVE_INPUT" + ] }, - "RevokeFlowEntitlementResponse":{ + "RouterOutputTypeList":{ + "type":"list", + "member":{"shape":"RouterOutputType"} + }, + "RoutingScope":{ + "type":"string", + "enum":[ + "REGIONAL", + "GLOBAL" + ] + }, + "RoutingScopeList":{ + "type":"list", + "member":{"shape":"RoutingScope"} + }, + "RtpRouterInputConfiguration":{ "type":"structure", + "required":["Port"], "members":{ - "EntitlementArn":{ - "shape":"String", - "documentation":"The ARN of the entitlement that was revoked.
", - "locationName":"entitlementArn" + "Port":{ + "shape":"RtpRouterInputConfigurationPortInteger", + "documentation":"The port number used for the RTP protocol in the router input configuration.
", + "locationName":"port" }, - "FlowArn":{ + "ForwardErrorCorrection":{ + "shape":"ForwardErrorCorrectionState", + "documentation":"The state of forward error correction for the RTP protocol in the router input configuration.
", + "locationName":"forwardErrorCorrection" + } + }, + "documentation":"The configuration settings for a Router Input using the RTP (Real-Time Transport Protocol) protocol, including the port and forward error correction state.
" + }, + "RtpRouterInputConfigurationPortInteger":{ + "type":"integer", + "box":true, + "max":30000, + "min":3000 + }, + "RtpRouterOutputConfiguration":{ + "type":"structure", + "required":[ + "DestinationAddress", + "DestinationPort" + ], + "members":{ + "DestinationAddress":{ "shape":"String", - "documentation":"The ARN of the flow that the entitlement was revoked from.
", - "locationName":"flowArn" + "documentation":"The destination IP address for the RTP protocol in the router output configuration.
", + "locationName":"destinationAddress" + }, + "DestinationPort":{ + "shape":"RtpRouterOutputConfigurationDestinationPortInteger", + "documentation":"The destination port number for the RTP protocol in the router output configuration.
", + "locationName":"destinationPort" + }, + "ForwardErrorCorrection":{ + "shape":"ForwardErrorCorrectionState", + "documentation":"The state of forward error correction for the RTP protocol in the router output configuration.
", + "locationName":"forwardErrorCorrection" } - } + }, + "documentation":"The configuration settings for a router output using the RTP (Real-Time Transport Protocol) protocol, including the destination address and port, and forward error correction state.
" + }, + "RtpRouterOutputConfigurationDestinationPortInteger":{ + "type":"integer", + "box":true, + "max":65531, + "min":0 }, "ScanMode":{ "type":"string", @@ -4917,6 +8298,30 @@ "progressive-segmented-frame" ] }, + "SecretArn":{ + "type":"string", + "pattern":"arn:(aws[a-zA-Z-]*):secretsmanager:[a-z0-9-]+:[0-9]{12}:secret:[a-zA-Z0-9/_+=.@-]+" + }, + "SecretsManagerEncryptionKeyConfiguration":{ + "type":"structure", + "required":[ + "SecretArn", + "RoleArn" + ], + "members":{ + "SecretArn":{ + "shape":"SecretArn", + "documentation":"The ARN of the AWS Secrets Manager secret used for transit encryption.
", + "locationName":"secretArn" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"The ARN of the IAM role assumed by MediaConnect to access the AWS Secrets Manager secret.
", + "locationName":"roleArn" + } + }, + "documentation":"The configuration settings for transit encryption using AWS Secrets Manager, including the secret ARN and role ARN.
" + }, "ServiceUnavailableException":{ "type":"structure", "required":["Message"], @@ -5055,6 +8460,16 @@ "shape":"__mapOfString", "documentation":"The key-value pairs that can be used to tag and organize the source.
", "locationName":"sourceTags" + }, + "RouterIntegrationState":{ + "shape":"State", + "documentation":"Indicates whether to enable or disable router integration when setting a flow source.
", + "locationName":"routerIntegrationState" + }, + "RouterIntegrationTransitDecryption":{ + "shape":"FlowTransitEncryption", + "documentation":"The decryption configuration for the flow source when router integration is enabled. Specifies how the source content should be decrypted when router integration is used.
", + "locationName":"routerIntegrationTransitDecryption" } }, "documentation":"The settings for the source of the flow.
" @@ -5165,6 +8580,21 @@ "shape":"String", "documentation":"The IP address of the device that is currently sending content to this source.
For sources that use protocols where you specify the origin (such as SRT Caller), this value matches the configured origin address.
For sources that use listener protocols (such as SRT Listener or RTP), this value shows the address of the connected sender.
Peer IP addresses aren't available for entitlements and CDI/ST2110 sources.
The peer IP address might not be visible for flows that haven't been started yet, or flows that were started before May 2025. In these cases, restart your flow to see the peer IP address.
Indicates if router integration is enabled or disabled on the flow source.
", + "locationName":"routerIntegrationState" + }, + "RouterIntegrationTransitDecryption":{ + "shape":"FlowTransitEncryption", + "documentation":"The decryption configuration for the flow source when router integration is enabled.
", + "locationName":"routerIntegrationTransitDecryption" + }, + "ConnectedRouterOutputArn":{ + "shape":"String", + "documentation":"The ARN of the router output that's currently connected to this source.
", + "locationName":"connectedRouterOutputArn" } }, "documentation":"The settings for the source of the flow.
" @@ -5187,6 +8617,272 @@ "ENTITLED" ] }, + "SrtCallerRouterInputConfiguration":{ + "type":"structure", + "required":[ + "SourceAddress", + "SourcePort", + "MinimumLatencyMilliseconds" + ], + "members":{ + "SourceAddress":{ + "shape":"String", + "documentation":"The source IP address for the SRT protocol in caller mode.
", + "locationName":"sourceAddress" + }, + "SourcePort":{ + "shape":"SrtCallerRouterInputConfigurationSourcePortInteger", + "documentation":"The source port number for the SRT protocol in caller mode.
", + "locationName":"sourcePort" + }, + "MinimumLatencyMilliseconds":{ + "shape":"SrtCallerRouterInputConfigurationMinimumLatencyMillisecondsLong", + "documentation":"The minimum latency in milliseconds for the SRT protocol in caller mode.
", + "locationName":"minimumLatencyMilliseconds" + }, + "StreamId":{ + "shape":"String", + "documentation":"The stream ID for the SRT protocol in caller mode.
", + "locationName":"streamId" + }, + "DecryptionConfiguration":{ + "shape":"SrtDecryptionConfiguration", + "documentation":"Specifies the decryption settings for an SRT caller input, including the encryption key configuration and associated parameters.
", + "locationName":"decryptionConfiguration" + } + }, + "documentation":"The configuration settings for a router input using the SRT (Secure Reliable Transport) protocol in caller mode, including the source address and port, minimum latency, stream ID, and decryption key configuration.
" + }, + "SrtCallerRouterInputConfigurationMinimumLatencyMillisecondsLong":{ + "type":"long", + "box":true, + "max":10000, + "min":10 + }, + "SrtCallerRouterInputConfigurationSourcePortInteger":{ + "type":"integer", + "box":true, + "max":65535, + "min":0 + }, + "SrtCallerRouterOutputConfiguration":{ + "type":"structure", + "required":[ + "DestinationAddress", + "DestinationPort", + "MinimumLatencyMilliseconds" + ], + "members":{ + "DestinationAddress":{ + "shape":"String", + "documentation":"The destination IP address for the SRT protocol in caller mode.
", + "locationName":"destinationAddress" + }, + "DestinationPort":{ + "shape":"SrtCallerRouterOutputConfigurationDestinationPortInteger", + "documentation":"The destination port number for the SRT protocol in caller mode.
", + "locationName":"destinationPort" + }, + "MinimumLatencyMilliseconds":{ + "shape":"SrtCallerRouterOutputConfigurationMinimumLatencyMillisecondsLong", + "documentation":"The minimum latency in milliseconds for the SRT protocol in caller mode.
", + "locationName":"minimumLatencyMilliseconds" + }, + "StreamId":{ + "shape":"String", + "documentation":"The stream ID for the SRT protocol in caller mode.
", + "locationName":"streamId" + }, + "EncryptionConfiguration":{ + "shape":"SrtEncryptionConfiguration", + "documentation":"Defines the encryption settings for an SRT caller output, including the encryption key configuration and associated parameters.
", + "locationName":"encryptionConfiguration" + } + }, + "documentation":"The configuration settings for a router output using the SRT (Secure Reliable Transport) protocol in caller mode, including the destination address and port, minimum latency, stream ID, and encryption key configuration.
" + }, + "SrtCallerRouterOutputConfigurationDestinationPortInteger":{ + "type":"integer", + "box":true, + "max":65535, + "min":0 + }, + "SrtCallerRouterOutputConfigurationMinimumLatencyMillisecondsLong":{ + "type":"long", + "box":true, + "max":10000, + "min":10 + }, + "SrtDecryptionConfiguration":{ + "type":"structure", + "required":["EncryptionKey"], + "members":{ + "EncryptionKey":{ + "shape":"SecretsManagerEncryptionKeyConfiguration", + "documentation":"Specifies the encryption key configuration used for decrypting SRT streams, including the key source and associated credentials.
", + "locationName":"encryptionKey" + } + }, + "documentation":"Contains the configuration settings for decrypting SRT streams, including the encryption key details and decryption parameters.
" + }, + "SrtEncryptionConfiguration":{ + "type":"structure", + "required":["EncryptionKey"], + "members":{ + "EncryptionKey":{ + "shape":"SecretsManagerEncryptionKeyConfiguration", + "documentation":"Specifies the encryption key configuration used for encrypting SRT streams, including the key source and associated credentials.
", + "locationName":"encryptionKey" + } + }, + "documentation":"Contains the configuration settings for encrypting SRT streams, including the encryption key details and encryption parameters.
" + }, + "SrtListenerRouterInputConfiguration":{ + "type":"structure", + "required":[ + "Port", + "MinimumLatencyMilliseconds" + ], + "members":{ + "Port":{ + "shape":"SrtListenerRouterInputConfigurationPortInteger", + "documentation":"The port number for the SRT protocol in listener mode.
", + "locationName":"port" + }, + "MinimumLatencyMilliseconds":{ + "shape":"SrtListenerRouterInputConfigurationMinimumLatencyMillisecondsLong", + "documentation":"The minimum latency in milliseconds for the SRT protocol in listener mode.
", + "locationName":"minimumLatencyMilliseconds" + }, + "DecryptionConfiguration":{ + "shape":"SrtDecryptionConfiguration", + "documentation":"Specifies the decryption settings for an SRT listener input, including the encryption key configuration and associated parameters.
", + "locationName":"decryptionConfiguration" + } + }, + "documentation":"The configuration settings for a router input using the SRT (Secure Reliable Transport) protocol in listener mode, including the port, minimum latency, and decryption key configuration.
" + }, + "SrtListenerRouterInputConfigurationMinimumLatencyMillisecondsLong":{ + "type":"long", + "box":true, + "max":10000, + "min":10 + }, + "SrtListenerRouterInputConfigurationPortInteger":{ + "type":"integer", + "box":true, + "max":30000, + "min":3000 + }, + "SrtListenerRouterOutputConfiguration":{ + "type":"structure", + "required":[ + "Port", + "MinimumLatencyMilliseconds" + ], + "members":{ + "Port":{ + "shape":"SrtListenerRouterOutputConfigurationPortInteger", + "documentation":"The port number for the SRT protocol in listener mode.
", + "locationName":"port" + }, + "MinimumLatencyMilliseconds":{ + "shape":"SrtListenerRouterOutputConfigurationMinimumLatencyMillisecondsLong", + "documentation":"The minimum latency in milliseconds for the SRT protocol in listener mode.
", + "locationName":"minimumLatencyMilliseconds" + }, + "EncryptionConfiguration":{ + "shape":"SrtEncryptionConfiguration", + "documentation":"Defines the encryption settings for an SRT listener output, including the encryption key configuration and associated parameters.
", + "locationName":"encryptionConfiguration" + } + }, + "documentation":"The configuration settings for a router output using the SRT (Secure Reliable Transport) protocol in listener mode, including the port, minimum latency, and encryption key configuration.
" + }, + "SrtListenerRouterOutputConfigurationMinimumLatencyMillisecondsLong":{ + "type":"long", + "box":true, + "max":10000, + "min":10 + }, + "SrtListenerRouterOutputConfigurationPortInteger":{ + "type":"integer", + "box":true, + "max":30000, + "min":3000 + }, + "StandardRouterInputConfiguration":{ + "type":"structure", + "required":[ + "NetworkInterfaceArn", + "ProtocolConfiguration" + ], + "members":{ + "NetworkInterfaceArn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the network interface associated with the standard router input.
", + "locationName":"networkInterfaceArn" + }, + "ProtocolConfiguration":{ + "shape":"RouterInputProtocolConfiguration", + "documentation":"The configuration settings for the protocol used by the standard router input.
", + "locationName":"protocolConfiguration" + }, + "Protocol":{ + "shape":"RouterInputProtocol", + "documentation":"The protocol used by the standard router input.
", + "locationName":"protocol" + } + }, + "documentation":"The configuration settings for a standard router input, including the protocol, protocol-specific configuration, network interface, and availability zone.
" + }, + "StandardRouterInputStreamDetails":{ + "type":"structure", + "members":{ + "SourceIpAddress":{ + "shape":"String", + "documentation":"The source IP address for the standard router input stream.
", + "locationName":"sourceIpAddress" + } + }, + "documentation":"Configuration details for a standard router input stream type.
" + }, + "StandardRouterOutputConfiguration":{ + "type":"structure", + "required":[ + "NetworkInterfaceArn", + "ProtocolConfiguration" + ], + "members":{ + "NetworkInterfaceArn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the network interface associated with the standard router output.
", + "locationName":"networkInterfaceArn" + }, + "ProtocolConfiguration":{ + "shape":"RouterOutputProtocolConfiguration", + "documentation":"The configuration settings for the protocol used by the standard router output.
", + "locationName":"protocolConfiguration" + }, + "Protocol":{ + "shape":"RouterOutputProtocol", + "documentation":"The protocol used by the standard router output.
", + "locationName":"protocol" + } + }, + "documentation":"The configuration settings for a standard router output, including the protocol, protocol-specific configuration, network interface, and availability zone.
" + }, + "StandardRouterOutputStreamDetails":{ + "type":"structure", + "members":{ + "DestinationIpAddress":{ + "shape":"String", + "documentation":"The IP address where the output stream will be sent. This is the destination address that will receive the routed media content.
", + "locationName":"destinationIpAddress" + } + }, + "documentation":"Configuration details for a standard router output stream type. Contains information about the destination IP address and connection state for basic output routing.
" + }, "StartFlowRequest":{ "type":"structure", "required":["FlowArn"], @@ -5218,6 +8914,104 @@ } } }, + "StartRouterInputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to start.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "StartRouterInputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State", + "MaintenanceScheduleType", + "MaintenanceSchedule" + ], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the router input that was started.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router input that was started.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterInputState", + "documentation":"The current state of the router input after being started.
", + "locationName":"state" + }, + "MaintenanceScheduleType":{ + "shape":"MaintenanceScheduleType", + "documentation":"The type of maintenance schedule associated with the router input.
", + "locationName":"maintenanceScheduleType" + }, + "MaintenanceSchedule":{ + "shape":"MaintenanceSchedule", + "documentation":"The details of the maintenance schedule for the router input.
", + "locationName":"maintenanceSchedule" + } + } + }, + "StartRouterOutputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to start.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "StartRouterOutputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State", + "MaintenanceScheduleType", + "MaintenanceSchedule" + ], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that was started.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router output that was started.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterOutputState", + "documentation":"The current state of the router output after being started.
", + "locationName":"state" + }, + "MaintenanceScheduleType":{ + "shape":"MaintenanceScheduleType", + "documentation":"The type of maintenance schedule associated with the router output.
", + "locationName":"maintenanceScheduleType" + }, + "MaintenanceSchedule":{ + "shape":"MaintenanceSchedule", + "documentation":"The details of the maintenance schedule for the router output.
", + "locationName":"maintenanceSchedule" + } + } + }, "State":{ "type":"string", "enum":[ @@ -5268,11 +9062,109 @@ } } }, + "StopRouterInputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to stop.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "StopRouterInputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the router input that was stopped.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router input that was stopped.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterInputState", + "documentation":"The current state of the router input after being stopped.
", + "locationName":"state" + } + } + }, + "StopRouterOutputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to stop.
", + "location":"uri", + "locationName":"Arn" + } + } + }, + "StopRouterOutputResponse":{ + "type":"structure", + "required":[ + "Arn", + "Name", + "State" + ], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The ARN of the router output that was stopped.
", + "locationName":"arn" + }, + "Name":{ + "shape":"String", + "documentation":"The name of the router output that was stopped.
", + "locationName":"name" + }, + "State":{ + "shape":"RouterOutputState", + "documentation":"The current state of the router output after being stopped.
", + "locationName":"state" + } + } + }, "String":{"type":"string"}, + "StringList":{ + "type":"list", + "member":{"shape":"String"} + }, "SyntheticTimestamp_date_time":{ "type":"timestamp", "timestampFormat":"iso8601" }, + "TagGlobalResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Tags" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the global resource to tag.
", + "location":"uri", + "locationName":"ResourceArn" + }, + "Tags":{ + "shape":"__mapOfString", + "documentation":"A map of tag keys and values to add to the global resource.
", + "locationName":"tags" + } + } + }, "TagResourceRequest":{ "type":"structure", "required":[ @@ -5293,6 +9185,58 @@ } } }, + "TakeRouterInputRequest":{ + "type":"structure", + "required":["RouterOutputArn"], + "members":{ + "RouterOutputArn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to associate with a router input.
", + "location":"uri", + "locationName":"RouterOutputArn" + }, + "RouterInputArn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to associate with a router output.
", + "locationName":"routerInputArn" + } + } + }, + "TakeRouterInputResponse":{ + "type":"structure", + "required":[ + "RoutedState", + "RouterOutputArn", + "RouterOutputName" + ], + "members":{ + "RoutedState":{ + "shape":"RouterOutputRoutedState", + "documentation":"The state of the association between the router input and output.
", + "locationName":"routedState" + }, + "RouterOutputArn":{ + "shape":"RouterOutputArn", + "documentation":"The ARN of the associated router output.
", + "locationName":"routerOutputArn" + }, + "RouterOutputName":{ + "shape":"String", + "documentation":"The name of the associated router output.
", + "locationName":"routerOutputName" + }, + "RouterInputArn":{ + "shape":"RouterInputArn", + "documentation":"The ARN of the associated router input.
", + "locationName":"routerInputArn" + }, + "RouterInputName":{ + "shape":"String", + "documentation":"The name of the associated router input.
", + "locationName":"routerInputName" + } + } + }, "Tcs":{ "type":"string", "enum":[ @@ -5547,6 +9491,27 @@ }, "documentation":"The metadata of a single transport stream program.
" }, + "UntagGlobalResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the global resource to remove tags from.
", + "location":"uri", + "locationName":"ResourceArn" + }, + "TagKeys":{ + "shape":"__listOfString", + "documentation":"The keys of the tags to remove from the global resource.
", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -6150,6 +10115,15 @@ "shape":"Integer", "documentation":"A quality setting for the NDI Speed HQ encoder.
", "locationName":"ndiSpeedHqQuality" + }, + "RouterIntegrationState":{ + "shape":"State", + "documentation":"Indicates whether to enable or disable router integration for this flow output.
", + "locationName":"routerIntegrationState" + }, + "RouterIntegrationTransitEncryption":{ + "shape":"FlowTransitEncryption", + "locationName":"routerIntegrationTransitEncryption" } } }, @@ -6335,6 +10309,16 @@ "shape":"UpdateGatewayBridgeSourceRequest", "documentation":"The source configuration for cloud flows receiving a stream from a bridge.
", "locationName":"gatewayBridgeSource" + }, + "RouterIntegrationState":{ + "shape":"State", + "documentation":"Indicates whether to enable or disable router integration for this flow source.
", + "locationName":"routerIntegrationState" + }, + "RouterIntegrationTransitDecryption":{ + "shape":"FlowTransitEncryption", + "documentation":"The encryption configuration for the flow source when router integration is enabled.
", + "locationName":"routerIntegrationTransitDecryption" } } }, @@ -6458,6 +10442,165 @@ }, "documentation":"Update maintenance setting for a flow.
" }, + "UpdateRouterInputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterInputArn", + "documentation":"The Amazon Resource Name (ARN) of the router input that you want to update.
", + "location":"uri", + "locationName":"Arn" + }, + "Name":{ + "shape":"UpdateRouterInputRequestNameString", + "documentation":"The updated name for the router input.
", + "locationName":"name" + }, + "Configuration":{ + "shape":"RouterInputConfiguration", + "documentation":"The updated configuration settings for the router input. Changing the type of the configuration is not supported.
", + "locationName":"configuration" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The updated maximum bitrate for the router input.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Specifies whether the router input can be assigned to outputs in different Regions. REGIONAL (default) - can be assigned only to outputs in the same Region. GLOBAL - can be assigned to outputs in any Region.
", + "locationName":"routingScope" + }, + "Tier":{ + "shape":"RouterInputTier", + "documentation":"The updated tier level for the router input.
", + "locationName":"tier" + }, + "TransitEncryption":{ + "shape":"RouterInputTransitEncryption", + "documentation":"The updated transit encryption settings for the router input.
", + "locationName":"transitEncryption" + }, + "MaintenanceConfiguration":{ + "shape":"MaintenanceConfiguration", + "documentation":"The updated maintenance configuration settings for the router input, including any changes to preferred maintenance windows and schedules.
", + "locationName":"maintenanceConfiguration" + } + } + }, + "UpdateRouterInputRequestNameString":{ + "type":"string", + "max":128, + "min":1 + }, + "UpdateRouterInputResponse":{ + "type":"structure", + "required":["RouterInput"], + "members":{ + "RouterInput":{ + "shape":"RouterInput", + "documentation":"The updated router input.
", + "locationName":"routerInput" + } + } + }, + "UpdateRouterNetworkInterfaceRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterNetworkInterfaceArn", + "documentation":"The Amazon Resource Name (ARN) of the router network interface that you want to update.
", + "location":"uri", + "locationName":"Arn" + }, + "Name":{ + "shape":"UpdateRouterNetworkInterfaceRequestNameString", + "documentation":"The updated name for the router network interface.
", + "locationName":"name" + }, + "Configuration":{ + "shape":"RouterNetworkInterfaceConfiguration", + "documentation":"The updated configuration settings for the router network interface. Changing the type of the configuration is not supported.
", + "locationName":"configuration" + } + } + }, + "UpdateRouterNetworkInterfaceRequestNameString":{ + "type":"string", + "max":128, + "min":1 + }, + "UpdateRouterNetworkInterfaceResponse":{ + "type":"structure", + "required":["RouterNetworkInterface"], + "members":{ + "RouterNetworkInterface":{ + "shape":"RouterNetworkInterface", + "documentation":"The updated router network interface.
", + "locationName":"routerNetworkInterface" + } + } + }, + "UpdateRouterOutputRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"RouterOutputArn", + "documentation":"The Amazon Resource Name (ARN) of the router output that you want to update.
", + "location":"uri", + "locationName":"Arn" + }, + "Name":{ + "shape":"UpdateRouterOutputRequestNameString", + "documentation":"The updated name for the router output.
", + "locationName":"name" + }, + "Configuration":{ + "shape":"RouterOutputConfiguration", + "documentation":"The updated configuration settings for the router output. Changing the type of the configuration is not supported.
", + "locationName":"configuration" + }, + "MaximumBitrate":{ + "shape":"Long", + "documentation":"The updated maximum bitrate for the router output.
", + "locationName":"maximumBitrate" + }, + "RoutingScope":{ + "shape":"RoutingScope", + "documentation":"Specifies whether the router output can take inputs that are in different Regions. REGIONAL (default) - can only take inputs from same Region. GLOBAL - can take inputs from any Region.
", + "locationName":"routingScope" + }, + "Tier":{ + "shape":"RouterOutputTier", + "documentation":"The updated tier level for the router output.
", + "locationName":"tier" + }, + "MaintenanceConfiguration":{ + "shape":"MaintenanceConfiguration", + "documentation":"The updated maintenance configuration settings for the router output, including any changes to preferred maintenance windows and schedules.
", + "locationName":"maintenanceConfiguration" + } + } + }, + "UpdateRouterOutputRequestNameString":{ + "type":"string", + "max":128, + "min":1 + }, + "UpdateRouterOutputResponse":{ + "type":"structure", + "required":["RouterOutput"], + "members":{ + "RouterOutput":{ + "shape":"RouterOutput", + "documentation":"The updated router output.
", + "locationName":"routerOutput" + } + } + }, "VideoMonitoringSetting":{ "type":"structure", "members":{ @@ -6571,6 +10714,58 @@ }, "documentation":"The details of the VPC interfaces that you want to add to the flow.
" }, + "VpcRouterNetworkInterfaceConfiguration":{ + "type":"structure", + "required":[ + "SecurityGroupIds", + "SubnetId" + ], + "members":{ + "SecurityGroupIds":{ + "shape":"VpcRouterNetworkInterfaceConfigurationSecurityGroupIdsList", + "documentation":"The IDs of the security groups to associate with the router network interface within the VPC.
", + "locationName":"securityGroupIds" + }, + "SubnetId":{ + "shape":"String", + "documentation":"The ID of the subnet within the VPC to associate the router network interface with.
", + "locationName":"subnetId" + } + }, + "documentation":"The configuration settings for a router network interface within a VPC, including the security group IDs and subnet ID.
" + }, + "VpcRouterNetworkInterfaceConfigurationSecurityGroupIdsList":{ + "type":"list", + "member":{"shape":"String"}, + "max":5, + "min":1 + }, + "WindowMaintenanceSchedule":{ + "type":"structure", + "required":[ + "Start", + "End", + "ScheduledTime" + ], + "members":{ + "Start":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The start time of the maintenance window.
", + "locationName":"start" + }, + "End":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The end time of the maintenance window.
", + "locationName":"end" + }, + "ScheduledTime":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The date and time when the maintenance window is scheduled to occur.
", + "locationName":"scheduledTime" + } + }, + "documentation":"Defines a specific time window for maintenance operations.
" + }, "__listOfAddBridgeOutputRequest":{ "type":"list", "member":{"shape":"AddBridgeOutputRequest"} diff --git a/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json b/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json index 0f4968ad1e9c..c01bd1cb18bc 100644 --- a/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json +++ b/awscli/botocore/data/mediaconnect/2018-11-14/waiters-2.json @@ -99,6 +99,219 @@ "state" : "failure", "expected" : "ERROR" } ] + }, + "InputActive" : { + "description" : "Wait until the Input is ACTIVE", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterInput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "retry", + "expected" : "STARTING" + }, { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "retry", + "expected" : "UPDATING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "InputDeleted" : { + "description" : "Wait until the Input is deleted", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterInput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "retry", + "expected" : "DELETING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "failure", + "expected" : "ERROR" + }, { + "matcher" : "error", + "state" : "success", + "expected" : "NotFoundException" + } ] + }, + "InputStandby" : { + "description" : "Wait until the Input is STANDBY", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterInput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "success", + "expected" : "STANDBY" + }, { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "retry", + "expected" : "STOPPING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "RouterInput.State", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "OutputActive" : { + "description" : "Wait until the Output is ACTIVE", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterOutput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "success", + "expected" : "ACTIVE" + }, { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "retry", + "expected" : "STARTING" + }, { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "retry", + "expected" : "UPDATING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "failure", + "expected" : "ERROR" + } ] + }, + "OutputDeleted" : { + "description" : "Wait until the Output is deleted", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterOutput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "retry", + "expected" : "DELETING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "failure", + "expected" : "ERROR" + }, { + "matcher" : "error", + "state" : "success", + "expected" : "NotFoundException" + } ] + }, + "OutputRouted" : { + "description" : "Wait until the Output is ROUTED", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterOutput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterOutput.RoutedState", + "state" : "success", + "expected" : "ROUTED" + }, { + "matcher" : "path", + "argument" : "RouterOutput.RoutedState", + "state" : "retry", + "expected" : "ROUTING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + } ] + }, + "OutputStandby" : { + "description" : "Wait until the Output is STANDBY", + "delay" : 3, + "maxAttempts" : 40, + "operation" : "GetRouterOutput", + "acceptors" : [ { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "success", + "expected" : "STANDBY" + }, { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "retry", + "expected" : "STOPPING" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "InternalServerErrorException" + }, { + "matcher" : "error", + "state" : "retry", + "expected" : "ServiceUnavailableException" + }, { + "matcher" : "path", + "argument" : "RouterOutput.State", + "state" : "failure", + "expected" : "ERROR" + } ] } } } \ No newline at end of file diff --git a/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json b/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json index fcb89c232509..692571747709 100644 --- a/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json +++ b/awscli/botocore/data/mediaconvert/2017-08-29/service-2.json @@ -3872,6 +3872,14 @@ "AUDIO_ONLY_VARIANT_STREAM" ] }, + "CmfcC2paManifest": { + "type": "string", + "documentation": "When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see https://c2pa.org/specifications/specifications/2.1/index.html", + "enum": [ + "INCLUDE", + "EXCLUDE" + ] + }, "CmfcDescriptiveVideoServiceFlag": { "type": "string", "documentation": "Specify whether to flag this audio track as descriptive video service (DVS) in your HLS parent manifest. When you choose Flag, MediaConvert includes the parameter CHARACTERISTICS=\"public.accessibility.describes-video\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, Don't flag, MediaConvert leaves this parameter out. The DVS flag can help with accessibility on Apple devices. For more information, see the Apple documentation.", @@ -3943,6 +3951,16 @@ "locationName": "audioTrackType", "documentation": "Use this setting to control the values that MediaConvert puts in your HLS parent playlist to control how the client player selects which audio track to play. Choose Audio-only variant stream (AUDIO_ONLY_VARIANT_STREAM) for any variant that you want to prohibit the client from playing with video. This causes MediaConvert to represent the variant as an EXT-X-STREAM-INF in the HLS manifest. The other options for this setting determine the values that MediaConvert writes for the DEFAULT and AUTOSELECT attributes of the EXT-X-MEDIA entry for the audio variant. For more information about these attributes, see the Apple documentation article https://developer.apple.com/documentation/http_live_streaming/example_playlists_for_http_live_streaming/adding_alternate_media_to_a_playlist. Choose Alternate audio, auto select, default to set DEFAULT=YES and AUTOSELECT=YES. Choose this value for only one variant in your output group. Choose Alternate audio, auto select, not default to set DEFAULT=NO and AUTOSELECT=YES. Choose Alternate Audio, Not Auto Select to set DEFAULT=NO and AUTOSELECT=NO. When you don't specify a value for this setting, MediaConvert defaults to Alternate audio, auto select, default. When there is more than one variant in your output group, you must explicitly choose a value for this setting." }, + "C2paManifest": { + "shape": "CmfcC2paManifest", + "locationName": "c2paManifest", + "documentation": "When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see https://c2pa.org/specifications/specifications/2.1/index.html" + }, + "CertificateSecret": { + "shape": "__stringMin1Max2048PatternArnAZSecretsmanagerWD12SecretAZAZ09", + "locationName": "certificateSecret", + "documentation": "Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer's certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: https://opensource.contentauthenticity.org/docs/manifest/signing-manifests" + }, "DescriptiveVideoServiceFlag": { "shape": "CmfcDescriptiveVideoServiceFlag", "locationName": "descriptiveVideoServiceFlag", @@ -3973,6 +3991,11 @@ "locationName": "scte35Source", "documentation": "Ignore this setting unless you have SCTE-35 markers in your input video file. Choose Passthrough if you want SCTE-35 markers that appear in your input to also appear in this output. Choose None if you don't want those SCTE-35 markers in this output." }, + "SigningKmsKey": { + "shape": "__stringMin1PatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932", + "locationName": "signingKmsKey", + "documentation": "Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key." + }, "TimedMetadata": { "shape": "CmfcTimedMetadata", "locationName": "timedMetadata", @@ -6397,6 +6420,14 @@ }, "documentation": "Required when you set Codec to the value FRAME_CAPTURE." }, + "FrameControl": { + "type": "string", + "documentation": "Choose how MediaConvert handles start and end times for input clipping with video passthrough. Your input video codec must be H.264 or H.265 to use IFRAME. To clip at the nearest IDR-frame: Choose Nearest IDR. If an IDR-frame is not found at the frame that you specify, MediaConvert uses the next compatible IDR-frame. Note that your output may be shorter than your input clip duration. To clip at the nearest I-frame: Choose Nearest I-frame. If an I-frame is not found at the frame that you specify, MediaConvert uses the next compatible I-frame. Note that your output may be shorter than your input clip duration. We only recommend this setting for special workflows, and when you choose this setting your output may not be compatible with most players.", + "enum": [ + "NEAREST_IDRFRAME", + "NEAREST_IFRAME" + ] + }, "FrameMetricType": { "type": "string", "documentation": "* PSNR: Peak Signal-to-Noise Ratio * SSIM: Structural Similarity Index Measure * MS_SSIM: Multi-Scale Similarity Index Measure * PSNR_HVS: Peak Signal-to-Noise Ratio, Human Visual System * VMAF: Video Multi-Method Assessment Fusion * QVBR: Quality-Defined Variable Bitrate. This option is only available when your output uses the QVBR rate control mode. * SHOT_CHANGE: Shot Changes", @@ -8780,9 +8811,9 @@ "documentation": "Specify the number of audio channels to include in your video generator input. MediaConvert creates these audio channels as silent audio within a single audio track. Enter an integer from 1 to 32." }, "Duration": { - "shape": "__integerMin50Max86400000", + "shape": "__integerMin1Max86400000", "locationName": "duration", - "documentation": "Specify the duration, in milliseconds, for your video generator input.\nEnter an integer from 50 to 86400000." + "documentation": "Specify the duration, in milliseconds, for your video generator input.\nEnter an integer from 1 to 86400000." }, "FramerateDenominator": { "shape": "__integerMin1Max1001", @@ -10837,6 +10868,14 @@ "MATCH_VIDEO_DURATION" ] }, + "MpdC2paManifest": { + "type": "string", + "documentation": "When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see https://c2pa.org/specifications/specifications/2.1/index.html", + "enum": [ + "INCLUDE", + "EXCLUDE" + ] + }, "MpdCaptionContainerType": { "type": "string", "documentation": "Use this setting only in DASH output groups that include sidecar TTML, IMSC or WEBVTT captions. You specify sidecar captions in a separate output from your audio and video. Choose Raw for captions in a single XML file in a raw container. Choose Fragmented MPEG-4 for captions in XML format contained within fragmented MP4 files. This set of fragmented MP4 files is separate from your video and audio fragmented MP4 files.", @@ -10890,11 +10929,21 @@ "locationName": "audioDuration", "documentation": "Specify this setting only when your output will be consumed by a downstream repackaging workflow that is sensitive to very small duration differences between video and audio. For this situation, choose Match video duration. In all other cases, keep the default value, Default codec duration. When you choose Match video duration, MediaConvert pads the output audio streams with silence or trims them to ensure that the total duration of each audio stream is at least as long as the total duration of the video stream. After padding or trimming, the audio stream duration is no more than one frame longer than the video stream. MediaConvert applies audio padding or trimming only to the end of the last segment of the output. For unsegmented outputs, MediaConvert adds padding only to the end of the file. When you keep the default value, any minor discrepancies between audio and video duration will depend on your output audio codec." }, + "C2paManifest": { + "shape": "MpdC2paManifest", + "locationName": "c2paManifest", + "documentation": "When enabled, a C2PA compliant manifest will be generated, signed and embeded in the output. For more information on C2PA, see https://c2pa.org/specifications/specifications/2.1/index.html" + }, "CaptionContainerType": { "shape": "MpdCaptionContainerType", "locationName": "captionContainerType", "documentation": "Use this setting only in DASH output groups that include sidecar TTML, IMSC or WEBVTT captions. You specify sidecar captions in a separate output from your audio and video. Choose Raw for captions in a single XML file in a raw container. Choose Fragmented MPEG-4 for captions in XML format contained within fragmented MP4 files. This set of fragmented MP4 files is separate from your video and audio fragmented MP4 files." }, + "CertificateSecret": { + "shape": "__stringMin1Max2048PatternArnAZSecretsmanagerWD12SecretAZAZ09", + "locationName": "certificateSecret", + "documentation": "Specify the name or ARN of the AWS Secrets Manager secret that contains your C2PA public certificate chain in PEM format. Provide a valid secret name or ARN. Note that your MediaConvert service role must allow access to this secret. The public certificate chain is added to the COSE header (x5chain) for signature validation. Include the signer's certificate and all intermediate certificates. Do not include the root certificate. For details on COSE, see: https://opensource.contentauthenticity.org/docs/manifest/signing-manifests" + }, "KlvMetadata": { "shape": "MpdKlvMetadata", "locationName": "klvMetadata", @@ -10915,6 +10964,11 @@ "locationName": "scte35Source", "documentation": "Ignore this setting unless you have SCTE-35 markers in your input video file. Choose Passthrough if you want SCTE-35 markers that appear in your input to also appear in this output. Choose None if you don't want those SCTE-35 markers in this output." }, + "SigningKmsKey": { + "shape": "__stringMin1PatternArnAwsUsGovCnKmsAZ26EastWestCentralNorthSouthEastWest1912D12KeyAFAF098AFAF094AFAF094AFAF094AFAF0912MrkAFAF0932", + "locationName": "signingKmsKey", + "documentation": "Specify the ID or ARN of the AWS KMS key used to sign the C2PA manifest in your MP4 output. Provide a valid KMS key ARN. Note that your MediaConvert service role must allow access to this key." + }, "TimedMetadata": { "shape": "MpdTimedMetadata", "locationName": "timedMetadata", @@ -11964,6 +12018,11 @@ "PassthroughSettings": { "type": "structure", "members": { + "FrameControl": { + "shape": "FrameControl", + "locationName": "frameControl", + "documentation": "Choose how MediaConvert handles start and end times for input clipping with video passthrough. Your input video codec must be H.264 or H.265 to use IFRAME. To clip at the nearest IDR-frame: Choose Nearest IDR. If an IDR-frame is not found at the frame that you specify, MediaConvert uses the next compatible IDR-frame. Note that your output may be shorter than your input clip duration. To clip at the nearest I-frame: Choose Nearest I-frame. If an I-frame is not found at the frame that you specify, MediaConvert uses the next compatible I-frame. Note that your output may be shorter than your input clip duration. We only recommend this setting for special workflows, and when you choose this setting your output may not be compatible with most players." + }, "VideoSelectorMode": { "shape": "VideoSelectorMode", "locationName": "videoSelectorMode", @@ -15517,6 +15576,11 @@ "min": 1, "max": 8 }, + "__integerMin1Max86400000": { + "type": "integer", + "min": 1, + "max": 86400000 + }, "__integerMin2000Max30000": { "type": "integer", "min": 2000, @@ -15607,11 +15671,6 @@ "min": 4, "max": 12 }, - "__integerMin50Max86400000": { - "type": "integer", - "min": 50, - "max": 86400000 - }, "__integerMin6000Max1024000": { "type": "integer", "min": 6000, diff --git a/awscli/botocore/data/medialive/2017-10-14/service-2.json b/awscli/botocore/data/medialive/2017-10-14/service-2.json index aab837599dbc..4c8656cb7f52 100644 --- a/awscli/botocore/data/medialive/2017-10-14/service-2.json +++ b/awscli/botocore/data/medialive/2017-10-14/service-2.json @@ -7964,6 +7964,10 @@ "SdiSources": { "shape": "InputSdiSources", "locationName": "sdiSources" + }, + "RouterSettings": { + "shape": "RouterSettings", + "locationName": "routerSettings" } }, "documentation": "Placeholder documentation for CreateInput" @@ -8048,6 +8052,10 @@ "SdiSources": { "shape": "InputSdiSources", "locationName": "sdiSources" + }, + "RouterSettings": { + "shape": "RouterSettings", + "locationName": "routerSettings" } }, "documentation": "The name of the input" @@ -9232,6 +9240,11 @@ "SdiSources": { "shape": "InputSdiSources", "locationName": "sdiSources" + }, + "RouterSettings": { + "shape": "RouterInputSettings", + "locationName": "routerSettings", + "documentation": "Information about any MediaConnect router association with this input." } }, "documentation": "Placeholder documentation for DescribeInputResponse" @@ -11425,6 +11438,10 @@ "Rec709Settings": { "shape": "Rec709Settings", "locationName": "rec709Settings" + }, + "Hlg2020Settings": { + "shape": "Hlg2020Settings", + "locationName": "hlg2020Settings" } }, "documentation": "H265 Color Space Settings" @@ -12633,6 +12650,11 @@ "SdiSources": { "shape": "InputSdiSources", "locationName": "sdiSources" + }, + "RouterSettings": { + "shape": "RouterInputSettings", + "locationName": "routerSettings", + "documentation": "Information about any MediaConnect router association with this input." } }, "documentation": "Placeholder documentation for Input" @@ -13785,7 +13807,8 @@ "SRT_CALLER", "MULTICAST", "SMPTE_2110_RECEIVER_GROUP", - "SDI" + "SDI", + "MEDIACONNECT_ROUTER" ] }, "InputVpcRequest": { @@ -15098,8 +15121,6 @@ }, "MaxResults": { "type": "integer", - "min": 1, - "max": 1000, "documentation": "Placeholder documentation for MaxResults" }, "MediaConnectFlow": { @@ -19258,6 +19279,11 @@ "SdiSources": { "shape": "InputSdiSources", "locationName": "sdiSources" + }, + "SpecialRouterSettings": { + "shape": "SpecialRouterSettings", + "locationName": "specialRouterSettings", + "documentation": "When using MediaConnect Router as the source of a MediaLive input there's a special handoff that occurs when a router output\nis created. This group of settings is set on your behalf by the MediaConnect Router service using this set of settings. This\nsetting object can only by used by that service." } }, "documentation": "Placeholder documentation for UpdateInput" @@ -19471,6 +19497,11 @@ "SdiSources": { "shape": "InputSdiSources", "locationName": "sdiSources" + }, + "SpecialRouterSettings": { + "shape": "SpecialRouterSettings", + "locationName": "specialRouterSettings", + "documentation": "When using MediaConnect Router as the source of a MediaLive input there's a special handoff that occurs when a router output\nis created. This group of settings is set on your behalf by the MediaConnect Router service using this set of settings. This\nsetting object can only by used by that service." } }, "documentation": "A request to update an input.", @@ -20102,308 +20133,210 @@ }, "__integerMin0": { "type": "integer", - "min": 0, "documentation": "Placeholder documentation for __integerMin0" }, "__integerMin0Max10": { "type": "integer", - "min": 0, - "max": 10, "documentation": "Placeholder documentation for __integerMin0Max10" }, "__integerMin0Max100": { "type": "integer", - "min": 0, - "max": 100, "documentation": "Placeholder documentation for __integerMin0Max100" }, "__integerMin0Max1000": { "type": "integer", - "min": 0, - "max": 1000, "documentation": "Placeholder documentation for __integerMin0Max1000" }, "__integerMin0Max10000": { "type": "integer", - "min": 0, - "max": 10000, "documentation": "Placeholder documentation for __integerMin0Max10000" }, "__integerMin0Max1000000": { "type": "integer", - "min": 0, - "max": 1000000, "documentation": "Placeholder documentation for __integerMin0Max1000000" }, "__integerMin0Max100000000": { "type": "integer", - "min": 0, - "max": 100000000, "documentation": "Placeholder documentation for __integerMin0Max100000000" }, "__integerMin0Max128": { "type": "integer", - "min": 0, - "max": 128, "documentation": "Placeholder documentation for __integerMin0Max128" }, "__integerMin0Max15": { "type": "integer", - "min": 0, - "max": 15, "documentation": "Placeholder documentation for __integerMin0Max15" }, "__integerMin0Max2000": { "type": "integer", - "min": 0, - "max": 2000, "documentation": "Placeholder documentation for __integerMin0Max2000" }, "__integerMin0Max255": { "type": "integer", - "min": 0, - "max": 255, "documentation": "Placeholder documentation for __integerMin0Max255" }, "__integerMin0Max30": { "type": "integer", - "min": 0, - "max": 30, "documentation": "Placeholder documentation for __integerMin0Max30" }, "__integerMin0Max32768": { "type": "integer", - "min": 0, - "max": 32768, "documentation": "Placeholder documentation for __integerMin0Max32768" }, "__integerMin0Max3600": { "type": "integer", - "min": 0, - "max": 3600, "documentation": "Placeholder documentation for __integerMin0Max3600" }, "__integerMin0Max500": { "type": "integer", - "min": 0, - "max": 500, "documentation": "Placeholder documentation for __integerMin0Max500" }, "__integerMin0Max600": { "type": "integer", - "min": 0, - "max": 600, "documentation": "Placeholder documentation for __integerMin0Max600" }, "__integerMin0Max65535": { "type": "integer", - "min": 0, - "max": 65535, "documentation": "Placeholder documentation for __integerMin0Max65535" }, "__integerMin0Max65536": { "type": "integer", - "min": 0, - "max": 65536, "documentation": "Placeholder documentation for __integerMin0Max65536" }, "__integerMin0Max7": { "type": "integer", - "min": 0, - "max": 7, "documentation": "Placeholder documentation for __integerMin0Max7" }, "__integerMin0Max8191": { "type": "integer", - "min": 0, - "max": 8191, "documentation": "Placeholder documentation for __integerMin0Max8191" }, "__integerMin1": { "type": "integer", - "min": 1, "documentation": "Placeholder documentation for __integerMin1" }, "__integerMin100": { "type": "integer", - "min": 100, "documentation": "Placeholder documentation for __integerMin100" }, "__integerMin1000": { "type": "integer", - "min": 1000, "documentation": "Placeholder documentation for __integerMin1000" }, "__integerMin1000000Max100000000": { "type": "integer", - "min": 1000000, - "max": 100000000, "documentation": "Placeholder documentation for __integerMin1000000Max100000000" }, "__integerMin100000Max100000000": { "type": "integer", - "min": 100000, - "max": 100000000, "documentation": "Placeholder documentation for __integerMin100000Max100000000" }, "__integerMin100000Max40000000": { "type": "integer", - "min": 100000, - "max": 40000000, "documentation": "Placeholder documentation for __integerMin100000Max40000000" }, "__integerMin100000Max80000000": { "type": "integer", - "min": 100000, - "max": 80000000, "documentation": "Placeholder documentation for __integerMin100000Max80000000" }, "__integerMin1000Max30000": { "type": "integer", - "min": 1000, - "max": 30000, "documentation": "Placeholder documentation for __integerMin1000Max30000" }, "__integerMin1Max10": { "type": "integer", - "min": 1, - "max": 10, "documentation": "Placeholder documentation for __integerMin1Max10" }, "__integerMin1Max1000000": { "type": "integer", - "min": 1, - "max": 1000000, "documentation": "Placeholder documentation for __integerMin1Max1000000" }, "__integerMin1Max16": { "type": "integer", - "min": 1, - "max": 16, "documentation": "Placeholder documentation for __integerMin1Max16" }, "__integerMin1Max20": { "type": "integer", - "min": 1, - "max": 20, "documentation": "Placeholder documentation for __integerMin1Max20" }, "__integerMin1Max3003": { "type": "integer", - "min": 1, - "max": 3003, "documentation": "Placeholder documentation for __integerMin1Max3003" }, "__integerMin1Max31": { "type": "integer", - "min": 1, - "max": 31, "documentation": "Placeholder documentation for __integerMin1Max31" }, "__integerMin1Max32": { "type": "integer", - "min": 1, - "max": 32, "documentation": "Placeholder documentation for __integerMin1Max32" }, "__integerMin1Max3600000": { "type": "integer", - "min": 1, - "max": 3600000, "documentation": "Placeholder documentation for __integerMin1Max3600000" }, "__integerMin1Max4": { "type": "integer", - "min": 1, - "max": 4, "documentation": "Placeholder documentation for __integerMin1Max4" }, "__integerMin1Max5": { "type": "integer", - "min": 1, - "max": 5, "documentation": "Placeholder documentation for __integerMin1Max5" }, "__integerMin1Max6": { "type": "integer", - "min": 1, - "max": 6, "documentation": "Placeholder documentation for __integerMin1Max6" }, "__integerMin1Max8": { "type": "integer", - "min": 1, - "max": 8, "documentation": "Placeholder documentation for __integerMin1Max8" }, "__integerMin25Max10000": { "type": "integer", - "min": 25, - "max": 10000, "documentation": "Placeholder documentation for __integerMin25Max10000" }, "__integerMin25Max2000": { "type": "integer", - "min": 25, - "max": 2000, "documentation": "Placeholder documentation for __integerMin25Max2000" }, "__integerMin3": { "type": "integer", - "min": 3, "documentation": "Placeholder documentation for __integerMin3" }, "__integerMin30": { "type": "integer", - "min": 30, "documentation": "Placeholder documentation for __integerMin30" }, "__integerMin32Max8191": { "type": "integer", - "min": 32, - "max": 8191, "documentation": "Placeholder documentation for __integerMin32Max8191" }, "__integerMin4Max20": { "type": "integer", - "min": 4, - "max": 20, "documentation": "Placeholder documentation for __integerMin4Max20" }, "__integerMin800Max3000": { "type": "integer", - "min": 800, - "max": 3000, "documentation": "Placeholder documentation for __integerMin800Max3000" }, "__integerMin96Max600": { "type": "integer", - "min": 96, - "max": 600, "documentation": "Placeholder documentation for __integerMin96Max600" }, "__integerMinNegative1000Max1000": { "type": "integer", - "min": -1000, - "max": 1000, "documentation": "Placeholder documentation for __integerMinNegative1000Max1000" }, "__integerMinNegative5Max5": { "type": "integer", - "min": -5, - "max": 5, "documentation": "Placeholder documentation for __integerMinNegative5Max5" }, "__integerMinNegative60Max6": { "type": "integer", - "min": -60, - "max": 6, "documentation": "Placeholder documentation for __integerMinNegative60Max6" }, "__integerMinNegative60Max60": { "type": "integer", - "min": -60, - "max": 60, "documentation": "Placeholder documentation for __integerMinNegative60Max60" }, "__listOfAudioChannelMapping": { @@ -20776,26 +20709,18 @@ }, "__longMin0Max1099511627775": { "type": "long", - "min": 0, - "max": 1099511627775, "documentation": "Placeholder documentation for __longMin0Max1099511627775" }, "__longMin0Max4294967295": { "type": "long", - "min": 0, - "max": 4294967295, "documentation": "Placeholder documentation for __longMin0Max4294967295" }, "__longMin0Max8589934591": { "type": "long", - "min": 0, - "max": 8589934591, "documentation": "Placeholder documentation for __longMin0Max8589934591" }, "__longMin0Max86400000": { "type": "long", - "min": 0, - "max": 86400000, "documentation": "Placeholder documentation for __longMin0Max86400000" }, "__string": { @@ -20804,91 +20729,66 @@ }, "__stringMax1000": { "type": "string", - "max": 1000, "documentation": "Placeholder documentation for __stringMax1000" }, "__stringMax2048": { "type": "string", - "max": 2048, "documentation": "Placeholder documentation for __stringMax2048" }, "__stringMax255": { "type": "string", - "max": 255, "documentation": "Placeholder documentation for __stringMax255" }, "__stringMax256": { "type": "string", - "max": 256, "documentation": "Placeholder documentation for __stringMax256" }, "__stringMax32": { "type": "string", - "max": 32, "documentation": "Placeholder documentation for __stringMax32" }, "__stringMin1": { "type": "string", - "min": 1, "documentation": "Placeholder documentation for __stringMin1" }, "__stringMin1Max255": { "type": "string", - "min": 1, - "max": 255, "documentation": "Placeholder documentation for __stringMin1Max255" }, "__stringMin1Max256": { "type": "string", - "min": 1, - "max": 256, "documentation": "Placeholder documentation for __stringMin1Max256" }, "__stringMin1Max35": { "type": "string", - "min": 1, - "max": 35, "documentation": "Placeholder documentation for __stringMin1Max35" }, "__stringMin1Max7": { "type": "string", - "min": 1, - "max": 7, "documentation": "Placeholder documentation for __stringMin1Max7" }, "__stringMin2Max2": { "type": "string", - "min": 2, - "max": 2, "documentation": "Placeholder documentation for __stringMin2Max2" }, "__stringMin32Max32": { "type": "string", - "min": 32, - "max": 32, "documentation": "Placeholder documentation for __stringMin32Max32" }, "__stringMin34Max34": { "type": "string", - "min": 34, - "max": 34, "documentation": "Placeholder documentation for __stringMin34Max34" }, "__stringMin3Max3": { "type": "string", - "min": 3, - "max": 3, "documentation": "Placeholder documentation for __stringMin3Max3" }, "__stringMin6Max6": { "type": "string", - "min": 6, - "max": 6, "documentation": "Placeholder documentation for __stringMin6Max6" }, "__stringPattern010920300": { "type": "string", - "pattern": "^([0,1]?[0-9]|2[0-3]):00$", "documentation": "Placeholder documentation for __stringPattern010920300" }, "__timestampIso8601": { @@ -21176,14 +21076,10 @@ }, "__integerMin256Max3840": { "type": "integer", - "min": 256, - "max": 3840, "documentation": "Placeholder documentation for __integerMin256Max3840" }, "__integerMin64Max2160": { "type": "integer", - "min": 64, - "max": 2160, "documentation": "Placeholder documentation for __integerMin64Max2160" }, "CmafIngestGroupSettings": { @@ -25545,13 +25441,10 @@ }, "__integerMax5": { "type": "integer", - "max": 5, "documentation": "Placeholder documentation for __integerMax5" }, "__integerMin10Max86400": { "type": "integer", - "min": 10, - "max": 86400, "documentation": "Placeholder documentation for __integerMin10Max86400" }, "__listOfCloudWatchAlarmTemplateGroupSummary": { @@ -25619,70 +25512,50 @@ }, "__stringMax64": { "type": "string", - "max": 64, "documentation": "Placeholder documentation for __stringMax64" }, "__stringMin0Max1024": { "type": "string", - "min": 0, - "max": 1024, "documentation": "Placeholder documentation for __stringMin0Max1024" }, "__stringMin1Max2048": { "type": "string", - "min": 1, - "max": 2048, "documentation": "Placeholder documentation for __stringMin1Max2048" }, "__stringMin1Max2048PatternArn": { "type": "string", - "min": 1, - "max": 2048, - "pattern": "^arn.+$", "documentation": "Placeholder documentation for __stringMin1Max2048PatternArn" }, "__stringMin1Max255PatternS": { "type": "string", - "min": 1, - "max": 255, - "pattern": "^[^\\s]+$", "documentation": "Placeholder documentation for __stringMin1Max255PatternS" }, "__stringMin7Max11PatternAws097": { "type": "string", - "min": 7, - "max": 11, - "pattern": "^(aws-)?[0-9]{7}$", "documentation": "Placeholder documentation for __stringMin7Max11PatternAws097" }, "__stringPatternArnMedialiveCloudwatchAlarmTemplate": { "type": "string", - "pattern": "^arn:.+:medialive:.+:cloudwatch-alarm-template:.+$", "documentation": "Placeholder documentation for __stringPatternArnMedialiveCloudwatchAlarmTemplate" }, "__stringPatternArnMedialiveCloudwatchAlarmTemplateGroup": { "type": "string", - "pattern": "^arn:.+:medialive:.+:cloudwatch-alarm-template-group:.+$", "documentation": "Placeholder documentation for __stringPatternArnMedialiveCloudwatchAlarmTemplateGroup" }, "__stringPatternArnMedialiveEventbridgeRuleTemplate": { "type": "string", - "pattern": "^arn:.+:medialive:.+:eventbridge-rule-template:.+$", "documentation": "Placeholder documentation for __stringPatternArnMedialiveEventbridgeRuleTemplate" }, "__stringPatternArnMedialiveEventbridgeRuleTemplateGroup": { "type": "string", - "pattern": "^arn:.+:medialive:.+:eventbridge-rule-template-group:.+$", "documentation": "Placeholder documentation for __stringPatternArnMedialiveEventbridgeRuleTemplateGroup" }, "__stringPatternArnMedialiveSignalMap": { "type": "string", - "pattern": "^arn:.+:medialive:.+:signal-map:.+$", "documentation": "Placeholder documentation for __stringPatternArnMedialiveSignalMap" }, "__stringPatternS": { "type": "string", - "pattern": "^[^\\s]+$", "documentation": "Placeholder documentation for __stringPatternS" }, "Scte35SegmentationScope": { @@ -25840,8 +25713,6 @@ }, "__integerMin1Max51": { "type": "integer", - "min": 1, - "max": 51, "documentation": "Placeholder documentation for __integerMin1Max51" }, "AnywhereSettings": { @@ -26030,6 +25901,16 @@ "shape": "__integerMin0Max8000000", "locationName": "minBitrate", "documentation": "Used for QVBR rate control mode only.\nOptional.\nEnter a minimum bitrate if you want to keep the output bitrate about a threshold, in order to prevent the downstream system from de-allocating network bandwidth for this output." + }, + "SpatialAq": { + "shape": "Av1SpatialAq", + "locationName": "spatialAq", + "documentation": "Spatial AQ makes adjustments within each frame based on spatial variation of content complexity. Enabled: MediaLive will determine the appropriate level of spatial AQ to apply. Disabled: No spatial AQ. For more information, see the topic about video adaptive quantization in the MediaLive user guide." + }, + "TemporalAq": { + "shape": "Av1TemporalAq", + "locationName": "temporalAq", + "documentation": "Temporal AQ makes adjustments within each frame based on variations in content complexity over time. Enabled: MediaLive will determine the appropriate level of temporal AQ to apply. Disabled: No temporal AQ. For more information, see the topic about video adaptive quantization in the MediaLive user guide." } }, "documentation": "Av1 Settings", @@ -28591,20 +28472,14 @@ }, "__integerMin40Max16000": { "type": "integer", - "min": 40, - "max": 16000, "documentation": "Placeholder documentation for __integerMin40Max16000" }, "__integerMin50000Max24000000": { "type": "integer", - "min": 50000, - "max": 24000000, "documentation": "Placeholder documentation for __integerMin50000Max24000000" }, "__integerMin50000Max12000000": { "type": "integer", - "min": 50000, - "max": 12000000, "documentation": "Placeholder documentation for __integerMin50000Max12000000" }, "__listOfDescribeChannelPlacementGroupSummary": { @@ -28895,7 +28770,6 @@ }, "__stringMax100": { "type": "string", - "max": 100, "documentation": "Placeholder documentation for __stringMax100" }, "ChannelEngineVersionRequest": { @@ -28988,21 +28862,14 @@ }, "__stringMin1Max256PatternS": { "type": "string", - "min": 1, - "max": 256, - "pattern": "^[\\S]+$", "documentation": "Placeholder documentation for __stringMin1Max256PatternS" }, "__integerMin1Max800": { "type": "integer", - "min": 1, - "max": 800, "documentation": "Placeholder documentation for __integerMin1Max800" }, "__integerMin80Max800": { "type": "integer", - "min": 80, - "max": 800, "documentation": "Placeholder documentation for __integerMin80Max800" }, "InputSdpLocation": { @@ -29629,20 +29496,14 @@ }, "__integerMin0Max3": { "type": "integer", - "min": 0, - "max": 3, "documentation": "Placeholder documentation for __integerMin0Max3" }, "__integerMin0Max40000000": { "type": "integer", - "min": 0, - "max": 40000000, "documentation": "Placeholder documentation for __integerMin0Max40000000" }, "__integerMin0Max8000000": { "type": "integer", - "min": 0, - "max": 8000000, "documentation": "Placeholder documentation for __integerMin0Max8000000" }, "ChannelAlert": { @@ -30012,6 +29873,130 @@ "shape": "MultiplexAlert" }, "documentation": "Placeholder documentation for __listOfMultiplexAlert" + }, + "Av1SpatialAq": { + "type": "string", + "documentation": "Av1 Spatial Aq", + "enum": [ + "DISABLED", + "ENABLED" + ] + }, + "Av1TemporalAq": { + "type": "string", + "documentation": "Av1 Temporal Aq", + "enum": [ + "DISABLED", + "ENABLED" + ] + }, + "Hlg2020Settings": { + "type": "structure", + "members": {}, + "documentation": "Hlg2020 Settings" + }, + "RouterDestination": { + "type": "structure", + "members": { + "AvailabilityZoneName": { + "shape": "__string", + "locationName": "availabilityZoneName", + "documentation": "The Availability Zone (AZ) names of the AZs this destination is created in." + }, + "RouterOutputArn": { + "shape": "__string", + "locationName": "routerOutputArn", + "documentation": "ARN of the output from MediaConnect Router currently connected to this input." + } + }, + "documentation": "Placeholder documentation for RouterDestination" + }, + "RouterDestinationSettings": { + "type": "structure", + "members": { + "AvailabilityZoneName": { + "shape": "__string", + "locationName": "availabilityZoneName", + "documentation": "Availability Zone for this MediaConnect Router destination." + } + }, + "required": [ + "AvailabilityZoneName" + ], + "documentation": "Placeholder documentation for RouterDestinationSettings" + }, + "RouterEncryptionType": { + "type": "string", + "documentation": "Encryption configuration for MediaConnect router. When using SECRETS_MANAGER encryption, you must provide the ARN of the secret used to encrypt data in transit. When using AUTOMATIC encryption, a service-managed secret will be used instead.", + "enum": [ + "AUTOMATIC", + "SECRETS_MANAGER" + ] + }, + "RouterInputSettings": { + "type": "structure", + "members": { + "Destinations": { + "shape": "__listOfRouterDestination", + "locationName": "destinations", + "documentation": "MediaConnect Router destinations associated with the MediaLive Input." + }, + "EncryptionType": { + "shape": "RouterEncryptionType", + "locationName": "encryptionType" + }, + "SecretArn": { + "shape": "__string", + "locationName": "secretArn", + "documentation": "ARN of the secret used to encrypt this input." + } + }, + "documentation": "The settings for a MediaConnect Router Input." + }, + "RouterSettings": { + "type": "structure", + "members": { + "Destinations": { + "shape": "__listOfRouterDestinationSettings", + "locationName": "destinations", + "documentation": "Destinations for the input from MediaConnect Router. Provide one for a single-pipeline input and two for a standard input." + }, + "EncryptionType": { + "shape": "RouterEncryptionType", + "locationName": "encryptionType" + }, + "SecretArn": { + "shape": "__string", + "locationName": "secretArn", + "documentation": "ARN of the secret used to encrypt this input." + } + }, + "documentation": "This is the collection of settings that are used during the creation of a MediaConnect router input." + }, + "SpecialRouterSettings": { + "type": "structure", + "members": { + "RouterArn": { + "shape": "__string", + "locationName": "routerArn", + "documentation": "This is the arn of the MediaConnect Router resource being associated with the MediaLive Input." + } + }, + "documentation": "When using MediaConnect Router as the source of a MediaLive input there's a special handoff that occurs when a router output\nis created. This group of settings is set on your behalf by the MediaConnect Router service using this set of settings. This\nsetting object can only by used by that service." + }, + "__listOfRouterDestination": { + "type": "list", + "member": { + "shape": "RouterDestination" + }, + "documentation": "Placeholder documentation for __listOfRouterDestination" + }, + "__listOfRouterDestinationSettings": { + "type": "list", + "member": { + "shape": "RouterDestinationSettings" + }, + "documentation": "Placeholder documentation for __listOfRouterDestinationSettings" } }, "documentation": "API for AWS Elemental MediaLive" diff --git a/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json b/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json index f8a54b025f02..7c56910e5085 100644 --- a/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json +++ b/awscli/botocore/data/mediapackagev2/2022-12-25/service-2.json @@ -228,7 +228,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the specified channel that's configured in AWS Elemental MediaPackage.
" + "documentation":"Retrieves the specified channel that's configured in AWS Elemental MediaPackage.
", + "readonly":true }, "GetChannelGroup":{ "name":"GetChannelGroup", @@ -246,7 +247,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the specified channel group that's configured in AWS Elemental MediaPackage.
" + "documentation":"Retrieves the specified channel group that's configured in AWS Elemental MediaPackage.
", + "readonly":true }, "GetChannelPolicy":{ "name":"GetChannelPolicy", @@ -264,7 +266,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the specified channel policy that's configured in AWS Elemental MediaPackage. With policies, you can specify who has access to AWS resources and what actions they can perform on those resources.
" + "documentation":"Retrieves the specified channel policy that's configured in AWS Elemental MediaPackage. With policies, you can specify who has access to AWS resources and what actions they can perform on those resources.
", + "readonly":true }, "GetHarvestJob":{ "name":"GetHarvestJob", @@ -282,7 +285,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the details of a specific harvest job.
" + "documentation":"Retrieves the details of a specific harvest job.
", + "readonly":true }, "GetOriginEndpoint":{ "name":"GetOriginEndpoint", @@ -300,7 +304,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the specified origin endpoint that's configured in AWS Elemental MediaPackage to obtain its playback URL and to view the packaging settings that it's currently using.
" + "documentation":"Retrieves the specified origin endpoint that's configured in AWS Elemental MediaPackage to obtain its playback URL and to view the packaging settings that it's currently using.
", + "readonly":true }, "GetOriginEndpointPolicy":{ "name":"GetOriginEndpointPolicy", @@ -318,7 +323,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the specified origin endpoint policy that's configured in AWS Elemental MediaPackage.
" + "documentation":"Retrieves the specified origin endpoint policy that's configured in AWS Elemental MediaPackage.
", + "readonly":true }, "ListChannelGroups":{ "name":"ListChannelGroups", @@ -335,7 +341,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"Retrieves all channel groups that are configured in Elemental MediaPackage.
" + "documentation":"Retrieves all channel groups that are configured in Elemental MediaPackage.
", + "readonly":true }, "ListChannels":{ "name":"ListChannels", @@ -353,7 +360,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves all channels in a specific channel group that are configured in AWS Elemental MediaPackage.
" + "documentation":"Retrieves all channels in a specific channel group that are configured in AWS Elemental MediaPackage.
", + "readonly":true }, "ListHarvestJobs":{ "name":"ListHarvestJobs", @@ -371,7 +379,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves a list of harvest jobs that match the specified criteria.
" + "documentation":"Retrieves a list of harvest jobs that match the specified criteria.
", + "readonly":true }, "ListOriginEndpoints":{ "name":"ListOriginEndpoints", @@ -389,7 +398,8 @@ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves all origin endpoints in a specific channel that are configured in AWS Elemental MediaPackage.
" + "documentation":"Retrieves all origin endpoints in a specific channel that are configured in AWS Elemental MediaPackage.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -403,7 +413,8 @@ "errors":[ {"shape":"ValidationException"} ], - "documentation":"Lists the tags assigned to a resource.
" + "documentation":"Lists the tags assigned to a resource.
", + "readonly":true }, "PutChannelPolicy":{ "name":"PutChannelPolicy", @@ -2039,6 +2050,10 @@ "shape":"FilterConfigurationManifestFilterString", "documentation":"Optionally specify one or more manifest filters for all of your manifest egress requests. When you include a manifest filter, note that you cannot use an identical manifest filter query parameter for this manifest's endpoint URL.
" }, + "DrmSettings":{ + "shape":"FilterConfigurationDrmSettingsString", + "documentation":"Optionally specify one or more DRM settings for all of your manifest egress requests. When you include a DRM setting, note that you cannot use an identical DRM setting query parameter for this manifest's endpoint URL.
" + }, "Start":{ "shape":"Timestamp", "documentation":"Optionally specify the start time for all of your manifest egress requests. When you include start time, note that you cannot use start time query parameters for this manifest's endpoint URL.
" @@ -2058,6 +2073,11 @@ }, "documentation":"Filter configuration includes settings for manifest filtering, start and end times, and time delay that apply to all of your egress requests for this manifest.
" }, + "FilterConfigurationDrmSettingsString":{ + "type":"string", + "max":1024, + "min":1 + }, "FilterConfigurationManifestFilterString":{ "type":"string", "max":1024, @@ -2947,7 +2967,7 @@ "members":{ "MQCSInputSwitching":{ "shape":"Boolean", - "documentation":"When true, AWS Elemental MediaPackage performs input switching based on the MQCS. Default is true. This setting is valid only when InputType is CMAF.
When true, AWS Elemental MediaPackage performs input switching based on the MQCS. Default is false. This setting is valid only when InputType is CMAF.
The SCTE-35 message types that you want to be treated as ad markers in the output.
" + }, + "ScteInSegments":{ + "shape":"ScteInSegments", + "documentation":"Controls whether SCTE-35 messages are included in segment files.
None – SCTE-35 messages are not included in segments (default)
All – SCTE-35 messages are embedded in segment data
For DASH manifests, when set to All, an InbandEventStream tag signals that SCTE messages are present in segments. This setting works independently of manifest ad markers.
The SCTE configuration.
" @@ -3698,11 +3722,18 @@ "members":{ "AdMarkerHls":{ "shape":"AdMarkerHls", - "documentation":"Ad markers indicate when ads should be inserted during playback. If you include ad markers in the content stream in your upstream encoders, then you need to inform MediaPackage what to do with the ad markers in the output. Choose what you want MediaPackage to do with the ad markers.
Value description:
DATERANGE - Insert EXT-X-DATERANGE tags to signal ad and program transition events in TS and CMAF manifests. If you use DATERANGE, you must set a programDateTimeIntervalSeconds value of 1 or higher. To learn more about DATERANGE, see SCTE-35 Ad Marker EXT-X-DATERANGE.
Ad markers indicate when ads should be inserted during playback. If you include ad markers in the content stream in your upstream encoders, then you need to inform MediaPackage what to do with the ad markers in the output. Choose what you want MediaPackage to do with the ad markers.
Value description:
SCTE35_ENHANCED - Generate industry-standard CUE tag ad markers in HLS manifests based on SCTE-35 input messages from the input stream.
DATERANGE - Insert EXT-X-DATERANGE tags to signal ad and program transition events in TS and CMAF manifests. If you use DATERANGE, you must set a programDateTimeIntervalSeconds value of 1 or higher. To learn more about DATERANGE, see SCTE-35 Ad Marker EXT-X-DATERANGE.
The SCTE configuration.
" }, + "ScteInSegments":{ + "type":"string", + "enum":[ + "NONE", + "ALL" + ] + }, "Segment":{ "type":"structure", "members":{ @@ -4279,6 +4310,7 @@ "MEMBER_INVALID_ENUM_VALUE", "MEMBER_DOES_NOT_MATCH_PATTERN", "INVALID_MANIFEST_FILTER", + "INVALID_DRM_SETTINGS", "INVALID_TIME_DELAY_SECONDS", "END_TIME_EARLIER_THAN_START_TIME", "TS_CONTAINER_TYPE_WITH_DASH_MANIFEST", diff --git a/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json b/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json index 614824a7525d..134f7e51aab9 100644 --- a/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json +++ b/awscli/botocore/data/meteringmarketplace/2016-01-14/endpoint-rule-set-1.json @@ -248,6 +248,49 @@ }, "type": "endpoint" }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://metering-marketplace.{Region}.amazonaws.eu", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, { "conditions": [ { diff --git a/awscli/botocore/data/mwaa-serverless/2024-07-26/endpoint-rule-set-1.json b/awscli/botocore/data/mwaa-serverless/2024-07-26/endpoint-rule-set-1.json new file mode 100644 index 000000000000..d3b4a9b69513 --- /dev/null +++ b/awscli/botocore/data/mwaa-serverless/2024-07-26/endpoint-rule-set-1.json @@ -0,0 +1,137 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://airflow-serverless-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://airflow-serverless.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff --git a/awscli/botocore/data/mwaa-serverless/2024-07-26/paginators-1.json b/awscli/botocore/data/mwaa-serverless/2024-07-26/paginators-1.json new file mode 100644 index 000000000000..27dae07d7f96 --- /dev/null +++ b/awscli/botocore/data/mwaa-serverless/2024-07-26/paginators-1.json @@ -0,0 +1,28 @@ +{ + "pagination": { + "ListTaskInstances": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TaskInstances" + }, + "ListWorkflowRuns": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "WorkflowRuns" + }, + "ListWorkflowVersions": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "WorkflowVersions" + }, + "ListWorkflows": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Workflows" + } + } +} diff --git a/awscli/botocore/data/mwaa-serverless/2024-07-26/service-2.json b/awscli/botocore/data/mwaa-serverless/2024-07-26/service-2.json new file mode 100644 index 000000000000..89d9c1063629 --- /dev/null +++ b/awscli/botocore/data/mwaa-serverless/2024-07-26/service-2.json @@ -0,0 +1,1696 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-07-26", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"airflow-serverless", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"AmazonMWAAServerless", + "serviceId":"MWAA Serverless", + "signatureVersion":"v4", + "signingName":"airflow-serverless", + "targetPrefix":"AmazonMWAAServerless", + "uid":"mwaa-serverless-2024-07-26" + }, + "operations":{ + "CreateWorkflow":{ + "name":"CreateWorkflow", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateWorkflowRequest"}, + "output":{"shape":"CreateWorkflowResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Creates a new workflow in Amazon Managed Workflows for Apache Airflow Serverless. This operation initializes a workflow with the specified configuration including the workflow definition, execution role, and optional settings for encryption, logging, and networking. You must provide the workflow definition as a YAML file stored in Amazon S3 that defines the DAG structure using supported Amazon Web Services operators. Amazon Managed Workflows for Apache Airflow Serverless automatically creates the first version of the workflow and sets up the necessary execution environment with multi-tenant isolation and security controls.
", + "idempotent":true + }, + "DeleteWorkflow":{ + "name":"DeleteWorkflow", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteWorkflowRequest"}, + "output":{"shape":"DeleteWorkflowResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Deletes a workflow and all its versions. This operation permanently removes the workflow and cannot be undone. Amazon Managed Workflows for Apache Airflow Serverless ensures that all associated resources are properly cleaned up, including stopping any running executions, removing scheduled triggers, and cleaning up execution history. The deletion process respects the multi-tenant isolation boundaries and ensures that no residual data or configurations remain that could affect other customers or workflows.
", + "idempotent":true + }, + "GetTaskInstance":{ + "name":"GetTaskInstance", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetTaskInstanceRequest"}, + "output":{"shape":"GetTaskInstanceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Retrieves detailed information about a specific task instance within a workflow run. Task instances represent individual tasks that are executed as part of a workflow in the Amazon Managed Workflows for Apache Airflow Serverless environment. Each task instance runs in an isolated ECS container with dedicated resources and security boundaries. The service tracks task execution state, retry attempts, and provides detailed timing and error information for troubleshooting and monitoring purposes.
", + "readonly":true + }, + "GetWorkflow":{ + "name":"GetWorkflow", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetWorkflowRequest"}, + "output":{"shape":"GetWorkflowResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Retrieves detailed information about a workflow, including its configuration, status, and metadata.
", + "readonly":true + }, + "GetWorkflowRun":{ + "name":"GetWorkflowRun", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetWorkflowRunRequest"}, + "output":{"shape":"GetWorkflowRunResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Retrieves detailed information about a specific workflow run, including its status, execution details, and task instances.
", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Lists all tags that are associated with a specified Amazon Managed Workflows for Apache Airflow Serverless resource.
", + "readonly":true + }, + "ListTaskInstances":{ + "name":"ListTaskInstances", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTaskInstancesRequest"}, + "output":{"shape":"ListTaskInstancesResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Lists all task instances for a specific workflow run, with optional pagination support.
", + "readonly":true + }, + "ListWorkflowRuns":{ + "name":"ListWorkflowRuns", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListWorkflowRunsRequest"}, + "output":{"shape":"ListWorkflowRunsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Lists all runs for a specified workflow, with optional pagination and filtering support.
", + "readonly":true + }, + "ListWorkflowVersions":{ + "name":"ListWorkflowVersions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListWorkflowVersionsRequest"}, + "output":{"shape":"ListWorkflowVersionsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Lists all versions of a specified workflow, with optional pagination support.
", + "readonly":true + }, + "ListWorkflows":{ + "name":"ListWorkflows", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListWorkflowsRequest"}, + "output":{"shape":"ListWorkflowsResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Lists all workflows in your account, with optional pagination support. This operation returns summary information for workflows, showing only the most recently created version of each workflow. Amazon Managed Workflows for Apache Airflow Serverless maintains workflow metadata in a highly available, distributed storage system that enables efficient querying and filtering. The service implements proper access controls to ensure you can only view workflows that you have permissions to access, supporting both individual and team-based workflow management scenarios.
", + "readonly":true + }, + "StartWorkflowRun":{ + "name":"StartWorkflowRun", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StartWorkflowRunRequest"}, + "output":{"shape":"StartWorkflowRunResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Starts a new execution of a workflow. This operation creates a workflow run that executes the tasks that are defined in the workflow. Amazon Managed Workflows for Apache Airflow Serverless schedules the workflow execution across its managed Airflow environment, automatically scaling ECS worker tasks based on the workload. The service handles task isolation, dependency resolution, and provides comprehensive monitoring and logging throughout the execution lifecycle.
", + "idempotent":true + }, + "StopWorkflowRun":{ + "name":"StopWorkflowRun", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"StopWorkflowRunRequest"}, + "output":{"shape":"StopWorkflowRunResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Stops a running workflow execution. This operation terminates all running tasks and prevents new tasks from starting. Amazon Managed Workflows for Apache Airflow Serverless gracefully shuts down the workflow execution by stopping task scheduling and terminating active ECS worker containers. The operation transitions the workflow run to a STOPPING state and then to STOPPED once all cleanup is complete. In-flight tasks may complete or be terminated depending on their current execution state.
Adds tags to an Amazon Managed Workflows for Apache Airflow Serverless resource. Tags are key-value pairs that help you organize and categorize your resources.
" + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"} + ], + "documentation":"Removes tags from an Amazon Managed Workflows for Apache Airflow Serverless resource. This operation removes the specified tags from the resource.
", + "idempotent":true + }, + "UpdateWorkflow":{ + "name":"UpdateWorkflow", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateWorkflowRequest"}, + "output":{"shape":"UpdateWorkflowResponse"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"OperationTimeoutException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Updates an existing workflow with new configuration settings. This operation allows you to modify the workflow definition, role, and other settings. When you update a workflow, Amazon Managed Workflows for Apache Airflow Serverless automatically creates a new version with the updated configuration and disables scheduling on all previous versions to ensure only one version is actively scheduled at a time. The update operation maintains workflow history while providing a clean transition to the new configuration.
" + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"You do not have sufficient permission to perform this action.
", + "exception":true + }, + "ConflictException":{ + "type":"structure", + "required":[ + "Message", + "ResourceId", + "ResourceType" + ], + "members":{ + "Message":{"shape":"ErrorMessage"}, + "ResourceId":{ + "shape":"String", + "documentation":"The unique identifier of the resource.
