Describes the API operations for running inference using Bedrock models.
", + "smithy.api#documentation": "Describes the API operations for running inference using Amazon Bedrock models.
", "smithy.api#title": "Amazon Bedrock Runtime", "smithy.rules#endpointRuleSet": { "version": "1.0", @@ -700,6 +717,20 @@ } } }, + "com.amazonaws.bedrockruntime#AnyToolChoice": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#documentation": "The model must request at least one tool (no text is generated).
" + } + }, + "com.amazonaws.bedrockruntime#AutoToolChoice": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#documentation": "The Model automatically decides if a tool should be called or to whether to generate text instead.
" + } + }, "com.amazonaws.bedrockruntime#Body": { "type": "blob", "traits": { @@ -709,37 +740,171 @@ "smithy.api#sensitive": {} } }, - "com.amazonaws.bedrockruntime#InferenceResource": { - "type": "resource", - "operations": [ - { - "target": "com.amazonaws.bedrockruntime#InvokeModel" + "com.amazonaws.bedrockruntime#ContentBlock": { + "type": "union", + "members": { + "text": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "Text to include in the message.
" + } }, - { - "target": "com.amazonaws.bedrockruntime#InvokeModelWithResponseStream" + "image": { + "target": "com.amazonaws.bedrockruntime#ImageBlock", + "traits": { + "smithy.api#documentation": "Image to include in the message.
\nThis field is only supported by Anthropic Claude 3 models.
\nInformation about a tool use request from a model.
" + } + }, + "toolResult": { + "target": "com.amazonaws.bedrockruntime#ToolResultBlock", + "traits": { + "smithy.api#documentation": "The result for a tool request that a model makes.
" + } } - ] + }, + "traits": { + "smithy.api#documentation": "A block of content for a message.
" + } }, - "com.amazonaws.bedrockruntime#InternalServerException": { + "com.amazonaws.bedrockruntime#ContentBlockDelta": { + "type": "union", + "members": { + "text": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "The content text.
" + } + }, + "toolUse": { + "target": "com.amazonaws.bedrockruntime#ToolUseBlockDelta", + "traits": { + "smithy.api#documentation": "Information about a tool that the model is requesting to use.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A bock of content in a streaming response.
" + } + }, + "com.amazonaws.bedrockruntime#ContentBlockDeltaEvent": { "type": "structure", "members": { - "message": { - "target": "com.amazonaws.bedrockruntime#NonBlankString" + "delta": { + "target": "com.amazonaws.bedrockruntime#ContentBlockDelta", + "traits": { + "smithy.api#documentation": "The delta for a content block delta event.
", + "smithy.api#required": {} + } + }, + "contentBlockIndex": { + "target": "com.amazonaws.bedrockruntime#NonNegativeInteger", + "traits": { + "smithy.api#documentation": "The block index for a content block delta event.
", + "smithy.api#required": {} + } } }, "traits": { - "smithy.api#documentation": "An internal server error occurred. Retry your request.
", - "smithy.api#error": "server", - "smithy.api#httpError": 500 + "smithy.api#documentation": "The content block delta event.
" } }, - "com.amazonaws.bedrockruntime#InvokeModel": { + "com.amazonaws.bedrockruntime#ContentBlockStart": { + "type": "union", + "members": { + "toolUse": { + "target": "com.amazonaws.bedrockruntime#ToolUseBlockStart", + "traits": { + "smithy.api#documentation": "Information about a tool that the model is requesting to use.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Content block start information.
" + } + }, + "com.amazonaws.bedrockruntime#ContentBlockStartEvent": { + "type": "structure", + "members": { + "start": { + "target": "com.amazonaws.bedrockruntime#ContentBlockStart", + "traits": { + "smithy.api#documentation": "Start information about a content block start event.
", + "smithy.api#required": {} + } + }, + "contentBlockIndex": { + "target": "com.amazonaws.bedrockruntime#NonNegativeInteger", + "traits": { + "smithy.api#documentation": "The index for a content block start event.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Content block start event.
" + } + }, + "com.amazonaws.bedrockruntime#ContentBlockStopEvent": { + "type": "structure", + "members": { + "contentBlockIndex": { + "target": "com.amazonaws.bedrockruntime#NonNegativeInteger", + "traits": { + "smithy.api#documentation": "The index for a content block.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "A content block stop event.
" + } + }, + "com.amazonaws.bedrockruntime#ContentBlocks": { + "type": "list", + "member": { + "target": "com.amazonaws.bedrockruntime#ContentBlock" + } + }, + "com.amazonaws.bedrockruntime#ConversationRole": { + "type": "enum", + "members": { + "USER": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "user" + } + }, + "ASSISTANT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "assistant" + } + } + } + }, + "com.amazonaws.bedrockruntime#ConversationalModelId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 2048 + }, + "smithy.api#pattern": "^(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|([0-9]{12}:provisioned-model/[a-z0-9]{12})))|([a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}([.:]?[a-z0-9-]{1,63}))|(([0-9a-zA-Z][_-]?)+)$" + } + }, + "com.amazonaws.bedrockruntime#Converse": { "type": "operation", "input": { - "target": "com.amazonaws.bedrockruntime#InvokeModelRequest" + "target": "com.amazonaws.bedrockruntime#ConverseRequest" }, "output": { - "target": "com.amazonaws.bedrockruntime#InvokeModelResponse" + "target": "com.amazonaws.bedrockruntime#ConverseResponse" }, "errors": [ { @@ -760,9 +925,6 @@ { "target": "com.amazonaws.bedrockruntime#ResourceNotFoundException" }, - { - "target": "com.amazonaws.bedrockruntime#ServiceQuotaExceededException" - }, { "target": "com.amazonaws.bedrockruntime#ThrottlingException" }, @@ -771,55 +933,92 @@ } ], "traits": { - "smithy.api#documentation": "Invokes the specified Bedrock model to run inference using the input provided in the request body. \n You use InvokeModel to run inference for text models, image models, and embedding models.
\nFor more information, see Run inference in the Bedrock User Guide.
\nFor example requests, see Examples (after the Errors section).
", + "smithy.api#documentation": "Sends messages to the specified Amazon Bedrock model. Converse provides\n a consistent interface that works with all models that\n support messages. This allows you to write code once and use it with different models.\n Should a model have unique inference parameters, you can also pass those unique parameters\n to the model. For more information, see Run inference in the Bedrock User Guide.
This operation requires permission for the bedrock:InvokeModel action.
The latency of the call to Converse, in milliseconds.\n
Metrics for a call to Converse.
" } }, - "com.amazonaws.bedrockruntime#InvokeModelRequest": { + "com.amazonaws.bedrockruntime#ConverseOutput": { + "type": "union", + "members": { + "message": { + "target": "com.amazonaws.bedrockruntime#Message", + "traits": { + "smithy.api#documentation": "The message that the model generates.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The output from a call to Converse.
" + } + }, + "com.amazonaws.bedrockruntime#ConverseRequest": { "type": "structure", "members": { - "body": { - "target": "com.amazonaws.bedrockruntime#Body", + "modelId": { + "target": "com.amazonaws.bedrockruntime#ConversationalModelId", "traits": { - "smithy.api#documentation": "Input data in the format specified in the content-type request header. To see the format and content of this field for different models, refer to Inference parameters.
", - "smithy.api#httpPayload": {}, + "smithy.api#documentation": "The identifier for the model that you want to call.
\nThe modelId to provide depends on the type of model that you use:
If you use a base model, specify the model ID or its ARN. For a list of model IDs for base models, see Amazon Bedrock base model IDs (on-demand throughput) in the Amazon Bedrock User Guide.
\nIf you use a provisioned model, specify the ARN of the Provisioned Throughput. For more information, see Run inference using a Provisioned Throughput in the Amazon Bedrock User Guide.
\nIf you use a custom model, first purchase Provisioned Throughput for it. Then specify the ARN of the resulting provisioned model. For more information, see Use a custom model in Amazon Bedrock in the Amazon Bedrock User Guide.
\nThe MIME type of the input data in the request. The default value is\n application/json.
The messages that you want to send to the model.
", + "smithy.api#required": {} } }, - "accept": { - "target": "com.amazonaws.bedrockruntime#MimeType", + "system": { + "target": "com.amazonaws.bedrockruntime#SystemContentBlocks", "traits": { - "smithy.api#documentation": "The desired MIME type of the inference body in the response. The default value is\n application/json.
A system prompt to pass to the model.
" } }, - "modelId": { - "target": "com.amazonaws.bedrockruntime#InvokeModelIdentifier", + "inferenceConfig": { + "target": "com.amazonaws.bedrockruntime#InferenceConfiguration", "traits": { - "smithy.api#documentation": "Identifier of the model.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} + "smithy.api#documentation": "Inference parameters to pass to the model. Converse supports a base\n set of inference parameters. If you need to pass additional parameters that the model\n supports, use the additionalModelRequestFields request field.
Configuration information for the tools that the model can use when generating a response.
\nThis field is only supported by Anthropic Claude 3, Cohere Command R, Cohere Command R+, and Mistral Large models.
\nAdditional inference parameters that the model supports, beyond the\n base set of inference parameters that Converse supports in the inferenceConfig\n field. For more information, see Model parameters.
Additional model parameters field paths to return in the\n response. Converse returns the requested fields as a JSON Pointer object in the\n additionalModelResultFields field. The following is example JSON for additionalModelResponseFieldPaths.
\n [\n \"/stop_sequence\"\n ]\n
For information about the JSON Pointer syntax, see the\n Internet Engineering Task Force (IETF) documentation.
\n\n Converse rejects an empty JSON Pointer or incorrectly structured\n JSON Pointer with a 400 error code. if the JSON Pointer is valid, but the requested\n field is not in the model response, it is ignored by Converse.
Inference response from the model in the format specified in the content-type header field. To see the format and content of this field for different models, refer to Inference parameters.
", - "smithy.api#httpPayload": {}, + "smithy.api#documentation": "The result from the call to Converse.
The MIME type of the inference result.
", - "smithy.api#httpHeader": "Content-Type", + "smithy.api#documentation": "The reason why the model stopped generating output.
", + "smithy.api#required": {} + } + }, + "usage": { + "target": "com.amazonaws.bedrockruntime#TokenUsage", + "traits": { + "smithy.api#documentation": "The total number of tokens used in the call to Converse. The total includes\n the tokens input to the model and the tokens generated by the model.
Metrics for the call to Converse.
Additional fields in the response that are unique to the model.
" + } } }, "traits": { "smithy.api#output": {} } }, - "com.amazonaws.bedrockruntime#InvokeModelWithResponseStream": { + "com.amazonaws.bedrockruntime#ConverseStream": { "type": "operation", "input": { - "target": "com.amazonaws.bedrockruntime#InvokeModelWithResponseStreamRequest" + "target": "com.amazonaws.bedrockruntime#ConverseStreamRequest" }, "output": { - "target": "com.amazonaws.bedrockruntime#InvokeModelWithResponseStreamResponse" + "target": "com.amazonaws.bedrockruntime#ConverseStreamResponse" }, "errors": [ { @@ -872,18 +1089,12 @@ { "target": "com.amazonaws.bedrockruntime#ModelNotReadyException" }, - { - "target": "com.amazonaws.bedrockruntime#ModelStreamErrorException" - }, { "target": "com.amazonaws.bedrockruntime#ModelTimeoutException" }, { "target": "com.amazonaws.bedrockruntime#ResourceNotFoundException" }, - { - "target": "com.amazonaws.bedrockruntime#ServiceQuotaExceededException" - }, { "target": "com.amazonaws.bedrockruntime#ThrottlingException" }, @@ -892,95 +1103,704 @@ } ], "traits": { - "smithy.api#documentation": "Invoke the specified Bedrock model to run inference using the input provided.\n Return the response in a stream.
\nFor more information, see Run inference in the Bedrock User Guide.
\nFor an example request and response, see Examples (after the Errors section).
", + "smithy.api#documentation": "Sends messages to the specified Amazon Bedrock model and returns\n the response in a stream. ConverseStream provides a consistent API\n that works with all Amazon Bedrock models that support messages.\n This allows you to write code once and use it with different models. Should a\n model have unique inference parameters, you can also pass those unique parameters to the\n model. For more information, see Run inference in the Bedrock User Guide.
To find out if a model supports streaming, call GetFoundationModel\n and check the responseStreamingSupported field in the response.
For example code, see Invoke model with streaming code\n example in the Amazon Bedrock User Guide.\n
\nThis operation requires permission for the bedrock:InvokeModelWithResponseStream action.
Inference input in the format specified by the \n content-type. To see the format and content of this field for different models, refer to Inference parameters.
", - "smithy.api#httpPayload": {}, + "smithy.api#documentation": "Usage information for the conversation stream event.
", "smithy.api#required": {} } }, - "contentType": { - "target": "com.amazonaws.bedrockruntime#MimeType", - "traits": { - "smithy.api#documentation": "The MIME type of the input data in the request. The default value is\n application/json.
The desired MIME type of the inference body in the response. The default value is\n application/json.
Id of the model to invoke using the streaming request.
", - "smithy.api#httpLabel": {}, + "smithy.api#documentation": "The metrics for the conversation stream metadata event.
", "smithy.api#required": {} } } }, "traits": { - "smithy.api#input": {} + "smithy.api#documentation": "A conversation stream metadata event.
" } }, - "com.amazonaws.bedrockruntime#InvokeModelWithResponseStreamResponse": { + "com.amazonaws.bedrockruntime#ConverseStreamMetrics": { "type": "structure", "members": { - "body": { - "target": "com.amazonaws.bedrockruntime#ResponseStream", - "traits": { - "smithy.api#documentation": "Inference response from the model in the format specified by Content-Type. To see the format and content of this field for different models, refer to Inference parameters.
", - "smithy.api#httpPayload": {}, - "smithy.api#required": {} - } - }, - "contentType": { - "target": "com.amazonaws.bedrockruntime#MimeType", + "latencyMs": { + "target": "smithy.api#Long", "traits": { - "smithy.api#documentation": "The MIME type of the inference result.
", - "smithy.api#httpHeader": "X-Amzn-Bedrock-Content-Type", + "smithy.api#documentation": "The latency for the streaming request, in milliseconds.
", "smithy.api#required": {} } } }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "Metrics for the stream.
" } }, - "com.amazonaws.bedrockruntime#MimeType": { - "type": "string" - }, - "com.amazonaws.bedrockruntime#ModelErrorException": { - "type": "structure", + "com.amazonaws.bedrockruntime#ConverseStreamOutput": { + "type": "union", "members": { - "message": { - "target": "com.amazonaws.bedrockruntime#NonBlankString" - }, - "originalStatusCode": { - "target": "com.amazonaws.bedrockruntime#StatusCode", + "messageStart": { + "target": "com.amazonaws.bedrockruntime#MessageStartEvent", "traits": { - "smithy.api#documentation": "The original status code.
" + "smithy.api#documentation": "Message start information.
" } }, - "resourceName": { - "target": "com.amazonaws.bedrockruntime#NonBlankString", + "contentBlockStart": { + "target": "com.amazonaws.bedrockruntime#ContentBlockStartEvent", "traits": { - "smithy.api#documentation": "The resource name.
" + "smithy.api#documentation": "Start information for a content block.