" + }, + "ResourceType":{ + "shape":"String", + "documentation":"The type of the resource.
" + } + }, + "documentation":"You cannot create a resource that already exists, or the resource is in a state that prevents the requested operation.
", + "exception":true + }, + "CreateWorkflowRequest":{ + "type":"structure", + "required":[ + "Name", + "DefinitionS3Location", + "RoleArn" + ], + "members":{ + "Name":{ + "shape":"NameString", + "documentation":"The name of the workflow. You must use unique workflow names within your Amazon Web Services account. The service generates a unique identifier that is appended to ensure temporal uniqueness across the account lifecycle.
" + }, + "ClientToken":{ + "shape":"IdempotencyTokenString", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This token prevents duplicate workflow creation requests.
", + "idempotencyToken":true + }, + "DefinitionS3Location":{ + "shape":"DefinitionS3Location", + "documentation":"The Amazon S3 location where the workflow definition file is stored. This must point to a valid YAML file that defines the workflow structure using supported Amazon Web Services operators and tasks. Amazon Managed Workflows for Apache Airflow Serverless takes a snapshot of the definition at creation time, so subsequent changes to the Amazon S3 object will not affect the workflow unless you create a new version. In your YAML definition, include task dependencies, scheduling information, and operator configurations that are compatible with the Amazon Managed Workflows for Apache Airflow Serverless execution environment.
" + }, + "RoleArn":{ + "shape":"RoleARN", + "documentation":"The Amazon Resource Name (ARN) of the IAM role that Amazon Managed Workflows for Apache Airflow Serverless assumes when executing the workflow. This role must have the necessary permissions to access the required Amazon Web Services services and resources that your workflow tasks will interact with. The role is used for task execution in the isolated, multi-tenant environment and should follow the principle of least privilege. Amazon Managed Workflows for Apache Airflow Serverless validates role access during workflow creation but runtime permission checks are performed by the target services.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"An optional description of the workflow that you can use to provide additional context about the workflow's purpose and functionality.
" + }, + "EncryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"The configuration for encrypting workflow data at rest and in transit. Specifies the encryption type and optional KMS key for customer-managed encryption.
" + }, + "LoggingConfiguration":{ + "shape":"LoggingConfiguration", + "documentation":"The configuration for workflow logging. Specifies the CloudWatch log group where workflow execution logs are stored. Amazon Managed Workflows for Apache Airflow Serverless automatically exports worker logs and task-level information to the specified log group in your account using remote logging functionality. This provides comprehensive observability for debugging and monitoring workflow execution across the distributed, serverless environment.
" + }, + "EngineVersion":{ + "shape":"EngineVersion", + "documentation":"The version of the Amazon Managed Workflows for Apache Airflow Serverless engine that you want to use for this workflow. This determines the feature set, supported operators, and execution environment capabilities available to your workflow. Amazon Managed Workflows for Apache Airflow Serverless maintains backward compatibility across versions while introducing new features and improvements. Currently supports version 1 with plans for additional versions as the service evolves.
" + }, + "NetworkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"Network configuration for the workflow execution environment, including VPC security groups and subnets for secure network access. When specified, Amazon Managed Workflows for Apache Airflow Serverless deploys ECS worker tasks in your customer VPC to provide secure connectivity to your resources. If not specified, tasks run in the service's default worker VPC with network isolation from other customers. This configuration enables secure access to VPC-only resources like RDS databases or private endpoints.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"A map of tags to assign to the workflow resource. Tags are key-value pairs that are used for resource organization and cost allocation.
" + }, + "TriggerMode":{ + "shape":"GenericString", + "documentation":"The trigger mode for the workflow execution.
" + } + } + }, + "CreateWorkflowResponse":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the newly created workflow. This ARN uniquely identifies the workflow resource.
" + }, + "CreatedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow was created, in ISO 8601 date-time format.
" + }, + "RevisionId":{ + "shape":"String", + "documentation":"A unique identifier for this revision of the workflow configuration. This ID changes when the workflow is updated and you can use it for optimistic concurrency control in update operations. The revision ID helps prevent conflicting updates and ensures that updates are applied to the expected version of the workflow configuration.
" + }, + "WorkflowStatus":{ + "shape":"WorkflowStatus", + "documentation":"The current status of the workflow. Possible values are READY (workflow is ready to run) and DELETING (workflow is being deleted).
The version identifier of the workflow. This is a service-generated alphanumeric string that uniquely identifies this version of the workflow. Amazon Managed Workflows for Apache Airflow Serverless uses a version-first approach where each workflow can have multiple immutable versions, which allows you to maintain different configurations and roll back to previous versions as needed. The version identifier is used in ARNs and API operations to reference specific workflow versions.
" + }, + "IsLatestVersion":{ + "shape":"IsLatestVersion", + "documentation":"A Boolean flag that indicates whether this workflow version is the latest version of the workflow.
" + }, + "Warnings":{ + "shape":"WarningMessages", + "documentation":"Warning messages generated during workflow creation.
" + } + } + }, + "DefinitionS3Location":{ + "type":"structure", + "required":[ + "Bucket", + "ObjectKey" + ], + "members":{ + "Bucket":{ + "shape":"String", + "documentation":"The name of the Amazon S3 bucket that contains the workflow definition file.
" + }, + "ObjectKey":{ + "shape":"String", + "documentation":"The key (name) of the workflow definition file within the S3 bucket.
" + }, + "VersionId":{ + "shape":"String", + "documentation":"Optional. The version ID of the workflow definition file in Amazon S3. If not specified, the latest version is used.
" + } + }, + "documentation":"Specifies the Amazon S3 location of a workflow definition file. This structure contains the bucket name, object key, and optional version ID for the workflow definition. Amazon Managed Workflows for Apache Airflow Serverless takes a snapshot of the definition file at the time of workflow creation or update, ensuring that the workflow behavior remains consistent even if the source file is modified. The definition must be a valid YAML file that uses supported Amazon Web Services operators and Amazon Managed Workflows for Apache Airflow Serverless syntax.
" + }, + "DeleteWorkflowRequest":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow you want to delete.
" + }, + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"Optional. The specific version of the workflow to delete. If not specified, all versions of the workflow are deleted.
" + } + } + }, + "DeleteWorkflowResponse":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the deleted workflow.
" + }, + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"The version of the workflow that was deleted.
" + } + } + }, + "DescriptionString":{ + "type":"string", + "max":1024, + "min":1, + "pattern":".+" + }, + "Document":{ + "type":"structure", + "members":{}, + "document":true + }, + "EncryptionConfiguration":{ + "type":"structure", + "required":["Type"], + "members":{ + "Type":{ + "shape":"EncryptionType", + "documentation":"The type of encryption to use. Values are AWS_MANAGED_KEY (Amazon Web Services manages the encryption key) or CUSTOMER_MANAGED_KEY (you provide a KMS key).
The ID or ARN of the Amazon Web Services KMS key to use for encryption. Required when Type is CUSTOMER_MANAGED_KEY.
Configuration for encrypting workflow data at rest and in transit. Amazon Managed Workflows for Apache Airflow Serverless provides comprehensive encryption capabilities to protect sensitive workflow data, parameters, and execution logs. When using customer-managed keys, the service integrates with Amazon Web Services KMS to provide fine-grained access control and audit capabilities. Encryption is applied consistently across the distributed execution environment including task containers, metadata storage, and log streams.
" + }, + "EncryptionType":{ + "type":"string", + "enum":[ + "AWS_MANAGED_KEY", + "CUSTOMER_MANAGED_KEY" + ] + }, + "EngineVersion":{ + "type":"integer", + "box":true + }, + "ErrorMessage":{ + "type":"string", + "max":2048, + "min":1, + "pattern":".*" + }, + "GenericMap":{ + "type":"map", + "key":{"shape":"GenericString"}, + "value":{"shape":"GenericString"} + }, + "GenericString":{ + "type":"string", + "max":255, + "min":1, + "pattern":".*" + }, + "GetTaskInstanceRequest":{ + "type":"structure", + "required":[ + "WorkflowArn", + "TaskInstanceId", + "RunId" + ], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains the task instance.
" + }, + "TaskInstanceId":{ + "shape":"IdString", + "documentation":"The unique identifier of the task instance to retrieve.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run that contains the task instance.
" + } + } + }, + "GetTaskInstanceResponse":{ + "type":"structure", + "required":[ + "WorkflowArn", + "RunId", + "TaskInstanceId" + ], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains this task instance.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run that contains this task instance.
" + }, + "TaskInstanceId":{ + "shape":"IdString", + "documentation":"The unique identifier of this task instance.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"The version of the workflow that contains this task instance.
" + }, + "Status":{ + "shape":"TaskInstanceStatus", + "documentation":"The current status of the task instance.
" + }, + "DurationInSeconds":{ + "shape":"Integer", + "documentation":"The duration of the task instance execution in seconds. This value is null if the task is not complete.
" + }, + "OperatorName":{ + "shape":"GenericString", + "documentation":"The name of the Apache Airflow operator used for this task instance.
" + }, + "ModifiedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the task instance was last modified, in ISO 8601 date-time format.
" + }, + "EndedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the task instance completed execution, in ISO 8601 date-time format. This value is null if the task is not complete.
" + }, + "StartedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the task instance started execution, in ISO 8601 date-time format. This value is null if the task has not started.
" + }, + "AttemptNumber":{ + "shape":"Integer", + "documentation":"The attempt number for this task instance.
" + }, + "ErrorMessage":{ + "shape":"GenericString", + "documentation":"The error message if the task instance failed. This value is null if the task completed successfully.
" + }, + "TaskId":{ + "shape":"IdString", + "documentation":"The unique identifier of the task definition within the workflow.
" + }, + "LogStream":{ + "shape":"IdString", + "documentation":"The CloudWatch log stream name for this task instance execution.
" + }, + "Xcom":{ + "shape":"GenericMap", + "documentation":"Cross-communication data exchanged between tasks in the workflow execution.
" + } + } + }, + "GetWorkflowRequest":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow you want to retrieve.
" + }, + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"Optional. The specific version of the workflow to retrieve. If not specified, the latest version is returned.
" + } + } + }, + "GetWorkflowResponse":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow.
" + }, + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"The version identifier of the workflow.
" + }, + "Name":{ + "shape":"NameString", + "documentation":"The name of the workflow.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"The description of the workflow.
" + }, + "CreatedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow was created, in ISO 8601 date-time format.
" + }, + "ModifiedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow was last modified, in ISO 8601 date-time format.
" + }, + "EncryptionConfiguration":{ + "shape":"EncryptionConfiguration", + "documentation":"The encryption configuration for the workflow.
" + }, + "LoggingConfiguration":{ + "shape":"LoggingConfiguration", + "documentation":"The logging configuration for the workflow.
" + }, + "EngineVersion":{ + "shape":"EngineVersion", + "documentation":"The version of the Amazon Managed Workflows for Apache Airflow Serverless engine that this workflow uses.
" + }, + "WorkflowStatus":{ + "shape":"WorkflowStatus", + "documentation":"The current status of the workflow.
" + }, + "DefinitionS3Location":{ + "shape":"DefinitionS3Location", + "documentation":"The Amazon S3 location of the workflow definition file.
" + }, + "ScheduleConfiguration":{ + "shape":"ScheduleConfiguration", + "documentation":"The schedule configuration for the workflow, including cron expressions for automated execution. Amazon Managed Workflows for Apache Airflow Serverless uses EventBridge Scheduler for cost-effective, timezone-aware scheduling. When a workflow includes schedule information in its YAML definition, the service automatically configures the appropriate triggers for automated execution. Only one version of a workflow can have an active schedule at any given time.
" + }, + "RoleArn":{ + "shape":"RoleARN", + "documentation":"The Amazon Resource Name (ARN) of the IAM role used for workflow execution.
" + }, + "NetworkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"The network configuration for the workflow execution environment.
" + }, + "TriggerMode":{ + "shape":"GenericString", + "documentation":"The trigger mode for the workflow execution.
" + }, + "WorkflowDefinition":{ + "shape":"GenericString", + "documentation":"The workflow definition content.
" + } + } + }, + "GetWorkflowRunRequest":{ + "type":"structure", + "required":[ + "WorkflowArn", + "RunId" + ], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains the run.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run to retrieve.
" + } + } + }, + "GetWorkflowRunResponse":{ + "type":"structure", + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains this run.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"The version of the workflow that is used for this run.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of this workflow run.
" + }, + "RunType":{ + "shape":"RunType", + "documentation":"The type of workflow run. Values are ON_DEMAND (manually triggered) or SCHEDULED (automatically triggered by schedule).
Parameters that were overridden for this specific workflow run.
" + }, + "RunDetail":{ + "shape":"WorkflowRunDetail", + "documentation":"Detailed information about the workflow run execution, including timing, status, and task instances.
" + } + } + }, + "IdString":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9]+[a-zA-Z0-9\\.\\-_]*" + }, + "IdempotencyTokenString":{ + "type":"string", + "max":128, + "min":1, + "pattern":"[\\x21-\\x7E]+" + }, + "Integer":{ + "type":"integer", + "box":true + }, + "InternalServerException":{ + "type":"structure", + "required":["Message"], + "members":{ + "Message":{"shape":"ErrorMessage"}, + "RetryAfterSeconds":{ + "shape":"Integer", + "documentation":"The number of seconds to wait before retrying the operation.
" + } + }, + "documentation":"An unexpected server-side error occurred during request processing.
", + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "IsLatestVersion":{ + "type":"boolean", + "box":true + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"TaggableResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the resource for which to list tags.
" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{ + "shape":"Tags", + "documentation":"A map of tags that are associated with the resource, where each tag consists of a key-value pair.
" + } + } + }, + "ListTaskInstancesRequest":{ + "type":"structure", + "required":[ + "WorkflowArn", + "RunId" + ], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains the run.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run for which you want a list of task instances.
" + }, + "MaxResults":{ + "shape":"ListTaskInstancesRequestMaxResultsInteger", + "documentation":"The maximum number of task instances to return in a single response.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is returned from a previous call to ListTaskInstances.
A list of task instance summaries for the specified workflow run.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is null if there are no more results.
" + } + } + }, + "ListWorkflowRunsRequest":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "MaxResults":{ + "shape":"ListWorkflowRunsRequestMaxResultsInteger", + "documentation":"The maximum number of workflow runs to return in a single response.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is returned from a previous call to ListWorkflowRuns.
The Amazon Resource Name (ARN) of the workflow for which you want a list of runs.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"Optional. The specific version of the workflow for which you want a list of runs. If not specified, runs for all versions are returned.
" + } + } + }, + "ListWorkflowRunsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListWorkflowRunsResponse":{ + "type":"structure", + "members":{ + "WorkflowRuns":{ + "shape":"WorkflowRunSummaries", + "documentation":"A list of workflow run summaries for the specified workflow.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is null if there are no more results.
" + } + } + }, + "ListWorkflowVersionsRequest":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "MaxResults":{ + "shape":"ListWorkflowVersionsRequestMaxResultsInteger", + "documentation":"The maximum number of workflow versions to return in a single response.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is returned from a previous call to ListWorkflowVersions.
The Amazon Resource Name (ARN) of the workflow for which you want to list versions.
" + } + } + }, + "ListWorkflowVersionsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListWorkflowVersionsResponse":{ + "type":"structure", + "members":{ + "WorkflowVersions":{ + "shape":"WorkflowVersionSummaries", + "documentation":"A list of workflow version summaries for the specified workflow.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is null if there are no more results.
" + } + } + }, + "ListWorkflowsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"ListWorkflowsRequestMaxResultsInteger", + "documentation":"The maximum number of workflows you want to return in a single response.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is returned from a previous call to ListWorkflows.
A list of workflow summaries for all workflows in your account.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The pagination token you need to use to retrieve the next set of results. This value is null if there are no more results.
" + } + } + }, + "LoggingConfiguration":{ + "type":"structure", + "required":["LogGroupName"], + "members":{ + "LogGroupName":{ + "shape":"String", + "documentation":"The name of the CloudWatch log group where workflow execution logs are stored.
" + } + }, + "documentation":"Configuration for workflow logging that specifies where you should store your workflow execution logs. Amazon Managed Workflows for Apache Airflow Serverless provides comprehensive logging capabilities that capture workflow execution details, task-level information, and system events. Logs are automatically exported to your specified CloudWatch log group using remote logging functionality, providing centralized observability across the distributed, multi-tenant execution environment. This enables effective debugging, monitoring, and compliance auditing of workflow executions.
" + }, + "NameString":{ + "type":"string", + "max":255, + "min":1, + "pattern":"[a-zA-Z0-9]+[a-zA-Z0-9\\.\\-_]*" + }, + "NetworkConfiguration":{ + "type":"structure", + "members":{ + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"A list of VPC security group IDs to associate with the workflow execution environment.
" + }, + "SubnetIds":{ + "shape":"SubnetIds", + "documentation":"A list of VPC subnet IDs where the workflow execution environment is deployed.
" + } + }, + "documentation":"Network configuration for workflow execution. Specifies VPC security groups and subnets for secure network access. When provided, Amazon Managed Workflows for Apache Airflow Serverless deploys ECS worker tasks in your specified VPC configuration, enabling secure access to VPC-only resources. The service uses a proxy API container architecture where one container handles external communication while the worker container connects to your VPC for task execution. This design provides both security isolation and connectivity flexibility.
" + }, + "ObjectMap":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"Document"}, + "sensitive":true + }, + "OperationTimeoutException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "documentation":"The operation timed out.
", + "exception":true, + "fault":true + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":[ + "Message", + "ResourceId", + "ResourceType" + ], + "members":{ + "Message":{"shape":"ErrorMessage"}, + "ResourceId":{ + "shape":"String", + "documentation":"The unique identifier of the resource.
" + }, + "ResourceType":{ + "shape":"String", + "documentation":"The type of the resource.
" + } + }, + "documentation":"The specified resource was not found. You can only access or modify a resource that already exists.
", + "exception":true + }, + "RoleARN":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws(?:-(?:cn|us-gov|iso|iso-b|iso-e|iso-f))?:iam::[0-9]{12}:role(/[a-zA-Z0-9+=,.@_\\-]{1,512})*?/[a-zA-Z0-9+=,.@_\\-]{1,64}" + }, + "RunDetailSummary":{ + "type":"structure", + "members":{ + "Status":{ + "shape":"WorkflowRunStatus", + "documentation":"The current status of the workflow run.
" + }, + "CreatedOn":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run was created, in ISO 8601 date-time format.
" + }, + "StartedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run started execution, in ISO 8601 date-time format.
" + }, + "EndedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run completed execution, in ISO 8601 date-time format. This value is null if the run is not complete.
" + } + }, + "documentation":"Summary information about a workflow run's execution details, including status and timing information.
" + }, + "RunType":{ + "type":"string", + "enum":[ + "ON_DEMAND", + "SCHEDULED" + ] + }, + "ScheduleConfiguration":{ + "type":"structure", + "members":{ + "CronExpression":{ + "shape":"String", + "documentation":"A cron expression that defines when the workflow is automatically executed. Uses standard cron syntax.
" + } + }, + "documentation":"The configuration to use to schedule automated workflow execution using cron expressions. Amazon Managed Workflows for Apache Airflow Serverless integrates with EventBridge Scheduler to provide cost-effective, timezone-aware scheduling capabilities. The service supports both time-based and event-based scheduling (event-based scheduling available post-GA). When a workflow definition includes scheduling information, Amazon Managed Workflows for Apache Airflow Serverless automatically configures the appropriate triggers and ensures only one version of a workflow has an active schedule at any time.
" + }, + "SecurityGroupIds":{ + "type":"list", + "member":{"shape":"SecurityGroupString"} + }, + "SecurityGroupString":{ + "type":"string", + "max":255, + "min":1, + "pattern":"sg-[a-z0-9]*" + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":[ + "Message", + "ResourceId", + "ResourceType", + "ServiceCode", + "QuotaCode" + ], + "members":{ + "Message":{"shape":"ErrorMessage"}, + "ResourceId":{ + "shape":"String", + "documentation":"The unique identifier of the resource.
" + }, + "ResourceType":{ + "shape":"String", + "documentation":"The type of resource affected.
" + }, + "ServiceCode":{ + "shape":"String", + "documentation":"The code for the service.
" + }, + "QuotaCode":{ + "shape":"String", + "documentation":"The code of the quota.
" + } + }, + "documentation":"The request exceeds the service quota for Amazon Managed Workflows for Apache Airflow Serverless resources. This can occur when you attempt to create more workflows than allowed, exceed concurrent workflow run limits, or surpass task execution limits. Amazon Managed Workflows for Apache Airflow Serverless implements admission control using DynamoDB-based counters to manage resource utilization across the multi-tenant environment. Contact Amazon Web Services Support to request quota increases if you need higher limits for your use case.
", + "exception":true + }, + "StartWorkflowRunRequest":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow you want to run.
" + }, + "ClientToken":{ + "shape":"IdempotencyTokenString", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This token prevents duplicate workflow run requests.
", + "idempotencyToken":true + }, + "OverrideParameters":{ + "shape":"ObjectMap", + "documentation":"Optional parameters to override default workflow parameters for this specific run. These parameters are passed to the workflow during execution and can be used to customize behavior without modifying the workflow definition. Parameters are made available as environment variables to tasks and you can reference them within the YAML workflow definition using standard parameter substitution syntax.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"Optional. The specific version of the workflow to execute. If not specified, the latest version is used.
" + } + } + }, + "StartWorkflowRunResponse":{ + "type":"structure", + "members":{ + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the newly started workflow run.
" + }, + "Status":{ + "shape":"WorkflowRunStatus", + "documentation":"The initial status of the workflow run. This is typically STARTING when you first create the run.
The timestamp when the workflow run was started, in ISO 8601 date-time format.
" + } + } + }, + "StopWorkflowRunRequest":{ + "type":"structure", + "required":[ + "WorkflowArn", + "RunId" + ], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains the run you want to stop.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run to stop.
" + } + } + }, + "StopWorkflowRunResponse":{ + "type":"structure", + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains the stopped run.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"The version of the workflow that was stopped.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the stopped workflow run.
" + }, + "Status":{ + "shape":"WorkflowRunStatus", + "documentation":"The status of the workflow run after the stop operation. This is typically STOPPING or STOPPED.
The Amazon Resource Name (ARN) of the resource to which to add tags.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"A map of tags to add to the resource. Each tag consists of a key-value pair.
" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":".*" + }, + "TaggableResourceArn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"arn:aws(?:-(?:cn|us-gov|iso|iso-b|iso-e|iso-f))?:airflow-serverless:([a-z]{2}-[a-z]+-[0-9]{1}):([0-9]{12}):workflow/([a-zA-Z0-9][a-zA-Z0-9\\.\\-_]{0,254}-[a-zA-Z0-9]{10})" + }, + "Tags":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":50, + "min":0 + }, + "TaskInstanceIds":{ + "type":"list", + "member":{"shape":"IdString"} + }, + "TaskInstanceStatus":{ + "type":"string", + "enum":[ + "QUEUED", + "FAILED", + "SCHEDULED", + "RUNNING", + "SUCCESS", + "UP_FOR_RESCHEDULE", + "UP_FOR_RETRY", + "UPSTREAM_FAILED", + "REMOVED", + "RESTARTING", + "DEFERRED", + "NONE", + "CANCELLED", + "TIMEOUT" + ] + }, + "TaskInstanceSummaries":{ + "type":"list", + "member":{"shape":"TaskInstanceSummary"} + }, + "TaskInstanceSummary":{ + "type":"structure", + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains this task instance.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"The version of the workflow that contains this task instance.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run that contains this task instance.
" + }, + "TaskInstanceId":{ + "shape":"IdString", + "documentation":"The unique identifier of this task instance.
" + }, + "Status":{ + "shape":"TaskInstanceStatus", + "documentation":"The current status of the task instance.
" + }, + "DurationInSeconds":{ + "shape":"Integer", + "documentation":"The duration of the task instance execution in seconds. This value is null if the task is not complete.
" + }, + "OperatorName":{ + "shape":"GenericString", + "documentation":"The name of the Apache Airflow operator used for this task instance.
" + } + }, + "documentation":"Summary information about a task instance within a workflow run, including its status and execution details.
" + }, + "ThrottlingException":{ + "type":"structure", + "required":[ + "Message", + "ServiceCode", + "QuotaCode" + ], + "members":{ + "Message":{"shape":"ErrorMessage"}, + "ServiceCode":{ + "shape":"String", + "documentation":"The code for the service.
" + }, + "QuotaCode":{ + "shape":"String", + "documentation":"The code of the quota.
" + }, + "RetryAfterSeconds":{ + "shape":"Integer", + "documentation":"The number of seconds to wait before retrying the operation.
" + } + }, + "documentation":"The request was denied because too many requests were made in a short period, exceeding the service rate limits. Amazon Managed Workflows for Apache Airflow Serverless implements throttling controls to ensure fair resource allocation across all customers in the multi-tenant environment. This helps maintain service stability and performance. If you encounter throttling, implement exponential backoff and retry logic in your applications, or consider distributing your API calls over a longer time period.
", + "exception":true, + "retryable":{"throttling":true} + }, + "TimestampValue":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"TaggableResourceArn", + "documentation":"The Amazon Resource Name (ARN) of the resource from which to remove tags.
" + }, + "TagKeys":{ + "shape":"TagKeys", + "documentation":"A list of tag keys to remove from the resource. Only the keys are required; the values are ignored.
" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateWorkflowRequest":{ + "type":"structure", + "required":[ + "WorkflowArn", + "DefinitionS3Location", + "RoleArn" + ], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow you want to update.
" + }, + "DefinitionS3Location":{ + "shape":"DefinitionS3Location", + "documentation":"The Amazon S3 location where the updated workflow definition file is stored.
" + }, + "RoleArn":{ + "shape":"RoleARN", + "documentation":"The Amazon Resource Name (ARN) of the IAM role that Amazon Managed Workflows for Apache Airflow Serverless assumes when it executes the updated workflow.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"An updated description for the workflow.
" + }, + "LoggingConfiguration":{ + "shape":"LoggingConfiguration", + "documentation":"Updated logging configuration for the workflow.
" + }, + "EngineVersion":{ + "shape":"EngineVersion", + "documentation":"The version of the Amazon Managed Workflows for Apache Airflow Serverless engine that you want to use for the updated workflow.
" + }, + "NetworkConfiguration":{ + "shape":"NetworkConfiguration", + "documentation":"Updated network configuration for the workflow execution environment.
" + }, + "TriggerMode":{ + "shape":"GenericString", + "documentation":"The trigger mode for the workflow execution.
" + } + } + }, + "UpdateWorkflowResponse":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the updated workflow.
" + }, + "ModifiedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow was last modified, in ISO 8601 date-time format.
" + }, + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"The version identifier of the updated workflow.
" + }, + "Warnings":{ + "shape":"WarningMessages", + "documentation":"Warning messages generated during workflow update.
" + } + } + }, + "ValidationException":{ + "type":"structure", + "required":[ + "Message", + "Reason" + ], + "members":{ + "Message":{"shape":"ErrorMessage"}, + "Reason":{ + "shape":"ValidationExceptionReason", + "documentation":"The reason the request failed validation.
" + }, + "FieldList":{ + "shape":"ValidationExceptionFields", + "documentation":"The fields that failed validation.
" + } + }, + "documentation":"The specified request parameters are invalid, missing, or inconsistent with Amazon Managed Workflows for Apache Airflow Serverless service requirements. This can occur when workflow definitions contain unsupported operators, when required IAM permissions are missing, when S3 locations are inaccessible, or when network configurations are invalid. The service validates workflow definitions, execution roles, and resource configurations to ensure compatibility with the managed Airflow environment and security requirements.
", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "Name", + "Message" + ], + "members":{ + "Name":{ + "shape":"String", + "documentation":"The name of the field that failed validation.
" + }, + "Message":{ + "shape":"ErrorMessage", + "documentation":"A message that describes why the field failed validation.
" + } + }, + "documentation":"Contains information about a field that failed validation, including the field name and a descriptive error message.
" + }, + "ValidationExceptionFields":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "unknownOperation", + "cannotParse", + "fieldValidationFailed", + "other" + ] + }, + "VersionId":{ + "type":"string", + "max":2048, + "min":1, + "pattern":".+" + }, + "WarningMessages":{ + "type":"list", + "member":{"shape":"String"} + }, + "WorkflowArn":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"arn:aws(?:-(?:cn|us-gov|iso|iso-b|iso-e|iso-f))?:airflow-serverless:([a-z]{2}-[a-z]+-[0-9]{1}):([0-9]{12}):workflow/([a-zA-Z0-9][a-zA-Z0-9\\.\\-_]{0,254}-[a-zA-Z0-9]{10})" + }, + "WorkflowRunDetail":{ + "type":"structure", + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains this run.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"The version of the workflow used for this run.
" + }, + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of this workflow run.
" + }, + "RunType":{ + "shape":"RunType", + "documentation":"The type of workflow run.
" + }, + "StartedOn":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run started execution, in ISO 8601 date-time format.
" + }, + "CreatedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run was created, in ISO 8601 date-time format.
" + }, + "CompletedOn":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run completed execution, in ISO 8601 date-time format. This value is null if the run is not complete.
" + }, + "ModifiedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow run was last modified, in ISO 8601 date-time format.
" + }, + "Duration":{ + "shape":"Integer", + "documentation":"The total duration of the workflow run execution in seconds. This value is null if the run is not complete.
" + }, + "ErrorMessage":{ + "shape":"GenericString", + "documentation":"The error message if the workflow run failed. This value is null if the run completed successfully.
" + }, + "TaskInstances":{ + "shape":"TaskInstanceIds", + "documentation":"A list of task instance IDs that are part of this workflow run.
" + }, + "RunState":{ + "shape":"WorkflowRunStatus", + "documentation":"The current execution state of the workflow run.
" + } + }, + "documentation":"Detailed information about a workflow run execution, including timing, status, error information, and associated task instances. This structure provides comprehensive visibility into the workflow execution lifecycle within the Amazon Managed Workflows for Apache Airflow Serverless serverless environment. The service tracks execution across distributed ECS worker tasks and provides detailed timing information, error diagnostics, and task instance relationships to support effective monitoring and troubleshooting of complex workflow executions.
" + }, + "WorkflowRunStatus":{ + "type":"string", + "enum":[ + "STARTING", + "QUEUED", + "RUNNING", + "SUCCESS", + "FAILED", + "TIMEOUT", + "STOPPING", + "STOPPED" + ] + }, + "WorkflowRunSummaries":{ + "type":"list", + "member":{"shape":"WorkflowRunSummary"} + }, + "WorkflowRunSummary":{ + "type":"structure", + "members":{ + "RunId":{ + "shape":"IdString", + "documentation":"The unique identifier of the workflow run.
" + }, + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains this run.
" + }, + "WorkflowVersion":{ + "shape":"VersionId", + "documentation":"The version of the workflow used for this run.
" + }, + "RunType":{ + "shape":"RunType", + "documentation":"The type of workflow run.
" + }, + "RunDetailSummary":{ + "shape":"RunDetailSummary", + "documentation":"Summary details about the workflow run execution.
" + } + }, + "documentation":"Summary information about a workflow run, including basic identification and status information.
" + }, + "WorkflowStatus":{ + "type":"string", + "enum":[ + "READY", + "DELETING" + ] + }, + "WorkflowSummaries":{ + "type":"list", + "member":{"shape":"WorkflowSummary"} + }, + "WorkflowSummary":{ + "type":"structure", + "required":["WorkflowArn"], + "members":{ + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow.
" + }, + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"The version identifier of the workflow.
" + }, + "Name":{ + "shape":"NameString", + "documentation":"The name of the workflow.
" + }, + "Description":{ + "shape":"DescriptionString", + "documentation":"The description of the workflow.
" + }, + "CreatedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow was created, in ISO 8601 date-time format.
" + }, + "ModifiedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow was last modified, in ISO 8601 date-time format.
" + }, + "WorkflowStatus":{ + "shape":"WorkflowStatus", + "documentation":"The current status of the workflow.
" + }, + "TriggerMode":{ + "shape":"GenericString", + "documentation":"The trigger mode for the workflow execution.
" + } + }, + "documentation":"Summary information about a workflow, including basic identification and metadata.
" + }, + "WorkflowVersion":{ + "type":"string", + "max":32, + "min":32, + "pattern":"[a-z0-9]{32}" + }, + "WorkflowVersionSummaries":{ + "type":"list", + "member":{"shape":"WorkflowVersionSummary"} + }, + "WorkflowVersionSummary":{ + "type":"structure", + "required":[ + "WorkflowVersion", + "WorkflowArn" + ], + "members":{ + "WorkflowVersion":{ + "shape":"WorkflowVersion", + "documentation":"The version identifier of the workflow version.
" + }, + "WorkflowArn":{ + "shape":"WorkflowArn", + "documentation":"The Amazon Resource Name (ARN) of the workflow that contains this version.
" + }, + "IsLatestVersion":{ + "shape":"IsLatestVersion", + "documentation":"Boolean flag that indicates whether this is the latest version of the workflow.
" + }, + "CreatedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow version was created, in ISO 8601 date-time format.
" + }, + "ModifiedAt":{ + "shape":"TimestampValue", + "documentation":"The timestamp when the workflow version was last modified, in ISO 8601 date-time format.
" + }, + "DefinitionS3Location":{ + "shape":"DefinitionS3Location", + "documentation":"The Amazon S3 location of the workflow definition file for this version.
" + }, + "ScheduleConfiguration":{ + "shape":"ScheduleConfiguration", + "documentation":"The schedule configuration for this workflow version.
" + }, + "TriggerMode":{ + "shape":"GenericString", + "documentation":"The trigger mode for the workflow execution.
" + } + }, + "documentation":"Summary information about a workflow version, including identification and configuration details.
" + } + }, + "documentation":"Amazon Managed Workflows for Apache Airflow Serverless provides a managed workflow orchestration platform for running Apache Airflow workflows in a serverless environment. You can use Amazon Managed Workflows for Apache Airflow Serverless to create, manage, and run data processing workflows without managing the underlying infrastructure, Airflow clusters, metadata databases, or scheduling overhead. The service provides secure multi-tenant run environments with automatic scaling, comprehensive logging, and integration with multiple Amazon Web Services services for orchestrating complex analytics workloads.
" +} diff --git a/awscli/botocore/data/mwaa-serverless/2024-07-26/waiters-2.json b/awscli/botocore/data/mwaa-serverless/2024-07-26/waiters-2.json new file mode 100644 index 000000000000..13f60ee66be6 --- /dev/null +++ b/awscli/botocore/data/mwaa-serverless/2024-07-26/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff --git a/awscli/botocore/data/network-firewall/2020-11-12/service-2.json b/awscli/botocore/data/network-firewall/2020-11-12/service-2.json index 7857be4ecc00..a8bb1158456a 100644 --- a/awscli/botocore/data/network-firewall/2020-11-12/service-2.json +++ b/awscli/botocore/data/network-firewall/2020-11-12/service-2.json @@ -807,7 +807,8 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalServerError"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"InvalidTokenException"} ], "documentation":"Enables specific types of firewall analysis on a specific firewall you define.
" }, @@ -2151,6 +2152,18 @@ "LastModifiedTime":{ "shape":"LastUpdateTime", "documentation":"A timestamp indicating when the rule group was last modified.
" + }, + "VendorName":{ + "shape":"VendorName", + "documentation":"The name of the Amazon Web Services Marketplace vendor that provides this rule group.
" + }, + "ProductId":{ + "shape":"ProductId", + "documentation":"The unique identifier for the product listing associated with this rule group.
" + }, + "ListingName":{ + "shape":"ListingName", + "documentation":"The display name of the product listing for this rule group.
" } } }, @@ -3358,6 +3371,10 @@ "shape":"ResourceManagedType", "documentation":"Indicates the general category of the Amazon Web Services managed rule group.
" }, + "SubscriptionStatus":{ + "shape":"SubscriptionStatus", + "documentation":"Filters the results to show only rule groups with the specified subscription status. Use this to find subscribed or unsubscribed rule groups.
" + }, "Type":{ "shape":"RuleGroupType", "documentation":"Indicates whether the rule group is stateless or stateful. If the rule group is stateless, it contains stateless rules. If it is stateful, it contains stateful rules.
" @@ -3464,6 +3481,7 @@ } } }, + "ListingName":{"type":"string"}, "LogDestinationConfig":{ "type":"structure", "required":[ @@ -3600,7 +3618,9 @@ "enum":[ "PENDING", "IN_SYNC", - "CAPACITY_CONSTRAINED" + "CAPACITY_CONSTRAINED", + "NOT_SUBSCRIBED", + "DEPRECATED" ] }, "PolicyString":{ @@ -3672,6 +3692,7 @@ "max":65535, "min":1 }, + "ProductId":{"type":"string"}, "ProtocolNumber":{ "type":"integer", "max":255, @@ -3785,7 +3806,8 @@ "enum":[ "AWS_MANAGED_THREAT_SIGNATURES", "AWS_MANAGED_DOMAIN_LISTS", - "ACTIVE_THREAT_DEFENSE" + "ACTIVE_THREAT_DEFENSE", + "PARTNER_MANAGED" ] }, "ResourceName":{ @@ -3878,6 +3900,10 @@ "Arn":{ "shape":"ResourceArn", "documentation":"The Amazon Resource Name (ARN) of the rule group.
" + }, + "VendorName":{ + "shape":"VendorName", + "documentation":"The name of the Amazon Web Services Marketplace seller that provides this rule group.
" } }, "documentation":"High-level information about a rule group, returned by ListRuleGroups. You can use the information provided in the metadata to retrieve and manage a rule group.
" @@ -4560,6 +4586,13 @@ "type":"list", "member":{"shape":"SubnetMapping"} }, + "SubscriptionStatus":{ + "type":"string", + "enum":[ + "NOT_SUBSCRIBED", + "SUBSCRIBED" + ] + }, "Summary":{ "type":"structure", "members":{ @@ -5448,6 +5481,7 @@ "type":"list", "member":{"shape":"VariableDefinition"} }, + "VendorName":{"type":"string"}, "VpcEndpointAssociation":{ "type":"structure", "required":[ diff --git a/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json b/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json index 3e91f6ab1716..7cd4d6c5eaba 100644 --- a/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json +++ b/awscli/botocore/data/networkflowmonitor/2023-04-19/service-2.json @@ -1282,14 +1282,14 @@ "members":{ "type":{ "shape":"MonitorLocalResourceType", - "documentation":"The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::Region.
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, AWS::EKS::Cluster, or AWS::Region.
The identifier of the local resource. For a VPC or subnet, this identifier is the VPC Amazon Resource Name (ARN) or subnet ARN. For an Availability Zone, this identifier is the AZ name, for example, us-west-2b.
" + "documentation":"The identifier of the local resource. The values you can specify are the following:
For a VPC, subnet or EKS cluster, this identifier is the VPC Amazon Resource Name (ARN), subnet ARN or cluster ARN.
For an Availability Zone, this identifier is the AZ name, for example, us-west-2b.
For a Region, this identifier is the Region name, for example, us-west-2.
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
" + "documentation":"A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, an Availability Zone, an EKS cluster or an Amazon Web Services Region.
" }, "MonitorLocalResourceType":{ "type":"string", @@ -1297,7 +1297,8 @@ "AWS::EC2::VPC", "AWS::AvailabilityZone", "AWS::EC2::Subnet", - "AWS::Region" + "AWS::Region", + "AWS::EKS::Cluster" ] }, "MonitorLocalResources":{ @@ -1329,7 +1330,7 @@ "documentation":"The identifier of the remote resource. For a VPC or subnet, this identifier is the VPC Amazon Resource Name (ARN) or subnet ARN. For an Availability Zone, this identifier is the AZ name, for example, us-west-2b. For an Amazon Web Services Region , this identifier is the Region name, for example, us-west-2.
" } }, - "documentation":"A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, an Amazon Web Services service, or an Amazon Web Services Region.
When a remote resource is an Amazon Web Services Region, Network Flow Monitor provides network performance measurements up to the edge of the Region that you specify.
" + "documentation":"A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. The values you can specify are the following:
For a VPC or subnet, this identifier is the VPC Amazon Resource Name (ARN) or subnet ARN.
For a service, this identifier is one of the following strings: S3 or DynamoDB.
For an Availability Zone, this identifier is the AZ name, for example, us-west-2b.
For a Region, this identifier is the Region name, for example, us-west-2.
When a remote resource is an Amazon Web Services Region, Network Flow Monitor provides network performance measurements up to the edge of the Region that you specify.
" }, "MonitorRemoteResourceType":{ "type":"string", diff --git a/awscli/botocore/data/networkmanager/2019-07-05/paginators-1.json b/awscli/botocore/data/networkmanager/2019-07-05/paginators-1.json index 7196ace62648..b93e201a69c2 100644 --- a/awscli/botocore/data/networkmanager/2019-07-05/paginators-1.json +++ b/awscli/botocore/data/networkmanager/2019-07-05/paginators-1.json @@ -125,6 +125,24 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "Peerings" + }, + "ListAttachmentRoutingPolicyAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "AttachmentRoutingPolicyAssociations" + }, + "ListCoreNetworkPrefixListAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "PrefixListAssociations" + }, + "ListCoreNetworkRoutingInformation": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "CoreNetworkRoutingInformation" } } } diff --git a/awscli/botocore/data/networkmanager/2019-07-05/service-2.json b/awscli/botocore/data/networkmanager/2019-07-05/service-2.json index a578b2c681c8..ec0288248d9a 100644 --- a/awscli/botocore/data/networkmanager/2019-07-05/service-2.json +++ b/awscli/botocore/data/networkmanager/2019-07-05/service-2.json @@ -182,6 +182,25 @@ ], "documentation":"Creates a core network as part of your global network, and optionally, with a core network policy.
" }, + "CreateCoreNetworkPrefixListAssociation":{ + "name":"CreateCoreNetworkPrefixListAssociation", + "http":{ + "method":"POST", + "requestUri":"/prefix-list" + }, + "input":{"shape":"CreateCoreNetworkPrefixListAssociationRequest"}, + "output":{"shape":"CreateCoreNetworkPrefixListAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Creates an association between a core network and a prefix list for routing control.
" + }, "CreateDevice":{ "name":"CreateDevice", "http":{ @@ -437,6 +456,25 @@ ], "documentation":"Deletes a policy version from a core network. You can't delete the current LIVE policy.
" }, + "DeleteCoreNetworkPrefixListAssociation":{ + "name":"DeleteCoreNetworkPrefixListAssociation", + "http":{ + "method":"DELETE", + "requestUri":"/prefix-list/{prefixListArn}/core-network/{coreNetworkId}" + }, + "input":{"shape":"DeleteCoreNetworkPrefixListAssociationRequest"}, + "output":{"shape":"DeleteCoreNetworkPrefixListAssociationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Deletes an association between a core network and a prefix list.
" + }, "DeleteDevice":{ "name":"DeleteDevice", "http":{ @@ -1129,6 +1167,23 @@ ], "documentation":"Returns information about a VPC attachment.
" }, + "ListAttachmentRoutingPolicyAssociations":{ + "name":"ListAttachmentRoutingPolicyAssociations", + "http":{ + "method":"GET", + "requestUri":"/routing-policy-label/core-network/{coreNetworkId}" + }, + "input":{"shape":"ListAttachmentRoutingPolicyAssociationsRequest"}, + "output":{"shape":"ListAttachmentRoutingPolicyAssociationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the routing policy associations for attachments in a core network.
" + }, "ListAttachments":{ "name":"ListAttachments", "http":{ @@ -1178,6 +1233,40 @@ ], "documentation":"Returns a list of core network policy versions.
" }, + "ListCoreNetworkPrefixListAssociations":{ + "name":"ListCoreNetworkPrefixListAssociations", + "http":{ + "method":"GET", + "requestUri":"/prefix-list/core-network/{coreNetworkId}" + }, + "input":{"shape":"ListCoreNetworkPrefixListAssociationsRequest"}, + "output":{"shape":"ListCoreNetworkPrefixListAssociationsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists the prefix list associations for a core network.
" + }, + "ListCoreNetworkRoutingInformation":{ + "name":"ListCoreNetworkRoutingInformation", + "http":{ + "method":"POST", + "requestUri":"/core-networks/{coreNetworkId}/core-network-routing-information" + }, + "input":{"shape":"ListCoreNetworkRoutingInformationRequest"}, + "output":{"shape":"ListCoreNetworkRoutingInformationResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Lists routing information for a core network, including routes and their attributes.
" + }, "ListCoreNetworks":{ "name":"ListCoreNetworks", "http":{ @@ -1237,6 +1326,25 @@ ], "documentation":"Lists the tags for a specified resource.
" }, + "PutAttachmentRoutingPolicyLabel":{ + "name":"PutAttachmentRoutingPolicyLabel", + "http":{ + "method":"POST", + "requestUri":"/routing-policy-label" + }, + "input":{"shape":"PutAttachmentRoutingPolicyLabelRequest"}, + "output":{"shape":"PutAttachmentRoutingPolicyLabelResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Applies a routing policy label to an attachment for traffic routing decisions.
" + }, "PutCoreNetworkPolicy":{ "name":"PutCoreNetworkPolicy", "http":{ @@ -1310,6 +1418,25 @@ ], "documentation":"Rejects a core network attachment request.
" }, + "RemoveAttachmentRoutingPolicyLabel":{ + "name":"RemoveAttachmentRoutingPolicyLabel", + "http":{ + "method":"DELETE", + "requestUri":"/routing-policy-label/core-network/{coreNetworkId}/attachment/{attachmentId}" + }, + "input":{"shape":"RemoveAttachmentRoutingPolicyLabelRequest"}, + "output":{"shape":"RemoveAttachmentRoutingPolicyLabelResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Removes a routing policy label from an attachment.
" + }, "RestoreCoreNetworkPolicyVersion":{ "name":"RestoreCoreNetworkPolicyVersion", "http":{ @@ -1902,7 +2029,9 @@ "MAXIMUM_NO_ENCAP_LIMIT_EXCEEDED", "DIRECT_CONNECT_GATEWAY_NOT_FOUND", "DIRECT_CONNECT_GATEWAY_EXISTING_ATTACHMENTS", - "DIRECT_CONNECT_GATEWAY_NO_PRIVATE_VIF" + "DIRECT_CONNECT_GATEWAY_NO_PRIVATE_VIF", + "VPN_EXISTING_ASSOCIATIONS", + "VPC_UNSUPPORTED_FEATURES" ] }, "AttachmentErrorList":{ @@ -1921,6 +2050,32 @@ "type":"list", "member":{"shape":"Attachment"} }, + "AttachmentRoutingPolicyAssociationSummary":{ + "type":"structure", + "members":{ + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"The ID of the attachment associated with the routing policy.
" + }, + "PendingRoutingPolicies":{ + "shape":"ConstrainedStringList", + "documentation":"The list of routing policies that are pending association with the attachment.
" + }, + "AssociatedRoutingPolicies":{ + "shape":"ConstrainedStringList", + "documentation":"The list of routing policies currently associated with the attachment.
" + }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label associated with the attachment.
" + } + }, + "documentation":"Summary information about routing policy associations for an attachment.
" + }, + "AttachmentRoutingPolicyAssociationsList":{ + "type":"list", + "member":{"shape":"AttachmentRoutingPolicyAssociationSummary"} + }, "AttachmentState":{ "type":"string", "enum":[ @@ -2007,6 +2162,10 @@ "ATTACHMENT_MAPPING", "ATTACHMENT_ROUTE_PROPAGATION", "ATTACHMENT_ROUTE_STATIC", + "ROUTING_POLICY", + "ROUTING_POLICY_SEGMENT_ASSOCIATION", + "ROUTING_POLICY_EDGE_ASSOCIATION", + "ROUTING_POLICY_ATTACHMENT_ASSOCIATION", "CORE_NETWORK_CONFIGURATION", "SEGMENTS_CONFIGURATION", "SEGMENT_ACTIONS_CONFIGURATION", @@ -2550,6 +2709,16 @@ "shape":"ExternalRegionCode", "documentation":"The edge location for the core network change event.
" }, + "PeerEdgeLocation":{ + "shape":"ExternalRegionCode", + "documentation":"The edge location of the peer in a core network change event.
", + "box":true + }, + "RoutingPolicyDirection":{ + "shape":"RoutingPolicyDirection", + "documentation":"The routing policy direction (inbound/outbound) in a core network change event.
", + "box":true + }, "SegmentName":{ "shape":"ConstrainedString", "documentation":"The segment name if the change event is associated with a segment.
" @@ -2565,6 +2734,11 @@ "Cidr":{ "shape":"ConstrainedString", "documentation":"For a STATIC_ROUTE event, this is the IP address.
The names of the routing policies and other association details in the core network change values.
", + "box":true } }, "documentation":"Describes a core network change event.
" @@ -2623,6 +2797,31 @@ "SecurityGroupReferencingSupport":{ "shape":"Boolean", "documentation":"Indicates whether security group referencing is enabled for the core network.
" + }, + "RoutingPolicyDirection":{ + "shape":"RoutingPolicyDirection", + "documentation":"The routing policy direction (inbound/outbound) in a core network change event.
", + "box":true + }, + "RoutingPolicy":{ + "shape":"CoreNetworkPolicyDocument", + "documentation":"The routing policy configuration in the core network change values.
", + "box":true + }, + "PeerEdgeLocations":{ + "shape":"ExternalRegionCodeList", + "documentation":"The edge locations of peers in the core network change values.
", + "box":true + }, + "AttachmentId":{ + "shape":"ConstrainedString", + "documentation":"The attachment identifier in the core network change values.
", + "box":true + }, + "RoutingPolicyAssociationDetails":{ + "shape":"RoutingPolicyAssociationDetailsList", + "documentation":"The names of the routing policies and other association details in the core network change values.
", + "box":true } }, "documentation":"Describes a core network change.
" @@ -2821,6 +3020,40 @@ "type":"list", "member":{"shape":"CoreNetworkPolicyVersion"} }, + "CoreNetworkRoutingInformation":{ + "type":"structure", + "members":{ + "Prefix":{ + "shape":"ConstrainedString", + "documentation":"The IP prefix for the route.
" + }, + "NextHop":{ + "shape":"RoutingInformationNextHop", + "documentation":"The next hop information for the route.
" + }, + "LocalPreference":{ + "shape":"ConstrainedString", + "documentation":"The BGP local preference value for the route.
" + }, + "Med":{ + "shape":"ConstrainedString", + "documentation":"The BGP Multi-Exit Discriminator (MED) value for the route.
" + }, + "AsPath":{ + "shape":"ConstrainedStringList", + "documentation":"The BGP AS path for the route.
" + }, + "Communities":{ + "shape":"ConstrainedStringList", + "documentation":"The BGP community values for the route.
" + } + }, + "documentation":"Routing information for a core network, including route details and BGP attributes.
" + }, + "CoreNetworkRoutingInformationList":{ + "type":"list", + "member":{"shape":"CoreNetworkRoutingInformation"} + }, "CoreNetworkSegment":{ "type":"structure", "members":{ @@ -2929,6 +3162,10 @@ "shape":"AttachmentId", "documentation":"The ID of the attachment between the two connections.
" }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label to apply to the Connect attachment for traffic routing decisions.
" + }, "Options":{ "shape":"ConnectAttachmentOptions", "documentation":"Options for creating an attachment.
" @@ -3053,6 +3290,50 @@ } } }, + "CreateCoreNetworkPrefixListAssociationRequest":{ + "type":"structure", + "required":[ + "CoreNetworkId", + "PrefixListArn", + "PrefixListAlias" + ], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network to associate with the prefix list.
" + }, + "PrefixListArn":{ + "shape":"PrefixListArn", + "documentation":"The ARN of the prefix list to associate with the core network.
" + }, + "PrefixListAlias":{ + "shape":"ConstrainedString", + "documentation":"An optional alias for the prefix list association.
" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "CreateCoreNetworkPrefixListAssociationResponse":{ + "type":"structure", + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network associated with the prefix list.
" + }, + "PrefixListArn":{ + "shape":"PrefixListArn", + "documentation":"The ARN of the prefix list that was associated with the core network.
" + }, + "PrefixListAlias":{ + "shape":"ConstrainedString", + "documentation":"The alias of the prefix list association, if provided.
" + } + } + }, "CreateCoreNetworkRequest":{ "type":"structure", "required":["GlobalNetworkId"], @@ -3162,6 +3443,10 @@ "shape":"DirectConnectGatewayArn", "documentation":"The ARN of the Direct Connect gateway attachment.
" }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label to apply to the Direct Connect Gateway attachment for traffic routing decisions.
" + }, "EdgeLocations":{ "shape":"ExternalRegionCodeList", "documentation":"One or more core network edge locations that the Direct Connect gateway attachment is associated with.
" @@ -3305,6 +3590,10 @@ "shape":"VpnConnectionArn", "documentation":"The ARN identifying the VPN attachment.
" }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label to apply to the Site-to-Site VPN attachment for traffic routing decisions.
" + }, "Tags":{ "shape":"TagList", "documentation":"The tags associated with the request.
" @@ -3375,6 +3664,10 @@ "shape":"TransitGatewayRouteTableArn", "documentation":"The ARN of the transit gateway route table for the attachment request. For example, \"TransitGatewayRouteTableArn\": \"arn:aws:ec2:us-west-2:123456789012:transit-gateway-route-table/tgw-rtb-9876543210123456\".
The routing policy label to apply to the Transit Gateway route table attachment for traffic routing decisions.
" + }, "Tags":{ "shape":"TagList", "documentation":"The list of key-value tags associated with the request.
" @@ -3419,6 +3712,10 @@ "shape":"VpcOptions", "documentation":"Options for the VPC attachment.
" }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label to apply to the VPC attachment for traffic routing decisions.
" + }, "Tags":{ "shape":"TagList", "documentation":"The key-value tags associated with the request.
" @@ -3591,6 +3888,40 @@ } } }, + "DeleteCoreNetworkPrefixListAssociationRequest":{ + "type":"structure", + "required":[ + "CoreNetworkId", + "PrefixListArn" + ], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network from which to delete the prefix list association.
", + "location":"uri", + "locationName":"coreNetworkId" + }, + "PrefixListArn":{ + "shape":"PrefixListArn", + "documentation":"The ARN of the prefix list to disassociate from the core network.
", + "location":"uri", + "locationName":"prefixListArn" + } + } + }, + "DeleteCoreNetworkPrefixListAssociationResponse":{ + "type":"structure", + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network from which the prefix list association was deleted.
" + }, + "PrefixListArn":{ + "shape":"PrefixListArn", + "documentation":"The ARN of the prefix list that was disassociated from the core network.
" + } + } + }, "DeleteCoreNetworkRequest":{ "type":"structure", "required":["CoreNetworkId"], @@ -5447,6 +5778,49 @@ "UPDATING" ] }, + "ListAttachmentRoutingPolicyAssociationsRequest":{ + "type":"structure", + "required":["CoreNetworkId"], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network to list attachment routing policy associations for.
", + "location":"uri", + "locationName":"coreNetworkId" + }, + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"The ID of a specific attachment to filter the routing policy associations.
", + "location":"querystring", + "locationName":"attachmentId" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return in a single page.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListAttachmentRoutingPolicyAssociationsResponse":{ + "type":"structure", + "members":{ + "AttachmentRoutingPolicyAssociations":{ + "shape":"AttachmentRoutingPolicyAssociationsList", + "documentation":"The list of attachment routing policy associations.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + } + } + }, "ListAttachmentsRequest":{ "type":"structure", "members":{ @@ -5580,6 +5954,118 @@ } } }, + "ListCoreNetworkPrefixListAssociationsRequest":{ + "type":"structure", + "required":["CoreNetworkId"], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network to list prefix list associations for.
", + "location":"uri", + "locationName":"coreNetworkId" + }, + "PrefixListArn":{ + "shape":"PrefixListArn", + "documentation":"The ARN of a specific prefix list to filter the associations.
", + "location":"querystring", + "locationName":"prefixListArn" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of results to return in a single page.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListCoreNetworkPrefixListAssociationsResponse":{ + "type":"structure", + "members":{ + "PrefixListAssociations":{ + "shape":"PrefixListAssociationList", + "documentation":"The list of prefix list associations for the core network.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + } + } + }, + "ListCoreNetworkRoutingInformationRequest":{ + "type":"structure", + "required":[ + "CoreNetworkId", + "SegmentName", + "EdgeLocation" + ], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network to retrieve routing information for.
", + "location":"uri", + "locationName":"coreNetworkId" + }, + "SegmentName":{ + "shape":"ConstrainedString", + "documentation":"The name of the segment to filter routing information by.
" + }, + "EdgeLocation":{ + "shape":"ExternalRegionCode", + "documentation":"The edge location to filter routing information by.
" + }, + "NextHopFilters":{ + "shape":"FilterMap", + "documentation":"Filters to apply based on next hop information.
" + }, + "LocalPreferenceMatches":{ + "shape":"ConstrainedStringList", + "documentation":"Local preference values to match when filtering routing information.
" + }, + "ExactAsPathMatches":{ + "shape":"ConstrainedStringList", + "documentation":"Exact AS path values to match when filtering routing information.
" + }, + "MedMatches":{ + "shape":"ConstrainedStringList", + "documentation":"Multi-Exit Discriminator (MED) values to match when filtering routing information.
" + }, + "CommunityMatches":{ + "shape":"ConstrainedStringList", + "documentation":"BGP community values to match when filtering routing information.
" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of routing information entries to return in a single page.
", + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListCoreNetworkRoutingInformationResponse":{ + "type":"structure", + "members":{ + "CoreNetworkRoutingInformation":{ + "shape":"CoreNetworkRoutingInformationList", + "documentation":"The list of routing information for the core network.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next page of results.
" + } + } + }, "ListCoreNetworksRequest":{ "type":"structure", "members":{ @@ -6166,6 +6652,34 @@ }, "documentation":"Describes additional information about missing permissions.
" }, + "PrefixListArn":{ + "type":"string", + "max":500, + "min":0, + "pattern":"[\\s\\S]*" + }, + "PrefixListAssociation":{ + "type":"structure", + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The core network id in the association.
" + }, + "PrefixListArn":{ + "shape":"PrefixListArn", + "documentation":"The ARN of the prefix list in the association.
" + }, + "PrefixListAlias":{ + "shape":"ConstrainedString", + "documentation":"The alias of the prefix list in the association.
" + } + }, + "documentation":"Information about a prefix list association with a core network.
" + }, + "PrefixListAssociationList":{ + "type":"list", + "member":{"shape":"PrefixListAssociation"} + }, "ProposedNetworkFunctionGroupChange":{ "type":"structure", "members":{ @@ -6202,6 +6716,50 @@ }, "documentation":"Describes a proposed segment change. In some cases, the segment change must first be evaluated and accepted.
" }, + "PutAttachmentRoutingPolicyLabelRequest":{ + "type":"structure", + "required":[ + "CoreNetworkId", + "AttachmentId", + "RoutingPolicyLabel" + ], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network containing the attachment.
" + }, + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"The ID of the attachment to apply the routing policy label to.
" + }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label to apply to the attachment.
" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "PutAttachmentRoutingPolicyLabelResponse":{ + "type":"structure", + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network containing the attachment.
" + }, + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"The ID of the attachment that received the routing policy label.
" + }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label that was applied to the attachment.
" + } + } + }, "PutCoreNetworkPolicyRequest":{ "type":"structure", "required":[ @@ -6352,6 +6910,44 @@ "type":"list", "member":{"shape":"Relationship"} }, + "RemoveAttachmentRoutingPolicyLabelRequest":{ + "type":"structure", + "required":[ + "CoreNetworkId", + "AttachmentId" + ], + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network containing the attachment.
", + "location":"uri", + "locationName":"coreNetworkId" + }, + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"The ID of the attachment to remove the routing policy label from.
", + "location":"uri", + "locationName":"attachmentId" + } + } + }, + "RemoveAttachmentRoutingPolicyLabelResponse":{ + "type":"structure", + "members":{ + "CoreNetworkId":{ + "shape":"CoreNetworkId", + "documentation":"The ID of the core network containing the attachment.
" + }, + "AttachmentId":{ + "shape":"AttachmentId", + "documentation":"The ID of the attachment from which the routing policy label was removed.
" + }, + "RoutingPolicyLabel":{ + "shape":"ConstrainedString", + "documentation":"The routing policy label that was removed from the attachment.
" + } + } + }, "ResourceArn":{ "type":"string", "max":1500, @@ -6614,6 +7210,62 @@ "type":"list", "member":{"shape":"RouteType"} }, + "RoutingInformationNextHop":{ + "type":"structure", + "members":{ + "IpAddress":{ + "shape":"IPAddress", + "documentation":"The IP address of the next hop.
" + }, + "CoreNetworkAttachmentId":{ + "shape":"ConstrainedString", + "documentation":"The ID of the core network attachment for the next hop.
" + }, + "ResourceId":{ + "shape":"ConstrainedString", + "documentation":"The ID of the resource for the next hop.
" + }, + "ResourceType":{ + "shape":"ConstrainedString", + "documentation":"The type of resource for the next hop.
" + }, + "SegmentName":{ + "shape":"ConstrainedString", + "documentation":"The name of the segment for the next hop.
" + }, + "EdgeLocation":{ + "shape":"ExternalRegionCode", + "documentation":"The edge location for the next hop.
" + } + }, + "documentation":"Information about the next hop for a route in the core network.
" + }, + "RoutingPolicyAssociationDetail":{ + "type":"structure", + "members":{ + "RoutingPolicyNames":{ + "shape":"ConstrainedStringList", + "documentation":"The names of the routing policies in the association.
" + }, + "SharedSegments":{ + "shape":"ConstrainedStringList", + "documentation":"The names of the segments that are shared with each other in the association.
", + "box":true + } + }, + "documentation":"Information about a routing policy association.
" + }, + "RoutingPolicyAssociationDetailsList":{ + "type":"list", + "member":{"shape":"RoutingPolicyAssociationDetail"} + }, + "RoutingPolicyDirection":{ + "type":"string", + "enum":[ + "inbound", + "outbound" + ] + }, "SLRDeploymentStatus":{ "type":"string", "max":50, diff --git a/awscli/botocore/data/odb/2024-08-20/service-2.json b/awscli/botocore/data/odb/2024-08-20/service-2.json index 32e0a15da8f1..407cc70384c4 100644 --- a/awscli/botocore/data/odb/2024-08-20/service-2.json +++ b/awscli/botocore/data/odb/2024-08-20/service-2.json @@ -33,6 +33,24 @@ "documentation":"Registers the Amazon Web Services Marketplace token for your Amazon Web Services account to activate your Oracle Database@Amazon Web Services subscription.
", "idempotent":true }, + "AssociateIamRoleToResource":{ + "name":"AssociateIamRoleToResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateIamRoleToResourceInput"}, + "output":{"shape":"AssociateIamRoleToResourceOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Associates an Amazon Web Services Identity and Access Management (IAM) service role with a specified resource to enable Amazon Web Services service integration.
" + }, "CreateCloudAutonomousVmCluster":{ "name":"CreateCloudAutonomousVmCluster", "http":{ @@ -221,6 +239,24 @@ "documentation":"Deletes an ODB peering connection.
When you delete an ODB peering connection, the underlying VPC peering connection is also deleted.
", "idempotent":true }, + "DisassociateIamRoleFromResource":{ + "name":"DisassociateIamRoleFromResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateIamRoleFromResourceInput"}, + "output":{"shape":"DisassociateIamRoleFromResourceOutput"}, + "errors":[ + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Disassociates an Amazon Web Services Identity and Access Management (IAM) service role from a specified resource to disable Amazon Web Services service integration.
" + }, "GetCloudAutonomousVmCluster":{ "name":"GetCloudAutonomousVmCluster", "http":{ @@ -773,6 +809,38 @@ "documentation":"You don't have sufficient access to perform this action. Make sure you have the required permissions and try again.
", "exception":true }, + "AssociateIamRoleToResourceInput":{ + "type":"structure", + "required":[ + "iamRoleArn", + "awsIntegration", + "resourceArn" + ], + "members":{ + "iamRoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM service role to associate with the resource.
" + }, + "awsIntegration":{ + "shape":"SupportedAwsIntegration", + "documentation":"The Amazon Web Services integration configuration settings for the IAM service role association.
" + }, + "resourceArn":{ + "shape":"AssociateIamRoleToResourceInputResourceArnString", + "documentation":"The Amazon Resource Name (ARN) of the target resource to associate with the IAM service role.
" + } + } + }, + "AssociateIamRoleToResourceInputResourceArnString":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:(?:aws|aws-cn|aws-us-gov|aws-iso-[a-z]?|aws-iso):odb:[a-z0-9-]+:\\d{12}:cloud-vm-cluster/[a-z0-9-_]+" + }, + "AssociateIamRoleToResourceOutput":{ + "type":"structure", + "members":{} + }, "AutonomousVirtualMachineList":{ "type":"list", "member":{"shape":"AutonomousVirtualMachineSummary"} @@ -1786,6 +1854,10 @@ "computeModel":{ "shape":"ComputeModel", "documentation":"The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.
" + }, + "iamRoles":{ + "shape":"IamRoleList", + "documentation":"The Amazon Web Services Identity and Access Management (IAM) service roles associated with the VM cluster.
" } }, "documentation":"Information about a VM cluster.
" @@ -1951,6 +2023,10 @@ "computeModel":{ "shape":"ComputeModel", "documentation":"The OCI model compute model used when you create or clone an instance: ECPU or OCPU. An ECPU is an abstracted measure of compute resources. ECPUs are based on the number of cores elastically allocated from a pool of compute and storage servers. An OCPU is a legacy physical measure of compute resources. OCPUs are based on the physical core of a processor with hyper-threading enabled.
" + }, + "iamRoles":{ + "shape":"IamRoleList", + "documentation":"The Amazon Web Services Identity and Access Management (IAM) service roles associated with the VM cluster in the summary information.
" } }, "documentation":"Information about a VM cluster.
" @@ -2466,10 +2542,30 @@ "shape":"Access", "documentation":"Specifies the configuration for Zero-ETL access from the ODB network.
" }, + "stsAccess":{ + "shape":"Access", + "documentation":"The Amazon Web Services Security Token Service (STS) access configuration for the ODB network.
" + }, + "kmsAccess":{ + "shape":"Access", + "documentation":"The Amazon Web Services Key Management Service (KMS) access configuration for the ODB network.
" + }, "s3PolicyDocument":{ "shape":"PolicyDocument", "documentation":"Specifies the endpoint policy for Amazon S3 access from the ODB network.
" }, + "stsPolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"The STS policy document that defines permissions for token service usage within the ODB network.
" + }, + "kmsPolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"The KMS policy document that defines permissions for key usage within the ODB network.
" + }, + "crossRegionS3RestoreSourcesToEnable":{ + "shape":"StringList", + "documentation":"The cross-Region Amazon S3 restore sources to enable for the ODB network.
" + }, "tags":{ "shape":"RequestTagMap", "documentation":"The list of resource tags to apply to the ODB network.
" @@ -2597,6 +2693,28 @@ } } }, + "CrossRegionS3RestoreSourcesAccess":{ + "type":"structure", + "members":{ + "region":{ + "shape":"String", + "documentation":"The Amazon Web Services Region for cross-Region S3 restore access.
" + }, + "ipv4Addresses":{ + "shape":"StringList", + "documentation":"The IPv4 addresses allowed for cross-Region S3 restore access.
" + }, + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The current status of the cross-Region S3 restore access configuration.
" + } + }, + "documentation":"The configuration access for the cross-Region Amazon S3 database restore source for the ODB network.
" + }, + "CrossRegionS3RestoreSourcesAccessList":{ + "type":"list", + "member":{"shape":"CrossRegionS3RestoreSourcesAccess"} + }, "CustomerContact":{ "type":"structure", "members":{ @@ -3320,6 +3438,38 @@ "type":"structure", "members":{} }, + "DisassociateIamRoleFromResourceInput":{ + "type":"structure", + "required":[ + "iamRoleArn", + "awsIntegration", + "resourceArn" + ], + "members":{ + "iamRoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM service role to disassociate from the resource.
" + }, + "awsIntegration":{ + "shape":"SupportedAwsIntegration", + "documentation":"The Amazon Web Services integration configuration settings for the IAM service role disassociation.
" + }, + "resourceArn":{ + "shape":"DisassociateIamRoleFromResourceInputResourceArnString", + "documentation":"The Amazon Resource Name (ARN) of the target resource to disassociate from the IAM service role.
" + } + } + }, + "DisassociateIamRoleFromResourceInputResourceArnString":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:(?:aws|aws-cn|aws-us-gov|aws-iso-[a-z]?|aws-iso):odb:[a-z0-9-]+:\\d{12}:cloud-vm-cluster/[a-z0-9-_]+" + }, + "DisassociateIamRoleFromResourceOutput":{ + "type":"structure", + "members":{} + }, "DiskRedundancy":{ "type":"string", "enum":[ @@ -3501,6 +3651,10 @@ "newTenancyActivationLink":{ "shape":"String", "documentation":"A new OCI tenancy activation link for your Amazon Web Services account.
" + }, + "ociIdentityDomain":{ + "shape":"OciIdentityDomain", + "documentation":"The Oracle Cloud Infrastructure (OCI) identity domain information in the onboarding status response.
" } } }, @@ -3557,9 +3711,52 @@ "type":"list", "member":{"shape":"Integer"} }, + "IamRole":{ + "type":"structure", + "members":{ + "iamRoleArn":{ + "shape":"RoleArn", + "documentation":"The Amazon Resource Name (ARN) of the IAM service role.
" + }, + "status":{ + "shape":"IamRoleStatus", + "documentation":"The current status of the IAM service role.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Additional information about the current status of the IAM service role, if applicable.
" + }, + "awsIntegration":{ + "shape":"SupportedAwsIntegration", + "documentation":"The Amazon Web Services integration configuration settings for the IAM service role.
" + } + }, + "documentation":"Information about an Amazon Web Services Identity and Access Management (IAM) service role associated with a resource.
" + }, + "IamRoleList":{ + "type":"list", + "member":{"shape":"IamRole"} + }, + "IamRoleStatus":{ + "type":"string", + "enum":[ + "ASSOCIATING", + "DISASSOCIATING", + "FAILED", + "CONNECTED", + "DISCONNECTED", + "PARTIALLY_CONNECTED", + "UNKNOWN" + ] + }, "InitializeServiceInput":{ "type":"structure", - "members":{} + "members":{ + "ociIdentityDomain":{ + "shape":"Boolean", + "documentation":"The Oracle Cloud Infrastructure (OCI) identity domain configuration for service initialization.
" + } + } }, "InitializeServiceOutput":{ "type":"structure", @@ -3594,6 +3791,28 @@ "UPDATING" ] }, + "KmsAccess":{ + "type":"structure", + "members":{ + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The current status of the KMS access configuration.
" + }, + "ipv4Addresses":{ + "shape":"StringList", + "documentation":"The IPv4 addresses allowed for KMS access.
" + }, + "domainName":{ + "shape":"String", + "documentation":"The domain name for KMS access configuration.
" + }, + "kmsPolicyDocument":{ + "shape":"String", + "documentation":"The KMS policy document that defines permissions for key usage.
" + } + }, + "documentation":"Configuration for Amazon Web Services Key Management Service (KMS) access from the ODB network.
" + }, "LicenseModel":{ "type":"string", "enum":[ @@ -4225,6 +4444,18 @@ "s3Access":{ "shape":"S3Access", "documentation":"The Amazon S3 access configuration.
" + }, + "stsAccess":{ + "shape":"StsAccess", + "documentation":"The Amazon Web Services Security Token Service (STS) access configuration for managed services.
" + }, + "kmsAccess":{ + "shape":"KmsAccess", + "documentation":"The Amazon Web Services Key Management Service (KMS) access configuration for managed services.
" + }, + "crossRegionS3RestoreSourcesAccess":{ + "shape":"CrossRegionS3RestoreSourcesAccessList", + "documentation":"The access configuration for the cross-Region Amazon S3 database restore source.
" } }, "documentation":"The managed services configuration for the ODB network.
" @@ -4293,6 +4524,36 @@ "type":"list", "member":{"shape":"OciDnsForwardingConfig"} }, + "OciIdentityDomain":{ + "type":"structure", + "members":{ + "ociIdentityDomainId":{ + "shape":"String", + "documentation":"The unique identifier of the OCI identity domain.
" + }, + "ociIdentityDomainResourceUrl":{ + "shape":"String", + "documentation":"The resource URL for accessing the OCI identity domain.
" + }, + "ociIdentityDomainUrl":{ + "shape":"String", + "documentation":"The URL of the OCI identity domain.
" + }, + "status":{ + "shape":"ResourceStatus", + "documentation":"The current status of the OCI identity domain.
" + }, + "statusReason":{ + "shape":"String", + "documentation":"Additional information about the current status of the OCI identity domain, if applicable.
" + }, + "accountSetupCloudFormationUrl":{ + "shape":"String", + "documentation":"The Amazon Web Services CloudFormation URL for setting up the account integration with the OCI identity domain.
" + } + }, + "documentation":"Information about an Oracle Cloud Infrastructure (OCI) identity domain configuration.
" + }, "OciOnboardingStatus":{ "type":"string", "documentation":"", @@ -4818,6 +5079,12 @@ "max":200, "min":0 }, + "RoleArn":{ + "type":"string", + "max":2048, + "min":20, + "pattern":"arn:(?:aws|aws-cn|aws-us-gov|aws-iso-{0,1}[a-z]{0,1}):iam::[0-9]{12}:role/.+" + }, "S3Access":{ "type":"structure", "members":{ @@ -4974,6 +5241,32 @@ "max":1024, "min":1 }, + "StsAccess":{ + "type":"structure", + "members":{ + "status":{ + "shape":"ManagedResourceStatus", + "documentation":"The current status of the STS access configuration.
" + }, + "ipv4Addresses":{ + "shape":"StringList", + "documentation":"The IPv4 addresses allowed for STS access.
" + }, + "domainName":{ + "shape":"String", + "documentation":"The domain name for STS access configuration.
" + }, + "stsPolicyDocument":{ + "shape":"String", + "documentation":"The STS policy document that defines permissions for token service usage.
" + } + }, + "documentation":"Configuration for Amazon Web Services Security Token Service (STS) access from the ODB network.
" + }, + "SupportedAwsIntegration":{ + "type":"string", + "enum":["KmsTde"] + }, "SyntheticTimestamp_date_time":{ "type":"timestamp", "timestampFormat":"iso8601" @@ -5132,9 +5425,33 @@ "shape":"Access", "documentation":"Specifies the updated configuration for Zero-ETL access from the ODB network.
" }, + "stsAccess":{ + "shape":"Access", + "documentation":"The Amazon Web Services Security Token Service (STS) access configuration for the ODB network.
" + }, + "kmsAccess":{ + "shape":"Access", + "documentation":"The Amazon Web Services Key Management Service (KMS) access configuration for the ODB network.
" + }, "s3PolicyDocument":{ "shape":"PolicyDocument", "documentation":"Specifies the updated endpoint policy for Amazon S3 access from the ODB network.
" + }, + "stsPolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"The STS policy document that defines permissions for token service usage within the ODB network.
" + }, + "kmsPolicyDocument":{ + "shape":"PolicyDocument", + "documentation":"The KMS policy document that defines permissions for key usage within the ODB network.
" + }, + "crossRegionS3RestoreSourcesToEnable":{ + "shape":"StringList", + "documentation":"The cross-Region Amazon S3 restore sources to enable for the ODB network.
" + }, + "crossRegionS3RestoreSourcesToDisable":{ + "shape":"StringList", + "documentation":"The cross-Region Amazon S3 restore sources to disable for the ODB network.
" } } }, diff --git a/awscli/botocore/data/opensearch/2021-01-01/service-2.json b/awscli/botocore/data/opensearch/2021-01-01/service-2.json index af04e8335c67..848951ccc448 100644 --- a/awscli/botocore/data/opensearch/2021-01-01/service-2.json +++ b/awscli/botocore/data/opensearch/2021-01-01/service-2.json @@ -204,6 +204,26 @@ ], "documentation":"Creates an Amazon OpenSearch Service domain. For more information, see Creating and managing Amazon OpenSearch Service domains.
" }, + "CreateIndex":{ + "name":"CreateIndex", + "http":{ + "method":"POST", + "requestUri":"/2021-01-01/opensearch/domain/{DomainName}/index" + }, + "input":{"shape":"CreateIndexRequest"}, + "output":{"shape":"CreateIndexResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"InternalException"}, + {"shape":"DisabledOperationException"}, + {"shape":"DependencyFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates an OpenSearch index with optional automatic semantic enrichment for specified text fields. Automatic semantic enrichment enables semantic search capabilities without requiring machine learning expertise, improving search relevance by up to 20% by understanding search intent and contextual meaning beyond keyword matching. The semantic enrichment process has zero impact on search latency as sparse encodings are stored directly within the index during indexing. For more information, see Automatic semantic enrichment.
" + }, "CreateOutboundConnection":{ "name":"CreateOutboundConnection", "http":{ @@ -341,6 +361,25 @@ ], "documentation":"Allows the destination Amazon OpenSearch Service domain owner to delete an existing inbound cross-cluster search connection. For more information, see Cross-cluster search for Amazon OpenSearch Service.
" }, + "DeleteIndex":{ + "name":"DeleteIndex", + "http":{ + "method":"DELETE", + "requestUri":"/2021-01-01/opensearch/domain/{DomainName}/index/{IndexName}" + }, + "input":{"shape":"DeleteIndexRequest"}, + "output":{"shape":"DeleteIndexResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalException"}, + {"shape":"DisabledOperationException"}, + {"shape":"DependencyFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Deletes an OpenSearch index. This operation permanently removes the index and cannot be undone.
" + }, "DeleteOutboundConnection":{ "name":"DeleteOutboundConnection", "http":{ @@ -665,7 +704,7 @@ {"shape":"ConflictException"}, {"shape":"DisabledOperationException"} ], - "documentation":"Dissociates multiple packages from a domain simulatneously.
" + "documentation":"Dissociates multiple packages from a domain simultaneously.
" }, "GetApplication":{ "name":"GetApplication", @@ -772,6 +811,25 @@ ], "documentation":"The status of the maintenance action.
" }, + "GetIndex":{ + "name":"GetIndex", + "http":{ + "method":"GET", + "requestUri":"/2021-01-01/opensearch/domain/{DomainName}/index/{IndexName}" + }, + "input":{"shape":"GetIndexRequest"}, + "output":{"shape":"GetIndexResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalException"}, + {"shape":"DisabledOperationException"}, + {"shape":"DependencyFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Retrieves information about an OpenSearch index including its schema and semantic enrichment configuration. Use this operation to view the current index structure and semantic search settings.
" + }, "GetPackageVersionHistory":{ "name":"GetPackageVersionHistory", "http":{ @@ -1240,6 +1298,25 @@ ], "documentation":"Modifies the cluster configuration of the specified Amazon OpenSearch Service domain.