" + } + }, + "contentBlockDelta": { + "target": "com.amazonaws.bedrockruntime#ContentBlockDeltaEvent", + "traits": { + "smithy.api#documentation": "The messages output content block delta.
" + } + }, + "contentBlockStop": { + "target": "com.amazonaws.bedrockruntime#ContentBlockStopEvent", + "traits": { + "smithy.api#documentation": "Stop information for a content block.
" + } + }, + "messageStop": { + "target": "com.amazonaws.bedrockruntime#MessageStopEvent", + "traits": { + "smithy.api#documentation": "Message stop information.
" + } + }, + "metadata": { + "target": "com.amazonaws.bedrockruntime#ConverseStreamMetadataEvent", + "traits": { + "smithy.api#documentation": "Metadata for the converse output stream.
" + } + }, + "internalServerException": { + "target": "com.amazonaws.bedrockruntime#InternalServerException", + "traits": { + "smithy.api#documentation": "An internal server error occurred. Retry your request.
" + } + }, + "modelStreamErrorException": { + "target": "com.amazonaws.bedrockruntime#ModelStreamErrorException", + "traits": { + "smithy.api#documentation": "A streaming error occurred. Retry your request.
" + } + }, + "validationException": { + "target": "com.amazonaws.bedrockruntime#ValidationException", + "traits": { + "smithy.api#documentation": "Input validation failed. Check your request parameters and retry the request.
" + } + }, + "throttlingException": { + "target": "com.amazonaws.bedrockruntime#ThrottlingException", + "traits": { + "smithy.api#documentation": "The number of requests exceeds the limit. Resubmit your request later.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The messages output stream
", + "smithy.api#streaming": {} + } + }, + "com.amazonaws.bedrockruntime#ConverseStreamRequest": { + "type": "structure", + "members": { + "modelId": { + "target": "com.amazonaws.bedrockruntime#ConversationalModelId", + "traits": { + "smithy.api#documentation": "The ID for the model.
\nThe modelId to provide depends on the type of model that you use:
If you use a base model, specify the model ID or its ARN. For a list of model IDs for base models, see Amazon Bedrock base model IDs (on-demand throughput) in the Amazon Bedrock User Guide.
\nIf you use a provisioned model, specify the ARN of the Provisioned Throughput. For more information, see Run inference using a Provisioned Throughput in the Amazon Bedrock User Guide.
\nIf you use a custom model, first purchase Provisioned Throughput for it. Then specify the ARN of the resulting provisioned model. For more information, see Use a custom model in Amazon Bedrock in the Amazon Bedrock User Guide.
\nThe messages that you want to send to the model.
", + "smithy.api#required": {} + } + }, + "system": { + "target": "com.amazonaws.bedrockruntime#SystemContentBlocks", + "traits": { + "smithy.api#documentation": "A system prompt to send to the model.
" + } + }, + "inferenceConfig": { + "target": "com.amazonaws.bedrockruntime#InferenceConfiguration", + "traits": { + "smithy.api#documentation": "Inference parameters to pass to the model. ConverseStream supports a base\n set of inference parameters. If you need to pass additional parameters that the model\n supports, use the additionalModelRequestFields request field.
Configuration information for the tools that the model can use when generating a response.
\nThis field is only supported by Anthropic Claude 3 models.
\nAdditional inference parameters that the model supports, beyond the\n base set of inference parameters that ConverseStream supports in the inferenceConfig\n field.
Additional model parameters field paths to return in the\n response. ConverseStream returns the requested fields as a JSON Pointer object in the\n additionalModelResultFields field. The following is example JSON for additionalModelResponseFieldPaths.
\n [\n \"/stop_sequence\"\n ]\n
For information about the JSON Pointer syntax, see the\n Internet Engineering Task Force (IETF) documentation.
\n\n ConverseStream rejects an empty JSON Pointer or incorrectly structured\n JSON Pointer with a 400 error code. if the JSON Pointer is valid, but the requested\n field is not in the model response, it is ignored by ConverseStream.
The output stream that the model generated.
", + "smithy.api#httpPayload": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.bedrockruntime#GuardrailIdentifier": { + "type": "string", + "traits": { + "smithy.api#length": { + "max": 2048 + }, + "smithy.api#pattern": "^(([a-z0-9]+)|(arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:[0-9]{12}:guardrail/[a-z0-9]+))$" + } + }, + "com.amazonaws.bedrockruntime#GuardrailVersion": { + "type": "string", + "traits": { + "smithy.api#pattern": "^(([1-9][0-9]{0,7})|(DRAFT))$" + } + }, + "com.amazonaws.bedrockruntime#ImageBlock": { + "type": "structure", + "members": { + "format": { + "target": "com.amazonaws.bedrockruntime#ImageFormat", + "traits": { + "smithy.api#documentation": "The format of the image.
", + "smithy.api#required": {} + } + }, + "source": { + "target": "com.amazonaws.bedrockruntime#ImageSource", + "traits": { + "smithy.api#documentation": "The source for the image.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Image content for a message.
" + } + }, + "com.amazonaws.bedrockruntime#ImageFormat": { + "type": "enum", + "members": { + "PNG": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "png" + } + }, + "JPEG": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "jpeg" + } + }, + "GIF": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "gif" + } + }, + "WEBP": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "webp" + } + } + } + }, + "com.amazonaws.bedrockruntime#ImageSource": { + "type": "union", + "members": { + "bytes": { + "target": "smithy.api#Blob", + "traits": { + "smithy.api#documentation": "The raw image bytes for the image. If you use an AWS SDK, you don't need to base64 encode the image bytes.
", + "smithy.api#length": { + "min": 1 + } + } + } + }, + "traits": { + "smithy.api#documentation": "The source for an image.
" + } + }, + "com.amazonaws.bedrockruntime#InferenceConfiguration": { + "type": "structure", + "members": { + "maxTokens": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The maximum number of tokens to allow in the generated response. The default value is\n the maximum allowed value for the model that you are using. For more information, see\n Inference parameters for foundatio{\n \"messages\": [\n {\n \"role\": \"user\",\n \"content\": [\n {\n \"text\": \"what's the weather in Queens, NY and Austin, TX?\"\n }\n ]\n },\n {\n \"role\": \"assistant\",\n \"content\": [\n {\n \"toolUse\": {\n \"toolUseId\": \"1\",\n \"name\": \"get_weather\",\n \"input\": {\n \"city\": \"Queens\",\n \"state\": \"NY\"\n }\n }\n },\n {\n \"toolUse\": {\n \"toolUseId\": \"2\",\n \"name\": \"get_weather\",\n \"input\": {\n \"city\": \"Austin\",\n \"state\": \"TX\"\n }\n }\n }\n ]\n },\n {\n \"role\": \"user\",\n \"content\": [\n {\n \"toolResult\": {\n \"toolUseId\": \"2\",\n \"content\": [\n {\n \"json\": {\n \"weather\": \"40\"\n }\n }\n ]\n }\n },\n {\n \"text\": \"...\"\n },\n {\n \"toolResult\": {\n \"toolUseId\": \"1\",\n \"content\": [\n {\n \"text\": \"result text\"\n }\n ]\n }\n }\n ]\n }\n ],\n \"toolConfig\": {\n \"tools\": [\n {\n \"name\": \"get_weather\",\n \"description\": \"Get weather\",\n \"inputSchema\": {\n \"type\": \"object\",\n \"properties\": {\n \"city\": {\n \"type\": \"string\",\n \"description\": \"City of location\"\n },\n \"state\": {\n \"type\": \"string\",\n \"description\": \"State of location\"\n }\n },\n \"required\": [\"city\", \"state\"]\n }\n }\n ]\n }\n }\n n models.
", + "smithy.api#range": { + "min": 1 + } + } + }, + "temperature": { + "target": "smithy.api#Float", + "traits": { + "smithy.api#documentation": "The likelihood of the model selecting higher-probability options while generating a\n response. A lower value makes the model more likely to choose higher-probability options,\n while a higher value makes the model more likely to choose lower-probability\n options.
\nThe default value is the default value for the model that\n you are using. For more information, see Inference parameters for foundation\n models.
", + "smithy.api#range": { + "min": 0, + "max": 1 + } + } + }, + "topP": { + "target": "smithy.api#Float", + "traits": { + "smithy.api#documentation": "The percentage of most-likely candidates that the model considers for the next token. For\n example, if you choose a value of 0.8 for topP, the model selects from the top 80% of the\n probability distribution of tokens that could be next in the sequence.
The default value is the default value for the model that you are using. For more information, see\n Inference parameters for foundation models.
", + "smithy.api#range": { + "min": 0, + "max": 1 + } + } + }, + "stopSequences": { + "target": "com.amazonaws.bedrockruntime#NonEmptyStringList", + "traits": { + "smithy.api#documentation": "A list of stop sequences. A stop sequence is a sequence of characters that causes the\n model to stop generating the response.
", + "smithy.api#length": { + "max": 4 + } + } + } + }, + "traits": { + "smithy.api#documentation": "Base inference parameters to pass to a model in a call to Converse or ConverseStream. For more information,\n see Inference parameters for foundation models.
\nIf you need to pass additional parameters that the model\n supports, use the additionalModelRequestFields request field in the call to Converse\n or ConverseStream.\n For more information, see Model parameters.
An internal server error occurred. Retry your request.
", + "smithy.api#error": "server", + "smithy.api#httpError": 500 + } + }, + "com.amazonaws.bedrockruntime#InvokeModel": { + "type": "operation", + "input": { + "target": "com.amazonaws.bedrockruntime#InvokeModelRequest" + }, + "output": { + "target": "com.amazonaws.bedrockruntime#InvokeModelResponse" + }, + "errors": [ + { + "target": "com.amazonaws.bedrockruntime#AccessDeniedException" + }, + { + "target": "com.amazonaws.bedrockruntime#InternalServerException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelErrorException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelNotReadyException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelTimeoutException" + }, + { + "target": "com.amazonaws.bedrockruntime#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.bedrockruntime#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.bedrockruntime#ThrottlingException" + }, + { + "target": "com.amazonaws.bedrockruntime#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Invokes the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. \n You use model inference to generate text, images, and embeddings.
\nFor example code, see Invoke model code examples in the Amazon Bedrock User Guide.\n
\nThis operation requires permission for the bedrock:InvokeModel action.
The prompt and inference parameters in the format specified in the contentType in the header. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.
The MIME type of the input data in the request. The default value is\n application/json.
The desired MIME type of the inference body in the response. The default value is application/json.
The unique identifier of the model to invoke to run inference.
\nThe modelId to provide depends on the type of model that you use:
If you use a base model, specify the model ID or its ARN. For a list of model IDs for base models, see Amazon Bedrock base model IDs (on-demand throughput) in the Amazon Bedrock User Guide.
\nIf you use a provisioned model, specify the ARN of the Provisioned Throughput. For more information, see Run inference using a Provisioned Throughput in the Amazon Bedrock User Guide.
\nIf you use a custom model, first purchase Provisioned Throughput for it. Then specify the ARN of the resulting provisioned model. For more information, see Use a custom model in Amazon Bedrock in the Amazon Bedrock User Guide.
\nSpecifies whether to enable or disable the Bedrock trace. If enabled, you can see the full Bedrock trace.
", + "smithy.api#httpHeader": "X-Amzn-Bedrock-Trace" + } + }, + "guardrailIdentifier": { + "target": "com.amazonaws.bedrockruntime#GuardrailIdentifier", + "traits": { + "smithy.api#documentation": "The unique identifier of the guardrail that you want to use. If you don't provide a value, no guardrail is applied\n to the invocation.
\nAn error will be thrown in the following situations.
\nYou don't provide a guardrail identifier but you specify the amazon-bedrock-guardrailConfig field in the request body.
You enable the guardrail but the contentType isn't application/json.
You provide a guardrail identifier, but guardrailVersion isn't specified.
The version number for the guardrail. The value can also be DRAFT.
Inference response from the model in the format specified in the contentType header. To see the format and content of the request and response bodies for different models, refer to Inference parameters.
The MIME type of the inference result.
", + "smithy.api#httpHeader": "Content-Type", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.bedrockruntime#InvokeModelWithResponseStream": { + "type": "operation", + "input": { + "target": "com.amazonaws.bedrockruntime#InvokeModelWithResponseStreamRequest" + }, + "output": { + "target": "com.amazonaws.bedrockruntime#InvokeModelWithResponseStreamResponse" + }, + "errors": [ + { + "target": "com.amazonaws.bedrockruntime#AccessDeniedException" + }, + { + "target": "com.amazonaws.bedrockruntime#InternalServerException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelErrorException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelNotReadyException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelStreamErrorException" + }, + { + "target": "com.amazonaws.bedrockruntime#ModelTimeoutException" + }, + { + "target": "com.amazonaws.bedrockruntime#ResourceNotFoundException" + }, + { + "target": "com.amazonaws.bedrockruntime#ServiceQuotaExceededException" + }, + { + "target": "com.amazonaws.bedrockruntime#ThrottlingException" + }, + { + "target": "com.amazonaws.bedrockruntime#ValidationException" + } + ], + "traits": { + "smithy.api#documentation": "Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream.
\nTo see if a model supports streaming, call GetFoundationModel\n and check the responseStreamingSupported field in the response.
The CLI doesn't support InvokeModelWithResponseStream.
For example code, see Invoke model with streaming code\n example in the Amazon Bedrock User Guide.\n
\nThis operation requires permissions to perform the bedrock:InvokeModelWithResponseStream action.
The prompt and inference parameters in the format specified in the contentType in the header. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.
The MIME type of the input data in the request. The default value is\n application/json.
The desired MIME type of the inference body in the response. The default value is\n application/json.
The unique identifier of the model to invoke to run inference.
\nThe modelId to provide depends on the type of model that you use:
If you use a base model, specify the model ID or its ARN. For a list of model IDs for base models, see Amazon Bedrock base model IDs (on-demand throughput) in the Amazon Bedrock User Guide.
\nIf you use a provisioned model, specify the ARN of the Provisioned Throughput. For more information, see Run inference using a Provisioned Throughput in the Amazon Bedrock User Guide.
\nIf you use a custom model, first purchase Provisioned Throughput for it. Then specify the ARN of the resulting provisioned model. For more information, see Use a custom model in Amazon Bedrock in the Amazon Bedrock User Guide.
\nSpecifies whether to enable or disable the Bedrock trace. If enabled, you can see the full Bedrock trace.
", + "smithy.api#httpHeader": "X-Amzn-Bedrock-Trace" + } + }, + "guardrailIdentifier": { + "target": "com.amazonaws.bedrockruntime#GuardrailIdentifier", + "traits": { + "smithy.api#documentation": "The unique identifier of the guardrail that you want to use. If you don't provide a value, no guardrail is applied\n to the invocation.
\nAn error is thrown in the following situations.
\nYou don't provide a guardrail identifier but you specify the amazon-bedrock-guardrailConfig field in the request body.
You enable the guardrail but the contentType isn't application/json.
You provide a guardrail identifier, but guardrailVersion isn't specified.
The version number for the guardrail. The value can also be DRAFT.
Inference response from the model in the format specified by the contentType header. To see the format and content of this field for different models, refer to Inference parameters.
The MIME type of the inference result.
", + "smithy.api#httpHeader": "X-Amzn-Bedrock-Content-Type", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.bedrockruntime#Message": { + "type": "structure", + "members": { + "role": { + "target": "com.amazonaws.bedrockruntime#ConversationRole", + "traits": { + "smithy.api#documentation": "The role that the message plays in the message.
", + "smithy.api#required": {} + } + }, + "content": { + "target": "com.amazonaws.bedrockruntime#ContentBlocks", + "traits": { + "smithy.api#documentation": "The message content.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "A message in the Message field. Use to send a message in a call to \n Converse.
" + } + }, + "com.amazonaws.bedrockruntime#MessageStartEvent": { + "type": "structure", + "members": { + "role": { + "target": "com.amazonaws.bedrockruntime#ConversationRole", + "traits": { + "smithy.api#documentation": "The role for the message.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "The start of a message.
" + } + }, + "com.amazonaws.bedrockruntime#MessageStopEvent": { + "type": "structure", + "members": { + "stopReason": { + "target": "com.amazonaws.bedrockruntime#StopReason", + "traits": { + "smithy.api#documentation": "The reason why the model stopped generating output.
", + "smithy.api#required": {} + } + }, + "additionalModelResponseFields": { + "target": "smithy.api#Document", + "traits": { + "smithy.api#documentation": "The additional model response fields.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The stop event for a message.
" + } + }, + "com.amazonaws.bedrockruntime#Messages": { + "type": "list", + "member": { + "target": "com.amazonaws.bedrockruntime#Message" + } + }, + "com.amazonaws.bedrockruntime#MimeType": { + "type": "string" + }, + "com.amazonaws.bedrockruntime#ModelErrorException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.bedrockruntime#NonBlankString" + }, + "originalStatusCode": { + "target": "com.amazonaws.bedrockruntime#StatusCode", + "traits": { + "smithy.api#documentation": "The original status code.
" + } + }, + "resourceName": { + "target": "com.amazonaws.bedrockruntime#NonBlankString", + "traits": { + "smithy.api#documentation": "The resource name.
" } } }, @@ -1023,7 +1843,7 @@ } }, "traits": { - "smithy.api#documentation": "An error occurred while streaming the response.
", + "smithy.api#documentation": "An error occurred while streaming the response. Retry your request.
", "smithy.api#error": "client", "smithy.api#httpError": 424 } @@ -1041,10 +1861,32 @@ "smithy.api#httpError": 408 } }, - "com.amazonaws.bedrockruntime#NonBlankString": { - "type": "string", + "com.amazonaws.bedrockruntime#NonBlankString": { + "type": "string", + "traits": { + "smithy.api#pattern": "^[\\s\\S]*$" + } + }, + "com.amazonaws.bedrockruntime#NonEmptyString": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1 + } + } + }, + "com.amazonaws.bedrockruntime#NonEmptyStringList": { + "type": "list", + "member": { + "target": "com.amazonaws.bedrockruntime#NonEmptyString" + } + }, + "com.amazonaws.bedrockruntime#NonNegativeInteger": { + "type": "integer", "traits": { - "smithy.api#pattern": "^[\\s\\S]*$" + "smithy.api#range": { + "min": 0 + } } }, "com.amazonaws.bedrockruntime#PartBody": { @@ -1094,19 +1936,34 @@ } }, "internalServerException": { - "target": "com.amazonaws.bedrockruntime#InternalServerException" + "target": "com.amazonaws.bedrockruntime#InternalServerException", + "traits": { + "smithy.api#documentation": "An internal server error occurred. Retry your request.
" + } }, "modelStreamErrorException": { - "target": "com.amazonaws.bedrockruntime#ModelStreamErrorException" + "target": "com.amazonaws.bedrockruntime#ModelStreamErrorException", + "traits": { + "smithy.api#documentation": "An error occurred while streaming the response. Retry your request.
" + } }, "validationException": { - "target": "com.amazonaws.bedrockruntime#ValidationException" + "target": "com.amazonaws.bedrockruntime#ValidationException", + "traits": { + "smithy.api#documentation": "Input validation failed. Check your request parameters and retry the request.
" + } }, "throttlingException": { - "target": "com.amazonaws.bedrockruntime#ThrottlingException" + "target": "com.amazonaws.bedrockruntime#ThrottlingException", + "traits": { + "smithy.api#documentation": "The number or frequency of requests exceeds the limit. Resubmit your request later.
" + } }, "modelTimeoutException": { - "target": "com.amazonaws.bedrockruntime#ModelTimeoutException" + "target": "com.amazonaws.bedrockruntime#ModelTimeoutException", + "traits": { + "smithy.api#documentation": "The request took too long to process. Processing time exceeded the model timeout length.
" + } } }, "traits": { @@ -1127,6 +1984,21 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.bedrockruntime#SpecificToolChoice": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.bedrockruntime#ToolName", + "traits": { + "smithy.api#documentation": "The name of the tool that the model must request.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "The model must request a specific tool.
\nThis field is only supported by Anthropic Claude 3 models.
\nA system prompt for the model.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A system content block
" + } + }, + "com.amazonaws.bedrockruntime#SystemContentBlocks": { + "type": "list", + "member": { + "target": "com.amazonaws.bedrockruntime#SystemContentBlock" + } + }, "com.amazonaws.bedrockruntime#ThrottlingException": { "type": "structure", "members": { @@ -1149,6 +2076,336 @@ "smithy.api#httpError": 429 } }, + "com.amazonaws.bedrockruntime#TokenUsage": { + "type": "structure", + "members": { + "inputTokens": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The number of tokens sent in the request to the model.
", + "smithy.api#range": { + "min": 0 + }, + "smithy.api#required": {} + } + }, + "outputTokens": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The number of tokens that the model generated for the request.
", + "smithy.api#range": { + "min": 0 + }, + "smithy.api#required": {} + } + }, + "totalTokens": { + "target": "smithy.api#Integer", + "traits": { + "smithy.api#documentation": "The total of input tokens and tokens generated by the model.
", + "smithy.api#range": { + "min": 0 + }, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "The tokens used in a message API inference call.
" + } + }, + "com.amazonaws.bedrockruntime#Tool": { + "type": "union", + "members": { + "toolSpec": { + "target": "com.amazonaws.bedrockruntime#ToolSpecification", + "traits": { + "smithy.api#documentation": "The specfication for the tool.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Information about a tool that you can use with the Converse API.
" + } + }, + "com.amazonaws.bedrockruntime#ToolChoice": { + "type": "union", + "members": { + "auto": { + "target": "com.amazonaws.bedrockruntime#AutoToolChoice", + "traits": { + "smithy.api#documentation": "The Model automatically decides if a tool should be called or to whether to generate text instead.
" + } + }, + "any": { + "target": "com.amazonaws.bedrockruntime#AnyToolChoice", + "traits": { + "smithy.api#documentation": "The model must request at least one tool (no text is generated).
" + } + }, + "tool": { + "target": "com.amazonaws.bedrockruntime#SpecificToolChoice", + "traits": { + "smithy.api#documentation": "The Model must request the specified tool.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Forces a model to use a tool.
" + } + }, + "com.amazonaws.bedrockruntime#ToolConfiguration": { + "type": "structure", + "members": { + "tools": { + "target": "com.amazonaws.bedrockruntime#Tools", + "traits": { + "smithy.api#documentation": "An array of tools that you want to pass to a model.
", + "smithy.api#length": { + "min": 1 + }, + "smithy.api#required": {} + } + }, + "toolChoice": { + "target": "com.amazonaws.bedrockruntime#ToolChoice", + "traits": { + "smithy.api#documentation": "If supported by model, forces the model to request a tool.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Configuration information for the tools that you pass to a model.
\nThis field is only supported by Anthropic Claude 3, Cohere Command R, Cohere Command R+, and Mistral Large models.
\nThe JSON schema for the tool. For more information, see JSON Schema Reference.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The schema for the tool. The top level schema type must be object.
The ID of the tool request that this is the result for.
", + "smithy.api#required": {} + } + }, + "content": { + "target": "com.amazonaws.bedrockruntime#ToolResultContentBlocks", + "traits": { + "smithy.api#documentation": "The content for tool result content block.
", + "smithy.api#required": {} + } + }, + "status": { + "target": "com.amazonaws.bedrockruntime#ToolResultStatus", + "traits": { + "smithy.api#documentation": "The status for the tool result content block.
\nThis field is only supported Anthropic Claude 3 models.
\nA tool result block that contains the results for a tool request that\n the model previously made.
" + } + }, + "com.amazonaws.bedrockruntime#ToolResultContentBlock": { + "type": "union", + "members": { + "json": { + "target": "smithy.api#Document", + "traits": { + "smithy.api#documentation": "A tool result that is JSON format data.
" + } + }, + "text": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "A tool result that is text.
" + } + }, + "image": { + "target": "com.amazonaws.bedrockruntime#ImageBlock", + "traits": { + "smithy.api#documentation": "A tool result that is an image.
\nThis field is only supported by Anthropic Claude 3 models.
\nThe tool result content block.
" + } + }, + "com.amazonaws.bedrockruntime#ToolResultContentBlocks": { + "type": "list", + "member": { + "target": "com.amazonaws.bedrockruntime#ToolResultContentBlock" + } + }, + "com.amazonaws.bedrockruntime#ToolResultStatus": { + "type": "enum", + "members": { + "SUCCESS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "success" + } + }, + "ERROR": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "error" + } + } + } + }, + "com.amazonaws.bedrockruntime#ToolSpecification": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.bedrockruntime#ToolName", + "traits": { + "smithy.api#documentation": "The name for the tool.
", + "smithy.api#required": {} + } + }, + "description": { + "target": "com.amazonaws.bedrockruntime#NonEmptyString", + "traits": { + "smithy.api#documentation": "The description for the tool.
" + } + }, + "inputSchema": { + "target": "com.amazonaws.bedrockruntime#ToolInputSchema", + "traits": { + "smithy.api#documentation": "The input schema for the tool in JSON format.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "The specification for the tool.
" + } + }, + "com.amazonaws.bedrockruntime#ToolUseBlock": { + "type": "structure", + "members": { + "toolUseId": { + "target": "com.amazonaws.bedrockruntime#ToolUseId", + "traits": { + "smithy.api#documentation": "The ID for the tool request.
", + "smithy.api#required": {} + } + }, + "name": { + "target": "com.amazonaws.bedrockruntime#ToolName", + "traits": { + "smithy.api#documentation": "The name of the tool that the model wants to use.
", + "smithy.api#required": {} + } + }, + "input": { + "target": "smithy.api#Document", + "traits": { + "smithy.api#documentation": "The input to pass to the tool.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "A tool use content block. Contains information about a tool that the model\n is requesting be run., The model uses the result from the tool to generate a response.
" + } + }, + "com.amazonaws.bedrockruntime#ToolUseBlockDelta": { + "type": "structure", + "members": { + "input": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "The input for a requested tool.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "The delta for a tool use block.
" + } + }, + "com.amazonaws.bedrockruntime#ToolUseBlockStart": { + "type": "structure", + "members": { + "toolUseId": { + "target": "com.amazonaws.bedrockruntime#ToolUseId", + "traits": { + "smithy.api#documentation": "The ID for the tool request.
", + "smithy.api#required": {} + } + }, + "name": { + "target": "com.amazonaws.bedrockruntime#ToolName", + "traits": { + "smithy.api#documentation": "The name of the tool that the model is requesting to use.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "The start of a tool use block.
" + } + }, + "com.amazonaws.bedrockruntime#ToolUseId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 64 + }, + "smithy.api#pattern": "^[a-zA-Z0-9_-]+$" + } + }, + "com.amazonaws.bedrockruntime#Tools": { + "type": "list", + "member": { + "target": "com.amazonaws.bedrockruntime#Tool" + } + }, + "com.amazonaws.bedrockruntime#Trace": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.bedrockruntime#ValidationException": { "type": "structure", "members": { diff --git a/aws/sdk/aws-models/codecatalyst.json b/aws/sdk/aws-models/codecatalyst.json index 846a5a2ad0..0cf6868ace 100644 --- a/aws/sdk/aws-models/codecatalyst.json +++ b/aws/sdk/aws-models/codecatalyst.json @@ -550,6 +550,9 @@ "smithy.api#timestampFormat": "date-time" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#CreateAccessTokenResponse": { @@ -584,6 +587,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#CreateDevEnvironment": { @@ -676,9 +682,12 @@ "vpcConnectionName": { "target": "com.amazonaws.codecatalyst#NameString", "traits": { - "smithy.api#documentation": "The name of the connection to use connect to a Amazon VPC.
" + "smithy.api#documentation": "The name of the connection that will be used to connect to Amazon VPC, if any.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#CreateDevEnvironmentResponse": { @@ -712,6 +721,9 @@ "smithy.api#documentation": "The name of the connection used to connect to Amazon VPC used when the Dev Environment was created, if any.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#CreateProject": { @@ -756,6 +768,9 @@ "smithy.api#documentation": "The description of the project. This description will be displayed to all users of the project. We recommend providing a brief description of the project and its intended purpose.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#CreateProjectResponse": { @@ -787,6 +802,9 @@ "smithy.api#documentation": "The description of the project.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#CreateSourceRepository": { @@ -867,6 +885,9 @@ "smithy.api#documentation": "The commit ID in an existing branch from which you want to create the new branch.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#CreateSourceRepositoryBranchResponse": { @@ -897,6 +918,9 @@ "smithy.api#documentation": "The commit ID of the tip of the newly created branch.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#CreateSourceRepositoryRequest": { @@ -1061,6 +1085,9 @@ "smithy.api#resourceIdentifier": "devEnvironmentId" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#DeleteDevEnvironmentResponse": { @@ -1088,6 +1115,9 @@ "smithy.api#resourceIdentifier": "devEnvironmentId" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#DeleteProject": { @@ -1936,6 +1966,9 @@ "smithy.api#resourceIdentifier": "devEnvironmentId" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#GetDevEnvironmentResponse": { @@ -2044,6 +2077,9 @@ "smithy.api#documentation": "The name of the connection used to connect to Amazon VPC used when the Dev Environment was created, if any.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#GetProject": { @@ -2084,6 +2120,9 @@ "smithy.api#resourceIdentifier": "projectName" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#GetProjectResponse": { @@ -2114,6 +2153,9 @@ "smithy.api#documentation": "The description of the project.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#GetSourceRepository": { @@ -2179,6 +2221,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#GetSourceRepositoryCloneUrlsResponse": { @@ -2191,6 +2236,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#GetSourceRepositoryRequest": { @@ -2305,6 +2353,9 @@ "smithy.api#resourceIdentifier": "spaceName" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#GetSpaceResponse": { @@ -2336,6 +2387,9 @@ "smithy.api#documentation": "The description of the space.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#GetSubscription": { @@ -2367,6 +2421,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#GetSubscriptionResponse": { @@ -2383,7 +2440,23 @@ "traits": { "smithy.api#documentation": "The display name of the Amazon Web Services account used for billing for the space.
" } + }, + "pendingSubscriptionType": { + "target": "smithy.api#String", + "traits": { + "smithy.api#documentation": "The type of the billing plan that the space will be changed to at the start of the next billing cycle. This applies\n only to changes that reduce the functionality available for the space. Billing plan changes that increase functionality\n are applied immediately. For more information, see Pricing.
" + } + }, + "pendingSubscriptionStartTime": { + "target": "com.amazonaws.codecatalyst#Timestamp", + "traits": { + "smithy.api#documentation": "The day and time the pending change will be applied to the space, in coordinated universal time (UTC) timestamp format as specified in RFC 3339.