" }, + "UpdateIndex":{ + "name":"UpdateIndex", + "http":{ + "method":"PUT", + "requestUri":"/2021-01-01/opensearch/domain/{DomainName}/index/{IndexName}" + }, + "input":{"shape":"UpdateIndexRequest"}, + "output":{"shape":"UpdateIndexResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalException"}, + {"shape":"DisabledOperationException"}, + {"shape":"DependencyFailureException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Updates an existing OpenSearch index schema and semantic enrichment configuration. This operation allows modification of field mappings and semantic search settings for text fields. Changes to semantic enrichment configuration will apply to newly ingested documents.
" + }, "UpdatePackage":{ "name":"UpdatePackage", "http":{ @@ -1713,7 +1790,7 @@ "documentation":"The value assigned to the configuration key, such as an IAM user ARN.
" } }, - "documentation":"Configuration settings for an OpenSearch application. For more information, see see Using the OpenSearch user interface in Amazon OpenSearch Service.
" + "documentation":"Configuration settings for an OpenSearch application. For more information, see Using the OpenSearch user interface in Amazon OpenSearch Service.
" }, "AppConfigType":{ "type":"string", @@ -2722,6 +2799,39 @@ }, "documentation":"The result of a CreateDomain operation. Contains the status of the newly created domain.
The name of the index to create. Must be between 1 and 255 characters and follow OpenSearch naming conventions.
" + }, + "IndexSchema":{ + "shape":"IndexSchema", + "documentation":"The JSON schema defining index mappings, settings, and semantic enrichment configuration. The schema specifies which text fields should be automatically enriched for semantic search capabilities and includes OpenSearch index configuration parameters.
" + } + } + }, + "CreateIndexResponse":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"IndexStatus", + "documentation":"The status of the index creation operation.
" + } + } + }, "CreateOutboundConnectionRequest":{ "type":"structure", "required":[ @@ -3058,6 +3168,36 @@ }, "documentation":"The results of a DeleteInboundConnection operation. Contains details about the deleted inbound connection.
The name of the index to delete.
", + "location":"uri", + "locationName":"IndexName" + } + } + }, + "DeleteIndexResponse":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"IndexStatus", + "documentation":"The status of the index deletion operation.
" + } + } + }, "DeleteOutboundConnectionRequest":{ "type":"structure", "required":["ConnectionId"], @@ -4218,7 +4358,7 @@ }, "ARN":{ "shape":"ARN", - "documentation":"The Amazon Resource Name (ARN) of the domain. For more information, see IAM identifiers in the AWS Identity and Access Management User Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the domain. For more information, see IAM identifiers in the Amazon Web Services Identity and Access Management User Guide.
" }, "Created":{ "shape":"Boolean", @@ -4800,6 +4940,36 @@ }, "documentation":"The result of a GetDomainMaintenanceStatus request that information about the requested action.
The name of the index to retrieve information about.
", + "location":"uri", + "locationName":"IndexName" + } + } + }, + "GetIndexResponse":{ + "type":"structure", + "required":["IndexSchema"], + "members":{ + "IndexSchema":{ + "shape":"IndexSchema", + "documentation":"The JSON schema of the index including mappings, settings, and semantic enrichment configuration.
" + } + } + }, "GetPackageVersionHistoryRequest":{ "type":"structure", "required":["PackageID"], @@ -5170,6 +5340,26 @@ "type":"list", "member":{"shape":"InboundConnection"} }, + "IndexName":{ + "type":"string", + "documentation":"Name of OpenSearch index to be created/updated/retrieved/deleted for customer's domain", + "max":255, + "min":1, + "pattern":"^(?!\\.\\.?$)[^_ ,:\"+/*\\\\|?#>The unit of a maintenance schedule duration. Valid value is HOUR.
The results of an UpdateDomain request. Contains the status of the domain being updated.
The name of the index to update.
", + "location":"uri", + "locationName":"IndexName" + }, + "IndexSchema":{ + "shape":"IndexSchema", + "documentation":"The updated JSON schema for the index including any changes to mappings, settings, and semantic enrichment configuration.
" + } + } + }, + "UpdateIndexResponse":{ + "type":"structure", + "required":["Status"], + "members":{ + "Status":{ + "shape":"IndexStatus", + "documentation":"The status of the index update operation.
" + } + } + }, "UpdatePackageRequest":{ "type":"structure", "required":[ diff --git a/awscli/botocore/data/organizations/2016-11-28/service-2.json b/awscli/botocore/data/organizations/2016-11-28/service-2.json index bb0a6a4f146b..1f339b81d423 100644 --- a/awscli/botocore/data/organizations/2016-11-28/service-2.json +++ b/awscli/botocore/data/organizations/2016-11-28/service-2.json @@ -34,9 +34,11 @@ {"shape":"ConcurrentModificationException"}, {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"}, - {"shape":"AccessDeniedForDependencyException"} + {"shape":"AccessDeniedForDependencyException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"MasterCannotLeaveOrganizationException"} ], - "documentation":"Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
You can only call this operation by the following principals when they also have the relevant IAM permissions:
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the organizations:AcceptHandshake permission. If you enabled all features in the organization, the user must also have the iam:CreateServiceLinkedRole permission so that Organizations can create the required service-linked role named AWSServiceRoleForOrganizations. For more information, see Organizations and service-linked roles in the Organizations User Guide.
Enable all features final confirmation handshake: only a principal from the management account.
For more information about invitations, see Inviting an Amazon Web Services account to join your organization in the Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling all features in your organization in the Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" + "documentation":"Accepts a handshake by sending an ACCEPTED response to the sender. You can view accepted handshakes in API responses for 30 days before they are deleted.
Only the management account can accept the following handshakes:
Enable all features final confirmation (APPROVE_ALL_FEATURES)
Billing transfer (TRANSFER_RESPONSIBILITY)
For more information, see Enabling all features and Responding to a billing transfer invitation in the Organizations User Guide.
Only a member account can accept the following handshakes:
Invitation to join (INVITE)
Approve all features request (ENABLE_ALL_FEATURES)
For more information, see Responding to invitations and Enabling all features in the Organizations User Guide.
" }, "AttachPolicy":{ "name":"AttachPolicy", @@ -60,7 +62,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Attaches a policy to a root, an organizational unit (OU), or an individual account. How the policy affects accounts depends on the type of policy. Refer to the Organizations User Guide for information about each policy type:
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "CancelHandshake":{ "name":"CancelHandshake", @@ -80,7 +82,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
This operation can be called only from the account that originated the handshake. The recipient of the handshake can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no longer respond to that handshake.
After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" + "documentation":"Cancels a Handshake.
Only the account that sent a handshake can call this operation. The recipient of the handshake can't cancel it, but can use DeclineHandshake to decline. After a handshake is canceled, the recipient can no longer respond to the handshake.
You can view canceled handshakes in API responses for 30 days before they are deleted.
" }, "CloseAccount":{ "name":"CloseAccount", @@ -123,7 +125,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that Amazon Web Services performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the Id value of the CreateAccountStatus response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the CloudTrail log for the CreateAccountResult event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, Organizations creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see Organizations and service-linked roles in the Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. Organizations clones the company name and address information for the new account from the organization's management account.
This operation can be called only from the organization's management account.
For more information about creating accounts, see Creating a member account in your organization in the Organizations User Guide.
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
It isn't recommended to use CreateAccount to create multiple temporary accounts, and using the CreateAccount API to close accounts is subject to a 30-day usage quota. For information on the requirements and process for closing an account, see Closing a member account in your organization in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting access to your billing information and tools.
Creates an Amazon Web Services account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that Amazon Web Services performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the Id value of the CreateAccountStatus response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the CloudTrail log for the CreateAccountResult event. For information on using CloudTrail with Organizations, see Logging and monitoring in Organizations in the Organizations User Guide.
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, Organizations creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see Organizations and service-linked roles in the Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the management account administrator permissions in the new member account. Principals in the management account can assume the role. Organizations clones the company name and address information for the new account from the organization's management account.
You can only call this operation from the management account.
For more information about creating accounts, see Creating a member account in your organization in the Organizations User Guide.
When you create an account in an organization using the Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact Amazon Web Services Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact Amazon Web Services Support.
It isn't recommended to use CreateAccount to create multiple temporary accounts, and using the CreateAccount API to close accounts is subject to a 30-day usage quota. For information on the requirements and process for closing an account, see Closing a member account in your organization in the Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting access to your billing information and tools.
Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see Managing organizational units (OUs) in the Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
This operation can be called only from the organization's management account.
" + "documentation":"Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see Managing organizational units (OUs) in the Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
You can only call this operation from the management account.
" }, "CreatePolicy":{ "name":"CreatePolicy", @@ -208,7 +210,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.
For more information about policies and their use, see Managing Organizations policies.
If the request includes tags, then the requester must have the organizations:TagResource permission.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual Amazon Web Services account.
For more information about policies and their use, see Managing Organizations policies.
If the request includes tags, then the requester must have the organizations:TagResource permission.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DeclineHandshake":{ "name":"DeclineHandshake", @@ -228,7 +230,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Declines a handshake request. This sets the handshake state to DECLINED and effectively deactivates the request.
This operation can be called only from the account that received the handshake. The originator of the handshake can use CancelHandshake instead. The originator can't reactivate a declined request, but can reinitiate the process with a new handshake request.
After you decline a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" + "documentation":"Declines a Handshake.
Only the account that receives a handshake can call this operation. The sender of the handshake can use CancelHandshake to cancel if the handshake hasn't yet been responded to.
You can view canceled handshakes in API responses for 30 days before they are deleted.
" }, "DeleteOrganization":{ "name":"DeleteOrganization", @@ -240,6 +242,7 @@ {"shape":"AccessDeniedException"}, {"shape":"AWSOrganizationsNotInUseException"}, {"shape":"ConcurrentModificationException"}, + {"shape":"ConstraintViolationException"}, {"shape":"InvalidInputException"}, {"shape":"OrganizationNotEmptyException"}, {"shape":"ServiceException"}, @@ -264,7 +267,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs from the OU that you want to delete.
This operation can be called only from the organization's management account.
" + "documentation":"Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs from the OU that you want to delete.
You can only call this operation from the management account.
" }, "DeletePolicy":{ "name":"DeletePolicy", @@ -284,7 +287,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DeleteResourcePolicy":{ "name":"DeleteResourcePolicy", @@ -302,7 +305,7 @@ {"shape":"AWSOrganizationsNotInUseException"}, {"shape":"ResourcePolicyNotFoundException"} ], - "documentation":"Deletes the resource policy from your organization.
This operation can be called only from the organization's management account.
" + "documentation":"Deletes the resource policy from your organization.
You can only call this operation from the management account.
" }, "DeregisterDelegatedAdministrator":{ "name":"DeregisterDelegatedAdministrator", @@ -323,7 +326,7 @@ {"shape":"ServiceException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service.
Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled Amazon Web Services service. See the documentation for the enabled service before you deregister a delegated administrator so that you understand any potential impacts.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
This operation can be called only from the organization's management account.
" + "documentation":"Removes the specified member Amazon Web Services account as a delegated administrator for the specified Amazon Web Services service.
Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled Amazon Web Services service. See the documentation for the enabled service before you deregister a delegated administrator so that you understand any potential impacts.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
You can only call this operation from the management account.
" }, "DescribeAccount":{ "name":"DescribeAccount", @@ -341,7 +344,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Retrieves Organizations-related information about the specified account.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Retrieves Organizations-related information about the specified account.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DescribeCreateAccountStatus":{ "name":"DescribeCreateAccountStatus", @@ -360,7 +363,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Retrieves the current status of an asynchronous request to create an account.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Retrieves the current status of an asynchronous request to create an account.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DescribeEffectivePolicy":{ "name":"DescribeEffectivePolicy", @@ -381,7 +384,7 @@ {"shape":"InvalidInputException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to management policies. It does not apply to authorization policies: service control policies (SCPs) and resource control policies (RCPs).
For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
This operation can be called from any account in the organization.
" + "documentation":"Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to management policies. It does not apply to authorization policies: service control policies (SCPs) and resource control policies (RCPs).
For more information about policy inheritance, see Understanding management policy inheritance in the Organizations User Guide.
You can call this operation from any account in a organization.
" }, "DescribeHandshake":{ "name":"DescribeHandshake", @@ -399,7 +402,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Retrieves information about a previously requested handshake. The handshake ID comes from the response to the original InviteAccountToOrganization operation that generated the handshake.
You can access handshakes that are ACCEPTED, DECLINED, or CANCELED for only 30 days after they change to that state. They're then deleted and no longer accessible.
This operation can be called from any account in the organization.
" + "documentation":"Returns details for a handshake. A handshake is the secure exchange of information between two Amazon Web Services accounts: a sender and a recipient.
You can view ACCEPTED, DECLINED, or CANCELED handshakes in API Responses for 30 days before they are deleted.
You can call this operation from any account in a organization.
" }, "DescribeOrganization":{ "name":"DescribeOrganization", @@ -415,7 +418,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Retrieves information about the organization that the user's account belongs to.
This operation can be called from any account in the organization.
Even if a policy type is shown as available in the organization, you can disable it separately at the root level with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
Retrieves information about the organization that the user's account belongs to.
You can call this operation from any account in a organization.
Even if a policy type is shown as available in the organization, you can disable it separately at the root level with DisablePolicyType. Use ListRoots to see the status of policy types for a specified root.
Retrieves information about an organizational unit (OU).
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Retrieves information about an organizational unit (OU).
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DescribePolicy":{ "name":"DescribePolicy", @@ -452,7 +455,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Retrieves information about a policy.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Retrieves information about a policy.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DescribeResourcePolicy":{ "name":"DescribeResourcePolicy", @@ -470,7 +473,26 @@ {"shape":"ResourcePolicyNotFoundException"}, {"shape":"ConstraintViolationException"} ], - "documentation":"Retrieves information about a resource policy.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Retrieves information about a resource policy.
You can only call this operation from the management account or a member account that is a delegated administrator.
" + }, + "DescribeResponsibilityTransfer":{ + "name":"DescribeResponsibilityTransfer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeResponsibilityTransferRequest"}, + "output":{"shape":"DescribeResponsibilityTransferResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ResponsibilityTransferNotFoundException"}, + {"shape":"InvalidInputException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"UnsupportedAPIEndpointException"} + ], + "documentation":"Returns details for a transfer. A transfer is an arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
" }, "DetachPolicy":{ "name":"DetachPolicy", @@ -493,7 +515,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Detaches a policy from a target root, organizational unit (OU), or account.
If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and Access Management (IAM) users and roles in affected accounts are immediate.
Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Detaches a policy from a target root, organizational unit (OU), or account.
If the policy being detached is a service control policy (SCP), the changes to permissions for Identity and Access Management (IAM) users and roles in affected accounts are immediate.
Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "DisableAWSServiceAccess":{ "name":"DisableAWSServiceAccess", @@ -512,7 +534,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Disables the integration of an Amazon Web Services service (the service that is specified by ServicePrincipal) with Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
We strongly recommend that you don't use this command to disable integration between Organizations and the specified Amazon Web Services service. Instead, use the console or commands that are provided by the specified service. This lets the trusted service perform any required initialization when enabling trusted access, such as creating any required resources and any required clean up of resources when disabling trusted access.
For information about how to disable trusted service access to your organization using the trusted service, see the Learn more link under the Supports Trusted Access column at Amazon Web Services services that you can use with Organizations. on this page.
If you disable access by using this command, it causes the following actions to occur:
The service can no longer create a service-linked role in the accounts in your organization. This means that the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
The service can no longer perform tasks in the member accounts in the organization, unless those operations are explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from the member accounts to the management account, or to a delegated administrator account, where relevant.
Some services detect this and clean up any remaining data or resources related to the integration, while other services stop accessing the organization but leave any historical data and configuration in place to support a possible re-enabling of the integration.
Using the other service's console or commands to disable the integration ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
After you perform the DisableAWSServiceAccess operation, the specified service can no longer perform operations in your organization's accounts
For more information about integrating other services with Organizations, including the list of services that work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account.
" + "documentation":"Disables the integration of an Amazon Web Services service (the service that is specified by ServicePrincipal) with Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
We strongly recommend that you don't use this command to disable integration between Organizations and the specified Amazon Web Services service. Instead, use the console or commands that are provided by the specified service. This lets the trusted service perform any required initialization when enabling trusted access, such as creating any required resources and any required clean up of resources when disabling trusted access.
For information about how to disable trusted service access to your organization using the trusted service, see the Learn more link under the Supports Trusted Access column at Amazon Web Services services that you can use with Organizations. on this page.
If you disable access by using this command, it causes the following actions to occur:
The service can no longer create a service-linked role in the accounts in your organization. This means that the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from Organizations.
The service can no longer perform tasks in the member accounts in the organization, unless those operations are explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from the member accounts to the management account, or to a delegated administrator account, where relevant.
Some services detect this and clean up any remaining data or resources related to the integration, while other services stop accessing the organization but leave any historical data and configuration in place to support a possible re-enabling of the integration.
Using the other service's console or commands to disable the integration ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
After you perform the DisableAWSServiceAccess operation, the specified service can no longer perform operations in your organization's accounts
For more information about integrating other services with Organizations, including the list of services that work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
You can only call this operation from the management account.
" }, "DisablePolicyType":{ "name":"DisablePolicyType", @@ -535,7 +557,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
To view the status of available policy types in the organization, use ListRoots.
" + "documentation":"Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
You can only call this operation from the management account or a member account that is a delegated administrator.
To view the status of available policy types in the organization, use ListRoots.
" }, "EnableAWSServiceAccess":{ "name":"EnableAWSServiceAccess", @@ -554,7 +576,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Provides an Amazon Web Services service (the service that is specified by ServicePrincipal) with permissions to view the structure of an organization, create a service-linked role in all the accounts in the organization, and allow the service to perform operations on behalf of the organization and its accounts. Establishing these permissions can be a first step in enabling the integration of an Amazon Web Services service with Organizations.
We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account.
" + "documentation":"Provides an Amazon Web Services service (the service that is specified by ServicePrincipal) with permissions to view the structure of an organization, create a service-linked role in all the accounts in the organization, and allow the service to perform operations on behalf of the organization and its accounts. Establishing these permissions can be a first step in enabling the integration of an Amazon Web Services service with Organizations.
We recommend that you enable integration between Organizations and the specified Amazon Web Services service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other Amazon Web Services service.
For more information about enabling services to integrate with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
You can only call this operation from the management account.
" }, "EnableAllFeatures":{ "name":"EnableAllFeatures", @@ -574,7 +596,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that Organizations supports. For more information, see Enabling all features in your organization in the Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains \"Action\": \"ENABLE_ALL_FEATURES\". This completes the change.
After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's management account.
" + "documentation":"Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that Organizations supports. For more information, see Enabling all features in your organization in the Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains \"Action\": \"ENABLE_ALL_FEATURES\". This completes the change.
After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
You can only call this operation from the management account.
" }, "EnablePolicyType":{ "name":"EnablePolicyType", @@ -598,7 +620,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use ListRoots.
" + "documentation":"Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that Amazon Web Services performs in the background. Amazon Web Services recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
You can only call this operation from the management account or a member account that is a delegated administrator.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use ListRoots.
" }, "InviteAccountToOrganization":{ "name":"InviteAccountToOrganization", @@ -621,7 +643,29 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.
If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact Amazon Web Services Support.
If the request includes tags, then the requester must have the organizations:TagResource permission.
This operation can be called only from the organization's management account.
" + "documentation":"Sends an invitation to another account to join your organization as a member account. Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.
If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact Amazon Web Services Support.
If the request includes tags, then the requester must have the organizations:TagResource permission.
You can only call this operation from the management account.
" + }, + "InviteOrganizationToTransferResponsibility":{ + "name":"InviteOrganizationToTransferResponsibility", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"InviteOrganizationToTransferResponsibilityRequest"}, + "output":{"shape":"InviteOrganizationToTransferResponsibilityResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"DuplicateHandshakeException"}, + {"shape":"HandshakeConstraintViolationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"UnsupportedAPIEndpointException"} + ], + "documentation":"Sends an invitation to another organization's management account to designate your account with the specified responsibilities for their organization. The invitation is implemented as a Handshake whose details are in the response.
You can only call this operation from the management account.
" }, "LeaveOrganization":{ "name":"LeaveOrganization", @@ -640,7 +684,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.
This operation can be called only from a member account in the organization.
The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
Choose a support plan
Provide and verify the required contact information
Provide a current payment method
Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
A newly created account has a waiting period before it can be removed from its organization. You must wait until at least four days after the account was created. Invited accounts aren't subject to this waiting period.
If you are using an organization principal to call LeaveOrganization across multiple accounts, you can only do this up to 5 accounts per second in a single organization.
Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.
You can only call from operation from a member account.
The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
Choose a support plan
Provide and verify the required contact information
Provide a current payment method
Amazon Web Services uses the payment method to charge for any billable (not free tier) Amazon Web Services activity that occurs while the account isn't attached to an organization. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
A newly created account has a waiting period before it can be removed from its organization. You must wait until at least four days after the account was created. Invited accounts aren't subject to this waiting period.
If you are using an organization principal to call LeaveOrganization across multiple accounts, you can only do this up to 5 accounts per second in a single organization.
Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Returns a list of the Amazon Web Services services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.
For more information about integrating other services with Organizations, including the list of services that currently work with Organizations, see Using Organizations with other Amazon Web Services services in the Organizations User Guide.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListAccounts":{ "name":"ListAccounts", @@ -676,7 +720,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListAccountsForParent":{ "name":"ListAccountsForParent", @@ -694,7 +738,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListAccountsWithInvalidEffectivePolicy":{ "name":"ListAccountsWithInvalidEffectivePolicy", @@ -714,7 +758,7 @@ {"shape":"InvalidInputException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Lists all the accounts in an organization that have invalid effective policies. An invalid effective policy is an effective policy that fails validation checks, resulting in the effective policy not being fully enforced on all the intended accounts within an organization.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists all the accounts in an organization that have invalid effective policies. An invalid effective policy is an effective policy that fails validation checks, resulting in the effective policy not being fully enforced on all the intended accounts within an organization.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListChildren":{ "name":"ListChildren", @@ -732,7 +776,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists all of the organizational units (OUs) or accounts that are contained in the specified parent OU or root. This operation, along with ListParents enables you to traverse the tree structure that makes up this root.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListCreateAccountStatus":{ "name":"ListCreateAccountStatus", @@ -750,7 +794,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Lists the account creation requests that match the specified status that is currently being tracked for the organization.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists the account creation requests that match the specified status that is currently being tracked for the organization.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListDelegatedAdministrators":{ "name":"ListDelegatedAdministrators", @@ -769,7 +813,7 @@ {"shape":"ServiceException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists the Amazon Web Services accounts that are designated as delegated administrators in this organization.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListDelegatedServicesForAccount":{ "name":"ListDelegatedServicesForAccount", @@ -790,7 +834,7 @@ {"shape":"ServiceException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"List the Amazon Web Services services for which the specified account is a delegated administrator.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"List the Amazon Web Services services for which the specified account is a delegated administrator.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListEffectivePolicyValidationErrors":{ "name":"ListEffectivePolicyValidationErrors", @@ -811,7 +855,7 @@ {"shape":"InvalidInputException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Lists all the validation errors on an effective policy for a specified account and policy type.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists all the validation errors on an effective policy for a specified account and policy type.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListHandshakesForAccount":{ "name":"ListHandshakesForAccount", @@ -828,7 +872,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Lists the current handshakes that are associated with the account of the requesting user.
Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called from any account in the organization.
" + "documentation":"Lists the recent handshakes that you have received.
You can view CANCELED, ACCEPTED, DECLINED, or EXPIRED handshakes in API responses for 30 days before they are deleted.
You can call this operation from any account in a organization.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
Lists the handshakes that are associated with the organization that the requesting user is part of. The ListHandshakesForOrganization operation returns a list of handshake structures. Each structure contains details and status about a handshake.
Handshakes that are ACCEPTED, DECLINED, CANCELED, or EXPIRED appear in the results of this API for only 30 days after changing to that state. After that, they're deleted and no longer accessible.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists the recent handshakes that you have sent.
You can view CANCELED, ACCEPTED, DECLINED, or EXPIRED handshakes in API responses for 30 days before they are deleted.
You can only call this operation from the management account or a member account that is a delegated administrator.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
Lists transfers that allow you to manage the specified responsibilities for another organization. This operation returns both transfer invitations and transfers.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
Lists the organizational units (OUs) in a parent organizational unit or root.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists the organizational units (OUs) in a parent organizational unit or root.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" + }, + "ListOutboundResponsibilityTransfers":{ + "name":"ListOutboundResponsibilityTransfers", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListOutboundResponsibilityTransfersRequest"}, + "output":{"shape":"ListOutboundResponsibilityTransfersResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"UnsupportedAPIEndpointException"} + ], + "documentation":"Lists transfers that allow an account outside your organization to manage the specified responsibilities for your organization. This operation returns both transfer invitations and transfers.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
In the current release, a child can have only a single parent.
Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
In the current release, a child can have only a single parent.
Retrieves the list of all policies in an organization of a specified type.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Retrieves the list of all policies in an organization of a specified type.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListPoliciesForTarget":{ "name":"ListPoliciesForTarget", @@ -919,7 +1002,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListRoots":{ "name":"ListRoots", @@ -936,7 +1019,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Lists the roots that are defined in the current organization.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.
Lists the roots that are defined in the current organization.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
Policy types can be enabled and disabled in roots. This is distinct from whether they're available in the organization. When you enable all features, you make policy types available for use in that organization. Individual policy types can then be enabled and disabled in a root. To see the availability of a policy type in an organization, use DescribeOrganization.
Lists tags that are attached to the specified resource.
You can attach tags to the following resources in Organizations.
Amazon Web Services account
Organization root
Organizational unit (OU)
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists tags that are attached to the specified resource.
You can attach tags to the following resources in Organizations.
Amazon Web Services account
Organization root
Organizational unit (OU)
Policy (any type)
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "ListTargetsForPolicy":{ "name":"ListTargetsForPolicy", @@ -973,7 +1056,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.
When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "MoveAccount":{ "name":"MoveAccount", @@ -994,7 +1077,7 @@ {"shape":"AWSOrganizationsNotInUseException"}, {"shape":"ServiceException"} ], - "documentation":"Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.
This operation can be called only from the organization's management account.
" + "documentation":"Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.
You can only call this operation from the management account.
" }, "PutResourcePolicy":{ "name":"PutResourcePolicy", @@ -1014,7 +1097,7 @@ {"shape":"ConstraintViolationException"}, {"shape":"AWSOrganizationsNotInUseException"} ], - "documentation":"Creates or updates a resource policy.
This operation can be called only from the organization's management account..
" + "documentation":"Creates or updates a resource policy.
You can only call this operation from the management account..
" }, "RegisterDelegatedAdministrator":{ "name":"RegisterDelegatedAdministrator", @@ -1035,7 +1118,7 @@ {"shape":"ServiceException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service. It grants read-only access to Organizations service data. The account still requires IAM permissions to access and administer the Amazon Web Services service.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
This operation can be called only from the organization's management account.
" + "documentation":"Enables the specified member account to administer the Organizations features of the specified Amazon Web Services service. It grants read-only access to Organizations service data. The account still requires IAM permissions to access and administer the Amazon Web Services service.
You can run this action only for Amazon Web Services services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at Amazon Web Services Services that you can use with Organizations in the Organizations User Guide.
You can only call this operation from the management account.
" }, "RemoveAccountFromOrganization":{ "name":"RemoveAccountFromOrganization", @@ -1055,7 +1138,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Removes the specified account from the organization.
The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's management account is no longer charged for any expenses accrued by the member account after it's removed from the organization.
This operation can be called only from the organization's management account. Member accounts can remove themselves with LeaveOrganization instead.
You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
Removes the specified account from the organization.
The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's management account is no longer charged for any expenses accrued by the member account after it's removed from the organization.
You can only call this operation from the management account. Member accounts can remove themselves with LeaveOrganization instead.
You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
The account that you want to leave must not be a delegated administrator account for any Amazon Web Services service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. Amazon Web Services accounts outside of an organization do not support tags.
Adds one or more tags to the specified resource.
Currently, you can attach tags to the following resources in Organizations.
Amazon Web Services account
Organization root
Organizational unit (OU)
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Adds one or more tags to the specified resource.
Currently, you can attach tags to the following resources in Organizations.
Amazon Web Services account
Organization root
Organizational unit (OU)
Policy (any type)
You can only call this operation from the management account or a member account that is a delegated administrator.
" + }, + "TerminateResponsibilityTransfer":{ + "name":"TerminateResponsibilityTransfer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TerminateResponsibilityTransferRequest"}, + "output":{"shape":"TerminateResponsibilityTransferResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ConcurrentModificationException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResponsibilityTransferNotFoundException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"UnsupportedAPIEndpointException"}, + {"shape":"ResponsibilityTransferAlreadyInStatusException"}, + {"shape":"InvalidResponsibilityTransferTransitionException"} + ], + "documentation":"Ends a transfer. A transfer is an arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
" }, "UntagResource":{ "name":"UntagResource", @@ -1093,7 +1199,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Removes any tags with the specified keys from the specified resource.
You can attach tags to the following resources in Organizations.
Amazon Web Services account
Organization root
Organizational unit (OU)
Policy (any type)
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Removes any tags with the specified keys from the specified resource.
You can attach tags to the following resources in Organizations.
Amazon Web Services account
Organization root
Organizational unit (OU)
Policy (any type)
You can only call this operation from the management account or a member account that is a delegated administrator.
" }, "UpdateOrganizationalUnit":{ "name":"UpdateOrganizationalUnit", @@ -1113,7 +1219,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
This operation can be called only from the organization's management account.
" + "documentation":"Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
You can only call this operation from the management account.
" }, "UpdatePolicy":{ "name":"UpdatePolicy", @@ -1137,7 +1243,27 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.
This operation can be called only from the organization's management account or by a member account that is a delegated administrator.
" + "documentation":"Updates an existing policy with a new name, description, or content. If you don't supply any parameter, that value remains unchanged. You can't change a policy's type.
You can only call this operation from the management account or a member account that is a delegated administrator.
" + }, + "UpdateResponsibilityTransfer":{ + "name":"UpdateResponsibilityTransfer", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateResponsibilityTransferRequest"}, + "output":{"shape":"UpdateResponsibilityTransferResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"AWSOrganizationsNotInUseException"}, + {"shape":"ResponsibilityTransferNotFoundException"}, + {"shape":"ConstraintViolationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ServiceException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"UnsupportedAPIEndpointException"} + ], + "documentation":"Updates a transfer. A transfer is the arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
You can update the name assigned to a transfer.
" } }, "shapes":{ @@ -1155,7 +1281,7 @@ "members":{ "HandshakeId":{ "shape":"HandshakeId", - "documentation":"The unique identifier (ID) of the handshake that you want to accept.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"ID for the handshake that you want to accept.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" } } }, @@ -1164,7 +1290,7 @@ "members":{ "Handshake":{ "shape":"Handshake", - "documentation":"A structure that contains details about the accepted handshake.
" + "documentation":"A Handshake object. Contains details for the handshake.
The unique identifier (ID) of the policy that you want to attach to the target. You can get the ID for the policy by calling the ListPolicies operation.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" + "documentation":"ID for the policy that you want to attach to the target. You can get the ID for the policy by calling the ListPolicies operation.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" }, "TargetId":{ "shape":"PolicyTargetId", - "documentation":"The unique identifier (ID) of the root, OU, or account that you want to attach the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the root, OU, or account that you want to attach the policy to. You can get the ID by calling the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The unique identifier (ID) of the handshake that you want to cancel. You can get the ID from the ListHandshakesForOrganization operation.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"ID for the handshake that you want to cancel. You can get the ID from the ListHandshakesForOrganization operation.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" } } }, @@ -1362,7 +1489,7 @@ "members":{ "Handshake":{ "shape":"Handshake", - "documentation":"A structure that contains details about the handshake that you canceled.
" + "documentation":"A Handshake object. Contains for the handshake that you canceled.
Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You must complete the account setup before you create an organization.
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.
Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.
Deleted and closed accounts still count toward your limit.
If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED: Your organization has more than 5000 accounts, and you can only use the standard migration process for organizations with less than 5000 accounts. Use the assisted migration process to enable all features mode, or create a support case for assistance if you are unable to use assisted migration.
CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as a delegated administrator.
CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.
CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.
CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.
CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time.
CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.
DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.
EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verfication code.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. All accounts in an organization must be associated with the same marketplace.
MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.
MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.
POLICY_TYPE_ENABLED_FOR_THIS_SERVICE: You attempted to disable service access before you disabled the policy type (for example, SECURITYHUB_POLICY). To complete this operation, you must first disable the policy type.
SERVICE_ACCESS_NOT_ENABLED:
You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.
You attempted to enable a policy type before you enabled service access. Call the EnableAWSServiceAccess API first.
TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.
WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least four days after the account was created. Invited accounts aren't subject to this waiting period.
Performing this operation violates a minimum or maximum value limit. For example, attempting to remove the last service control policy (SCP) from an OU or root, inviting or creating too many accounts to the organization, or attaching too many policies to an account, OU, or root. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
ACCOUNT_CANNOT_LEAVE_ORGANIZATION: You attempted to remove the management account from the organization. You can't remove the management account. Instead, after you remove all member accounts, delete the organization itself.
ACCOUNT_CANNOT_LEAVE_WITHOUT_PHONE_VERIFICATION: You attempted to remove an account from the organization that doesn't yet have enough information to exist as a standalone account. This account requires you to first complete phone verification. Follow the steps at Removing a member account from your organization in the Organizations User Guide.
ACCOUNT_CREATION_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can create in one day.
ACCOUNT_CREATION_NOT_COMPLETE: Your account setup isn't complete or your account isn't fully active. You must complete the account setup before you create an organization.
ACTIVE_RESPONSIBILITY_TRANSFER_PROCESS: You cannot delete organization due to an ongoing responsibility transfer process. For example, a pending invitation or an in-progress transfer. To delete the organization, you must resolve the current transfer process.
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. If you need more accounts, contact Amazon Web Services Support to request an increase in your limit.
Or the number of invitations that you tried to send would cause you to exceed the limit of accounts in your organization. Send fewer invitations or contact Amazon Web Services Support to request an increase in the number of accounts.
Deleted and closed accounts still count toward your limit.
If you get this exception when running a command immediately after creating the organization, wait one hour and try again. After an hour, if the command continues to fail with this error, contact Amazon Web Services Support.
ALL_FEATURES_MIGRATION_ORGANIZATION_SIZE_LIMIT_EXCEEDED: Your organization has more than 5000 accounts, and you can only use the standard migration process for organizations with less than 5000 accounts. Use the assisted migration process to enable all features mode, or create a support case for assistance if you are unable to use assisted migration.
CANNOT_REGISTER_SUSPENDED_ACCOUNT_AS_DELEGATED_ADMINISTRATOR: You cannot register a suspended account as a delegated administrator.
CANNOT_REGISTER_MASTER_AS_DELEGATED_ADMINISTRATOR: You attempted to register the management account of the organization as a delegated administrator for an Amazon Web Services service integrated with Organizations. You can designate only a member account as a delegated administrator.
CANNOT_CLOSE_MANAGEMENT_ACCOUNT: You attempted to close the management account. To close the management account for the organization, you must first either remove or close all member accounts in the organization. Follow standard account closure process using root credentials.
CANNOT_REMOVE_DELEGATED_ADMINISTRATOR_FROM_ORG: You attempted to remove an account that is registered as a delegated administrator for a service integrated with your organization. To complete this operation, you must first deregister this account as a delegated administrator.
CLOSE_ACCOUNT_QUOTA_EXCEEDED: You have exceeded close account quota for the past 30 days.
CLOSE_ACCOUNT_REQUESTS_LIMIT_EXCEEDED: You attempted to exceed the number of accounts that you can close at a time.
CREATE_ORGANIZATION_IN_BILLING_MODE_UNSUPPORTED_REGION: To create an organization in the specified region, you must enable all features mode.
DELEGATED_ADMINISTRATOR_EXISTS_FOR_THIS_SERVICE: You attempted to register an Amazon Web Services account as a delegated administrator for an Amazon Web Services service that already has a delegated administrator. To complete this operation, you must first deregister any existing delegated administrators for this service.
EMAIL_VERIFICATION_CODE_EXPIRED: The email verification code is only valid for a limited period of time. You must resubmit the request and generate a new verification code.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
INVALID_PAYMENT_INSTRUMENT: You cannot remove an account because no supported payment method is associated with the account. Amazon Web Services does not support cards issued by financial institutions in Russia or Belarus. For more information, see Managing your Amazon Web Services payments.
MASTER_ACCOUNT_ADDRESS_DOES_NOT_MATCH_MARKETPLACE: To create an account in this organization, you first must migrate the organization's management account to the marketplace that corresponds to the management account's address. All accounts in an organization must be associated with the same marketplace.
MASTER_ACCOUNT_MISSING_BUSINESS_LICENSE: Applies only to the Amazon Web Services Regions in China. To create an organization, the master must have a valid business license. For more information, contact customer support.
MASTER_ACCOUNT_MISSING_CONTACT_INFO: To complete this operation, you must first provide a valid contact address and phone number for the management account. Then try the operation again.
MASTER_ACCOUNT_NOT_GOVCLOUD_ENABLED: To complete this operation, the management account must have an associated account in the Amazon Web Services GovCloud (US-West) Region. For more information, see Organizations in the Amazon Web Services GovCloud User Guide.
MASTER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To create an organization with this management account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
MAX_DELEGATED_ADMINISTRATORS_FOR_SERVICE_LIMIT_EXCEEDED: You attempted to register more delegated administrators than allowed for the service principal.
MAX_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to exceed the number of policies of a certain type that can be attached to an entity at one time.
MAX_TAG_LIMIT_EXCEEDED: You have exceeded the number of tags allowed on this resource.
MEMBER_ACCOUNT_PAYMENT_INSTRUMENT_REQUIRED: To complete this operation with this member account, you first must associate a valid payment instrument, such as a credit card, with the account. For more information, see Considerations before removing an account from an organization in the Organizations User Guide.
MIN_POLICY_TYPE_ATTACHMENT_LIMIT_EXCEEDED: You attempted to detach a policy from an entity that would cause the entity to have fewer than the minimum number of policies of a certain type required.
ORGANIZATION_NOT_IN_ALL_FEATURES_MODE: You attempted to perform an operation that requires the organization to be configured to support all features. An organization that supports only consolidated billing features can't perform this operation.
OU_DEPTH_LIMIT_EXCEEDED: You attempted to create an OU tree that is too many levels deep.
OU_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of OUs that you can have in an organization.
POLICY_CONTENT_LIMIT_EXCEEDED: You attempted to create a policy that is larger than the maximum size.
POLICY_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the number of policies that you can have in an organization.
POLICY_TYPE_ENABLED_FOR_THIS_SERVICE: You attempted to disable service access before you disabled the policy type (for example, SECURITYHUB_POLICY). To complete this operation, you must first disable the policy type.
RESPONSIBILITY_TRANSFER_MAX_INBOUND_QUOTA_VIOLATION: You have exceeded your inbound transfers limit.
RESPONSIBILITY_TRANSFER_MAX_LEVEL_VIOLATION: You have exceeded the maximum length of your transfer chain.
RESPONSIBILITY_TRANSFER_MAX_OUTBOUND_QUOTA_VIOLATION: You have exceeded your outbound transfers limit.
RESPONSIBILITY_TRANSFER_MAX_TRANSFERS_QUOTA_VIOLATION: You have exceeded the maximum number of inbound transfers allowed in a transfer chain.
SERVICE_ACCESS_NOT_ENABLED:
You attempted to register a delegated administrator before you enabled service access. Call the EnableAWSServiceAccess API first.
You attempted to enable a policy type before you enabled service access. Call the EnableAWSServiceAccess API first.
TAG_POLICY_VIOLATION: You attempted to create or update a resource with tags that are not compliant with the tag policy requirements for this account.
TRANSFER_RESPONSIBILITY_SOURCE_DELETION_IN_PROGRESS: The source organization cannot accept this transfer invitation because it is marked for deletion.
TRANSFER_RESPONSIBILITY_TARGET_DELETION_IN_PROGRESS: The source organization cannot accept this transfer invitation because target organization is marked for deletion.
UNSUPPORTED_PRICING: Your organization has a pricing contract that is unsupported.
WAIT_PERIOD_ACTIVE: After you create an Amazon Web Services account, you must wait until at least four days after the account was created. Invited accounts aren't subject to this waiting period.
If the account was created successfully, the unique identifier (ID) of the new account in the Amazon Web Services GovCloud (US) Region.
" + "documentation":"If the account was created successfully, the ID for the new account in the Amazon Web Services GovCloud (US) Region.
" }, "FailureReason":{ "shape":"CreateAccountFailureReason", @@ -1675,7 +1810,7 @@ "members":{ "ParentId":{ "shape":"ParentId", - "documentation":"The unique identifier (ID) of the parent root or OU that you want to create the new OU in.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the parent root or OU that you want to create the new OU in.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The type of policy to create. You can specify one of the following values:
The type of policy to create. You can specify one of the following values:
The unique identifier (ID) of the handshake that you want to decline. You can get the ID from the ListHandshakesForAccount operation.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"ID for the handshake that you want to decline. You can get the ID from the ListHandshakesForAccount operation.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" } } }, @@ -1751,7 +1886,7 @@ "members":{ "Handshake":{ "shape":"Handshake", - "documentation":"A structure that contains details about the declined handshake. The state is updated to show the value DECLINED.
A Handshake object. Contains details for the declined handshake.
The unique identifier (ID) of the organizational unit that you want to delete. You can get the ID from the ListOrganizationalUnitsForParent operation.
The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
" + "documentation":"ID for the organizational unit that you want to delete. You can get the ID from the ListOrganizationalUnitsForParent operation.
The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
" } } }, @@ -1835,7 +1970,7 @@ "members":{ "PolicyId":{ "shape":"PolicyId", - "documentation":"The unique identifier (ID) of the policy that you want to delete. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" + "documentation":"ID for the policy that you want to delete. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" } } }, @@ -1900,7 +2035,7 @@ "members":{ "PolicyType":{ "shape":"EffectivePolicyType", - "documentation":"The type of policy that you want information about. You can specify one of the following values:
The type of policy that you want information about. You can specify one of the following values:
The unique identifier (ID) of the handshake that you want information about. You can get the ID from the original call to InviteAccountToOrganization, or from a call to ListHandshakesForAccount or ListHandshakesForOrganization.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"ID for the handshake that you want information about.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" } } }, @@ -1932,7 +2067,7 @@ "members":{ "Handshake":{ "shape":"Handshake", - "documentation":"A structure that contains information about the specified handshake.
" + "documentation":"A Handshake object. Contains details for the handshake.
The unique identifier (ID) of the organizational unit that you want details about. You can get the ID from the ListOrganizationalUnitsForParent operation.
The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
" + "documentation":"ID for the organizational unit that you want details about. You can get the ID from the ListOrganizationalUnitsForParent operation.
The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
" } } }, @@ -1970,7 +2105,7 @@ "members":{ "PolicyId":{ "shape":"PolicyId", - "documentation":"The unique identifier (ID) of the policy that you want details about. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" + "documentation":"ID for the policy that you want details about. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" } } }, @@ -1992,6 +2127,25 @@ } } }, + "DescribeResponsibilityTransferRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"ResponsibilityTransferId", + "documentation":"ID for the transfer.
" + } + } + }, + "DescribeResponsibilityTransferResponse":{ + "type":"structure", + "members":{ + "ResponsibilityTransfer":{ + "shape":"ResponsibilityTransfer", + "documentation":"A ResponsibilityTransfer object. Contains details for a transfer.
The unique identifier (ID) of the policy you want to detach. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" + "documentation":"ID for the policy you want to detach. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" }, "TargetId":{ "shape":"PolicyTargetId", - "documentation":"The unique identifier (ID) of the root, OU, or account that you want to detach the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the root, OU, or account that you want to detach the policy from. You can get the ID from the ListRoots, ListOrganizationalUnitsForParent, or ListAccounts operations.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The unique identifier (ID) of the root in which you want to disable a policy type. You can get the ID from the ListRoots operation.
The regex pattern for a root ID string requires \"r-\" followed by from 4 to 32 lowercase letters or digits.
" + "documentation":"ID for the root in which you want to disable a policy type. You can get the ID from the ListRoots operation.
The regex pattern for a root ID string requires \"r-\" followed by from 4 to 32 lowercase letters or digits.
" }, "PolicyType":{ "shape":"PolicyType", - "documentation":"The policy type that you want to disable in this root. You can specify one of the following values:
The policy type that you want to disable in this root. You can specify one of the following values:
The unique identifier (ID) of the root in which you want to enable a policy type. You can get the ID from the ListRoots operation.
The regex pattern for a root ID string requires \"r-\" followed by from 4 to 32 lowercase letters or digits.
" + "documentation":"ID for the root in which you want to enable a policy type. You can get the ID from the ListRoots operation.
The regex pattern for a root ID string requires \"r-\" followed by from 4 to 32 lowercase letters or digits.
" }, "PolicyType":{ "shape":"PolicyType", - "documentation":"The policy type that you want to enable. You can specify one of the following values:
The policy type that you want to enable. You can specify one of the following values:
The unique identifier (ID) of a handshake. The originating account creates the ID when it initiates the handshake.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"ID for the handshake.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" }, "Arn":{ "shape":"HandshakeArn", - "documentation":"The Amazon Resource Name (ARN) of a handshake.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
" + "documentation":"Amazon Resource Name (ARN) for the handshake.
For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.
" }, "Parties":{ "shape":"HandshakeParties", - "documentation":"Information about the two accounts that are participating in the handshake.
" + "documentation":"An array of HandshakeParty objects. Contains details for participant in a handshake.
The current state of the handshake. Use the state to trace the flow of the handshake through the process from its creation to its acceptance. The meaning of each of the valid values is as follows:
REQUESTED: This handshake was sent to multiple recipients (applicable to only some handshake types) and not all recipients have responded yet. The request stays in this state until all recipients respond.
OPEN: This handshake was sent to multiple recipients (applicable to only some policy types) and all recipients have responded, allowing the originator to complete the handshake action.
CANCELED: This handshake is no longer active because it was canceled by the originating account.
ACCEPTED: This handshake is complete because it has been accepted by the recipient.
DECLINED: This handshake is no longer active because it was declined by the recipient account.
EXPIRED: This handshake is no longer active because the originator did not receive a response of any kind from the recipient before the expiration time (15 days).
Current state for the handshake.
REQUESTED: Handshake awaiting a response from the recipient.
OPEN: Handshake sent to multiple recipients and all recipients have responded. The sender can now complete the handshake action.
CANCELED: Handshake canceled by the sender.
ACCEPTED: Handshake accepted by the recipient.
DECLINED: Handshake declined by the recipient.
EXPIRED: Handshake has expired.
The date and time that the handshake request was made.
" + "documentation":"Timestamp when the handshake request was made.
" }, "ExpirationTimestamp":{ "shape":"Timestamp", - "documentation":"The date and time that the handshake expires. If the recipient of the handshake request fails to respond before the specified date and time, the handshake becomes inactive and is no longer valid.
" + "documentation":"Timestamp when the handshake expires.
" }, "Action":{ "shape":"ActionType", - "documentation":"The type of handshake, indicating what action occurs when the recipient accepts the handshake. The following handshake types are supported:
INVITE: This type of handshake represents a request to join an organization. It is always sent from the management account to only non-member accounts.
ENABLE_ALL_FEATURES: This type of handshake represents a request to enable all features in an organization. It is always sent from the management account to only invited member accounts. Created accounts do not receive this because those accounts were created by the organization's management account and approval is inferred.
APPROVE_ALL_FEATURES: This type of handshake is sent from the Organizations service when all member accounts have approved the ENABLE_ALL_FEATURES invitation. It is sent only to the management account and signals the master that it can finalize the process to enable all features.
The type of handshake:
INVITE: Handshake sent to a standalone account requesting that it to join the sender's organization.
ENABLE_ALL_FEATURES: Handshake sent to invited member accounts to enable all features for the organization.
APPROVE_ALL_FEATURES: Handshake sent to the management account when all invited member accounts have approved to enable all features.
TRANSFER_RESPONSIBILITY: Handshake sent to another organization's management account requesting that it designate the sender with the specified responsibilities for recipient's organization.
Additional information that is needed to process the handshake.
" + "documentation":"An array of HandshakeResource objects. When needed, contains additional details for a handshake. For example, the email address for the sender.
Contains information that must be exchanged to securely establish a relationship between two accounts (an originator and a recipient). For example, when a management account (the originator) invites another account (the recipient) to join its organization, the two accounts exchange information as a series of handshake requests and responses.
Note: Handshakes that are CANCELED, ACCEPTED, DECLINED, or EXPIRED show up in lists for only 30 days after entering that state After that they are deleted.
Contains details for a handshake. A handshake is the secure exchange of information between two Amazon Web Services accounts: a sender and a recipient.
Note: Handshakes that are CANCELED, ACCEPTED, DECLINED, or EXPIRED show up in lists for only 30 days after entering that state After that they are deleted.
The requested operation would violate the constraint identified in the reason code.
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.
If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support.
ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features.
ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization.
ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.
The requested operation would violate the constraint identified in the reason code.
Some of the reasons in the following list might not be applicable to this specific API or operation:
ACCOUNT_NUMBER_LIMIT_EXCEEDED: You attempted to exceed the limit on the number of accounts in an organization. Note that deleted and closed accounts still count toward your limit.
If you get this exception immediately after creating the organization, wait one hour and try again. If after an hour it continues to fail with this error, contact Amazon Web Services Support.
ALREADY_IN_AN_ORGANIZATION: The handshake request is invalid because the invited account is already a member of an organization.
HANDSHAKE_RATE_LIMIT_EXCEEDED: You attempted to exceed the number of handshakes that you can send in one day.
INVITE_DISABLED_DURING_ENABLE_ALL_FEATURES: You can't issue new invitations to join an organization while it's in the process of enabling all features. You can resume inviting accounts after you finalize the process when all accounts have agreed to the change.
LEGACY_PERMISSIONS_STILL_IN_USE: Your organization must migrate to use the new IAM fine-grained actions for billing, cost management, and accounts.
ORGANIZATION_ALREADY_HAS_ALL_FEATURES: The handshake request is invalid because the organization has already enabled all features.
ORGANIZATION_FROM_DIFFERENT_SELLER_OF_RECORD: The request failed because the account is from a different marketplace than the accounts in the organization.
ORGANIZATION_IS_ALREADY_PENDING_ALL_FEATURES_MIGRATION: The handshake request is invalid because the organization has already started the process to enable all features.
ORGANIZATION_MEMBERSHIP_CHANGE_RATE_LIMIT_EXCEEDED: You attempted to change the membership of an account too quickly after its previous change.
PAYMENT_INSTRUMENT_REQUIRED: You can't complete the operation with an account that doesn't have a payment instrument, such as a credit card, associated with it.
RESPONSIBILITY_TRANSFER_ALREADY_EXISTS: You cannot perform this operation with the current transfer.
SOURCE_AND_TARGET_CANNOT_MATCH: An account can't accept a transfer invitation if it is both the sender and recipient of the invitation.
UNUSED_PREPAYMENT_BALANCE: Your organization has an outstanding pre-payment balance.
Specifies the type of handshake action.
If you specify ActionType, you cannot also specify ParentHandshakeId.
The type of handshake.
If you specify ActionType, you cannot also specify ParentHandshakeId.
Specifies the parent handshake. Only used for handshake types that are a child of another type.
If you specify ParentHandshakeId, you cannot also specify ActionType.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"The parent handshake. Only used for handshake types that are a child of another type.
If you specify ParentHandshakeId, you cannot also specify ActionType.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" } }, - "documentation":"Specifies the criteria that are used to select the handshakes for the operation.
" + "documentation":"Contains the filter used to select the handshakes for an operation.
" }, "HandshakeId":{ "type":"string", @@ -2370,14 +2530,14 @@ "members":{ "Id":{ "shape":"HandshakePartyId", - "documentation":"The unique identifier (ID) for the party.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" + "documentation":"ID for the participant: Acccount ID, organization ID, or email address.
The regex pattern for handshake ID string requires \"h-\" followed by from 8 to 32 lowercase letters or digits.
" }, "Type":{ "shape":"HandshakePartyType", - "documentation":"The type of party.
" + "documentation":"The type of ID for the participant.
" } }, - "documentation":"Identifies a participant in a handshake.
" + "documentation":"Contains details for a participant in a handshake.
" }, "HandshakePartyId":{ "type":"string", @@ -2399,18 +2559,18 @@ "members":{ "Value":{ "shape":"HandshakeResourceValue", - "documentation":"The information that is passed to the other party in the handshake. The format of the value string must match the requirements of the specified type.
" + "documentation":"Additional information for the handshake. The format of the value string must match the requirements of the specified type.
" }, "Type":{ "shape":"HandshakeResourceType", - "documentation":"The type of information being passed, specifying how the value is to be interpreted by the other party:
ACCOUNT - Specifies an Amazon Web Services account ID number.
ORGANIZATION - Specifies an organization ID number.
EMAIL - Specifies the email address that is associated with the account that receives the handshake.
OWNER_EMAIL - Specifies the email address associated with the management account. Included as information about an organization.
OWNER_NAME - Specifies the name associated with the management account. Included as information about an organization.
NOTES - Additional text provided by the handshake initiator and intended for the recipient to read.
The type of information being passed, specifying how the value is to be interpreted by the other party:
ACCOUNT: ID for an Amazon Web Services account.
ORGANIZATION: ID for an organization.
EMAIL: Email address for the recipient.
OWNER_EMAIL: Email address for the sender.
OWNER_NAME: Name of the sender.
NOTES: Additional text included by the sender for the recipient.
When needed, contains an additional array of HandshakeResource objects.
An array of HandshakeResource objects. When needed, contains additional details for a handshake. For example, the email address for the sender.
Contains additional data that is needed to process a handshake.
" + "documentation":"Contains additional details for a handshake.
" }, "HandshakeResourceType":{ "type":"string", @@ -2422,7 +2582,13 @@ "MASTER_EMAIL", "MASTER_NAME", "NOTES", - "PARENT_HANDSHAKE" + "PARENT_HANDSHAKE", + "RESPONSIBILITY_TRANSFER", + "TRANSFER_START_TIMESTAMP", + "TRANSFER_TYPE", + "MANAGEMENT_ACCOUNT", + "MANAGEMENT_EMAIL", + "MANAGEMENT_NAME" ] }, "HandshakeResourceValue":{ @@ -2469,7 +2635,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"InvalidInputExceptionReason"} }, - "documentation":"The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
INVALID_ENUM: You specified an invalid value.
INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_PRINCIPAL: You specified an invalid principal element in the policy.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
NON_DETACHABLE_POLICY: You can't detach this Amazon Web Services Managed Policy.
TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
CALLER_REQUIRED_FIELD_MISSING: At least one of the required field is missing: Caller Account Id, Management Account Id or Organization Id.
DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
END_DATE_NOT_END_OF_MONTH: You provided an invalid end date. The end date must be the end of the last day of the month (23.59.59.999).
END_DATE_TOO_EARLY: You provided an invalid end date. It is too early for the transfer to end.
IMMUTABLE_POLICY: You specified a policy that is managed by Amazon Web Services and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_EMAIL_ADDRESS_TARGET: You specified an invalid email address for the invited account owner.
INVALID_END_DATE: The selected withdrawal date doesn't meet the terms of your partner agreement. Visit Amazon Web Services Partner Central to view your partner agreements or contact your Amazon Web Services Partner for help.
INVALID_ENUM: You specified an invalid value.
INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_PRINCIPAL: You specified an invalid principal element in the policy.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.
INVALID_START_DATE: The start date doesn't meet the minimum requirements.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for Amazon Web Services use. System tags don’t count against your tags per resource limit.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
NON_DETACHABLE_POLICY: You can't detach this Amazon Web Services Managed Policy.
START_DATE_NOT_BEGINNING_OF_DAY: You provided an invalid start date. The start date must be the beginning of the day (00:00:00.000).
START_DATE_NOT_BEGINNING_OF_MONTH: You provided an invalid start date. The start date must be the first day of the month.
START_DATE_TOO_EARLY: You provided an invalid start date. The start date is too early.
START_DATE_TOO_LATE: You provided an invalid start date. The start date is too late.
TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
UNSUPPORTED_ACTION_IN_RESPONSIBILITY_TRANSFER: You provided a value that is not supported by this operation.
The responsibility transfer can't transition to the requested state because it's not in a valid state for this operation.
", + "exception":true + }, "InviteAccountToOrganizationRequest":{ "type":"structure", "required":["Target"], @@ -2534,6 +2718,47 @@ } } }, + "InviteOrganizationToTransferResponsibilityRequest":{ + "type":"structure", + "required":[ + "Type", + "Target", + "StartTimestamp", + "SourceName" + ], + "members":{ + "Type":{ + "shape":"ResponsibilityTransferType", + "documentation":"The type of responsibility you want to designate to your organization. Currently, only BILLING is supported.
A HandshakeParty object. Contains details for the account you want to invite. Currently, only ACCOUNT and EMAIL are supported.
Additional information that you want to include in the invitation.
" + }, + "StartTimestamp":{ + "shape":"Timestamp", + "documentation":"Timestamp when the recipient will begin managing the specified responsibilities.
" + }, + "SourceName":{ + "shape":"ResponsibilityTransferName", + "documentation":"Name you want to assign to the transfer.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"A list of tags that you want to attach to the transfer. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging Organizations resources in the Organizations User Guide.
Any tags in the request are checked for compliance with any applicable tag policies when the request is made. The request is rejected if the tags in the request don't match the requirements of the policy at that time. Tag policy compliance is not checked again when the invitation is accepted and the tags are actually attached to the transfer. That means that if the tag policy changes between the invitation and the acceptance, then that tags could potentially be non-compliant.
If any one of the tags is not valid or if you exceed the allowed number of tags for a transfer, then the entire request fails and invitations are not sent.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The type of policy that you want information about. You can specify one of the following values:
The type of policy that you want information about. You can specify one of the following values:
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The specified policy type. One of the following values:
The specified policy type. One of the following values:
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The type of policy that you want information about. You can specify one of the following values:
The type of policy that you want information about. You can specify one of the following values:
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The specified policy type. One of the following values:
The specified policy type. One of the following values:
Filters the handshakes that you want included in the response. The default is all types. Use the ActionType element to limit the output to only a specified type, such as INVITE, ENABLE_ALL_FEATURES, or APPROVE_ALL_FEATURES. Alternatively, for the ENABLE_ALL_FEATURES handshake that generates a separate child handshake for each member account, you can specify ParentHandshakeId to see only the handshakes that were generated by that parent request.
A HandshakeFilter object. Contains the filer used to select the handshakes for an operation.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
A list of Handshake objects with details about each of the handshakes that is associated with the specified account.
" + "documentation":"An array of Handshakeobjects. Contains details for a handshake.
A filter of the handshakes that you want included in the response. The default is all types. Use the ActionType element to limit the output to only a specified type, such as INVITE, ENABLE-ALL-FEATURES, or APPROVE-ALL-FEATURES. Alternatively, for the ENABLE-ALL-FEATURES handshake that generates a separate child handshake for each member account, you can specify the ParentHandshakeId to see only the handshakes that were generated by that parent request.
A HandshakeFilter object. Contains the filer used to select the handshakes for an operation.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
A list of Handshake objects with details about each of the handshakes that are associated with an organization.
" + "documentation":"An array of Handshakeobjects. Contains details for a handshake.
If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null.
The type of responsibility. Currently, only BILLING is supported.
ID for the transfer.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
A ResponsibilityTransfers object. Contains details for a transfer.
The unique identifier (ID) of the root or OU whose child OUs you want to list.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the root or OU whose child OUs you want to list.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The type of responsibility. Currently, only BILLING is supported.
The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
An array of ResponsibilityTransfer objects. Contains details for a transfer.
If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null.
The unique identifier (ID) of the OU or account whose parent containers you want to list. Don't specify a root.
The regex pattern for a child ID string requires one of the following:
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the OU or account whose parent containers you want to list. Don't specify a root.
The regex pattern for a child ID string requires one of the following:
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The unique identifier (ID) of the root, organizational unit, or account whose policies you want to list.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the root, organizational unit, or account whose policies you want to list.
The regex pattern for a target ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Account - A string that consists of exactly 12 digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The type of policy that you want to include in the returned list. You must specify one of the following values:
The type of policy that you want to include in the returned list. You must specify one of the following values:
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
Specifies the type of policy that you want to include in the response. You must specify one of the following values:
Specifies the type of policy that you want to include in the response. You must specify one of the following values:
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The unique identifier (ID) of the policy whose attachments you want to know.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" + "documentation":"ID for the policy whose attachments you want to know.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" }, "NextToken":{ "shape":"NextToken", @@ -3093,7 +3384,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that Organizations might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.
The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.
The unique identifier (ID) of the account that you want to move.
The regex pattern for an account ID string requires exactly 12 digits.
" + "documentation":"ID for the account that you want to move.
The regex pattern for an account ID string requires exactly 12 digits.
" }, "SourceParentId":{ "shape":"ParentId", - "documentation":"The unique identifier (ID) of the root or organizational unit that you want to move the account from.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the root or organizational unit that you want to move the account from.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The unique identifier (ID) of the root or organizational unit that you want to move the account to.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
ID for the root or organizational unit that you want to move the account to.
The regex pattern for a parent ID string requires one of the following:
Root - A string that begins with \"r-\" followed by from 4 to 32 lowercase letters or digits.
Organizational unit (OU) - A string that begins with \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
The unique identifier (ID) of the member account that you want to remove from the organization.
The regex pattern for an account ID string requires exactly 12 digits.
" + "documentation":"ID for the member account that you want to remove from the organization.
The regex pattern for an account ID string requires exactly 12 digits.
" } } }, @@ -3616,6 +3909,102 @@ }, "documentation":"A structure that contains resource policy ID and Amazon Resource Name (ARN).
" }, + "ResponsibilityTransfer":{ + "type":"structure", + "members":{ + "Arn":{ + "shape":"ResponsibilityTransferArn", + "documentation":"Amazon Resource Name (ARN) for the transfer.
" + }, + "Name":{ + "shape":"ResponsibilityTransferName", + "documentation":"Name assigned to the transfer.
" + }, + "Id":{ + "shape":"ResponsibilityTransferId", + "documentation":"ID for the transfer.
" + }, + "Type":{ + "shape":"ResponsibilityTransferType", + "documentation":"The type of transfer. Currently, only BILLING is supported.
Status for the transfer.
" + }, + "Source":{ + "shape":"TransferParticipant", + "documentation":"Account that allows another account external to its organization to manage the specified responsibilities for the organization.
" + }, + "Target":{ + "shape":"TransferParticipant", + "documentation":"Account that manages the specified responsibilities for another organization.
" + }, + "StartTimestamp":{ + "shape":"Timestamp", + "documentation":"Timestamp when the transfer starts.
" + }, + "EndTimestamp":{ + "shape":"Timestamp", + "documentation":"Timestamp when the transfer ends.
" + }, + "ActiveHandshakeId":{ + "shape":"HandshakeId", + "documentation":"ID for the handshake of the transfer.
" + } + }, + "documentation":"Contains details for a transfer. A transfer is the arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
" + }, + "ResponsibilityTransferAlreadyInStatusException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"} + }, + "documentation":"The responsibility transfer is already in the status that you specified.
", + "exception":true + }, + "ResponsibilityTransferArn":{ + "type":"string", + "pattern":"^arn:[a-z0-9][a-z0-9-.]{0,62}:organizations::\\d{12}:transfer\\/o-[a-z0-9]{10,32}\\/(billing)\\/(inbound|outbound)\\/rt-[0-9a-z]{8,32}$" + }, + "ResponsibilityTransferId":{ + "type":"string", + "pattern":"^rt-[0-9a-z]{8,32}$" + }, + "ResponsibilityTransferName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[ -~]+$", + "sensitive":true + }, + "ResponsibilityTransferNotFoundException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"} + }, + "documentation":"We can't find a transfer that you specified.
", + "exception":true + }, + "ResponsibilityTransferStatus":{ + "type":"string", + "enum":[ + "REQUESTED", + "DECLINED", + "CANCELED", + "EXPIRED", + "ACCEPTED", + "WITHDRAWN" + ] + }, + "ResponsibilityTransferType":{ + "type":"string", + "enum":["BILLING"] + }, + "ResponsibilityTransfers":{ + "type":"list", + "member":{"shape":"ResponsibilityTransfer"} + }, "RoleName":{ "type":"string", "max":64, @@ -3746,7 +4135,7 @@ "TaggableResourceId":{ "type":"string", "max":130, - "pattern":"^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(^p-[0-9a-zA-Z_]{8,128})|(^rp-[0-9a-zA-Z_]{4,128})$" + "pattern":"^(r-[0-9a-z]{4,32})|(\\d{12})|(ou-[0-9a-z]{4,32}-[a-z0-9]{8,32})|(^p-[0-9a-zA-Z_]{8,128})|(^rp-[0-9a-zA-Z_]{4,128})|(^rt-[0-9a-zA-Z_]{8,32})$" }, "Tags":{ "type":"list", @@ -3773,6 +4162,29 @@ "ROOT" ] }, + "TerminateResponsibilityTransferRequest":{ + "type":"structure", + "required":["Id"], + "members":{ + "Id":{ + "shape":"ResponsibilityTransferId", + "documentation":"ID for the transfer.
" + }, + "EndTimestamp":{ + "shape":"Timestamp", + "documentation":"Timestamp when the responsibility transfer is to end.
" + } + } + }, + "TerminateResponsibilityTransferResponse":{ + "type":"structure", + "members":{ + "ResponsibilityTransfer":{ + "shape":"ResponsibilityTransfer", + "documentation":"A ResponsibilityTransfer object. Contains details for a transfer.
You have sent too many requests in too short a period of time. The quota helps protect against denial-of-service attacks. Try again later.
For information about quotas that affect Organizations, see Quotas for Organizations in the Organizations User Guide.
", "exception":true }, + "TransferParticipant":{ + "type":"structure", + "members":{ + "ManagementAccountId":{ + "shape":"AccountId", + "documentation":"ID for the management account.
" + }, + "ManagementAccountEmail":{ + "shape":"Email", + "documentation":"Email address for the management account.
" + } + }, + "documentation":"Contains details for a participant in a transfer. A transfer is the arrangement between two management accounts where one account designates the other with specified responsibilities for their organization.
" + }, "UnsupportedAPIEndpointException":{ "type":"structure", "members":{ @@ -3814,7 +4240,7 @@ "members":{ "OrganizationalUnitId":{ "shape":"OrganizationalUnitId", - "documentation":"The unique identifier (ID) of the OU that you want to rename. You can get the ID from the ListOrganizationalUnitsForParent operation.
The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
" + "documentation":"ID for the OU that you want to rename. You can get the ID from the ListOrganizationalUnitsForParent operation.
The regex pattern for an organizational unit ID string requires \"ou-\" followed by from 4 to 32 lowercase letters or digits (the ID of the root that contains the OU). This string is followed by a second \"-\" dash and from 8 to 32 additional lowercase letters or digits.
" }, "Name":{ "shape":"OrganizationalUnitName", @@ -3837,7 +4263,7 @@ "members":{ "PolicyId":{ "shape":"PolicyId", - "documentation":"The unique identifier (ID) of the policy that you want to update.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" + "documentation":"ID for the policy that you want to update.
The regex pattern for a policy ID string requires \"p-\" followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).
" }, "Name":{ "shape":"PolicyName", @@ -3861,6 +4287,29 @@ "documentation":"A structure that contains details about the updated policy, showing the requested changes.
" } } + }, + "UpdateResponsibilityTransferRequest":{ + "type":"structure", + "required":[ + "Id", + "Name" + ], + "members":{ + "Id":{ + "shape":"ResponsibilityTransferId", + "documentation":"ID for the transfer.
" + }, + "Name":{ + "shape":"ResponsibilityTransferName", + "documentation":"New name you want to assign to the transfer.
" + } + } + }, + "UpdateResponsibilityTransferResponse":{ + "type":"structure", + "members":{ + "ResponsibilityTransfer":{"shape":"ResponsibilityTransfer"} + } } }, "documentation":"Organizations is a web service that enables you to consolidate your multiple Amazon Web Services accounts into an organization and centrally manage your accounts and their resources.
This guide provides descriptions of the Organizations operations. For more information about using this service, see the Organizations User Guide.
Support and feedback for Organizations
We welcome your feedback. You can post your feedback and questions in the Organizations support forum. For more information about the Amazon Web Services Support forums, see Forums Help.
Endpoint to call When using the CLI or the Amazon Web Services SDK
For the current release of Organizations, specify the us-east-1 region for all Amazon Web Services API and CLI calls made from the commercial Amazon Web Services Regions outside of China. If calling from one of the Amazon Web Services Regions in China, then specify cn-northwest-1. You can do this in the CLI by using these parameters and commands:
Use the following parameter with each command to specify both the endpoint and its region:
--endpoint-url https://organizations.us-east-1.amazonaws.com (from commercial Amazon Web Services Regions outside of China)
or
--endpoint-url https://organizations.cn-northwest-1.amazonaws.com.cn (from Amazon Web Services Regions in China)
Use the default endpoint, but configure your default region with this command:
aws configure set default.region us-east-1 (from commercial Amazon Web Services Regions outside of China)
or
aws configure set default.region cn-northwest-1 (from Amazon Web Services Regions in China)
Use the following parameter with each command to specify the endpoint:
--region us-east-1 (from commercial Amazon Web Services Regions outside of China)
or
--region cn-northwest-1 (from Amazon Web Services Regions in China)
Recording API Requests
Organizations supports CloudTrail, a service that records Amazon Web Services API calls for your Amazon Web Services account and delivers log files to an Amazon S3 bucket. By using information collected by CloudTrail, you can determine which requests the Organizations service received, who made the request and when, and so on. For more about Organizations and its support for CloudTrail, see Logging Organizations API calls with CloudTrail in the Organizations User Guide. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.
" diff --git a/awscli/botocore/data/partnercentral-channel/2024-03-18/endpoint-rule-set-1.json b/awscli/botocore/data/partnercentral-channel/2024-03-18/endpoint-rule-set-1.json new file mode 100644 index 000000000000..dd4839f25e56 --- /dev/null +++ b/awscli/botocore/data/partnercentral-channel/2024-03-18/endpoint-rule-set-1.json @@ -0,0 +1,269 @@ +{ + "version": "1.0", + "parameters": { + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": { + "authSchemes": [ + { + "name": "sigv4a", + "signingRegionSet": [ + "*" + ] + }, + { + "name": "sigv4" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + } + ], + "endpoint": { + "url": "https://partnercentral-channel.us-gov.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4a", + "signingRegionSet": [ + "*" + ] + }, + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://partnercentral-channel-fips.us-gov.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4a", + "signingRegionSet": [ + "*" + ] + }, + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "endpoint": { + "url": "https://partnercentral-channel-fips.global.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4a", + "signingRegionSet": [ + "*" + ] + }, + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://partnercentral-channel.global.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4a", + "signingRegionSet": [ + "*" + ] + }, + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff --git a/awscli/botocore/data/partnercentral-channel/2024-03-18/paginators-1.json b/awscli/botocore/data/partnercentral-channel/2024-03-18/paginators-1.json new file mode 100644 index 000000000000..1e923f47f512 --- /dev/null +++ b/awscli/botocore/data/partnercentral-channel/2024-03-18/paginators-1.json @@ -0,0 +1,22 @@ +{ + "pagination": { + "ListChannelHandshakes": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListProgramManagementAccounts": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListRelationships": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + } + } +} diff --git a/awscli/botocore/data/partnercentral-channel/2024-03-18/service-2.json b/awscli/botocore/data/partnercentral-channel/2024-03-18/service-2.json new file mode 100644 index 000000000000..cb63f9effc3c --- /dev/null +++ b/awscli/botocore/data/partnercentral-channel/2024-03-18/service-2.json @@ -0,0 +1,2219 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2024-03-18", + "auth":[ + "aws.auth#sigv4a", + "aws.auth#sigv4" + ], + "endpointPrefix":"partnercentral-channel", + "jsonVersion":"1.0", + "protocol":"json", + "protocols":["json"], + "serviceFullName":"Partner Central Channel API", + "serviceId":"PartnerCentral Channel", + "signatureVersion":"v4", + "signingName":"partnercentral-channel", + "targetPrefix":"PartnerCentralChannel", + "uid":"partnercentral-channel-2024-03-18" + }, + "operations":{ + "AcceptChannelHandshake":{ + "name":"AcceptChannelHandshake", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AcceptChannelHandshakeRequest"}, + "output":{"shape":"AcceptChannelHandshakeResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Accepts a pending channel handshake request from another AWS account.
", + "idempotent":true + }, + "CancelChannelHandshake":{ + "name":"CancelChannelHandshake", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CancelChannelHandshakeRequest"}, + "output":{"shape":"CancelChannelHandshakeResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Cancels a pending channel handshake request.
", + "idempotent":true + }, + "CreateChannelHandshake":{ + "name":"CreateChannelHandshake", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateChannelHandshakeRequest"}, + "output":{"shape":"CreateChannelHandshakeResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Creates a new channel handshake request to establish a partnership with another AWS account.
", + "idempotent":true + }, + "CreateProgramManagementAccount":{ + "name":"CreateProgramManagementAccount", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateProgramManagementAccountRequest"}, + "output":{"shape":"CreateProgramManagementAccountResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Creates a new program management account for managing partner relationships.
", + "idempotent":true + }, + "CreateRelationship":{ + "name":"CreateRelationship", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateRelationshipRequest"}, + "output":{"shape":"CreateRelationshipResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceQuotaExceededException"} + ], + "documentation":"Creates a new partner relationship between accounts.
", + "idempotent":true + }, + "DeleteProgramManagementAccount":{ + "name":"DeleteProgramManagementAccount", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteProgramManagementAccountRequest"}, + "output":{"shape":"DeleteProgramManagementAccountResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"Deletes a program management account.
", + "idempotent":true + }, + "DeleteRelationship":{ + "name":"DeleteRelationship", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteRelationshipRequest"}, + "output":{"shape":"DeleteRelationshipResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"Deletes a partner relationship.
", + "idempotent":true + }, + "GetRelationship":{ + "name":"GetRelationship", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetRelationshipRequest"}, + "output":{"shape":"GetRelationshipResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Retrieves details of a specific partner relationship.
", + "readonly":true + }, + "ListChannelHandshakes":{ + "name":"ListChannelHandshakes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListChannelHandshakesRequest"}, + "output":{"shape":"ListChannelHandshakesResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Lists channel handshakes based on specified criteria.
", + "readonly":true + }, + "ListProgramManagementAccounts":{ + "name":"ListProgramManagementAccounts", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListProgramManagementAccountsRequest"}, + "output":{"shape":"ListProgramManagementAccountsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Lists program management accounts based on specified criteria.
", + "readonly":true + }, + "ListRelationships":{ + "name":"ListRelationships", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListRelationshipsRequest"}, + "output":{"shape":"ListRelationshipsResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Lists partner relationships based on specified criteria.
", + "readonly":true + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Lists tags associated with a specific resource.
", + "readonly":true + }, + "RejectChannelHandshake":{ + "name":"RejectChannelHandshake", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"RejectChannelHandshakeRequest"}, + "output":{"shape":"RejectChannelHandshakeResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"Rejects a pending channel handshake request.
", + "idempotent":true + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"Adds or updates tags for a specified resource.
", + "idempotent":true + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"Removes tags from a specified resource.
", + "idempotent":true + }, + "UpdateProgramManagementAccount":{ + "name":"UpdateProgramManagementAccount", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateProgramManagementAccountRequest"}, + "output":{"shape":"UpdateProgramManagementAccountResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"Updates the properties of a program management account.
", + "idempotent":true + }, + "UpdateRelationship":{ + "name":"UpdateRelationship", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateRelationshipRequest"}, + "output":{"shape":"UpdateRelationshipResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ThrottlingException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"} + ], + "documentation":"Updates the properties of a partner relationship.
" + } + }, + "shapes":{ + "AcceptChannelHandshakeDetail":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ChannelHandshakeId", + "documentation":"The unique identifier of the accepted handshake.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the accepted handshake.
" + }, + "status":{ + "shape":"HandshakeStatus", + "documentation":"The current status of the accepted handshake.
" + } + }, + "documentation":"Contains details about an accepted channel handshake.
" + }, + "AcceptChannelHandshakeRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the handshake request.
" + }, + "identifier":{ + "shape":"ChannelHandshakeIdentifier", + "documentation":"The unique identifier of the channel handshake to accept.
" + } + } + }, + "AcceptChannelHandshakeResponse":{ + "type":"structure", + "members":{ + "channelHandshakeDetail":{ + "shape":"AcceptChannelHandshakeDetail", + "documentation":"Details of the accepted channel handshake.
" + } + } + }, + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the access denial.
" + }, + "reason":{ + "shape":"String", + "documentation":"The reason for the access denial.
" + } + }, + "documentation":"The request was denied due to insufficient permissions.
", + "exception":true + }, + "AccountId":{ + "type":"string", + "max":12, + "min":12, + "pattern":"[0-9]*" + }, + "AccountIdList":{ + "type":"list", + "member":{"shape":"AccountId"} + }, + "Arn":{ + "type":"string", + "max":1011, + "min":1 + }, + "AssociatedResourceId":{ + "type":"string", + "max":17, + "min":16, + "pattern":"(pma|rs)-[a-z0-9]{13}" + }, + "AssociatedResourceIdentifier":{ + "type":"string", + "max":1011, + "min":16, + "pattern":"((arn:[a-z-]+:partnercentral:[a-z0-9-]+:[0-9]{12}:catalog/[a-zA-Z]+/program-management-account/pma-[a-z0-9]{13}(/relationship/rs-[a-z0-9]{13})?)|(pma|rs)-[a-z0-9]{13})" + }, + "AssociatedResourceIdentifierList":{ + "type":"list", + "member":{"shape":"AssociatedResourceIdentifier"} + }, + "AssociationType":{ + "type":"string", + "enum":[ + "DOWNSTREAM_SELLER", + "END_CUSTOMER", + "INTERNAL" + ] + }, + "AssociationTypeList":{ + "type":"list", + "member":{"shape":"AssociationType"} + }, + "CancelChannelHandshakeDetail":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ChannelHandshakeId", + "documentation":"The unique identifier of the canceled handshake.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the canceled handshake.
" + }, + "status":{ + "shape":"HandshakeStatus", + "documentation":"The current status of the canceled handshake.
" + } + }, + "documentation":"Contains details about a canceled channel handshake.