", + "smithy.api#timestampFormat": "date-time" + } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#GetUserDetails": { @@ -2427,9 +2500,12 @@ "min": 3, "max": 100 }, - "smithy.api#pattern": "^[a-zA-Z0-9]{3,100}$" + "smithy.api#pattern": "^[a-zA-Z0-9_.-]{3,100}$" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#GetUserDetailsResponse": { @@ -2465,6 +2541,9 @@ "smithy.api#documentation": "" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#GetWorkflow": { @@ -3084,6 +3163,9 @@ } } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#ListDevEnvironmentsResponse": { @@ -3102,6 +3184,9 @@ "smithy.api#documentation": "A token returned from a call to this API to indicate the next batch of results to return, if any.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#ListEventLogs": { @@ -3181,6 +3266,9 @@ } } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#ListEventLogsResponse": { @@ -3199,6 +3287,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#ListProjects": { @@ -3262,6 +3353,9 @@ "smithy.api#documentation": "Information about filters to apply to narrow the results returned in the list.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#ListProjectsResponse": { @@ -3279,6 +3373,9 @@ "smithy.api#documentation": "Information about the projects.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#ListSourceRepositories": { @@ -3392,6 +3489,9 @@ } } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#ListSourceRepositoriesResponse": { @@ -3409,6 +3509,9 @@ "smithy.api#documentation": "A token returned from a call to this API to indicate the next batch of results to return, if any.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#ListSourceRepositoryBranches": { @@ -3521,6 +3624,9 @@ } } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#ListSourceRepositoryBranchesResponse": { @@ -3539,6 +3645,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#ListSpaces": { @@ -3577,6 +3686,9 @@ } } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#ListSpacesResponse": { @@ -3594,6 +3706,9 @@ "smithy.api#documentation": "Information about the spaces.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#ListWorkflowRuns": { @@ -4345,6 +4460,9 @@ "smithy.api#documentation": "The amount of time the Dev Environment will run without any activity detected before stopping, in minutes. Only whole integers are allowed. Dev Environments consume compute minutes when running.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#StartDevEnvironmentResponse": { @@ -4379,6 +4497,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#StartDevEnvironmentSession": { @@ -4432,6 +4553,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#StartDevEnvironmentSessionResponse": { @@ -4475,6 +4599,9 @@ "smithy.api#resourceIdentifier": "devEnvironmentId" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#StartWorkflowRun": { @@ -4635,6 +4762,9 @@ "smithy.api#resourceIdentifier": "devEnvironmentId" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#StopDevEnvironmentResponse": { @@ -4669,6 +4799,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#StopDevEnvironmentSession": { @@ -4729,6 +4862,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#StopDevEnvironmentSessionResponse": { @@ -4767,6 +4903,9 @@ "smithy.api#required": {} } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#StringList": { @@ -4890,6 +5029,9 @@ "smithy.api#documentation": "A user-specified idempotency token. Idempotency ensures that an API request completes only once. \n With an idempotent request, if the original request completes successfully, the subsequent retries return the result from the original successful request and have no additional effect.
" } } + }, + "traits": { + "smithy.api#input": {} } }, "com.amazonaws.codecatalyst#UpdateDevEnvironmentResponse": { @@ -4953,6 +5095,9 @@ "smithy.api#documentation": "A user-specified idempotency token. Idempotency ensures that an API request completes only once. \n With an idempotent request, if the original request completes successfully, the subsequent retries return the result from the original successful request and have no additional effect.
" } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#UpdateProject": { @@ -5209,6 +5354,9 @@ } } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.codecatalyst#Workflow": { diff --git a/aws/sdk/aws-models/config.json b/aws/sdk/aws-models/config.json index 7ab3db4e37..9e4f4565fd 100644 --- a/aws/sdk/aws-models/config.json +++ b/aws/sdk/aws-models/config.json @@ -669,13 +669,13 @@ "configurationItemCaptureTime": { "target": "com.amazonaws.configservice#ConfigurationItemCaptureTime", "traits": { - "smithy.api#documentation": "The time when the configuration recording was initiated.
" + "smithy.api#documentation": "The time when the recording of configuration changes was initiated for the resource.
" } }, "configurationItemStatus": { "target": "com.amazonaws.configservice#ConfigurationItemStatus", "traits": { - "smithy.api#documentation": "The configuration item status. The valid values are:
\nOK – The resource configuration has been updated
\nResourceDiscovered – The resource was newly discovered
\nResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type
\nResourceDeleted – The resource was deleted
\nResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type
\nThe configuration item status. Valid values include:
\nOK – The resource configuration has been updated.
\nResourceDiscovered – The resource was newly discovered.
\nResourceNotRecorded – The resource was discovered, but its configuration was not recorded since the recorder doesn't record resources of this type.
\nResourceDeleted – The resource was deleted
\nResourceDeletedNotRecorded – The resource was deleted, but its configuration was not recorded since the recorder doesn't record resources of this type.
\nConfiguration attributes that Config returns for certain\n\t\t\tresource types to supplement the information returned for the\n\t\t\tconfiguration parameter.
" } + }, + "recordingFrequency": { + "target": "com.amazonaws.configservice#RecordingFrequency", + "traits": { + "smithy.api#documentation": "The recording frequency that Config uses to record configuration changes for the resource.
" + } + }, + "configurationItemDeliveryTime": { + "target": "com.amazonaws.configservice#ConfigurationItemDeliveryTime", + "traits": { + "smithy.api#documentation": "The time when configuration changes for the resource were delivered.
\nThis field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording,\n\t\t\tthis field will be populated. However, if you are using continuous recording,\n\t\t\tthis field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see Recording Frequency in the Config\n\t\t\t\t\tDeveloper Guide.
\nThe detailed configuration of a specified resource.
" + "smithy.api#documentation": "The detailed configurations of a specified resource.
" } }, "com.amazonaws.configservice#BaseConfigurationItems": { @@ -1625,13 +1637,13 @@ "configurationItemCaptureTime": { "target": "com.amazonaws.configservice#ConfigurationItemCaptureTime", "traits": { - "smithy.api#documentation": "The time when the configuration recording was\n\t\t\tinitiated.
" + "smithy.api#documentation": "The time when the recording of configuration changes was\n\t\t\tinitiated for the resource.
" } }, "configurationItemStatus": { "target": "com.amazonaws.configservice#ConfigurationItemStatus", "traits": { - "smithy.api#documentation": "The configuration item status. The valid values are:
\nOK – The resource configuration has been updated
\nResourceDiscovered – The resource was newly discovered
\nResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder excludes the recording of resources of this type
\nResourceDeleted – The resource was deleted
\nResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder excludes the recording of resources of this type
\nThe configuration item status. Valid values include:
\nOK – The resource configuration has been updated
\nResourceDiscovered – The resource was newly discovered
\nResourceNotRecorded – The resource was discovered but its configuration was not recorded since the recorder doesn't record resources of this type
\nResourceDeleted – The resource was deleted
\nResourceDeletedNotRecorded – The resource was deleted but its configuration was not recorded since the recorder doesn't record resources of this type
\nConfiguration attributes that Config returns for certain\n\t\t\tresource types to supplement the information returned for the\n\t\t\t\tconfiguration parameter.
The recording frequency that Config uses to record configuration changes for the resource.
" + } + }, + "configurationItemDeliveryTime": { + "target": "com.amazonaws.configservice#ConfigurationItemDeliveryTime", + "traits": { + "smithy.api#documentation": "The time when configuration changes for the resource were delivered.
\nThis field is optional and is not guaranteed to be present in a configuration item (CI). If you are using daily recording,\n\t\t\tthis field will be populated. However, if you are using continuous recording,\n\t\t\tthis field will be omitted since the delivery time is instantaneous as the CI is available right away. For more information on daily recording and continuous recording, see Recording Frequency in the Config\n\t\t\t\t\tDeveloper Guide.
\nThe name of the configuration recorder. Config automatically assigns the name of \"default\" when creating the configuration recorder.
\nYou cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
" + "smithy.api#documentation": "The name of the configuration recorder. Config automatically assigns the name of \"default\" when creating the configuration recorder.
\nYou cannot change the name of the configuration recorder after it has been created. To change the configuration recorder name, you must delete it and create a new configuration recorder with a new name.
\nAmazon Resource Name (ARN) of the IAM role assumed by Config and used by the configuration recorder.
\nWhile the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.
\n Pre-existing Config role\n
\nIf you have used an Amazon Web Services service that uses Config, such as Security Hub or\n\t\t\t\tControl Tower, and an Config role has already been created, make sure that the\n\t\t\t\tIAM role that you use when setting up Config keeps the same minimum\n\t\t\t\tpermissions as the already created Config role. You must do this so that the\n\t\t\t\tother Amazon Web Services service continues to run as expected.
\nFor example, if Control Tower has an IAM role that allows Config to read\n\t\t\t\tAmazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted\n\t\t\t\twithin the IAM role you use when setting up Config. Otherwise, it may\n\t\t\t\tinterfere with how Control Tower operates. For more information about IAM\n\t\t\t\troles for Config,\n\t\t\t\tsee \n Identity and Access Management for Config\n in the Config Developer Guide.\n\t\t\t
\nAmazon Resource Name (ARN) of the IAM role assumed by Config and used by the configuration recorder.
\nWhile the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.
\n Pre-existing Config role\n
\nIf you have used an Amazon Web Services service that uses Config, such as Security Hub or\n\t\t\t\tControl Tower, and an Config role has already been created, make sure that the\n\t\t\t\tIAM role that you use when setting up Config keeps the same minimum\n\t\t\t\tpermissions as the already created Config role. You must do this so that the\n\t\t\t\tother Amazon Web Services service continues to run as expected.
\nFor example, if Control Tower has an IAM role that allows Config to read\n\t\t\t\tAmazon Simple Storage Service (Amazon S3) objects, make sure that the same permissions are granted\n\t\t\t\twithin the IAM role you use when setting up Config. Otherwise, it may\n\t\t\t\tinterfere with how Control Tower operates. For more information about IAM\n\t\t\t\troles for Config,\n\t\t\t\tsee \n Identity and Access Management for Config\n in the Config Developer Guide.\n\t\t\t
\nSpecifies which resource types Config\n\t\t\trecords for configuration changes.
\n\n High Number of Config Evaluations\n
\nYou may notice increased activity in your account during your initial month recording with Config when compared to subsequent months. During the\n\t\t\t\tinitial bootstrapping process, Config runs evaluations on all the resources in your account that you have selected\n\t\t\t\tfor Config to record.
\nIf you are running ephemeral workloads, you may see increased activity from Config as it records configuration changes associated with creating and deleting these\n\t\t\t\ttemporary resources. An ephemeral workload is a temporary use of computing resources that are loaded\n\t\t\t\tand run when needed. Examples include Amazon Elastic Compute Cloud (Amazon EC2)\n\t\t\t\tSpot Instances, Amazon EMR jobs, and Auto Scaling. If you want\n\t\t\t\tto avoid the increased activity from running ephemeral workloads, you can run these\n\t\t\t\ttypes of workloads in a separate account with Config turned off to avoid\n\t\t\t\tincreased configuration recording and rule evaluations.
\nSpecifies the default recording frequency that Config uses to record configuration changes.\n\t\t\t\n\t\t\tConfig supports Continuous recording and Daily recording.
\nContinuous recording allows you to record configuration changes continuously whenever a change occurs.
\nDaily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.\n\t\t\t
\nFirewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager,\n\t\t\tit is recommended that you set the recording frequency to Continuous.
\nYou can also override the recording frequency for specific resource types.
" + } } }, "traits": { - "smithy.api#documentation": "Records configuration changes to specified resource types.\n\t\t\tFor more information about the configuration recorder,\n\t\t\tsee \n Managing the Configuration Recorder\n in the Config Developer Guide.
" + "smithy.api#documentation": "Records configuration changes to your specified resource types.\n\t\t\tFor more information about the configuration recorder,\n\t\t\tsee \n Managing the Configuration Recorder\n in the Config Developer Guide.
" } }, "com.amazonaws.configservice#ConfigurationRecorderList": { @@ -3756,7 +3789,7 @@ "target": "com.amazonaws.configservice#RuleLimit", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "The number of rule evaluation results that you want\n\t\t\treturned.
\nThis parameter is required if the rule limit for your account\n\t\t\tis more than the default of 150 rules.
\nFor information about requesting a rule limit increase, see\n\t\t\t\tConfig Limits in the Amazon Web Services General\n\t\t\t\tReference Guide.
" + "smithy.api#documentation": "The number of rule evaluation results that you want\n\t\t\treturned.
\nThis parameter is required if the rule limit for your account\n\t\t\tis more than the default of 1000 rules.
\nFor information about requesting a rule limit increase, see\n\t\t\t\tConfig Limits in the Amazon Web Services General\n\t\t\t\tReference Guide.
" } } }, @@ -4102,7 +4135,20 @@ } ], "traits": { - "smithy.api#documentation": "Returns the details for the specified configuration recorders.\n\t\t\tIf the configuration recorder is not specified, this action returns\n\t\t\tthe details for all configuration recorders associated with the\n\t\t\taccount.
\nYou can specify only one configuration recorder for each Amazon Web Services Region for each account.
\nReturns the details for the specified configuration recorders.\n\t\t\tIf the configuration recorder is not specified, this action returns\n\t\t\tthe details for all configuration recorders associated with the\n\t\t\taccount.
\nYou can specify only one configuration recorder for each Amazon Web Services Region for each account.
\nReturns a list of organization Config rules.
\nWhen you specify the limit and the next token, you receive a paginated response.
\nLimit and next token are not applicable if you specify organization Config rule names. \n\t\t\tIt is only applicable, when you request all the organization Config rules.
\n\n For accounts within an organzation\n
\nIf you deploy an organizational rule or conformance pack in an organization\n\t\t\t\tadministrator account, and then establish a delegated administrator and deploy an\n\t\t\t\torganizational rule or conformance pack in the delegated administrator account, you\n\t\t\t\twon't be able to see the organizational rule or conformance pack in the organization\n\t\t\t\tadministrator account from the delegated administrator account or see the organizational\n\t\t\t\trule or conformance pack in the delegated administrator account from organization\n\t\t\t\tadministrator account. The DescribeOrganizationConfigRules and \n\t\t\t\tDescribeOrganizationConformancePacks APIs can only see and interact with\n\t\t\t\tthe organization-related resource that were deployed from within the account calling\n\t\t\t\tthose APIs.
Returns a list of organization Config rules.
\nWhen you specify the limit and the next token, you receive a paginated response.
\nLimit and next token are not applicable if you specify organization Config rule names. \n\t\t\tIt is only applicable, when you request all the organization Config rules.
\n\n For accounts within an organization\n
\nIf you deploy an organizational rule or conformance pack in an organization\n\t\t\t\tadministrator account, and then establish a delegated administrator and deploy an\n\t\t\t\torganizational rule or conformance pack in the delegated administrator account, you\n\t\t\t\twon't be able to see the organizational rule or conformance pack in the organization\n\t\t\t\tadministrator account from the delegated administrator account or see the organizational\n\t\t\t\trule or conformance pack in the delegated administrator account from organization\n\t\t\t\tadministrator account. The DescribeOrganizationConfigRules and \n\t\t\t\tDescribeOrganizationConformancePacks APIs can only see and interact with\n\t\t\t\tthe organization-related resource that were deployed from within the account calling\n\t\t\t\tthose APIs.
Returns a list of organization conformance packs.
\nWhen you specify the limit and the next token, you receive a paginated response.
\nLimit and next token are not applicable if you specify organization conformance packs names. They are only applicable,\n\t\t\twhen you request all the organization conformance packs.
\n\n For accounts within an organzation\n
\nIf you deploy an organizational rule or conformance pack in an organization\n\t\t\t\tadministrator account, and then establish a delegated administrator and deploy an\n\t\t\t\torganizational rule or conformance pack in the delegated administrator account, you\n\t\t\t\twon't be able to see the organizational rule or conformance pack in the organization\n\t\t\t\tadministrator account from the delegated administrator account or see the organizational\n\t\t\t\trule or conformance pack in the delegated administrator account from organization\n\t\t\t\tadministrator account. The DescribeOrganizationConfigRules and \n\t\t\t\tDescribeOrganizationConformancePacks APIs can only see and interact with\n\t\t\t\tthe organization-related resource that were deployed from within the account calling\n\t\t\t\tthose APIs.
Returns a list of organization conformance packs.
\nWhen you specify the limit and the next token, you receive a paginated response.
\nLimit and next token are not applicable if you specify organization conformance packs names. They are only applicable,\n\t\t\twhen you request all the organization conformance packs.
\n\n For accounts within an organization\n
\nIf you deploy an organizational rule or conformance pack in an organization\n\t\t\t\tadministrator account, and then establish a delegated administrator and deploy an\n\t\t\t\torganizational rule or conformance pack in the delegated administrator account, you\n\t\t\t\twon't be able to see the organizational rule or conformance pack in the organization\n\t\t\t\tadministrator account from the delegated administrator account or see the organizational\n\t\t\t\trule or conformance pack in the delegated administrator account from organization\n\t\t\t\tadministrator account. The DescribeOrganizationConfigRules and \n\t\t\t\tDescribeOrganizationConformancePacks APIs can only see and interact with\n\t\t\t\tthe organization-related resource that were deployed from within the account calling\n\t\t\t\tthose APIs.
Specifies whether the configuration recorder excludes certain resource types from being recorded.\n\t\t\tUse the resourceTypes field to enter a comma-separated list of resource types you want to exclude from recording.
By default, when Config adds support for a new resource type in the Region where you set up the configuration recorder,\n\t\t\tincluding global resource types, Config starts recording resources of that type automatically.
\n\n How to use\n
\nTo use this option, you must set the useOnly\n\t\t\t\tfield of RecordingStrategy\n\t\t\t\tto EXCLUSION_BY_RESOURCE_TYPES.
Config will then record configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded.
\n\n Globally recorded resources\n
\nUnless specifically listed as exclusions,\n\t\t\t\tAWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.\n\t\t\t\tIAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled Config Regions where Config was available before February 2022.\n\t\t\t\tThis list does not include the following Regions:
Asia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\nSpecifies whether the configuration recorder excludes certain resource types from being recorded.\n\t\t\tUse the resourceTypes field to enter a comma-separated list of resource types you want to exclude from recording.
By default, when Config adds support for a new resource type in the Region where you set up the configuration recorder,\n\t\t\tincluding global resource types, Config starts recording resources of that type automatically.
\n\n How to use the exclusion recording strategy \n
\nTo use this option, you must set the useOnly\n\t\t\t\tfield of RecordingStrategy\n\t\t\t\tto EXCLUSION_BY_RESOURCE_TYPES.
Config will then record configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded.
\n\n Global resource types and the exclusion recording strategy \n
\nUnless specifically listed as exclusions,\n\t\t\t\tAWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.
IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022.\n\t\t\t\tYou cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
\nAsia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nCanada West (Calgary)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\nFailed to add the Config rule because the account already\n\t\t\tcontains the maximum number of 150 rules. Consider deleting any\n\t\t\tdeactivated rules before you add new rules.
", + "smithy.api#documentation": "Failed to add the Config rule because the account already\n\t\t\tcontains the maximum number of 1000 rules. Consider deleting any\n\t\t\tdeactivated rules before you add new rules.
", "smithy.api#error": "client" } }, @@ -9738,6 +9793,9 @@ }, { "target": "com.amazonaws.configservice#MaxNumberOfConfigurationRecordersExceededException" + }, + { + "target": "com.amazonaws.configservice#ValidationException" } ], "traits": { @@ -10235,7 +10293,7 @@ } ], "traits": { - "smithy.api#documentation": "Adds or updates the remediation configuration with a specific Config rule with the \n\t\t\tselected target or action. \n\t\t\tThe API creates the RemediationConfiguration object for the Config rule. \n\t\tThe Config rule must already exist for you to add a remediation configuration. \n\t\tThe target (SSM document) must exist and have permissions to use the target.
If you make backward incompatible changes to the SSM document, \n\t\t\tyou must call this again to ensure the remediations can run.
\nThis API does not support adding remediation configurations for service-linked Config Rules such as Organization Config rules, \n\t\t\t\tthe rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.
\nFor manual remediation configuration, you need to provide a value for automationAssumeRole or use a value in the assumeRolefield to remediate your resources. The SSM automation document can use either as long as it maps to a valid parameter.
However, for automatic remediation configuration, the only valid assumeRole field value is AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to remediate your resources.
Adds or updates the remediation configuration with a specific Config rule with the \n\t\t\tselected target or action. \n\t\t\tThe API creates the RemediationConfiguration object for the Config rule. \n\t\tThe Config rule must already exist for you to add a remediation configuration. \n\t\tThe target (SSM document) must exist and have permissions to use the target.
\n Be aware of backward incompatible changes\n
\nIf you make backward incompatible changes to the SSM document, \n\t\t\tyou must call this again to ensure the remediations can run.
\nThis API does not support adding remediation configurations for service-linked Config Rules such as Organization Config rules, \n\t\t\t\tthe rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.
\n\n Required fields\n
\nFor manual remediation configuration, you need to provide a value for automationAssumeRole or use a value in the assumeRolefield to remediate your resources. The SSM automation document can use either as long as it maps to a valid parameter.
However, for automatic remediation configuration, the only valid assumeRole field value is AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to remediate your resources.
\n Auto remediation can be initiated even for compliant resources\n
\nIf you enable auto remediation for a specific Config rule using the PutRemediationConfigurations API or the Config console,\n\t\t\t\tit initiates the remediation process for all non-compliant resources for that specific rule.\n\t\t\t\tThe auto remediation process relies on the compliance data snapshot which is captured on a periodic basis.\n\t\t\t\tAny non-compliant resource that is updated between the snapshot schedule will continue to be remediated based on the last known compliance data snapshot.
\nThis means that in some cases auto remediation can be initiated even for compliant resources, since the bootstrap processor uses a database that can have stale evaluation results based on the last known compliance data snapshot.
\nA remediation exception is when a specified resource is no longer considered for auto-remediation. \n\t\t\tThis API adds a new exception or updates an existing exception for a specified resource with a specified Config rule.
\nConfig generates a remediation exception when a problem occurs running a remediation action for a specified resource. \n\t\t\tRemediation exceptions blocks auto-remediation until the exception is cleared.
\nWhen placing an exception on an Amazon Web Services resource, it is recommended that remediation is set as manual remediation until\n\t\t\tthe given Config rule for the specified resource evaluates the resource as NON_COMPLIANT.\n\t\t\tOnce the resource has been evaluated as NON_COMPLIANT, you can add remediation exceptions and change the remediation type back from Manual to Auto if you want to use auto-remediation.\n\t\t\tOtherwise, using auto-remediation before a NON_COMPLIANT evaluation result can delete resources before the exception is applied.
Placing an exception can only be performed on resources that are NON_COMPLIANT.\n\t\t\tIf you use this API for COMPLIANT resources or resources that are NOT_APPLICABLE, a remediation exception will not be generated.\n\t\t\tFor more information on the conditions that initiate the possible Config evaluation results,\n\t\t\tsee Concepts | Config Rules in the Config Developer Guide.
A remediation exception is when a specified resource is no longer considered for auto-remediation. \n\t\t\tThis API adds a new exception or updates an existing exception for a specified resource with a specified Config rule.
\n\n Exceptions block auto remediation\n
\nConfig generates a remediation exception when a problem occurs running a remediation action for a specified resource. \n\t\t\tRemediation exceptions blocks auto-remediation until the exception is cleared.
\n\n Manual remediation is recommended when placing an exception\n
\nWhen placing an exception on an Amazon Web Services resource, it is recommended that remediation is set as manual remediation until\n\t\t\tthe given Config rule for the specified resource evaluates the resource as NON_COMPLIANT.\n\t\t\tOnce the resource has been evaluated as NON_COMPLIANT, you can add remediation exceptions and change the remediation type back from Manual to Auto if you want to use auto-remediation.\n\t\t\tOtherwise, using auto-remediation before a NON_COMPLIANT evaluation result can delete resources before the exception is applied.
\n Exceptions can only be performed on non-compliant resources\n
\nPlacing an exception can only be performed on resources that are NON_COMPLIANT.\n\t\t\tIf you use this API for COMPLIANT resources or resources that are NOT_APPLICABLE, a remediation exception will not be generated.\n\t\t\tFor more information on the conditions that initiate the possible Config evaluation results,\n\t\t\tsee Concepts | Config Rules in the Config Developer Guide.
\n Auto remediation can be initiated even for compliant resources\n
\nIf you enable auto remediation for a specific Config rule using the PutRemediationConfigurations API or the Config console,\n\t\t\t\tit initiates the remediation process for all non-compliant resources for that specific rule.\n\t\t\t\tThe auto remediation process relies on the compliance data snapshot which is captured on a periodic basis.\n\t\t\t\tAny non-compliant resource that is updated between the snapshot schedule will continue to be remediated based on the last known compliance data snapshot.
\nThis means that in some cases auto remediation can be initiated even for compliant resources, since the bootstrap processor uses a database that can have stale evaluation results based on the last known compliance data snapshot.
\nSpecifies whether Config records configuration changes for all supported regionally recorded resource types.
\nIf you set this field to true, when Config\n\t\t\tadds support for a new regionally recorded resource type, Config starts recording resources of that type automatically.
If you set this field to true,\n\t\t\tyou cannot enumerate specific resource types to record in the resourceTypes field of RecordingGroup, or to exclude in the resourceTypes field of ExclusionByResourceTypes.
\n Region Availability\n
\nCheck Resource Coverage by Region Availability\n\t\t\t\tto see if a resource type is supported in the Amazon Web Services Region where you set up Config.
\nSpecifies whether Config records configuration changes for all supported resource types, excluding the global IAM resource types.
\nIf you set this field to true, when Config\n\t\t\tadds support for a new resource type, Config starts recording resources of that type automatically.
If you set this field to true,\n\t\t\tyou cannot enumerate specific resource types to record in the resourceTypes field of RecordingGroup, or to exclude in the resourceTypes field of ExclusionByResourceTypes.
\n Region availability\n
\nCheck Resource Coverage by Region Availability\n\t\t\t\tto see if a resource type is supported in the Amazon Web Services Region where you set up Config.
\nA legacy field which only applies to the globally recorded IAM resource types: IAM users, groups, roles, and customer managed policies.\n\t\t\tIf you select this option, these resource types will be recorded in all enabled Config regions where Config was available before February 2022.\n\t\t\tThis list does not include the following Regions:
\nAsia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\n\n Aurora global clusters are automatically globally recorded\n
\nThe AWS::RDS::GlobalCluster resource type will be recorded in all supported Config Regions where the configuration recorder is enabled, even if includeGlobalResourceTypes is not set to true.\n\t\t\t\tincludeGlobalResourceTypes is a legacy field which only applies to IAM users, groups, roles, and customer managed policies.\n\t\t\t
If you do not want to record AWS::RDS::GlobalCluster in all enabled Regions, use one of the following recording strategies:
\n Record all current and future resource types with exclusions (EXCLUSION_BY_RESOURCE_TYPES), or
\n Record specific resource types (INCLUSION_BY_RESOURCE_TYPES).
For more information, see Selecting Which Resources are Recorded in the Config developer guide.
\n\n Required and optional fields\n
\nBefore you set this field to true,\n\t\t\tset the allSupported field of RecordingGroup to\n\t\t\ttrue. Optionally, you can set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES.
\n Overriding fields\n
\nIf you set this field to false but list globally recorded IAM resource types in the resourceTypes field of RecordingGroup,\n\t\t\tConfig will still record configuration changes for those specified resource types regardless of if you set the includeGlobalResourceTypes field to false.
If you do not want to record configuration changes to the globally recorded IAM resource types (IAM users, groups, roles, and customer managed policies), make sure to not list them in the resourceTypes field\n\t\t\tin addition to setting the includeGlobalResourceTypes field to false.
This option is a bundle which only applies to the global IAM resource types:\n\t\t\tIAM users, groups, roles, and customer managed policies. These global IAM resource types can only be recorded\n\t\t\tby Config in Regions where Config was available before February 2022.\n\t\t\tYou cannot be record the global IAM resouce types in Regions supported by Config after February 2022.\n\t\t\tThis list where you cannot record the global IAM resource types includes the following Regions:
\nAsia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nCanada West (Calgary)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\n\n Aurora global clusters are recorded in all enabled Regions\n
\nThe AWS::RDS::GlobalCluster resource type will be recorded in all supported Config Regions where the configuration recorder is enabled, even if includeGlobalResourceTypes is setfalse.\n\t\t\t\tThe includeGlobalResourceTypes option is a bundle which only applies to IAM users, groups, roles, and customer managed policies.\n\t\t\t
If you do not want to record AWS::RDS::GlobalCluster in all enabled Regions, use one of the following recording strategies:
\n Record all current and future resource types with exclusions (EXCLUSION_BY_RESOURCE_TYPES), or
\n Record specific resource types (INCLUSION_BY_RESOURCE_TYPES).
For more information, see Selecting Which Resources are Recorded in the Config developer guide.
\n\n includeGlobalResourceTypes and the exclusion recording strategy\n
\nThe includeGlobalResourceTypes field has no impact on the EXCLUSION_BY_RESOURCE_TYPES recording strategy.\n\t\t\t\tThis means that the global IAM resource types (IAM users, groups, roles, and customer managed policies) will\n\t\t\t\tnot be automatically added as exclusions for exclusionByResourceTypes when includeGlobalResourceTypes is set to false.
The includeGlobalResourceTypes field should only be used to modify the AllSupported field, as the default for\n\t\t\t\tthe AllSupported field is to record configuration changes for all supported resource types excluding the global\n\t\t\t\tIAM resource types. To include the global IAM resource types when AllSupported is set to true, make sure to set includeGlobalResourceTypes to true.
To exclude the global IAM resource types for the EXCLUSION_BY_RESOURCE_TYPES recording strategy, you need to manually add them to the resourceTypes field of exclusionByResourceTypes.
\n Required and optional fields\n
\nBefore you set this field to true,\n\t\t\tset the allSupported field of RecordingGroup to\n\t\t\ttrue. Optionally, you can set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES.
\n Overriding fields\n
\nIf you set this field to false but list global IAM resource types in the resourceTypes field of RecordingGroup,\n\t\t\tConfig will still record configuration changes for those specified resource types regardless of if you set the includeGlobalResourceTypes field to false.