" + }, + "CancelChannelHandshakeRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the handshake request.
" + }, + "identifier":{ + "shape":"ChannelHandshakeIdentifier", + "documentation":"The unique identifier of the channel handshake to cancel.
" + } + } + }, + "CancelChannelHandshakeResponse":{ + "type":"structure", + "members":{ + "channelHandshakeDetail":{ + "shape":"CancelChannelHandshakeDetail", + "documentation":"Details of the canceled channel handshake.
" + } + } + }, + "Catalog":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[a-zA-Z]*" + }, + "ChannelHandshakeId":{ + "type":"string", + "max":16, + "min":16, + "pattern":"ch-[a-z0-9]{13}" + }, + "ChannelHandshakeIdentifier":{ + "type":"string", + "max":1011, + "min":16, + "pattern":"(arn:[a-z-]+:partnercentral:[a-z0-9-]+:[0-9]{12}:catalog/[a-zA-Z]+/channel-handshake/)?ch-[a-z0-9]{13}" + }, + "ChannelHandshakePayload":{ + "type":"structure", + "members":{ + "startServicePeriodPayload":{ + "shape":"StartServicePeriodPayload", + "documentation":"Payload for starting a service period handshake.
" + }, + "revokeServicePeriodPayload":{ + "shape":"RevokeServicePeriodPayload", + "documentation":"Payload for revoking a service period handshake.
" + } + }, + "documentation":"Contains the payload data for different types of channel handshakes.
", + "union":true + }, + "ChannelHandshakeSummaries":{ + "type":"list", + "member":{"shape":"ChannelHandshakeSummary"} + }, + "ChannelHandshakeSummary":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ChannelHandshakeId", + "documentation":"The unique identifier of the handshake.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the handshake.
" + }, + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier associated with the handshake.
" + }, + "handshakeType":{ + "shape":"HandshakeType", + "documentation":"The type of the handshake.
" + }, + "ownerAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID of the handshake owner.
" + }, + "senderAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID of the handshake sender.
" + }, + "senderDisplayName":{ + "shape":"PartnerProfileDisplayName", + "documentation":"The display name of the handshake sender.
" + }, + "receiverAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID of the handshake receiver.
" + }, + "associatedResourceId":{ + "shape":"AssociatedResourceId", + "documentation":"The identifier of the resource associated with the handshake.
" + }, + "detail":{ + "shape":"HandshakeDetail", + "documentation":"Detailed information about the handshake.
" + }, + "createdAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the handshake was created.
" + }, + "updatedAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the handshake was last updated.
" + }, + "status":{ + "shape":"HandshakeStatus", + "documentation":"The current status of the handshake.
" + } + }, + "documentation":"Summary information about a channel handshake.
" + }, + "ClientToken":{ + "type":"string", + "max":64, + "min":1, + "pattern":"[!-~]*" + }, + "ConflictException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the conflict.
" + }, + "resourceId":{ + "shape":"String", + "documentation":"The identifier of the resource that caused the conflict.
" + }, + "resourceType":{ + "shape":"String", + "documentation":"The type of the resource that caused the conflict.
" + } + }, + "documentation":"The request could not be completed due to a conflict with the current state of the resource.
", + "exception":true + }, + "Coverage":{ + "type":"string", + "enum":[ + "ENTIRE_ORGANIZATION", + "MANAGEMENT_ACCOUNT_ONLY" + ] + }, + "CreateChannelHandshakeDetail":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ChannelHandshakeId", + "documentation":"The unique identifier of the created handshake.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the created handshake.
" + } + }, + "documentation":"Contains details about a newly created channel handshake.
" + }, + "CreateChannelHandshakeRequest":{ + "type":"structure", + "required":[ + "handshakeType", + "catalog", + "associatedResourceIdentifier" + ], + "members":{ + "handshakeType":{ + "shape":"HandshakeType", + "documentation":"The type of handshake to create (e.g., start service period, revoke service period).
" + }, + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the handshake request.
" + }, + "associatedResourceIdentifier":{ + "shape":"AssociatedResourceIdentifier", + "documentation":"The identifier of the resource associated with this handshake.
" + }, + "payload":{ + "shape":"ChannelHandshakePayload", + "documentation":"The payload containing specific details for the handshake type.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagList", + "documentation":"Key-value pairs to associate with the channel handshake.
" + } + } + }, + "CreateChannelHandshakeResponse":{ + "type":"structure", + "members":{ + "channelHandshakeDetail":{ + "shape":"CreateChannelHandshakeDetail", + "documentation":"Details of the created channel handshake.
" + } + } + }, + "CreateProgramManagementAccountDetail":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ProgramManagementAccountId", + "documentation":"The unique identifier of the created program management account.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the created program management account.
" + } + }, + "documentation":"Contains details about a newly created program management account.
" + }, + "CreateProgramManagementAccountRequest":{ + "type":"structure", + "required":[ + "catalog", + "program", + "displayName", + "accountId" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the program management account.
" + }, + "program":{ + "shape":"Program", + "documentation":"The program type for the management account.
" + }, + "displayName":{ + "shape":"ProgramManagementAccountDisplayName", + "documentation":"A human-readable name for the program management account.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID to associate with the program management account.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagList", + "documentation":"Key-value pairs to associate with the program management account.
" + } + } + }, + "CreateProgramManagementAccountResponse":{ + "type":"structure", + "members":{ + "programManagementAccountDetail":{ + "shape":"CreateProgramManagementAccountDetail", + "documentation":"Details of the created program management account.
" + } + } + }, + "CreateRelationshipDetail":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the created relationship.
" + }, + "id":{ + "shape":"RelationshipId", + "documentation":"The unique identifier of the created relationship.
" + } + }, + "documentation":"Contains details about a newly created relationship.
" + }, + "CreateRelationshipRequest":{ + "type":"structure", + "required":[ + "catalog", + "associationType", + "programManagementAccountIdentifier", + "associatedAccountId", + "displayName", + "sector" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the relationship.
" + }, + "associationType":{ + "shape":"AssociationType", + "documentation":"The type of association for the relationship (e.g., reseller, distributor).
" + }, + "programManagementAccountIdentifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The identifier of the program management account for this relationship.
" + }, + "associatedAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID to associate in this relationship.
" + }, + "displayName":{ + "shape":"RelationshipDisplayName", + "documentation":"A human-readable name for the relationship.
" + }, + "resaleAccountModel":{ + "shape":"ResaleAccountModel", + "documentation":"The resale account model for the relationship.
" + }, + "sector":{ + "shape":"Sector", + "documentation":"The business sector for the relationship.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", + "idempotencyToken":true + }, + "tags":{ + "shape":"TagList", + "documentation":"Key-value pairs to associate with the relationship.
" + }, + "requestedSupportPlan":{ + "shape":"SupportPlan", + "documentation":"The support plan requested for this relationship.
" + } + } + }, + "CreateRelationshipResponse":{ + "type":"structure", + "members":{ + "relationshipDetail":{ + "shape":"CreateRelationshipDetail", + "documentation":"Details of the created relationship.
" + } + } + }, + "DateTime":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "DeleteProgramManagementAccountRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the program management account.
" + }, + "identifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The unique identifier of the program management account to delete.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "DeleteProgramManagementAccountResponse":{ + "type":"structure", + "members":{} + }, + "DeleteRelationshipRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier", + "programManagementAccountIdentifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the relationship.
" + }, + "identifier":{ + "shape":"RelationshipIdentifier", + "documentation":"The unique identifier of the relationship to delete.
" + }, + "programManagementAccountIdentifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The identifier of the program management account associated with the relationship.
" + }, + "clientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier to ensure idempotency of the request.
", + "idempotencyToken":true + } + } + }, + "DeleteRelationshipResponse":{ + "type":"structure", + "members":{} + }, + "GetRelationshipRequest":{ + "type":"structure", + "required":[ + "catalog", + "programManagementAccountIdentifier", + "identifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the relationship.
" + }, + "programManagementAccountIdentifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The identifier of the program management account associated with the relationship.
" + }, + "identifier":{ + "shape":"RelationshipIdentifier", + "documentation":"The unique identifier of the relationship to retrieve.
" + } + } + }, + "GetRelationshipResponse":{ + "type":"structure", + "members":{ + "relationshipDetail":{ + "shape":"RelationshipDetail", + "documentation":"Details of the requested relationship.
" + } + } + }, + "HandshakeDetail":{ + "type":"structure", + "members":{ + "startServicePeriodHandshakeDetail":{ + "shape":"StartServicePeriodHandshakeDetail", + "documentation":"Details for a start service period handshake.
" + }, + "revokeServicePeriodHandshakeDetail":{ + "shape":"RevokeServicePeriodHandshakeDetail", + "documentation":"Details for a revoke service period handshake.
" + }, + "programManagementAccountHandshakeDetail":{ + "shape":"ProgramManagementAccountHandshakeDetail", + "documentation":"Details for a program management account handshake.
" + } + }, + "documentation":"Contains detailed information about different types of handshakes.
", + "union":true + }, + "HandshakeStatus":{ + "type":"string", + "enum":[ + "PENDING", + "ACCEPTED", + "REJECTED", + "CANCELED", + "EXPIRED" + ] + }, + "HandshakeStatusList":{ + "type":"list", + "member":{"shape":"HandshakeStatus"} + }, + "HandshakeType":{ + "type":"string", + "enum":[ + "START_SERVICE_PERIOD", + "REVOKE_SERVICE_PERIOD", + "PROGRAM_MANAGEMENT_ACCOUNT" + ] + }, + "InternalServerException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the internal server error.
" + } + }, + "documentation":"An internal server error occurred while processing the request.
", + "exception":true, + "fault":true, + "retryable":{"throttling":false} + }, + "ListChannelHandshakesRequest":{ + "type":"structure", + "required":[ + "handshakeType", + "catalog", + "participantType" + ], + "members":{ + "handshakeType":{ + "shape":"HandshakeType", + "documentation":"Filter results by handshake type.
" + }, + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier to filter handshakes.
" + }, + "participantType":{ + "shape":"ParticipantType", + "documentation":"Filter by participant type (sender or receiver).
" + }, + "maxResults":{ + "shape":"ListChannelHandshakesRequestMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call.
" + }, + "statuses":{ + "shape":"HandshakeStatusList", + "documentation":"Filter results by handshake status.
" + }, + "associatedResourceIdentifiers":{ + "shape":"AssociatedResourceIdentifierList", + "documentation":"Filter by associated resource identifiers.
" + }, + "handshakeTypeFilters":{ + "shape":"ListChannelHandshakesTypeFilters", + "documentation":"Type-specific filters for handshakes.
" + }, + "handshakeTypeSort":{ + "shape":"ListChannelHandshakesTypeSort", + "documentation":"Type-specific sorting options for handshakes.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"Token for retrieving the next page of results.
" + } + } + }, + "ListChannelHandshakesRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListChannelHandshakesResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"ChannelHandshakeSummaries", + "documentation":"List of channel handshakes matching the criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"Token for retrieving the next page of results, if available.
" + } + } + }, + "ListChannelHandshakesTypeFilters":{ + "type":"structure", + "members":{ + "startServicePeriodTypeFilters":{ + "shape":"StartServicePeriodTypeFilters", + "documentation":"Filters specific to start service period handshakes.
" + }, + "revokeServicePeriodTypeFilters":{ + "shape":"RevokeServicePeriodTypeFilters", + "documentation":"Filters specific to revoke service period handshakes.
" + }, + "programManagementAccountTypeFilters":{ + "shape":"ProgramManagementAccountTypeFilters", + "documentation":"Filters specific to program management account handshakes.
" + } + }, + "documentation":"Type-specific filters for listing channel handshakes.
", + "union":true + }, + "ListChannelHandshakesTypeSort":{ + "type":"structure", + "members":{ + "startServicePeriodTypeSort":{ + "shape":"StartServicePeriodTypeSort", + "documentation":"Sorting options specific to start service period handshakes.
" + }, + "revokeServicePeriodTypeSort":{ + "shape":"RevokeServicePeriodTypeSort", + "documentation":"Sorting options specific to revoke service period handshakes.
" + }, + "programManagementAccountTypeSort":{ + "shape":"ProgramManagementAccountTypeSort", + "documentation":"Sorting options specific to program management account handshakes.
" + } + }, + "documentation":"Type-specific sorting options for listing channel handshakes.
", + "union":true + }, + "ListProgramManagementAccountsRequest":{ + "type":"structure", + "required":["catalog"], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier to filter accounts.
" + }, + "maxResults":{ + "shape":"ListProgramManagementAccountsRequestMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call.
" + }, + "displayNames":{ + "shape":"ProgramManagementAccountDisplayNameList", + "documentation":"Filter by display names.
" + }, + "programs":{ + "shape":"ProgramList", + "documentation":"Filter by program types.
" + }, + "accountIds":{ + "shape":"AccountIdList", + "documentation":"Filter by AWS account IDs.
" + }, + "statuses":{ + "shape":"ProgramManagementAccountStatusList", + "documentation":"Filter by program management account statuses.
" + }, + "sort":{ + "shape":"ListProgramManagementAccountsSortBase", + "documentation":"Sorting options for the results.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"Token for retrieving the next page of results.
" + } + } + }, + "ListProgramManagementAccountsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListProgramManagementAccountsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"ProgramManagementAccountSummaries", + "documentation":"List of program management accounts matching the criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"Token for retrieving the next page of results, if available.
" + } + } + }, + "ListProgramManagementAccountsSortBase":{ + "type":"structure", + "required":[ + "sortOrder", + "sortBy" + ], + "members":{ + "sortOrder":{ + "shape":"SortOrder", + "documentation":"The sort order (ascending or descending).
" + }, + "sortBy":{ + "shape":"ListProgramManagementAccountsSortName", + "documentation":"The field to sort by.
" + } + }, + "documentation":"Base sorting configuration for program management accounts.
" + }, + "ListProgramManagementAccountsSortName":{ + "type":"string", + "enum":["UpdatedAt"] + }, + "ListRelationshipsRequest":{ + "type":"structure", + "required":["catalog"], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier to filter relationships.
" + }, + "maxResults":{ + "shape":"ListRelationshipsRequestMaxResultsInteger", + "documentation":"The maximum number of results to return in a single call.
" + }, + "associatedAccountIds":{ + "shape":"AccountIdList", + "documentation":"Filter by associated AWS account IDs.
" + }, + "associationTypes":{ + "shape":"AssociationTypeList", + "documentation":"Filter by association types.
" + }, + "displayNames":{ + "shape":"RelationshipDisplayNameList", + "documentation":"Filter by display names.
" + }, + "programManagementAccountIdentifiers":{ + "shape":"ProgramManagementAccountIdentifierList", + "documentation":"Filter by program management account identifiers.
" + }, + "sort":{ + "shape":"ListRelationshipsSortBase", + "documentation":"Sorting options for the results.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"Token for retrieving the next page of results.
" + } + } + }, + "ListRelationshipsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "ListRelationshipsResponse":{ + "type":"structure", + "members":{ + "items":{ + "shape":"RelationshipSummaries", + "documentation":"List of relationships matching the criteria.
" + }, + "nextToken":{ + "shape":"NextToken", + "documentation":"Token for retrieving the next page of results, if available.
" + } + } + }, + "ListRelationshipsSortBase":{ + "type":"structure", + "required":[ + "sortOrder", + "sortBy" + ], + "members":{ + "sortOrder":{ + "shape":"SortOrder", + "documentation":"The sort order (ascending or descending).
" + }, + "sortBy":{ + "shape":"ListRelationshipsSortName", + "documentation":"The field to sort by.
" + } + }, + "documentation":"Base sorting configuration for relationships.
" + }, + "ListRelationshipsSortName":{ + "type":"string", + "enum":["UpdatedAt"] + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"TaggableArn", + "documentation":"The Amazon Resource Name (ARN) of the resource to list tags for.
" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{ + "shape":"TagList", + "documentation":"Key-value pairs associated with the resource.
" + } + } + }, + "MinimumNoticeDays":{ + "type":"string", + "max":10, + "min":1, + "pattern":"[0-9]*" + }, + "NextToken":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"[^\\x00-\\x1F\\x7F\\x20]*" + }, + "Note":{ + "type":"string", + "max":300, + "min":1, + "pattern":"[^\\x00-\\x1F\\x7F]*" + }, + "ParticipantType":{ + "type":"string", + "enum":[ + "SENDER", + "RECEIVER" + ] + }, + "PartnerLedSupport":{ + "type":"structure", + "required":[ + "coverage", + "tamLocation" + ], + "members":{ + "coverage":{ + "shape":"Coverage", + "documentation":"The coverage level for partner-led support.
" + }, + "provider":{ + "shape":"Provider", + "documentation":"The provider of the partner-led support.
" + }, + "tamLocation":{ + "shape":"String", + "documentation":"The location of the Technical Account Manager (TAM).
" + } + }, + "documentation":"Configuration for partner-led support plans.
" + }, + "PartnerProfileDisplayName":{ + "type":"string", + "max":40, + "min":1, + "pattern":"[\\x00-\\x7E\\xA9\\xAE\\xA2-\\xA5\\u202F]+" + }, + "Program":{ + "type":"string", + "enum":[ + "SOLUTION_PROVIDER", + "DISTRIBUTION", + "DISTRIBUTION_SELLER" + ] + }, + "ProgramList":{ + "type":"list", + "member":{"shape":"Program"} + }, + "ProgramManagementAccountDisplayName":{ + "type":"string", + "max":30, + "min":1, + "pattern":"[^\\x00-\\x1F\\x7F]*" + }, + "ProgramManagementAccountDisplayNameList":{ + "type":"list", + "member":{"shape":"ProgramManagementAccountDisplayName"} + }, + "ProgramManagementAccountHandshakeDetail":{ + "type":"structure", + "members":{ + "program":{ + "shape":"Program", + "documentation":"The program associated with the handshake.
" + } + }, + "documentation":"Details specific to program management account handshakes.
" + }, + "ProgramManagementAccountId":{ + "type":"string", + "max":17, + "min":17, + "pattern":"pma-[a-z0-9]{13}" + }, + "ProgramManagementAccountIdentifier":{ + "type":"string", + "max":1011, + "min":17, + "pattern":"(arn:[a-z-]+:partnercentral:[a-z0-9-]+:[0-9]{12}:catalog/[a-zA-Z]+/program-management-account/)?pma-[a-z0-9]{13}" + }, + "ProgramManagementAccountIdentifierList":{ + "type":"list", + "member":{"shape":"ProgramManagementAccountIdentifier"} + }, + "ProgramManagementAccountStatus":{ + "type":"string", + "enum":[ + "PENDING", + "ACTIVE", + "INACTIVE" + ] + }, + "ProgramManagementAccountStatusList":{ + "type":"list", + "member":{"shape":"ProgramManagementAccountStatus"} + }, + "ProgramManagementAccountSummaries":{ + "type":"list", + "member":{"shape":"ProgramManagementAccountSummary"} + }, + "ProgramManagementAccountSummary":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ProgramManagementAccountId", + "documentation":"The unique identifier of the program management account.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The current revision number of the program management account.
" + }, + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier associated with the account.
" + }, + "program":{ + "shape":"Program", + "documentation":"The program type for the management account.
" + }, + "displayName":{ + "shape":"ProgramManagementAccountDisplayName", + "documentation":"The display name of the program management account.
" + }, + "accountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID associated with the program management account.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the program management account.
" + }, + "createdAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the account was created.
" + }, + "updatedAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the account was last updated.
" + }, + "startDate":{ + "shape":"DateTime", + "documentation":"The start date of the program management account.
" + }, + "status":{ + "shape":"ProgramManagementAccountStatus", + "documentation":"The current status of the program management account.
" + } + }, + "documentation":"Summary information about a program management account.
" + }, + "ProgramManagementAccountTypeFilters":{ + "type":"structure", + "members":{ + "programs":{ + "shape":"ProgramList", + "documentation":"Filter by program types.
" + } + }, + "documentation":"Type-specific filters for program management accounts.
" + }, + "ProgramManagementAccountTypeSort":{ + "type":"structure", + "required":[ + "sortOrder", + "sortBy" + ], + "members":{ + "sortOrder":{ + "shape":"SortOrder", + "documentation":"The sort order (ascending or descending).
" + }, + "sortBy":{ + "shape":"ProgramManagementAccountTypeSortName", + "documentation":"The field to sort by.
" + } + }, + "documentation":"Type-specific sorting options for program management accounts.
" + }, + "ProgramManagementAccountTypeSortName":{ + "type":"string", + "enum":["UpdatedAt"] + }, + "Provider":{ + "type":"string", + "enum":[ + "DISTRIBUTOR", + "DISTRIBUTION_SELLER" + ] + }, + "RejectChannelHandshakeDetail":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ChannelHandshakeId", + "documentation":"The unique identifier of the rejected handshake.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the rejected handshake.
" + }, + "status":{ + "shape":"HandshakeStatus", + "documentation":"The current status of the rejected handshake.
" + } + }, + "documentation":"Contains details about a rejected channel handshake.
" + }, + "RejectChannelHandshakeRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the handshake request.
" + }, + "identifier":{ + "shape":"ChannelHandshakeIdentifier", + "documentation":"The unique identifier of the channel handshake to reject.
" + } + } + }, + "RejectChannelHandshakeResponse":{ + "type":"structure", + "members":{ + "channelHandshakeDetail":{ + "shape":"RejectChannelHandshakeDetail", + "documentation":"Details of the rejected channel handshake.
" + } + } + }, + "RelationshipDetail":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the relationship.
" + }, + "id":{ + "shape":"RelationshipId", + "documentation":"The unique identifier of the relationship.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The current revision number of the relationship.
" + }, + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier associated with the relationship.
" + }, + "associationType":{ + "shape":"AssociationType", + "documentation":"The type of association for the relationship.
" + }, + "programManagementAccountId":{ + "shape":"ProgramManagementAccountId", + "documentation":"The identifier of the program management account.
" + }, + "associatedAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID associated in this relationship.
" + }, + "displayName":{ + "shape":"RelationshipDisplayName", + "documentation":"The display name of the relationship.
" + }, + "resaleAccountModel":{ + "shape":"ResaleAccountModel", + "documentation":"The resale account model for the relationship.
" + }, + "sector":{ + "shape":"Sector", + "documentation":"The business sector for the relationship.
" + }, + "createdAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the relationship was created.
" + }, + "updatedAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the relationship was last updated.
" + }, + "startDate":{ + "shape":"DateTime", + "documentation":"The start date of the relationship.
" + } + }, + "documentation":"Detailed information about a partner relationship.
" + }, + "RelationshipDisplayName":{ + "type":"string", + "max":30, + "min":1, + "pattern":"[^\\x00-\\x1F\\x7F]*" + }, + "RelationshipDisplayNameList":{ + "type":"list", + "member":{"shape":"RelationshipDisplayName"} + }, + "RelationshipId":{ + "type":"string", + "max":16, + "min":16, + "pattern":"rs-[a-z0-9]{13}" + }, + "RelationshipIdentifier":{ + "type":"string", + "max":1011, + "min":16, + "pattern":"(arn:[a-z-]+:partnercentral:[a-z0-9-]+:[0-9]{12}:catalog/[a-zA-Z]+/program-management-account/pma-[a-z0-9]{13}/relationship/)?rs-[a-z0-9]{13}" + }, + "RelationshipSummaries":{ + "type":"list", + "member":{"shape":"RelationshipSummary"} + }, + "RelationshipSummary":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the relationship.
" + }, + "id":{ + "shape":"RelationshipId", + "documentation":"The unique identifier of the relationship.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The current revision number of the relationship.
" + }, + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier associated with the relationship.
" + }, + "associationType":{ + "shape":"AssociationType", + "documentation":"The type of association for the relationship.
" + }, + "programManagementAccountId":{ + "shape":"ProgramManagementAccountId", + "documentation":"The identifier of the program management account.
" + }, + "associatedAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID associated in this relationship.
" + }, + "displayName":{ + "shape":"RelationshipDisplayName", + "documentation":"The display name of the relationship.
" + }, + "sector":{ + "shape":"Sector", + "documentation":"The business sector for the relationship.
" + }, + "createdAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the relationship was created.
" + }, + "updatedAt":{ + "shape":"DateTime", + "documentation":"The timestamp when the relationship was last updated.
" + }, + "startDate":{ + "shape":"DateTime", + "documentation":"The start date of the relationship.
" + } + }, + "documentation":"Summary information about a partner relationship.
" + }, + "ResaleAccountModel":{ + "type":"string", + "enum":[ + "DISTRIBUTOR", + "END_CUSTOMER", + "SOLUTION_PROVIDER" + ] + }, + "ResoldBusiness":{ + "type":"structure", + "required":["coverage"], + "members":{ + "coverage":{ + "shape":"Coverage", + "documentation":"The coverage level for resold business support.
" + } + }, + "documentation":"Configuration for resold business support plans.
" + }, + "ResoldEnterprise":{ + "type":"structure", + "required":[ + "coverage", + "tamLocation" + ], + "members":{ + "coverage":{ + "shape":"Coverage", + "documentation":"The coverage level for resold enterprise support.
" + }, + "tamLocation":{ + "shape":"String", + "documentation":"The location of the Technical Account Manager (TAM).
" + }, + "chargeAccountId":{ + "shape":"AccountId", + "documentation":"The AWS account ID to charge for the support plan.
" + } + }, + "documentation":"Configuration for resold enterprise support plans.
" + }, + "ResourceNotFoundException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the resource not found error.
" + }, + "resourceId":{ + "shape":"String", + "documentation":"The identifier of the resource that was not found.
" + }, + "resourceType":{ + "shape":"String", + "documentation":"The type of the resource that was not found.
" + } + }, + "documentation":"The specified resource was not found.
", + "exception":true + }, + "Revision":{ + "type":"string", + "max":10, + "min":1, + "pattern":"[0-9]*" + }, + "RevokeServicePeriodHandshakeDetail":{ + "type":"structure", + "members":{ + "note":{ + "shape":"Note", + "documentation":"A note explaining the reason for revoking the service period.
" + }, + "servicePeriodType":{ + "shape":"ServicePeriodType", + "documentation":"The type of service period being revoked.
" + }, + "minimumNoticeDays":{ + "shape":"MinimumNoticeDays", + "documentation":"The minimum number of days notice required for revocation.
" + }, + "startDate":{ + "shape":"DateTime", + "documentation":"The start date of the service period being revoked.
" + }, + "endDate":{ + "shape":"DateTime", + "documentation":"The end date of the service period being revoked.
" + } + }, + "documentation":"Details specific to revoke service period handshakes.
" + }, + "RevokeServicePeriodPayload":{ + "type":"structure", + "required":["programManagementAccountIdentifier"], + "members":{ + "programManagementAccountIdentifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The identifier of the program management account.
" + }, + "note":{ + "shape":"Note", + "documentation":"A note explaining the reason for revoking the service period.
" + } + }, + "documentation":"Payload for revoke service period handshake requests.
" + }, + "RevokeServicePeriodTypeFilters":{ + "type":"structure", + "members":{ + "servicePeriodTypes":{ + "shape":"ServicePeriodTypeList", + "documentation":"Filter by service period types.
" + } + }, + "documentation":"Filters specific to revoke service period handshakes.
" + }, + "RevokeServicePeriodTypeSort":{ + "type":"structure", + "required":[ + "sortOrder", + "sortBy" + ], + "members":{ + "sortOrder":{ + "shape":"SortOrder", + "documentation":"The sort order (ascending or descending).
" + }, + "sortBy":{ + "shape":"RevokeServicePeriodTypeSortName", + "documentation":"The field to sort by.
" + } + }, + "documentation":"Sorting options specific to revoke service period handshakes.
" + }, + "RevokeServicePeriodTypeSortName":{ + "type":"string", + "enum":["UpdatedAt"] + }, + "Sector":{ + "type":"string", + "enum":[ + "COMMERCIAL", + "GOVERNMENT", + "GOVERNMENT_EXCEPTION" + ] + }, + "ServicePeriodType":{ + "type":"string", + "enum":[ + "MINIMUM_NOTICE_PERIOD", + "FIXED_COMMITMENT_PERIOD" + ] + }, + "ServicePeriodTypeList":{ + "type":"list", + "member":{"shape":"ServicePeriodType"} + }, + "ServiceQuotaExceededException":{ + "type":"structure", + "required":[ + "message", + "resourceId", + "resourceType", + "quotaCode" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the service quota exceeded error.
" + }, + "resourceId":{ + "shape":"String", + "documentation":"The identifier of the resource that would exceed the quota.
" + }, + "resourceType":{ + "shape":"String", + "documentation":"The type of the resource that would exceed the quota.
" + }, + "quotaCode":{ + "shape":"String", + "documentation":"The code identifying the specific quota that would be exceeded.
" + } + }, + "documentation":"The request would exceed a service quota limit.
", + "exception":true, + "retryable":{"throttling":false} + }, + "SortOrder":{ + "type":"string", + "enum":[ + "Ascending", + "Descending" + ] + }, + "StartServicePeriodHandshakeDetail":{ + "type":"structure", + "members":{ + "note":{ + "shape":"Note", + "documentation":"A note providing additional information about the service period.
" + }, + "servicePeriodType":{ + "shape":"ServicePeriodType", + "documentation":"The type of service period being started.
" + }, + "minimumNoticeDays":{ + "shape":"MinimumNoticeDays", + "documentation":"The minimum number of days notice required for changes.
" + }, + "startDate":{ + "shape":"DateTime", + "documentation":"The start date of the service period.
" + }, + "endDate":{ + "shape":"DateTime", + "documentation":"The end date of the service period.
" + } + }, + "documentation":"Details specific to start service period handshakes.
" + }, + "StartServicePeriodPayload":{ + "type":"structure", + "required":[ + "programManagementAccountIdentifier", + "servicePeriodType" + ], + "members":{ + "programManagementAccountIdentifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The identifier of the program management account.
" + }, + "note":{ + "shape":"Note", + "documentation":"A note providing additional information about the service period.
" + }, + "servicePeriodType":{ + "shape":"ServicePeriodType", + "documentation":"The type of service period being started.
" + }, + "minimumNoticeDays":{ + "shape":"MinimumNoticeDays", + "documentation":"The minimum number of days notice required for changes.
" + }, + "endDate":{ + "shape":"DateTime", + "documentation":"The end date of the service period.
" + } + }, + "documentation":"Payload for start service period handshake requests.
" + }, + "StartServicePeriodTypeFilters":{ + "type":"structure", + "members":{ + "servicePeriodTypes":{ + "shape":"ServicePeriodTypeList", + "documentation":"Filter by service period types.
" + } + }, + "documentation":"Filters specific to start service period handshakes.
" + }, + "StartServicePeriodTypeSort":{ + "type":"structure", + "required":[ + "sortOrder", + "sortBy" + ], + "members":{ + "sortOrder":{ + "shape":"SortOrder", + "documentation":"The sort order (ascending or descending).
" + }, + "sortBy":{ + "shape":"StartServicePeriodTypeSortName", + "documentation":"The field to sort by.
" + } + }, + "documentation":"Sorting options specific to start service period handshakes.
" + }, + "StartServicePeriodTypeSortName":{ + "type":"string", + "enum":["UpdatedAt"] + }, + "String":{"type":"string"}, + "SupportPlan":{ + "type":"structure", + "members":{ + "resoldBusiness":{ + "shape":"ResoldBusiness", + "documentation":"Configuration for resold business support plans.
" + }, + "resoldEnterprise":{ + "shape":"ResoldEnterprise", + "documentation":"Configuration for resold enterprise support plans.
" + }, + "partnerLedSupport":{ + "shape":"PartnerLedSupport", + "documentation":"Configuration for partner-led support plans.
" + } + }, + "documentation":"Configuration for different types of support plans.
", + "union":true + }, + "Tag":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{ + "shape":"TagKey", + "documentation":"The key of the tag.
" + }, + "value":{ + "shape":"TagValue", + "documentation":"The value of the tag.
" + } + }, + "documentation":"A key-value pair that can be associated with a resource.
" + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"} + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"} + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{ + "shape":"TaggableArn", + "documentation":"The Amazon Resource Name (ARN) of the resource to tag.
" + }, + "tags":{ + "shape":"TagList", + "documentation":"Key-value pairs to associate with the resource.
" + } + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)" + }, + "TaggableArn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"arn:[a-z-]+:partnercentral:[a-z0-9-]+:[0-9]{12}:catalog/[a-zA-Z]+/(program-management-account/pma-[a-z0-9]{13}(/relationship/rs-[a-z0-9]{13})?|channel-handshake/ch-[a-z0-9]{13})" + }, + "ThrottlingException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the throttling error.
" + }, + "serviceCode":{ + "shape":"String", + "documentation":"The service code associated with the throttling error.
" + }, + "quotaCode":{ + "shape":"String", + "documentation":"The quota code associated with the throttling error.
" + } + }, + "documentation":"The request was throttled due to too many requests being sent in a short period.
", + "exception":true, + "retryable":{"throttling":true} + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{ + "shape":"TaggableArn", + "documentation":"The Amazon Resource Name (ARN) of the resource to remove tags from.
" + }, + "tagKeys":{ + "shape":"TagKeyList", + "documentation":"The keys of the tags to remove from the resource.
" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, + "UpdateProgramManagementAccountDetail":{ + "type":"structure", + "members":{ + "id":{ + "shape":"ProgramManagementAccountId", + "documentation":"The unique identifier of the updated program management account.
" + }, + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the updated program management account.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The new revision number of the program management account.
" + }, + "displayName":{ + "shape":"ProgramManagementAccountDisplayName", + "documentation":"The updated display name of the program management account.
" + } + }, + "documentation":"Contains details about an updated program management account.
" + }, + "UpdateProgramManagementAccountRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the program management account.
" + }, + "identifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The unique identifier of the program management account to update.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The current revision number of the program management account.
" + }, + "displayName":{ + "shape":"ProgramManagementAccountDisplayName", + "documentation":"The new display name for the program management account.
" + } + } + }, + "UpdateProgramManagementAccountResponse":{ + "type":"structure", + "members":{ + "programManagementAccountDetail":{ + "shape":"UpdateProgramManagementAccountDetail", + "documentation":"Details of the updated program management account.
" + } + } + }, + "UpdateRelationshipDetail":{ + "type":"structure", + "members":{ + "arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the updated relationship.
" + }, + "id":{ + "shape":"RelationshipId", + "documentation":"The unique identifier of the updated relationship.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The new revision number of the relationship.
" + }, + "displayName":{ + "shape":"RelationshipDisplayName", + "documentation":"The updated display name of the relationship.
" + } + }, + "documentation":"Contains details about an updated relationship.
" + }, + "UpdateRelationshipRequest":{ + "type":"structure", + "required":[ + "catalog", + "identifier", + "programManagementAccountIdentifier" + ], + "members":{ + "catalog":{ + "shape":"Catalog", + "documentation":"The catalog identifier for the relationship.
" + }, + "identifier":{ + "shape":"RelationshipIdentifier", + "documentation":"The unique identifier of the relationship to update.
" + }, + "programManagementAccountIdentifier":{ + "shape":"ProgramManagementAccountIdentifier", + "documentation":"The identifier of the program management account associated with the relationship.
" + }, + "revision":{ + "shape":"Revision", + "documentation":"The current revision number of the relationship.
" + }, + "displayName":{ + "shape":"RelationshipDisplayName", + "documentation":"The new display name for the relationship.
" + }, + "requestedSupportPlan":{ + "shape":"SupportPlan", + "documentation":"The updated support plan for the relationship.
" + } + } + }, + "UpdateRelationshipResponse":{ + "type":"structure", + "members":{ + "relationshipDetail":{ + "shape":"UpdateRelationshipDetail", + "documentation":"Details of the updated relationship.
" + } + } + }, + "ValidationException":{ + "type":"structure", + "required":[ + "message", + "reason" + ], + "members":{ + "message":{ + "shape":"String", + "documentation":"A message describing the validation error.
" + }, + "reason":{ + "shape":"ValidationExceptionReason", + "documentation":"The reason for the validation failure.
" + }, + "fieldList":{ + "shape":"ValidationExceptionFieldList", + "documentation":"A list of fields that failed validation.
" + } + }, + "documentation":"The request failed validation due to invalid input parameters.
", + "exception":true + }, + "ValidationExceptionField":{ + "type":"structure", + "required":[ + "name", + "code", + "message" + ], + "members":{ + "name":{ + "shape":"String", + "documentation":"The name of the field that failed validation.
" + }, + "code":{ + "shape":"String", + "documentation":"The validation error code for the field.
" + }, + "message":{ + "shape":"String", + "documentation":"A descriptive message about the validation error.
" + } + }, + "documentation":"Information about a field that failed validation.
" + }, + "ValidationExceptionFieldList":{ + "type":"list", + "member":{"shape":"ValidationExceptionField"} + }, + "ValidationExceptionReason":{ + "type":"string", + "enum":[ + "REQUEST_VALIDATION_FAILED", + "BUSINESS_VALIDATION_FAILED" + ] + } + }, + "documentation":"AWS Partner Central Channel service for managing partner relationships, handshakes, and program management accounts.
" +} diff --git a/awscli/botocore/data/partnercentral-channel/2024-03-18/waiters-2.json b/awscli/botocore/data/partnercentral-channel/2024-03-18/waiters-2.json new file mode 100644 index 000000000000..13f60ee66be6 --- /dev/null +++ b/awscli/botocore/data/partnercentral-channel/2024-03-18/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff --git a/awscli/botocore/data/pcs/2023-02-10/service-2.json b/awscli/botocore/data/pcs/2023-02-10/service-2.json index fc4bbe26f40a..4d8976cb1fe7 100644 --- a/awscli/botocore/data/pcs/2023-02-10/service-2.json +++ b/awscli/botocore/data/pcs/2023-02-10/service-2.json @@ -280,6 +280,7 @@ "requestUri":"/" }, "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, "errors":[ {"shape":"ServiceQuotaExceededException"}, {"shape":"ResourceNotFoundException"} @@ -294,6 +295,7 @@ "requestUri":"/" }, "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, "errors":[ {"shape":"ResourceNotFoundException"} ], @@ -523,9 +525,17 @@ "shape":"SlurmAuthKey", "documentation":"The shared Slurm key for authentication, also known as the cluster secret.
" }, + "jwtAuth":{ + "shape":"JwtAuth", + "documentation":"The JWT authentication configuration for Slurm REST API access.
" + }, "accounting":{ "shape":"Accounting", "documentation":"The accounting configuration includes configurable settings for Slurm accounting.
" + }, + "slurmRest":{ + "shape":"SlurmRest", + "documentation":"The Slurm REST API configuration for the cluster.
" } }, "documentation":"Additional options related to the Slurm scheduler.
" @@ -544,6 +554,10 @@ "accounting":{ "shape":"AccountingRequest", "documentation":"The accounting configuration includes configurable settings for Slurm accounting.
" + }, + "slurmRest":{ + "shape":"SlurmRestRequest", + "documentation":"The Slurm REST API configuration for the cluster.
" } }, "documentation":"Additional options related to the Slurm scheduler.
" @@ -551,11 +565,13 @@ "ClusterSlurmConfigurationRequestScaleDownIdleTimeInSecondsInteger":{ "type":"integer", "box":true, + "max":10000000, "min":1 }, "ClusterSlurmConfigurationScaleDownIdleTimeInSecondsInteger":{ "type":"integer", "box":true, + "max":10000000, "min":1 }, "ClusterStatus":{ @@ -1093,7 +1109,8 @@ "type":"string", "enum":[ "SLURMCTLD", - "SLURMDBD" + "SLURMDBD", + "SLURMRESTD" ] }, "Endpoints":{ @@ -1216,6 +1233,34 @@ "fault":true, "retryable":{"throttling":false} }, + "JwtAuth":{ + "type":"structure", + "members":{ + "jwtKey":{ + "shape":"JwtKey", + "documentation":"The JWT key for Slurm REST API authentication.
" + } + }, + "documentation":"The JWT authentication configuration for Slurm REST API access.
" + }, + "JwtKey":{ + "type":"structure", + "required":[ + "secretArn", + "secretVersion" + ], + "members":{ + "secretArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the AWS Secrets Manager secret containing the JWT key.
" + }, + "secretVersion":{ + "shape":"String", + "documentation":"The version of the AWS Secrets Manager secret containing the JWT key.
" + } + }, + "documentation":"The JWT key stored in AWS Secrets Manager for Slurm REST API authentication.
" + }, "ListClustersRequest":{ "type":"structure", "members":{ @@ -1791,6 +1836,35 @@ "type":"list", "member":{"shape":"SlurmCustomSetting"} }, + "SlurmRest":{ + "type":"structure", + "required":["mode"], + "members":{ + "mode":{ + "shape":"SlurmRestMode", + "documentation":"The default value for mode is STANDARD. A value of STANDARD means the Slurm REST API is enabled.
The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API. It's a property of the ClusterSlurmConfiguration object.
" + }, + "SlurmRestMode":{ + "type":"string", + "enum":[ + "STANDARD", + "NONE" + ] + }, + "SlurmRestRequest":{ + "type":"structure", + "required":["mode"], + "members":{ + "mode":{ + "shape":"SlurmRestMode", + "documentation":"The default value for mode is STANDARD. A value of STANDARD means the Slurm REST API is enabled.
The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API. It's a property of the ClusterSlurmConfiguration object.
" + }, "SpotAllocationStrategy":{ "type":"string", "enum":[ @@ -1855,6 +1929,10 @@ } } }, + "TagResourceResponse":{ + "type":"structure", + "members":{} + }, "TagValue":{ "type":"string", "max":256, @@ -1891,6 +1969,10 @@ } } }, + "UntagResourceResponse":{ + "type":"structure", + "members":{} + }, "UpdateAccountingRequest":{ "type":"structure", "members":{ @@ -1950,6 +2032,10 @@ "accounting":{ "shape":"UpdateAccountingRequest", "documentation":"The accounting configuration includes configurable settings for Slurm accounting.
" + }, + "slurmRest":{ + "shape":"UpdateSlurmRestRequest", + "documentation":"The Slurm REST API configuration for the cluster.
" } }, "documentation":"Additional options related to the Slurm scheduler.
" @@ -1957,6 +2043,7 @@ "UpdateClusterSlurmConfigurationRequestScaleDownIdleTimeInSecondsInteger":{ "type":"integer", "box":true, + "max":10000000, "min":1 }, "UpdateComputeNodeGroupRequest":{ @@ -2069,6 +2156,16 @@ }, "documentation":"Additional options related to the Slurm scheduler.
" }, + "UpdateSlurmRestRequest":{ + "type":"structure", + "members":{ + "mode":{ + "shape":"SlurmRestMode", + "documentation":"The default value for mode is STANDARD. A value of STANDARD means the Slurm REST API is enabled.
The Slurm REST API configuration includes settings for enabling and configuring the Slurm REST API.
" + }, "ValidationException":{ "type":"structure", "required":[ diff --git a/awscli/botocore/data/qconnect/2020-10-19/service-2.json b/awscli/botocore/data/qconnect/2020-10-19/service-2.json index 321e66ace124..140c98af2711 100644 --- a/awscli/botocore/data/qconnect/2020-10-19/service-2.json +++ b/awscli/botocore/data/qconnect/2020-10-19/service-2.json @@ -673,7 +673,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Gets an Amazon Q in Connect AI Agent.
" + "documentation":"Gets an Amazon Q in Connect AI Agent.
", + "readonly":true }, "GetAIGuardrail":{ "name":"GetAIGuardrail", @@ -691,7 +692,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Gets the Amazon Q in Connect AI Guardrail.
" + "documentation":"Gets the Amazon Q in Connect AI Guardrail.
", + "readonly":true }, "GetAIPrompt":{ "name":"GetAIPrompt", @@ -709,7 +711,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Gets and Amazon Q in Connect AI Prompt.
" + "documentation":"Gets and Amazon Q in Connect AI Prompt.
", + "readonly":true }, "GetAssistant":{ "name":"GetAssistant", @@ -726,7 +729,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves information about an assistant.
" + "documentation":"Retrieves information about an assistant.
", + "readonly":true }, "GetAssistantAssociation":{ "name":"GetAssistantAssociation", @@ -743,7 +747,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves information about an assistant association.
" + "documentation":"Retrieves information about an assistant association.
", + "readonly":true }, "GetContent":{ "name":"GetContent", @@ -760,7 +765,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves content, including a pre-signed URL to download the content.
" + "documentation":"Retrieves content, including a pre-signed URL to download the content.
", + "readonly":true }, "GetContentAssociation":{ "name":"GetContentAssociation", @@ -777,7 +783,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Returns the content association.
For more information about content associations--what they are and when they are used--see Integrate Amazon Q in Connect with step-by-step guides in the Amazon Connect Administrator Guide.
" + "documentation":"Returns the content association.
For more information about content associations--what they are and when they are used--see Integrate Amazon Q in Connect with step-by-step guides in the Amazon Connect Administrator Guide.
", + "readonly":true }, "GetContentSummary":{ "name":"GetContentSummary", @@ -794,7 +801,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves summary information about the content.
" + "documentation":"Retrieves summary information about the content.
", + "readonly":true }, "GetImportJob":{ "name":"GetImportJob", @@ -810,7 +818,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the started import job.
" + "documentation":"Retrieves the started import job.
", + "readonly":true }, "GetKnowledgeBase":{ "name":"GetKnowledgeBase", @@ -827,7 +836,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves information about the knowledge base.
" + "documentation":"Retrieves information about the knowledge base.
", + "readonly":true }, "GetMessageTemplate":{ "name":"GetMessageTemplate", @@ -845,7 +855,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Retrieves the Amazon Q in Connect message template. The message template identifier can contain an optional qualifier, for example, <message-template-id>:<qualifier>, which is either an actual version number or an Amazon Q Connect managed qualifier $ACTIVE_VERSION | $LATEST. If it is not supplied, then $LATEST is assumed implicitly.
Retrieves the Amazon Q in Connect message template. The message template identifier can contain an optional qualifier, for example, <message-template-id>:<qualifier>, which is either an actual version number or an Amazon Q Connect managed qualifier $ACTIVE_VERSION | $LATEST. If it is not supplied, then $LATEST is assumed implicitly.
Retrieves next message on an Amazon Q in Connect session.
" + "documentation":"Retrieves next message on an Amazon Q in Connect session.
", + "readonly":true }, "GetQuickResponse":{ "name":"GetQuickResponse", @@ -878,7 +890,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Retrieves the quick response.
" + "documentation":"Retrieves the quick response.
", + "readonly":true }, "GetRecommendations":{ "name":"GetRecommendations", @@ -896,7 +909,8 @@ ], "documentation":"This API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024, you will need to create a new Assistant in the Amazon Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.
Retrieves recommendations for the specified session. To avoid retrieving the same recommendations in subsequent calls, use NotifyRecommendationsReceived. This API supports long-polling behavior with the waitTimeSeconds parameter. Short poll is the default behavior and only returns recommendations already available. To perform a manual query against an assistant, use QueryAssistant.
Retrieves information for a specified session.
" + "documentation":"Retrieves information for a specified session.
", + "readonly":true }, "ListAIAgentVersions":{ "name":"ListAIAgentVersions", @@ -931,7 +946,8 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"List AI Agent versions.
" + "documentation":"List AI Agent versions.
", + "readonly":true }, "ListAIAgents":{ "name":"ListAIAgents", @@ -949,7 +965,8 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists AI Agents.
" + "documentation":"Lists AI Agents.
", + "readonly":true }, "ListAIGuardrailVersions":{ "name":"ListAIGuardrailVersions", @@ -967,7 +984,8 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists AI Guardrail versions.
" + "documentation":"Lists AI Guardrail versions.
", + "readonly":true }, "ListAIGuardrails":{ "name":"ListAIGuardrails", @@ -985,7 +1003,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists the AI Guardrails available on the Amazon Q in Connect assistant.
" + "documentation":"Lists the AI Guardrails available on the Amazon Q in Connect assistant.
", + "readonly":true }, "ListAIPromptVersions":{ "name":"ListAIPromptVersions", @@ -1003,7 +1022,8 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists AI Prompt versions.
" + "documentation":"Lists AI Prompt versions.
", + "readonly":true }, "ListAIPrompts":{ "name":"ListAIPrompts", @@ -1021,7 +1041,8 @@ {"shape":"ThrottlingException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists the AI Prompts available on the Amazon Q in Connect assistant.
" + "documentation":"Lists the AI Prompts available on the Amazon Q in Connect assistant.
", + "readonly":true }, "ListAssistantAssociations":{ "name":"ListAssistantAssociations", @@ -1037,7 +1058,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists information about assistant associations.
" + "documentation":"Lists information about assistant associations.
", + "readonly":true }, "ListAssistants":{ "name":"ListAssistants", @@ -1053,7 +1075,8 @@ {"shape":"UnauthorizedException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Lists information about assistants.
" + "documentation":"Lists information about assistants.
", + "readonly":true }, "ListContentAssociations":{ "name":"ListContentAssociations", @@ -1070,7 +1093,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists the content associations.
For more information about content associations--what they are and when they are used--see Integrate Amazon Q in Connect with step-by-step guides in the Amazon Connect Administrator Guide.
" + "documentation":"Lists the content associations.
For more information about content associations--what they are and when they are used--see Integrate Amazon Q in Connect with step-by-step guides in the Amazon Connect Administrator Guide.
", + "readonly":true }, "ListContents":{ "name":"ListContents", @@ -1086,7 +1110,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists the content.
" + "documentation":"Lists the content.
", + "readonly":true }, "ListImportJobs":{ "name":"ListImportJobs", @@ -1101,7 +1126,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Lists information about import jobs.
" + "documentation":"Lists information about import jobs.
", + "readonly":true }, "ListKnowledgeBases":{ "name":"ListKnowledgeBases", @@ -1116,7 +1142,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Lists the knowledge bases.
" + "documentation":"Lists the knowledge bases.
", + "readonly":true }, "ListMessageTemplateVersions":{ "name":"ListMessageTemplateVersions", @@ -1133,7 +1160,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists all the available versions for the specified Amazon Q in Connect message template.
" + "documentation":"Lists all the available versions for the specified Amazon Q in Connect message template.
", + "readonly":true }, "ListMessageTemplates":{ "name":"ListMessageTemplates", @@ -1150,7 +1178,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Lists all the available Amazon Q in Connect message templates for the specified knowledge base.
" + "documentation":"Lists all the available Amazon Q in Connect message templates for the specified knowledge base.
", + "readonly":true }, "ListMessages":{ "name":"ListMessages", @@ -1166,7 +1195,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists messages on an Amazon Q in Connect session.
" + "documentation":"Lists messages on an Amazon Q in Connect session.
", + "readonly":true }, "ListQuickResponses":{ "name":"ListQuickResponses", @@ -1182,7 +1212,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists information about quick response.
" + "documentation":"Lists information about quick response.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -1196,7 +1227,8 @@ "errors":[ {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists the tags for the specified resource.
" + "documentation":"Lists the tags for the specified resource.
", + "readonly":true }, "NotifyRecommendationsReceived":{ "name":"NotifyRecommendationsReceived", @@ -1249,7 +1281,8 @@ ], "documentation":"This API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024, you will need to create a new Assistant in the Amazon Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.
Performs a manual search against the specified assistant. To retrieve recommendations for an assistant, use GetRecommendations.
", "deprecated":true, - "deprecatedMessage":"QueryAssistant API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024 you will need to create a new Assistant in the Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications." + "deprecatedMessage":"QueryAssistant API will be discontinued starting June 1, 2024. To receive generative responses after March 1, 2024 you will need to create a new Assistant in the Connect console and integrate the Amazon Q in Connect JavaScript library (amazon-q-connectjs) into your applications.", + "readonly":true }, "RemoveAssistantAIAgent":{ "name":"RemoveAssistantAIAgent", @@ -1317,7 +1350,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Searches for content in a specified knowledge base. Can be used to get a specific content resource by its name.
" + "documentation":"Searches for content in a specified knowledge base. Can be used to get a specific content resource by its name.
", + "readonly":true }, "SearchMessageTemplates":{ "name":"SearchMessageTemplates", @@ -1335,7 +1369,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Searches for Amazon Q in Connect message templates in the specified knowledge base.
" + "documentation":"Searches for Amazon Q in Connect message templates in the specified knowledge base.
", + "readonly":true }, "SearchQuickResponses":{ "name":"SearchQuickResponses", @@ -1353,7 +1388,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Searches existing Amazon Q in Connect quick responses in an Amazon Q in Connect knowledge base.
" + "documentation":"Searches existing Amazon Q in Connect quick responses in an Amazon Q in Connect knowledge base.
", + "readonly":true }, "SearchSessions":{ "name":"SearchSessions", @@ -1370,7 +1406,8 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Searches for sessions.
" + "documentation":"Searches for sessions.
", + "readonly":true }, "SendMessage":{ "name":"SendMessage", @@ -2832,7 +2869,9 @@ "type":"string", "enum":[ "EMAIL", - "SMS" + "SMS", + "WHATSAPP", + "PUSH" ] }, "Channels":{ @@ -3963,8 +4002,6 @@ "type":"structure", "required":[ "knowledgeBaseId", - "name", - "content", "channelSubtype" ], "members":{ @@ -3994,6 +4031,10 @@ "shape":"LanguageCode", "documentation":"The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW
The source configuration of the message template. Only set this argument for WHATSAPP channel subtype.
" + }, "defaultAttributes":{ "shape":"MessageTemplateAttributes", "documentation":"An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.
" @@ -5165,7 +5206,6 @@ "createdTime", "lastModifiedTime", "lastModifiedBy", - "content", "messageTemplateContentSha256" ], "members":{ @@ -5189,6 +5229,10 @@ "shape":"Name", "documentation":"The name of the message template.
" }, + "channel":{ + "shape":"Channel", + "documentation":"The channel of the message template.
" + }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"The channel subtype this message template applies to.
" @@ -5217,6 +5261,10 @@ "shape":"LanguageCode", "documentation":"The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW
The source configuration summary of the message template.
" + }, "groupingConfiguration":{"shape":"GroupingConfiguration"}, "defaultAttributes":{ "shape":"MessageTemplateAttributes", @@ -7629,7 +7677,12 @@ "sms":{ "shape":"SMSMessageTemplateContent", "documentation":"The content of the message template that applies to the SMS channel subtype.
" - } + }, + "whatsApp":{ + "shape":"WhatsAppMessageTemplateContent", + "documentation":"The content of the message template that applies to the WHATSAPP channel subtype.
" + }, + "push":{"shape":"PushMessageTemplateContent"} }, "documentation":"The container of message template content.
", "union":true @@ -7652,7 +7705,6 @@ "createdTime", "lastModifiedTime", "lastModifiedBy", - "content", "messageTemplateContentSha256" ], "members":{ @@ -7676,6 +7728,10 @@ "shape":"Name", "documentation":"The name of the message template.
" }, + "channel":{ + "shape":"Channel", + "documentation":"The channel of the message template.
" + }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"The channel subtype this message template applies to.
" @@ -7704,6 +7760,10 @@ "shape":"LanguageCode", "documentation":"The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW
The source configuration summary of the message template.
" + }, "groupingConfiguration":{"shape":"GroupingConfiguration"}, "defaultAttributes":{ "shape":"MessageTemplateAttributes", @@ -7896,6 +7956,10 @@ "shape":"Name", "documentation":"The name of the message template.
" }, + "channel":{ + "shape":"Channel", + "documentation":"The channel of the message template.
" + }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"The channel subtype this message template applies to.
" @@ -7924,6 +7988,10 @@ "shape":"Description", "documentation":"The description of the message template.
" }, + "sourceConfigurationSummary":{ + "shape":"MessageTemplateSourceConfigurationSummary", + "documentation":"The source configuration summary of the message template.
" + }, "groupingConfiguration":{"shape":"GroupingConfiguration"}, "language":{ "shape":"LanguageCode", @@ -7940,6 +8008,28 @@ "type":"list", "member":{"shape":"MessageTemplateSearchResultData"} }, + "MessageTemplateSourceConfiguration":{ + "type":"structure", + "members":{ + "whatsApp":{ + "shape":"WhatsAppMessageTemplateSourceConfiguration", + "documentation":"The sourceConfiguration of the message template that applies to the WHATSAPP channel subtype.
" + } + }, + "documentation":"The container of message template source configuration.
", + "union":true + }, + "MessageTemplateSourceConfigurationSummary":{ + "type":"structure", + "members":{ + "whatsApp":{ + "shape":"WhatsAppMessageTemplateSourceConfigurationSummary", + "documentation":"The sourceConfiguration summary of the message template that applies to the WHATSAPP channel subtype.
" + } + }, + "documentation":"The container of message template source configuration summary.
", + "union":true + }, "MessageTemplateSummary":{ "type":"structure", "required":[ @@ -7974,6 +8064,10 @@ "shape":"Name", "documentation":"The name of the message template.
" }, + "channel":{ + "shape":"Channel", + "documentation":"The channel this message template applies to.
" + }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"The channel subtype this message template applies to.
" @@ -7990,6 +8084,7 @@ "shape":"GenericArn", "documentation":"The Amazon Resource Name (ARN) of the user who last updated the message template data.
" }, + "sourceConfiguration":{"shape":"MessageTemplateSourceConfiguration"}, "activeVersionNumber":{ "shape":"Version", "documentation":"The version number of the message template version that is activated.
" @@ -8042,6 +8137,10 @@ "shape":"Name", "documentation":"The name of the message template.
" }, + "channel":{ + "shape":"Channel", + "documentation":"The channel of the message template.
" + }, "channelSubtype":{ "shape":"ChannelSubtype", "documentation":"The channel subtype this message template applies to.
" @@ -8252,6 +8351,196 @@ "LOW" ] }, + "PushADMMessageTemplateContent":{ + "type":"structure", + "members":{ + "title":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The title to use in a push notification that's based on the message template. This title appears above the notification message on a recipient's device.
" + }, + "body":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The message body to use in a push notification that is based on the message template.
" + }, + "action":{ + "shape":"PushMessageAction", + "documentation":"The action to occur if a recipient taps a push notification that is based on the message template. Valid values are:
OPEN_APP - Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.
DEEP_LINK - Your app opens and displays a designated user interface in the app. This action uses the deep-linking features of the Android platform.
URL - The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.
The sound to play when a recipient receives a push notification that's based on the message template. You can use the default stream or specify the file name of a sound resource that's bundled in your app. On an Android platform, the sound file must reside in /res/raw/.
The URL to open in a recipient's default mobile browser, if a recipient taps a push notification that's based on the message template and the value of the action property is URL.
The URL of an image to display in a push notification that's based on the message template.
" + }, + "imageIconUrl":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The URL of the large icon image to display in the content view of a push notification that's based on the message template.
" + }, + "smallImageIconUrl":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The URL of the small icon image to display in the status bar and the content view of a push notification that's based on the message template.
" + }, + "rawContent":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The URL of the small icon image to display in the status bar and the content view of a push notification that's based on the message template.
" + } + }, + "documentation":"The content of the push message template that applies to ADM (Amazon Device Messaging) notification service.
" + }, + "PushAPNSMessageTemplateContent":{ + "type":"structure", + "members":{ + "title":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The title to use in a push notification that's based on the message template. This title appears above the notification message on a recipient's device.
" + }, + "body":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The message body to use in a push notification that is based on the message template.
" + }, + "action":{ + "shape":"PushMessageAction", + "documentation":"The action to occur if a recipient taps a push notification that is based on the message template. Valid values are:
OPEN_APP - Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.
DEEP_LINK - Your app opens and displays a designated user interface in the app. This action uses the deep-linking features of the iOS platform.
URL - The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.
The key for the sound to play when the recipient receives a push notification that's based on the message template. The value for this key is the name of a sound file in your app's main bundle or the Library/Sounds folder in your app's data container. If the sound file can't be found or you specify default for the value, the system plays the default alert sound.
The URL to open in a recipient's default mobile browser, if a recipient taps a push notification that's based on the message template and the value of the action property is URL.
The URL of an image or video to display in push notifications that are based on the message template.
" + }, + "rawContent":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The raw, JSON-formatted string to use as the payload for a push notification that's based on the message template. If specified, this value overrides all other content for the message template.
" + } + }, + "documentation":"The content of the push message template that applies to APNS (Apple Push Notification service) notification service.
" + }, + "PushBaiduMessageTemplateContent":{ + "type":"structure", + "members":{ + "title":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The title to use in a push notification that's based on the message template. This title appears above the notification message on a recipient's device.
" + }, + "body":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The message body to use in a push notification that is based on the message template.
" + }, + "action":{ + "shape":"PushMessageAction", + "documentation":"The action to occur if a recipient taps a push notification that is based on the message template. Valid values are:
OPEN_APP - Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.
DEEP_LINK - Your app opens and displays a designated user interface in the app. This action uses the deep-linking features of the Android platform.
URL - The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.
The sound to play when a recipient receives a push notification that's based on the message template. You can use the default stream or specify the file name of a sound resource that's bundled in your app. On an Android platform, the sound file must reside in /res/raw/.
The URL to open in a recipient's default mobile browser, if a recipient taps a push notification that's based on the message template and the value of the action property is URL.
The URL of an image to display in a push notification that's based on the message template.
" + }, + "imageIconUrl":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The URL of the large icon image to display in the content view of a push notification that's based on the message template.
" + }, + "smallImageIconUrl":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The URL of the small icon image to display in the status bar and the content view of a push notification that's based on the message template.
" + }, + "rawContent":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The URL of the small icon image to display in the status bar and the content view of a push notification that's based on the message template.
" + } + }, + "documentation":"The content of the push message template that applies to Baidu notification service.
" + }, + "PushFCMMessageTemplateContent":{ + "type":"structure", + "members":{ + "title":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The title to use in a push notification that's based on the message template. This title appears above the notification message on a recipient's device.
" + }, + "body":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The message body to use in a push notification that is based on the message template.
" + }, + "action":{ + "shape":"PushMessageAction", + "documentation":"The action to occur if a recipient taps a push notification that is based on the message template. Valid values are:
OPEN_APP - Your app opens or it becomes the foreground app if it was sent to the background. This is the default action.
DEEP_LINK - Your app opens and displays a designated user interface in the app. This action uses the deep-linking features of the Android platform.
URL - The default mobile browser on the recipient's device opens and loads the web page at a URL that you specify.
The sound to play when a recipient receives a push notification that's based on the message template. You can use the default stream or specify the file name of a sound resource that's bundled in your app. On an Android platform, the sound file must reside in /res/raw/.
The URL to open in a recipient's default mobile browser, if a recipient taps a push notification that's based on the message template and the value of the action property is URL.
The URL of an image to display in a push notification that's based on the message template.
" + }, + "imageIconUrl":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The URL of the large icon image to display in the content view of a push notification that's based on the message template.
" + }, + "smallImageIconUrl":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The URL of the small icon image to display in the status bar and the content view of a push notification that's based on the message template.
" + }, + "rawContent":{ + "shape":"MessageTemplateBodyContentProvider", + "documentation":"The URL of the small icon image to display in the status bar and the content view of a push notification that's based on the message template.
" + } + }, + "documentation":"The content of the push message template that applies to FCM (Firebase Cloud Messaging) notification service.
" + }, + "PushMessageAction":{ + "type":"string", + "enum":[ + "OPEN_APP", + "DEEP_LINK", + "URL" + ] + }, + "PushMessageTemplateContent":{ + "type":"structure", + "members":{ + "adm":{ + "shape":"PushADMMessageTemplateContent", + "documentation":"The content of the message template that applies to ADM (Amazon Device Messaging) notification service.
" + }, + "apns":{ + "shape":"PushAPNSMessageTemplateContent", + "documentation":"The content of the message template that applies to APNS(Apple Push Notification service) notification service.
" + }, + "fcm":{ + "shape":"PushFCMMessageTemplateContent", + "documentation":"The content of the message template that applies to FCM (Firebase Cloud Messaging) notification service.
" + }, + "baidu":{ + "shape":"PushBaiduMessageTemplateContent", + "documentation":"The content of the message template that applies to Baidu notification service.
" + } + }, + "documentation":"The content of the message template that applies to the push channel subtype.
" + }, "PutFeedbackRequest":{ "type":"structure", "required":[ @@ -9180,12 +9469,15 @@ }, "RenderMessageTemplateResponse":{ "type":"structure", - "required":["content"], "members":{ "content":{ "shape":"MessageTemplateContentProvider", "documentation":"The content of the message template.
" }, + "sourceConfigurationSummary":{ + "shape":"MessageTemplateSourceConfigurationSummary", + "documentation":"The source configuration of the message template.
" + }, "attributesNotInterpolated":{ "shape":"MessageTemplateAttributeKeyList", "documentation":"The attribute keys that are not resolved.
" @@ -10561,6 +10853,10 @@ "shape":"LanguageCode", "documentation":"The language code value for the language in which the quick response is written. The supported language codes include de_DE, en_US, es_ES, fr_FR, id_ID, it_IT, ja_JP, ko_KR, pt_BR, zh_CN, zh_TW
The source configuration of the message template. Only set this argument for WHATSAPP channel subtype.
" + }, "defaultAttributes":{ "shape":"MessageTemplateAttributes", "documentation":"An object that specifies the default values to use for variables in the message template. This object contains different categories of key-value pairs. Each key defines a variable or placeholder in the message template. The corresponding value defines the default value for that variable.
" @@ -10901,6 +11197,121 @@ "WebUrl":{ "type":"string", "pattern":"https?://[A-Za-z0-9][^\\s]*" + }, + "WhatsAppBusinessAccountId":{ + "type":"string", + "max":100, + "min":1, + "pattern":".*(^waba-[0-9a-zA-Z]+$)|(^arn:.*:waba/[0-9a-zA-Z]+$).*" + }, + "WhatsAppMessageTemplateComponent":{ + "type":"string", + "documentation":"The component mapping from WhatsApp template parameters to Message Template attributes.
", + "max":5000, + "min":1 + }, + "WhatsAppMessageTemplateComponents":{ + "type":"list", + "member":{"shape":"WhatsAppMessageTemplateComponent"} + }, + "WhatsAppMessageTemplateContent":{ + "type":"structure", + "members":{ + "data":{ + "shape":"WhatsAppMessageTemplateContentData", + "documentation":"The data.
" + } + }, + "documentation":"The content of the message template that applies to the WHATSAPP channel subtype.
" + }, + "WhatsAppMessageTemplateContentData":{ + "type":"string", + "max":6000, + "min":1 + }, + "WhatsAppMessageTemplateId":{ + "type":"string", + "max":100, + "min":1, + "pattern":"[0-9]+" + }, + "WhatsAppMessageTemplateLanguage":{ + "type":"string", + "max":5, + "min":1 + }, + "WhatsAppMessageTemplateName":{ + "type":"string", + "max":512, + "min":1 + }, + "WhatsAppMessageTemplateSourceConfiguration":{ + "type":"structure", + "required":[ + "businessAccountId", + "templateId" + ], + "members":{ + "businessAccountId":{ + "shape":"WhatsAppBusinessAccountId", + "documentation":"The ID of the End User Messaging WhatsApp Business Account to associate with this template.
" + }, + "templateId":{ + "shape":"WhatsAppMessageTemplateId", + "documentation":"The WhatsApp template ID.
" + }, + "components":{ + "shape":"WhatsAppMessageTemplateComponents", + "documentation":"The list of component mapping from WhatsApp template parameters to Message Template attributes.
" + } + }, + "documentation":"Configuration information about the external data source.
" + }, + "WhatsAppMessageTemplateSourceConfigurationSummary":{ + "type":"structure", + "required":[ + "businessAccountId", + "templateId" + ], + "members":{ + "businessAccountId":{ + "shape":"WhatsAppBusinessAccountId", + "documentation":"The ID of the End User Messaging WhatsApp Business Account to associate with this template.
" + }, + "templateId":{ + "shape":"WhatsAppMessageTemplateId", + "documentation":"The ID of WhatsApp template.
" + }, + "name":{ + "shape":"WhatsAppMessageTemplateName", + "documentation":"The name of the WhatsApp template.
" + }, + "language":{ + "shape":"WhatsAppMessageTemplateLanguage", + "documentation":"The language of the WhatsApp template.
" + }, + "components":{ + "shape":"WhatsAppMessageTemplateComponents", + "documentation":"The list of component mapping from WhatsApp template parameters to Message Template attributes.
" + }, + "status":{ + "shape":"WhatsAppSourceConfigurationStatus", + "documentation":"The status of the message template.
" + }, + "statusReason":{ + "shape":"NonEmptyUnlimitedString", + "documentation":"The status reason of the message template.
" + } + }, + "documentation":"Configuration information about the external data source.
" + }, + "WhatsAppSourceConfigurationStatus":{ + "type":"string", + "enum":[ + "VALID", + "INVALID", + "REJECTED" + ] } }, "documentation":"Powered by Amazon Bedrock: Amazon Web Services implements automated abuse detection. Because Amazon Q in Connect is built on Amazon Bedrock, users can take full advantage of the controls implemented in Amazon Bedrock to enforce safety, security, and the responsible use of artificial intelligence (AI).
Amazon Q in Connect is a generative AI customer service assistant. It is an LLM-enhanced evolution of Amazon Connect Wisdom that delivers real-time recommendations to help contact center agents resolve customer issues quickly and accurately.
Amazon Q in Connect automatically detects customer intent during calls and chats using conversational analytics and natural language understanding (NLU). It then provides agents with immediate, real-time generative responses and suggested actions, and links to relevant documents and articles. Agents can also query Amazon Q in Connect directly using natural language or keywords to answer customer requests.
Use the Amazon Q in Connect APIs to create an assistant and a knowledge base, for example, or manage content by uploading custom files.
For more information, see Use Amazon Q in Connect for generative AI powered agent assistance in real-time in the Amazon Connect Administrator Guide.
" diff --git a/awscli/botocore/data/quicksight/2018-04-01/service-2.json b/awscli/botocore/data/quicksight/2018-04-01/service-2.json index 3b41a06b5e60..9a53f1526c62 100644 --- a/awscli/botocore/data/quicksight/2018-04-01/service-2.json +++ b/awscli/botocore/data/quicksight/2018-04-01/service-2.json @@ -7786,13 +7786,25 @@ }, "Boolean":{"type":"boolean"}, "BooleanObject":{"type":"boolean"}, + "BorderRadius":{ + "type":"string", + "max":50 + }, "BorderStyle":{ "type":"structure", "members":{ + "Color":{ + "shape":"Color", + "documentation":"The option to add color for tile borders for visuals.
" + }, "Show":{ "shape":"Boolean", "documentation":"The option to enable display of borders for visuals.
", "box":true + }, + "Width":{ + "shape":"Width", + "documentation":"The option to set the width of tile borders for visuals.
" } }, "documentation":"The display options for tile borders for visuals.
" @@ -8863,6 +8875,10 @@ "member":{"shape":"CollectiveConstantEntry"}, "max":2000 }, + "Color":{ + "type":"string", + "documentation":"String to encapsulate the most generic way Color can be formatted (words, hexStrings etc)" + }, "ColorFillType":{ "type":"string", "enum":[ @@ -20816,6 +20832,14 @@ "LoadingAnimation":{ "shape":"LoadingAnimation", "documentation":"The loading animation configuration of a free-form layout element.
" + }, + "BorderRadius":{ + "shape":"BorderRadius", + "documentation":"The border radius of a free-form layout element.
" + }, + "Padding":{ + "shape":"Padding", + "documentation":"The padding of a free-form layout element.
" } }, "documentation":"An element within a free-form layout.
" @@ -20844,6 +20868,10 @@ "Color":{ "shape":"HexColorWithTransparency", "documentation":"The border color of a free-form layout element.
" + }, + "Width":{ + "shape":"Width", + "documentation":"The border width of a free-form layout element.
" } }, "documentation":"The background style configuration of a free-form layout element.
" @@ -22557,10 +22585,63 @@ "RowSpan":{ "shape":"GridLayoutElementRowSpan", "documentation":"The height of a grid element expressed as a number of grid rows.
" + }, + "BorderStyle":{ + "shape":"GridLayoutElementBorderStyle", + "documentation":"The border style configuration of a grid layout element.
" + }, + "SelectedBorderStyle":{ + "shape":"GridLayoutElementBorderStyle", + "documentation":"The border style configuration of a grid layout element. This border style is used when the element is selected.
" + }, + "BackgroundStyle":{ + "shape":"GridLayoutElementBackgroundStyle", + "documentation":"The background style configuration of a grid layout element.
" + }, + "LoadingAnimation":{"shape":"LoadingAnimation"}, + "BorderRadius":{ + "shape":"BorderRadius", + "documentation":"The border radius of a grid layout element.
" + }, + "Padding":{ + "shape":"Padding", + "documentation":"The padding of a grid layout element.
" } }, "documentation":"An element within a grid layout.
" }, + "GridLayoutElementBackgroundStyle":{ + "type":"structure", + "members":{ + "Visibility":{ + "shape":"Visibility", + "documentation":"The background visibility of a grid layout element.
" + }, + "Color":{ + "shape":"HexColorWithTransparency", + "documentation":"The background color of a grid layout element.
" + } + }, + "documentation":"The background style configuration of a grid layout element.
" + }, + "GridLayoutElementBorderStyle":{ + "type":"structure", + "members":{ + "Visibility":{ + "shape":"Visibility", + "documentation":"The border visibility of a grid layout element.
" + }, + "Color":{ + "shape":"HexColorWithTransparency", + "documentation":"The border color of a grid layout element.
" + }, + "Width":{ + "shape":"Width", + "documentation":"The border width of a grid layout element.
" + } + }, + "documentation":"The border style configuration of a grid layout element.
" + }, "GridLayoutElementColumnIndex":{ "type":"integer", "max":35, @@ -28217,6 +28298,10 @@ }, "documentation":"A transform operation that overrides the dataset parameter values that are defined in another dataset.
" }, + "Padding":{ + "type":"string", + "max":200 + }, "PageNumber":{ "type":"long", "min":0 @@ -31293,6 +31378,10 @@ "GenerativeQnA":{ "shape":"RegisteredUserGenerativeQnAEmbeddingConfiguration", "documentation":"The configuration details for embedding the Generative Q&A experience.
For more information about embedding the Generative Q&A experience, see Embedding Overview in the Amazon Quick Sight User Guide.
" + }, + "QuickChat":{ + "shape":"RegisteredUserQuickChatEmbeddingConfiguration", + "documentation":"The configuration details for embedding the Quick chat agent.
" } }, "documentation":"The type of experience you want to embed. For registered users, you can embed Quick Suite dashboards or the Amazon Quick Sight console.
Exactly one of the experience configurations is required. You can choose Dashboard or QuickSightConsole. You cannot choose more than one experience configuration.
Information about the Q search bar embedding experience.
" }, + "RegisteredUserQuickChatEmbeddingConfiguration":{ + "type":"structure", + "members":{}, + "documentation":"An object that provides information about the configuration of a chat agent.
" + }, "RegisteredUserQuickSightConsoleEmbeddingConfiguration":{ "type":"structure", "members":{ @@ -33319,6 +33413,20 @@ }, "documentation":"A sheet, which is an object that contains a set of visuals that are viewed together on one page in Quick Sight. Every analysis and dashboard contains at least one sheet. Each sheet contains at least one visualization widget, for example a chart, pivot table, or narrative insight. Sheets can be associated with other components, such as controls, filters, and so on.
" }, + "SheetBackgroundStyle":{ + "type":"structure", + "members":{ + "Color":{ + "shape":"Color", + "documentation":"The solid color background option for sheets.
" + }, + "Gradient":{ + "shape":"String", + "documentation":"The gradient background option for sheets.
" + } + }, + "documentation":"The background configuration for sheets.
" + }, "SheetContentType":{ "type":"string", "enum":[ @@ -33648,6 +33756,10 @@ "TileLayout":{ "shape":"TileLayoutStyle", "documentation":"The layout options for tiles.
" + }, + "Background":{ + "shape":"SheetBackgroundStyle", + "documentation":"The background for sheets.
" } }, "documentation":"The theme display options for sheets.
" @@ -36079,6 +36191,10 @@ "SINGLE_QUOTE" ] }, + "TextTransform":{ + "type":"string", + "enum":["CAPITALIZE"] + }, "TextWrap":{ "type":"string", "enum":[ @@ -36358,9 +36474,21 @@ "TileStyle":{ "type":"structure", "members":{ + "BackgroundColor":{ + "shape":"Color", + "documentation":"The background color of a tile.
" + }, "Border":{ "shape":"BorderStyle", "documentation":"The border around a tile.
" + }, + "BorderRadius":{ + "shape":"BorderRadius", + "documentation":"The border radius of a tile.
" + }, + "Padding":{ + "shape":"Padding", + "documentation":"The padding of a tile.
" } }, "documentation":"Display options related to tiles on a sheet.
" @@ -38229,6 +38357,19 @@ "FontFamilies":{ "shape":"FontList", "documentation":"Determines the list of font families.
" + }, + "AxisTitleFontConfiguration":{"shape":"FontConfiguration"}, + "AxisLabelFontConfiguration":{"shape":"FontConfiguration"}, + "LegendTitleFontConfiguration":{"shape":"FontConfiguration"}, + "LegendValueFontConfiguration":{"shape":"FontConfiguration"}, + "DataLabelFontConfiguration":{"shape":"FontConfiguration"}, + "VisualTitleFontConfiguration":{ + "shape":"VisualTitleFontConfiguration", + "documentation":"Configures the display properties of the visual title.
" + }, + "VisualSubtitleFontConfiguration":{ + "shape":"VisualSubtitleFontConfiguration", + "documentation":"Configures the display properties of the visual sub-title.
" } }, "documentation":"Determines the typography options.
" @@ -41696,6 +41837,21 @@ "max":1024, "min":1 }, + "VisualSubtitleFontConfiguration":{ + "type":"structure", + "members":{ + "FontConfiguration":{"shape":"FontConfiguration"}, + "TextAlignment":{ + "shape":"HorizontalTextAlignment", + "documentation":"Determines the alignment of visual sub-title.
" + }, + "TextTransform":{ + "shape":"TextTransform", + "documentation":"Determines the text transformation of visual sub-title.
" + } + }, + "documentation":"Configures the display properties of the visual sub-title.
" + }, "VisualSubtitleLabelOptions":{ "type":"structure", "members":{ @@ -41715,6 +41871,21 @@ "max":1024, "min":1 }, + "VisualTitleFontConfiguration":{ + "type":"structure", + "members":{ + "FontConfiguration":{"shape":"FontConfiguration"}, + "TextAlignment":{ + "shape":"HorizontalTextAlignment", + "documentation":"Determines the alignment of visual title.
" + }, + "TextTransform":{ + "shape":"TextTransform", + "documentation":"Determines the text transformation of visual title.
" + } + }, + "documentation":"Configures the display properties of the visual title.