If you do not want to record configuration changes to the global IAM resource types (IAM users, groups, roles, and customer managed policies), make sure to not list them in the resourceTypes field\n\t\t\tin addition to setting the includeGlobalResourceTypes field to false.
A comma-separated list that specifies which resource types Config\n\t\t\trecords.
\nOptionally, you can set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES.
To record all configuration changes,\n\t\t\t\tset the allSupported field of RecordingGroup to\n\t\t\t\ttrue, and either omit this field or don't specify any resource types in this field. If you set the allSupported field to false and specify values for resourceTypes,\n\t\t\t\t\twhen Config adds support for a new type of resource,\n\t\t\t\t\tit will not record resources of that type unless you manually add that type to your recording group.
For a list of valid resourceTypes values, see the\n\t\t\t\tResource Type Value column in\n\t\t\t\tSupported Amazon Web Services resource Types in the Config developer guide.
\n Region Availability\n
\nBefore specifying a resource type for Config to track,\n\t\t\t\tcheck Resource Coverage by Region Availability\n\t\t\t\tto see if the resource type is supported in the Amazon Web Services Region where you set up Config.\n\t\t\t\tIf a resource type is supported by Config in at least one Region,\n\t\t\t\tyou can enable the recording of that resource type in all Regions supported by Config,\n\t\t\t\teven if the specified resource type is not supported in the Amazon Web Services Region where you set up Config.
\nA comma-separated list that specifies which resource types Config\n\t\t\trecords.
\nFor a list of valid resourceTypes values, see the\n\t\t\t\tResource Type Value column in\n\t\t\t\tSupported Amazon Web Services resource Types in the Config developer guide.
\n Required and optional fields\n
\nOptionally, you can set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES.
To record all configuration changes,\n\t\t\t\tset the allSupported field of RecordingGroup to\n\t\t\t\ttrue, and either omit this field or don't specify any resource types in this field. If you set the allSupported field to false and specify values for resourceTypes,\n\t\t\t\twhen Config adds support for a new type of resource,\n\t\t\t\tit will not record resources of that type unless you manually add that type to your recording group.
\n Region availability\n
\nBefore specifying a resource type for Config to track,\n\t\t\t\tcheck Resource Coverage by Region Availability\n\t\t\t\tto see if the resource type is supported in the Amazon Web Services Region where you set up Config.\n\t\t\t\tIf a resource type is supported by Config in at least one Region,\n\t\t\t\tyou can enable the recording of that resource type in all Regions supported by Config,\n\t\t\t\teven if the specified resource type is not supported in the Amazon Web Services Region where you set up Config.
\nAn object that specifies how Config excludes resource types from being recorded by the configuration recorder.
\nTo use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
An object that specifies how Config excludes resource types from being recorded by the configuration recorder.
\n\n Required fields\n
\nTo use this option, you must set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES.
An object that specifies the recording strategy for the configuration recorder.
\nIf you set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regionally recorded resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new regionally recorded resource type, Config automatically starts recording resources of that type.
If you set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types you specify in the resourceTypes field of RecordingGroup.
If you set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types\n\t\t\t\texcept the resource types that you specify to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.
\n Required and optional fields\n
\nThe recordingStrategy field is optional when you set the\n\t\t\tallSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the\n\t\t\t\tresourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
\n Overriding fields\n
\nIf you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, globally recorded IAM resource types will still be automatically\n\t\t\trecorded in this option unless those resource types are specifically listed as exclusions in the resourceTypes field of exclusionByResourceTypes.
\n Global resources types and the resource exclusion recording strategy\n
\nBy default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy,\n\t\t\twhen Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types,\n\t\t\tConfig starts recording resources of that type automatically.
In addition, unless specifically listed as exclusions,\n\t\t\t\tAWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.\n\t\t\t\tIAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled Config Regions where Config was available before February 2022.\n\t\t\t\tThis list does not include the following Regions:
Asia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\nAn object that specifies the recording strategy for the configuration recorder.
\nIf you set the useOnly field of RecordingStrategy to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the allSupported field of RecordingGroup to true. When Config adds support for a new resource type, Config automatically starts recording resources of that type.
If you set the useOnly field of RecordingStrategy to INCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for only the resource types you specify in the resourceTypes field of RecordingGroup.
If you set the useOnly field of RecordingStrategy to EXCLUSION_BY_RESOURCE_TYPES, Config records configuration changes for all supported resource types\n\t\t\t\texcept the resource types that you specify to exclude from being recorded in the resourceTypes field of ExclusionByResourceTypes.
\n Required and optional fields\n
\nThe recordingStrategy field is optional when you set the\n\t\t\tallSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the\n\t\t\t\tresourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
\n Overriding fields\n
\nIf you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global IAM resource types will still be automatically\n\t\t\trecorded in this option unless those resource types are specifically listed as exclusions in the resourceTypes field of exclusionByResourceTypes.
\n Global resources types and the resource exclusion recording strategy\n
\nBy default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy,\n\t\t\twhen Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types,\n\t\t\tConfig starts recording resources of that type automatically.
Unless specifically listed as exclusions,\n\t\t\t\tAWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.
IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022.\n\t\t\t\tYou cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
\nAsia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nCanada West (Calgary)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\nSpecifies which resource types Config\n\t\t\trecords for configuration changes. By default, Config records configuration changes for all current and future supported resource types in the Amazon Web Services Region where you have enabled Config,\n\t\t\texcluding the global IAM resource types: IAM users, groups, roles, and customer managed policies.
\nIn the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types.\n\t\t\tFor a list of supported resource types, see Supported Resource Types in the Config developer guide.
\nIf you don't want Config to record all current and future supported resource types (excluding the global IAM resource types), use one of the following recording strategies:
\n\n Record all current and future resource types with exclusions (EXCLUSION_BY_RESOURCE_TYPES), or
\n Record specific resource types (INCLUSION_BY_RESOURCE_TYPES).
If you use the recording strategy to Record all current and future resource types (ALL_SUPPORTED_RESOURCE_TYPES),\n\t\t\tyou can use the flag includeGlobalResourceTypes to include the global IAM resource types in your recording.
\n Aurora global clusters are recorded in all enabled Regions\n
\nThe AWS::RDS::GlobalCluster resource type\n\t\t\t\twill be recorded in all supported Config Regions where the configuration recorder is enabled.
If you do not want to record AWS::RDS::GlobalCluster in all enabled Regions, use the EXCLUSION_BY_RESOURCE_TYPES or INCLUSION_BY_RESOURCE_TYPES recording strategy.
The default recording frequency that Config uses to record configuration changes.
\nDaily recording is not supported for the following resource types:
\n\n AWS::Config::ResourceCompliance\n
\n AWS::Config::ConformancePackCompliance\n
\n AWS::Config::ConfigurationRecorder\n
For the allSupported (ALL_SUPPORTED_RESOURCE_TYPES) recording strategy, these resource types will be set to Continuous recording.
An array of recordingModeOverride objects for you to specify your overrides for the recording mode.\n\t\t\tThe recordingModeOverride object in the recordingModeOverrides array consists of three fields: a description, the new recordingFrequency, and an array of resourceTypes to override.
Specifies the default recording frequency that Config uses to record configuration changes.\n\t\t\t\n\t\t\tConfig supports Continuous recording and Daily recording.
\nContinuous recording allows you to record configuration changes continuously whenever a change occurs.
\nDaily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.\n\t\t\t
\nFirewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager,\n\t\t\tit is recommended that you set the recording frequency to Continuous.
\nYou can also override the recording frequency for specific resource types.
" + } + }, + "com.amazonaws.configservice#RecordingModeOverride": { + "type": "structure", + "members": { + "description": { + "target": "com.amazonaws.configservice#Description", + "traits": { + "smithy.api#documentation": "A description that you provide for the override.
" + } + }, + "resourceTypes": { + "target": "com.amazonaws.configservice#RecordingModeResourceTypesList", + "traits": { + "smithy.api#documentation": "A comma-separated list that specifies which resource types Config\n\t\t\tincludes in the override.
\nDaily recording is not supported for the following resource types:
\n\n AWS::Config::ResourceCompliance\n
\n AWS::Config::ConformancePackCompliance\n
\n AWS::Config::ConfigurationRecorder\n
The recording frequency that will be applied to all the resource types specified in the override.
\nContinuous recording allows you to record configuration changes continuously whenever a change occurs.
\nDaily recording allows you to receive a configuration item (CI) representing the most recent state of your resources over the last 24-hour period, only if it’s different from the previous CI recorded.\n\t\t\t
\nFirewall Manager depends on continuous recording to monitor your resources. If you are using Firewall Manager,\n\t\t\tit is recommended that you set the recording frequency to Continuous.
\nSpecifies which resource types Config\n\t\t\trecords for configuration changes. By default, Config records configuration changes for all current and future supported resource types in the Amazon Web Services Region where you have enabled Config\n\t\t\t(excluding the globally recorded IAM resource types: IAM users, groups, roles, and customer managed policies).
\nIn the recording group, you specify whether you want to record all supported current and future supported resource types or to include or exclude specific resources types.\n\t\t\tFor a list of supported resource types, see Supported Resource Types in the Config developer guide.
\nIf you don't want Config to record all current and future supported resource types, use one of the following recording strategies:
\n\n Record all current and future resource types with exclusions (EXCLUSION_BY_RESOURCE_TYPES), or
\n Record specific resource types (INCLUSION_BY_RESOURCE_TYPES).
\n Aurora global clusters are automatically globally recorded\n
\nThe AWS::RDS::GlobalCluster resource type\n\t\t\t\twill be recorded in all supported Config Regions where the configuration recorder is enabled.
If you do not want to record AWS::RDS::GlobalCluster in all enabled Regions, use the EXCLUSION_BY_RESOURCE_TYPES or INCLUSION_BY_RESOURCE_TYPES recording strategy.
An object for you to specify your overrides for the recording mode.
" + } + }, + "com.amazonaws.configservice#RecordingModeOverrides": { + "type": "list", + "member": { + "target": "com.amazonaws.configservice#RecordingModeOverride" + }, + "traits": { + "smithy.api#length": { + "min": 0, + "max": 1 + } + } + }, + "com.amazonaws.configservice#RecordingModeResourceTypesList": { + "type": "list", + "member": { + "target": "com.amazonaws.configservice#ResourceType" } }, "com.amazonaws.configservice#RecordingStrategy": { @@ -10658,7 +10800,7 @@ "useOnly": { "target": "com.amazonaws.configservice#RecordingStrategyType", "traits": { - "smithy.api#documentation": "The recording strategy for the configuration recorder.
\nIf you set this option to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported regionally recorded resource types.\n\t\t\t\tYou also must set the allSupported field of RecordingGroup to true.\n\t\t\t\tWhen Config adds support for a new regionally recorded resource type, Config automatically starts recording resources of that type. For a list of supported resource types,\n\t\t\t\tsee Supported Resource Types in the Config developer guide.
If you set this option to INCLUSION_BY_RESOURCE_TYPES, Config records\n\t\t\t\t\tconfiguration changes for only the resource types that you specify in the\n\t\t\t\t\t\tresourceTypes field of RecordingGroup.
If you set this option to EXCLUSION_BY_RESOURCE_TYPES, Config records\n\t\t\t\t\tconfiguration changes for all supported resource types, except the resource\n\t\t\t\t\ttypes that you specify to exclude from being recorded in the\n\t\t\t\t\t\tresourceTypes field of ExclusionByResourceTypes.
\n Required and optional fields\n
\nThe recordingStrategy field is optional when you set the\n\t\t\tallSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the\n\t\t\t\tresourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
\n Overriding fields\n
\nIf you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, globally recorded IAM resource types will still be automatically\n\t\t\trecorded in this option unless those resource types are specifically listed as exclusions in the resourceTypes field of exclusionByResourceTypes.
\n Global resource types and the exclusion recording strategy\n
\nBy default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy,\n\t\t\t\twhen Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types,\n\t\t\t\tConfig starts recording resources of that type automatically.
In addition, unless specifically listed as exclusions,\n\t\t\t\tAWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.\n\t\t\t\tIAM users, groups, roles, and customer managed policies will be recorded automatically in all enabled Config Regions where Config was available before February 2022.\n\t\t\t\tThis list does not include the following Regions:
Asia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\nThe recording strategy for the configuration recorder.
\nIf you set this option to ALL_SUPPORTED_RESOURCE_TYPES, Config records configuration changes for all supported resource types, excluding the global IAM resource types.\n\t\t\t\tYou also must set the allSupported field of RecordingGroup to true.\n\t\t\t\tWhen Config adds support for a new resource type, Config automatically starts recording resources of that type. For a list of supported resource types,\n\t\t\t\tsee Supported Resource Types in the Config developer guide.
If you set this option to INCLUSION_BY_RESOURCE_TYPES, Config records\n\t\t\t\t\tconfiguration changes for only the resource types that you specify in the\n\t\t\t\t\t\tresourceTypes field of RecordingGroup.
If you set this option to EXCLUSION_BY_RESOURCE_TYPES, Config records\n\t\t\t\t\tconfiguration changes for all supported resource types, except the resource\n\t\t\t\t\ttypes that you specify to exclude from being recorded in the\n\t\t\t\t\t\tresourceTypes field of ExclusionByResourceTypes.
\n Required and optional fields\n
\nThe recordingStrategy field is optional when you set the\n\t\t\tallSupported field of RecordingGroup to true.
The recordingStrategy field is optional when you list resource types in the\n\t\t\t\tresourceTypes field of RecordingGroup.
The recordingStrategy field is required if you list resource types to exclude from recording in the resourceTypes field of ExclusionByResourceTypes.
\n Overriding fields\n
\nIf you choose EXCLUSION_BY_RESOURCE_TYPES for the recording strategy, the exclusionByResourceTypes field will override other properties in the request.
For example, even if you set includeGlobalResourceTypes to false, global IAM resource types will still be automatically\n\t\t\trecorded in this option unless those resource types are specifically listed as exclusions in the resourceTypes field of exclusionByResourceTypes.
\n Global resource types and the exclusion recording strategy\n
\nBy default, if you choose the EXCLUSION_BY_RESOURCE_TYPES recording strategy,\n\t\t\t\twhen Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types,\n\t\t\t\tConfig starts recording resources of that type automatically.
Unless specifically listed as exclusions,\n\t\t\t\tAWS::RDS::GlobalCluster will be recorded automatically in all supported Config Regions were the configuration recorder is enabled.
IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where Config was available before February 2022.\n\t\t\t\tYou cannot be record the global IAM resouce types in Regions supported by Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:
\nAsia Pacific (Hyderabad)
\nAsia Pacific (Melbourne)
\nCanada West (Calgary)
\nEurope (Spain)
\nEurope (Zurich)
\nIsrael (Tel Aviv)
\nMiddle East (UAE)
\nMaximum time in seconds that Config runs auto-remediation. If you do not select a number, the default is 60 seconds.
\nFor example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, \n\t\tConfig will run auto-remediations 5 times within 50 seconds before throwing an exception.
" + "smithy.api#documentation": "Time window to determine whether or not to add a remediation exception to prevent infinite remediation attempts.\n\t\t\tIf MaximumAutomaticAttempts remediation attempts have been made under RetryAttemptSeconds, a remediation exception will be added to the resource.\n\t\t\tIf you do not select a number, the default is 60 seconds.\n\t\t
For example, if you specify RetryAttemptSeconds as 50 seconds and MaximumAutomaticAttempts as 5, \n\t\t\tConfig will run auto-remediations 5 times within 50 seconds before adding a remediation exception to the resource.