" + }, "VisualTitleLabelOptions":{ "type":"structure", "members":{ @@ -42059,6 +42230,11 @@ "DISABLED" ] }, + "Width":{ + "type":"string", + "documentation":"String to encapsulate the most generic way Width can be formatted with whatever units (px, em etc)", + "max":50 + }, "WordCloudAggregatedFieldWells":{ "type":"structure", "members":{ diff --git a/awscli/botocore/data/rbin/2021-06-15/service-2.json b/awscli/botocore/data/rbin/2021-06-15/service-2.json index 72e25b88ce75..c071af274782 100644 --- a/awscli/botocore/data/rbin/2021-06-15/service-2.json +++ b/awscli/botocore/data/rbin/2021-06-15/service-2.json @@ -219,7 +219,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"The resource type to be retained by the retention rule. Currently, only Amazon EBS snapshots and EBS-backed AMIs are supported. To retain snapshots, specify EBS_SNAPSHOT. To retain EBS-backed AMIs, specify EC2_IMAGE.
The resource type to be retained by the retention rule. Currently, only EBS volumes, EBS snapshots, and EBS-backed AMIs are supported.
To retain EBS volumes, specify EBS_VOLUME.
To retain EBS snapshots, specify EBS_SNAPSHOT
To retain EBS-backed AMIs, specify EC2_IMAGE.
The resource type retained by the retention rule. Only retention rules that retain the specified resource type are listed. Currently, only Amazon EBS snapshots and EBS-backed AMIs are supported. To list retention rules that retain snapshots, specify EBS_SNAPSHOT. To list retention rules that retain EBS-backed AMIs, specify EC2_IMAGE.
The resource type retained by the retention rule. Only retention rules that retain the specified resource type are listed. Currently, only EBS volumes, EBS snapshots, and EBS-backed AMIs are supported.
To list retention rules that retain EBS volumes, specify EBS_VOLUME.
To list retention rules that retain EBS snapshots, specify EBS_SNAPSHOT.
To list retention rules that retain EBS-backed AMIs, specify EC2_IMAGE.
The period value for which the retention rule is to retain resources. The period is measured using the unit specified for RetentionPeriodUnit.
" + "documentation":"The period value for which the retention rule is to retain resources, measured in days. The supported retention periods are:
EBS volumes: 1 - 7 days
EBS snapshots and EBS-backed AMIs: 1 - 365 days
The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measure only in days.
" + "documentation":"The unit of time in which to measure the unlock delay. Currently, the unlock delay can be measured only in days.
" } }, "documentation":"Information about the retention rule unlock delay. The unlock delay is the period after which a retention rule can be modified or edited after it has been unlocked by a user with the required permissions. The retention rule can't be modified or deleted during the unlock delay.
" @@ -947,5 +948,5 @@ ] } }, - "documentation":"This is the Recycle Bin API Reference. This documentation provides descriptions and syntax for each of the actions and data types in Recycle Bin.
Recycle Bin is a resource recovery feature that enables you to restore accidentally deleted snapshots and EBS-backed AMIs. When using Recycle Bin, if your resources are deleted, they are retained in the Recycle Bin for a time period that you specify.
You can restore a resource from the Recycle Bin at any time before its retention period expires. After you restore a resource from the Recycle Bin, the resource is removed from the Recycle Bin, and you can then use it in the same way you use any other resource of that type in your account. If the retention period expires and the resource is not restored, the resource is permanently deleted from the Recycle Bin and is no longer available for recovery. For more information about Recycle Bin, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"This is the Recycle Bin API Reference. This documentation provides descriptions and syntax for each of the actions and data types in Recycle Bin.
Recycle Bin is a resource recovery feature that enables you to restore accidentally deleted EBS volumes, EBS snapshots, and EBS-backed AMIs. When using Recycle Bin, if your resources are deleted, they are retained in the Recycle Bin for a time period that you specify.
You can restore a resource from the Recycle Bin at any time before its retention period expires. After you restore a resource from the Recycle Bin, the resource is removed from the Recycle Bin, and you can then use it in the same way you use any other resource of that type in your account. If the retention period expires and the resource is not restored, the resource is permanently deleted from the Recycle Bin and is no longer available for recovery. For more information about Recycle Bin, see Recycle Bin in the Amazon Elastic Compute Cloud User Guide.
" } diff --git a/awscli/botocore/data/rds/2014-10-31/service-2.json b/awscli/botocore/data/rds/2014-10-31/service-2.json index f343483a0040..848bbf547e99 100644 --- a/awscli/botocore/data/rds/2014-10-31/service-2.json +++ b/awscli/botocore/data/rds/2014-10-31/service-2.json @@ -336,7 +336,8 @@ {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, {"shape":"StorageTypeNotSupportedFault"}, - {"shape":"OptionGroupNotFoundFault"} + {"shape":"OptionGroupNotFoundFault"}, + {"shape":"VpcEncryptionControlViolationException"} ], "documentation":"Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster.
If you create an Aurora DB cluster, the request creates an empty cluster. You must explicitly create the writer instance for your DB cluster using the CreateDBInstance operation. If you create a Multi-AZ DB cluster, the request creates a writer and two reader DB instances for you, each in a different Availability Zone.
You can use the ReplicationSourceIdentifier parameter to create an Amazon Aurora DB cluster as a read replica of another DB cluster or Amazon RDS for MySQL or PostgreSQL DB instance. For more information about Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.
You can also use the ReplicationSourceIdentifier parameter to create a Multi-AZ DB cluster read replica with an RDS for MySQL or PostgreSQL DB instance as the source. For more information about Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
Creates a new DB instance.
The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster. For an Aurora DB cluster, you can call this operation multiple times to add more than one DB instance to the cluster.
For more information about creating an RDS DB instance, see Creating an Amazon RDS DB instance in the Amazon RDS User Guide.
For more information about creating a DB instance in an Aurora DB cluster, see Creating an Amazon Aurora DB cluster in the Amazon Aurora User Guide.
" }, @@ -470,7 +472,8 @@ {"shape":"NetworkTypeNotSupported"}, {"shape":"DomainNotFoundFault"}, {"shape":"TenantDatabaseQuotaExceededFault"}, - {"shape":"CertificateNotFoundFault"} + {"shape":"CertificateNotFoundFault"}, + {"shape":"VpcEncryptionControlViolationException"} ], "documentation":"Creates a new DB instance that acts as a read replica for an existing source DB instance or Multi-AZ DB cluster. You can create a read replica for a DB instance running Db2, MariaDB, MySQL, Oracle, PostgreSQL, or SQL Server. You can create a read replica for a Multi-AZ DB cluster running MySQL or PostgreSQL. For more information, see Working with read replicas and Migrating from a Multi-AZ DB cluster to a DB instance using a read replica in the Amazon RDS User Guide.
Amazon Aurora doesn't support this operation. To create a DB instance for an Aurora DB cluster, use the CreateDBInstance operation.
RDS creates read replicas with backups disabled. All other attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance or cluster, except as specified.
Your source DB instance or cluster must have backup retention enabled.
Modifies the settings of an Amazon Aurora DB cluster or a Multi-AZ DB cluster. You can change one or more settings by specifying these parameters and the new values in the request.
For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.
For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
" }, @@ -2112,7 +2116,8 @@ {"shape":"KMSKeyNotAccessibleFault"}, {"shape":"NetworkTypeNotSupported"}, {"shape":"InvalidDBClusterStateFault"}, - {"shape":"TenantDatabaseQuotaExceededFault"} + {"shape":"TenantDatabaseQuotaExceededFault"}, + {"shape":"VpcEncryptionControlViolationException"} ], "documentation":"Modifies settings for a DB instance. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. To learn what modifications you can make to your DB instance, call DescribeValidDBInstanceModifications before you call ModifyDBInstance.
Creates a new DB cluster from a DB snapshot or DB cluster snapshot.
The target DB cluster is created from the source snapshot with a default configuration. If you don't specify a security group, the new DB cluster is associated with the default security group.
This operation only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance operation to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the RestoreDBClusterFromSnapshot operation has completed and the DB cluster is available.
For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.
For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
" }, @@ -2728,7 +2734,8 @@ {"shape":"DBClusterParameterGroupNotFoundFault"}, {"shape":"StorageTypeNotSupportedFault"}, {"shape":"DBClusterAutomatedBackupNotFoundFault"}, - {"shape":"InsufficientDBInstanceCapacityFault"} + {"shape":"InsufficientDBInstanceCapacityFault"}, + {"shape":"VpcEncryptionControlViolationException"} ], "documentation":"Restores a DB cluster to an arbitrary point in time. Users can restore to any point in time before LatestRestorableTime for up to BackupRetentionPeriod days. The target DB cluster is created from the source DB cluster with the same configuration as the original DB cluster, except that the new DB cluster is created with the default DB security group. Unless the RestoreType is set to copy-on-write, the restore may occur in a different Availability Zone (AZ) from the original DB cluster. The AZ where RDS restores the DB cluster depends on the AZs in the specified subnet group.
For Aurora, this operation only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance operation to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier. You can create DB instances only after the RestoreDBClusterToPointInTime operation has completed and the DB cluster is available.
For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.
For more information on Multi-AZ DB clusters, see Multi-AZ DB cluster deployments in the Amazon RDS User Guide.
" }, @@ -2767,7 +2774,8 @@ {"shape":"BackupPolicyNotFoundFault"}, {"shape":"DBClusterSnapshotNotFoundFault"}, {"shape":"CertificateNotFoundFault"}, - {"shape":"TenantDatabaseQuotaExceededFault"} + {"shape":"TenantDatabaseQuotaExceededFault"}, + {"shape":"VpcEncryptionControlViolationException"} ], "documentation":"Creates a new DB instance from a DB snapshot. The target database is created from the source database restore point with most of the source's original configuration, including the default security group and DB parameter group. By default, the new DB instance is created as a Single-AZ deployment, except when the instance is a SQL Server instance that has an option group associated with mirroring. In this case, the instance becomes a Multi-AZ deployment, not a Single-AZ deployment.
If you want to replace your original DB instance with the new, restored DB instance, then rename your original DB instance before you call the RestoreDBInstanceFromDBSnapshot operation. RDS doesn't allow two DB instances with the same name. After you have renamed your original DB instance with a different identifier, then you can pass the original name of the DB instance as the DBInstanceIdentifier in the call to the RestoreDBInstanceFromDBSnapshot operation. The result is that you replace the original DB instance with the DB instance created from the snapshot.
If you are restoring from a shared manual DB snapshot, the DBSnapshotIdentifier must be the ARN of the shared DB snapshot.
To restore from a DB snapshot with an unsupported engine version, you must first upgrade the engine version of the snapshot. For more information about upgrading a RDS for MySQL DB snapshot engine version, see Upgrading a MySQL DB snapshot engine version. For more information about upgrading a RDS for PostgreSQL DB snapshot engine version, Upgrading a PostgreSQL DB snapshot engine version.
This command doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, use RestoreDBClusterFromSnapshot.
Amazon Relational Database Service (Amazon RDS) supports importing MySQL databases by using backup files. You can create a backup of your on-premises database, store it on Amazon Simple Storage Service (Amazon S3), and then restore the backup file onto a new Amazon RDS DB instance running MySQL. For more information, see Restoring a backup into an Amazon RDS for MySQL DB instance in the Amazon RDS User Guide.
This operation doesn't apply to RDS Custom.
" }, @@ -2841,7 +2850,8 @@ {"shape":"NetworkTypeNotSupported"}, {"shape":"DBInstanceAutomatedBackupNotFoundFault"}, {"shape":"TenantDatabaseQuotaExceededFault"}, - {"shape":"CertificateNotFoundFault"} + {"shape":"CertificateNotFoundFault"}, + {"shape":"VpcEncryptionControlViolationException"} ], "documentation":"Restores a DB instance to an arbitrary point in time. You can restore to any point in time before the time identified by the LatestRestorableTime property. You can restore to a point up to the number of days specified by the BackupRetentionPeriod property.
The target database is created with most of the original configuration, but in a system-selected Availability Zone, with the default security group, the default subnet group, and the default DB parameter group. By default, the new DB instance is created as a single-AZ deployment except when the instance is a SQL Server instance that has an option group that is associated with mirroring; in this case, the instance becomes a mirrored deployment and not a single-AZ deployment.
This operation doesn't apply to Aurora MySQL and Aurora PostgreSQL. For Aurora, use RestoreDBClusterToPointInTime.
Starts an Amazon Aurora DB cluster that was stopped using the Amazon Web Services console, the stop-db-cluster CLI command, or the StopDBCluster operation.
For more information, see Stopping and Starting an Aurora Cluster in the Amazon Aurora User Guide.
This operation only applies to Aurora DB clusters.
Starts an Amazon RDS DB instance that was stopped using the Amazon Web Services console, the stop-db-instance CLI command, or the StopDBInstance operation.
For more information, see Starting an Amazon RDS DB instance That Was Previously Stopped in the Amazon RDS User Guide.
This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. For Aurora DB clusters, use StartDBCluster instead.
Specifies whether the DB cluster is publicly accessible.
When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.
When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.
Valid for Cluster Type: Multi-AZ DB clusters only
Default: The default behavior varies depending on whether DBSubnetGroupName is specified.
If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:
If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB cluster is private.
If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.
If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:
If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB cluster is private.
If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.
Specifies whether the DB cluster is publicly accessible.
Valid for Cluster Type: Multi-AZ DB clusters only
When the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its domain name system (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is controlled by its security group settings.
When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.
The default behavior when PubliclyAccessible is not specified depends on whether a DBSubnetGroup is specified.
If DBSubnetGroup isn't specified, PubliclyAccessible defaults to true.
If DBSubnetGroup is specified, PubliclyAccessible defaults to false unless the value of DBSubnetGroup is default, in which case PubliclyAccessible defaults to true.
If PubliclyAccessible is true and the VPC that the DBSubnetGroup is in doesn't have an internet gateway attached to it, Amazon RDS returns an error.
Specifies whether the DB instance is publicly accessible.
When the DB instance is publicly accessible and you connect from outside of the DB instance's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB instance, the endpoint resolves to the private IP address. Access to the DB instance is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB instance doesn't permit it.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
Default: The default behavior varies depending on whether DBSubnetGroupName is specified.
If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:
If the default VPC in the target Region doesn’t have an internet gateway attached to it, the DB instance is private.
If the default VPC in the target Region has an internet gateway attached to it, the DB instance is public.
If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:
If the subnets are part of a VPC that doesn’t have an internet gateway attached to it, the DB instance is private.
If the subnets are part of a VPC that has an internet gateway attached to it, the DB instance is public.
Specifies whether the DB instance is publicly accessible.
When the DB instance is publicly accessible and you connect from outside of the DB instance's virtual private cloud (VPC), its domain name system (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB instance, the endpoint resolves to the private IP address. Access to the DB instance is controlled by its security group settings.
When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.
The default behavior when PubliclyAccessible is not specified depends on whether a DBSubnetGroup is specified.
If DBSubnetGroup isn't specified, PubliclyAccessible defaults to false for Aurora instances and true for non-Aurora instances.
If DBSubnetGroup is specified, PubliclyAccessible defaults to false unless the value of DBSubnetGroup is default, in which case PubliclyAccessible defaults to true.
If PubliclyAccessible is true and the VPC that the DBSubnetGroup is in doesn't have an internet gateway attached to it, Amazon RDS returns an error.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
" }, + "UpgradeRolloutOrder":{ + "shape":"UpgradeRolloutOrder", + "documentation":"This data type represents the order in which the clusters are upgraded.
[first] - Typically used for development or testing environments.
[second] - Default order for resources not specifically configured.
[last] - Usually reserved for production environments.
The identifier of the source DB cluster if this DB cluster is a read replica.
" @@ -6914,6 +6929,10 @@ "shape":"String", "documentation":"The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
" }, + "UpgradeRolloutOrder":{ + "shape":"UpgradeRolloutOrder", + "documentation":"This data type represents the order in which the instances are upgraded.
[first] - Typically used for development or testing environments.
[second] - Default order for resources not specifically configured.
[last] - Usually reserved for production environments.
Information about pending changes to the DB instance. This information is returned only when there are pending changes. Specific changes are identified by subelements.
" @@ -12772,7 +12791,7 @@ }, "DomainOu":{ "shape":"String", - "documentation":"The Active Directory organizational unit for your DB instance to join.
Constraints:
Must be in the distinguished name format.
Can't be longer than 64 characters.
Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain
The Active Directory organizational unit for your DB instance to join.
Constraints:
Must be in the distinguished name format.
Example: OU=mymanagedADtestOU,DC=mymanagedADtest,DC=mymanagedAD,DC=mydomain
The operation violates VPC encryption control settings. Make sure that your DB instance type supports the Nitro encryption-in-transit capability, or modify your VPC's encryption controls to not enforce encryption-in-transit.
", + "error":{ + "code":"VpcEncryptionControlViolationException", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "VpcSecurityGroupIdList":{ "type":"list", "member":{ diff --git a/awscli/botocore/data/redshift-data/2019-12-20/service-2.json b/awscli/botocore/data/redshift-data/2019-12-20/service-2.json index a7dca2579d2f..14af968fa2be 100644 --- a/awscli/botocore/data/redshift-data/2019-12-20/service-2.json +++ b/awscli/botocore/data/redshift-data/2019-12-20/service-2.json @@ -2,6 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2019-12-20", + "auth":["aws.auth#sigv4"], "endpointPrefix":"redshift-data", "jsonVersion":"1.1", "protocol":"json", @@ -11,8 +12,7 @@ "signatureVersion":"v4", "signingName":"redshift-data", "targetPrefix":"RedshiftData", - "uid":"redshift-data-2019-12-20", - "auth":["aws.auth#sigv4"] + "uid":"redshift-data-2019-12-20" }, "operations":{ "BatchExecuteStatement":{ @@ -26,6 +26,7 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"ActiveSessionsExceededException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ActiveStatementsExceededException"}, {"shape":"BatchExecuteStatementException"}, {"shape":"InternalServerException"} @@ -43,6 +44,7 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], @@ -61,7 +63,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Describes the details about a specific instance when a query was run by the Amazon Redshift Data API. The information includes when the query started, when it finished, the query status, the number of rows returned, and the SQL statement.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"Describes the details about a specific instance when a query was run by the Amazon Redshift Data API. The information includes when the query started, when it finished, the query status, the number of rows returned, and the SQL statement.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "DescribeTable":{ "name":"DescribeTable", @@ -73,11 +76,13 @@ "output":{"shape":"DescribeTableResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], - "documentation":"Describes the detailed information about a table from metadata in the cluster. The information includes its columns. A token is returned to page through the column list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"Describes the detailed information about a table from metadata in the cluster. The information includes its columns. A token is returned to page through the column list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "ExecuteStatement":{ "name":"ExecuteStatement", @@ -90,6 +95,7 @@ "errors":[ {"shape":"ValidationException"}, {"shape":"ActiveSessionsExceededException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ExecuteStatementException"}, {"shape":"ActiveStatementsExceededException"}, {"shape":"InternalServerException"} @@ -109,7 +115,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Fetches the temporarily cached result of an SQL statement in JSON format. The ExecuteStatement or BatchExecuteStatement operation that ran the SQL statement must have specified ResultFormat as JSON , or let the format default to JSON. A token is returned to page through the statement results.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"Fetches the temporarily cached result of an SQL statement in JSON format. The ExecuteStatement or BatchExecuteStatement operation that ran the SQL statement must have specified ResultFormat as JSON , or let the format default to JSON. A token is returned to page through the statement results.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "GetStatementResultV2":{ "name":"GetStatementResultV2", @@ -124,7 +131,8 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"Fetches the temporarily cached result of an SQL statement in CSV format. The ExecuteStatement or BatchExecuteStatement operation that ran the SQL statement must have specified ResultFormat as CSV. A token is returned to page through the statement results.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"Fetches the temporarily cached result of an SQL statement in CSV format. The ExecuteStatement or BatchExecuteStatement operation that ran the SQL statement must have specified ResultFormat as CSV. A token is returned to page through the statement results.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "ListDatabases":{ "name":"ListDatabases", @@ -136,11 +144,13 @@ "output":{"shape":"ListDatabasesResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], - "documentation":"List the databases in a cluster. A token is returned to page through the database list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"List the databases in a cluster. A token is returned to page through the database list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "ListSchemas":{ "name":"ListSchemas", @@ -152,11 +162,13 @@ "output":{"shape":"ListSchemasResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], - "documentation":"Lists the schemas in a database. A token is returned to page through the schema list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"Lists the schemas in a database. A token is returned to page through the schema list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "ListStatements":{ "name":"ListStatements", @@ -168,9 +180,11 @@ "output":{"shape":"ListStatementsResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"} ], - "documentation":"List of SQL statements. By default, only finished statements are shown. A token is returned to page through the statement list.
When you use identity-enhanced role sessions to list statements, you must provide either the cluster-identifier or workgroup-name parameter. This ensures that the IdC user can only access the Amazon Redshift IdC applications they are assigned. For more information, see Trusted identity propagation overview.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"List of SQL statements. By default, only finished statements are shown. A token is returned to page through the statement list.
When you use identity-enhanced role sessions to list statements, you must provide either the cluster-identifier or workgroup-name parameter. This ensures that the IdC user can only access the Amazon Redshift IdC applications they are assigned. For more information, see Trusted identity propagation overview.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true }, "ListTables":{ "name":"ListTables", @@ -182,11 +196,13 @@ "output":{"shape":"ListTablesResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], - "documentation":"List the tables in a database. If neither SchemaPattern nor TablePattern are specified, then all tables in the database are returned. A token is returned to page through the table list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
" + "documentation":"List the tables in a database. If neither SchemaPattern nor TablePattern are specified, then all tables in the database are returned. A token is returned to page through the table list. Depending on the authorization method, use one of the following combinations of request parameters:
Secrets Manager - when connecting to a cluster, provide the secret-arn of a secret stored in Secrets Manager which has username and password. The specified secret contains credentials to connect to the database you specify. When you are connecting to a cluster, you also supply the database name, If you provide a cluster identifier (dbClusterIdentifier), it must match the cluster identifier stored in the secret. When you are connecting to a serverless workgroup, you also supply the database name.
Temporary credentials - when connecting to your data warehouse, choose one of the following options:
When connecting to a serverless workgroup, specify the workgroup name and database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift-serverless:GetCredentials operation is required.
When connecting to a cluster as an IAM identity, specify the cluster identifier and the database name. The database user name is derived from the IAM identity. For example, arn:iam::123456789012:user:foo has the database user name IAM:foo. Also, permission to call the redshift:GetClusterCredentialsWithIAM operation is required.
When connecting to a cluster as a database user, specify the cluster identifier, the database name, and the database user name. Also, permission to call the redshift:GetClusterCredentials operation is required.
For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.
", + "readonly":true } }, "shapes":{ @@ -227,95 +243,95 @@ "type":"structure", "required":["Sqls"], "members":{ - "ClientToken":{ - "shape":"ClientToken", - "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", - "idempotencyToken":true + "Sqls":{ + "shape":"SqlList", + "documentation":"One or more SQL statements to run. The SQL statements are run as a single transaction. They run serially in the order of the array. Subsequent SQL statements don't start until the previous statement in the array completes. If any SQL statement fails, then because they are run as one transaction, all work is rolled back.
" }, "ClusterIdentifier":{ "shape":"ClusterIdentifierString", "documentation":"The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.
" }, - "Database":{ - "shape":"String", - "documentation":"The name of the database. This parameter is required when authenticating using either Secrets Manager or temporary credentials.
" - }, - "DbUser":{ - "shape":"String", - "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" - }, - "ResultFormat":{ - "shape":"ResultFormatString", - "documentation":"The data format of the result of the SQL statement. If no format is specified, the default is JSON.
" - }, "SecretArn":{ "shape":"SecretArn", "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" }, - "SessionId":{ - "shape":"UUID", - "documentation":"The session identifier of the query.
" + "DbUser":{ + "shape":"String", + "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" }, - "SessionKeepAliveSeconds":{ - "shape":"SessionAliveSeconds", - "documentation":"The number of seconds to keep the session alive after the query finishes. The maximum time a session can keep alive is 24 hours. After 24 hours, the session is forced closed and the query is terminated.
" + "Database":{ + "shape":"String", + "documentation":"The name of the database. This parameter is required when authenticating using either Secrets Manager or temporary credentials.
" }, - "Sqls":{ - "shape":"SqlList", - "documentation":"One or more SQL statements to run.
The SQL statements are run as a single transaction. They run serially in the order of the array. Subsequent SQL statements don't start until the previous statement in the array completes. If any SQL statement fails, then because they are run as one transaction, all work is rolled back.</p> A value that indicates whether to send an event to the Amazon EventBridge event bus after the SQL statements run.
" }, "StatementName":{ "shape":"StatementNameString", "documentation":"The name of the SQL statements. You can name the SQL statements when you create them to identify the query.
" }, - "WithEvent":{ - "shape":"Boolean", - "documentation":"A value that indicates whether to send an event to the Amazon EventBridge event bus after the SQL statements run.
" - }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"The serverless workgroup name or Amazon Resource Name (ARN). This parameter is required when connecting to a serverless workgroup and authenticating using either Secrets Manager or temporary credentials.
" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", + "idempotencyToken":true + }, + "ResultFormat":{ + "shape":"ResultFormatString", + "documentation":"The data format of the result of the SQL statement. If no format is specified, the default is JSON.
" + }, + "SessionKeepAliveSeconds":{ + "shape":"SessionAliveSeconds", + "documentation":"The number of seconds to keep the session alive after the query finishes. The maximum time a session can keep alive is 24 hours. After 24 hours, the session is forced closed and the query is terminated.
" + }, + "SessionId":{ + "shape":"UUID", + "documentation":"The session identifier of the query.
" } } }, "BatchExecuteStatementOutput":{ "type":"structure", "members":{ - "ClusterIdentifier":{ - "shape":"ClusterIdentifierString", - "documentation":"The cluster identifier. This element is not returned when connecting to a serverless workgroup.
" + "Id":{ + "shape":"UUID", + "documentation":"The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. This identifier is returned by BatchExecuteStatment.
The date and time (UTC) the statement was created.
" }, - "Database":{ + "ClusterIdentifier":{ + "shape":"ClusterIdentifierString", + "documentation":"The cluster identifier. This element is not returned when connecting to a serverless workgroup.
" + }, + "DbUser":{ "shape":"String", - "documentation":"The name of the database.
" + "documentation":"The database user name.
" }, "DbGroups":{ "shape":"DbGroupList", "documentation":"A list of colon (:) separated names of database groups.
" }, - "DbUser":{ + "Database":{ "shape":"String", - "documentation":"The database user name.
" - }, - "Id":{ - "shape":"UUID", - "documentation":"The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. This identifier is returned by BatchExecuteStatment.
The name of the database.
" }, "SecretArn":{ "shape":"SecretArn", "documentation":"The name or ARN of the secret that enables access to the database.
" }, - "SessionId":{ - "shape":"UUID", - "documentation":"The session identifier of the query.
" - }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"The serverless workgroup name or Amazon Resource Name (ARN). This element is not returned when connecting to a provisioned cluster.
" + }, + "SessionId":{ + "shape":"UUID", + "documentation":"The session identifier of the query.
" } } }, @@ -363,7 +379,8 @@ "ClusterIdentifierString":{ "type":"string", "max":63, - "min":1 + "min":1, + "pattern":"[a-z][a-z0-9]*(-[a-z0-9]+)*" }, "ColumnList":{ "type":"list", @@ -372,10 +389,6 @@ "ColumnMetadata":{ "type":"structure", "members":{ - "columnDefault":{ - "shape":"String", - "documentation":"The default value of the column.
" - }, "isCaseSensitive":{ "shape":"bool", "documentation":"A value that indicates whether the column is case-sensitive.
" @@ -392,10 +405,6 @@ "shape":"String", "documentation":"The label for the column.
" }, - "length":{ - "shape":"Integer", - "documentation":"The length of the column.
" - }, "name":{ "shape":"String", "documentation":"The name of the column.
" @@ -423,6 +432,14 @@ "typeName":{ "shape":"String", "documentation":"The database-specific data type of the column.
" + }, + "length":{ + "shape":"Integer", + "documentation":"The length of the column.
" + }, + "columnDefault":{ + "shape":"String", + "documentation":"The default value of the column.
" } }, "documentation":"The properties (metadata) of a column.
" @@ -463,21 +480,25 @@ "type":"structure", "required":["Id"], "members":{ - "ClusterIdentifier":{ - "shape":"String", - "documentation":"The cluster identifier.
" + "Id":{ + "shape":"UUID", + "documentation":"The identifier of the SQL statement described. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" }, - "CreatedAt":{ - "shape":"Timestamp", - "documentation":"The date and time (UTC) when the SQL statement was submitted to run.
" + "SecretArn":{ + "shape":"SecretArn", + "documentation":"The name or Amazon Resource Name (ARN) of the secret that enables access to the database.
" + }, + "DbUser":{ + "shape":"String", + "documentation":"The database user name.
" }, "Database":{ "shape":"String", "documentation":"The name of the database.
" }, - "DbUser":{ + "ClusterIdentifier":{ "shape":"String", - "documentation":"The database user name.
" + "documentation":"The cluster identifier.
" }, "Duration":{ "shape":"Long", @@ -487,33 +508,29 @@ "shape":"String", "documentation":"The error message from the cluster if the SQL statement encountered an error while running.
" }, - "HasResultSet":{ - "shape":"Boolean", - "documentation":"A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set. The value is true if any substatement returns a result set.
" - }, - "Id":{ - "shape":"UUID", - "documentation":"The identifier of the SQL statement described. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" + "Status":{ + "shape":"StatusString", + "documentation":"The status of the SQL statement being described. Status values are defined as follows:
ABORTED - The query run was stopped by the user.
ALL - A status value that includes all query statuses. This value can be used to filter results.
FAILED - The query run failed.
FINISHED - The query has finished running.
PICKED - The query has been chosen to be run.
STARTED - The query run has started.
SUBMITTED - The query was submitted, but not yet processed.
The parameters for the SQL statement.
" + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"The date and time (UTC) when the SQL statement was submitted to run.
" }, - "QueryString":{ - "shape":"StatementString", - "documentation":"The SQL statement text.
" + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"The date and time (UTC) that the metadata for the SQL statement was last updated. An example is the time the status last changed.
" }, "RedshiftPid":{ "shape":"Long", "documentation":"The process identifier from Amazon Redshift.
" }, - "RedshiftQueryId":{ - "shape":"Long", - "documentation":"The identifier of the query generated by Amazon Redshift. These identifiers are also available in the query column of the STL_QUERY system view.
A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set. The value is true if any substatement returns a result set.
" }, - "ResultFormat":{ - "shape":"ResultFormatString", - "documentation":"The data format of the result of the SQL statement.
" + "QueryString":{ + "shape":"StatementString", + "documentation":"The SQL statement text.
" }, "ResultRows":{ "shape":"Long", @@ -523,29 +540,29 @@ "shape":"Long", "documentation":"The size in bytes of the returned results. A -1 indicates the value is null.
The name or Amazon Resource Name (ARN) of the secret that enables access to the database.
" - }, - "SessionId":{ - "shape":"String", - "documentation":"The session identifier of the query.
" + "RedshiftQueryId":{ + "shape":"Long", + "documentation":"The identifier of the query generated by Amazon Redshift. These identifiers are also available in the query column of the STL_QUERY system view.
The status of the SQL statement being described. Status values are defined as follows:
ABORTED - The query run was stopped by the user.
ALL - A status value that includes all query statuses. This value can be used to filter results.
FAILED - The query run failed.
FINISHED - The query has finished running.
PICKED - The query has been chosen to be run.
STARTED - The query run has started.
SUBMITTED - The query was submitted, but not yet processed.
The parameters for the SQL statement.
" }, "SubStatements":{ "shape":"SubStatementList", "documentation":"The SQL statements from a multiple statement run.
" }, - "UpdatedAt":{ - "shape":"Timestamp", - "documentation":"The date and time (UTC) that the metadata for the SQL statement was last updated. An example is the time the status last changed.
" - }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"The serverless workgroup name or Amazon Resource Name (ARN).
" + }, + "ResultFormat":{ + "shape":"ResultFormatString", + "documentation":"The data format of the result of the SQL statement.
" + }, + "SessionId":{ + "shape":"String", + "documentation":"The session identifier of the query.
" } } }, @@ -557,38 +574,38 @@ "shape":"ClusterIdentifierString", "documentation":"The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.
" }, - "ConnectedDatabase":{ - "shape":"String", - "documentation":"A database name. The connected database is specified when you connect with your authentication credentials.
" - }, - "Database":{ - "shape":"String", - "documentation":"The name of the database that contains the tables to be described. If ConnectedDatabase is not specified, this is also the database to connect to with your authentication credentials.
The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" }, "DbUser":{ "shape":"String", "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"The maximum number of tables to return in the response. If more tables exist than fit in one response, then NextToken is returned to page through the results.
The name of the database that contains the tables to be described. If ConnectedDatabase is not specified, this is also the database to connect to with your authentication credentials.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" + "documentation":"A database name. The connected database is specified when you connect with your authentication credentials.
" }, "Schema":{ "shape":"String", "documentation":"The schema that contains the table. If no schema is specified, then matching tables for all schemas are returned.
" }, - "SecretArn":{ - "shape":"SecretArn", - "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" - }, "Table":{ "shape":"String", "documentation":"The table name. If no table is specified, then all tables for all matching schemas are returned. If no table and no schema is specified, then all tables for all schemas in the database are returned
" }, + "NextToken":{ + "shape":"String", + "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" + }, + "MaxResults":{ + "shape":"PageSize", + "documentation":"The maximum number of tables to return in the response. If more tables exist than fit in one response, then NextToken is returned to page through the results.
The serverless workgroup name or Amazon Resource Name (ARN). This parameter is required when connecting to a serverless workgroup and authenticating using either Secrets Manager or temporary credentials.
" @@ -598,6 +615,10 @@ "DescribeTableResponse":{ "type":"structure", "members":{ + "TableName":{ + "shape":"String", + "documentation":"The table name.
" + }, "ColumnList":{ "shape":"ColumnList", "documentation":"A list of columns in the table.
" @@ -605,10 +626,6 @@ "NextToken":{ "shape":"String", "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, - "TableName":{ - "shape":"String", - "documentation":"The table name.
" } } }, @@ -636,128 +653,128 @@ "type":"structure", "required":["Sql"], "members":{ - "ClientToken":{ - "shape":"ClientToken", - "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", - "idempotencyToken":true + "Sql":{ + "shape":"StatementString", + "documentation":"The SQL statement text to run.
" }, "ClusterIdentifier":{ "shape":"ClusterIdentifierString", "documentation":"The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.
" }, - "Database":{ - "shape":"String", - "documentation":"The name of the database. This parameter is required when authenticating using either Secrets Manager or temporary credentials.
" + "SecretArn":{ + "shape":"SecretArn", + "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" }, "DbUser":{ "shape":"String", "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" }, - "Parameters":{ - "shape":"SqlParametersList", - "documentation":"The parameters for the SQL statement.
" - }, - "ResultFormat":{ - "shape":"ResultFormatString", - "documentation":"The data format of the result of the SQL statement. If no format is specified, the default is JSON.
" + "Database":{ + "shape":"String", + "documentation":"The name of the database. This parameter is required when authenticating using either Secrets Manager or temporary credentials.
" }, - "SecretArn":{ - "shape":"SecretArn", - "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" - }, - "SessionId":{ - "shape":"UUID", - "documentation":"The session identifier of the query.
" - }, - "SessionKeepAliveSeconds":{ - "shape":"SessionAliveSeconds", - "documentation":"The number of seconds to keep the session alive after the query finishes. The maximum time a session can keep alive is 24 hours. After 24 hours, the session is forced closed and the query is terminated.
" - }, - "Sql":{ - "shape":"StatementString", - "documentation":"The SQL statement text to run.
" + "WithEvent":{ + "shape":"Boolean", + "documentation":"A value that indicates whether to send an event to the Amazon EventBridge event bus after the SQL statement runs.
" }, "StatementName":{ "shape":"StatementNameString", "documentation":"The name of the SQL statement. You can name the SQL statement when you create it to identify the query.
" }, - "WithEvent":{ - "shape":"Boolean", - "documentation":"A value that indicates whether to send an event to the Amazon EventBridge event bus after the SQL statement runs.
" + "Parameters":{ + "shape":"SqlParametersList", + "documentation":"The parameters for the SQL statement.
" }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"The serverless workgroup name or Amazon Resource Name (ARN). This parameter is required when connecting to a serverless workgroup and authenticating using either Secrets Manager or temporary credentials.
" + }, + "ClientToken":{ + "shape":"ClientToken", + "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", + "idempotencyToken":true + }, + "ResultFormat":{ + "shape":"ResultFormatString", + "documentation":"The data format of the result of the SQL statement. If no format is specified, the default is JSON.
" + }, + "SessionKeepAliveSeconds":{ + "shape":"SessionAliveSeconds", + "documentation":"The number of seconds to keep the session alive after the query finishes. The maximum time a session can keep alive is 24 hours. After 24 hours, the session is forced closed and the query is terminated.
" + }, + "SessionId":{ + "shape":"UUID", + "documentation":"The session identifier of the query.
" } } }, "ExecuteStatementOutput":{ "type":"structure", "members":{ - "ClusterIdentifier":{ - "shape":"ClusterIdentifierString", - "documentation":"The cluster identifier. This element is not returned when connecting to a serverless workgroup.
" + "Id":{ + "shape":"UUID", + "documentation":"The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" }, "CreatedAt":{ "shape":"Timestamp", "documentation":"The date and time (UTC) the statement was created.
" }, - "Database":{ + "ClusterIdentifier":{ + "shape":"ClusterIdentifierString", + "documentation":"The cluster identifier. This element is not returned when connecting to a serverless workgroup.
" + }, + "DbUser":{ "shape":"String", - "documentation":"The name of the database.
" + "documentation":"The database user name.
" }, "DbGroups":{ "shape":"DbGroupList", "documentation":"A list of colon (:) separated names of database groups.
" }, - "DbUser":{ + "Database":{ "shape":"String", - "documentation":"The database user name.
" - }, - "Id":{ - "shape":"UUID", - "documentation":"The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" + "documentation":"The name of the database.
" }, "SecretArn":{ "shape":"SecretArn", "documentation":"The name or ARN of the secret that enables access to the database.
" }, - "SessionId":{ - "shape":"UUID", - "documentation":"The session identifier of the query.
" - }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"The serverless workgroup name or Amazon Resource Name (ARN). This element is not returned when connecting to a provisioned cluster.
" + }, + "SessionId":{ + "shape":"UUID", + "documentation":"The session identifier of the query.
" } } }, "Field":{ "type":"structure", "members":{ - "blobValue":{ - "shape":"Blob", - "documentation":"A value of the BLOB data type.
" + "isNull":{ + "shape":"BoxedBoolean", + "documentation":"A value that indicates whether the data is NULL.
" }, "booleanValue":{ "shape":"BoxedBoolean", "documentation":"A value of the Boolean data type.
" }, - "doubleValue":{ - "shape":"BoxedDouble", - "documentation":"A value of the double data type.
" - }, - "isNull":{ - "shape":"BoxedBoolean", - "documentation":"A value that indicates whether the data is NULL.
" - }, "longValue":{ "shape":"BoxedLong", "documentation":"A value of the long data type.
" }, + "doubleValue":{ + "shape":"BoxedDouble", + "documentation":"A value of the double data type.
" + }, "stringValue":{ "shape":"String", "documentation":"A value of the string data type.
" + }, + "blobValue":{ + "shape":"Blob", + "documentation":"A value of the BLOB data type.
" } }, "documentation":"A data value in a column.
", @@ -789,21 +806,21 @@ "type":"structure", "required":["Records"], "members":{ - "ColumnMetadata":{ - "shape":"ColumnMetadataList", - "documentation":"The properties (metadata) of a column.
" - }, - "NextToken":{ - "shape":"String", - "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, "Records":{ "shape":"SqlRecords", "documentation":"The results of the SQL statement in JSON format.
" }, + "ColumnMetadata":{ + "shape":"ColumnMetadataList", + "documentation":"The properties (metadata) of a column.
" + }, "TotalNumRows":{ "shape":"Long", "documentation":"The total number of rows in the result set returned from a query. You can use this number to estimate the number of calls to the GetStatementResult operation needed to page through the results.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" } } }, @@ -825,25 +842,25 @@ "type":"structure", "required":["Records"], "members":{ + "Records":{ + "shape":"FormattedSqlRecords", + "documentation":"The results of the SQL statement in CSV format.
" + }, "ColumnMetadata":{ "shape":"ColumnMetadataList", "documentation":"The properties (metadata) of a column.
" }, - "NextToken":{ - "shape":"String", - "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, - "Records":{ - "shape":"FormattedSqlRecords", - "documentation":"The results of the SQL statement in CSV format.
" + "TotalNumRows":{ + "shape":"Long", + "documentation":"The total number of rows in the result set returned from a query. You can use this number to estimate the number of calls to the GetStatementResultV2 operation needed to page through the results.
The data format of the result of the SQL statement.
" }, - "TotalNumRows":{ - "shape":"Long", - "documentation":"The total number of rows in the result set returned from a query. You can use this number to estimate the number of calls to the GetStatementResultV2 operation needed to page through the results.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" } } }, @@ -873,21 +890,21 @@ "shape":"String", "documentation":"The name of the database. This parameter is required when authenticating using either Secrets Manager or temporary credentials.
" }, + "SecretArn":{ + "shape":"SecretArn", + "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" + }, "DbUser":{ "shape":"String", "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"The maximum number of databases to return in the response. If more databases exist than fit in one response, then NextToken is returned to page through the results.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" }, - "SecretArn":{ - "shape":"SecretArn", - "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" + "MaxResults":{ + "shape":"PageSize", + "documentation":"The maximum number of databases to return in the response. If more databases exist than fit in one response, then NextToken is returned to page through the results.
The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.
" }, - "ConnectedDatabase":{ + "SecretArn":{ + "shape":"SecretArn", + "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" + }, + "DbUser":{ "shape":"String", - "documentation":"A database name. The connected database is specified when you connect with your authentication credentials.
" + "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" }, "Database":{ "shape":"String", "documentation":"The name of the database that contains the schemas to list. If ConnectedDatabase is not specified, this is also the database to connect to with your authentication credentials.
The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" + "documentation":"A database name. The connected database is specified when you connect with your authentication credentials.
" }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"The maximum number of schemas to return in the response. If more schemas exist than fit in one response, then NextToken is returned to page through the results.
A pattern to filter results by schema name. Within a schema pattern, \"%\" means match any substring of 0 or more characters and \"_\" means match any one character. Only schema name entries matching the search pattern are returned.
" }, "NextToken":{ "shape":"String", "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" }, - "SchemaPattern":{ - "shape":"String", - "documentation":"A pattern to filter results by schema name. Within a schema pattern, \"%\" means match any substring of 0 or more characters and \"_\" means match any one character. Only schema name entries matching the search pattern are returned.
" - }, - "SecretArn":{ - "shape":"SecretArn", - "documentation":"The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" + "MaxResults":{ + "shape":"PageSize", + "documentation":"The maximum number of schemas to return in the response. If more schemas exist than fit in one response, then NextToken is returned to page through the results.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, "Schemas":{ "shape":"SchemaList", "documentation":"The schemas that match the request pattern.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" } } }, @@ -971,26 +988,14 @@ "ListStatementsRequest":{ "type":"structure", "members":{ - "ClusterIdentifier":{ - "shape":"ClusterIdentifierString", - "documentation":"The cluster identifier. Only statements that ran on this cluster are returned. When providing ClusterIdentifier, then WorkgroupName can't be specified.
The name of the database when listing statements run against a ClusterIdentifier or WorkgroupName.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" }, "MaxResults":{ "shape":"ListStatementsLimit", "documentation":"The maximum number of SQL statements to return in the response. If more SQL statements exist than fit in one response, then NextToken is returned to page through the results.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, - "RoleLevel":{ - "shape":"Boolean", - "documentation":"A value that filters which statements to return in the response. If true, all statements run by the caller's IAM role are returned. If false, only statements run by the caller's IAM role in the current IAM session are returned. The default is true.
" - }, "StatementName":{ "shape":"StatementNameString", "documentation":"The name of the SQL statement specified as input to BatchExecuteStatement or ExecuteStatement to identify the query. You can list multiple statements by providing a prefix that matches the beginning of the statement name. For example, to list myStatement1, myStatement2, myStatement3, and so on, then provide the a value of myStatement. Data API does a case-sensitive match of SQL statement names to the prefix value you provide.
The status of the SQL statement to list. Status values are defined as follows:
ABORTED - The query run was stopped by the user.
ALL - A status value that includes all query statuses. This value can be used to filter results.
FAILED - The query run failed.
FINISHED - The query has finished running.
PICKED - The query has been chosen to be run.
STARTED - The query run has started.
SUBMITTED - The query was submitted, but not yet processed.
A value that filters which statements to return in the response. If true, all statements run by the caller's IAM role are returned. If false, only statements run by the caller's IAM role in the current IAM session are returned. The default is true.
" + }, + "Database":{ + "shape":"String", + "documentation":"The name of the database when listing statements run against a ClusterIdentifier or WorkgroupName.
The cluster identifier. Only statements that ran on this cluster are returned. When providing ClusterIdentifier, then WorkgroupName can't be specified.
The serverless workgroup name or Amazon Resource Name (ARN). Only statements that ran on this workgroup are returned. When providing WorkgroupName, then ClusterIdentifier can't be specified.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, "Statements":{ "shape":"StatementList", "documentation":"The SQL statements.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" } } }, @@ -1027,38 +1044,38 @@ "shape":"ClusterIdentifierString", "documentation":"The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.
" }, - "ConnectedDatabase":{ - "shape":"String", - "documentation":"A database name. The connected database is specified when you connect with your authentication credentials.
" - }, - "Database":{ - "shape":"String", - "documentation":"The name of the database that contains the tables to list. If ConnectedDatabase is not specified, this is also the database to connect to with your authentication credentials.
The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" }, "DbUser":{ "shape":"String", "documentation":"The database user name. This parameter is required when connecting to a cluster as a database user and authenticating using temporary credentials.
" }, - "MaxResults":{ - "shape":"PageSize", - "documentation":"The maximum number of tables to return in the response. If more tables exist than fit in one response, then NextToken is returned to page through the results.
The name of the database that contains the tables to list. If ConnectedDatabase is not specified, this is also the database to connect to with your authentication credentials.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" + "documentation":"A database name. The connected database is specified when you connect with your authentication credentials.
" }, "SchemaPattern":{ "shape":"String", "documentation":"A pattern to filter results by schema name. Within a schema pattern, \"%\" means match any substring of 0 or more characters and \"_\" means match any one character. Only schema name entries matching the search pattern are returned. If SchemaPattern is not specified, then all tables that match TablePattern are returned. If neither SchemaPattern or TablePattern are specified, then all tables are returned.
The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.
" - }, "TablePattern":{ "shape":"String", "documentation":"A pattern to filter results by table name. Within a table pattern, \"%\" means match any substring of 0 or more characters and \"_\" means match any one character. Only table name entries matching the search pattern are returned. If TablePattern is not specified, then all tables that match SchemaPatternare returned. If neither SchemaPattern or TablePattern are specified, then all tables are returned.
A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" + }, + "MaxResults":{ + "shape":"PageSize", + "documentation":"The maximum number of tables to return in the response. If more tables exist than fit in one response, then NextToken is returned to page through the results.
The serverless workgroup name or Amazon Resource Name (ARN). This parameter is required when connecting to a serverless workgroup and authenticating using either Secrets Manager or temporary credentials.
" @@ -1068,13 +1085,13 @@ "ListTablesResponse":{ "type":"structure", "members":{ - "NextToken":{ - "shape":"String", - "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" - }, "Tables":{ "shape":"TableList", "documentation":"The tables that match the request pattern.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned NextToken value in the next NextToken parameter and retrying the command. If the NextToken field is empty, all response records have been retrieved for the request.
" } } }, @@ -1086,7 +1103,7 @@ }, "ParameterName":{ "type":"string", - "pattern":"^[0-9a-zA-Z_]+$" + "pattern":"[0-9a-zA-Z_]+" }, "ParameterValue":{ "type":"string", @@ -1185,22 +1202,10 @@ "type":"structure", "required":["Id"], "members":{ - "CreatedAt":{ - "shape":"Timestamp", - "documentation":"The date and time (UTC) the statement was created.
" - }, "Id":{ "shape":"UUID", "documentation":"The SQL statement identifier. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" }, - "IsBatchStatement":{ - "shape":"Boolean", - "documentation":"A value that indicates whether the statement is a batch query request.
" - }, - "QueryParameters":{ - "shape":"SqlParametersList", - "documentation":"The parameters used in a SQL statement.
" - }, "QueryString":{ "shape":"StatementString", "documentation":"The SQL statement.
" @@ -1209,29 +1214,41 @@ "shape":"StatementStringList", "documentation":"One or more SQL statements. Each query string in the array corresponds to one of the queries in a batch query request.
" }, - "ResultFormat":{ - "shape":"ResultFormatString", - "documentation":"The data format of the result of the SQL statement.
" - }, "SecretArn":{ "shape":"SecretArn", "documentation":"The name or Amazon Resource Name (ARN) of the secret that enables access to the database.
" }, - "SessionId":{ - "shape":"UUID", - "documentation":"The session identifier of the query.
" + "Status":{ + "shape":"StatusString", + "documentation":"The status of the SQL statement. An example is the that the SQL statement finished.
" }, "StatementName":{ "shape":"StatementNameString", "documentation":"The name of the SQL statement.
" }, - "Status":{ - "shape":"StatusString", - "documentation":"The status of the SQL statement. An example is the that the SQL statement finished.
" + "CreatedAt":{ + "shape":"Timestamp", + "documentation":"The date and time (UTC) the statement was created.
" }, "UpdatedAt":{ "shape":"Timestamp", "documentation":"The date and time (UTC) that the statement metadata was last updated.
" + }, + "QueryParameters":{ + "shape":"SqlParametersList", + "documentation":"The parameters used in a SQL statement.
" + }, + "IsBatchStatement":{ + "shape":"Boolean", + "documentation":"A value that indicates whether the statement is a batch query request.
" + }, + "ResultFormat":{ + "shape":"ResultFormatString", + "documentation":"The data format of the result of the SQL statement.
" + }, + "SessionId":{ + "shape":"UUID", + "documentation":"The session identifier of the query.
" } }, "documentation":"The SQL statement to run.
" @@ -1242,7 +1259,7 @@ }, "StatementNameString":{ "type":"string", - "max":500, + "max":2048, "min":0 }, "StatementStatusString":{ @@ -1278,9 +1295,9 @@ "type":"structure", "required":["Id"], "members":{ - "CreatedAt":{ - "shape":"Timestamp", - "documentation":"The date and time (UTC) the statement was created.
" + "Id":{ + "shape":"UUID", + "documentation":"The identifier of the SQL statement. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. A suffix indicates the number of the SQL statement. For example, d9b6c0c9-0747-4bf4-b142-e8883122f766:2 has a suffix of :2 that indicates the second SQL statement of a batch query.
The error message from the cluster if the SQL statement encountered an error while running.
" }, - "HasResultSet":{ - "shape":"Boolean", - "documentation":"A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set.
" + "Status":{ + "shape":"StatementStatusString", + "documentation":"The status of the SQL statement. An example is the that the SQL statement finished.
" }, - "Id":{ - "shape":"UUID", - "documentation":"The identifier of the SQL statement. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. A suffix indicates the number of the SQL statement. For example, d9b6c0c9-0747-4bf4-b142-e8883122f766:2 has a suffix of :2 that indicates the second SQL statement of a batch query.
The date and time (UTC) the statement was created.
" + }, + "UpdatedAt":{ + "shape":"Timestamp", + "documentation":"The date and time (UTC) that the statement metadata was last updated.
" }, "QueryString":{ "shape":"StatementString", "documentation":"The SQL statement text.
" }, - "RedshiftQueryId":{ - "shape":"Long", - "documentation":"The SQL statement identifier. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" - }, "ResultRows":{ "shape":"Long", "documentation":"Either the number of rows returned from the SQL statement or the number of rows affected. If result size is greater than zero, the result rows can be the number of rows affected by SQL statements such as INSERT, UPDATE, DELETE, COPY, and others. A -1 indicates the value is null.
The size in bytes of the returned results. A -1 indicates the value is null.
The status of the SQL statement. An example is the that the SQL statement finished.
" + "RedshiftQueryId":{ + "shape":"Long", + "documentation":"The SQL statement identifier. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.
" }, - "UpdatedAt":{ - "shape":"Timestamp", - "documentation":"The date and time (UTC) that the statement metadata was last updated.
" + "HasResultSet":{ + "shape":"Boolean", + "documentation":"A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set.
" } }, "documentation":"Information about an SQL statement.
" @@ -1340,13 +1357,13 @@ "shape":"String", "documentation":"The name of the table.
" }, - "schema":{ - "shape":"String", - "documentation":"The schema containing the table.
" - }, "type":{ "shape":"String", "documentation":"The type of the table. Possible values include TABLE, VIEW, SYSTEM TABLE, GLOBAL TEMPORARY, LOCAL TEMPORARY, ALIAS, and SYNONYM.
" + }, + "schema":{ + "shape":"String", + "documentation":"The schema containing the table.
" } }, "documentation":"The properties of a table.
" @@ -1354,7 +1371,7 @@ "Timestamp":{"type":"timestamp"}, "UUID":{ "type":"string", - "pattern":"^[a-z0-9]{8}(-[a-z0-9]{4}){3}-[a-z0-9]{12}(:\\d+)?$" + "pattern":"[a-z0-9]{8}(-[a-z0-9]{4}){3}-[a-z0-9]{12}(:\\d{0,2})?" }, "ValidationException":{ "type":"structure", @@ -1371,7 +1388,7 @@ "type":"string", "max":128, "min":3, - "pattern":"^(([a-z0-9-]+)|(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov|(-iso[a-z]?))?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}))$" + "pattern":".*((^[a-z0-9-]{3,63}$)|^(arn:(aws(-[a-z]+)*):redshift-serverless:[a-z]{2}(-gov|(-iso[a-z]?))?-[a-z]+-\\d{1}:\\d{12}:workgroup/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}))" }, "bool":{"type":"boolean"} }, diff --git a/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json b/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json index dd20ad9eecb7..d6d3b8c1f3d2 100644 --- a/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json +++ b/awscli/botocore/data/redshift-serverless/2021-04-21/service-2.json @@ -26,8 +26,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"TooManyTagsException"}, {"shape":"ServiceQuotaExceededException"} ], @@ -44,8 +44,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], @@ -80,8 +80,8 @@ "output":{"shape":"CreateNamespaceResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"TooManyTagsException"} ], "documentation":"Creates a namespace in Amazon Redshift Serverless.
", @@ -98,8 +98,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"TooManyTagsException"}, {"shape":"ServiceQuotaExceededException"}, {"shape":"ThrottlingException"} @@ -118,8 +118,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Creates a scheduled action. A scheduled action contains a schedule and an Amazon Redshift API action. For example, you can create a schedule of when to run the CreateSnapshot API operation.
Creates a usage limit for a specified Amazon Redshift Serverless usage type. The usage limit is identified by the returned usage limit identifier.
", @@ -192,8 +192,8 @@ {"shape":"InternalServerException"}, {"shape":"InsufficientCapacityException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"TooManyTagsException"}, {"shape":"Ipv6CidrBlockNotFoundException"} ], @@ -211,8 +211,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], @@ -246,8 +246,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Deletes a namespace from Amazon Redshift Serverless. Before you delete the namespace, you can create a final snapshot that has all of the data within the namespace.
", "idempotent":true @@ -294,8 +294,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Deletes a snapshot from Amazon Redshift Serverless.
", "idempotent":true @@ -329,8 +329,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Deletes a usage limit from Amazon Redshift Serverless.
", "idempotent":true @@ -346,8 +346,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Deletes a workgroup.
", "idempotent":true @@ -378,8 +378,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], @@ -427,8 +427,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Returns information about a recovery point.
" }, @@ -534,8 +534,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], @@ -552,8 +552,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Returns information about a usage limit.
" }, @@ -687,8 +687,8 @@ "output":{"shape":"ListScheduledActionsResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"InvalidPaginationException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidPaginationException"}, {"shape":"ValidationException"} ], "documentation":"Returns a list of scheduled actions. You can use the flags to filter the list of returned scheduled actions.
" @@ -703,10 +703,10 @@ "output":{"shape":"ListSnapshotCopyConfigurationsResponse"}, "errors":[ {"shape":"InternalServerException"}, - {"shape":"InvalidPaginationException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"InvalidPaginationException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Returns a list of snapshot copy configurations.
" }, @@ -734,8 +734,8 @@ "input":{"shape":"ListTableRestoreStatusRequest"}, "output":{"shape":"ListTableRestoreStatusResponse"}, "errors":[ - {"shape":"InvalidPaginationException"}, {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidPaginationException"}, {"shape":"ValidationException"} ], "documentation":"Returns information about an array of TableRestoreStatus objects.
Lists all usage limits within Amazon Redshift Serverless.
" }, @@ -815,8 +815,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"Creates or updates a resource policy. Currently, you can use policies to share snapshots across Amazon Web Services accounts.
" @@ -832,8 +832,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Restore the data from a recovery point.
" }, @@ -848,8 +848,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"ServiceQuotaExceededException"} ], "documentation":"Restores a namespace from a snapshot.
", @@ -866,8 +866,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Restores a table from a recovery point to your Amazon Redshift Serverless instance. You can't use this operation to restore tables with interleaved sort keys.
" }, @@ -882,8 +882,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Restores a table from a snapshot to your Amazon Redshift Serverless instance. You can't use this operation to restore tables with interleaved sort keys.
" }, @@ -931,8 +931,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"AccessDeniedException"}, {"shape":"ThrottlingException"} ], @@ -955,6 +955,23 @@ ], "documentation":"Updates an Amazon Redshift Serverless managed endpoint.
" }, + "UpdateLakehouseConfiguration":{ + "name":"UpdateLakehouseConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateLakehouseConfigurationRequest"}, + "output":{"shape":"UpdateLakehouseConfigurationResponse"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"DryRunException"} + ], + "documentation":"Modifies the lakehouse configuration for a namespace. This operation allows you to manage Amazon Redshift federated permissions and Amazon Web Services IAM Identity Center trusted identity propagation.
" + }, "UpdateNamespace":{ "name":"UpdateNamespace", "http":{ @@ -966,8 +983,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Updates a namespace with the specified settings. Unless required, you can't update multiple parameters in one request. For example, you must specify both adminUsername and adminUserPassword to update either field, but you can't update both kmsKeyId and logExports in a single request.
Updates a scheduled action.
", "idempotent":true @@ -999,8 +1016,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Updates a snapshot.
" }, @@ -1032,8 +1049,8 @@ "errors":[ {"shape":"InternalServerException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, - {"shape":"ValidationException"} + {"shape":"ValidationException"}, + {"shape":"ConflictException"} ], "documentation":"Update a usage limit in Amazon Redshift Serverless. You can't update the usage type or period of a usage limit.
" }, @@ -1049,8 +1066,8 @@ {"shape":"InternalServerException"}, {"shape":"InsufficientCapacityException"}, {"shape":"ResourceNotFoundException"}, - {"shape":"ConflictException"}, {"shape":"ValidationException"}, + {"shape":"ConflictException"}, {"shape":"Ipv6CidrBlockNotFoundException"} ], "documentation":"Updates a workgroup with the specified configuration settings. You can't update multiple parameters in one request. For example, you can update baseCapacity or port in a single request, but you can't update both in the same request.
VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. If a workgroup is in an account with VPC BPA turned on, the following capabilities are blocked:
Creating a public access workgroup
Modifying a private workgroup to public
Adding a subnet with VPC BPA turned on to the workgroup when the workgroup is public
For more information about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" @@ -1106,6 +1123,12 @@ "box":true }, "Capacity":{"type":"integer"}, + "CatalogNameString":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[a-z0-9_-]*[a-z]+[a-z0-9_-]*$" + }, "Charge":{"type":"double"}, "ConfigParameter":{ "type":"structure", @@ -1652,8 +1675,7 @@ }, "DeleteCustomDomainAssociationResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteEndpointAccessRequest":{ "type":"structure", @@ -1714,8 +1736,7 @@ }, "DeleteResourcePolicyResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "DeleteScheduledActionRequest":{ "type":"structure", @@ -1818,6 +1839,15 @@ "type":"double", "box":true }, + "DryRunException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"String"} + }, + "documentation":"This exception is thrown when the request was successful, but dry run was enabled so no action was taken.
", + "exception":true + }, "Duration":{"type":"integer"}, "Endpoint":{ "type":"structure", @@ -2269,6 +2299,20 @@ "exception":true }, "KmsKeyId":{"type":"string"}, + "LakehouseIdcRegistration":{ + "type":"string", + "enum":[ + "Associate", + "Disassociate" + ] + }, + "LakehouseRegistration":{ + "type":"string", + "enum":[ + "Register", + "Deregister" + ] + }, "ListCustomDomainAssociationsRequest":{ "type":"structure", "members":{ @@ -2367,7 +2411,7 @@ }, "sourceArn":{ "shape":"SourceArn", - "documentation":"The Amazon Resource Name (ARN) for the managed workgroup in the AWS Glue Data Catalog.
" + "documentation":"The Amazon Resource Name (ARN) for the managed workgroup in the Glue Data Catalog.
" } } }, @@ -2865,14 +2909,14 @@ }, "sourceArn":{ "shape":"SourceArn", - "documentation":"The Amazon Resource Name (ARN) for the managed workgroup in the AWS Glue Data Catalog.
" + "documentation":"The Amazon Resource Name (ARN) for the managed workgroup in the Glue Data Catalog.
" }, "status":{ "shape":"ManagedWorkgroupStatus", "documentation":"The status of the managed workgroup.
" } }, - "documentation":"A collection of Amazon Redshift compute resources managed by AWS Glue.
" + "documentation":"A collection of Amazon Redshift compute resources managed by Glue.
" }, "ManagedWorkgroupName":{ "type":"string", @@ -2909,6 +2953,10 @@ "shape":"DbUser", "documentation":"The username of the administrator for the first database created in the namespace.
" }, + "catalogArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Glue Data Catalog associated with the namespace enabled with Amazon Redshift federated permissions.
" + }, "creationDate":{ "shape":"SyntheticTimestamp_date_time", "documentation":"The date of when the namespace was created.
" @@ -2929,6 +2977,10 @@ "shape":"String", "documentation":"The ID of the Amazon Web Services Key Management Service key used to encrypt your data.
" }, + "lakehouseRegistrationStatus":{ + "shape":"String", + "documentation":"The status of the lakehouse registration for the namespace. Indicates whether the namespace is successfully registered with Amazon Redshift federated permissions.
" + }, "logExports":{ "shape":"LogExportList", "documentation":"The types of logs the namespace can export. Available export types are User log, Connection log, and User activity log.
" @@ -3146,7 +3198,7 @@ }, "startDate":{ "shape":"SyntheticTimestamp_date_time", - "documentation":"The start date for the serverless reservation. This is the date you specified for the reservation to start when you created the reservation.
" + "documentation":"The start date for the serverless reservation. This is the date you created the reservation.
" }, "status":{ "shape":"Status", @@ -3859,8 +3911,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -3927,8 +3978,7 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateCustomDomainAssociationRequest":{ "type":"structure", @@ -3996,6 +4046,57 @@ } } }, + "UpdateLakehouseConfigurationRequest":{ + "type":"structure", + "required":["namespaceName"], + "members":{ + "catalogName":{ + "shape":"CatalogNameString", + "documentation":"The name of the Glue Data Catalog that will be associated with the namespace enabled with Amazon Redshift federated permissions.
Pattern: ^[a-z0-9_-]*[a-z]+[a-z0-9_-]*$
A boolean value that, if true, validates the request without actually updating the lakehouse configuration. Use this to check for errors before making changes.
The Amazon Resource Name (ARN) of the IAM Identity Center application used for enabling Amazon Web Services IAM Identity Center trusted identity propagation on a namespace enabled with Amazon Redshift federated permissions.
" + }, + "lakehouseIdcRegistration":{ + "shape":"LakehouseIdcRegistration", + "documentation":"Modifies the Amazon Web Services IAM Identity Center trusted identity propagation on a namespace enabled with Amazon Redshift federated permissions. Valid values are Associate or Disassociate.
Specifies whether to register or deregister the namespace with Amazon Redshift federated permissions. Valid values are Register or Deregister.
The name of the namespace whose lakehouse configuration you want to modify.
" + } + } + }, + "UpdateLakehouseConfigurationResponse":{ + "type":"structure", + "members":{ + "catalogArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Glue Data Catalog associated with the lakehouse configuration.
" + }, + "lakehouseIdcApplicationArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the IAM Identity Center application used for enabling Amazon Web Services IAM Identity Center trusted identity propagation.
" + }, + "lakehouseRegistrationStatus":{ + "shape":"String", + "documentation":"The current status of the lakehouse registration. Indicates whether the namespace is successfully registered with Amazon Redshift federated permissions.
" + }, + "namespaceName":{ + "shape":"NamespaceName", + "documentation":"The name of the namespace.
" + } + } + }, "UpdateNamespaceRequest":{ "type":"structure", "required":["namespaceName"], @@ -4317,7 +4418,7 @@ "members":{ "message":{"shape":"String"} }, - "documentation":"The input failed to satisfy the constraints specified by an AWS service.
", + "documentation":"The input failed to satisfy the constraints specified by an Amazon Web Services service.
", "exception":true }, "VpcEndpoint":{ diff --git a/awscli/botocore/data/redshift/2012-12-01/service-2.json b/awscli/botocore/data/redshift/2012-12-01/service-2.json index 345bf9db2b22..5d073d6985b2 100644 --- a/awscli/botocore/data/redshift/2012-12-01/service-2.json +++ b/awscli/botocore/data/redshift/2012-12-01/service-2.json @@ -276,7 +276,9 @@ {"shape":"InvalidRetentionPeriodFault"}, {"shape":"Ipv6CidrBlockNotFoundFault"}, {"shape":"UnsupportedOperationFault"}, - {"shape":"RedshiftIdcApplicationNotExistsFault"} + {"shape":"RedshiftIdcApplicationNotExistsFault"}, + {"shape":"DependentServiceUnavailableFault"}, + {"shape":"DependentServiceAccessDeniedFault"} ], "documentation":"Creates a new cluster with the specified parameters.
To create a cluster in Virtual Private Cloud (VPC), you must provide a cluster subnet group name. The cluster subnet group identifies the subnets of your VPC that Amazon Redshift uses when creating the cluster. For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide.
VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. If a subnet group for a provisioned cluster is in an account with VPC BPA turned on, the following capabilities are blocked:
Creating a public cluster
Restoring a public cluster
Modifying a private cluster to be public
Adding a subnet with VPC BPA turned on to the subnet group when there's at least one public cluster within the group
For more information about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" }, @@ -1780,6 +1782,25 @@ ], "documentation":"Returns a database user name and temporary password with temporary authorization to log in to an Amazon Redshift database. The database user is mapped 1:1 to the source Identity and Access Management (IAM) identity. For more information about IAM identities, see IAM Identities (users, user groups, and roles) in the Amazon Web Services Identity and Access Management User Guide.
The Identity and Access Management (IAM) identity that runs this operation must have an IAM policy attached that allows access to all necessary actions and resources. For more information about permissions, see Using identity-based policies (IAM policies) in the Amazon Redshift Cluster Management Guide.
" }, + "GetIdentityCenterAuthToken":{ + "name":"GetIdentityCenterAuthToken", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetIdentityCenterAuthTokenRequest"}, + "output":{ + "shape":"GetIdentityCenterAuthTokenResponse", + "resultWrapper":"GetIdentityCenterAuthTokenResult" + }, + "errors":[ + {"shape":"ClusterNotFoundFault"}, + {"shape":"InvalidClusterStateFault"}, + {"shape":"UnsupportedOperationFault"}, + {"shape":"RedshiftInvalidParameterFault"} + ], + "documentation":"Generates an encrypted authentication token that propagates the caller's Amazon Web Services IAM Identity Center identity to Amazon Redshift clusters. This API extracts the Amazon Web Services IAM Identity Center identity from enhanced credentials and creates a secure token that Amazon Redshift drivers can use for authentication.
The token is encrypted using Key Management Service (KMS) and can only be decrypted by the specified Amazon Redshift clusters. The token contains the caller's Amazon Web Services IAM Identity Center identity information and is valid for a limited time period.
This API is exclusively for use with Amazon Web Services IAM Identity Center enhanced credentials. If the caller is not using enhanced credentials with embedded Amazon Web Services IAM Identity Center identity, the API will return an error.
" + }, "GetReservedNodeExchangeConfigurationOptions":{ "name":"GetReservedNodeExchangeConfigurationOptions", "http":{ @@ -2139,6 +2160,28 @@ ], "documentation":"Modifies a zero-ETL integration or S3 event integration with Amazon Redshift.
" }, + "ModifyLakehouseConfiguration":{ + "name":"ModifyLakehouseConfiguration", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyLakehouseConfigurationMessage"}, + "output":{ + "shape":"LakehouseConfiguration", + "resultWrapper":"ModifyLakehouseConfigurationResult" + }, + "errors":[ + {"shape":"ClusterNotFoundFault"}, + {"shape":"InvalidClusterStateFault"}, + {"shape":"UnsupportedOperationFault"}, + {"shape":"UnauthorizedOperation"}, + {"shape":"RedshiftIdcApplicationNotExistsFault"}, + {"shape":"DependentServiceUnavailableFault"}, + {"shape":"DependentServiceAccessDeniedFault"} + ], + "documentation":"Modifies the lakehouse configuration for a cluster. This operation allows you to manage Amazon Redshift federated permissions and Amazon Web Services IAM Identity Center trusted identity propagation.
" + }, "ModifyRedshiftIdcApplication":{ "name":"ModifyRedshiftIdcApplication", "http":{ @@ -2434,6 +2477,8 @@ {"shape":"DependentServiceUnavailableFault"}, {"shape":"ReservedNodeAlreadyExistsFault"}, {"shape":"UnsupportedOperationFault"}, + {"shape":"RedshiftIdcApplicationNotExistsFault"}, + {"shape":"DependentServiceAccessDeniedFault"}, {"shape":"Ipv6CidrBlockNotFoundFault"} ], "documentation":"Creates a new cluster from a snapshot. By default, Amazon Redshift creates the resulting cluster with the same configuration as the original cluster from which the snapshot was created, except that the new cluster is created with the default cluster security and parameter groups. After Amazon Redshift creates the cluster, you can use the ModifyCluster API to associate a different security group and different parameter group with the restored cluster. If you are using a DS node type, you can also choose to change to another DS node type of the same size during restore.
If you restore a cluster into a VPC, you must provide a cluster subnet group where you want the cluster restored.
VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. If a subnet group for a provisioned cluster is in an account with VPC BPA turned on, the following capabilities are blocked:
Creating a public cluster
Restoring a public cluster
Modifying a private cluster to be public
Adding a subnet with VPC BPA turned on to the subnet group when there's at least one public cluster within the group
For more information about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
For more information about working with snapshots, go to Amazon Redshift Snapshots in the Amazon Redshift Cluster Management Guide.
" @@ -2678,6 +2723,13 @@ "resize-cluster" ] }, + "ApplicationType":{ + "type":"string", + "enum":[ + "None", + "Lakehouse" + ] + }, "AquaConfiguration":{ "type":"structure", "members":{ @@ -3148,6 +3200,12 @@ } } }, + "CatalogNameString":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[a-z0-9_-]*[a-z]+[a-z0-9_-]*$" + }, "CertificateAssociation":{ "type":"structure", "members":{ @@ -3411,6 +3469,14 @@ "MultiAZSecondary":{ "shape":"SecondaryClusterInfo", "documentation":"The secondary compute unit of a cluster, if Multi-AZ deployment is turned on.
" + }, + "LakehouseRegistrationStatus":{ + "shape":"String", + "documentation":"The status of the lakehouse registration for the cluster. Indicates whether the cluster is successfully registered with Amazon Redshift federated permissions.
" + }, + "CatalogArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Glue data catalog associated with the cluster enabled with Amazon Redshift federated permissions.
" } }, "documentation":"Describes a cluster.
", @@ -3543,6 +3609,13 @@ "locationName":"ClusterIamRole" } }, + "ClusterIdentifierList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"ClusterIdentifier" + } + }, "ClusterList":{ "type":"list", "member":{ @@ -4078,6 +4151,17 @@ }, "exception":true }, + "Connect":{ + "type":"structure", + "required":["Authorization"], + "members":{ + "Authorization":{ + "shape":"ServiceAuthorization", + "documentation":"Determines whether the Amazon Redshift connect integration is enabled or disabled for the application.
" + } + }, + "documentation":"A structure that defines the Amazon Redshift connect service integration scope.
" + }, "ConsumerIdentifierList":{ "type":"list", "member":{"shape":"String"}, @@ -4320,6 +4404,10 @@ "RedshiftIdcApplicationArn":{ "shape":"String", "documentation":"The Amazon resource name (ARN) of the Amazon Redshift IAM Identity Center application.
" + }, + "CatalogName":{ + "shape":"CatalogNameString", + "documentation":"The name of the Glue data catalog that will be associated with the cluster enabled with Amazon Redshift federated permissions.
Constraints:
Must contain at least one lowercase letter.
Can only contain lowercase letters (a-z), numbers (0-9), underscores (_), and hyphens (-).
Pattern: ^[a-z0-9_-]*[a-z]+[a-z0-9_-]*$
Example: my-catalog_01
A collection of service integrations for the Redshift IAM Identity Center application.
" }, + "ApplicationType":{ + "shape":"ApplicationType", + "documentation":"The type of application being created. Valid values are None or Lakehouse. Use Lakehouse to enable Amazon Redshift federated permissions on cluster.
A list of tags.
" @@ -7215,6 +7307,31 @@ } } }, + "GetIdentityCenterAuthTokenRequest":{ + "type":"structure", + "required":["ClusterIds"], + "members":{ + "ClusterIds":{ + "shape":"ClusterIdentifierList", + "documentation":"A list of cluster identifiers that the generated token can be used with. The token will be scoped to only allow authentication to the specified clusters.
Constraints:
ClusterIds must contain at least 1 cluster identifier.
ClusterIds can hold a maximum of 20 cluster identifiers.
Cluster identifiers must be 1 to 63 characters in length.
The characters accepted for cluster identifiers are the following:
Alphanumeric characters
Hyphens
Cluster identifiers must start with a letter.
Cluster identifiers can't end with a hyphen or contain two consecutive hyphens.
The request parameters for GetIdentityCenterAuthToken.
The encrypted authentication token containing the caller's Amazon Web Services IAM Identity Center identity information. This token is encrypted using Key Management Service and can only be decrypted by the specified Amazon Redshift clusters. Use this token with Amazon Redshift drivers to authenticate using your Amazon Web Services IAM Identity Center identity.
" + }, + "ExpirationTime":{ + "shape":"TStamp", + "documentation":"The time (UTC) when the token expires. After this timestamp, the token will no longer be valid for authentication.
" + } + }, + "documentation":"The response from GetIdentityCenterAuthToken containing the encrypted authentication token and expiration time.
" + }, "GetReservedNodeExchangeConfigurationOptionsInputMessage":{ "type":"structure", "required":["ActionType"], @@ -8207,6 +8324,42 @@ "type":"list", "member":{"shape":"LakeFormationScopeUnion"} }, + "LakehouseConfiguration":{ + "type":"structure", + "members":{ + "ClusterIdentifier":{ + "shape":"String", + "documentation":"The unique identifier of the cluster associated with this lakehouse configuration.
" + }, + "LakehouseIdcApplicationArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the IAM Identity Center application used for enabling Amazon Web Services IAM Identity Center trusted identity propagation on a cluster enabled with Amazon Redshift federated permissions.
" + }, + "LakehouseRegistrationStatus":{ + "shape":"String", + "documentation":"The current status of the lakehouse registration. Indicates whether the cluster is successfully registered with the lakehouse.
" + }, + "CatalogArn":{ + "shape":"String", + "documentation":"The Amazon Resource Name (ARN) of the Glue data catalog associated with the lakehouse configuration.
" + } + }, + "documentation":"Contains configuration information for lakehouse integration, including the cluster identifier, catalog ARN, and registration status.
" + }, + "LakehouseIdcRegistration":{ + "type":"string", + "enum":[ + "Associate", + "Disassociate" + ] + }, + "LakehouseRegistration":{ + "type":"string", + "enum":[ + "Register", + "Deregister" + ] + }, "LimitExceededFault":{ "type":"structure", "members":{}, @@ -8802,6 +8955,36 @@ } } }, + "ModifyLakehouseConfigurationMessage":{ + "type":"structure", + "required":["ClusterIdentifier"], + "members":{ + "ClusterIdentifier":{ + "shape":"String", + "documentation":"The unique identifier of the cluster whose lakehouse configuration you want to modify.
" + }, + "LakehouseRegistration":{ + "shape":"LakehouseRegistration", + "documentation":"Specifies whether to register or deregister the cluster with Amazon Redshift federated permissions. Valid values are Register or Deregister.
The name of the Glue data catalog that will be associated with the cluster enabled with Amazon Redshift federated permissions.
Constraints:
Must contain at least one lowercase letter.
Can only contain lowercase letters (a-z), numbers (0-9), underscores (_), and hyphens (-).
Pattern: ^[a-z0-9_-]*[a-z]+[a-z0-9_-]*$
Example: my-catalog_01
Modifies the Amazon Web Services IAM Identity Center trusted identity propagation on a cluster enabled with Amazon Redshift federated permissions. Valid values are Associate or Disassociate.
The Amazon Resource Name (ARN) of the IAM Identity Center application used for enabling Amazon Web Services IAM Identity Center trusted identity propagation on a cluster enabled with Amazon Redshift federated permissions.
" + }, + "DryRun":{ + "shape":"BooleanOptional", + "documentation":"A boolean value that, if true, validates the request without actually modifying the lakehouse configuration. Use this to check for errors before making changes.
A list of service integrations for the Redshift IAM Identity Center application.
" }, + "ApplicationType":{ + "shape":"ApplicationType", + "documentation":"The type of application being created. Valid values are None or Lakehouse. Use Lakehouse to enable Amazon Redshift federated permissions on cluster.
A list of tags.
" @@ -9709,6 +9896,32 @@ }, "exception":true }, + "RedshiftInvalidParameterFault":{ + "type":"structure", + "members":{}, + "documentation":"The request contains one or more invalid parameters. This error occurs when required parameters are missing, parameter values are outside acceptable ranges, or parameter formats are incorrect.
", + "error":{ + "code":"RedshiftInvalidParameter", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "RedshiftScopeUnion":{ + "type":"structure", + "members":{ + "Connect":{ + "shape":"Connect", + "documentation":"The Amazon Redshift connect integration scope configuration. Defines authorization settings for Amazon Redshift connect service integration.
" + } + }, + "documentation":"A union structure that defines the scope of Amazon Redshift service integrations. Contains configuration for different integration types such as Amazon Redshift.
", + "union":true + }, + "RedshiftServiceIntegrations":{ + "type":"list", + "member":{"shape":"RedshiftScopeUnion"} + }, "ReferenceLink":{ "type":"structure", "members":{ @@ -10409,6 +10622,14 @@ "MultiAZ":{ "shape":"BooleanOptional", "documentation":"If true, the snapshot will be restored to a cluster deployed in two Availability Zones.
" + }, + "CatalogName":{ + "shape":"CatalogNameString", + "documentation":"The name of the Glue Data Catalog that will be associated with the cluster enabled with Amazon Redshift federated permissions.
Constraints:
Must contain at least one lowercase letter.
Can only contain lowercase letters (a-z), numbers (0-9), underscores (_), and hyphens (-).
Pattern: ^[a-z0-9_-]*[a-z]+[a-z0-9_-]*$
Example: my-catalog_01
The Amazon Resource Name (ARN) of the IAM Identity Center application used for enabling Amazon Web Services IAM Identity Center trusted identity propagation on a cluster enabled with Amazon Redshift federated permissions.
" } }, "documentation":"" @@ -10963,6 +11184,10 @@ "S3AccessGrants":{ "shape":"S3AccessGrantsServiceIntegrations", "documentation":"A list of scopes set up for S3 Access Grants integration.
" + }, + "Redshift":{ + "shape":"RedshiftServiceIntegrations", + "documentation":"A list of scopes set up for Amazon Redshift integration.
" } }, "documentation":"A list of service integrations.
", diff --git a/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/paginators-1.json b/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/paginators-1.json index 7312afc50c35..bbf7282d5e8f 100644 --- a/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/paginators-1.json +++ b/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/paginators-1.json @@ -21,6 +21,12 @@ "limit_key": "MaxResults", "output_token": "PaginationToken", "result_key": "SummaryList" + }, + "ListRequiredTags": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "RequiredTags" } } } diff --git a/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json b/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json index 977add1c1dc7..85155fb7e5fe 100644 --- a/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json +++ b/awscli/botocore/data/resourcegroupstaggingapi/2017-01-26/service-2.json @@ -60,7 +60,7 @@ {"shape":"InternalServiceException"}, {"shape":"PaginationTokenExpiredException"} ], - "documentation":"Returns all the tagged or previously tagged resources that are located in the specified Amazon Web Services Region for the account.
Depending on what information you want returned, you can also specify the following:
Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.
Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the Organizations User Guide.
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
Returns all the tagged or previously tagged resources that are located in the specified Amazon Web Services Region for the account.
Depending on what information you want returned, you can also specify the following:
Filters that specify what tags and resource types you want returned. The response includes all tags that are associated with the requested resources.
Information about compliance with the account's effective tag policy. For more information on tag policies, see Tag Policies in the Organizations User Guide.
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
GetResources does not return untagged resources.
To find untagged resources in your account, use Amazon Web Services Resource Explorer with a query that uses tag:none. For more information, see Search query syntax reference for Resource Explorer.
Returns all tag values for the specified key that are used in the specified Amazon Web Services Region for the calling account.
This operation supports pagination, where the response can be sent in multiple pages. You should check the PaginationToken response parameter to determine if there are additional results available to return. Repeat the query, passing the PaginationToken response parameter value as an input to the next request until you recieve a null value. A null value for PaginationToken indicates that there are no more results waiting to be returned.
Lists the required tags for supported resource types in an Amazon Web Services account.
" + }, "StartReportCreation":{ "name":"StartReportCreation", "http":{ @@ -109,7 +125,7 @@ {"shape":"InvalidParameterException"}, {"shape":"ThrottledException"} ], - "documentation":"Generates a report that lists all tagged resources in the accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily. The report is generated asynchronously.
The generated report is saved to the following location:
s3://example-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv
You can call this operation only from the organization's management account and from the us-east-1 Region.
" + "documentation":"Generates a report that lists all tagged resources in the accounts across your organization and tells whether each resource is compliant with the effective tag policy. Compliance data is refreshed daily. The report is generated asynchronously.
The generated report is saved to the following location:
s3://amzn-s3-demo-bucket/AwsTagPolicies/o-exampleorgid/YYYY-MM-ddTHH:mm:ssZ/report.csv
For more information about evaluating resource compliance with tag policies, including the required permissions, review Permissions for evaluating organization-wide compliance in the Tagging Amazon Web Services Resources and Tag Editor user guide.
You can call this operation only from the organization's management account and from the us-east-1 Region.
If the account associated with the identity used to call StartReportCreation is different from the account that owns the Amazon S3 bucket, there must be a bucket policy attached to the bucket to provide access. For more information, review Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services Resources and Tag Editor user guide.
Applies one or more tags to the specified resources. Note the following:
Not all resources can have tags. For a list of services with resources that support tagging using this operation, see Services that support the Resource Groups Tagging API. If the resource doesn't yet support this operation, the resource's service might support tagging using its own API operations. For more information, refer to the documentation for that service.
Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the Amazon Web Services General Reference.
You can only tag resources that are located in the specified Amazon Web Services Region for the Amazon Web Services account.
To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see the documentation for each service.
Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.
Minimum permissions
In addition to the tag:TagResources permission required by this operation, you must also have the tagging permission defined by the service that created the resource. For example, to tag an Amazon EC2 instance using the TagResources operation, you must have both of the following permissions:
tag:TagResource
ec2:CreateTags
Applies one or more tags to the specified resources. Note the following:
Not all resources can have tags. For a list of services with resources that support tagging using this operation, see Services that support the Resource Groups Tagging API. If the resource doesn't yet support this operation, the resource's service might support tagging using its own API operations. For more information, refer to the documentation for that service.
Each resource can have up to 50 tags. For other limits, see Tag Naming and Usage Conventions in the Amazon Web Services General Reference.
You can only tag resources that are located in the specified Amazon Web Services Region for the Amazon Web Services account.
To add tags to a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for adding tags. For more information, see the documentation for each service.
When you use the Amazon Web Services Resource Groups Tagging API to update tags for Amazon Web Services CloudFormation stack sets, Amazon Web Services calls the Amazon Web Services CloudFormation UpdateStack operation. This operation may initiate additional resource property updates in addition to the desired tag updates. To avoid unexpected resource updates, Amazon Web Services recommends that you only apply or update tags to your CloudFormation stack sets using Amazon Web Services CloudFormation.
Do not store personally identifiable information (PII) or other confidential or sensitive information in tags. We use tags to provide you with billing and administration services. Tags are not intended to be used for private or sensitive data.
Minimum permissions
In addition to the tag:TagResources permission required by this operation, you must also have the tagging permission defined by the service that created the resource. For example, to tag an Amazon EC2 instance using the TagResources operation, you must have both of the following permissions:
tag:TagResources
ec2:CreateTags
In addition, some services might have specific requirements for tagging some types of resources. For example, to tag an Amazon S3 bucket, you must also have the s3:GetBucketTagging permission. If the expected minimum permissions don't work, check the documentation for that service's tagging APIs for more information.
Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:
To remove tags from a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for removing tags. For more information, see the documentation for the service whose resource you want to untag.
You can only tag resources that are located in the specified Amazon Web Services Region for the calling Amazon Web Services account.
Minimum permissions
In addition to the tag:UntagResources permission required by this operation, you must also have the remove tags permission defined by the service that created the resource. For example, to remove the tags from an Amazon EC2 instance using the UntagResources operation, you must have both of the following permissions:
tag:UntagResource
ec2:DeleteTags
Removes the specified tags from the specified resources. When you specify a tag key, the action removes both that key and its associated value. The operation succeeds even if you attempt to remove tags from a resource that were already removed. Note the following:
To remove tags from a resource, you need the necessary permissions for the service that the resource belongs to as well as permissions for removing tags. For more information, see the documentation for the service whose resource you want to untag.
You can only tag resources that are located in the specified Amazon Web Services Region for the calling Amazon Web Services account.
Minimum permissions
In addition to the tag:UntagResources permission required by this operation, you must also have the remove tags permission defined by the service that created the resource. For example, to remove the tags from an Amazon EC2 instance using the UntagResources operation, you must have both of the following permissions:
tag:UntagResources
ec2:DeleteTags
In addition, some services might have specific requirements for untagging some types of resources. For example, to untag Amazon Web Services Glue Connection, you must also have the glue:GetConnection permission. If the expected minimum permissions don't work, check the documentation for that service's tagging APIs for more information.
The target of the operation is currently being modified by a different request. Try again later.
", + "documentation":"The request failed because the target of the operation is currently being modified by a different request. Try again later.
", "exception":true }, "ConstraintViolationException":{ @@ -181,7 +202,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"The request was denied because performing this operation violates a constraint.
Some of the reasons in the following list might not apply to this specific operation.
You must meet the prerequisites for using tag policies. For information, see Prerequisites and Permissions for Using Tag Policies in the Organizations User Guide.
You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with Organizations For information, see EnableAWSServiceAccess.
You must have a tag policy attached to the organization root, an OU, or an account.
The request failed because performing the operation would violate a constraint.
Some of the reasons in the following list might not apply to this specific operation.
You must meet the prerequisites for using tag policies. For information, see Prerequisites and permissions in the Tagging Amazon Web Services resources and Tag Editor user guide.
You must enable the tag policies service principal (tagpolicies.tag.amazonaws.com) to integrate with Organizations For information, see EnableAWSServiceAccess.
You must have a tag policy attached to the organization root, an OU, or an account.
Specifies that you want the response to include information for only resources of the specified types. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the Amazon Web Services General Reference for the following:
For a list of service name strings, see Amazon Web Services Service Namespaces.
For resource type strings, see Example ARNs.
For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
You can specify multiple resource types by using a comma separated array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
" + "documentation":"Specifies that you want the response to include information for only resources of the specified types. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). Consult the Amazon Web Services General Reference for the following:
For a list of service name strings, see Amazon Web Services Service Namespaces.
For resource type strings, see Example ARNs.
For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces.
For the list of services whose resources you can tag using the Resource Groups Tagging API, see Services that support the Resource Groups Tagging API. If an Amazon Web Services service isn't listed on that page, you might still be able to tag that service's resources by using that service's native tagging operations instead of using Resource Groups Tagging API operations. All tagged resources, whether the tagging used the Resource Groups Tagging API or not, are returned by the Get* operation.
You can specify multiple resource types by using a comma separated array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter.
" }, "TagKeyFilters":{ "shape":"TagKeyFilterList", @@ -297,7 +318,7 @@ }, "TagFilters":{ "shape":"TagFilterList", - "documentation":"Specifies a list of TagFilters (keys and values) to restrict the output to only those resources that have tags with the specified keys and, if included, the specified values. Each TagFilter must contain a key with values optional. A request can include up to 50 keys, and each key can include up to 20 values.
Note the following when deciding how to use TagFilters:
If you don't specify a TagFilter, the response includes all resources that are currently tagged or ever had a tag. Resources that currently don't have tags are shown with an empty tag set, like this: \"Tags\": [].
If you specify more than one filter in a single request, the response returns only those resources that satisfy all filters.
If you specify a filter that contains more than one value for a key, the response returns resources that match any of the specified values for that key.
If you don't specify a value for a key, the response returns all resources that are tagged with that key, with any or no value.
For example, for the following filters: filter1= {keyA,{value1}}, filter2={keyB,{value2,value3,value4}}, filter3= {keyC}:
GetResources({filter1}) returns resources tagged with key1=value1
GetResources({filter2}) returns resources tagged with key2=value2 or key2=value3 or key2=value4
GetResources({filter3}) returns resources tagged with any tag with the key key3, and with any or no value
GetResources({filter1,filter2,filter3}) returns resources tagged with (key1=value1) and (key2=value2 or key2=value3 or key2=value4) and (key3, any or no value)
Specifies a list of TagFilters (keys and values) to restrict the output to only those resources that have tags with the specified keys and, if included, the specified values. Each TagFilter must contain a key with values optional. A request can include up to 50 keys, and each key can include up to 20 values.
You can't specify both this parameter and the ResourceArnList parameter in the same request. If you do, you get an Invalid Parameter exception.
Note the following when deciding how to use TagFilters:
If you don't specify a TagFilter, the response includes all resources that are currently tagged or ever had a tag. Resources that were previously tagged, but do not currently have tags, are shown with an empty tag set, like this: \"Tags\": [].
If you specify more than one filter in a single request, the response returns only those resources that satisfy all filters.
If you specify a filter that contains more than one value for a key, the response returns resources that match any of the specified values for that key.
If you don't specify a value for a key, the response returns all resources that are tagged with that key, with any or no value.
For example, for the following filters: filter1= {key1,{value1}}, filter2={key2,{value2,value3,value4}}, filter3= {key3}:
GetResources({filter1}) returns resources tagged with key1=value1
GetResources({filter2}) returns resources tagged with key2=value2 or key2=value3 or key2=value4
GetResources({filter3}) returns resources tagged with any tag with the key key3, and with any or no value
GetResources({filter1,filter2,filter3}) returns resources tagged with (key1=value1) and (key2=value2 or key2=value3 or key2=value4) and (key3, any or no value)
Specifies the resource types that you want included in the response. The format of each resource type is service[:resourceType]. For example, specifying a resource type of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN). For the list of services whose resources you can use in this parameter, see Services that support the Resource Groups Tagging API.
You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter. For example, the following string would limit the response to only Amazon EC2 instances, Amazon S3 buckets, or any Audit Manager resource:
ec2:instance,s3:bucket,auditmanager
Specifies the resource types that you want included in the response. The format of each resource type is service[:resourceType]. For example, specifying a service of ec2 returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of ec2:instance returns only EC2 instances.
You can't specify both this parameter and the ResourceArnList parameter in the same request. If you do, you get an Invalid Parameter exception.
The string for each service name and resource type is the same as that embedded in a resource's Amazon Resource Name (ARN).
For the list of services whose resources you can tag using the Resource Groups Tagging API, see Services that support the Resource Groups Tagging API. If an Amazon Web Services service isn't listed on that page, you might still be able to tag that service's resources by using that service's native tagging operations instead of using Resource Groups Tagging API operations. All tagged resources, whether the tagging used the Resource Groups Tagging API or not, are returned by the Get* operation.
You can specify multiple resource types by using an array. The array can include up to 100 items. Note that the length constraint requirement applies to each resource type filter. For example, the following string would limit the response to only Amazon EC2 instances, Amazon S3 buckets, or any Audit Manager resource:
ec2:instance,s3:bucket,auditmanager
Specifies a list of ARNs of resources for which you want to retrieve tag data. You can't specify both this parameter and any of the pagination parameters (ResourcesPerPage, TagsPerPage, PaginationToken) in the same request. If you specify both, you get an Invalid Parameter exception.
If a resource specified by this parameter doesn't exist, it doesn't generate an error; it simply isn't included in the response.
An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
" + "documentation":"Specifies a list of ARNs of resources for which you want to retrieve tag data.
You can't specify both this parameter and the ResourceTypeFilters parameter in the same request. If you do, you get an Invalid Parameter exception.
You can't specify both this parameter and the TagFilters parameter in the same request. If you do, you get an Invalid Parameter exception.
You can't specify both this parameter and any of the pagination parameters (ResourcesPerPage, TagsPerPage, PaginationToken) in the same request. If you do, you get an Invalid Parameter exception.
If a resource specified by this parameter doesn't exist, it doesn't generate an error; it simply isn't included in the response.
An ARN (Amazon Resource Name) uniquely identifies a resource. For more information, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.
" } } }, @@ -414,10 +435,41 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"This error indicates one of the following:
A parameter is missing.
A malformed string was supplied for the request parameter.
An out-of-range value was supplied for the request parameter.
The target ID is invalid, unsupported, or doesn't exist.
You can't access the Amazon S3 bucket for report storage. For more information, see Additional Requirements for Organization-wide Tag Compliance Reports in the Organizations User Guide.
The request failed because of one of the following reasons:
A required parameter is missing.
A provided string parameter is malformed.
An provided parameter value is out of range.
The target ID is invalid, unsupported, or doesn't exist.
You can't access the Amazon S3 bucket for report storage. For more information, see Amazon S3 bucket policy for report storage in the Tagging Amazon Web Services resources and Tag Editor user guide.
The partition specified in an ARN parameter in the request doesn't match the partition where you invoked the operation. The partition is specified by the second field of the ARN.
A token for requesting another page of required tags if the NextToken response element indicates that more required tags are available. Use the value of the returned NextToken element in your request until the token comes back as null. Pass null if this is the first call.
The maximum number of required tags.
" + } + } + }, + "ListRequiredTagsOutput":{ + "type":"structure", + "members":{ + "RequiredTags":{ + "shape":"RequiredTagsForListRequiredTags", + "documentation":"The required tags.
" + }, + "NextToken":{ + "shape":"PaginationToken", + "documentation":"A token for requesting another page of required tags if the NextToken response element indicates that more required tags are available. Use the value of the returned NextToken element in your request until the token comes back as null. Pass null if this is the first call.
A PaginationToken is valid for a maximum of 15 minutes. Your request was denied because the specified PaginationToken has expired.
The request failed because the specified PaginationToken has expired. A PaginationToken is valid for a maximum of 15 minutes.
Describes the resource type for the required tag keys.
" + }, + "CloudFormationResourceTypes":{ + "shape":"CloudFormationResourceTypes", + "documentation":"Describes the CloudFormation resource type assigned the required tag keys.
" + }, + "ReportingTagKeys":{ + "shape":"ReportingTagKeys", + "documentation":"These tag keys are marked as required in the report_required_tag_for block of the effective tag policy.
Information that describes the required tags for a given resource type.
" + }, + "RequiredTagsForListRequiredTags":{ + "type":"list", + "member":{"shape":"RequiredTag"} + }, "ResourceARN":{ "type":"string", "max":1011, @@ -490,6 +568,7 @@ "type":"list", "member":{"shape":"ResourceTagMapping"} }, + "ResourceType":{"type":"string"}, "ResourceTypeFilterList":{ "type":"list", "member":{"shape":"AmazonResourceType"} @@ -508,7 +587,7 @@ "members":{ "S3Bucket":{ "shape":"S3Bucket", - "documentation":"The name of the Amazon S3 bucket where the report will be stored; for example:
awsexamplebucket
For more information on S3 bucket requirements, including an example bucket policy, see the example S3 bucket policy on this page.
" + "documentation":"The name of the Amazon S3 bucket where the report will be stored; for example:
amzn-s3-demo-bucket
For more information on S3 bucket requirements, including an example bucket policy, see the example Amazon S3 bucket policy on this page.
" } } }, @@ -691,7 +770,7 @@ "members":{ "Message":{"shape":"ExceptionMessage"} }, - "documentation":"The request was denied to limit the frequency of submitted requests.
", + "documentation":"The request failed because it exceeded the allowed frequency of submitted requests.
", "exception":true }, "UntagResourcesInput":{ diff --git a/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json b/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json index c7125b675c8d..e6eb00511549 100644 --- a/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json +++ b/awscli/botocore/data/route53/2013-04-01/endpoint-rule-set-1.json @@ -1,12 +1,6 @@ { "version": "1.0", "parameters": { - "Region": { - "builtIn": "AWS::Region", - "required": false, - "documentation": "The AWS region used to dispatch the request.", - "type": "string" - }, "UseDualStack": { "builtIn": "AWS::UseDualStack", "required": true, @@ -26,6 +20,12 @@ "required": false, "documentation": "Override the endpoint used to send this request", "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" } }, "rules": [ @@ -57,768 +57,1116 @@ "type": "error" }, { - "conditions": [ + "conditions": [], + "rules": [ { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" }, - true - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree" } ], "type": "tree" }, { - "conditions": [ - { - "fn": "isSet", - "argv": [ - { - "ref": "Region" - } - ] - } - ], + "conditions": [], "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { "ref": "Region" } - ], - "assign": "PartitionResult" + ] } ], "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "aws.partition", "argv": [ { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws" ] }, - "aws" - ] - }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-east-1" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + false + ] + } + ], + "endpoint": { + "url": "https://route53.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } ] }, - "aws" - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53-fips.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-east-1" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + false + ] + } + ], + "endpoint": { + "url": "https://route53-fips.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } ] }, - "aws-cn" - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.amazonaws.com.cn", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "cn-northwest-1" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + true + ] + } + ], + "endpoint": { + "url": "https://route53.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } ] }, - "aws-us-gov" - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ - { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-gov-west-1" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + true + ] + } + ], + "endpoint": { + "url": "https://route53-fips.global.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-east-1" + } ] }, - "aws-us-gov" - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] }, - true - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.us-gov.amazonaws.com", - "properties": { - "authSchemes": [ { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-gov-west-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://route53.amazonaws.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-cn" ] }, - "aws-iso" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://route53.global.api.amazonwebservices.com.cn", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "cn-northwest-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.c2s.ic.gov", - "properties": { - "authSchemes": [ { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-iso-east-1" - } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + false + ] + } + ], + "endpoint": { + "url": "https://route53.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } ] }, - "aws-iso-b" - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.sc2s.sgov.gov", - "properties": { - "authSchemes": [ { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-isob-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://route53.us-gov.amazonaws.com", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ { - "fn": "getAttr", + "fn": "stringEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] }, - "name" + "aws-us-gov" ] }, - "aws-iso-e" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "endpoint": { + "url": "https://route53.us-gov.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.cloud.adc-e.uk", - "properties": { - "authSchemes": [ { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "eu-isoe-west-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } - ] + ], + "endpoint": { + "url": "https://route53.us-gov.api.aws", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-gov-west-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso" + ] + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "name" + false ] }, - "aws-iso-f" - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://route53.c2s.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-iso-east-1" + } + ] }, - false - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-b" + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.csp.hci.ic.gov", - "properties": { - "authSchemes": [ { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "us-isof-south-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] + ], + "endpoint": { + "url": "https://route53.sc2s.sgov.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isob-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ { - "fn": "stringEquals", - "argv": [ + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-e" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "name" + false + ] + } + ], + "endpoint": { + "url": "https://route53.cloud.adc-e.uk", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eu-isoe-west-1" + } ] }, - "aws-eusc" - ] + "headers": {} + }, + "type": "endpoint" }, { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-iso-f" + ] }, - false - ] - }, - { - "fn": "booleanEquals", - "argv": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] }, - false - ] - } - ], - "endpoint": { - "url": "https://route53.amazonaws.eu", - "properties": { - "authSchemes": [ { - "name": "sigv4", - "signingName": "route53", - "signingRegion": "eusc-de-east-1" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] } - ] - }, - "headers": {} - }, - "type": "endpoint" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" + ], + "endpoint": { + "url": "https://route53.csp.hci.ic.gov", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "us-isof-south-1" + } + ] }, - true - ] + "headers": {} + }, + "type": "endpoint" }, - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } + }, + "aws-eusc" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false ] }, { "fn": "booleanEquals", "argv": [ - true, + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://route53.amazonaws.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsDualStack" + "name" ] - } + }, + "aws-eusc" ] - } - ], - "rules": [ + }, { - "conditions": [], - "endpoint": { - "url": "https://route53-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree" + "endpoint": { + "url": "https://route53.global.api.amazonwebservices.eu", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "eusc-de-east-1" + } + ] + }, + "headers": {} + }, + "type": "endpoint" }, { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseFIPS" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] + "ref": "UseDualStack" }, true ] } ], "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://route53-fips.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [], - "endpoint": { - "url": "https://route53-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ], "type": "tree" }, { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ], - "type": "tree" - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ + "conditions": [ { - "ref": "UseDualStack" + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] }, - true - ] - } - ], - "rules": [ - { - "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { - "fn": "getAttr", + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, - "supportsDualStack" + true ] } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://route53-fips.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true ] } ], "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://route53.{PartitionResult#dualStackDnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, { "conditions": [], - "endpoint": { - "url": "https://route53.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ], "type": "tree" }, { "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" + "endpoint": { + "url": "https://route53.{PartitionResult#dnsSuffix}", + "properties": { + "authSchemes": [ + { + "name": "sigv4", + "signingRegion": "{PartitionResult#implicitGlobalRegion}" + } + ] + }, + "headers": {} + }, + "type": "endpoint" } ], "type": "tree" - }, - { - "conditions": [], - "endpoint": { - "url": "https://route53.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" } ], "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ], "type": "tree" - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] } \ No newline at end of file diff --git a/awscli/botocore/data/route53resolver/2018-04-01/service-2.json b/awscli/botocore/data/route53resolver/2018-04-01/service-2.json index 794e91115ebd..45c04cf68f0f 100644 --- a/awscli/botocore/data/route53resolver/2018-04-01/service-2.json +++ b/awscli/botocore/data/route53resolver/2018-04-01/service-2.json @@ -2045,7 +2045,8 @@ "type":"string", "enum":[ "DGA", - "DNS_TUNNELING" + "DNS_TUNNELING", + "DICTIONARY_DGA" ] }, "DomainListFileUrl":{ diff --git a/awscli/botocore/data/rum/2018-05-10/service-2.json b/awscli/botocore/data/rum/2018-05-10/service-2.json index 7858e0b458b3..47cdfb16ed4d 100644 --- a/awscli/botocore/data/rum/2018-05-10/service-2.json +++ b/awscli/botocore/data/rum/2018-05-10/service-2.json @@ -2,16 +2,15 @@ "version":"2.0", "metadata":{ "apiVersion":"2018-05-10", + "auth":["aws.auth#sigv4"], "endpointPrefix":"rum", - "jsonVersion":"1.1", "protocol":"rest-json", "protocols":["rest-json"], "serviceFullName":"CloudWatch RUM", "serviceId":"RUM", "signatureVersion":"v4", "signingName":"rum", - "uid":"rum-2018-05-10", - "auth":["aws.auth#sigv4"] + "uid":"rum-2018-05-10" }, "operations":{ "BatchCreateRumMetricDefinitions":{ @@ -70,7 +69,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Retrieves the list of metrics and dimensions that a RUM app monitor is sending to a single destination.
" + "documentation":"Retrieves the list of metrics and dimensions that a RUM app monitor is sending to a single destination.
", + "readonly":true }, "CreateAppMonitor":{ "name":"CreateAppMonitor", @@ -171,7 +171,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Retrieves the complete configuration information for one app monitor.
" + "documentation":"Retrieves the complete configuration information for one app monitor.
", + "readonly":true }, "GetAppMonitorData":{ "name":"GetAppMonitorData", @@ -189,7 +190,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Retrieves the raw performance events that RUM has collected from your web application, so that you can do your own processing or analysis of this data.
" + "documentation":"Retrieves the raw performance events that RUM has collected from your web application, so that you can do your own processing or analysis of this data.
", + "readonly":true }, "GetResourcePolicy":{ "name":"GetResourcePolicy", @@ -209,7 +211,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Use this operation to retrieve information about a resource-based policy that is attached to an app monitor.
" + "documentation":"Use this operation to retrieve information about a resource-based policy that is attached to an app monitor.
", + "readonly":true }, "ListAppMonitors":{ "name":"ListAppMonitors", @@ -226,7 +229,8 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Returns a list of the Amazon CloudWatch RUM app monitors in the account.
" + "documentation":"Returns a list of the Amazon CloudWatch RUM app monitors in the account.
", + "readonly":true }, "ListRumMetricsDestinations":{ "name":"ListRumMetricsDestinations", @@ -243,7 +247,8 @@ {"shape":"ValidationException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Returns a list of destinations that you have created to receive RUM extended metrics, for the specified app monitor.
For more information about extended metrics, see AddRumMetrics.
" + "documentation":"Returns a list of destinations that you have created to receive RUM extended metrics, for the specified app monitor.
For more information about extended metrics, see AddRumMetrics.
", + "readonly":true }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -259,7 +264,8 @@ {"shape":"InternalServerException"}, {"shape":"ValidationException"} ], - "documentation":"Displays the tags associated with a CloudWatch RUM resource.
" + "documentation":"Displays the tags associated with a CloudWatch RUM resource.
", + "readonly":true }, "PutResourcePolicy":{ "name":"PutResourcePolicy", @@ -276,8 +282,8 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"}, {"shape":"InternalServerException"}, - {"shape":"ValidationException"}, {"shape":"MalformedPolicyDocumentException"}, + {"shape":"ValidationException"}, {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], @@ -420,25 +426,9 @@ "AppMonitor":{ "type":"structure", "members":{ - "AppMonitorConfiguration":{ - "shape":"AppMonitorConfiguration", - "documentation":"A structure that contains much of the configuration data for the app monitor.
" - }, - "Created":{ - "shape":"ISOTimestampString", - "documentation":"The date and time that this app monitor was created.
" - }, - "CustomEvents":{ - "shape":"CustomEvents", - "documentation":"Specifies whether this app monitor allows the web client to define and send custom events.
For more information about custom events, see Send custom events.
" - }, - "DataStorage":{ - "shape":"DataStorage", - "documentation":"A structure that contains information about whether this app monitor stores a copy of the telemetry data that RUM collects using CloudWatch Logs.
" - }, - "DeobfuscationConfiguration":{ - "shape":"DeobfuscationConfiguration", - "documentation":"A structure that contains the configuration for how an app monitor can deobfuscate stack traces.
" + "Name":{ + "shape":"AppMonitorName", + "documentation":"The name of the app monitor.
" }, "Domain":{ "shape":"AppMonitorDomain", @@ -452,21 +442,41 @@ "shape":"AppMonitorId", "documentation":"The unique ID of this app monitor.
" }, + "Created":{ + "shape":"ISOTimestampString", + "documentation":"The date and time that this app monitor was created.
" + }, "LastModified":{ "shape":"ISOTimestampString", "documentation":"The date and time of the most recent changes to this app monitor's configuration.
" }, - "Name":{ - "shape":"AppMonitorName", - "documentation":"The name of the app monitor.
" + "Tags":{ + "shape":"TagMap", + "documentation":"The list of tag keys and values associated with this app monitor.
" }, "State":{ "shape":"StateEnum", "documentation":"The current state of the app monitor.
" }, - "Tags":{ - "shape":"TagMap", - "documentation":"The list of tag keys and values associated with this app monitor.
" + "AppMonitorConfiguration":{ + "shape":"AppMonitorConfiguration", + "documentation":"A structure that contains much of the configuration data for the app monitor.
" + }, + "DataStorage":{ + "shape":"DataStorage", + "documentation":"A structure that contains information about whether this app monitor stores a copy of the telemetry data that RUM collects using CloudWatch Logs.
" + }, + "CustomEvents":{ + "shape":"CustomEvents", + "documentation":"Specifies whether this app monitor allows the web client to define and send custom events.
For more information about custom events, see Send custom events.
" + }, + "DeobfuscationConfiguration":{ + "shape":"DeobfuscationConfiguration", + "documentation":"A structure that contains the configuration for how an app monitor can deobfuscate stack traces.
" + }, + "Platform":{ + "shape":"AppMonitorPlatform", + "documentation":"The platform type for this app monitor. Valid values are Web for web applications , Android for Android applications, and iOS for IOS applications.
A RUM app monitor collects telemetry data from your application and sends that data to RUM. The data includes performance and reliability information such as page load time, client-side errors, and user behavior.
" @@ -474,41 +484,41 @@ "AppMonitorConfiguration":{ "type":"structure", "members":{ - "AllowCookies":{ - "shape":"Boolean", - "documentation":"If you set this to true, the RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page.
If you set this to true, RUM enables X-Ray tracing for the user sessions that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests. You can see traces and segments from these user sessions in the X-Ray console and the CloudWatch ServiceLens console. For more information, see What is X-Ray?
The ID of the Amazon Cognito identity pool that is used to authorize the sending of data to RUM.
" }, "ExcludedPages":{ "shape":"Pages", "documentation":"A list of URLs in your website or application to exclude from RUM data collection.
You can't include both ExcludedPages and IncludedPages in the same operation.
If this app monitor is to collect data from only certain pages in your application, this structure lists those pages.
You can't include both ExcludedPages and IncludedPages in the same operation.
A list of pages in your application that are to be displayed with a \"favorite\" icon in the CloudWatch RUM console.
" }, + "SessionSampleRate":{ + "shape":"SessionSampleRate", + "documentation":"Specifies the portion of user sessions to use for RUM data collection. Choosing a higher portion gives you more data but also incurs more costs.
The range for this value is 0 to 1 inclusive. Setting this to 1 means that 100% of user sessions are sampled, and setting it to 0.1 means that 10% of user sessions are sampled.
If you omit this parameter, the default of 0.1 is used, and 10% of sessions will be sampled.
" + }, "GuestRoleArn":{ "shape":"Arn", "documentation":"The ARN of the guest IAM role that is attached to the Amazon Cognito identity pool that is used to authorize the sending of data to RUM.
It is possible that an app monitor does not have a value for GuestRoleArn. For example, this can happen when you use the console to create an app monitor and you allow CloudWatch RUM to create a new identity pool for Authorization. In this case, GuestRoleArn is not present in the GetAppMonitor response because it is not stored by the service.
If this issue affects you, you can take one of the following steps:
Use the Cloud Development Kit (CDK) to create an identity pool and the associated IAM role, and use that for your app monitor.
Make a separate GetIdentityPoolRoles call to Amazon Cognito to retrieve the GuestRoleArn.
The ID of the Amazon Cognito identity pool that is used to authorize the sending of data to RUM.
" - }, - "IncludedPages":{ - "shape":"Pages", - "documentation":"If this app monitor is to collect data from only certain pages in your application, this structure lists those pages.
You can't include both ExcludedPages and IncludedPages in the same operation.
Specifies the portion of user sessions to use for RUM data collection. Choosing a higher portion gives you more data but also incurs more costs.
The range for this value is 0 to 1 inclusive. Setting this to 1 means that 100% of user sessions are sampled, and setting it to 0.1 means that 10% of user sessions are sampled.
If you omit this parameter, the default of 0.1 is used, and 10% of sessions will be sampled.
" + "AllowCookies":{ + "shape":"Boolean", + "documentation":"If you set this to true, the RUM web client sets two cookies, a session cookie and a user cookie. The cookies allow the RUM web client to collect data relating to the number of users an application has and the behavior of the application across a sequence of events. Cookies are stored in the top-level domain of the current page.
An array that lists the types of telemetry data that this app monitor is to collect.
errors indicates that RUM collects data about unhandled JavaScript errors raised by your application.
performance indicates that RUM collects performance data about how your application and its resources are loaded and rendered. This includes Core Web Vitals.
http indicates that RUM collects data about HTTP errors thrown by your application.
If you set this to true, RUM enables X-Ray tracing for the user sessions that RUM samples. RUM adds an X-Ray trace header to allowed HTTP requests. It also records an X-Ray segment for allowed HTTP requests. You can see traces and segments from these user sessions in the X-Ray console and the CloudWatch ServiceLens console. For more information, see What is X-Ray?
This structure contains much of the configuration data for the app monitor.
" @@ -516,14 +526,14 @@ "AppMonitorDetails":{ "type":"structure", "members":{ - "id":{ - "shape":"String", - "documentation":"The unique ID of the app monitor.
" - }, "name":{ "shape":"String", "documentation":"The name of the app monitor.
" }, + "id":{ + "shape":"String", + "documentation":"The unique ID of the app monitor.
" + }, "version":{ "shape":"String", "documentation":"The version of the app monitor.
" @@ -535,7 +545,7 @@ "type":"string", "max":253, "min":1, - "pattern":"^(localhost)$|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|(?=^[a-zA-Z0-9\\.\\*-]{4,253}$)(?!.*\\.-)(?!.*-\\.)(?!.*\\.\\.)(?!.*[^\\.]{64,})^(\\*\\.)?(?![-\\.\\*])[^\\*]{1,}\\.(\\*|(?!.*--)(?=.*[a-zA-Z])[^\\*]{1,}[^\\*-])$" + "pattern":"(localhost)$|^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$|(?=^[a-zA-Z0-9\\.\\*-]{4,253}$)(?!.*\\.-)(?!.*-\\.)(?!.*\\.\\.)(?!.*[^\\.]{64,})^(\\*\\.)?(?![-\\.\\*])[^\\*]{1,}\\.(\\*|(?!.*--)(?=.*[a-zA-Z])[^\\*]{1,}[^\\*-])" }, "AppMonitorDomainList":{ "type":"list", @@ -547,36 +557,48 @@ "type":"string", "max":36, "min":36, - "pattern":"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$" + "pattern":"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" }, "AppMonitorName":{ "type":"string", "max":255, "min":1, - "pattern":"^(?!\\.)[\\.\\-_#A-Za-z0-9]+$" + "pattern":"(?!\\.)[\\.\\-_#A-Za-z0-9]+" + }, + "AppMonitorPlatform":{ + "type":"string", + "enum":[ + "Web", + "Android", + "iOS" + ] }, "AppMonitorSummary":{ "type":"structure", "members":{ - "Created":{ - "shape":"ISOTimestampString", - "documentation":"The date and time that the app monitor was created.
" + "Name":{ + "shape":"AppMonitorName", + "documentation":"The name of this app monitor.
" }, "Id":{ "shape":"AppMonitorId", "documentation":"The unique ID of this app monitor.
" }, + "Created":{ + "shape":"ISOTimestampString", + "documentation":"The date and time that the app monitor was created.
" + }, "LastModified":{ "shape":"ISOTimestampString", "documentation":"The date and time of the most recent changes to this app monitor's configuration.
" }, - "Name":{ - "shape":"AppMonitorName", - "documentation":"The name of this app monitor.
" - }, "State":{ "shape":"StateEnum", "documentation":"The current state of this app monitor.
" + }, + "Platform":{ + "shape":"AppMonitorPlatform", + "documentation":"The platform type for this app monitor. Valid values are Web for web applications, Android for Android applications, and iOS for IOS applications.
A structure that includes some data about app monitors and their settings.
" @@ -587,16 +609,20 @@ }, "Arn":{ "type":"string", - "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*" + "pattern":".*arn:[^:]*:[^:]*:[^:]*:[^:]*:.*" }, "BatchCreateRumMetricDefinitionsError":{ "type":"structure", "required":[ + "MetricDefinition", "ErrorCode", - "ErrorMessage", - "MetricDefinition" + "ErrorMessage" ], "members":{ + "MetricDefinition":{ + "shape":"MetricDefinitionRequest", + "documentation":"The metric definition that caused this error.
" + }, "ErrorCode":{ "shape":"String", "documentation":"The error code.
" @@ -604,10 +630,6 @@ "ErrorMessage":{ "shape":"String", "documentation":"The error message for this metric definition.
" - }, - "MetricDefinition":{ - "shape":"MetricDefinitionRequest", - "documentation":"The metric definition that caused this error.
" } }, "documentation":"A structure that defines one error caused by a BatchCreateRumMetricsDefinitions operation.
" @@ -661,11 +683,15 @@ "BatchDeleteRumMetricDefinitionsError":{ "type":"structure", "required":[ + "MetricDefinitionId", "ErrorCode", - "ErrorMessage", - "MetricDefinitionId" + "ErrorMessage" ], "members":{ + "MetricDefinitionId":{ + "shape":"MetricDefinitionId", + "documentation":"The ID of the metric definition that caused this error.
" + }, "ErrorCode":{ "shape":"String", "documentation":"The error code.
" @@ -673,10 +699,6 @@ "ErrorMessage":{ "shape":"String", "documentation":"The error message for this metric definition.
" - }, - "MetricDefinitionId":{ - "shape":"MetricDefinitionId", - "documentation":"The ID of the metric definition that caused this error.
" } }, "documentation":"A structure that defines one error caused by a BatchCreateRumMetricsDefinitions operation.
" @@ -817,21 +839,9 @@ "type":"structure", "required":["Name"], "members":{ - "AppMonitorConfiguration":{ - "shape":"AppMonitorConfiguration", - "documentation":"A structure that contains much of the configuration data for the app monitor. If you are using Amazon Cognito for authorization, you must include this structure in your request, and it must include the ID of the Amazon Cognito identity pool to use for authorization. If you don't include AppMonitorConfiguration, you must set up your own authorization method. For more information, see Authorize your application to send data to Amazon Web Services.
If you omit this argument, the sample rate used for RUM is set to 10% of the user sessions.
" - }, - "CustomEvents":{ - "shape":"CustomEvents", - "documentation":"Specifies whether this app monitor allows the web client to define and send custom events. If you omit this parameter, custom events are DISABLED.
For more information about custom events, see Send custom events.
" - }, - "CwLogEnabled":{ - "shape":"Boolean", - "documentation":"Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.
If you omit this parameter, the default is false.
A structure that contains the configuration for how an app monitor can deobfuscate stack traces.
" + "Name":{ + "shape":"AppMonitorName", + "documentation":"A name for the app monitor.
" }, "Domain":{ "shape":"AppMonitorDomain", @@ -841,13 +851,29 @@ "shape":"AppMonitorDomainList", "documentation":" List the domain names for which your application has administrative authority. The CreateAppMonitor requires either the domain or the domain list.
A name for the app monitor.
" - }, "Tags":{ "shape":"TagMap", "documentation":"Assigns one or more tags (key-value pairs) to the app monitor.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.
Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
You can associate as many as 50 tags with an app monitor.
For more information, see Tagging Amazon Web Services resources.
" + }, + "AppMonitorConfiguration":{ + "shape":"AppMonitorConfiguration", + "documentation":"A structure that contains much of the configuration data for the app monitor. If you are using Amazon Cognito for authorization, you must include this structure in your request, and it must include the ID of the Amazon Cognito identity pool to use for authorization. If you don't include AppMonitorConfiguration, you must set up your own authorization method. For more information, see Authorize your application to send data to Amazon Web Services.
If you omit this argument, the sample rate used for RUM is set to 10% of the user sessions.
" + }, + "CwLogEnabled":{ + "shape":"Boolean", + "documentation":"Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.
If you omit this parameter, the default is false.
Specifies whether this app monitor allows the web client to define and send custom events. If you omit this parameter, custom events are DISABLED.
For more information about custom events, see Send custom events.
" + }, + "DeobfuscationConfiguration":{ + "shape":"DeobfuscationConfiguration", + "documentation":"A structure that contains the configuration for how an app monitor can deobfuscate stack traces.
" + }, + "Platform":{ + "shape":"AppMonitorPlatform", + "documentation":"The platform type for the app monitor. Valid values are Web for web applications, Android for Android applications, and iOS for IOS applications. If you omit this parameter, the default is Web.
The name of the app monitor that collected the data that you want to retrieve.
", + "location":"uri", + "locationName":"Name" + }, + "TimeRange":{ + "shape":"TimeRange", + "documentation":"A structure that defines the time range that you want to retrieve results from.
" + }, "Filters":{ "shape":"QueryFilters", "documentation":"An array of structures that you can use to filter the results to those that match one or more sets of key-value pairs that you specify.
" @@ -1055,19 +1089,9 @@ "shape":"MaxQueryResults", "documentation":"The maximum number of results to return in one operation.
" }, - "Name":{ - "shape":"AppMonitorName", - "documentation":"The name of the app monitor that collected the data that you want to retrieve.
", - "location":"uri", - "locationName":"Name" - }, "NextToken":{ "shape":"Token", "documentation":"Use the token returned by the previous operation to request the next page of results.
" - }, - "TimeRange":{ - "shape":"TimeRange", - "documentation":"A structure that defines the time range that you want to retrieve results from.
" } } }, @@ -1137,13 +1161,13 @@ }, "IamRoleArn":{ "type":"string", - "pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*" + "pattern":".*arn:[^:]*:[^:]*:[^:]*:[^:]*:.*" }, "IdentityPoolId":{ "type":"string", "max":55, "min":1, - "pattern":"[\\w-]+:[0-9a-f-]+" + "pattern":".*[\\w-]+:[0-9a-f-]+.*" }, "Integer":{ "type":"integer", @@ -1184,13 +1208,13 @@ "type":"structure", "required":["Status"], "members":{ - "S3Uri":{ - "shape":"DeobfuscationS3Uri", - "documentation":"The S3Uri of the bucket or folder that stores the source map files. It is required if status is ENABLED.
" - }, "Status":{ "shape":"DeobfuscationStatus", "documentation":" Specifies whether JavaScript error stack traces should be unminified for this app monitor. The default is for JavaScript error stack trace unminification to be DISABLED.
The S3Uri of the bucket or folder that stores the source map files. It is required if status is ENABLED.
" } }, "documentation":"A structure that contains the configuration for how an app monitor can unminify JavaScript error stack traces using source maps.
" @@ -1216,13 +1240,13 @@ "ListAppMonitorsResponse":{ "type":"structure", "members":{ - "AppMonitorSummaries":{ - "shape":"AppMonitorSummaryList", - "documentation":"An array of structures that contain information about the returned app monitors.
" - }, "NextToken":{ "shape":"String", "documentation":"A token that you can use in a subsequent operation to retrieve the next set of results.
" + }, + "AppMonitorSummaries":{ + "shape":"AppMonitorSummaryList", + "documentation":"An array of structures that contain information about the returned app monitors.
" } } }, @@ -1323,14 +1347,6 @@ "Name" ], "members":{ - "DimensionKeys":{ - "shape":"DimensionKeysMap", - "documentation":"This field is a map of field paths to dimension names. It defines the dimensions to associate with this metric in CloudWatch The value of this field is used only if the metric destination is CloudWatch. If the metric destination is Evidently, the value of DimensionKeys is ignored.
The pattern that defines the metric. RUM checks events that happen in a user's session against the pattern, and events that match the pattern are sent to the metric destination.
If the metrics destination is CloudWatch and the event also matches a value in DimensionKeys, then the metric is published with the specified dimensions.
The ID of this metric definition.
" @@ -1339,17 +1355,25 @@ "shape":"MetricName", "documentation":"The name of the metric that is defined in this structure.
" }, - "Namespace":{ - "shape":"Namespace", - "documentation":"If this metric definition is for a custom metric instead of an extended metric, this field displays the metric namespace that the custom metric is published to.
" + "ValueKey":{ + "shape":"ValueKey", + "documentation":"The field within the event object that the metric value is sourced from.
" }, "UnitLabel":{ "shape":"UnitLabel", "documentation":"Use this field only if you are sending this metric to CloudWatch. It defines the CloudWatch metric unit that this metric is measured in.
" }, - "ValueKey":{ - "shape":"ValueKey", - "documentation":"The field within the event object that the metric value is sourced from.
" + "DimensionKeys":{ + "shape":"DimensionKeysMap", + "documentation":"This field is a map of field paths to dimension names. It defines the dimensions to associate with this metric in CloudWatch The value of this field is used only if the metric destination is CloudWatch. If the metric destination is Evidently, the value of DimensionKeys is ignored.
The pattern that defines the metric. RUM checks events that happen in a user's session against the pattern, and events that match the pattern are sent to the metric destination.
If the metrics destination is CloudWatch and the event also matches a value in DimensionKeys, then the metric is published with the specified dimensions.
If this metric definition is for a custom metric instead of an extended metric, this field displays the metric namespace that the custom metric is published to.
" } }, "documentation":"A structure that displays the definition of one extended metric that RUM sends to CloudWatch or CloudWatch Evidently. For more information, see Additional metrics that you can send to CloudWatch and CloudWatch Evidently.
" @@ -1367,6 +1391,18 @@ "type":"structure", "required":["Name"], "members":{ + "Name":{ + "shape":"MetricName", + "documentation":"The name for the metric that is defined in this structure. For custom metrics, you can specify any name that you like. For extended metrics, valid values are the following:
PerformanceNavigationDuration
PerformanceResourceDuration
NavigationSatisfiedTransaction
NavigationToleratedTransaction
NavigationFrustratedTransaction
WebVitalsCumulativeLayoutShift
WebVitalsFirstInputDelay
WebVitalsLargestContentfulPaint
JsErrorCount
HttpErrorCount
SessionCount
The field within the event object that the metric value is sourced from.
If you omit this field, a hardcoded value of 1 is pushed as the metric value. This is useful if you want to count the number of events that the filter catches.
If this metric is sent to CloudWatch Evidently, this field will be passed to Evidently raw. Evidently will handle data extraction from the event.
" + }, + "UnitLabel":{ + "shape":"UnitLabel", + "documentation":"The CloudWatch metric unit to use for this metric. If you omit this field, the metric is recorded with no unit.
" + }, "DimensionKeys":{ "shape":"DimensionKeysMap", "documentation":"Use this field only if you are sending the metric to CloudWatch.
This field is a map of field paths to dimension names. It defines the dimensions to associate with this metric in CloudWatch. For extended metrics, valid values for the entries in this field are the following:
\"metadata.pageId\": \"PageId\"
\"metadata.browserName\": \"BrowserName\"
\"metadata.deviceType\": \"DeviceType\"
\"metadata.osName\": \"OSName\"
\"metadata.countryCode\": \"CountryCode\"
\"event_details.fileType\": \"FileType\"
For both extended metrics and custom metrics, all dimensions listed in this field must also be included in EventPattern.
The pattern that defines the metric, specified as a JSON object. RUM checks events that happen in a user's session against the pattern, and events that match the pattern are sent to the metric destination.
When you define extended metrics, the metric definition is not valid if EventPattern is omitted.
Example event patterns:
'{ \"event_type\": [\"com.amazon.rum.js_error_event\"], \"metadata\": { \"browserName\": [ \"Chrome\", \"Safari\" ], } }'
'{ \"event_type\": [\"com.amazon.rum.performance_navigation_event\"], \"metadata\": { \"browserName\": [ \"Chrome\", \"Firefox\" ] }, \"event_details\": { \"duration\": [{ \"numeric\": [ \"<\", 2000 ] }] } }'
'{ \"event_type\": [\"com.amazon.rum.performance_navigation_event\"], \"metadata\": { \"browserName\": [ \"Chrome\", \"Safari\" ], \"countryCode\": [ \"US\" ] }, \"event_details\": { \"duration\": [{ \"numeric\": [ \">=\", 2000, \"<\", 8000 ] }] } }'
If the metrics destination is CloudWatch and the event also matches a value in DimensionKeys, then the metric is published with the specified dimensions.
The name for the metric that is defined in this structure. For custom metrics, you can specify any name that you like. For extended metrics, valid values are the following:
PerformanceNavigationDuration
PerformanceResourceDuration
NavigationSatisfiedTransaction
NavigationToleratedTransaction
NavigationFrustratedTransaction
WebVitalsCumulativeLayoutShift
WebVitalsFirstInputDelay
WebVitalsLargestContentfulPaint
JsErrorCount
HttpErrorCount
SessionCount
If this structure is for a custom metric instead of an extended metrics, use this parameter to define the metric namespace for that custom metric. Do not specify this parameter if this structure is for an extended metric.
You cannot use any string that starts with AWS/ for your namespace.
The CloudWatch metric unit to use for this metric. If you omit this field, the metric is recorded with no unit.
" - }, - "ValueKey":{ - "shape":"ValueKey", - "documentation":"The field within the event object that the metric value is sourced from.
If you omit this field, a hardcoded value of 1 is pushed as the metric value. This is useful if you want to count the number of events that the filter catches.
If this metric is sent to CloudWatch Evidently, this field will be passed to Evidently raw. Evidently will handle data extraction from the event.
" } }, "documentation":"Use this structure to define one extended metric or custom metric that RUM will send to CloudWatch or CloudWatch Evidently. For more information, see Custom metrics and extended metrics that you can send to CloudWatch and CloudWatch Evidently.
This structure is validated differently for extended metrics and custom metrics. For extended metrics that are sent to the AWS/RUM namespace, the following validations apply:
The Namespace parameter must be omitted or set to AWS/RUM.
Only certain combinations of values for Name, ValueKey, and EventPattern are valid. In addition to what is displayed in the following list, the EventPattern can also include information used by the DimensionKeys field.
If Name is PerformanceNavigationDuration, then ValueKeymust be event_details.duration and the EventPattern must include {\"event_type\":[\"com.amazon.rum.performance_navigation_event\"]}
If Name is PerformanceResourceDuration, then ValueKeymust be event_details.duration and the EventPattern must include {\"event_type\":[\"com.amazon.rum.performance_resource_event\"]}
If Name is NavigationSatisfiedTransaction, then ValueKeymust be null and the EventPattern must include { \"event_type\": [\"com.amazon.rum.performance_navigation_event\"], \"event_details\": { \"duration\": [{ \"numeric\": [\">\",2000] }] } }
If Name is NavigationToleratedTransaction, then ValueKeymust be null and the EventPattern must include { \"event_type\": [\"com.amazon.rum.performance_navigation_event\"], \"event_details\": { \"duration\": [{ \"numeric\": [\">=\",2000,\"<\"8000] }] } }
If Name is NavigationFrustratedTransaction, then ValueKeymust be null and the EventPattern must include { \"event_type\": [\"com.amazon.rum.performance_navigation_event\"], \"event_details\": { \"duration\": [{ \"numeric\": [\">=\",8000] }] } }
If Name is WebVitalsCumulativeLayoutShift, then ValueKeymust be event_details.value and the EventPattern must include {\"event_type\":[\"com.amazon.rum.cumulative_layout_shift_event\"]}
If Name is WebVitalsFirstInputDelay, then ValueKeymust be event_details.value and the EventPattern must include {\"event_type\":[\"com.amazon.rum.first_input_delay_event\"]}
If Name is WebVitalsLargestContentfulPaint, then ValueKeymust be event_details.value and the EventPattern must include {\"event_type\":[\"com.amazon.rum.largest_contentful_paint_event\"]}
If Name is JsErrorCount, then ValueKeymust be null and the EventPattern must include {\"event_type\":[\"com.amazon.rum.js_error_event\"]}
If Name is HttpErrorCount, then ValueKeymust be null and the EventPattern must include {\"event_type\":[\"com.amazon.rum.http_event\"]}
If Name is SessionCount, then ValueKeymust be null and the EventPattern must include {\"event_type\":[\"com.amazon.rum.session_start_event\"]}
If Name is PageViewCount, then ValueKeymust be null and the EventPattern must include {\"event_type\":[\"com.amazon.rum.page_view_event\"]}
If Name is Http4xxCount, then ValueKeymust be null and the EventPattern must include {\"event_type\": [\"com.amazon.rum.http_event\"],\"event_details\":{\"response\":{\"status\":[{\"numeric\":[\">=\",400,\"<\",500]}]}}} }
If Name is Http5xxCount, then ValueKeymust be null and the EventPattern must include {\"event_type\": [\"com.amazon.rum.http_event\"],\"event_details\":{\"response\":{\"status\":[{\"numeric\":[\">=\",500,\"<=\",599]}]}}} }
For custom metrics, the following validation rules apply:
The namespace can't be omitted and can't be AWS/RUM. You can use the AWS/RUM namespace only for extended metrics.
All dimensions listed in the DimensionKeys field must be present in the value of EventPattern.
The values that you specify for ValueKey, EventPattern, and DimensionKeys must be fields in RUM events, so all first-level keys in these fields must be one of the keys in the list later in this section.
If you set a value for EventPattern, it must be a JSON object.
For every non-empty event_details, there must be a non-empty event_type.
If EventPattern contains an event_details field, it must also contain an event_type. For every built-in event_type that you use, you must use a value for event_details that corresponds to that event_type. For information about event details that correspond to event types, see RUM event details.
In EventPattern, any JSON array must contain only one value.
Valid key values for first-level keys in the ValueKey, EventPattern, and DimensionKeys fields:
account_id
application_Id
application_version
application_name
batch_id
event_details
event_id
event_interaction
event_timestamp
event_type
event_version
log_stream
metadata
sessionId
user_details
userId
If the app monitor uses a resource-based policy that requires PutRumEvents requests to specify a certain alias, specify that alias here. This alias will be compared to the rum:alias context key in the resource-based policy. For more information, see Using resource-based policies with CloudWatch RUM.
A structure that contains information about the app monitor that collected this telemetry information.
" - }, - "BatchId":{ - "shape":"PutRumEventsRequestBatchIdString", - "documentation":"A unique identifier for this batch of RUM event data.
" - }, "Id":{ "shape":"PutRumEventsRequestIdString", "documentation":"The ID of the app monitor that is sending this data.
", "location":"uri", "locationName":"Id" }, - "RumEvents":{ - "shape":"RumEventList", - "documentation":"An array of structures that contain the telemetry event data.
" + "BatchId":{ + "shape":"PutRumEventsRequestBatchIdString", + "documentation":"A unique identifier for this batch of RUM event data.
" + }, + "AppMonitorDetails":{ + "shape":"AppMonitorDetails", + "documentation":"A structure that contains information about the app monitor that collected this telemetry information.
" }, "UserDetails":{ "shape":"UserDetails", "documentation":"A structure that contains information about the user session that this batch of events was collected from.
" + }, + "RumEvents":{ + "shape":"RumEventList", + "documentation":"An array of structures that contain the telemetry event data.
" + }, + "Alias":{ + "shape":"Alias", + "documentation":"If the app monitor uses a resource-based policy that requires PutRumEvents requests to specify a certain alias, specify that alias here. This alias will be compared to the rum:alias context key in the resource-based policy. For more information, see Using resource-based policies with CloudWatch RUM.
A string containing details about the event.
", - "jsonvalue":true - }, "id":{ "shape":"RumEventIdString", "documentation":"A unique ID for this event.
" }, - "metadata":{ - "shape":"JsonValue", - "documentation":"Metadata about this event, which contains a JSON serialization of the identity of the user for this session. The user information comes from information such as the HTTP user-agent request header and document interface.
", - "jsonvalue":true - }, "timestamp":{ "shape":"Timestamp", "documentation":"The exact time that this event occurred.
" @@ -1681,6 +1693,16 @@ "type":{ "shape":"String", "documentation":"The JSON schema that denotes the type of event this is, such as a page load or a new session.
" + }, + "metadata":{ + "shape":"JsonValue", + "documentation":"Metadata about this event, which contains a JSON serialization of the identity of the user for this session. The user information comes from information such as the HTTP user-agent request header and document interface.
", + "jsonvalue":true + }, + "details":{ + "shape":"JsonValue", + "documentation":"A string containing details about the event.
", + "jsonvalue":true } }, "documentation":"A structure that contains the information for one performance event that RUM collects from a user session with your application.
" @@ -1689,7 +1711,7 @@ "type":"string", "max":36, "min":36, - "pattern":"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$" + "pattern":"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" }, "RumEventList":{ "type":"list", @@ -1726,7 +1748,7 @@ "type":"string", "max":128, "min":1, - "pattern":"^(?!aws:)[a-zA-Z+-=._:/]+$" + "pattern":"(?!aws:)[a-zA-Z+-=._:/]+" }, "TagKeyList":{ "type":"list", @@ -1760,8 +1782,7 @@ }, "TagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "TagValue":{ "type":"string", @@ -1785,6 +1806,10 @@ "required":["message"], "members":{ "message":{"shape":"String"}, + "serviceCode":{ + "shape":"String", + "documentation":"The ID of the service that is associated with the error.
" + }, "quotaCode":{ "shape":"String", "documentation":"The ID of the service quota that was exceeded.
" @@ -1794,10 +1819,6 @@ "documentation":"The value of a parameter in the request caused an error.
", "location":"header", "locationName":"Retry-After" - }, - "serviceCode":{ - "shape":"String", - "documentation":"The ID of the service that is associated with the error.
" } }, "documentation":"The request was throttled because of quota limits.
", @@ -1853,49 +1874,47 @@ }, "UntagResourceResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateAppMonitorRequest":{ "type":"structure", "required":["Name"], "members":{ + "Name":{ + "shape":"AppMonitorName", + "documentation":"The name of the app monitor to update.
", + "location":"uri", + "locationName":"Name" + }, + "Domain":{ + "shape":"AppMonitorDomain", + "documentation":"The top-level internet domain name for which your application has administrative authority.
" + }, + "DomainList":{ + "shape":"AppMonitorDomainList", + "documentation":" List the domain names for which your application has administrative authority. The UpdateAppMonitor allows either the domain or the domain list.
A structure that contains much of the configuration data for the app monitor. If you are using Amazon Cognito for authorization, you must include this structure in your request, and it must include the ID of the Amazon Cognito identity pool to use for authorization. If you don't include AppMonitorConfiguration, you must set up your own authorization method. For more information, see Authorize your application to send data to Amazon Web Services.
Specifies whether this app monitor allows the web client to define and send custom events. The default is for custom events to be DISABLED.
For more information about custom events, see Send custom events.
" - }, "CwLogEnabled":{ "shape":"Boolean", "documentation":"Data collected by RUM is kept by RUM for 30 days and then deleted. This parameter specifies whether RUM sends a copy of this telemetry data to Amazon CloudWatch Logs in your account. This enables you to keep the telemetry data for more than 30 days, but it does incur Amazon CloudWatch Logs charges.
" }, + "CustomEvents":{ + "shape":"CustomEvents", + "documentation":"Specifies whether this app monitor allows the web client to define and send custom events. The default is for custom events to be DISABLED.
For more information about custom events, see Send custom events.
" + }, "DeobfuscationConfiguration":{ "shape":"DeobfuscationConfiguration", "documentation":"A structure that contains the configuration for how an app monitor can deobfuscate stack traces.
" - }, - "Domain":{ - "shape":"AppMonitorDomain", - "documentation":"The top-level internet domain name for which your application has administrative authority.
" - }, - "DomainList":{ - "shape":"AppMonitorDomainList", - "documentation":" List the domain names for which your application has administrative authority. The UpdateAppMonitor allows either the domain or the domain list.
The name of the app monitor to update.
", - "location":"uri", - "locationName":"Name" } } }, "UpdateAppMonitorResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "UpdateRumMetricDefinitionRequest":{ "type":"structure", @@ -1932,25 +1951,24 @@ }, "UpdateRumMetricDefinitionResponse":{ "type":"structure", - "members":{ - } + "members":{} }, "Url":{ "type":"string", "max":1260, "min":1, - "pattern":"https?:\\/\\/(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}\\b([-a-zA-Z0-9()@:%_\\+.~#?&*//=]*)" + "pattern":".*https?:\\/\\/(www\\.)?[-a-zA-Z0-9@:%._\\+~#=]{1,256}\\.[a-zA-Z0-9()]{1,6}\\b([-a-zA-Z0-9()@:%_\\+.~#?&*//=]*).*" }, "UserDetails":{ "type":"structure", "members":{ - "sessionId":{ - "shape":"UserDetailsSessionIdString", - "documentation":"The session ID that the performance events are from.
" - }, "userId":{ "shape":"UserDetailsUserIdString", "documentation":"The ID of the user for this user session. This ID is generated by RUM and does not include any personally identifiable information about the user.
" + }, + "sessionId":{ + "shape":"UserDetailsSessionIdString", + "documentation":"The session ID that the performance events are from.
" } }, "documentation":"A structure that contains information about the user session that this batch of events was collected from.
" @@ -1959,13 +1977,13 @@ "type":"string", "max":36, "min":36, - "pattern":"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$" + "pattern":"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" }, "UserDetailsUserIdString":{ "type":"string", "max":36, "min":36, - "pattern":"^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$" + "pattern":"[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}" }, "ValidationException":{ "type":"structure", diff --git a/awscli/botocore/data/rum/2018-05-10/waiters-2.json b/awscli/botocore/data/rum/2018-05-10/waiters-2.json new file mode 100644 index 000000000000..13f60ee66be6 --- /dev/null +++ b/awscli/botocore/data/rum/2018-05-10/waiters-2.json @@ -0,0 +1,5 @@ +{ + "version": 2, + "waiters": { + } +} diff --git a/awscli/botocore/data/s3/2006-03-01/service-2.json b/awscli/botocore/data/s3/2006-03-01/service-2.json index 84bbf5a87cc2..3add914bbff9 100644 --- a/awscli/botocore/data/s3/2006-03-01/service-2.json +++ b/awscli/botocore/data/s3/2006-03-01/service-2.json @@ -308,7 +308,7 @@ "responseCode":204 }, "input":{"shape":"DeleteBucketTaggingRequest"}, - "documentation":"This operation is not supported for directory buckets.
Deletes the tags from the bucket.
To use this operation, you must have permission to perform the s3:PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
The following operations are related to DeleteBucketTagging:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation is not supported for directory buckets.
Deletes tags from the general purpose bucket if attribute based access control (ABAC) is not enabled for the bucket. When you enable ABAC for a general purpose bucket, you can no longer use this operation for that bucket and must use UntagResource instead.
if ABAC is not enabled for the bucket. When you enable ABAC for a general purpose bucket, you can no longer use this operation for that bucket and must use UntagResource instead.
To use this operation, you must have permission to perform the s3:PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
The following operations are related to DeleteBucketTagging:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Removes an object from a bucket. The behavior depends on the bucket's versioning state:
If bucket versioning is not enabled, the operation permanently deletes the object.
If bucket versioning is enabled, the operation inserts a delete marker, which becomes the current version of the object. To permanently delete an object in a versioned bucket, you must include the object’s versionId in the request. For more information about versioning-enabled buckets, see Deleting object versions from a versioning-enabled bucket.
If bucket versioning is suspended, the operation removes the object that has a null versionId, if there is one, and inserts a delete marker that becomes the current version of the object. If there isn't an object with a null versionId, and all versions of the object have a versionId, Amazon S3 does not remove the object and only inserts a delete marker. To permanently delete an object that has a versionId, you must include the object’s versionId in the request. For more information about versioning-suspended buckets, see Deleting objects from versioning-suspended buckets.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
To remove a specific version, you must use the versionId query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker to true.
If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS. For more information about MFA Delete, see Using MFA Delete in the Amazon S3 User Guide. To see sample requests that use versioning, see Sample Request.
Directory buckets - MFA delete is not supported by directory buckets.
You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.
Directory buckets - S3 Lifecycle is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always have the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following action is related to DeleteObject:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
The If-Match header is supported for both general purpose and directory buckets. IfMatchLastModifiedTime and IfMatchSize is only supported for directory buckets.
Removes an object from a bucket. The behavior depends on the bucket's versioning state:
If bucket versioning is not enabled, the operation permanently deletes the object.
If bucket versioning is enabled, the operation inserts a delete marker, which becomes the current version of the object. To permanently delete an object in a versioned bucket, you must include the object’s versionId in the request. For more information about versioning-enabled buckets, see Deleting object versions from a versioning-enabled bucket.
If bucket versioning is suspended, the operation removes the object that has a null versionId, if there is one, and inserts a delete marker that becomes the current version of the object. If there isn't an object with a null versionId, and all versions of the object have a versionId, Amazon S3 does not remove the object and only inserts a delete marker. To permanently delete an object that has a versionId, you must include the object’s versionId in the request. For more information about versioning-suspended buckets, see Deleting objects from versioning-suspended buckets.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets. For this API operation, only the null value of the version ID is supported by directory buckets. You can only specify null to the versionId query parameter in the request.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
To remove a specific version, you must use the versionId query parameter. Using this query parameter permanently deletes the version. If the object deleted is a delete marker, Amazon S3 sets the response header x-amz-delete-marker to true.
If the object you want to delete is in a bucket where the bucket versioning configuration is MFA Delete enabled, you must include the x-amz-mfa request header in the DELETE versionId request. Requests that include x-amz-mfa must use HTTPS. For more information about MFA Delete, see Using MFA Delete in the Amazon S3 User Guide. To see sample requests that use versioning, see Sample Request.
Directory buckets - MFA delete is not supported by directory buckets.
You can delete objects by explicitly calling DELETE Object or calling (PutBucketLifecycle) to enable Amazon S3 to remove them for you. If you want to block users or accounts from removing or deleting objects from your bucket, you must deny them the s3:DeleteObject, s3:DeleteObjectVersion, and s3:PutLifeCycleConfiguration actions.
Directory buckets - S3 Lifecycle is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always have the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must have the s3:DeleteObjectVersion permission.
If the s3:DeleteObject or s3:DeleteObjectVersion permissions are explicitly denied in your bucket policy, attempts to delete any unversioned objects result in a 403 Access Denied error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following action is related to DeleteObject:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
The If-Match header is supported for both general purpose and directory buckets. IfMatchLastModifiedTime and IfMatchSize is only supported for directory buckets.
This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.
The request can contain a list of up to 1,000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. If the object specified in the request isn't found, Amazon S3 confirms the deletion by returning the result as deleted.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.
When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.
Directory buckets - MFA delete is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.
Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to DeleteObjects:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation enables you to delete multiple objects from a bucket using a single HTTP request. If you know the object keys that you want to delete, then this operation provides a suitable alternative to sending individual delete requests, reducing per-request overhead.
The request can contain a list of up to 1,000 keys that you want to delete. In the XML, you provide the object key names, and optionally, version IDs if you want to delete a specific version of the object from a versioning-enabled bucket. For each key, Amazon S3 performs a delete operation and returns the result of that delete, success or failure, in the response. If the object specified in the request isn't found, Amazon S3 confirms the deletion by returning the result as deleted.
Directory buckets - S3 Versioning isn't enabled and supported for directory buckets.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
The operation supports two modes for the response: verbose and quiet. By default, the operation uses verbose mode in which the response includes the result of deletion of each key in your request. In quiet mode the response includes only keys where the delete operation encountered an error. For a successful deletion in a quiet mode, the operation does not return any information about the delete in the response body.
When performing this action on an MFA Delete enabled bucket, that attempts to delete any versioned objects, you must include an MFA token. If you do not provide one, the entire request will fail, even if there are non-versioned objects you are trying to delete. If you provide an invalid token, whether there are versioned keys in the request or not, the entire Multi-Object Delete request will fail. For information about MFA Delete, see MFA Delete in the Amazon S3 User Guide.
Directory buckets - MFA delete is not supported by directory buckets.
General purpose bucket permissions - The following permissions are required in your policies when your DeleteObjects request includes specific headers.
s3:DeleteObject - To delete an object from a bucket, you must always specify the s3:DeleteObject permission.
s3:DeleteObjectVersion - To delete a specific version of an object from a versioning-enabled bucket, you must specify the s3:DeleteObjectVersion permission.
If the s3:DeleteObject or s3:DeleteObjectVersion permissions are explicitly denied in your bucket policy, attempts to delete any unversioned objects result in a 403 Access Denied error.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
General purpose bucket - The Content-MD5 request header is required for all Multi-Object Delete requests. Amazon S3 uses the header value to ensure that your request body has not been altered in transit.
Directory bucket - The Content-MD5 request header or a additional checksum request header (including x-amz-checksum-crc32, x-amz-checksum-crc32c, x-amz-checksum-sha1, or x-amz-checksum-sha256) is required for all Multi-Object Delete requests.
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to DeleteObjects:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Returns the attribute-based access control (ABAC) property of the general purpose bucket. If the bucket ABAC is enabled, you can use tags for bucket access control. For more information, see Enabling ABAC in general purpose buckets. Whether ABAC is enabled or disabled, you can use tags for cost tracking. For more information, see Using tags with S3 general purpose buckets.
" + }, "GetBucketAccelerateConfiguration":{ "name":"GetBucketAccelerateConfiguration", "http":{ @@ -435,7 +445,7 @@ }, "input":{"shape":"GetBucketEncryptionRequest"}, "output":{"shape":"GetBucketEncryptionOutput"}, - "documentation":"Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets - For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see Setting default server-side encryption behavior for directory buckets.
General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to GetBucketEncryption:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Returns the default encryption configuration for an Amazon S3 bucket. By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3). This operation also returns the BucketKeyEnabled and BlockedEncryptionTypes statuses.
General purpose buckets - For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. For information about the default encryption configuration in directory buckets, see Setting default server-side encryption behavior for directory buckets.
General purpose bucket permissions - The s3:GetEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:GetEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to GetBucketEncryption:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation is not supported for directory buckets.
Returns the tag set associated with the bucket.
To use this operation, you must have permission to perform the s3:GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
Error code: NoSuchTagSet
Description: There is no tag set associated with the bucket.
The following operations are related to GetBucketTagging:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation is not supported for directory buckets.
Returns the tag set associated with the general purpose bucket.
if ABAC is not enabled for the bucket. When you enable ABAC for a general purpose bucket, you can no longer use this operation for that bucket and must use ListTagsForResource instead.
To use this operation, you must have permission to perform the s3:GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.
GetBucketTagging has the following special error:
Error code: NoSuchTagSet
Description: There is no tag set associated with the bucket.
The following operations are related to GetBucketTagging:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
End of support notice: Beginning November 21, 2025, Amazon S3 will stop returning DisplayName. Update your applications to use canonical IDs (unique identifier for Amazon Web Services accounts), Amazon Web Services account ID (12 digit identifier) or IAM ARNs (full resource naming) as a direct replacement of DisplayName.
This change affects the following Amazon Web Services Regions: US East (N. Virginia) Region, US West (N. California) Region, US West (Oregon) Region, Asia Pacific (Singapore) Region, Asia Pacific (Sydney) Region, Asia Pacific (Tokyo) Region, Europe (Ireland) Region, and South America (São Paulo) Region.
Lists the parts that have been uploaded for a specific multipart upload.
To use this operation, you must provide the upload ID in the request. You obtain this uploadID by sending the initiate multipart upload request through CreateMultipartUpload.
The ListParts request returns a maximum of 1,000 uploaded parts. The limit of 1,000 parts is also the default value. You can restrict the number of parts in a response by specifying the max-parts request parameter. If your multipart upload consists of more than 1,000 parts, the response returns an IsTruncated field with the value of true, and a NextPartNumberMarker element. To list remaining uploaded parts, in subsequent ListParts requests, include the part-number-marker query string parameter and set its value to the NextPartNumberMarker field value from the previous response.
For more information on multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
General purpose bucket permissions - For information about permissions required to use the multipart upload API, see Multipart Upload and Permissions in the Amazon S3 User Guide.
If the upload was created using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS), you must have permission to the kms:Decrypt action for the ListParts request to succeed.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to ListParts:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Sets the attribute-based access control (ABAC) property of the general purpose bucket. When you enable ABAC, you can use tags for bucket access control. Additionally, when ABAC is enabled, you must use the TagResource, UntagResource, and ListTagsForResource actions to manage bucket tags, and you can nolonger use the PutBucketTagging and DeleteBucketTagging actions to tag the bucket. You must also have the correct permissions for these actions. For more information, see Enabling ABAC in general purpose buckets.
", + "httpChecksum":{ + "requestAlgorithmMember":"ChecksumAlgorithm", + "requestChecksumRequired":false + } + }, "PutBucketAccelerateConfiguration":{ "name":"PutBucketAccelerateConfiguration", "http":{ @@ -1023,7 +1046,7 @@ "requestUri":"/{Bucket}?encryption" }, "input":{"shape":"PutBucketEncryptionRequest"}, - "documentation":"This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets
You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests.
Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS).
We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported.
S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
For directory buckets, if you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests.
If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Also, this action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to PutBucketEncryption:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation configures default encryption and Amazon S3 Bucket Keys for an existing bucket. You can also block encryption types using this operation.
Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region-code.amazonaws.com/bucket-name . Virtual-hosted-style requests aren't supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
By default, all buckets have a default encryption configuration that uses server-side encryption with Amazon S3 managed keys (SSE-S3).
General purpose buckets
You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS) or dual-layer server-side encryption with Amazon Web Services KMS keys (DSSE-KMS). If you specify default encryption by using SSE-KMS, you can also configure Amazon S3 Bucket Keys. For information about the bucket default encryption feature, see Amazon S3 Bucket Default Encryption in the Amazon S3 User Guide.
If you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, you should verify that your KMS key ID is correct. Amazon S3 doesn't validate the KMS key ID provided in PutBucketEncryption requests.
Directory buckets - You can optionally configure default encryption for a bucket by using server-side encryption with Key Management Service (KMS) keys (SSE-KMS).
We recommend that the bucket's default encryption uses the desired encryption configuration and you don't override the bucket default encryption in your CreateSession requests or PUT object requests. Then, new objects are automatically encrypted with the desired encryption settings. For more information about the encryption overriding behaviors in directory buckets, see Specifying server-side encryption with KMS for new object uploads.
Your SSE-KMS configuration can only support 1 customer managed key per directory bucket's lifetime. The Amazon Web Services managed key (aws/s3) isn't supported.
S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
For directory buckets, if you use PutBucketEncryption to set your default bucket encryption to SSE-KMS, Amazon S3 validates the KMS key ID provided in PutBucketEncryption requests.
If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Also, this action requires Amazon Web Services Signature Version 4. For more information, see Authenticating Requests (Amazon Web Services Signature Version 4).
General purpose bucket permissions - The s3:PutEncryptionConfiguration permission is required in a policy. The bucket owner has this permission by default. The bucket owner can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Operations and Managing Access Permissions to Your Amazon S3 Resources in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation, you must have the s3express:PutEncryptionConfiguration permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
To set a directory bucket default encryption with SSE-KMS, you must also have the kms:GenerateDataKey and the kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the target KMS key.
Directory buckets - The HTTP Host header syntax is s3express-control.region-code.amazonaws.com.
The following operations are related to PutBucketEncryption:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation is not supported for directory buckets.
Sets the tags for a bucket.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.
When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.
To use this operation, you must have permissions to perform the s3:PutBucketTagging action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
PutBucketTagging has the following special errors. For more Amazon S3 errors see, Error Responses.
InvalidTag - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see Using Cost Allocation in Amazon S3 Bucket Tags.
MalformedXML - The XML provided does not match the schema.
OperationAborted - A conflicting conditional action is currently in progress against this resource. Please try again.
InternalError - The service was unable to apply the provided tag to the bucket.
The following operations are related to PutBucketTagging:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
This operation is not supported for directory buckets.
Sets the tags for a general purpose bucket if attribute based access control (ABAC) is not enabled for the bucket. When you enable ABAC for a general purpose bucket, you can no longer use this operation for that bucket and must use the TagResource or UntagResource operations instead.
if ABAC is not enabled for the bucket. When you enable ABAC for a general purpose bucket, you can no longer use this operation for that bucket and must use TagResource instead.
Use tags to organize your Amazon Web Services bill to reflect your own cost structure. To do this, sign up to get your Amazon Web Services account bill with tag key values included. Then, to see the cost of combined resources, organize your billing information according to resources with the same tag key values. For example, you can tag several resources with a specific application name, and then organize your billing information to see the total cost of that application across several services. For more information, see Cost Allocation and Tagging and Using Cost Allocation in Amazon S3 Bucket Tags.
When this operation sets the tags for a bucket, it will overwrite any current tags the bucket already has. You cannot use this operation to add tags to an existing list of tags.
To use this operation, you must have permissions to perform the s3:PutBucketTagging action. The bucket owner has this permission by default and can grant this permission to others. For more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing Access Permissions to Your Amazon S3 Resources.
PutBucketTagging has the following special errors. For more Amazon S3 errors see, Error Responses.
InvalidTag - The tag provided was not a valid tag. This error can occur if the tag did not pass input validation. For more information, see Using Cost Allocation in Amazon S3 Bucket Tags.
MalformedXML - The XML provided does not match the schema.
OperationAborted - A conflicting conditional action is currently in progress against this resource. Please try again.