Filters all resource evaluations results based on an evaluation mode. the valid value for this API is Proactive.
Filters all resource evaluations results based on an evaluation mode.
\nCurrently, DECTECTIVE is not supported as a valid value. Ignore other documentation stating otherwise.
The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack.\n\t\t\tIf you use the document name, Config checks only your account and Amazon Web Services Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.
", + "smithy.api#documentation": "The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack.\n\t\t\tIf you use the document name, Config checks only your account and Amazon Web Services Region for the SSM document.
", "smithy.api#required": {} } }, diff --git a/aws/sdk/aws-models/dynamodb.json b/aws/sdk/aws-models/dynamodb.json index c47b042f52..5768b76c66 100644 --- a/aws/sdk/aws-models/dynamodb.json +++ b/aws/sdk/aws-models/dynamodb.json @@ -29,6 +29,23 @@ ] }, "shapes": { + "com.amazonaws.dynamodb#ApproximateCreationDateTimePrecision": { + "type": "enum", + "members": { + "MILLISECOND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MILLISECOND" + } + }, + "MICROSECOND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "MICROSECOND" + } + } + } + }, "com.amazonaws.dynamodb#ArchivalReason": { "type": "string" }, @@ -100,7 +117,7 @@ } }, "traits": { - "smithy.api#documentation": "Represents an attribute for describing the key schema for the table and\n indexes.
" + "smithy.api#documentation": "Represents an attribute for describing the schema for the table and\n indexes.
" } }, "com.amazonaws.dynamodb#AttributeDefinitions": { @@ -902,7 +919,7 @@ "RequestItems": { "target": "com.amazonaws.dynamodb#BatchGetRequestMap", "traits": { - "smithy.api#documentation": "A map of one or more table names and, for each table, a map that describes one or more\n items to retrieve from that table. Each table name can be used only once per\n BatchGetItem request.
Each element in the map of items to retrieve consists of the following:
\n\n ConsistentRead - If true, a strongly consistent read\n is used; if false (the default), an eventually consistent read is\n used.
\n ExpressionAttributeNames - One or more substitution tokens for\n attribute names in the ProjectionExpression parameter. The\n following are some use cases for using\n ExpressionAttributeNames:
To access an attribute whose name conflicts with a DynamoDB reserved\n word.
\nTo create a placeholder for repeating occurrences of an attribute name\n in an expression.
\nTo prevent special characters in an attribute name from being\n misinterpreted in an expression.
\nUse the # character in an expression to\n dereference an attribute name. For example, consider the following attribute\n name:
\n\n Percentile\n
The name of this attribute conflicts with a reserved word, so it cannot be\n used directly in an expression. (For the complete list of reserved words, see\n Reserved\n Words in the Amazon DynamoDB Developer Guide).\n To work around this, you could specify the following for\n ExpressionAttributeNames:
\n {\"#P\":\"Percentile\"}\n
You could then use this substitution in an expression, as in this\n example:
\n\n #P = :val\n
Tokens that begin with the : character\n are expression attribute values, which are placeholders\n for the actual value at runtime.
\nFor more information about expression attribute names, see Accessing Item Attributes in the Amazon DynamoDB\n Developer Guide.
\n\n Keys - An array of primary key attribute values that define\n specific items in the table. For each primary key, you must provide\n all of the key attributes. For example, with a simple\n primary key, you only need to provide the partition key value. For a composite\n key, you must provide both the partition key value and the\n sort key value.
\n ProjectionExpression - A string that identifies one or more\n attributes to retrieve from the table. These attributes can include scalars,\n sets, or elements of a JSON document. The attributes in the expression must be\n separated by commas.
If no attribute names are specified, then all attributes are returned. If any\n of the requested attributes are not found, they do not appear in the\n result.
\nFor more information, see Accessing Item Attributes in the Amazon DynamoDB\n Developer Guide.
\n\n AttributesToGet - This is a legacy parameter. Use\n ProjectionExpression instead. For more information, see AttributesToGet in the Amazon DynamoDB Developer\n Guide.
A map of one or more table names or table ARNs and, for each table, a map that describes one or more\n items to retrieve from that table. Each table name or ARN can be used only once per\n BatchGetItem request.
Each element in the map of items to retrieve consists of the following:
\n\n ConsistentRead - If true, a strongly consistent read\n is used; if false (the default), an eventually consistent read is\n used.
\n ExpressionAttributeNames - One or more substitution tokens for\n attribute names in the ProjectionExpression parameter. The\n following are some use cases for using\n ExpressionAttributeNames:
To access an attribute whose name conflicts with a DynamoDB reserved\n word.
\nTo create a placeholder for repeating occurrences of an attribute name\n in an expression.
\nTo prevent special characters in an attribute name from being\n misinterpreted in an expression.
\nUse the # character in an expression to\n dereference an attribute name. For example, consider the following attribute\n name:
\n\n Percentile\n
The name of this attribute conflicts with a reserved word, so it cannot be\n used directly in an expression. (For the complete list of reserved words, see\n Reserved\n Words in the Amazon DynamoDB Developer Guide).\n To work around this, you could specify the following for\n ExpressionAttributeNames:
\n {\"#P\":\"Percentile\"}\n
You could then use this substitution in an expression, as in this\n example:
\n\n #P = :val\n
Tokens that begin with the : character\n are expression attribute values, which are placeholders\n for the actual value at runtime.
\nFor more information about expression attribute names, see Accessing Item Attributes in the Amazon DynamoDB\n Developer Guide.
\n\n Keys - An array of primary key attribute values that define\n specific items in the table. For each primary key, you must provide\n all of the key attributes. For example, with a simple\n primary key, you only need to provide the partition key value. For a composite\n key, you must provide both the partition key value and the\n sort key value.
\n ProjectionExpression - A string that identifies one or more\n attributes to retrieve from the table. These attributes can include scalars,\n sets, or elements of a JSON document. The attributes in the expression must be\n separated by commas.
If no attribute names are specified, then all attributes are returned. If any\n of the requested attributes are not found, they do not appear in the\n result.
\nFor more information, see Accessing Item Attributes in the Amazon DynamoDB\n Developer Guide.
\n\n AttributesToGet - This is a legacy parameter. Use\n ProjectionExpression instead. For more information, see AttributesToGet in the Amazon DynamoDB Developer\n Guide.
A map of table name to a list of items. Each object in Responses consists\n of a table name, along with a map of attribute data consisting of the data type and\n attribute value.
A map of table name or table ARN to a list of items. Each object in Responses consists\n of a table name or ARN, along with a map of attribute data consisting of the data type and\n attribute value.
The BatchWriteItem operation puts or deletes multiple items in one or\n more tables. A single call to BatchWriteItem can transmit up to 16MB of\n data over the network, consisting of up to 25 item put or delete operations. While\n individual items can be up to 400 KB once stored, it's important to note that an item's\n representation might be greater than 400KB while being sent in DynamoDB's JSON format\n for the API call. For more details on this distinction, see Naming Rules and Data Types.
\n BatchWriteItem cannot update items. If you perform a BatchWriteItem\n operation on an existing item, that item's values will be overwritten by the\n operation and it will appear like it was updated. To update items, we recommend you\n use the UpdateItem action.
The individual PutItem and DeleteItem operations specified\n in BatchWriteItem are atomic; however BatchWriteItem as a\n whole is not. If any requested operations fail because the table's provisioned\n throughput is exceeded or an internal processing failure occurs, the failed operations\n are returned in the UnprocessedItems response parameter. You can\n investigate and optionally resend the requests. Typically, you would call\n BatchWriteItem in a loop. Each iteration would check for unprocessed\n items and submit a new BatchWriteItem request with those unprocessed items\n until all items have been processed.
If none of the items can be processed due to insufficient\n provisioned throughput on all of the tables in the request, then\n BatchWriteItem returns a\n ProvisionedThroughputExceededException.
If DynamoDB returns any unprocessed items, you should retry the batch operation on\n those items. However, we strongly recommend that you use an exponential\n backoff algorithm. If you retry the batch operation immediately, the\n underlying read or write requests can still fail due to throttling on the individual\n tables. If you delay the batch operation using exponential backoff, the individual\n requests in the batch are much more likely to succeed.
\nFor more information, see Batch Operations and Error Handling in the Amazon DynamoDB\n Developer Guide.
\nWith BatchWriteItem, you can efficiently write or delete large amounts of\n data, such as from Amazon EMR, or copy data from another database into DynamoDB. In\n order to improve performance with these large-scale operations,\n BatchWriteItem does not behave in the same way as individual\n PutItem and DeleteItem calls would. For example, you\n cannot specify conditions on individual put and delete requests, and\n BatchWriteItem does not return deleted items in the response.
If you use a programming language that supports concurrency, you can use threads to\n write items in parallel. Your application must include the necessary logic to manage the\n threads. With languages that don't support threading, you must update or delete the\n specified items one at a time. In both situations, BatchWriteItem performs\n the specified put and delete operations in parallel, giving you the power of the thread\n pool approach without having to introduce complexity into your application.
Parallel processing reduces latency, but each specified put and delete request\n consumes the same number of write capacity units whether it is processed in parallel or\n not. Delete operations on nonexistent items consume one write capacity unit.
\nIf one or more of the following is true, DynamoDB rejects the entire batch write\n operation:
\nOne or more tables specified in the BatchWriteItem request does\n not exist.
Primary key attributes specified on an item in the request do not match those\n in the corresponding table's primary key schema.
\nYou try to perform multiple operations on the same item in the same\n BatchWriteItem request. For example, you cannot put and delete\n the same item in the same BatchWriteItem request.
Your request contains at least two items with identical hash and range keys\n (which essentially is two put operations).
\nThere are more than 25 requests in the batch.
\nAny individual item in a batch exceeds 400 KB.
\nThe total request size exceeds 16 MB.
\nThe BatchWriteItem operation puts or deletes multiple items in one or\n more tables. A single call to BatchWriteItem can transmit up to 16MB of\n data over the network, consisting of up to 25 item put or delete operations. While\n individual items can be up to 400 KB once stored, it's important to note that an item's\n representation might be greater than 400KB while being sent in DynamoDB's JSON format\n for the API call. For more details on this distinction, see Naming Rules and Data Types.
\n BatchWriteItem cannot update items. If you perform a BatchWriteItem\n operation on an existing item, that item's values will be overwritten by the\n operation and it will appear like it was updated. To update items, we recommend you\n use the UpdateItem action.
The individual PutItem and DeleteItem operations specified\n in BatchWriteItem are atomic; however BatchWriteItem as a\n whole is not. If any requested operations fail because the table's provisioned\n throughput is exceeded or an internal processing failure occurs, the failed operations\n are returned in the UnprocessedItems response parameter. You can\n investigate and optionally resend the requests. Typically, you would call\n BatchWriteItem in a loop. Each iteration would check for unprocessed\n items and submit a new BatchWriteItem request with those unprocessed items\n until all items have been processed.
If none of the items can be processed due to insufficient\n provisioned throughput on all of the tables in the request, then\n BatchWriteItem returns a\n ProvisionedThroughputExceededException.
If DynamoDB returns any unprocessed items, you should retry the batch operation on\n those items. However, we strongly recommend that you use an exponential\n backoff algorithm. If you retry the batch operation immediately, the\n underlying read or write requests can still fail due to throttling on the individual\n tables. If you delay the batch operation using exponential backoff, the individual\n requests in the batch are much more likely to succeed.
\nFor more information, see Batch Operations and Error Handling in the Amazon DynamoDB\n Developer Guide.
\nWith BatchWriteItem, you can efficiently write or delete large amounts of\n data, such as from Amazon EMR, or copy data from another database into DynamoDB. In\n order to improve performance with these large-scale operations,\n BatchWriteItem does not behave in the same way as individual\n PutItem and DeleteItem calls would. For example, you\n cannot specify conditions on individual put and delete requests, and\n BatchWriteItem does not return deleted items in the response.
If you use a programming language that supports concurrency, you can use threads to\n write items in parallel. Your application must include the necessary logic to manage the\n threads. With languages that don't support threading, you must update or delete the\n specified items one at a time. In both situations, BatchWriteItem performs\n the specified put and delete operations in parallel, giving you the power of the thread\n pool approach without having to introduce complexity into your application.
Parallel processing reduces latency, but each specified put and delete request\n consumes the same number of write capacity units whether it is processed in parallel or\n not. Delete operations on nonexistent items consume one write capacity unit.
\nIf one or more of the following is true, DynamoDB rejects the entire batch write\n operation:
\nOne or more tables specified in the BatchWriteItem request does\n not exist.
Primary key attributes specified on an item in the request do not match those\n in the corresponding table's primary key schema.
\nYou try to perform multiple operations on the same item in the same\n BatchWriteItem request. For example, you cannot put and delete\n the same item in the same BatchWriteItem request.
Your request contains at least two items with identical hash and range keys\n (which essentially is two put operations).
\nThere are more than 25 requests in the batch.
\nAny individual item in a batch exceeds 400 KB.
\nThe total request size exceeds 16 MB.
\nAny individual items with keys exceeding the key length limits. For a\n partition key, the limit is 2048 bytes and for a sort key, the limit is 1024\n bytes.
\nA map of one or more table names and, for each table, a list of operations to be\n performed (DeleteRequest or PutRequest). Each element in the\n map consists of the following:
\n DeleteRequest - Perform a DeleteItem operation on the\n specified item. The item to be deleted is identified by a Key\n subelement:
\n Key - A map of primary key attribute values that uniquely\n identify the item. Each entry in this map consists of an attribute name\n and an attribute value. For each primary key, you must provide\n all of the key attributes. For example, with a\n simple primary key, you only need to provide a value for the partition\n key. For a composite primary key, you must provide values for\n both the partition key and the sort key.
\n PutRequest - Perform a PutItem operation on the\n specified item. The item to be put is identified by an Item\n subelement:
\n Item - A map of attributes and their values. Each entry in\n this map consists of an attribute name and an attribute value. Attribute\n values must not be null; string and binary type attributes must have\n lengths greater than zero; and set type attributes must not be empty.\n Requests that contain empty values are rejected with a\n ValidationException exception.
If you specify any attributes that are part of an index key, then the\n data types for those attributes must match those of the schema in the\n table's attribute definition.
\nA map of one or more table names or table ARNs and, for each table, a list of operations to be\n performed (DeleteRequest or PutRequest). Each element in the\n map consists of the following:
\n DeleteRequest - Perform a DeleteItem operation on the\n specified item. The item to be deleted is identified by a Key\n subelement:
\n Key - A map of primary key attribute values that uniquely\n identify the item. Each entry in this map consists of an attribute name\n and an attribute value. For each primary key, you must provide\n all of the key attributes. For example, with a\n simple primary key, you only need to provide a value for the partition\n key. For a composite primary key, you must provide values for\n both the partition key and the sort key.
\n PutRequest - Perform a PutItem operation on the\n specified item. The item to be put is identified by an Item\n subelement:
\n Item - A map of attributes and their values. Each entry in\n this map consists of an attribute name and an attribute value. Attribute\n values must not be null; string and binary type attributes must have\n lengths greater than zero; and set type attributes must not be empty.\n Requests that contain empty values are rejected with a\n ValidationException exception.