InternalError - The service was unable to apply the provided tag to the bucket.
The following operations are related to PutBucketTagging:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Uploads a part in a multipart upload.
In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.
You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request.
Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs.
These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C).
Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.
If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers.
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms).
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to UploadPart:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Uploads a part in a multipart upload.
In this operation, you provide new data as a part of an object in your request. However, you have an option to specify your existing Amazon S3 object as a data source for the part you are uploading. To upload a part from an existing object, you use the UploadPartCopy operation.
You must initiate a multipart upload (see CreateMultipartUpload) before you can upload any part. In response to your initiate request, Amazon S3 returns an upload ID, a unique identifier that you must include in your upload part request.
Part numbers can be any number from 1 to 10,000, inclusive. A part number uniquely identifies a part and also defines its position within the object being created. If you upload a new part using the same part number that was used with a previous part, the previously uploaded part is overwritten.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
After you initiate multipart upload and upload one or more parts, you must either complete or abort multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the parts storage.
For more information on multipart uploads, go to Multipart Upload Overview in the Amazon S3 User Guide .
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
General purpose bucket permissions - To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs.
These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the CreateSession API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see CreateSession .
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
General purpose bucket - To ensure that data is not corrupted traversing the network, specify the Content-MD5 header in the upload part request. Amazon S3 checks the part data against the provided MD5 value. If they do not match, Amazon S3 returns an error. If the upload request is signed with Signature Version 4, then Amazon Web Services S3 uses the x-amz-content-sha256 header as a checksum instead of Content-MD5. For more information see Authenticating Requests: Using the Authorization Header (Amazon Web Services Signature Version 4).
Directory buckets - MD5 is not supported by directory buckets. You can use checksum algorithms to check object integrity.
General purpose bucket - Server-side encryption is for data encryption at rest. Amazon S3 encrypts your data as it writes it to disks in its data centers and decrypts it when you access it. You have mutually exclusive options to protect data using server-side encryption in Amazon S3, depending on how you choose to manage the encryption keys. Specifically, the encryption key options are Amazon S3 managed keys (SSE-S3), Amazon Web Services KMS keys (SSE-KMS), and Customer-Provided Keys (SSE-C). Amazon S3 encrypts data with server-side encryption using Amazon S3 managed keys (SSE-S3) by default. You can optionally tell Amazon S3 to encrypt data at rest using server-side encryption with other key options. The option you use depends on whether you want to use KMS keys (SSE-KMS) or provide your own encryption key (SSE-C).
Server-side encryption is supported by the S3 Multipart Upload operations. Unless you are using a customer-provided encryption key (SSE-C), you don't need to specify the encryption parameters in each UploadPart request. Instead, you only need to specify the server-side encryption parameters in the initial Initiate Multipart request. For more information, see CreateMultipartUpload.
If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see Blocking or unblocking SSE-C for a general purpose bucket.
If you request server-side encryption using a customer-provided encryption key (SSE-C) in your initiate multipart upload request, you must provide identical encryption information in each part upload using the following request headers.
x-amz-server-side-encryption-customer-algorithm
x-amz-server-side-encryption-customer-key
x-amz-server-side-encryption-customer-key-MD5
For more information, see Using Server-Side Encryption in the Amazon S3 User Guide.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms).
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
SOAP Fault Code Prefix: Client
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to UploadPart:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.
You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request.
For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
You must have READ access to the source object and WRITE access to the destination bucket.
General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.
If the source object is in a general purpose bucket, you must have the s3:GetObject permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the s3:PutObject permission to write the object copy to the destination bucket.
To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.
If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.
S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through UploadPartCopy. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
Error Code: InvalidRequest
Description: The specified copy source is not supported as a byte-range copy source.
HTTP Status Code: 400 Bad Request
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to UploadPartCopy:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
Uploads a part by copying data from an existing object as data source. To specify the data source, you add the request header x-amz-copy-source in your request. To specify a byte range, you add the request header x-amz-copy-source-range in your request.
For information about maximum and minimum part sizes and other multipart upload specifications, see Multipart upload limits in the Amazon S3 User Guide.
Instead of copying data from an existing object as part data, you might use the UploadPart action to upload new data as a part of an object in your request.
You must initiate a multipart upload before you can upload any part. In response to your initiate request, Amazon S3 returns the upload ID, a unique identifier that you must include in your upload part request.
For conceptual information about multipart uploads, see Uploading Objects Using Multipart Upload in the Amazon S3 User Guide. For information about copying objects using a single atomic action vs. a multipart upload, see Operations on Objects in the Amazon S3 User Guide.
Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://amzn-s3-demo-bucket.s3express-zone-id.region-code.amazonaws.com/key-name . Path-style requests are not supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for directory buckets in Availability Zones in the Amazon S3 User Guide. For more information about endpoints in Local Zones, see Concepts for directory buckets in Local Zones in the Amazon S3 User Guide.
All UploadPartCopy requests must be authenticated and signed by using IAM credentials (access key ID and secret access key for the IAM identities). All headers with the x-amz- prefix, including x-amz-copy-source, must be signed. For more information, see REST Authentication.
Directory buckets - You must use IAM credentials to authenticate and authorize your access to the UploadPartCopy API operation, instead of using the temporary security credentials through the CreateSession API operation.
Amazon Web Services CLI or SDKs handles authentication and authorization on your behalf.
You must have READ access to the source object and WRITE access to the destination bucket.
General purpose bucket permissions - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an UploadPartCopy operation.
If the source object is in a general purpose bucket, you must have the s3:GetObject permission to read the source object that is being copied.
If the destination bucket is a general purpose bucket, you must have the s3:PutObject permission to write the object copy to the destination bucket.
To perform a multipart upload with encryption using an Key Management Service key, the requester must have permission to the kms:Decrypt and kms:GenerateDataKey actions on the key. The requester must also have permissions for the kms:GenerateDataKey action for the CreateMultipartUpload API. Then, the requester needs permissions for the kms:Decrypt action on the UploadPart and UploadPartCopy APIs. These permissions are required because Amazon S3 must decrypt and read data from the encrypted file parts before it completes the multipart upload. For more information about KMS permissions, see Protecting data using server-side encryption with KMS in the Amazon S3 User Guide. For information about the permissions required to use the multipart upload API, see Multipart upload and permissions and Multipart upload API and permissions in the Amazon S3 User Guide.
Directory bucket permissions - You must have permissions in a bucket policy or an IAM identity-based policy based on the source and destination bucket types in an UploadPartCopy operation.
If the source object that you want to copy is in a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to read the object. By default, the session is in the ReadWrite mode. If you want to restrict the access, you can explicitly set the s3express:SessionMode condition key to ReadOnly on the copy source bucket.
If the copy destination is a directory bucket, you must have the s3express:CreateSession permission in the Action element of a policy to write the object to the destination. The s3express:SessionMode condition key cannot be set to ReadOnly on the copy destination.
If the object is encrypted with SSE-KMS, you must also have the kms:GenerateDataKey and kms:Decrypt permissions in IAM identity-based policies and KMS key policies for the KMS key.
For example policies, see Example bucket policies for S3 Express One Zone and Amazon Web Services Identity and Access Management (IAM) identity-based policies for S3 Express One Zone in the Amazon S3 User Guide.
General purpose buckets - For information about using server-side encryption with customer-provided encryption keys with the UploadPartCopy operation, see CopyObject and UploadPart.
If you have server-side encryption with customer-provided keys (SSE-C) blocked for your general purpose bucket, you will get an HTTP 403 Access Denied error when you specify the SSE-C request headers while writing new data to your bucket. For more information, see Blocking or unblocking SSE-C for a general purpose bucket.
Directory buckets - For directory buckets, there are only two supported options for server-side encryption: server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) and server-side encryption with KMS keys (SSE-KMS) (aws:kms). For more information, see Protecting data with server-side encryption in the Amazon S3 User Guide.
For directory buckets, when you perform a CreateMultipartUpload operation and an UploadPartCopy operation, the request headers you provide in the CreateMultipartUpload request must match the default encryption configuration of the destination bucket.
S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through UploadPartCopy. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
Error Code: NoSuchUpload
Description: The specified multipart upload does not exist. The upload ID might be invalid, or the multipart upload might have been aborted or completed.
HTTP Status Code: 404 Not Found
Error Code: InvalidRequest
Description: The specified copy source is not supported as a byte-range copy source.
HTTP Status Code: 400 Bad Request
Directory buckets - The HTTP Host header syntax is Bucket-name.s3express-zone-id.region-code.amazonaws.com.
The following operations are related to UploadPartCopy:
You must URL encode any signed header values that contain spaces. For example, if your header value is my file.txt, containing two spaces after my, you must URL encode this value to my%20%20file.txt.
The ABAC status of the general purpose bucket.
" + } + }, + "documentation":"The ABAC status of the general purpose bucket. When ABAC is enabled for the general purpose bucket, you can use tags to manage access to the general purpose buckets as well as for cost tracking purposes. When ABAC is disabled for the general purpose buckets, you can only use tags for cost tracking purposes. For more information, see Using tags with S3 general purpose buckets.
" + }, "AbortDate":{"type":"timestamp"}, "AbortIncompleteMultipartUpload":{ "type":"structure", @@ -1735,6 +1768,16 @@ "DEEP_ARCHIVE_ACCESS" ] }, + "BlockedEncryptionTypes":{ + "type":"structure", + "members":{ + "EncryptionType":{ + "shape":"EncryptionTypeList", + "documentation":"The object encryption type that you want to block or unblock for an Amazon S3 general purpose bucket.
Currently, this parameter only supports blocking or unblocking server side encryption with customer-provided keys (SSE-C). For more information about SSE-C, see Using server-side encryption with customer-provided keys (SSE-C).
A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block PutObject, CopyObject, PostObject, multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see Blocking an encryption type for a general purpose bucket.
This data type is used with the following actions:
You must have the s3:PutEncryptionConfiguration permission to block or unblock an encryption type for a bucket.
You must have the s3:GetEncryptionConfiguration permission to view a bucket's encryption type.
In terms of implementation, a Bucket is a resource.
" }, + "BucketAbacStatus":{ + "type":"string", + "enum":[ + "Enabled", + "Disabled" + ] + }, "BucketAccelerateStatus":{ "type":"string", "enum":[ @@ -2862,7 +2912,7 @@ }, "Tags":{ "shape":"TagSet", - "documentation":"An array of tags that you can apply to the bucket that you're creating. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access.
This parameter is only supported for S3 directory buckets. For more information, see Using tags with directory buckets.
You must have the s3express:TagResource permission to create a directory bucket with tags.
An array of tags that you can apply to the bucket that you're creating. Tags are key-value pairs of metadata used to categorize and organize your buckets, track costs, and control access.
This parameter is only supported for S3 directory buckets. For more information, see Using tags with directory buckets.
You must have the s3express:TagResource permission to create a directory bucket with tags.
The configuration information for the bucket.
" @@ -4170,6 +4220,21 @@ }, "documentation":"Specifies encryption-related information for an Amazon S3 bucket that is a destination for replicated objects.
If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
The ABAC status of the general purpose bucket.
" + } + }, + "payload":"AbacStatus" + }, + "GetBucketAbacRequest":{ + "type":"structure", + "required":["Bucket"], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"The name of the general purpose bucket.
", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"The Amazon Web Services account ID of the general purpose bucket's owner.
", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + } + } + }, "GetBucketAccelerateConfigurationOutput":{ "type":"structure", "members":{ @@ -9082,6 +9176,47 @@ }, "documentation":"The PublicAccessBlock configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. For more information about when Amazon S3 considers a bucket or object public, see The Meaning of \"Public\" in the Amazon S3 User Guide.
" }, + "PutBucketAbacRequest":{ + "type":"structure", + "required":[ + "Bucket", + "AbacStatus" + ], + "members":{ + "Bucket":{ + "shape":"BucketName", + "documentation":"The name of the general purpose bucket.
", + "contextParam":{"name":"Bucket"}, + "location":"uri", + "locationName":"Bucket" + }, + "ContentMD5":{ + "shape":"ContentMD5", + "documentation":"The MD5 hash of the PutBucketAbac request body.
For requests made using the Amazon Web Services Command Line Interface (CLI) or Amazon Web Services SDKs, this field is calculated automatically.
", + "location":"header", + "locationName":"Content-MD5" + }, + "ChecksumAlgorithm":{ + "shape":"ChecksumAlgorithm", + "documentation":"Indicates the algorithm that you want Amazon S3 to use to create the checksum. For more information, see Checking object integrity in the Amazon S3 User Guide.
", + "location":"header", + "locationName":"x-amz-sdk-checksum-algorithm" + }, + "ExpectedBucketOwner":{ + "shape":"AccountId", + "documentation":"The Amazon Web Services account ID of the general purpose bucket's owner.
", + "location":"header", + "locationName":"x-amz-expected-bucket-owner" + }, + "AbacStatus":{ + "shape":"AbacStatus", + "documentation":"The ABAC status of the general purpose bucket. When ABAC is enabled for the general purpose bucket, you can use tags to manage access to the general purpose buckets as well as for cost tracking purposes. When ABAC is disabled for the general purpose buckets, you can only use tags for cost tracking purposes. For more information, see Using tags with S3 general purpose buckets.
", + "locationName":"AbacStatus", + "xmlNamespace":{"uri":"http://s3.amazonaws.com/doc/2006-03-01/"} + } + }, + "payload":"AbacStatus" + }, "PutBucketAccelerateConfigurationRequest":{ "type":"structure", "required":[ @@ -10786,7 +10921,7 @@ "members":{ "Payload":{ "shape":"Body", - "documentation":"The byte array of partial, one or more result records. S3 Select doesn't guarantee that a record will be self-contained in one record frame. To ensure continuous streaming of data, S3 Select might split the same record across multiple record frames instead of aggregating the results in memory. Some S3 clients (for example, the SDKforJava) handle this behavior by creating a ByteStream out of the response by default. Other clients might not handle this behavior by default. In those cases, you must aggregate the results on the client side and parse the response.
The byte array of partial, one or more result records. S3 Select doesn't guarantee that a record will be self-contained in one record frame. To ensure continuous streaming of data, S3 Select might split the same record across multiple record frames instead of aggregating the results in memory. Some S3 clients (for example, the SDK for Java) handle this behavior by creating a ByteStream out of the response by default. Other clients might not handle this behavior by default. In those cases, you must aggregate the results on the client side and parse the response.
Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the BucketKeyEnabled element to true causes Amazon S3 to use an S3 Bucket Key.
General purpose buckets - By default, S3 Bucket Key is not enabled. For more information, see Amazon S3 Bucket Keys in the Amazon S3 User Guide.
Directory buckets - S3 Bucket Keys are always enabled for GET and PUT operations in a directory bucket and can’t be disabled. S3 Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects from general purpose buckets to directory buckets, from directory buckets to general purpose buckets, or between directory buckets, through CopyObject, UploadPartCopy, the Copy operation in Batch Operations, or the import jobs. In this case, Amazon S3 makes a call to KMS every time a copy request is made for a KMS-encrypted object.
A bucket-level setting for Amazon S3 general purpose buckets used to prevent the upload of new objects encrypted with the specified server-side encryption type. For example, blocking an encryption type will block PutObject, CopyObject, PostObject, multipart upload, and replication requests to the bucket for objects with the specified encryption type. However, you can continue to read and list any pre-existing objects already encrypted with the specified encryption type. For more information, see Blocking an encryption type for a general purpose bucket.
Currently, this parameter only supports blocking or unblocking Server Side Encryption with Customer Provided Keys (SSE-C). For more information about SSE-C, see Using server-side encryption with customer-provided keys (SSE-C).
Specifies the default server-side encryption configuration.
General purpose buckets - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.
Directory buckets - When you specify an KMS customer managed key for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.
Deletes the encryption configuration for a table bucket.
You must have the s3tables:DeleteTableBucketEncryption permission to use this operation.
Deletes the metrics configuration for a table bucket.
You must have the s3tables:DeleteTableBucketMetricsConfiguration permission to use this operation.
Gets details about a maintenance configuration for a given table bucket. For more information, see Amazon S3 table bucket maintenance in the Amazon Simple Storage Service User Guide.
You must have the s3tables:GetTableBucketMaintenanceConfiguration permission to use this operation.
Gets the metrics configuration for a table bucket.
You must have the s3tables:GetTableBucketMetricsConfiguration permission to use this operation.
Creates a new maintenance configuration or replaces an existing maintenance configuration for a table bucket. For more information, see Amazon S3 table bucket maintenance in the Amazon Simple Storage Service User Guide.
You must have the s3tables:PutTableBucketMaintenanceConfiguration permission to use this operation.
Sets the metrics configuration for a table bucket.
You must have the s3tables:PutTableBucketMetricsConfiguration permission to use this operation.
The Amazon Resource Name (ARN) of the table bucket.
", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, "DeleteTableBucketPolicyRequest":{ "type":"structure", "required":["tableBucketARN"], @@ -1097,6 +1167,32 @@ } } }, + "GetTableBucketMetricsConfigurationRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"The Amazon Resource Name (ARN) of the table bucket.
", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, + "GetTableBucketMetricsConfigurationResponse":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"The Amazon Resource Name (ARN) of the table bucket.
" + }, + "id":{ + "shape":"String", + "documentation":"The unique identifier of the metrics configuration.
" + } + } + }, "GetTableBucketPolicyRequest":{ "type":"structure", "required":["tableBucketARN"], @@ -1911,6 +2007,18 @@ } } }, + "PutTableBucketMetricsConfigurationRequest":{ + "type":"structure", + "required":["tableBucketARN"], + "members":{ + "tableBucketARN":{ + "shape":"TableBucketARN", + "documentation":"The Amazon Resource Name (ARN) of the table bucket.
", + "location":"uri", + "locationName":"tableBucketARN" + } + } + }, "PutTableBucketPolicyRequest":{ "type":"structure", "required":[ diff --git a/awscli/botocore/data/sagemaker/2017-07-24/service-2.json b/awscli/botocore/data/sagemaker/2017-07-24/service-2.json index df871a7abfc6..553dfa81d1f1 100644 --- a/awscli/botocore/data/sagemaker/2017-07-24/service-2.json +++ b/awscli/botocore/data/sagemaker/2017-07-24/service-2.json @@ -104,6 +104,32 @@ "output":{"shape":"BatchDescribeModelPackageOutput"}, "documentation":"This action batch describes a list of versioned model packages
" }, + "BatchRebootClusterNodes":{ + "name":"BatchRebootClusterNodes", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"BatchRebootClusterNodesRequest"}, + "output":{"shape":"BatchRebootClusterNodesResponse"}, + "errors":[ + {"shape":"ResourceNotFound"} + ], + "documentation":"Reboots specific nodes within a SageMaker HyperPod cluster using a soft recovery mechanism. BatchRebootClusterNodes performs a graceful reboot of the specified nodes by calling the Amazon Elastic Compute Cloud RebootInstances API, which attempts to cleanly shut down the operating system before restarting the instance.
This operation is useful for recovering from transient issues or applying certain configuration changes that require a restart.
Rebooting a node may cause temporary service interruption for workloads running on that node. Ensure your workloads can handle node restarts or use appropriate scheduling to minimize impact.
You can reboot up to 25 nodes in a single request.
For SageMaker HyperPod clusters using the Slurm workload manager, ensure rebooting nodes will not disrupt critical cluster operations.
Replaces specific nodes within a SageMaker HyperPod cluster with new hardware. BatchReplaceClusterNodes terminates the specified instances and provisions new replacement instances with the same configuration but fresh hardware. The Amazon Machine Image (AMI) and instance configuration remain the same.
This operation is useful for recovering from hardware failures or persistent issues that cannot be resolved through a reboot.
Data Loss Warning: Replacing nodes destroys all instance volumes, including both root and secondary volumes. All data stored on these volumes will be permanently lost and cannot be recovered.
To safeguard your work, back up your data to Amazon S3 or an FSx for Lustre file system before invoking the API on a worker node group. This will help prevent any potential data loss from the instance root volume. For more information about backup, see Use the backup script provided by SageMaker HyperPod.
If you want to invoke this API on an existing cluster, you'll first need to patch the cluster by running the UpdateClusterSoftware API. For more information about patching a cluster, see Update the SageMaker HyperPod platform software of a cluster.
You can replace up to 25 nodes in a single request.
The Multi-Instance GPU (MIG) profile type that defines the partition configuration. The profile specifies the compute and memory allocation for each partition instance. The available profile types depend on the instance type specified in the compute quota configuration.
" + }, + "Count":{ + "shape":"AcceleratorPartitionConfigCountInteger", + "documentation":"The number of accelerator partitions to allocate with the specified partition type. If you don't specify a value for vCPU and MemoryInGiB, SageMaker AI automatically allocates ratio-based values for those parameters based on the accelerator partition count you provide.
", + "box":true + } + }, + "documentation":"Configuration for allocating accelerator partitions.
" + }, + "AcceleratorPartitionConfigCountInteger":{ + "type":"integer", + "max":10000000, + "min":0 + }, "AcceleratorsAmount":{ "type":"integer", "box":true, @@ -4687,6 +4737,20 @@ "Disabled" ] }, + "ActiveClusterOperationCount":{ + "type":"integer", + "box":true, + "min":1 + }, + "ActiveClusterOperationName":{ + "type":"string", + "enum":["Scaling"] + }, + "ActiveOperations":{ + "type":"map", + "key":{"shape":"ActiveClusterOperationName"}, + "value":{"shape":"ActiveClusterOperationCount"} + }, "AddAssociationRequest":{ "type":"structure", "required":[ @@ -4974,7 +5038,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:algorithm/[\\S]{1,2048}" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:algorithm/[\\S]{1,2048}" }, "AlgorithmImage":{ "type":"string", @@ -5654,6 +5718,12 @@ "Line" ] }, + "AssignedGroupPatternsList":{ + "type":"list", + "member":{"shape":"GroupNamePattern"}, + "max":10, + "min":0 + }, "AssociateTrialComponentRequest":{ "type":"structure", "required":[ @@ -6815,6 +6885,20 @@ "box":true, "min":0 }, + "AvailableUpgrade":{ + "type":"structure", + "members":{ + "Version":{ + "shape":"MajorMinorVersion", + "documentation":"The semantic version number of the available upgrade for the SageMaker Partner AI App.
" + }, + "ReleaseNotes":{ + "shape":"ReleaseNotesList", + "documentation":"A list of release notes describing the changes and improvements included in the available upgrade version.
" + } + }, + "documentation":"Contains information about an available upgrade for a SageMaker Partner AI App, including the version number and release notes.
" + }, "AwsManagedHumanLoopRequestSource":{ "type":"string", "enum":[ @@ -7133,6 +7217,242 @@ }, "documentation":"Provides summary information about the model package.
" }, + "BatchRebootClusterNodeLogicalIdsError":{ + "type":"structure", + "required":[ + "NodeLogicalId", + "ErrorCode", + "Message" + ], + "members":{ + "NodeLogicalId":{ + "shape":"ClusterNodeLogicalId", + "documentation":"The logical node ID of the node that encountered an error during the reboot operation.
" + }, + "ErrorCode":{ + "shape":"BatchRebootClusterNodesErrorCode", + "documentation":"The error code associated with the error encountered when rebooting a node by logical node ID.
Possible values:
InstanceIdNotFound: The node does not exist in the specified cluster.
InvalidInstanceStatus: The node is in a state that does not allow rebooting. Wait for the node to finish any ongoing changes before retrying.
InstanceIdInUse: Another operation is already in progress for this node. Wait for the operation to complete before retrying.
InternalServerError: An internal error occurred while processing this node.
A human-readable message describing the error encountered when rebooting a node by logical node ID.
" + } + }, + "documentation":"Represents an error encountered when rebooting a node (identified by its logical node ID) from a SageMaker HyperPod cluster.
" + }, + "BatchRebootClusterNodeLogicalIdsErrors":{ + "type":"list", + "member":{"shape":"BatchRebootClusterNodeLogicalIdsError"}, + "max":25, + "min":0 + }, + "BatchRebootClusterNodesError":{ + "type":"structure", + "required":[ + "NodeId", + "ErrorCode", + "Message" + ], + "members":{ + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"The EC2 instance ID of the node that encountered an error during the reboot operation.
" + }, + "ErrorCode":{ + "shape":"BatchRebootClusterNodesErrorCode", + "documentation":"The error code associated with the error encountered when rebooting a node.
Possible values:
InstanceIdNotFound: The instance does not exist in the specified cluster.
InvalidInstanceStatus: The instance is in a state that does not allow rebooting. Wait for the instance to finish any ongoing changes before retrying.
InstanceIdInUse: Another operation is already in progress for this node. Wait for the operation to complete before retrying.
InternalServerError: An internal error occurred while processing this node.
A human-readable message describing the error encountered when rebooting a node.
" + } + }, + "documentation":"Represents an error encountered when rebooting a node from a SageMaker HyperPod cluster.
" + }, + "BatchRebootClusterNodesErrorCode":{ + "type":"string", + "enum":[ + "InstanceIdNotFound", + "InvalidInstanceStatus", + "InstanceIdInUse", + "InternalServerError" + ] + }, + "BatchRebootClusterNodesErrors":{ + "type":"list", + "member":{"shape":"BatchRebootClusterNodesError"}, + "max":25, + "min":0 + }, + "BatchRebootClusterNodesRequest":{ + "type":"structure", + "required":["ClusterName"], + "members":{ + "ClusterName":{ + "shape":"ClusterNameOrArn", + "documentation":"The name or Amazon Resource Name (ARN) of the SageMaker HyperPod cluster containing the nodes to reboot.
" + }, + "NodeIds":{ + "shape":"BatchRebootClusterNodesRequestNodeIdsList", + "documentation":"A list of EC2 instance IDs to reboot using soft recovery. You can specify between 1 and 25 instance IDs.
Either NodeIds or NodeLogicalIds must be provided (or both), but at least one is required.
Each instance ID must follow the pattern i- followed by 17 hexadecimal characters (for example, i-0123456789abcdef0).
A list of logical node IDs to reboot using soft recovery. You can specify between 1 and 25 logical node IDs.
The NodeLogicalId is a unique identifier that persists throughout the node's lifecycle and can be used to track nodes that are still being provisioned and don't yet have an EC2 instance ID assigned.
This parameter is only supported for clusters using Continuous as the NodeProvisioningMode. For clusters using the default provisioning mode, use NodeIds instead.
Either NodeIds or NodeLogicalIds must be provided (or both), but at least one is required.
A list of EC2 instance IDs for which the reboot operation was successfully initiated.
" + }, + "Failed":{ + "shape":"BatchRebootClusterNodesErrors", + "documentation":"A list of errors encountered for EC2 instance IDs that could not be rebooted. Each error includes the instance ID, an error code, and a descriptive message.
" + }, + "FailedNodeLogicalIds":{ + "shape":"BatchRebootClusterNodeLogicalIdsErrors", + "documentation":"A list of errors encountered for logical node IDs that could not be rebooted. Each error includes the logical node ID, an error code, and a descriptive message. This field is only present when NodeLogicalIds were provided in the request.
A list of logical node IDs for which the reboot operation was successfully initiated. This field is only present when NodeLogicalIds were provided in the request.
The logical node ID of the node that encountered an error during the replacement operation.
" + }, + "ErrorCode":{ + "shape":"BatchReplaceClusterNodesErrorCode", + "documentation":"The error code associated with the error encountered when replacing a node by logical node ID.
Possible values:
InstanceIdNotFound: The node does not exist in the specified cluster.
InvalidInstanceStatus: The node is in a state that does not allow replacement. Wait for the node to finish any ongoing changes before retrying.
InstanceIdInUse: Another operation is already in progress for this node. Wait for the operation to complete before retrying.
InternalServerError: An internal error occurred while processing this node.
A human-readable message describing the error encountered when replacing a node by logical node ID.
" + } + }, + "documentation":"Represents an error encountered when replacing a node (identified by its logical node ID) in a SageMaker HyperPod cluster.
" + }, + "BatchReplaceClusterNodeLogicalIdsErrors":{ + "type":"list", + "member":{"shape":"BatchReplaceClusterNodeLogicalIdsError"}, + "max":25, + "min":0 + }, + "BatchReplaceClusterNodesError":{ + "type":"structure", + "required":[ + "NodeId", + "ErrorCode", + "Message" + ], + "members":{ + "NodeId":{ + "shape":"ClusterNodeId", + "documentation":"The EC2 instance ID of the node that encountered an error during the replacement operation.
" + }, + "ErrorCode":{ + "shape":"BatchReplaceClusterNodesErrorCode", + "documentation":"The error code associated with the error encountered when replacing a node.
Possible values:
InstanceIdNotFound: The instance does not exist in the specified cluster.
InvalidInstanceStatus: The instance is in a state that does not allow replacement. Wait for the instance to finish any ongoing changes before retrying.
InstanceIdInUse: Another operation is already in progress for this node. Wait for the operation to complete before retrying.
InternalServerError: An internal error occurred while processing this node.
A human-readable message describing the error encountered when replacing a node.
" + } + }, + "documentation":"Represents an error encountered when replacing a node in a SageMaker HyperPod cluster.
" + }, + "BatchReplaceClusterNodesErrorCode":{ + "type":"string", + "enum":[ + "InstanceIdNotFound", + "InvalidInstanceStatus", + "InstanceIdInUse", + "InternalServerError" + ] + }, + "BatchReplaceClusterNodesErrors":{ + "type":"list", + "member":{"shape":"BatchReplaceClusterNodesError"}, + "max":25, + "min":0 + }, + "BatchReplaceClusterNodesRequest":{ + "type":"structure", + "required":["ClusterName"], + "members":{ + "ClusterName":{ + "shape":"ClusterNameOrArn", + "documentation":"The name or Amazon Resource Name (ARN) of the SageMaker HyperPod cluster containing the nodes to replace.
" + }, + "NodeIds":{ + "shape":"BatchReplaceClusterNodesRequestNodeIdsList", + "documentation":"A list of EC2 instance IDs to replace with new hardware. You can specify between 1 and 25 instance IDs.
Replace operations destroy all instance volumes (root and secondary). Ensure you have backed up any important data before proceeding.
Either NodeIds or NodeLogicalIds must be provided (or both), but at least one is required.
Each instance ID must follow the pattern i- followed by 17 hexadecimal characters (for example, i-0123456789abcdef0).
For SageMaker HyperPod clusters using the Slurm workload manager, you cannot replace instances that are configured as Slurm controller nodes.
A list of logical node IDs to replace with new hardware. You can specify between 1 and 25 logical node IDs.
The NodeLogicalId is a unique identifier that persists throughout the node's lifecycle and can be used to track nodes that are still being provisioned and don't yet have an EC2 instance ID assigned.
Replace operations destroy all instance volumes (root and secondary). Ensure you have backed up any important data before proceeding.
This parameter is only supported for clusters using Continuous as the NodeProvisioningMode. For clusters using the default provisioning mode, use NodeIds instead.
Either NodeIds or NodeLogicalIds must be provided (or both), but at least one is required.
A list of EC2 instance IDs for which the replacement operation was successfully initiated.
" + }, + "Failed":{ + "shape":"BatchReplaceClusterNodesErrors", + "documentation":"A list of errors encountered for EC2 instance IDs that could not be replaced. Each error includes the instance ID, an error code, and a descriptive message.
" + }, + "FailedNodeLogicalIds":{ + "shape":"BatchReplaceClusterNodeLogicalIdsErrors", + "documentation":"A list of errors encountered for logical node IDs that could not be replaced. Each error includes the logical node ID, an error code, and a descriptive message. This field is only present when NodeLogicalIds were provided in the request.
A list of logical node IDs for which the replacement operation was successfully initiated. This field is only present when NodeLogicalIds were provided in the request.
Configuration options specific to Spot instances.
" + }, + "OnDemand":{ + "shape":"ClusterOnDemandOptions", + "documentation":"Configuration options specific to On-Demand instances.
" + } + }, + "documentation":"Defines the instance capacity requirements for an instance group, including configurations for both Spot and On-Demand capacity types.
" + }, + "ClusterCapacityType":{ + "type":"string", + "enum":[ + "Spot", + "OnDemand" + ] + }, "ClusterConfigMode":{ "type":"string", "enum":[ @@ -8572,6 +8913,10 @@ "shape":"ClusterInstanceCount", "documentation":"The number of instances you specified to add to the instance group of a SageMaker HyperPod cluster.
" }, + "MinCount":{ + "shape":"ClusterInstanceCount", + "documentation":"The minimum number of instances that must be available in the instance group of a SageMaker HyperPod cluster before it transitions to InService status.
The name of the instance group of a SageMaker HyperPod cluster.
" @@ -8628,6 +8973,18 @@ "shape":"ImageId", "documentation":"The ID of the Amazon Machine Image (AMI) desired for the instance group.
" }, + "ActiveOperations":{ + "shape":"ActiveOperations", + "documentation":"A map indicating active operations currently in progress for the instance group of a SageMaker HyperPod cluster. When there is a scaling operation in progress, this map contains a key Scaling with value 1.
The Kubernetes configuration for the instance group that contains labels and taints to be applied for the nodes in this instance group.
" + }, + "CapacityRequirements":{ + "shape":"ClusterCapacityRequirements", + "documentation":"The instance capacity requirements for the instance group.
" + }, "TargetStateCount":{ "shape":"ClusterInstanceCount", "documentation":"The number of nodes running a specific image ID since the last software update request.
" @@ -8664,6 +9021,10 @@ "shape":"ClusterInstanceCount", "documentation":"Specifies the number of instances to add to the instance group of a SageMaker HyperPod cluster.
" }, + "MinInstanceCount":{ + "shape":"ClusterInstanceCount", + "documentation":"Defines the minimum number of instances required for an instance group to become InService. If this threshold isn't met within 3 hours, the instance group rolls back to its previous state - zero instances for new instance groups, or previous settings for existing instance groups. MinInstanceCount only affects the initial transition to InService and does not guarantee maintaining this minimum afterward.
Specifies the name of the instance group.
" @@ -8707,6 +9068,14 @@ "ImageId":{ "shape":"ImageId", "documentation":"When configuring your HyperPod cluster, you can specify an image ID using one of the following options:
HyperPodPublicAmiId: Use a HyperPod public AMI
CustomAmiId: Use your custom AMI
default: Use the default latest system image
If you choose to use a custom AMI (CustomAmiId), ensure it meets the following requirements:
Encryption: The custom AMI must be unencrypted.
Ownership: The custom AMI must be owned by the same Amazon Web Services account that is creating the HyperPod cluster.
Volume support: Only the primary AMI snapshot volume is supported; additional AMI volumes are not supported.
When updating the instance group's AMI through the UpdateClusterSoftware operation, if an instance group uses a custom AMI, you must provide an ImageId or use the default as input. Note that if you don't specify an instance group in your UpdateClusterSoftware request, then all of the instance groups are patched with the specified image.
Specifies the Kubernetes configuration for the instance group. You describe what you want the labels and taints to look like, and the cluster works to reconcile the actual state with the declared state for nodes in this instance group.
" + }, + "CapacityRequirements":{ + "shape":"ClusterCapacityRequirements", + "documentation":"Specifies the capacity requirements for the instance group.
" } }, "documentation":"The specifications of an instance group that you need to define.
" @@ -8850,6 +9219,7 @@ "ml.p5e.48xlarge", "ml.p5en.48xlarge", "ml.p6-b200.48xlarge", + "ml.trn2.3xlarge", "ml.trn2.48xlarge", "ml.c6i.large", "ml.c6i.xlarge", @@ -8905,6 +9275,131 @@ "ml.r7i.48xlarge" ] }, + "ClusterKubernetesConfig":{ + "type":"structure", + "members":{ + "Labels":{ + "shape":"ClusterKubernetesLabels", + "documentation":"Key-value pairs of labels to be applied to cluster nodes.
" + }, + "Taints":{ + "shape":"ClusterKubernetesTaints", + "documentation":"List of taints to be applied to cluster nodes.
" + } + }, + "documentation":"Kubernetes configuration that specifies labels and taints to be applied to cluster nodes in an instance group.
" + }, + "ClusterKubernetesConfigDetails":{ + "type":"structure", + "members":{ + "CurrentLabels":{ + "shape":"ClusterKubernetesLabels", + "documentation":"The current labels applied to cluster nodes of an instance group.
" + }, + "DesiredLabels":{ + "shape":"ClusterKubernetesLabels", + "documentation":"The desired labels to be applied to cluster nodes of an instance group.
" + }, + "CurrentTaints":{ + "shape":"ClusterKubernetesTaints", + "documentation":"The current taints applied to cluster nodes of an instance group.
" + }, + "DesiredTaints":{ + "shape":"ClusterKubernetesTaints", + "documentation":"The desired taints to be applied to cluster nodes of an instance group.
" + } + }, + "documentation":"Detailed Kubernetes configuration showing both the current and desired state of labels and taints for cluster nodes.
" + }, + "ClusterKubernetesConfigNodeDetails":{ + "type":"structure", + "members":{ + "CurrentLabels":{ + "shape":"ClusterKubernetesLabels", + "documentation":"The current labels applied to the cluster node.
" + }, + "DesiredLabels":{ + "shape":"ClusterKubernetesLabels", + "documentation":"The desired labels to be applied to the cluster node.
" + }, + "CurrentTaints":{ + "shape":"ClusterKubernetesTaints", + "documentation":"The current taints applied to the cluster node.
" + }, + "DesiredTaints":{ + "shape":"ClusterKubernetesTaints", + "documentation":"The desired taints to be applied to the cluster node.
" + } + }, + "documentation":"Node-specific Kubernetes configuration showing both current and desired state of labels and taints for an individual cluster node.
" + }, + "ClusterKubernetesLabelKey":{ + "type":"string", + "max":317, + "min":1, + "pattern":"([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?[A-Za-z0-9]([-A-Za-z0-9_.]*[A-Za-z0-9])?" + }, + "ClusterKubernetesLabelValue":{ + "type":"string", + "max":63, + "min":1, + "pattern":"(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?" + }, + "ClusterKubernetesLabels":{ + "type":"map", + "key":{"shape":"ClusterKubernetesLabelKey"}, + "value":{"shape":"ClusterKubernetesLabelValue"}, + "max":50, + "min":0 + }, + "ClusterKubernetesTaint":{ + "type":"structure", + "required":[ + "Key", + "Effect" + ], + "members":{ + "Key":{ + "shape":"ClusterKubernetesTaintKey", + "documentation":"The key of the taint.
" + }, + "Value":{ + "shape":"ClusterKubernetesTaintValue", + "documentation":"The value of the taint.
" + }, + "Effect":{ + "shape":"ClusterKubernetesTaintEffect", + "documentation":"The effect of the taint. Valid values are NoSchedule, PreferNoSchedule, and NoExecute.
A Kubernetes taint that can be applied to cluster nodes.
" + }, + "ClusterKubernetesTaintEffect":{ + "type":"string", + "enum":[ + "NoSchedule", + "PreferNoSchedule", + "NoExecute" + ] + }, + "ClusterKubernetesTaintKey":{ + "type":"string", + "max":317, + "min":1, + "pattern":"([a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?[A-Za-z0-9]([-A-Za-z0-9_.]*[A-Za-z0-9])?" + }, + "ClusterKubernetesTaintValue":{ + "type":"string", + "max":63, + "min":1, + "pattern":"(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?" + }, + "ClusterKubernetesTaints":{ + "type":"list", + "member":{"shape":"ClusterKubernetesTaint"}, + "max":50, + "min":0 + }, "ClusterLifeCycleConfig":{ "type":"structure", "required":[ @@ -9033,6 +9528,14 @@ "UltraServerInfo":{ "shape":"UltraServerInfo", "documentation":"Contains information about the UltraServer.
" + }, + "KubernetesConfig":{ + "shape":"ClusterKubernetesConfigNodeDetails", + "documentation":"The Kubernetes configuration applied to this node, showing both the current and desired state of labels and taints. The cluster works to reconcile the actual state with the declared state.
" + }, + "CapacityType":{ + "shape":"ClusterCapacityType", + "documentation":"The capacity type of the node. Valid values are OnDemand and Spot. When set to OnDemand, the node is launched as an On-Demand instance. When set to Spot, the node is launched as a Spot instance.
Details of an instance (also called a node interchangeably) in a SageMaker HyperPod cluster.
" @@ -9117,6 +9620,10 @@ "UltraServerInfo":{ "shape":"UltraServerInfo", "documentation":"Contains information about the UltraServer.
" + }, + "PrivateDnsHostname":{ + "shape":"ClusterPrivateDnsHostname", + "documentation":"The private DNS hostname of the SageMaker HyperPod cluster node.
" } }, "documentation":"Lists a summary of the properties of an instance (also called a node interchangeably) of a SageMaker HyperPod cluster.
" @@ -9126,6 +9633,11 @@ "box":true, "min":0 }, + "ClusterOnDemandOptions":{ + "type":"structure", + "members":{}, + "documentation":"Configuration options specific to On-Demand instances.
" + }, "ClusterOrchestrator":{ "type":"structure", "required":["Eks"], @@ -9349,6 +9861,11 @@ "NAME" ] }, + "ClusterSpotOptions":{ + "type":"structure", + "members":{}, + "documentation":"Configuration options specific to Spot instances.
" + }, "ClusterStatus":{ "type":"string", "enum":[ @@ -9470,7 +9987,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:code-repository/[\\S]{1,2048}" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:code-repository/[\\S]{1,2048}" }, "CodeRepositoryContains":{ "type":"string", @@ -9798,6 +10315,10 @@ "MemoryInGiB":{ "shape":"MemoryInGiBAmount", "documentation":"The amount of memory in GiB to allocate. If you specify a value only for this parameter, SageMaker AI automatically allocates a ratio-based value for vCPU based on this memory that you provide. For example, if you allocate 200 out of 400 total memory in GiB, SageMaker AI uses the ratio of 0.5 and allocates values to vCPU. Accelerators are set to 0.
" + }, + "AcceleratorPartition":{ + "shape":"AcceleratorPartitionConfig", + "documentation":"The accelerator partition configuration for fractional GPU allocation.
" } }, "documentation":"Configuration of the resources used for the compute allocation definition.
" @@ -11178,6 +11699,10 @@ "shape":"Boolean", "documentation":"Sets whether all model containers deployed to the endpoint are isolated. If they are, no inbound or outbound network calls can be made to or from the model containers.
", "box":true + }, + "MetricsConfig":{ + "shape":"MetricsConfig", + "documentation":"The configuration parameters for utilization metrics.
" } } }, @@ -12557,6 +13082,10 @@ "shape":"OptimizationJobDeploymentInstanceType", "documentation":"The type of instance that hosts the optimized model that you create with the optimization job.
" }, + "MaxInstanceCount":{ + "shape":"OptimizationJobMaxInstanceCount", + "documentation":"The maximum number of instances to use for the optimization job.
" + }, "OptimizationEnvironment":{ "shape":"OptimizationJobEnvironmentVariables", "documentation":"The environment variables to set in the model container.
" @@ -12664,6 +13193,11 @@ "documentation":"When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.
When set to TRUE, the SageMaker Partner AI App is automatically upgraded to the latest minor version during the next scheduled maintenance window, if one is available. Default is FALSE.
A unique token that guarantees that the call to this API is idempotent.
", @@ -13039,8 +13573,7 @@ "required":[ "TrainingJobName", "RoleArn", - "OutputDataConfig", - "StoppingCondition" + "OutputDataConfig" ], "members":{ "TrainingJobName":{ @@ -16596,6 +17129,10 @@ "shape":"Boolean", "documentation":"Indicates whether all model containers deployed to the endpoint are isolated. If they are, no inbound or outbound network calls can be made to or from the model containers.
", "box":true + }, + "MetricsConfig":{ + "shape":"MetricsConfig", + "documentation":"The configuration parameters for utilization metrics.
" } } }, @@ -16671,6 +17208,10 @@ "ShadowProductionVariants":{ "shape":"ProductionVariantSummaryList", "documentation":"An array of ProductionVariantSummary objects, one for each model that you want to host at this endpoint in shadow mode with production traffic replicated from the model specified on ProductionVariants.
The configuration parameters for utilization metrics.
" } } }, @@ -18687,6 +19228,10 @@ "shape":"OptimizationJobDeploymentInstanceType", "documentation":"The type of instance that hosts the optimized model that you create with the optimization job.
" }, + "MaxInstanceCount":{ + "shape":"OptimizationJobMaxInstanceCount", + "documentation":"The maximum number of instances to use for the optimization job.
" + }, "OptimizationConfigs":{ "shape":"OptimizationConfigs", "documentation":"Settings for each of the optimization techniques that the job applies.
" @@ -18717,6 +19262,11 @@ "Arn":{ "shape":"PartnerAppArn", "documentation":"The ARN of the SageMaker Partner AI App to describe.
" + }, + "IncludeAvailableUpgrade":{ + "shape":"Boolean", + "documentation":"When set to TRUE, the response includes available upgrade information for the SageMaker Partner AI App. Default is FALSE.
This is an error field object that contains the error code and the reason for an operation failure.
" + }, + "EnableAutoMinorVersionUpgrade":{ + "shape":"Boolean", + "documentation":"Indicates whether the SageMaker Partner AI App is configured for automatic minor version upgrades during scheduled maintenance windows.
", + "box":true + }, + "CurrentVersionEolDate":{ + "shape":"Timestamp", + "documentation":"The end-of-life date for the current version of the SageMaker Partner AI App.
" + }, + "AvailableUpgrade":{ + "shape":"AvailableUpgrade", + "documentation":"A map of available minor version upgrades for the SageMaker Partner AI App. The key is the semantic version number, and the value is a list of release notes for that version. A null value indicates no upgrades are available.
" } } }, @@ -19342,8 +19905,6 @@ "ModelArtifacts", "TrainingJobStatus", "SecondaryStatus", - "AlgorithmSpecification", - "ResourceConfig", "StoppingCondition", "CreationTime" ], @@ -19594,7 +20155,7 @@ }, "TargetResources":{ "shape":"SageMakerResourceNames", - "documentation":"The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod) that can use this training plan.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod, SageMaker Endpoints) that can use this training plan.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
A training plan for SageMaker endpoints can be used exclusively to provide compute resources to SageMaker endpoints for model deployment.
The desired number of instances for the group after scaling.
" }, + "MinCount":{ + "shape":"InstanceCount", + "documentation":"Minimum instance count of the instance group.
" + }, "FailureMessage":{ "shape":"String", "documentation":"An error message describing why the scaling operation failed, if applicable.
" @@ -30866,12 +31447,51 @@ "min":0, "pattern":"(https|s3)://([^/]+)/?(.*)" }, + "MIGProfileType":{ + "type":"string", + "enum":[ + "mig-1g.5gb", + "mig-1g.10gb", + "mig-1g.18gb", + "mig-1g.20gb", + "mig-1g.23gb", + "mig-1g.35gb", + "mig-1g.45gb", + "mig-1g.47gb", + "mig-2g.10gb", + "mig-2g.20gb", + "mig-2g.35gb", + "mig-2g.45gb", + "mig-2g.47gb", + "mig-3g.20gb", + "mig-3g.40gb", + "mig-3g.71gb", + "mig-3g.90gb", + "mig-3g.93gb", + "mig-4g.20gb", + "mig-4g.40gb", + "mig-4g.71gb", + "mig-4g.90gb", + "mig-4g.93gb", + "mig-7g.40gb", + "mig-7g.80gb", + "mig-7g.141gb", + "mig-7g.180gb", + "mig-7g.186gb" + ] + }, "MLFramework":{ "type":"string", "max":128, "min":1, "pattern":"[a-zA-Z]+ ?\\d+\\.\\d+(\\.\\d+)?" }, + "MajorMinorVersion":{ + "type":"string", + "max":64, + "min":0, + "pattern":"\\d+\\.\\d+" + }, "ManagedInstanceScalingMaxInstanceCount":{ "type":"integer", "box":true, @@ -31142,6 +31762,10 @@ "min":1, "pattern":".+" }, + "MetricPublishFrequencyInSeconds":{ + "type":"integer", + "box":true + }, "MetricRegex":{ "type":"string", "max":500, @@ -31172,6 +31796,20 @@ "union":true }, "MetricValue":{"type":"float"}, + "MetricsConfig":{ + "type":"structure", + "members":{ + "EnableEnhancedMetrics":{ + "shape":"EnableEnhancedMetrics", + "documentation":"Specifies whether to enable enhanced metrics for the endpoint. Enhanced metrics provide utilization data at instance and container granularity. Container granularity is supported for Inference Components. The default is False.
The frequency, in seconds, at which utilization metrics are published to Amazon CloudWatch. The default is 60 seconds.
The configuration for Utilization metrics.
" + }, "MetricsSource":{ "type":"structure", "required":[ @@ -31204,7 +31842,7 @@ "type":"string", "max":258, "min":20, - "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:ml-reservation/.*" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]*:[0-9]{12}:[a-z0-9\\-]{1,14}/.*" }, "MlTools":{ "type":"string", @@ -32322,7 +32960,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package/[\\S]{1,2048}" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package/[\\S]{1,2048}" }, "ModelPackageArnList":{ "type":"list", @@ -32332,7 +32970,6 @@ }, "ModelPackageContainerDefinition":{ "type":"structure", - "required":["Image"], "members":{ "ContainerHostname":{ "shape":"ContainerHostname", @@ -32436,7 +33073,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package-group/[\\S]{1,2048}" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:model-package-group/[\\S]{1,2048}" }, "ModelPackageGroupSortBy":{ "type":"string", @@ -32819,6 +33456,50 @@ "CreationTime" ] }, + "ModelSpeculativeDecodingConfig":{ + "type":"structure", + "required":["Technique"], + "members":{ + "Technique":{ + "shape":"ModelSpeculativeDecodingTechnique", + "documentation":"The speculative decoding technique to apply during model optimization.
" + }, + "TrainingDataSource":{ + "shape":"ModelSpeculativeDecodingTrainingDataSource", + "documentation":"The location of the training data to use for speculative decoding. The data must be formatted as ShareGPT, OpenAI Completions or OpenAI Chat Completions. The input can also be unencrypted captured data from a SageMaker endpoint as long as the endpoint uses one of the above formats.
" + } + }, + "documentation":"Settings for the model speculative decoding technique that's applied by a model optimization job.
" + }, + "ModelSpeculativeDecodingS3DataType":{ + "type":"string", + "enum":[ + "S3Prefix", + "ManifestFile" + ] + }, + "ModelSpeculativeDecodingTechnique":{ + "type":"string", + "enum":["EAGLE"] + }, + "ModelSpeculativeDecodingTrainingDataSource":{ + "type":"structure", + "required":[ + "S3Uri", + "S3DataType" + ], + "members":{ + "S3Uri":{ + "shape":"S3Uri", + "documentation":"The Amazon S3 URI that points to the training data for speculative decoding.
" + }, + "S3DataType":{ + "shape":"ModelSpeculativeDecodingS3DataType", + "documentation":"The type of data stored in the Amazon S3 location. Valid values are S3Prefix or ManifestFile.
Contains information about the training data source for speculative decoding.
" + }, "ModelStepMetadata":{ "type":"structure", "members":{ @@ -34368,6 +35049,10 @@ "ModelShardingConfig":{ "shape":"ModelShardingConfig", "documentation":"Settings for the model sharding technique that's applied by a model optimization job.
" + }, + "ModelSpeculativeDecodingConfig":{ + "shape":"ModelSpeculativeDecodingConfig", + "documentation":"Settings for the model speculative decoding technique that's applied by a model optimization job.
" } }, "documentation":"Settings for an optimization technique that you apply with a model optimization job.
", @@ -34397,6 +35082,8 @@ "ml.p4d.24xlarge", "ml.p4de.24xlarge", "ml.p5.48xlarge", + "ml.p5e.48xlarge", + "ml.p5en.48xlarge", "ml.g5.xlarge", "ml.g5.2xlarge", "ml.g5.4xlarge", @@ -34437,12 +35124,21 @@ "max":25, "min":0 }, + "OptimizationJobMaxInstanceCount":{ + "type":"integer", + "box":true, + "min":1 + }, "OptimizationJobModelSource":{ "type":"structure", "members":{ "S3":{ "shape":"OptimizationJobModelSourceS3", "documentation":"The Amazon S3 location of a source model to optimize with an optimization job.
" + }, + "SageMakerModel":{ + "shape":"OptimizationSageMakerModel", + "documentation":"The name of an existing SageMaker model to optimize with an optimization job.
" } }, "documentation":"The location of the source model to optimize with an optimization job.
" @@ -34472,6 +35168,10 @@ "S3OutputLocation":{ "shape":"S3Uri", "documentation":"The Amazon S3 URI for where to store the optimized model that you create with an optimization job.
" + }, + "SageMakerModel":{ + "shape":"OptimizationSageMakerModel", + "documentation":"The name of a SageMaker model to use as the output destination for an optimization job.
" } }, "documentation":"Details for where to store the optimized model that you create with the optimization job.
" @@ -34534,6 +35234,10 @@ "shape":"OptimizationJobDeploymentInstanceType", "documentation":"The type of instance that hosts the optimized model that you create with the optimization job.
" }, + "MaxInstanceCount":{ + "shape":"OptimizationJobMaxInstanceCount", + "documentation":"The maximum number of instances to use for the optimization job.
" + }, "OptimizationTypes":{ "shape":"OptimizationTypes", "documentation":"The optimization techniques that are applied by the optimization job.
" @@ -34564,6 +35268,16 @@ }, "documentation":"Output values produced by an optimization job.
" }, + "OptimizationSageMakerModel":{ + "type":"structure", + "members":{ + "ModelName":{ + "shape":"ModelName", + "documentation":"The name of a SageMaker model.
" + } + }, + "documentation":"A SageMaker model to use as the source or destination for an optimization job.
" + }, "OptimizationType":{"type":"string"}, "OptimizationTypes":{ "type":"list", @@ -34910,6 +35624,14 @@ "Arguments":{ "shape":"PartnerAppArguments", "documentation":"This is a map of required inputs for a SageMaker Partner AI App. Based on the application type, the map is populated with a key and value pair that is specific to the user and application.
" + }, + "AssignedGroupPatterns":{ + "shape":"AssignedGroupPatternsList", + "documentation":"A list of Amazon Web Services IAM Identity Center group patterns that can access the SageMaker Partner AI App. Group names support wildcard matching using *. An empty list indicates the app will not use Identity Center group features. All groups specified in RoleGroupAssignments must match patterns in this list.
A map of in-app roles to Amazon Web Services IAM Identity Center group patterns. Groups assigned to specific roles receive those permissions, while groups in AssignedGroupPatterns but not in this map receive default in-app role depending on app type. Group patterns support wildcard matching using *. Currently supported by Fiddler version 1.3 and later with roles: ORG_MEMBER (default) and ORG_ADMIN.
Configuration settings for the SageMaker Partner AI App.
" @@ -37099,7 +37821,7 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(-cn|-us-gov|-iso-f)?:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:project/[\\S]{1,2048}" + "pattern":"arn:aws[a-z\\-]*:sagemaker:[a-z0-9\\-]{9,16}:[0-9]{12}:project/[\\S]{1,2048}" }, "ProjectEntityName":{ "type":"string", @@ -38099,6 +38821,12 @@ "min":1, "pattern":".*" }, + "ReleaseNotesList":{ + "type":"list", + "member":{"shape":"String1024"}, + "max":10, + "min":0 + }, "RemoteDebugConfig":{ "type":"structure", "members":{ @@ -38481,7 +39209,6 @@ }, "ResourceConfig":{ "type":"structure", - "required":["VolumeSizeInGB"], "members":{ "InstanceType":{ "shape":"TrainingInstanceType", @@ -38493,7 +39220,7 @@ "box":true }, "VolumeSizeInGB":{ - "shape":"VolumeSizeInGB", + "shape":"OptionalVolumeSizeInGB", "documentation":"The size of the ML storage volume that you want to provision.
ML storage volumes store model artifacts and incremental states. Training algorithms might also use the ML storage volume for scratch space. If you want to store the training data in the ML storage volume, choose File as the TrainingInputMode in the algorithm specification.
When using an ML instance with NVMe SSD volumes, SageMaker doesn't provision Amazon EBS General Purpose SSD (gp2) storage. Available storage is fixed to the NVMe-type instance's storage capacity. SageMaker configures storage paths for training datasets, checkpoints, model artifacts, and outputs to use the entire capacity of the instance storage. For example, ML instance families with the NVMe-type instance storage include ml.p4d, ml.g4dn, and ml.g5.
When using an ML instance with the EBS-only storage option and without instance storage, you must define the size of EBS volume through VolumeSizeInGB in the ResourceConfig API. For example, ML instance families that use EBS volumes include ml.c5 and ml.p2.
To look up instance types and their instance storage types and volumes, see Amazon EC2 Instance Types.
To find the default local paths defined by the SageMaker training platform, see Amazon SageMaker Training Storage Folders for Training Datasets, Checkpoints, Model Artifacts, and Outputs.
", "box":true }, @@ -38752,6 +39479,30 @@ "min":20, "pattern":"arn:aws[a-z\\-]*:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" }, + "RoleGroupAssignment":{ + "type":"structure", + "required":[ + "RoleName", + "GroupPatterns" + ], + "members":{ + "RoleName":{ + "shape":"NonEmptyString256", + "documentation":"The name of the in-app role within the SageMaker Partner AI App. The specific roles available depend on the app type and version.
" + }, + "GroupPatterns":{ + "shape":"GroupPatternsList", + "documentation":"A list of Amazon Web Services IAM Identity Center group patterns that should be assigned to the specified role. Group patterns support wildcard matching using *.
Defines the mapping between an in-app role and the Amazon Web Services IAM Identity Center group patterns that should be assigned to that role within the SageMaker Partner AI App.
" + }, + "RoleGroupAssignmentsList":{ + "type":"list", + "member":{"shape":"RoleGroupAssignment"}, + "max":10, + "min":0 + }, "RollingDeploymentPolicy":{ "type":"structure", "required":["MaximumBatchSize"], @@ -39035,7 +39786,8 @@ "type":"string", "enum":[ "training-job", - "hyperpod-cluster" + "hyperpod-cluster", + "endpoint" ] }, "SageMakerResourceNames":{ @@ -39375,7 +40127,7 @@ }, "TargetResources":{ "shape":"SageMakerResourceNames", - "documentation":"The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod) to search for in the offerings.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod, SageMaker Endpoints) to search for in the offerings.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
A training plan for SageMaker endpoints can be used exclusively to provide compute resources to SageMaker endpoints for model deployment.
The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod) for this training plan offering.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
The target resources (e.g., SageMaker Training Jobs, SageMaker HyperPod, SageMaker Endpoints) for this training plan offering.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
A training plan for SageMaker endpoints can be used exclusively to provide compute resources to SageMaker endpoints for model deployment.
The target resources (e.g., training jobs, HyperPod clusters) that can use this training plan.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
The target resources (e.g., training jobs, HyperPod clusters, Endpoints) that can use this training plan.
Training plans are specific to their target resource.
A training plan designed for SageMaker training jobs can only be used to schedule and run training jobs.
A training plan for HyperPod clusters can be used exclusively to provide compute resources to a cluster's instance group.
A training plan for SageMaker endpoints can be used exclusively to provide compute resources to SageMaker endpoints for model deployment.
When set to TRUE, the SageMaker Partner AI App sets the Amazon Web Services IAM session name or the authenticated IAM user as the identity of the SageMaker Partner AI App user.
When set to TRUE, the SageMaker Partner AI App is automatically upgraded to the latest minor version during the next scheduled maintenance window, if one is available.
The semantic version to upgrade the SageMaker Partner AI App to. Must be the same semantic version returned in the AvailableUpgrade field from DescribePartnerApp. Version skipping and downgrades are not supported.
A unique token that guarantees that the call to this API is idempotent.
", diff --git a/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json b/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json index 2e5e31824831..c6f4428c2344 100644 --- a/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json +++ b/awscli/botocore/data/secretsmanager/2017-10-17/service-2.json @@ -234,7 +234,7 @@ {"shape":"InternalServiceError"}, {"shape":"DecryptionFailure"} ], - "documentation":"Creates a new version with a new encrypted secret value and attaches it to the secret. The version can contain a new SecretString value or a new SecretBinary value.
We recommend you avoid calling PutSecretValue at a sustained rate of more than once every 10 minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager removes outdated versions when there are more than 100, but it does not remove versions created less than 24 hours ago. If you call PutSecretValue more than once every 10 minutes, you create more versions than Secrets Manager removes, and you will reach the quota for secret versions.
You can specify the staging labels to attach to the new version in VersionStages. If you don't include VersionStages, then Secrets Manager automatically moves the staging label AWSCURRENT to this version. If this operation creates the first version for the secret, then Secrets Manager automatically attaches the staging label AWSCURRENT to it. If this operation moves the staging label AWSCURRENT from another version to this version, then Secrets Manager also automatically moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed from.
This operation is idempotent. If you call this operation with a ClientRequestToken that matches an existing version's VersionId, and you specify the same secret data, the operation succeeds but does nothing. However, if the secret data is different, then the operation fails because you can't modify an existing version; you can only create new ones.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary, SecretString, or RotationToken because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:PutSecretValue. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. This is a concern if the command includes the value of a secret. Learn how to Mitigate the risks of using command-line tools to store Secrets Manager secrets.
Creates a new version of your secret by creating a new encrypted value and attaching it to the secret. version can contain a new SecretString value or a new SecretBinary value.
Do not call PutSecretValue at a sustained rate of more than once every 10 minutes. When you update the secret value, Secrets Manager creates a new version of the secret. Secrets Manager keeps 100 of the most recent versions, but it keeps all secret versions created in the last 24 hours. If you call PutSecretValue more than once every 10 minutes, you will create more versions than Secrets Manager removes, and you will reach the quota for secret versions.
You can specify the staging labels to attach to the new version in VersionStages. If you don't include VersionStages, then Secrets Manager automatically moves the staging label AWSCURRENT to this version. If this operation creates the first version for the secret, then Secrets Manager automatically attaches the staging label AWSCURRENT to it. If this operation moves the staging label AWSCURRENT from another version to this version, then Secrets Manager also automatically moves the staging label AWSPREVIOUS to the version that AWSCURRENT was removed from.
This operation is idempotent. If you call this operation with a ClientRequestToken that matches an existing version's VersionId, and you specify the same secret data, the operation succeeds but does nothing. However, if the secret data is different, then the operation fails because you can't modify an existing version; you can only create new ones.
Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters except SecretBinary, SecretString, or RotationToken because it might be logged. For more information, see Logging Secrets Manager events with CloudTrail.
Required permissions: secretsmanager:PutSecretValue. For more information, see IAM policy actions for Secrets Manager and Authentication and access control in Secrets Manager.
When you enter commands in a command shell, there is a risk of the command history being accessed or utilities having access to your command parameters. This is a concern if the command includes the value of a secret. Learn how to Mitigate the risks of using command-line tools to store Secrets Manager secrets.
Specifies whether to overwrite a secret with the same name in the destination Region. By default, secrets aren't overwritten.
" + }, + "Type":{ + "shape":"MedeaTypeType", + "documentation":"The exact string that identifies the partner that holds the external secret. For more information, see Using Secrets Manager managed external secrets.
" } } }, @@ -665,6 +669,10 @@ "shape":"SecretNameType", "documentation":"The name of the secret.
" }, + "Type":{ + "shape":"MedeaTypeType", + "documentation":"The exact string that identifies the partner that holds the external secret. For more information, see Using Secrets Manager managed external secrets.
" + }, "Description":{ "shape":"DescriptionType", "documentation":"The description of the secret.
" @@ -686,6 +694,14 @@ "shape":"RotationRulesType", "documentation":"The rotation schedule and Lambda function for this secret. If the secret previously had rotation turned on, but it is now turned off, this field shows the previous rotation schedule and rotation function. If the secret never had rotation turned on, this field is omitted.
" }, + "ExternalSecretRotationMetadata":{ + "shape":"ExternalSecretRotationMetadataType", + "documentation":"The metadata needed to successfully rotate a managed external secret. A list of key value pairs in JSON format specified by the partner. For more information about the required information, see Managed external secrets partners.
" + }, + "ExternalSecretRotationRoleArn":{ + "shape":"RoleARNType", + "documentation":"The Amazon Resource Name (ARN) of the role that allows Secrets Manager to rotate a secret held by a third-party partner. For more information, see Security and permissions.
" + }, "LastRotatedDate":{ "shape":"LastRotatedDateType", "documentation":"The last date and time that Secrets Manager rotated the secret. If the secret isn't configured for rotation or rotation has been disabled, Secrets Manager returns null.
", @@ -745,7 +761,7 @@ "type":"string", "max":3, "min":2, - "pattern":"[0-9h]+" + "pattern":"[0-9]+h" }, "EncryptionFailure":{ "type":"structure", @@ -766,6 +782,34 @@ "ExcludeNumbersType":{"type":"boolean"}, "ExcludePunctuationType":{"type":"boolean"}, "ExcludeUppercaseType":{"type":"boolean"}, + "ExternalSecretRotationMetadataItem":{ + "type":"structure", + "members":{ + "Key":{ + "shape":"ExternalSecretRotationMetadataItemKeyType", + "documentation":"The key that identifies the item.
" + }, + "Value":{ + "shape":"ExternalSecretRotationMetadataItemValueType", + "documentation":"The value of the specified item.
" + } + }, + "documentation":"The metadata needed to successfully rotate a managed external secret. A list of key value pairs in JSON format specified by the partner. For more information, see Managed external secret partners.
" + }, + "ExternalSecretRotationMetadataItemKeyType":{ + "type":"string", + "max":256, + "min":1 + }, + "ExternalSecretRotationMetadataItemValueType":{ + "type":"string", + "max":2048, + "min":1 + }, + "ExternalSecretRotationMetadataType":{ + "type":"list", + "member":{"shape":"ExternalSecretRotationMetadataItem"} + }, "Filter":{ "type":"structure", "members":{ @@ -1098,6 +1142,11 @@ "max":100, "min":1 }, + "MedeaTypeType":{ + "type":"string", + "max":256, + "min":0 + }, "NameType":{ "type":"string", "max":512, @@ -1202,7 +1251,7 @@ }, "RotationToken":{ "shape":"RotationTokenType", - "documentation":"A unique identifier that indicates the source of the request. For cross-account rotation (when you rotate a secret in one account by using a Lambda rotation function in another account) and the Lambda rotation function assumes an IAM role to call Secrets Manager, Secrets Manager validates the identity with the rotation token. For more information, see How rotation works.
Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.
" + "documentation":"A unique identifier that indicates the source of the request. Required for secret rotations using an IAM assumed role or cross-account rotation, in which you rotate a secret in one account by using a Lambda rotation function in another account. In both cases, the rotation function assumes an IAM role to call Secrets Manager, and then Secrets Manager validates the identity using the token. For more information, see How rotation works and Rotation by Lambda functions.
Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.
" } } }, @@ -1393,6 +1442,11 @@ } } }, + "RoleARNType":{ + "type":"string", + "max":2048, + "min":20 + }, "RotateSecretRequest":{ "type":"structure", "required":["SecretId"], @@ -1412,11 +1466,19 @@ }, "RotationRules":{ "shape":"RotationRulesType", - "documentation":"A structure that defines the rotation configuration for this secret.
" + "documentation":"A structure that defines the rotation configuration for this secret.
When changing an existing rotation schedule and setting RotateImmediately to false:
If using AutomaticallyAfterDays or a ScheduleExpression with rate(), the previously scheduled rotation might still occur.
To prevent unintended rotations, use a ScheduleExpression with cron() for granular control over rotation windows.
The metadata needed to successfully rotate a managed external secret. A list of key value pairs in JSON format specified by the partner. For more information about the required information, see Using Secrets Manager managed external secrets
" + }, + "ExternalSecretRotationRoleArn":{ + "shape":"RoleARNType", + "documentation":"The Amazon Resource Name (ARN) of the role that allows Secrets Manager to rotate a secret held by a third-party partner. For more information, see Security and permissions.
" }, "RotateImmediately":{ "shape":"BooleanType", - "documentation":"Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
For secrets that use a Lambda rotation function to rotate, if you don't immediately rotate the secret, Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. The test creates an AWSPENDING version of the secret and then removes it.
By default, Secrets Manager rotates the secret immediately.
", + "documentation":"Specifies whether to rotate the secret immediately or wait until the next scheduled rotation window. The rotation schedule is defined in RotateSecretRequest$RotationRules.
The default for RotateImmediately is true. If you don't specify this value, Secrets Manager rotates the secret immediately.
If you set RotateImmediately to false, Secrets Manager tests the rotation configuration by running the testSecret step of the Lambda rotation function. This test creates an AWSPENDING version of the secret and then removes it.
When changing an existing rotation schedule and setting RotateImmediately to false:
If using AutomaticallyAfterDays or a ScheduleExpression with rate(), the previously scheduled rotation might still occur.
To prevent unintended rotations, use a ScheduleExpression with cron() for granular control over rotation windows.
Rotation is an asynchronous process. For more information, see How rotation works.
", "box":true } } @@ -1510,6 +1572,10 @@ "shape":"SecretNameType", "documentation":"The friendly name of the secret.
" }, + "Type":{ + "shape":"MedeaTypeType", + "documentation":"The exact string that identifies the third-party partner that holds the external secret. For more information, see Managed external secret partners.
" + }, "Description":{ "shape":"DescriptionType", "documentation":"The user-provided description of the secret.
" @@ -1531,6 +1597,14 @@ "shape":"RotationRulesType", "documentation":"A structure that defines the rotation configuration for the secret.
" }, + "ExternalSecretRotationMetadata":{ + "shape":"ExternalSecretRotationMetadataType", + "documentation":"The metadata needed to successfully rotate a managed external secret. A list of key value pairs in JSON format specified by the partner. For more information about the required information, see Managed external secrets partners.
" + }, + "ExternalSecretRotationRoleArn":{ + "shape":"RoleARNType", + "documentation":"The role that Secrets Manager assumes to call APIs required to perform the rotation. For more information about the required information, see Managed external secrets partners.
" + }, "LastRotatedDate":{ "shape":"LastRotatedDateType", "documentation":"The most recent date and time that the Secrets Manager rotation process was successfully completed. This value is null if the secret hasn't ever rotated.
", @@ -1711,7 +1785,7 @@ "members":{ "SecretId":{ "shape":"SecretIdType", - "documentation":"The ARN of the primary secret.
" + "documentation":"The name of the secret or the replica ARN. The replica ARN is the same as the original primary secret ARN expect the Region is changed to the replica Region.
" } } }, @@ -1819,6 +1893,10 @@ "SecretString":{ "shape":"SecretStringType", "documentation":"The text data to encrypt and store in the new version of the secret. We recommend you use a JSON structure of key/value pairs for your secret value.
Either SecretBinary or SecretString must have a value, but not both.
Sensitive: This field contains sensitive information, so the service does not include it in CloudTrail log entries. If you create your own log entries, you must also avoid logging the information in this field.
" + }, + "Type":{ + "shape":"MedeaTypeType", + "documentation":"The exact string that identifies the third-party partner that holds the external secret. For more information, see Managed external secret partners.
" } } }, diff --git a/awscli/botocore/data/security-ir/2018-05-10/paginators-1.json b/awscli/botocore/data/security-ir/2018-05-10/paginators-1.json index 2927d3863c62..9f78befbce37 100644 --- a/awscli/botocore/data/security-ir/2018-05-10/paginators-1.json +++ b/awscli/botocore/data/security-ir/2018-05-10/paginators-1.json @@ -23,6 +23,12 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListInvestigations": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "investigationActions" } } } diff --git a/awscli/botocore/data/security-ir/2018-05-10/service-2.json b/awscli/botocore/data/security-ir/2018-05-10/service-2.json index bc96df345fb1..a91f2fa31986 100644 --- a/awscli/botocore/data/security-ir/2018-05-10/service-2.json +++ b/awscli/botocore/data/security-ir/2018-05-10/service-2.json @@ -311,6 +311,29 @@ "documentation":"Returns comments for a designated case.
", "readonly":true }, + "ListInvestigations":{ + "name":"ListInvestigations", + "http":{ + "method":"GET", + "requestUri":"/v1/cases/{caseId}/list-investigations", + "responseCode":200 + }, + "input":{"shape":"ListInvestigationsRequest"}, + "output":{"shape":"ListInvestigationsResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Investigation performed by an agent for a security incident...
", + "readonly":true + }, "ListMemberships":{ "name":"ListMemberships", "http":{ @@ -357,6 +380,28 @@ "documentation":"Returns currently configured tags on a resource.
", "readonly":true }, + "SendFeedback":{ + "name":"SendFeedback", + "http":{ + "method":"POST", + "requestUri":"/v1/cases/{caseId}/feedback/{resultId}/send-feedback", + "responseCode":200 + }, + "input":{"shape":"SendFeedbackRequest"}, + "output":{"shape":"SendFeedbackResponse"}, + "errors":[ + {"shape":"ServiceQuotaExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ValidationException"}, + {"shape":"SecurityIncidentResponseNotActiveException"}, + {"shape":"InternalServerException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidTokenException"} + ], + "documentation":"Send feedback based on response investigation action
" + }, "TagResource":{ "name":"TagResource", "http":{ @@ -544,6 +589,14 @@ }, "exception":true }, + "ActionType":{ + "type":"string", + "enum":[ + "Evidence", + "Investigation", + "Summarization" + ] + }, "Arn":{ "type":"string", "max":1010, @@ -760,6 +813,40 @@ "min":10, "pattern":"\\d{10,32}.*" }, + "CaseMetadata":{ + "type":"list", + "member":{"shape":"CaseMetadataEntry"}, + "max":30, + "min":1 + }, + "CaseMetadataEntry":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{ + "shape":"CaseMetadataEntryKeyString", + "documentation":"The identifier for the metadata field. This key uniquely identifies the type of metadata being stored, such as \"severity\", \"category\", or \"assignee\".
" + }, + "value":{ + "shape":"CaseMetadataEntryValueString", + "documentation":"The value associated with the metadata key. This contains the actual data for the metadata field identified by the key.
" + } + }, + "documentation":"Represents a single metadata entry associated with a case. Each entry consists of a key-value pair that provides additional contextual information about the case, such as classification tags, custom attributes, or system-generated properties.
" + }, + "CaseMetadataEntryKeyString":{ + "type":"string", + "max":500, + "min":1 + }, + "CaseMetadataEntryValueString":{ + "type":"string", + "max":2000, + "min":1 + }, "CaseStatus":{ "type":"string", "enum":[ @@ -1070,6 +1157,22 @@ "Investigation" ] }, + "ExecutionStatus":{ + "type":"string", + "enum":[ + "Pending", + "InProgress", + "Waiting", + "Completed", + "Failed", + "Cancelled" + ] + }, + "FeedbackComment":{ + "type":"string", + "max":1000, + "min":1 + }, "FileName":{ "type":"string", "max":255, @@ -1242,6 +1345,10 @@ "closedDate":{ "shape":"Timestamp", "documentation":"Response element for GetCase that provides the date a specified case was closed.
" + }, + "caseMetadata":{ + "shape":"CaseMetadata", + "documentation":"Case response metadata
" } } }, @@ -1483,6 +1590,84 @@ "exception":true, "retryable":{"throttling":false} }, + "InvestigationAction":{ + "type":"structure", + "required":[ + "investigationId", + "actionType", + "title", + "content", + "status", + "lastUpdated" + ], + "members":{ + "investigationId":{ + "shape":"InvestigationId", + "documentation":"The unique identifier for this investigation action. This ID is used to track and reference the specific investigation throughout its lifecycle.
" + }, + "actionType":{ + "shape":"ActionType", + "documentation":"The type of investigation action being performed. This categorizes the investigation method or approach used in the case.
" + }, + "title":{ + "shape":"InvestigationTitle", + "documentation":"Human-readable summary of the investigation focus. This provides a brief description of what the investigation is examining or analyzing.
" + }, + "content":{ + "shape":"InvestigationContent", + "documentation":"Detailed investigation results in rich markdown format. This field contains the comprehensive findings, analysis, and conclusions from the investigation.
" + }, + "status":{ + "shape":"ExecutionStatus", + "documentation":"The current execution status of the investigation. This indicates whether the investigation is pending, in progress, completed, or failed.
" + }, + "lastUpdated":{ + "shape":"Timestamp", + "documentation":"ISO 8601 timestamp of the most recent status update. This indicates when the investigation was last modified or when its status last changed.
" + }, + "feedback":{ + "shape":"InvestigationFeedback", + "documentation":"User feedback for this investigation result. This contains the user's assessment and comments about the quality and usefulness of the investigation findings.
" + } + }, + "documentation":"Represents an investigation action performed within a case. This structure captures the details of an automated or manual investigation, including its status, results, and user feedback.
" + }, + "InvestigationActionList":{ + "type":"list", + "member":{"shape":"InvestigationAction"} + }, + "InvestigationContent":{ + "type":"string", + "max":5000, + "min":1 + }, + "InvestigationFeedback":{ + "type":"structure", + "members":{ + "usefulness":{ + "shape":"UsefulnessRating", + "documentation":"User assessment of the investigation result's quality and helpfulness. This rating indicates how valuable the investigation findings were in addressing the case.
" + }, + "comment":{ + "shape":"FeedbackComment", + "documentation":"Optional user comments providing additional context about the investigation feedback. This allows users to explain their rating or provide suggestions for improvement.
" + }, + "submittedAt":{ + "shape":"Timestamp", + "documentation":"ISO 8601 timestamp when the feedback was submitted. This records when the user provided their assessment of the investigation results.
" + } + }, + "documentation":"Represents user feedback for an investigation result. This structure captures the user's evaluation of the investigation's quality, usefulness, and any additional comments.
" + }, + "InvestigationId":{ + "type":"string", + "pattern":"inv-[a-z0-9]{10,32}" + }, + "InvestigationTitle":{ + "type":"string", + "max":200, + "min":1 + }, "JobTitle":{ "type":"string", "max":50, @@ -1712,6 +1897,55 @@ } } }, + "ListInvestigationsRequest":{ + "type":"structure", + "required":["caseId"], + "members":{ + "nextToken":{ + "shape":"ListInvestigationsRequestNextTokenString", + "documentation":"Investigation performed by an agent for a security incident request
", + "location":"querystring", + "locationName":"nextToken" + }, + "maxResults":{ + "shape":"ListInvestigationsRequestMaxResultsInteger", + "documentation":"Investigation performed by an agent for a security incident request, returning max results
", + "location":"querystring", + "locationName":"maxResults" + }, + "caseId":{ + "shape":"CaseId", + "documentation":"Investigation performed by an agent for a security incident per caseID
", + "location":"uri", + "locationName":"caseId" + } + } + }, + "ListInvestigationsRequestMaxResultsInteger":{ + "type":"integer", + "box":true, + "max":25, + "min":1 + }, + "ListInvestigationsRequestNextTokenString":{ + "type":"string", + "max":2000, + "min":0 + }, + "ListInvestigationsResponse":{ + "type":"structure", + "required":["investigationActions"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"Investigation performed by an agent for a security incident for next Token
" + }, + "investigationActions":{ + "shape":"InvestigationActionList", + "documentation":"Investigation performed by an agent for a security incid…Unique identifier for the specific investigation>
" + } + } + }, "ListMembershipItem":{ "type":"structure", "required":["membershipId"], @@ -1967,6 +2201,10 @@ }, "exception":true }, + "ResultId":{ + "type":"string", + "pattern":"inv-[a-z0-9]{10,32}" + }, "SecurityIncidentResponseNotActiveException":{ "type":"structure", "required":["message"], @@ -1992,6 +2230,40 @@ "Post-incident Activities" ] }, + "SendFeedbackRequest":{ + "type":"structure", + "required":[ + "caseId", + "resultId", + "usefulness" + ], + "members":{ + "caseId":{ + "shape":"CaseId", + "documentation":"Send feedback based on request caseID
", + "location":"uri", + "locationName":"caseId" + }, + "resultId":{ + "shape":"ResultId", + "documentation":"Send feedback based on request result ID
", + "location":"uri", + "locationName":"resultId" + }, + "usefulness":{ + "shape":"UsefulnessRating", + "documentation":"Required enum value indicating user assessment of result q.....
" + }, + "comment":{ + "shape":"FeedbackComment", + "documentation":"Send feedback based on request comments
" + } + } + }, + "SendFeedbackResponse":{ + "type":"structure", + "members":{} + }, "ServiceQuotaExceededException":{ "type":"structure", "required":[ @@ -2262,6 +2534,10 @@ "impactedAccountsToDelete":{ "shape":"ImpactedAccounts", "documentation":"Optional element for UpdateCase to provide content to add accounts impacted.
AWS account ID's may appear less than 12 characters and need to be zero-prepended. An example would be 123123123 which is nine digits, and with zero-prepend would be 000123123123. Not zero-prepending to 12 digits could result in errors.
Update the case request with case metadata
" } } }, @@ -2375,6 +2651,13 @@ "pattern":"https?://(?:www.)?[a-zA-Z0-9@:._+~#=-]{2,256}\\.[a-z]{2,6}\\b(?:[-a-zA-Z0-9@:%_+.~#?&/=]{0,2048})", "sensitive":true }, + "UsefulnessRating":{ + "type":"string", + "enum":[ + "USEFUL", + "NOT_USEFUL" + ] + }, "UserAgent":{ "type":"string", "max":500, diff --git a/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json b/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json index 5cbb88a00ec2..76fbaa12ce2a 100644 --- a/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json +++ b/awscli/botocore/data/securityhub/2018-10-26/paginators-1.json @@ -125,6 +125,18 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "AggregatorsV2" + }, + "GetFindingsTrendsV2": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TrendsMetrics" + }, + "GetResourcesTrendsV2": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "TrendsMetrics" } } } diff --git a/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json b/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json index 08a10aeb32ff..73ef2eee1d02 100644 --- a/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json +++ b/awscli/botocore/data/securityhub/2018-10-26/paginators-1.sdk-extras.json @@ -6,6 +6,16 @@ "non_aggregate_keys": [ "Feature" ] + }, + "GetFindingsTrendsV2": { + "non_aggregate_keys": [ + "Granularity" + ] + }, + "GetResourcesTrendsV2": { + "non_aggregate_keys": [ + "Granularity" + ] } } } diff --git a/awscli/botocore/data/securityhub/2018-10-26/service-2.json b/awscli/botocore/data/securityhub/2018-10-26/service-2.json index d5969522baa5..c06aeea9cf6c 100644 --- a/awscli/botocore/data/securityhub/2018-10-26/service-2.json +++ b/awscli/botocore/data/securityhub/2018-10-26/service-2.json @@ -268,7 +268,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to complete the authorization based on input parameters. This API is in preview release and subject to change.
" + "documentation":"Grants permission to complete the authorization based on input parameters. This API is in public preview and subject to change.
" }, "CreateActionTarget":{ "name":"CreateActionTarget", @@ -373,7 +373,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to create a connectorV2 based on input parameters. This API is in preview release and subject to change.
" + "documentation":"Grants permission to create a connectorV2 based on input parameters. This API is in public preview and subject to change.
" }, "CreateFindingAggregator":{ "name":"CreateFindingAggregator", @@ -443,7 +443,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID. This API is in preview release and subject to change.
" + "documentation":"Grants permission to create a ticket in the chosen ITSM based on finding information for the provided finding metadata UID. This API is in public preview and subject to change.
" }, "DeclineInvitations":{ "name":"DeclineInvitations", @@ -548,7 +548,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to delete a connectorV2. This API is in preview release and subject to change.
" + "documentation":"Grants permission to delete a connectorV2. This API is in public preview and subject to change.
" }, "DeleteFindingAggregator":{ "name":"DeleteFindingAggregator", @@ -1041,7 +1041,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to retrieve details for a connectorV2 based on connector id. This API is in preview release and subject to change.
" + "documentation":"Grants permission to retrieve details for a connectorV2 based on connector id. This API is in public preview and subject to change.
" }, "GetEnabledStandards":{ "name":"GetEnabledStandards", @@ -1126,6 +1126,22 @@ ], "documentation":"Returns a list of findings that match the specified criteria.
If cross-Region aggregation is enabled, then when you call GetFindings from the home Region, the results include all of the matching findings from both the home Region and linked Regions.
Returns findings trend data based on the specified criteria. This operation helps you analyze patterns and changes in findings over time. This API is in public preview and subject to change.
" + }, "GetFindingsV2":{ "name":"GetFindingsV2", "http":{ @@ -1247,6 +1263,22 @@ ], "documentation":"Retrieves statistical information about Amazon Web Services resources and their associated security findings. This API is in public preview and subject to change.
" }, + "GetResourcesTrendsV2":{ + "name":"GetResourcesTrendsV2", + "http":{ + "method":"POST", + "requestUri":"/resourcesTrendsv2" + }, + "input":{"shape":"GetResourcesTrendsV2Request"}, + "output":{"shape":"GetResourcesTrendsV2Response"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"} + ], + "documentation":"Returns resource trend data based on the specified criteria. This operation helps you analyze patterns and changes in resource compliance over time. This API is in public preview and subject to change.
" + }, "GetResourcesV2":{ "name":"GetResourcesV2", "http":{ @@ -1402,7 +1434,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account. This API is in preview release and subject to change.
" + "documentation":"Grants permission to retrieve a list of connectorsV2 and their metadata for the calling account. This API is in public preview and subject to change.
" }, "ListEnabledProductsForImport":{ "name":"ListEnabledProductsForImport", @@ -1685,7 +1717,7 @@ {"shape":"ConflictException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Grants permission to update a connectorV2 based on its id and input parameters. This API is in preview release and subject to change.
" + "documentation":"Grants permission to update a connectorV2 based on its id and input parameters. This API is in public preview and subject to change.
" }, "UpdateFindingAggregator":{ "name":"UpdateFindingAggregator", @@ -18424,6 +18456,72 @@ }, "documentation":"The severity assigned to a finding by the finding provider. This object may include one or more of the following attributes:
Label
Normalized
Original
Product
If a BatchImportFindings request for a new finding only provides Label or only provides Normalized, Security Hub automatically populates the value of the other field.
The Normalized and Product attributes are included in the FindingProviderSeverity structure to preserve the historical information associated with the finding, even if the top-level Severity object is later modified using the BatchUpdateFindings operation.
If the top-level Finding.Severity object is present, but Finding.FindingProviderFields isn't present, Security Hub creates the FindingProviderFields.Severity object and copies the entire Finding.Severity object into it. This ensures that the original, provider-supplied details are retained within the FindingProviderFields.Severity object, even if the top-level Severity object is overwritten.
A list of string filters that apply to findings trend data fields.
" + }, + "NestedCompositeFilters":{ + "shape":"FindingsTrendsCompositeFilterList", + "documentation":"A list of nested composite filters that you can use to create complex filter conditions for findings trend data.
" + }, + "Operator":{ + "shape":"AllowedOperators", + "documentation":"The logical operator (AND, OR) to apply between the string filters and nested composite filters.
" + } + }, + "documentation":"A filter structure that contains a logical combination of string filters and nested composite filters for findings trend data.
" + }, + "FindingsTrendsCompositeFilterList":{ + "type":"list", + "member":{"shape":"FindingsTrendsCompositeFilter"} + }, + "FindingsTrendsFilters":{ + "type":"structure", + "members":{ + "CompositeFilters":{ + "shape":"FindingsTrendsCompositeFilterList", + "documentation":"A list of composite filters to apply to the findings trend data.
" + }, + "CompositeOperator":{ + "shape":"AllowedOperators", + "documentation":"The logical operator (AND, OR) to apply between multiple composite filters.
" + } + }, + "documentation":"The structure that defines filters to apply to findings trend data queries.
" + }, + "FindingsTrendsStringField":{ + "type":"string", + "enum":[ + "account_id", + "region", + "finding_types", + "finding_status", + "finding_cve_ids", + "finding_compliance_status", + "finding_control_id", + "finding_class_name", + "finding_provider", + "finding_activity_name" + ] + }, + "FindingsTrendsStringFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"FindingsTrendsStringField", + "documentation":"The name of the findings field to filter on.
" + }, + "Filter":{"shape":"StringFilter"} + }, + "documentation":"A filter for string-based fields in findings trend data.
" + }, + "FindingsTrendsStringFilterList":{ + "type":"list", + "member":{"shape":"FindingsTrendsStringFilter"} + }, "FirewallPolicyDetails":{ "type":"structure", "members":{ @@ -18942,6 +19040,56 @@ } } }, + "GetFindingsTrendsV2Request":{ + "type":"structure", + "required":[ + "StartTime", + "EndTime" + ], + "members":{ + "Filters":{ + "shape":"FindingsTrendsFilters", + "documentation":"The filters to apply to the findings trend data.
" + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"The starting timestamp for the time period to analyze findings trends, in ISO 8601 format.
" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"The ending timestamp for the time period to analyze findings trends, in ISO 8601 format.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use for paginating results. This value is returned in the response if more results are available.
" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of trend data points to return in a single response.
" + } + } + }, + "GetFindingsTrendsV2Response":{ + "type":"structure", + "required":[ + "Granularity", + "TrendsMetrics" + ], + "members":{ + "Granularity":{ + "shape":"GranularityField", + "documentation":"The time interval granularity for the returned trend data.
" + }, + "TrendsMetrics":{ + "shape":"TrendsMetrics", + "documentation":"The collection of time-series trend metrics, including counts of findings by severity across the specified time period.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use for retrieving the next page of results, if more trend data is available.
" + } + } + }, "GetFindingsV2Request":{ "type":"structure", "members":{ @@ -19106,6 +19254,56 @@ } } }, + "GetResourcesTrendsV2Request":{ + "type":"structure", + "required":[ + "StartTime", + "EndTime" + ], + "members":{ + "Filters":{ + "shape":"ResourcesTrendsFilters", + "documentation":"The filters to apply to the resources trend data.
" + }, + "StartTime":{ + "shape":"Timestamp", + "documentation":"The starting timestamp for the time period to analyze resources trends, in ISO 8601 format.
" + }, + "EndTime":{ + "shape":"Timestamp", + "documentation":"The ending timestamp for the time period to analyze resources trends, in ISO 8601 format.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use for paginating results. This value is returned in the response if more results are available.
" + }, + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of trend data points to return in a single response.
" + } + } + }, + "GetResourcesTrendsV2Response":{ + "type":"structure", + "required":[ + "Granularity", + "TrendsMetrics" + ], + "members":{ + "Granularity":{ + "shape":"GranularityField", + "documentation":"The time interval granularity for the returned trend data (such as DAILY or WEEKLY).
" + }, + "TrendsMetrics":{ + "shape":"ResourcesTrendsMetrics", + "documentation":"The collection of time-series trend metrics, including counts of resources across the specified time period.
" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token to use for retrieving the next page of results, if more trend data is available.
" + } + } + }, "GetResourcesV2Request":{ "type":"structure", "members":{ @@ -19160,6 +19358,14 @@ "SecurityControlDefinition":{"shape":"SecurityControlDefinition"} } }, + "GranularityField":{ + "type":"string", + "enum":[ + "Daily", + "Weekly", + "Monthly" + ] + }, "GroupByField":{ "type":"string", "enum":[ @@ -22213,6 +22419,17 @@ "type":"list", "member":{"shape":"ResourcesCompositeFilter"} }, + "ResourcesCount":{ + "type":"structure", + "required":["AllResources"], + "members":{ + "AllResources":{ + "shape":"TrendsValueCount", + "documentation":"The total count of all resources for the given time interval.
" + } + }, + "documentation":"Contains counts of resources for trend analysis.
" + }, "ResourcesDateField":{ "type":"string", "enum":[ @@ -22326,6 +22543,99 @@ "type":"list", "member":{"shape":"ResourcesStringFilter"} }, + "ResourcesTrendsCompositeFilter":{ + "type":"structure", + "members":{ + "StringFilters":{ + "shape":"ResourcesTrendsStringFilterList", + "documentation":"A list of string filters that apply to resources trend data fields.
" + }, + "NestedCompositeFilters":{ + "shape":"ResourcesTrendsCompositeFilterList", + "documentation":"A list of nested composite filters that you can use to create complex filter conditions for resources trend data.
" + }, + "Operator":{ + "shape":"AllowedOperators", + "documentation":"The logical operator (AND, OR) to apply between the string filters and nested composite filters.
" + } + }, + "documentation":"A filter structure that contains a logical combination of string filters and nested composite filters for resources trend data.
" + }, + "ResourcesTrendsCompositeFilterList":{ + "type":"list", + "member":{"shape":"ResourcesTrendsCompositeFilter"} + }, + "ResourcesTrendsFilters":{ + "type":"structure", + "members":{ + "CompositeFilters":{ + "shape":"ResourcesTrendsCompositeFilterList", + "documentation":"A list of composite filters to apply to the resources trend data.
" + }, + "CompositeOperator":{ + "shape":"AllowedOperators", + "documentation":"The logical operator (AND, OR) to apply between multiple composite filters.
" + } + }, + "documentation":"The structure that defines filters to apply to resources trend data queries.
" + }, + "ResourcesTrendsMetrics":{ + "type":"list", + "member":{"shape":"ResourcesTrendsMetricsResult"} + }, + "ResourcesTrendsMetricsResult":{ + "type":"structure", + "required":[ + "Timestamp", + "TrendsValues" + ], + "members":{ + "Timestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp for this data point in the resources trend metrics.
" + }, + "TrendsValues":{ + "shape":"ResourcesTrendsValues", + "documentation":"The resource trend metric values associated with this timestamp, including resource counts.
" + } + }, + "documentation":"Contains the resource trend metrics data for a specific time point in the requested time period.
" + }, + "ResourcesTrendsStringField":{ + "type":"string", + "enum":[ + "account_id", + "region", + "resource_type", + "resource_category" + ] + }, + "ResourcesTrendsStringFilter":{ + "type":"structure", + "members":{ + "FieldName":{ + "shape":"ResourcesTrendsStringField", + "documentation":"The name of the resources field to filter on, such as resourceType, accountId, or region.
" + }, + "Filter":{"shape":"StringFilter"} + }, + "documentation":"A filter for string-based fields in resources trend data, such as resource type or account ID.
" + }, + "ResourcesTrendsStringFilterList":{ + "type":"list", + "member":{"shape":"ResourcesTrendsStringFilter"} + }, + "ResourcesTrendsValues":{ + "type":"structure", + "required":["ResourcesCount"], + "members":{ + "ResourcesCount":{ + "shape":"ResourcesCount", + "documentation":"The resource count statistics for this data point in the trend timeline.
" + } + }, + "documentation":"Contains the aggregated resource count values for a specific point in the resources trend timeline.
" + }, "Result":{ "type":"structure", "members":{ @@ -23138,6 +23448,54 @@ "CRITICAL" ] }, + "SeverityTrendsCount":{ + "type":"structure", + "required":[ + "Unknown", + "Informational", + "Low", + "Medium", + "High", + "Critical", + "Fatal", + "Other" + ], + "members":{ + "Unknown":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with Unknown severity level at this point in the trend timeline.
" + }, + "Informational":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with Informational severity level at this point in the trend timeline.
" + }, + "Low":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with Low severity level at this point in the trend timeline.
" + }, + "Medium":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with Medium severity level at this point in the trend timeline.
" + }, + "High":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with High severity level at this point in the trend timeline.
" + }, + "Critical":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with Critical severity level at this point in the trend timeline.
" + }, + "Fatal":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with Fatal severity level at this point in the trend timeline.
" + }, + "Other":{ + "shape":"TrendsValueCount", + "documentation":"The count of findings with severity levels not fitting into the standard categories at this point in the trend timeline.
" + } + }, + "documentation":"Contains counts of findings grouped by severity level for trend analysis.
" + }, "SeverityUpdate":{ "type":"structure", "members":{ @@ -24044,6 +24402,43 @@ "type":"timestamp", "timestampFormat":"iso8601" }, + "TrendsMetrics":{ + "type":"list", + "member":{"shape":"TrendsMetricsResult"} + }, + "TrendsMetricsResult":{ + "type":"structure", + "required":[ + "Timestamp", + "TrendsValues" + ], + "members":{ + "Timestamp":{ + "shape":"Timestamp", + "documentation":"The timestamp for this data point in the findings trend metrics.
" + }, + "TrendsValues":{ + "shape":"TrendsValues", + "documentation":"The finding trend metric values associated with this timestamp, including severity counts.
" + } + }, + "documentation":"Contains the findings trend metrics data for a specific time point in the requested time period.
" + }, + "TrendsValueCount":{ + "type":"long", + "min":0 + }, + "TrendsValues":{ + "type":"structure", + "required":["SeverityTrends"], + "members":{ + "SeverityTrends":{ + "shape":"SeverityTrendsCount", + "documentation":"The count of findings organized by severity level for this data point in the trend timeline.
" + } + }, + "documentation":"Contains the aggregated finding values for a specific point in the findings trend timeline.
" + }, "TypeList":{ "type":"list", "member":{"shape":"NonEmptyString"} diff --git a/awscli/botocore/data/sesv2/2019-09-27/service-2.json b/awscli/botocore/data/sesv2/2019-09-27/service-2.json index da2fa09cc974..ef0c1260135b 100644 --- a/awscli/botocore/data/sesv2/2019-09-27/service-2.json +++ b/awscli/botocore/data/sesv2/2019-09-27/service-2.json @@ -3336,7 +3336,7 @@ }, "SigningAttributesOrigin":{ "shape":"DkimSigningAttributesOrigin", - "documentation":"A string that indicates how DKIM was configured for the identity. These are the possible values:
AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.
EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).
AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).
AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).
A string that indicates how DKIM was configured for the identity. These are the possible values:
AWS_SES – Indicates that DKIM was configured for the identity by using Easy DKIM.
EXTERNAL – Indicates that DKIM was configured for the identity by using Bring Your Own DKIM (BYODKIM).
AWS_SES_AF_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_NORTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_SOUTH_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_IL_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).
AWS_SES_SA_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_CA_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).
AWS_SES_CA_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Canada (Calgary) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_3 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_5 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Asia Pacific (Malaysia) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_1 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_2 – Indicates that DKIM was configured for the identity by replicating signing attributes from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).
The attribute to use for configuring DKIM for the identity depends on the operation:
For PutEmailIdentityDkimSigningAttributes:
None of the values are allowed - use the SigningAttributesOrigin parameter instead
For CreateEmailIdentity when replicating a parent identity's DKIM configuration:
Allowed values: All values except AWS_SES and EXTERNAL
AWS_SES – Configure DKIM for the identity by using Easy DKIM.
EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).
AWS_SES_AF_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_NORTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_3 – Configure DKIM for the identity by replicating from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_IL_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).
AWS_SES_SA_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_CA_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_2 – Configure DKIM for the identity by replicating from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).
The attribute to use for configuring DKIM for the identity depends on the operation:
For PutEmailIdentityDkimSigningAttributes:
None of the values are allowed - use the SigningAttributesOrigin parameter instead
For CreateEmailIdentity when replicating a parent identity's DKIM configuration:
Allowed values: All values except AWS_SES and EXTERNAL
AWS_SES – Configure DKIM for the identity by using Easy DKIM.
EXTERNAL – Configure DKIM for the identity by using Bring Your Own DKIM (BYODKIM).
AWS_SES_AF_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Africa (Cape Town) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_NORTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Stockholm) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Mumbai) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTH_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Hyderabad) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_3 – Configure DKIM for the identity by replicating from a parent identity in Europe (Paris) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (London) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Milan) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Ireland) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Osaka) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Seoul) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (UAE) region using Deterministic Easy-DKIM (DEED).
AWS_SES_ME_SOUTH_1 – Configure DKIM for the identity by replicating from a parent identity in Middle East (Bahrain) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_NORTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Tokyo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_IL_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Israel (Tel Aviv) region using Deterministic Easy-DKIM (DEED).
AWS_SES_SA_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in South America (São Paulo) region using Deterministic Easy-DKIM (DEED).
AWS_SES_CA_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Central) region using Deterministic Easy-DKIM (DEED).
AWS_SES_CA_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in Canada (Calgary) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_1 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Singapore) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_2 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Sydney) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_3 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Jakarta) region using Deterministic Easy-DKIM (DEED).
AWS_SES_AP_SOUTHEAST_5 – Configure DKIM for the identity by replicating from a parent identity in Asia Pacific (Malaysia) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_1 – Configure DKIM for the identity by replicating from a parent identity in Europe (Frankfurt) region using Deterministic Easy-DKIM (DEED).
AWS_SES_EU_CENTRAL_2 – Configure DKIM for the identity by replicating from a parent identity in Europe (Zurich) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_1 – Configure DKIM for the identity by replicating from a parent identity in US East (N. Virginia) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_EAST_2 – Configure DKIM for the identity by replicating from a parent identity in US East (Ohio) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_1 – Configure DKIM for the identity by replicating from a parent identity in US West (N. California) region using Deterministic Easy-DKIM (DEED).
AWS_SES_US_WEST_2 – Configure DKIM for the identity by replicating from a parent identity in US West (Oregon) region using Deterministic Easy-DKIM (DEED).
An object that contains configuration for Bring Your Own DKIM (BYODKIM), or, for Easy DKIM
" @@ -3404,7 +3404,9 @@ "AWS_SES_US_WEST_2", "AWS_SES_ME_CENTRAL_1", "AWS_SES_AP_SOUTH_2", - "AWS_SES_EU_CENTRAL_2" + "AWS_SES_EU_CENTRAL_2", + "AWS_SES_AP_SOUTHEAST_5", + "AWS_SES_CA_WEST_1" ] }, "DkimSigningKeyLength":{ diff --git a/awscli/botocore/data/signin/2023-01-01/endpoint-rule-set-1.json b/awscli/botocore/data/signin/2023-01-01/endpoint-rule-set-1.json new file mode 100644 index 000000000000..1c87b0ca8e3b --- /dev/null +++ b/awscli/botocore/data/signin/2023-01-01/endpoint-rule-set-1.json @@ -0,0 +1,473 @@ +{ + "version": "1.0", + "parameters": { + "UseDualStack": { + "builtIn": "AWS::UseDualStack", + "required": true, + "default": false, + "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.", + "type": "boolean" + }, + "UseFIPS": { + "builtIn": "AWS::UseFIPS", + "required": true, + "default": false, + "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.", + "type": "boolean" + }, + "Endpoint": { + "builtIn": "SDK::Endpoint", + "required": false, + "documentation": "Override the endpoint used to send this request", + "type": "string" + }, + "Region": { + "builtIn": "AWS::Region", + "required": false, + "documentation": "The AWS region used to dispatch the request.", + "type": "string" + } + }, + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Endpoint" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "rules": [ + { + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "aws.partition", + "argv": [ + { + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Region}.signin.aws.amazon.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-cn" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Region}.signin.amazonaws.cn", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + }, + "aws-us-gov" + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "endpoint": { + "url": "https://{Region}.signin.amazonaws-us-gov.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signin-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + false + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + }, + true + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signin-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + false + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://signin.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://signin.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ], + "type": "tree" + } + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" + } + ], + "type": "tree" + } + ] +} \ No newline at end of file diff --git a/awscli/botocore/data/signin/2023-01-01/paginators-1.json b/awscli/botocore/data/signin/2023-01-01/paginators-1.json new file mode 100644 index 000000000000..ea142457a6a7 --- /dev/null +++ b/awscli/botocore/data/signin/2023-01-01/paginators-1.json @@ -0,0 +1,3 @@ +{ + "pagination": {} +} diff --git a/awscli/botocore/data/signin/2023-01-01/service-2.json b/awscli/botocore/data/signin/2023-01-01/service-2.json new file mode 100644 index 000000000000..d07382641f63 --- /dev/null +++ b/awscli/botocore/data/signin/2023-01-01/service-2.json @@ -0,0 +1,319 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2023-01-01", + "auth":["aws.auth#sigv4"], + "endpointPrefix":"signin", + "protocol":"rest-json", + "protocols":["rest-json"], + "serviceFullName":"AWS Sign-In Service", + "serviceId":"Signin", + "signatureVersion":"v4", + "signingName":"signin", + "uid":"signin-2023-01-01" + }, + "operations":{ + "CreateOAuth2Token":{ + "name":"CreateOAuth2Token", + "http":{ + "method":"POST", + "requestUri":"/v1/token", + "responseCode":200 + }, + "input":{"shape":"CreateOAuth2TokenRequest"}, + "output":{"shape":"CreateOAuth2TokenResponse"}, + "errors":[ + {"shape":"TooManyRequestsError"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ], + "documentation":"CreateOAuth2Token API
Path: /v1/token Request Method: POST Content-Type: application/json or application/x-www-form-urlencoded
This API implements OAuth 2.0 flows for AWS Sign-In CLI clients, supporting both:
The operation behavior is determined by the grant_type parameter in the request body:
Authorization Code Flow (NOT Idempotent):
Token Refresh Flow (Idempotent):
Authentication and authorization:
Note: This operation cannot be marked as @idempotent because it handles both idempotent (token refresh) and non-idempotent (auth code redemption) flows in a single endpoint.
", + "auth":["smithy.api#noAuth"], + "authtype":"none" + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":[ + "error", + "message" + ], + "members":{ + "error":{ + "shape":"OAuth2ErrorCode", + "documentation":"OAuth 2.0 error code indicating the specific type of access denial Can be TOKEN_EXPIRED, AUTHCODE_EXPIRED, USER_CREDENTIALS_CHANGED, or INSUFFICIENT_PERMISSIONS
" + }, + "message":{ + "shape":"String", + "documentation":"Detailed message explaining the access denial Provides specific information about why access was denied
" + } + }, + "documentation":"Error thrown for access denied scenarios with flexible HTTP status mapping
Runtime HTTP Status Code Mapping:
The specific HTTP status code is determined at runtime based on the error enum value. Consumers should use the error field to determine the specific access denial reason.
", + "exception":true + }, + "AccessToken":{ + "type":"structure", + "required":[ + "accessKeyId", + "secretAccessKey", + "sessionToken" + ], + "members":{ + "accessKeyId":{ + "shape":"String", + "documentation":"AWS access key ID for temporary credentials
", + "locationName":"accessKeyId" + }, + "secretAccessKey":{ + "shape":"String", + "documentation":"AWS secret access key for temporary credentials
", + "locationName":"secretAccessKey" + }, + "sessionToken":{ + "shape":"String", + "documentation":"AWS session token for temporary credentials
", + "locationName":"sessionToken" + } + }, + "documentation":"AWS credentials structure containing temporary access credentials
The scoped-down, 15 minute duration AWS credentials. Scoping down will be based on CLI policy (CLI team needs to create it). Similar to cloud shell implementation.
", + "sensitive":true + }, + "AuthorizationCode":{ + "type":"string", + "documentation":"Authorization code received from AWS Sign-In /v1/authorize endpoint
The authorization code received from AWS Sign-In from /v1/authorize. Used in auth code redemption flow only.
", + "max":512, + "min":1 + }, + "ClientId":{ + "type":"string", + "documentation":"Client identifier pattern for AWS Sign-In devtools clients
The ARN used by client as part of Sign-In onboarding. Expected values:
This will be finalized after consulting with UX as this is visible to end customer.
", + "pattern":"arn:aws:signin:::devtools/(cross-device|same-device)" + }, + "CodeVerifier":{ + "type":"string", + "documentation":"PKCE code verifier for OAuth 2.0 security
PKCE code verifier to prove possession of the original code challenge. Used to prevent authorization code interception attacks in public clients. Must be 43-128 characters using unreserved characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~"
", + "max":128, + "min":43, + "pattern":"[A-Za-z0-9\\-._~]+" + }, + "CreateOAuth2TokenRequest":{ + "type":"structure", + "required":["tokenInput"], + "members":{ + "tokenInput":{ + "shape":"CreateOAuth2TokenRequestBody", + "documentation":"Flattened token operation inputs The specific operation is determined by grant_type in the request body
" + } + }, + "documentation":"Input structure for CreateOAuth2Token operation
Contains flattened token operation inputs for both authorization code and refresh token flows. The operation type is determined by the grant_type parameter in the request body.
", + "payload":"tokenInput" + }, + "CreateOAuth2TokenRequestBody":{ + "type":"structure", + "required":[ + "clientId", + "grantType" + ], + "members":{ + "clientId":{ + "shape":"ClientId", + "documentation":"The client identifier (ARN) used during Sign-In onboarding Required for both authorization code and refresh token flows
", + "locationName":"clientId" + }, + "grantType":{ + "shape":"GrantType", + "documentation":"OAuth 2.0 grant type - determines which flow is used Must be "authorization_code" or "refresh_token"
", + "locationName":"grantType" + }, + "code":{ + "shape":"AuthorizationCode", + "documentation":"The authorization code received from /v1/authorize Required only when grant_type=authorization_code
" + }, + "redirectUri":{ + "shape":"RedirectUri", + "documentation":"The redirect URI that must match the original authorization request Required only when grant_type=authorization_code
", + "locationName":"redirectUri" + }, + "codeVerifier":{ + "shape":"CodeVerifier", + "documentation":"PKCE code verifier to prove possession of the original code challenge Required only when grant_type=authorization_code
", + "locationName":"codeVerifier" + }, + "refreshToken":{ + "shape":"RefreshToken", + "documentation":"The refresh token returned from auth_code redemption Required only when grant_type=refresh_token
", + "locationName":"refreshToken" + } + }, + "documentation":"Request body payload for CreateOAuth2Token operation
The operation type is determined by the grant_type parameter:
Flattened token operation outputs The specific response fields depend on the grant_type used in the request
" + } + }, + "documentation":"Output structure for CreateOAuth2Token operation
Contains flattened token operation outputs for both authorization code and refresh token flows. The response content depends on the grant_type from the original request.
", + "payload":"tokenOutput" + }, + "CreateOAuth2TokenResponseBody":{ + "type":"structure", + "required":[ + "accessToken", + "tokenType", + "expiresIn", + "refreshToken" + ], + "members":{ + "accessToken":{ + "shape":"AccessToken", + "documentation":"Scoped-down AWS credentials (15 minute duration) Present for both authorization code redemption and token refresh
", + "locationName":"accessToken" + }, + "tokenType":{ + "shape":"TokenType", + "documentation":"Token type indicating this is AWS SigV4 credentials Value is "aws_sigv4" for both flows
", + "locationName":"tokenType" + }, + "expiresIn":{ + "shape":"ExpiresIn", + "documentation":"Time to expiry in seconds (maximum 900) Present for both authorization code redemption and token refresh
", + "locationName":"expiresIn" + }, + "refreshToken":{ + "shape":"RefreshToken", + "documentation":"Encrypted refresh token with cnf.jkt (SHA-256 thumbprint of presented jwk) Always present in responses (required for both flows)
", + "locationName":"refreshToken" + }, + "idToken":{ + "shape":"IdToken", + "documentation":"ID token containing user identity information Present only in authorization code redemption response (grant_type=authorization_code) Not included in token refresh responses
", + "locationName":"idToken" + } + }, + "documentation":"Response body payload for CreateOAuth2Token operation
The response content depends on the grant_type from the request:
Time to expiry in seconds
The time to expiry in seconds, for these purposes will be at most 900 (15 minutes).
", + "box":true, + "max":900, + "min":1 + }, + "GrantType":{ + "type":"string", + "documentation":"OAuth 2.0 grant type parameter
For auth code redemption: Must be "authorization_code" For token refresh: Must be "refresh_token"
Based on client_id & grant_type, authn/authz is skipped for CLI endpoints.
", + "pattern":"(authorization_code|refresh_token)" + }, + "IdToken":{ + "type":"string", + "documentation":"ID token containing user identity information
Encoded JWT token containing user identity claims and authentication context. Returned only in authorization code redemption responses (grant_type=authorization_code). Contains user identity information such as ARN and other identity claims.
", + "max":4096, + "min":1 + }, + "InternalServerException":{ + "type":"structure", + "required":[ + "error", + "message" + ], + "members":{ + "error":{ + "shape":"OAuth2ErrorCode", + "documentation":"OAuth 2.0 error code indicating server error Will be SERVER_ERROR for internal server errors
" + }, + "message":{ + "shape":"String", + "documentation":"Detailed message explaining the server error May include error details for debugging purposes
" + } + }, + "documentation":"Error thrown when an internal server error occurs
HTTP Status Code: 500 Internal Server Error
Used for unexpected server-side errors that prevent request processing.
", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "OAuth2ErrorCode":{ + "type":"string", + "documentation":"OAuth 2.0 error codes returned by the server
Standard OAuth 2.0 error codes used in error responses to indicate the specific type of error that occurred during token operations.
", + "enum":[ + "TOKEN_EXPIRED", + "USER_CREDENTIALS_CHANGED", + "INSUFFICIENT_PERMISSIONS", + "AUTHCODE_EXPIRED", + "server_error", + "INVALID_REQUEST" + ] + }, + "RedirectUri":{ + "type":"string", + "documentation":"Redirect URI for OAuth 2.0 flow validation
The same redirect URI used in the authorization request. This must match exactly what was sent in the original authorization request for security validation.
", + "max":2048, + "min":1 + }, + "RefreshToken":{ + "type":"string", + "documentation":"Encrypted refresh token with cnf.jkt
This is the encrypted refresh token returned from auth code redemption. The token content includes cnf.jkt (SHA-256 thumbprint of the presented jwk). Used in subsequent token refresh requests.
", + "max":2048, + "min":1, + "sensitive":true + }, + "String":{"type":"string"}, + "TokenType":{ + "type":"string", + "documentation":"Token type parameter indicating credential usage
A parameter which indicates to the client how the token must be used. Value is "aws_sigv4" (instead of typical "Bearer" for other OAuth systems) to indicate that the client must de-serialize the token and use it to generate a signature.
", + "pattern":"aws_sigv4" + }, + "TooManyRequestsError":{ + "type":"structure", + "required":[ + "error", + "message" + ], + "members":{ + "error":{ + "shape":"OAuth2ErrorCode", + "documentation":"OAuth 2.0 error code indicating the specific type of error Will be INVALID_REQUEST for rate limiting scenarios
" + }, + "message":{ + "shape":"String", + "documentation":"Detailed message about the rate limiting May include retry-after information or rate limit details
" + } + }, + "documentation":"Error thrown when rate limit is exceeded
HTTP Status Code: 429 Too Many Requests
Possible OAuth2ErrorCode values:
Possible causes:
OAuth 2.0 error code indicating validation failure Will be INVALID_REQUEST for validation errors
" + }, + "message":{ + "shape":"String", + "documentation":"Detailed message explaining the validation failure Provides specific information about which validation failed
" + } + }, + "documentation":"Error thrown when request validation fails
HTTP Status Code: 400 Bad Request
Used for request validation errors such as malformed parameters, missing required fields, or invalid parameter values.
", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + } + }, + "documentation":"AWS Sign-In manages authentication for AWS services. This service provides secure authentication flows for accessing AWS resources from the console and developer tools.
" +} diff --git a/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json b/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json index 1a96e2463f50..44ba50c5ffe9 100644 --- a/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json +++ b/awscli/botocore/data/stepfunctions/2016-11-23/service-2.json @@ -557,7 +557,7 @@ {"shape":"InvalidExecutionInput"}, {"shape":"ValidationException"} ], - "documentation":"Accepts the definition of a single state and executes it. You can test a state without creating a state machine or updating an existing state machine. Using this API, you can test the following:
A state's input and output processing data flow
An Amazon Web Services service integration request and response
An HTTP Task request and response
You can call this API on only one state at a time. The states that you can test include the following:
The TestState API assumes an IAM role which must contain the required IAM permissions for the resources your state is accessing. For information about the permissions a state might need, see IAM permissions to test a state.
The TestState API can run for up to five minutes. If the execution of a state exceeds this duration, it fails with the States.Timeout error.
TestState doesn't support Activity tasks, .sync or .waitForTaskToken service integration patterns, Parallel, or Map states.
Accepts the definition of a single state and executes it. You can test a state without creating a state machine or updating an existing state machine. Using this API, you can test the following:
A state's input and output processing data flow
An Amazon Web Services service integration request and response
An HTTP Task request and response
You can call this API on only one state at a time. The states that you can test include the following:
The TestState API assumes an IAM role which must contain the required IAM permissions for the resources your state is accessing. For information about the permissions a state might need, see IAM permissions to test a state.
The TestState API can run for up to five minutes. If the execution of a state exceeds this duration, it fails with the States.Timeout error.
TestState only supports the following when a mock is specified: Activity tasks, .sync or .waitForTaskToken service integration patterns, Parallel, or Map states.
The date and time the event occurred.
" + "documentation":"The date and time the event occurred, expressed in seconds and fractional milliseconds since the Unix epoch, which is defined as January 1, 1970, at 00:00:00 Coordinated Universal Time (UTC).
" }, "type":{ "shape":"HistoryEventType", @@ -2115,6 +2121,41 @@ "variables":{ "shape":"SensitiveData", "documentation":"JSON string that contains the set of workflow variables after execution of the state. The set will include variables assigned in the state and variables set up as test state input.
" + }, + "errorDetails":{ + "shape":"InspectionErrorDetails", + "documentation":"An object containing data about a handled exception in the tested state.
" + }, + "afterItemsPath":{ + "shape":"SensitiveData", + "documentation":"The effective input after the ItemsPath filter is applied. Not populated when the QueryLanguage is JSONata.
" + }, + "afterItemSelector":{ + "shape":"SensitiveData", + "documentation":"An array containing the inputs for each Map iteration, transformed by the ItemSelector specified in a Map state.
" + }, + "afterItemBatcher":{ + "shape":"SensitiveData", + "documentation":"The effective input after the ItemBatcher filter is applied in a Map state.
" + }, + "afterItemsPointer":{ + "shape":"SensitiveData", + "documentation":"The effective input after the ItemsPointer filter is applied in a Map state.
" + }, + "toleratedFailureCount":{ + "shape":"InspectionToleratedFailureCount", + "documentation":"The tolerated failure threshold for a Map state as defined in number of Map state iterations.
", + "box":true + }, + "toleratedFailurePercentage":{ + "shape":"InspectionToleratedFailurePercentage", + "documentation":"The tolerated failure threshold for a Map state as defined in percentage of Map state iterations.
", + "box":true + }, + "maxConcurrency":{ + "shape":"InspectionMaxConcurrency", + "documentation":"The max concurrency of the Map state.
", + "box":true } }, "documentation":"Contains additional details about the state's execution, including its input and output data processing flow, and HTTP request and response information.
", @@ -2172,6 +2213,27 @@ }, "documentation":"Contains additional details about the state's execution, including its input and output data processing flow, and HTTP response information. The inspectionLevel request parameter specifies which details are returned.
The array index of the Catch which handled the exception.
", + "box":true + }, + "retryIndex":{ + "shape":"ExceptionHandlerIndex", + "documentation":"The array index of the Retry which handled the exception.
", + "box":true + }, + "retryBackoffIntervalSeconds":{ + "shape":"RetryBackoffIntervalSeconds", + "documentation":"The duration in seconds of the backoff for a retry on a failed state invocation.
", + "box":true + } + }, + "documentation":"An object containing data about a handled exception in the tested state.
" + }, "InspectionLevel":{ "type":"string", "enum":[ @@ -2180,6 +2242,25 @@ "TRACE" ] }, + "InspectionMaxConcurrency":{ + "type":"integer", + "box":true, + "min":0, + "sensitive":true + }, + "InspectionToleratedFailureCount":{ + "type":"integer", + "box":true, + "min":0, + "sensitive":true + }, + "InspectionToleratedFailurePercentage":{ + "type":"float", + "box":true, + "max":100, + "min":0, + "sensitive":true + }, "InvalidArn":{ "type":"structure", "members":{ @@ -2674,6 +2755,11 @@ }, "documentation":"Contains details about an iteration of a Map state.
" }, + "MapIterationFailureCount":{ + "type":"integer", + "box":true, + "min":0 + }, "MapRunExecutionCounts":{ "type":"structure", "required":[ @@ -2892,6 +2978,46 @@ "documentation":"Request is missing a required parameter. This error occurs if both definition and roleArn are not specified.
A string denoting the error code of the exception thrown when invoking the tested state. This field is required if mock.errorOutput is specified.
A string containing the cause of the exception thrown when executing the state's logic.
" + } + }, + "documentation":"A JSON object that contains a mocked error.
" + }, + "MockInput":{ + "type":"structure", + "members":{ + "result":{ + "shape":"SensitiveData", + "documentation":"A JSON string containing the mocked result of the state invocation.
" + }, + "errorOutput":{ + "shape":"MockErrorOutput", + "documentation":"The mocked error output when calling TestState. When specified, the mocked response is returned as a JSON object that contains an error and cause field.
Determines the level of strictness when validating mocked results against their respective API models. Values include:
STRICT: All required fields must be present, and all present fields must conform to the API's schema.
PRESENT: All present fields must conform to the API's schema.
NONE: No validation is performed.
If no value is specified, the default value is STRICT.
A JSON object that contains a mocked result or errorOutput.
Could not find the referenced resource.
", "exception":true }, + "RetrierRetryCount":{ + "type":"integer", + "box":true, + "min":0 + }, + "RetryBackoffIntervalSeconds":{ + "type":"integer", + "box":true, + "min":0, + "sensitive":true + }, "RevealSecrets":{"type":"boolean"}, "ReverseOrder":{"type":"boolean"}, "RevisionId":{"type":"string"}, @@ -3078,7 +3215,7 @@ }, "SensitiveDataJobInput":{ "type":"string", - "max":262144, + "max":1048576, "sensitive":true }, "SensitiveError":{ @@ -3747,13 +3884,37 @@ "CAUGHT_ERROR" ] }, + "TestStateConfiguration":{ + "type":"structure", + "members":{ + "retrierRetryCount":{ + "shape":"RetrierRetryCount", + "documentation":"The number of retry attempts that have occurred for the state's Retry that applies to the mocked error.
", + "box":true + }, + "errorCausedByState":{ + "shape":"TestStateStateName", + "documentation":"The name of the state from which an error originates when an error is mocked for a Map or Parallel state.
" + }, + "mapIterationFailureCount":{ + "shape":"MapIterationFailureCount", + "documentation":"The number of Map state iterations that failed during the Map state invocation.
", + "box":true + }, + "mapItemReaderData":{ + "shape":"SensitiveData", + "documentation":"The data read by ItemReader in Distributed Map states as found in its original source.
" + } + }, + "documentation":"Contains configurations for the tested state.
" + }, "TestStateInput":{ "type":"structure", "required":["definition"], "members":{ "definition":{ "shape":"Definition", - "documentation":"The Amazon States Language (ASL) definition of the state.
" + "documentation":"The Amazon States Language (ASL) definition of the state or state machine.
" }, "roleArn":{ "shape":"Arn", @@ -3774,6 +3935,22 @@ "variables":{ "shape":"SensitiveData", "documentation":"JSON object literal that sets variables used in the state under test. Object keys are the variable names and values are the variable values.
" + }, + "stateName":{ + "shape":"TestStateStateName", + "documentation":"Denotes the particular state within a state machine definition to be tested. If this field is specified, the definition must contain a fully-formed state machine definition.
Defines a mocked result or error for the state under test.
A mock can only be specified for Task, Map, or Parallel states. If it is specified for another state type, an exception will be thrown.
" + }, + "context":{ + "shape":"SensitiveData", + "documentation":"A JSON string representing a valid Context object for the state under test. This field may only be specified if a mock is specified in the same request.
" + }, + "stateConfiguration":{ + "shape":"TestStateConfiguration", + "documentation":"Contains configurations for the state under test.
" } } }, @@ -3806,6 +3983,12 @@ } } }, + "TestStateStateName":{ + "type":"string", + "max":80, + "min":1, + "sensitive":true + }, "TimeoutInSeconds":{"type":"long"}, "Timestamp":{"type":"timestamp"}, "ToleratedFailureCount":{ diff --git a/awscli/botocore/data/storagegateway/2013-06-30/service-2.json b/awscli/botocore/data/storagegateway/2013-06-30/service-2.json index 8ada1dd5a92c..635716d99a4a 100644 --- a/awscli/botocore/data/storagegateway/2013-06-30/service-2.json +++ b/awscli/botocore/data/storagegateway/2013-06-30/service-2.json @@ -4314,7 +4314,7 @@ "documentation":"Optional. The Amazon Resource Name (ARN) of a symmetric customer master key (CMK) used for Amazon S3 server-side encryption. Storage Gateway does not support asymmetric CMKs. This value must be set if KMSEncrypted is true, or if EncryptionType is SseKms or DsseKms.
The ARN of the IAM role that an S3 File Gateway assumes when it accesses the underlying storage.
", "max":2048, "min":20, - "pattern":"^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):iam::([0-9]+):role/(\\S+)$" + "pattern":"^arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):iam::([0-9]+):role/(\\S+)$" }, "SMBFileShareInfo":{ "type":"structure", @@ -5582,7 +5582,7 @@ "type":"string", "max":500, "min":50, - "pattern":"arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):storagegateway:[a-z\\-0-9]+:[0-9]+:tape\\/[0-9A-Z]{5,16}$" + "pattern":"arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):storagegateway:[a-z\\-0-9]+:[0-9]+:tape\\/[0-9A-Z]{5,16}$" }, "TapeARNs":{ "type":"list", @@ -6351,7 +6351,7 @@ "type":"string", "max":500, "min":50, - "pattern":"arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*)):storagegateway:[a-z\\-0-9]+:[0-9]+:gateway\\/(.+)\\/volume\\/vol-(\\S+)" + "pattern":"arn:(aws(|-cn|-us-gov|-iso[A-Za-z0-9_-]*|-eusc)):storagegateway:[a-z\\-0-9]+:[0-9]+:gateway\\/(.+)\\/volume\\/vol-(\\S+)" }, "VolumeARNs":{ "type":"list", diff --git a/awscli/botocore/data/sts/2011-06-15/service-2.json b/awscli/botocore/data/sts/2011-06-15/service-2.json index d62b297a770a..ba3010fa97cf 100644 --- a/awscli/botocore/data/sts/2011-06-15/service-2.json +++ b/awscli/botocore/data/sts/2011-06-15/service-2.json @@ -153,9 +153,10 @@ }, "errors":[ {"shape":"ExpiredTradeInTokenException"}, - {"shape":"RegionDisabledException"} + {"shape":"RegionDisabledException"}, + {"shape":"PackedPolicyTooLargeException"} ], - "documentation":"This API is currently unavailable for general use.
" + "documentation":"Exchanges a trade-in token for temporary Amazon Web Services credentials with the permissions associated with the assumed principal. This operation allows you to obtain credentials for a specific principal based on a trade-in token, enabling delegation of access to Amazon Web Services resources.
" }, "GetFederationToken":{ "name":"GetFederationToken", @@ -190,6 +191,24 @@ {"shape":"RegionDisabledException"} ], "documentation":"Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 StopInstances.
MFA-enabled IAM users must call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that the call returns, IAM users can then make programmatic calls to API operations that require MFA authentication. An incorrect MFA code causes the API to return an access denied error. For a comparison of GetSessionToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Compare STS credentials in the IAM User Guide.
No permissions are required for users to perform this operation. The purpose of the sts:GetSessionToken operation is to authenticate the user using MFA. You cannot use policies to control authentication operations. For more information, see Permissions for GetSessionToken in the IAM User Guide.
Session Duration
The GetSessionToken operation must be called by using the long-term Amazon Web Services security credentials of an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.
Permissions
The temporary security credentials created by GetSessionToken can be used to make API calls to any Amazon Web Services service with the following exceptions:
You cannot call any IAM API operations unless MFA authentication information is included in the request.
You cannot call any STS API except AssumeRole or GetCallerIdentity.
The credentials that GetSessionToken returns are based on permissions associated with the IAM user whose credentials were used to call the operation. The temporary credentials have the same permissions as the IAM user.
Although it is possible to call GetSessionToken using the security credentials of an Amazon Web Services account root user rather than an IAM user, we do not recommend it. If GetSessionToken is called using root user credentials, the temporary credentials have root user permissions. For more information, see Safeguard your root user credentials and don't use them for everyday tasks in the IAM User Guide
For more information about using GetSessionToken to create temporary credentials, see Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.
Returns a signed JSON Web Token (JWT) that represents the calling Amazon Web Services identity. The returned JWT can be used to authenticate with external services that support OIDC discovery. The token is signed by Amazon Web Services STS and can be publicly verified using the verification keys published at the issuer's JWKS endpoint.
" } }, "shapes":{ @@ -539,7 +558,7 @@ "members":{ "message":{"shape":"expiredTradeInTokenExceptionMessage"} }, - "documentation":"", + "documentation":"The trade-in token provided in the request has expired and can no longer be exchanged for credentials. Request a new token and retry the operation.
", "error":{ "code":"ExpiredTradeInTokenException", "httpStatusCode":400, @@ -612,7 +631,7 @@ "members":{ "TradeInToken":{ "shape":"tradeInTokenType", - "documentation":"" + "documentation":"The token to exchange for temporary Amazon Web Services credentials. This token must be valid and unexpired at the time of the request.
" } } }, @@ -622,11 +641,11 @@ "Credentials":{"shape":"Credentials"}, "PackedPolicySize":{ "shape":"nonNegativeIntegerType", - "documentation":"" + "documentation":"The percentage of the maximum policy size that is used by the session policy. The policy size is calculated as the sum of all the session policies and permission boundaries attached to the session. If the packed size exceeds 100%, the request fails.
" }, "AssumedPrincipal":{ "shape":"arnType", - "documentation":"" + "documentation":"The Amazon Resource Name (ARN) of the principal that was assumed when obtaining the delegated access token. This ARN identifies the IAM entity whose permissions are granted by the temporary credentials.
" } } }, @@ -701,6 +720,44 @@ }, "documentation":"Contains the response to a successful GetSessionToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.
" }, + "GetWebIdentityTokenRequest":{ + "type":"structure", + "required":[ + "Audience", + "SigningAlgorithm" + ], + "members":{ + "Audience":{ + "shape":"webIdentityTokenAudienceListType", + "documentation":"The intended recipient of the web identity token. This value populates the aud claim in the JWT and should identify the service or application that will validate and use the token. The external service should verify this claim to ensure the token was intended for their use.
The duration, in seconds, for which the JSON Web Token (JWT) will remain valid. The value can range from 60 seconds (1 minute) to 3600 seconds (1 hour). If not specified, the default duration is 300 seconds (5 minutes). The token is designed to be short-lived and should be used for proof of identity, then exchanged for credentials or short-lived tokens in the external service.
" + }, + "SigningAlgorithm":{ + "shape":"jwtAlgorithmType", + "documentation":"The cryptographic algorithm to use for signing the JSON Web Token (JWT). Valid values are RS256 (RSA with SHA-256) and ES384 (ECDSA using P-384 curve with SHA-384).
" + }, + "Tags":{ + "shape":"tagListType", + "documentation":"An optional list of tags to include in the JSON Web Token (JWT). These tags are added as custom claims to the JWT and can be used by the downstream service for authorization decisions.
" + } + } + }, + "GetWebIdentityTokenResponse":{ + "type":"structure", + "members":{ + "WebIdentityToken":{ + "shape":"webIdentityTokenType", + "documentation":"A signed JSON Web Token (JWT) that represents the caller's Amazon Web Services identity. The token contains standard JWT claims such as subject, audience, expiration time, and additional identity attributes added by STS as custom claims. You can also add your own custom claims to the token by passing tags as request parameters to the GetWebIdentityToken API. The token is signed using the specified signing algorithm and can be verified using the verification keys available at the issuer's JWKS endpoint.
The date and time when the web identity token expires, in UTC. The expiration is determined by adding the DurationSeconds value to the time the token was issued. After this time, the token should no longer be considered valid.
The requested token payload size exceeds the maximum allowed size. Reduce the number of request tags included in the GetWebIdentityToken API call to reduce the token payload size.
The outbound web identity federation feature is not enabled for this account. To use this feature, you must first enable it through the Amazon Web Services Management Console or API.
", + "error":{ + "code":"OutboundWebIdentityFederationDisabledException", + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, "PackedPolicyTooLargeException":{ "type":"structure", "members":{ @@ -835,6 +918,19 @@ "min":4, "sensitive":true }, + "SessionDurationEscalationException":{ + "type":"structure", + "members":{ + "message":{"shape":"sessionDurationEscalationException"} + }, + "documentation":"The requested token duration would extend the session beyond its original expiration time. You cannot use this operation to extend the lifetime of a session beyond what was granted when the session was originally created.
", + "error":{ + "code":"SessionDurationEscalationException", + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, "Subject":{"type":"string"}, "SubjectType":{"type":"string"}, "Tag":{ @@ -924,11 +1020,18 @@ "idpRejectedClaimMessage":{"type":"string"}, "invalidAuthorizationMessage":{"type":"string"}, "invalidIdentityTokenMessage":{"type":"string"}, + "jwtAlgorithmType":{ + "type":"string", + "max":5, + "min":5 + }, + "jwtPayloadSizeExceededException":{"type":"string"}, "malformedPolicyDocumentMessage":{"type":"string"}, "nonNegativeIntegerType":{ "type":"integer", "min":0 }, + "outboundWebIdentityFederationDisabledException":{"type":"string"}, "packedPolicyTooLargeMessage":{"type":"string"}, "policyDescriptorListType":{ "type":"list", @@ -952,6 +1055,7 @@ "min":9, "pattern":"[\\w+=/:,.@-]*" }, + "sessionDurationEscalationException":{"type":"string"}, "sessionPolicyDocumentType":{ "type":"string", "max":2048, @@ -1018,6 +1122,26 @@ "type":"string", "max":255, "min":6 + }, + "webIdentityTokenAudienceListType":{ + "type":"list", + "member":{"shape":"webIdentityTokenAudienceStringType"}, + "max":10, + "min":1 + }, + "webIdentityTokenAudienceStringType":{ + "type":"string", + "max":1000, + "min":1 + }, + "webIdentityTokenDurationSecondsType":{ + "type":"integer", + "max":3600, + "min":60 + }, + "webIdentityTokenType":{ + "type":"string", + "sensitive":true } }, "documentation":"Security Token Service (STS) enables you to request temporary, limited-privilege credentials for users. This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials.
" diff --git a/awscli/botocore/data/transfer/2018-11-05/service-2.json b/awscli/botocore/data/transfer/2018-11-05/service-2.json index 743d27bbf80d..308a2fe4b5c2 100644 --- a/awscli/botocore/data/transfer/2018-11-05/service-2.json +++ b/awscli/botocore/data/transfer/2018-11-05/service-2.json @@ -138,7 +138,7 @@ {"shape":"InternalServiceError"}, {"shape":"AccessDeniedException"} ], - "documentation":"Creates a web app based on specified parameters, and returns the ID for the new web app.
" + "documentation":"Creates a web app based on specified parameters, and returns the ID for the new web app. You can configure the web app to be publicly accessible or hosted within a VPC.
For more information about using VPC endpoints with Transfer Family, see Create a Transfer Family web app in a VPC.
" }, "CreateWorkflow":{ "name":"CreateWorkflow", @@ -539,7 +539,7 @@ {"shape":"InternalServiceError"}, {"shape":"AccessDeniedException"} ], - "documentation":"Describes the web app that's identified by WebAppId.
Describes the web app that's identified by WebAppId. The response includes endpoint configuration details such as whether the web app is publicly accessible or VPC hosted.
For more information about using VPC endpoints with Transfer Family, see Create a Transfer Family web app in a VPC.
", "readonly":true }, "DescribeWebAppCustomization":{ @@ -854,7 +854,7 @@ {"shape":"InternalServiceError"}, {"shape":"InvalidNextTokenException"} ], - "documentation":"Lists all web apps associated with your Amazon Web Services account for your current region.
", + "documentation":"Lists all web apps associated with your Amazon Web Services account for your current region. The response includes the endpoint type for each web app, showing whether it is publicly accessible or VPC hosted.
For more information about using VPC endpoints with Transfer Family, see Create a Transfer Family web app in a VPC.
", "readonly":true }, "ListWorkflows":{ @@ -1212,7 +1212,7 @@ {"shape":"InternalServiceError"}, {"shape":"AccessDeniedException"} ], - "documentation":"Assigns new properties to a web app. You can modify the access point, identity provider details, and the web app units.
" + "documentation":"Assigns new properties to a web app. You can modify the access point, identity provider details, endpoint configuration, and the web app units.
For more information about using VPC endpoints with Transfer Family, see Create a Transfer Family web app in a VPC.
" }, "UpdateWebAppCustomization":{ "name":"UpdateWebAppCustomization", @@ -1903,6 +1903,10 @@ "WebAppEndpointPolicy":{ "shape":"WebAppEndpointPolicy", "documentation":" Setting for the type of endpoint policy for the web app. The default value is STANDARD.
If you are creating the web app in an Amazon Web Services GovCloud (US) Region, you can set this parameter to FIPS.
The endpoint configuration for the web app. You can specify whether the web app endpoint is publicly accessible or hosted within a VPC.
" } } }, @@ -3141,6 +3145,14 @@ "WebAppEndpointPolicy":{ "shape":"WebAppEndpointPolicy", "documentation":" Setting for the type of endpoint policy for the web app. The default value is STANDARD.
If your web app was created in an Amazon Web Services GovCloud (US) Region, the value of this parameter can be FIPS, which indicates the web app endpoint is FIPS-compliant.
The type of endpoint hosting the web app. Valid values are PUBLIC for publicly accessible endpoints and VPC for VPC-hosted endpoints that provide network isolation.
The endpoint configuration details for the web app, including VPC settings if the endpoint is hosted within a VPC.
" } }, "documentation":"A structure that describes the parameters for the web app, as identified by the WebAppId.
A structure that contains the customization fields for the web app. You can provide a title, logo, and icon to customize the appearance of your web app.
" }, + "DescribedWebAppEndpointDetails":{ + "type":"structure", + "members":{ + "Vpc":{ + "shape":"DescribedWebAppVpcConfig", + "documentation":"The VPC configuration details when the web app endpoint is hosted within a VPC. This includes the VPC ID, subnet IDs, and VPC endpoint ID.
" + } + }, + "documentation":"Contains the endpoint configuration details for a web app, including VPC configuration when the endpoint is hosted within a VPC.
", + "union":true + }, "DescribedWebAppIdentityProviderDetails":{ "type":"structure", "members":{ @@ -3186,6 +3209,24 @@ "documentation":"Returns a structure that contains the identity provider details for your web app.
", "union":true }, + "DescribedWebAppVpcConfig":{ + "type":"structure", + "members":{ + "SubnetIds":{ + "shape":"SubnetIds", + "documentation":"The list of subnet IDs within the VPC where the web app endpoint is deployed. These subnets must be in the same VPC and provide network connectivity for the endpoint.
" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"The identifier of the VPC where the web app endpoint is hosted.
" + }, + "VpcEndpointId":{ + "shape":"VpcEndpointId", + "documentation":"The identifier of the VPC endpoint created for the web app.
" + } + }, + "documentation":"Contains the VPC configuration details for a web app endpoint, including the VPC identifier, subnet IDs, and VPC endpoint ID used for hosting the endpoint.
" + }, "DescribedWorkflow":{ "type":"structure", "required":["Arn"], @@ -4533,6 +4574,10 @@ "WebAppEndpoint":{ "shape":"WebAppEndpoint", "documentation":"The WebAppEndpoint is the unique URL for your Transfer Family web app. This is the value that you use when you configure Origins on CloudFront.
The type of endpoint hosting the web app. Valid values are PUBLIC for publicly accessible endpoints and VPC for VPC-hosted endpoints.
a structure that contains details for the web app.
" @@ -6083,6 +6128,17 @@ } } }, + "UpdateWebAppEndpointDetails":{ + "type":"structure", + "members":{ + "Vpc":{ + "shape":"UpdateWebAppVpcConfig", + "documentation":"The VPC configuration details for updating a web app endpoint hosted within a VPC. This includes the subnet IDs for endpoint deployment.
" + } + }, + "documentation":"Contains the endpoint configuration details for updating a web app, including VPC settings for endpoints hosted within a VPC.
", + "union":true + }, "UpdateWebAppIdentityCenterConfig":{ "type":"structure", "members":{ @@ -6123,6 +6179,10 @@ "WebAppUnits":{ "shape":"WebAppUnits", "documentation":"A union that contains the value for number of concurrent connections or the user sessions on your web app.
" + }, + "EndpointDetails":{ + "shape":"UpdateWebAppEndpointDetails", + "documentation":"The updated endpoint configuration for the web app. You can modify the endpoint type and VPC configuration settings.
" } } }, @@ -6136,6 +6196,16 @@ } } }, + "UpdateWebAppVpcConfig":{ + "type":"structure", + "members":{ + "SubnetIds":{ + "shape":"SubnetIds", + "documentation":"The list of subnet IDs within the VPC where the web app endpoint should be deployed during the update operation.
" + } + }, + "documentation":"Contains the VPC configuration settings for updating a web app endpoint, including the subnet IDs where the endpoint should be deployed.
" + }, "Url":{ "type":"string", "max":255, @@ -6202,6 +6272,17 @@ "max":1024, "min":1 }, + "WebAppEndpointDetails":{ + "type":"structure", + "members":{ + "Vpc":{ + "shape":"WebAppVpcConfig", + "documentation":"The VPC configuration for hosting the web app endpoint within a VPC.
" + } + }, + "documentation":"Contains the endpoint configuration for a web app, including VPC settings when the endpoint is hosted within a VPC.
", + "union":true + }, "WebAppEndpointPolicy":{ "type":"string", "enum":[ @@ -6209,6 +6290,13 @@ "STANDARD" ] }, + "WebAppEndpointType":{ + "type":"string", + "enum":[ + "PUBLIC", + "VPC" + ] + }, "WebAppFaviconFile":{ "type":"blob", "max":20960, @@ -6259,6 +6347,24 @@ "documentation":"Contains an integer value that represents the value for number of concurrent connections or the user sessions on your web app.
", "union":true }, + "WebAppVpcConfig":{ + "type":"structure", + "members":{ + "SubnetIds":{ + "shape":"SubnetIds", + "documentation":"The list of subnet IDs within the VPC where the web app endpoint will be deployed. These subnets must be in the same VPC specified in the VpcId parameter.
" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"The identifier of the VPC where the web app endpoint will be hosted.
" + }, + "SecurityGroupIds":{ + "shape":"SecurityGroupIds", + "documentation":"The list of security group IDs that control access to the web app endpoint. These security groups determine which sources can access the endpoint based on IP addresses and port configurations.
" + } + }, + "documentation":"Contains the VPC configuration settings for hosting a web app endpoint, including the VPC ID, subnet IDs, and security group IDs for access control.
" + }, "WorkflowDescription":{ "type":"string", "max":256, diff --git a/awscli/botocore/data/wafv2/2019-07-29/service-2.json b/awscli/botocore/data/wafv2/2019-07-29/service-2.json index 5ec6196447a6..05290e9aa786 100644 --- a/awscli/botocore/data/wafv2/2019-07-29/service-2.json +++ b/awscli/botocore/data/wafv2/2019-07-29/service-2.json @@ -29,7 +29,8 @@ {"shape":"WAFNonexistentItemException"}, {"shape":"WAFUnavailableEntityException"}, {"shape":"WAFInvalidOperationException"}, - {"shape":"WAFLimitsExceededException"} + {"shape":"WAFLimitsExceededException"}, + {"shape":"WAFFeatureNotIncludedInPricingPlanException"} ], "documentation":"Associates a web ACL with a resource, to protect the resource.
Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call UpdateDistribution for the distribution and provide the Amazon Resource Name (ARN) of the web ACL in the web ACL ID. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for AssociateWebACL in the WAF Developer Guide.
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.
If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs.
This operation completely replaces any mutable specifications that you already have for a logging configuration with the ones that you provide to this call.
To modify an existing logging configuration, do the following:
Retrieve it by calling GetLoggingConfiguration
Update its settings as needed
Provide the complete logging configuration specification to this call
You can define one logging destination per web ACL.
You can access information about the traffic that WAF inspects using the following steps:
Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.
Associate your logging destination to your web ACL using a PutLoggingConfiguration request.
When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.
" }, @@ -951,7 +953,8 @@ {"shape":"WAFSubscriptionNotFoundException"}, {"shape":"WAFInvalidOperationException"}, {"shape":"WAFExpiredManagedRuleGroupVersionException"}, - {"shape":"WAFConfigurationWarningException"} + {"shape":"WAFConfigurationWarningException"}, + {"shape":"WAFFeatureNotIncludedInPricingPlanException"} ], "documentation":"Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance.
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
The name of the disallowed WAF feature.
" + }, + "RequiredPricingPlan":{ + "shape":"RequiredPricingPlanName", + "documentation":"The name of the CloudFront pricing plan required to use the WAF feature.
" + } + }, + "documentation":"A WAF feature that is not supported by the CloudFront pricing plan associated with the web ACL.
" + }, + "DisallowedFeatures":{ + "type":"list", + "member":{"shape":"DisallowedFeature"}, + "min":1 + }, "DisassociateWebACLRequest":{ "type":"structure", "required":["ResourceArn"], @@ -4715,6 +4737,12 @@ "CONTAINS_WORD" ] }, + "PricingPlanFeatureName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[\\w\\-]+$" + }, "ProductDescription":{ "type":"string", "min":1, @@ -5303,6 +5331,12 @@ }, "documentation":"The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.
This is part of the AWSManagedRulesACFPRuleSet configuration in ManagedRuleGroupConfig.
In these settings, you specify how your application accepts account creation attempts by providing the request payload type and the names of the fields within the request body where the username, password, email, and primary address and phone number fields are provided.
" }, + "RequiredPricingPlanName":{ + "type":"string", + "max":64, + "min":1, + "pattern":"^[\\w\\-]+$" + }, "ResourceArn":{ "type":"string", "max":2048, @@ -6587,6 +6621,18 @@ "documentation":"The operation failed because the specified version for the managed rule group has expired. You can retrieve the available versions for the managed rule group by calling ListAvailableManagedRuleGroupVersions.
", "exception":true }, + "WAFFeatureNotIncludedInPricingPlanException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"}, + "DisallowedFeatures":{ + "shape":"DisallowedFeatures", + "documentation":"The names of the disallowed WAF features.
" + } + }, + "documentation":"The operation failed because the specified WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.
", + "exception":true + }, "WAFInternalErrorException":{ "type":"structure", "members":{ diff --git a/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json b/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json index 3a096eeb8a68..e30864cab857 100644 --- a/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json +++ b/awscli/botocore/data/workspaces-web/2020-07-08/service-2.json @@ -1750,6 +1750,12 @@ "IAM_Identity_Center" ] }, + "BlockedCategories":{ + "type":"list", + "member":{"shape":"Category"}, + "max":100, + "min":1 + }, "BrowserPolicy":{ "type":"string", "max":131072, @@ -1780,6 +1786,10 @@ "additionalEncryptionContext":{ "shape":"EncryptionContextMap", "documentation":"The additional encryption context of the browser settings.
" + }, + "webContentFilteringPolicy":{ + "shape":"WebContentFilteringPolicy", + "documentation":"The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security.
" } }, "documentation":"The browser settings resource that can be associated with a web portal. Once associated with a web portal, browser settings control how the browser will behave once a user starts a streaming session for the web portal.
" @@ -1810,6 +1820,38 @@ "pattern":"[_\\-\\d\\w]+", "sensitive":true }, + "Category":{ + "type":"string", + "enum":[ + "Cults", + "Gambling", + "Nudity", + "Pornography", + "SexEducation", + "Tasteless", + "Violence", + "DownloadSites", + "ImageSharing", + "PeerToPeer", + "StreamingMediaAndDownloads", + "GenerativeAI", + "CriminalActivity", + "Hacking", + "HateAndIntolerance", + "IllegalDrug", + "IllegalSoftware", + "SchoolCheating", + "SelfHarm", + "Weapons", + "Chat", + "Games", + "InstantMessaging", + "ProfessionalNetwork", + "SocialNetworking", + "WebBasedEmail", + "ParkedDomains" + ] + }, "Certificate":{ "type":"structure", "members":{ @@ -1989,7 +2031,6 @@ }, "CreateBrowserSettingsRequest":{ "type":"structure", - "required":["browserPolicy"], "members":{ "tags":{ "shape":"TagList", @@ -2011,6 +2052,10 @@ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request.
If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
", "idempotencyToken":true + }, + "webContentFilteringPolicy":{ + "shape":"WebContentFilteringPolicy", + "documentation":"The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security.
" } } }, @@ -2902,7 +2947,8 @@ "SessionConnect", "SessionStart", "SessionDisconnect", - "SessionEnd" + "SessionEnd", + "UrlBlockByContentFilter" ] }, "EventFilter":{ @@ -4859,6 +4905,10 @@ "shape":"ClientToken", "documentation":"A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request.
If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
", "idempotencyToken":true + }, + "webContentFilteringPolicy":{ + "shape":"WebContentFilteringPolicy", + "documentation":"The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security.
" } } }, @@ -5232,6 +5282,17 @@ } } }, + "UrlPattern":{ + "type":"string", + "pattern":"((([a-zA-Z][a-zA-Z0-9+.-]*):\\/\\/(\\*|[\\w%._\\-\\+~#=@]+)?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?)|(\\*|[\\w%._\\-\\+~#=@]+\\.[\\w%._\\-\\+~#=@]+)(?::(\\d{1,5}))?(\\/[^@\\s]*)?(?:\\?([^*\\s]+(?:\\*?)))?|(([a-zA-Z][a-zA-Z0-9+.-]*):(\\/\\/)?\\*))", + "sensitive":true + }, + "UrlPatternList":{ + "type":"list", + "member":{"shape":"UrlPattern"}, + "max":1000, + "min":1 + }, "UserAccessLoggingSettings":{ "type":"structure", "required":["userAccessLoggingSettingsArn"], @@ -5459,6 +5520,24 @@ "min":1, "pattern":"vpc-[0-9a-z]*" }, + "WebContentFilteringPolicy":{ + "type":"structure", + "members":{ + "blockedCategories":{ + "shape":"BlockedCategories", + "documentation":"Categories of websites that are blocked on the end user’s browsers.
" + }, + "allowedUrls":{ + "shape":"UrlPatternList", + "documentation":"URLs and domains that are always accessible to end users.
" + }, + "blockedUrls":{ + "shape":"UrlPatternList", + "documentation":"URLs and domains that end users cannot access.
" + } + }, + "documentation":"The policy that specifies which URLs end users are allowed to access or which URLs or domain categories they are restricted from accessing for enhanced security.
" + }, "keyArn":{ "type":"string", "max":2048, diff --git a/awscli/botocore/exceptions.py b/awscli/botocore/exceptions.py index 6ed5265a4765..326074ed72db 100644 --- a/awscli/botocore/exceptions.py +++ b/awscli/botocore/exceptions.py @@ -758,6 +758,39 @@ class AuthCodeFetcherError(SSOError): ) +class LoginError(BotoCoreError): + fmt = ( + "An unspecified error happened when resolving AWS credentials or " + "refreshing a login session profile." + ) + + +class LoginRefreshTokenExpired(LoginError): + fmt = "Your session has expired. Please reauthenticate using 'aws login'." + + +class LoginRefreshPasswordChanged(LoginError): + fmt = ( + "Unable to refresh login credentials because of a change in your " + "password. Please reauthenticate with your new password using 'aws login'." + ) + + +class LoginInsufficientPermissions(LoginError): + fmt = ( + "Unable to create or refresh login credentials due to insufficient " + "permissions. You may be missing permission for the 'signin:CreateOAuth2Token' action." + ) + + +class LoginTokenLoadError(LoginError): + fmt = "Error loading login session token: {error_msg}" + + +class LoginAuthorizationCodeError(LoginError): + fmt = "Error loading or redeeming a login authorization code: {error_msg} " + + class CapacityNotAvailableError(BotoCoreError): fmt = 'Insufficient request capacity available.' diff --git a/awscli/botocore/useragent.py b/awscli/botocore/useragent.py index 00793a04bfa7..9c559cbdd32f 100644 --- a/awscli/botocore/useragent.py +++ b/awscli/botocore/useragent.py @@ -95,6 +95,10 @@ 'CREDENTIALS_HTTP': 'z', 'CREDENTIALS_IMDS': '0', 'BEARER_SERVICE_ENV_VARS': '3', + 'LOGIN_SAME_DEVICE': 'AA', + 'LOGIN_CROSS_DEVICE': 'AB', + 'CREDENTIALS_PROFILE_LOGIN': 'AC', + 'CREDENTIALS_LOGIN': 'AD', } diff --git a/awscli/botocore/utils.py b/awscli/botocore/utils.py index b7bbc545b0b8..110abcb0d474 100644 --- a/awscli/botocore/utils.py +++ b/awscli/botocore/utils.py @@ -30,6 +30,7 @@ import warnings import weakref from datetime import datetime as _DatetimeClass +from functools import partial from ipaddress import ip_address from pathlib import Path from urllib.request import getproxies, proxy_bypass @@ -38,6 +39,7 @@ import botocore.awsrequest import botocore.httpsession import dateutil.parser +from awscrt.crypto import EC from botocore.compat import ( MD5_AVAILABLE, get_md5, @@ -395,7 +397,7 @@ def _select_base_url(self, base_url, config): raise InvalidIMDSEndpointError(endpoint=chosen_base_url) return chosen_base_url - + def _construct_url(self, path): sep = '' if self._base_url and not self._base_url.endswith('/'): @@ -3956,6 +3958,41 @@ def _serialize_if_needed(self, value, iso=False): return value +def _extract_resolved_endpoint(params, result=None, **kwargs): + """Event handler for before-call that will extract the resolved endpoint + for a given request without actually running it + """ + # This will contain any path and query params specific to + # the operation/input, so extract just the scheme and hostname + if result is None: + result = {} + if params['url']: + parsed = urlparse(params['url']) + result['uri'] = f'{parsed.scheme}://{parsed.netloc}' + + return botocore.awsrequest.AWSResponse(None, 200, {}, None), {} + + +def get_base_sign_in_uri(client): + """Simulates a Sign-In request so that we can extract the "base" + endpoint for the current client + """ + result = {} + handler = partial(_extract_resolved_endpoint, result=result) + + client.meta.events.register('before-call', handler) + client.create_o_auth2_token( + tokenInput={'clientId': ' ', 'grantType': ' '}, + ) + client.meta.events.unregister('before-call', handler) + + return result['uri'] + + +def generate_login_cache_key(sign_in_session_name): + return hashlib.sha256(sign_in_session_name.encode('utf-8')).hexdigest() + + def is_s3_accelerate_url(url): """Does the URL match the S3 Accelerate endpoint scheme? @@ -4081,3 +4118,83 @@ def _get_bearer_env_var_name(signing_name): 'stepfunctions': 'sfn', 'storagegateway': 'storage-gateway', } + + +def get_login_token_cache_directory(): + """Returns which directory contains the login_session token files""" + if 'AWS_LOGIN_CACHE_DIRECTORY' in os.environ: + path = os.path.expandvars(os.environ['AWS_LOGIN_CACHE_DIRECTORY']) + path = os.path.expanduser(path) + return path + else: + return os.path.expanduser(os.path.join('~', '.aws', 'login', 'cache')) + + +class LoginCredentialsLoader: + """Loads and saves login access tokens to disk""" + + def __init__(self, cache=None): + if cache is None: + cache = {} + self._cache = cache + + def save_token(self, session_name, token): + cache_key = generate_login_cache_key(session_name) + self._cache[cache_key] = token + + def load_token(self, session_name): + cache_key = generate_login_cache_key(session_name) + if cache_key not in self._cache: + return None + return self._cache[cache_key] + + +def base64_url_encode_no_padding(data): + return base64.urlsafe_b64encode(data).rstrip(b'=').decode('ascii') + + +def build_dpop_header(private_key, uri, uid=None, ts=None): + x, y = private_key.get_public_coords() + jwk = { + "kty": "EC", + "x": base64_url_encode_no_padding(x), + "y": base64_url_encode_no_padding(y), + "crv": "P-256", + } + + header = { + "typ": "dpop+jwt", + "alg": "ES256", + "jwk": jwk, + } + + payload = { + "htm": "POST", + "htu": uri, + "iat": ts or int(time.time()), + "jti": uid or str(uuid.uuid4()), + } + header_b64 = base64_url_encode_no_padding( + json.dumps(header, separators=(',', ':')).encode() + ) + payload_b64 = base64_url_encode_no_padding( + json.dumps(payload, separators=(',', ':')).encode() + ) + signing_input = f"{header_b64}.{payload_b64}".encode() + signature = private_key.sign(hashlib.sha256(signing_input).digest()) + r, s = EC.decode_der_signature(signature) + signature_bytes = r + s + signature_b64 = base64_url_encode_no_padding(signature_bytes) + + return f"{header_b64}.{payload_b64}.{signature_b64}" + + +def build_add_dpop_header_handler(private_key): + """Builds a before-call handler for calculating and setting the DPoP header""" + + def _add_dpop_header_handler(**kwargs): + kwargs['params']['headers']['DPoP'] = build_dpop_header( + private_key, kwargs['params']['url'] + ) + + return _add_dpop_header_handler diff --git a/awscli/clidocs.py b/awscli/clidocs.py index e21e7f5ef066..81897c539742 100644 --- a/awscli/clidocs.py +++ b/awscli/clidocs.py @@ -18,7 +18,7 @@ from botocore.model import StringShape from botocore.utils import is_json_value_header -from awscli import SCALAR_TYPES +from awscli import SCALAR_TYPES, __version__ as AWS_CLI_VERSION from awscli.argprocess import ParamShorthandDocGen from awscli.bcdoc.docevents import DOC_EVENTS from awscli.topictags import TopicTagDB @@ -115,7 +115,8 @@ def doc_breadcrumbs(self, help_command, **kwargs): full_cmd_list.append(cmd) full_cmd_name = ' '.join(full_cmd_list) doc.write(f':ref:`{cmd}