If you specify any attributes that are part of an index key, then the\n data types for those attributes must match those of the schema in the\n table's attribute definition.
\nA map of tables and requests against those tables that were not processed. The\n UnprocessedItems value is in the same form as\n RequestItems, so you can provide this value directly to a subsequent\n BatchWriteItem operation. For more information, see\n RequestItems in the Request Parameters section.
Each UnprocessedItems entry consists of a table name and, for that table,\n a list of operations to perform (DeleteRequest or\n PutRequest).
\n DeleteRequest - Perform a DeleteItem operation on the\n specified item. The item to be deleted is identified by a Key\n subelement:
\n Key - A map of primary key attribute values that uniquely\n identify the item. Each entry in this map consists of an attribute name\n and an attribute value.
\n PutRequest - Perform a PutItem operation on the\n specified item. The item to be put is identified by an Item\n subelement:
\n Item - A map of attributes and their values. Each entry in\n this map consists of an attribute name and an attribute value. Attribute\n values must not be null; string and binary type attributes must have\n lengths greater than zero; and set type attributes must not be empty.\n Requests that contain empty values will be rejected with a\n ValidationException exception.
If you specify any attributes that are part of an index key, then the\n data types for those attributes must match those of the schema in the\n table's attribute definition.
\nIf there are no unprocessed items remaining, the response contains an empty\n UnprocessedItems map.
A map of tables and requests against those tables that were not processed. The\n UnprocessedItems value is in the same form as\n RequestItems, so you can provide this value directly to a subsequent\n BatchWriteItem operation. For more information, see\n RequestItems in the Request Parameters section.
Each UnprocessedItems entry consists of a table name or table ARN and, for that table,\n a list of operations to perform (DeleteRequest or\n PutRequest).
\n DeleteRequest - Perform a DeleteItem operation on the\n specified item. The item to be deleted is identified by a Key\n subelement:
\n Key - A map of primary key attribute values that uniquely\n identify the item. Each entry in this map consists of an attribute name\n and an attribute value.
\n PutRequest - Perform a PutItem operation on the\n specified item. The item to be put is identified by an Item\n subelement:
\n Item - A map of attributes and their values. Each entry in\n this map consists of an attribute name and an attribute value. Attribute\n values must not be null; string and binary type attributes must have\n lengths greater than zero; and set type attributes must not be empty.\n Requests that contain empty values will be rejected with a\n ValidationException exception.
If you specify any attributes that are part of an index key, then the\n data types for those attributes must match those of the schema in the\n table's attribute definition.
\nIf there are no unprocessed items remaining, the response contains an empty\n UnprocessedItems map.
Name of the table for the check item request.
", + "smithy.api#documentation": "Name of the table for the check item request. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -1625,6 +1642,12 @@ } } }, + "com.amazonaws.dynamodb#ConfirmRemoveSelfResourceAccess": { + "type": "boolean", + "traits": { + "smithy.api#default": false + } + }, "com.amazonaws.dynamodb#ConsistentRead": { "type": "boolean" }, @@ -1632,9 +1655,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table that was affected by the operation.
" + "smithy.api#documentation": "The name of the table that was affected by the operation. If you had specified the Amazon Resource Name (ARN) of a table in the input, you'll see the table ARN in the response.
" } }, "CapacityUnits": { @@ -1675,7 +1698,7 @@ } }, "traits": { - "smithy.api#documentation": "The capacity units consumed by an operation. The data returned includes the total\n provisioned throughput consumed, along with statistics for the table and any indexes\n involved in the operation. ConsumedCapacity is only returned if the request\n asked for it. For more information, see Provisioned Throughput in the Amazon DynamoDB Developer\n Guide.
The capacity units consumed by an operation. The data returned includes the total\n provisioned throughput consumed, along with statistics for the table and any indexes\n involved in the operation. ConsumedCapacity is only returned if the request\n asked for it. For more information, see Provisioned capacity mode in the Amazon DynamoDB Developer\n Guide.
The name of the table.
", + "smithy.api#documentation": "The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -1936,6 +1959,12 @@ "traits": { "smithy.api#documentation": "Represents the provisioned throughput settings for the specified global secondary\n index.
\nFor current minimum and maximum provisioned throughput values, see Service,\n Account, and Table Quotas in the Amazon DynamoDB Developer\n Guide.
" } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput", + "traits": { + "smithy.api#documentation": "The maximum number of read and write units for the global secondary index being created. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Creates a global table from an existing table. A global table creates a replication\n relationship between two or more DynamoDB tables with the same table name in the\n provided Regions.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nIf you want to add a new replica table to a global table, each of the following\n conditions must be true:
\nThe table must have the same primary key as all of the other replicas.
\nThe table must have the same name as all of the other replicas.
\nThe table must have DynamoDB Streams enabled, with the stream containing both\n the new and the old images of the item.
\nNone of the replica tables in the global table can contain any data.
\nIf global secondary indexes are specified, then the following conditions must also be\n met:
\nThe global secondary indexes must have the same name.
\nThe global secondary indexes must have the same hash key and sort key (if\n present).
\nIf local secondary indexes are specified, then the following conditions must also be\n met:
\nThe local secondary indexes must have the same name.
\nThe local secondary indexes must have the same hash key and sort key (if\n present).
\nWrite capacity settings should be set consistently across your replica tables and\n secondary indexes. DynamoDB strongly recommends enabling auto scaling to manage the\n write capacity settings for all of your global tables replicas and indexes.
\nIf you prefer to manage write capacity settings manually, you should provision\n equal replicated write capacity units to your replica tables. You should also\n provision equal replicated write capacity units to matching secondary indexes across\n your global table.
\nCreates a global table from an existing table. A global table creates a replication\n relationship between two or more DynamoDB tables with the same table name in the\n provided Regions.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version), as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nIf you want to add a new replica table to a global table, each of the following\n conditions must be true:
\nThe table must have the same primary key as all of the other replicas.
\nThe table must have the same name as all of the other replicas.
\nThe table must have DynamoDB Streams enabled, with the stream containing both\n the new and the old images of the item.
\nNone of the replica tables in the global table can contain any data.
\nIf global secondary indexes are specified, then the following conditions must also be\n met:
\nThe global secondary indexes must have the same name.
\nThe global secondary indexes must have the same hash key and sort key (if\n present).
\nIf local secondary indexes are specified, then the following conditions must also be\n met:
\nThe local secondary indexes must have the same name.
\nThe local secondary indexes must have the same hash key and sort key (if\n present).
\nWrite capacity settings should be set consistently across your replica tables and\n secondary indexes. DynamoDB strongly recommends enabling auto scaling to manage the\n write capacity settings for all of your global tables replicas and indexes.
\nIf you prefer to manage write capacity settings manually, you should provision\n equal replicated write capacity units to your replica tables. You should also\n provision equal replicated write capacity units to matching secondary indexes across\n your global table.
\nReplica-specific provisioned throughput. If not specified, uses the source table's\n provisioned throughput settings.
" } }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughputOverride", + "traits": { + "smithy.api#documentation": "The maximum on-demand throughput settings for the specified replica table being created. You can only modify MaxReadRequestUnits, because you can't modify MaxWriteRequestUnits for individual replica tables.\n
The name of the table to create.
", + "smithy.api#documentation": "The name of the table to create. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -2132,7 +2167,7 @@ "BillingMode": { "target": "com.amazonaws.dynamodb#BillingMode", "traits": { - "smithy.api#documentation": "Controls how you are charged for read and write throughput and how you manage\n capacity. This setting can be changed later.
\n\n PROVISIONED - We recommend using PROVISIONED for\n predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode.
\n PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST\n for unpredictable workloads. PAY_PER_REQUEST sets the billing mode\n to On-Demand Mode.
Controls how you are charged for read and write throughput and how you manage\n capacity. This setting can be changed later.
\n\n PROVISIONED - We recommend using PROVISIONED for\n predictable workloads. PROVISIONED sets the billing mode to Provisioned capacity mode.
\n PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST\n for unpredictable workloads. PAY_PER_REQUEST sets the billing mode\n to On-demand capacity mode.
Indicates whether deletion protection is to be enabled (true) or disabled (false) on the table.
" } + }, + "ResourcePolicy": { + "target": "com.amazonaws.dynamodb#ResourcePolicy", + "traits": { + "smithy.api#documentation": "An Amazon Web Services resource-based policy document in JSON format that will be attached to the table.
\nWhen you attach a resource-based policy while creating a table, the policy application is strongly consistent.
\nThe maximum size supported for a resource-based policy document is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit. For a full list of all considerations that apply for resource-based policies, see Resource-based policy considerations.
\nYou need to specify the CreateTable and PutResourcePolicy IAM actions for authorizing a user to create a table with a resource-based policy.
Sets the maximum number of read and write units for the specified table in on-demand capacity mode. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Name of the table in which the item to be deleted resides.
", + "smithy.api#documentation": "Name of the table in which the item to be deleted resides. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -2437,9 +2484,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table from which to delete the item.
", + "smithy.api#documentation": "The name of the table from which to delete the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -2519,7 +2566,7 @@ "ConsumedCapacity": { "target": "com.amazonaws.dynamodb#ConsumedCapacity", "traits": { - "smithy.api#documentation": "The capacity units consumed by the DeleteItem operation. The data\n returned includes the total provisioned throughput consumed, along with statistics for\n the table and any indexes involved in the operation. ConsumedCapacity is\n only returned if the ReturnConsumedCapacity parameter was specified. For\n more information, see Provisioned Throughput in the Amazon DynamoDB Developer\n Guide.
The capacity units consumed by the DeleteItem operation. The data\n returned includes the total provisioned throughput consumed, along with statistics for\n the table and any indexes involved in the operation. ConsumedCapacity is\n only returned if the ReturnConsumedCapacity parameter was specified. For\n more information, see Provisioned capacity mode in the Amazon DynamoDB Developer\n Guide.
Represents a request to perform a DeleteItem operation on an item.
Deletes the resource-based policy attached to the resource, which can be a table or stream.
\n\n DeleteResourcePolicy is an idempotent operation; running it multiple times on the same resource doesn't result in an error response, unless you specify an ExpectedRevisionId, which will then return a PolicyNotFoundException.
To make sure that you don't inadvertently lock yourself out of your own resources, the root principal in your Amazon Web Services account can perform DeleteResourcePolicy requests, even if your resource-based policy explicitly denies the root principal's access.\n
\n DeleteResourcePolicy is an asynchronous operation. If you issue a GetResourcePolicy request immediately after running the DeleteResourcePolicy request, DynamoDB might still return the deleted policy. This is because the policy for your resource might not have been deleted yet. Wait for a few seconds, and then try the GetResourcePolicy request again.
The Amazon Resource Name (ARN) of the DynamoDB resource from which the policy will be removed. The resources you can specify include tables and streams. If you remove the policy of a table, it will also remove the permissions for the table's indexes defined in that policy document. This is because index permissions are defined in the table's policy.
", + "smithy.api#required": {} + } + }, + "ExpectedRevisionId": { + "target": "com.amazonaws.dynamodb#PolicyRevisionId", + "traits": { + "smithy.api#documentation": "A string value that you can use to conditionally delete your policy. When you provide an expected revision ID, if the revision ID of the existing policy on the resource doesn't match or if there's no policy attached to the resource, the request will fail and return a PolicyNotFoundException.
A unique string that represents the revision ID of the policy. If you're comparing revision IDs, make sure to always use string comparison logic.
\nThis value will be empty if you make a request against a resource without a policy.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.dynamodb#DeleteTable": { "type": "operation", "input": { @@ -2608,7 +2725,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "The DeleteTable operation deletes a table and all of its items. After a\n DeleteTable request, the specified table is in the\n DELETING state until DynamoDB completes the deletion. If the table is\n in the ACTIVE state, you can delete it. If a table is in\n CREATING or UPDATING states, then DynamoDB returns a\n ResourceInUseException. If the specified table does not exist, DynamoDB\n returns a ResourceNotFoundException. If table is already in the\n DELETING state, no error is returned.
This operation only applies to Version 2019.11.21 (Current) \n of global tables.\n
\nDynamoDB might continue to accept data read and write operations, such as\n GetItem and PutItem, on a table in the\n DELETING state until the table deletion is complete.
When you delete a table, any indexes on that table are also deleted.
\nIf you have DynamoDB Streams enabled on the table, then the corresponding stream on\n that table goes into the DISABLED state, and the stream is automatically\n deleted after 24 hours.
Use the DescribeTable action to check the status of the table.
The DeleteTable operation deletes a table and all of its items. After a\n DeleteTable request, the specified table is in the\n DELETING state until DynamoDB completes the deletion. If the table is\n in the ACTIVE state, you can delete it. If a table is in\n CREATING or UPDATING states, then DynamoDB returns a\n ResourceInUseException. If the specified table does not exist, DynamoDB\n returns a ResourceNotFoundException. If table is already in the\n DELETING state, no error is returned.
For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).\n
\nDynamoDB might continue to accept data read and write operations, such as\n GetItem and PutItem, on a table in the\n DELETING state until the table deletion is complete.
When you delete a table, any indexes on that table are also deleted.
\nIf you have DynamoDB Streams enabled on the table, then the corresponding stream on\n that table goes into the DISABLED state, and the stream is automatically\n deleted after 24 hours.
Use the DescribeTable action to check the status of the table.
The name of the table to delete.
", + "smithy.api#documentation": "The name of the table to delete. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } } @@ -2752,9 +2869,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "Name of the table for which the customer wants to check the continuous backups and\n point in time recovery settings.
", + "smithy.api#documentation": "Name of the table for which the customer wants to check the continuous backups and\n point in time recovery settings.
\nYou can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } } @@ -2801,9 +2918,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table to describe.
", + "smithy.api#documentation": "The name of the table to describe. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -2971,7 +3088,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "Returns information about the specified global table.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using \n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nReturns information about the specified global table.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version), as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nDescribes Region-specific settings for a global table.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nDescribes Region-specific settings for a global table.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version), as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nThe name of the table being described.
", + "smithy.api#documentation": "The name of the table being described. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } } @@ -3271,7 +3388,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "Returns information about the table, including the current status of the table, when\n it was created, the primary key schema, and any indexes on the table.
\nThis operation only applies to Version 2019.11.21 (Current) \n of global tables.\n
\nIf you issue a DescribeTable request immediately after a\n CreateTable request, DynamoDB might return a\n ResourceNotFoundException. This is because\n DescribeTable uses an eventually consistent query, and the metadata\n for your table might not be available at that moment. Wait for a few seconds, and\n then try the DescribeTable request again.
Returns information about the table, including the current status of the table, when\n it was created, the primary key schema, and any indexes on the table.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).\n
\nIf you issue a DescribeTable request immediately after a\n CreateTable request, DynamoDB might return a\n ResourceNotFoundException. This is because\n DescribeTable uses an eventually consistent query, and the metadata\n for your table might not be available at that moment. Wait for a few seconds, and\n then try the DescribeTable request again.
The name of the table to describe.
", + "smithy.api#documentation": "The name of the table to describe. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } } @@ -3356,16 +3473,16 @@ } ], "traits": { - "smithy.api#documentation": "Describes auto scaling settings across replicas of the global table at once.
\nThis operation only applies to Version 2019.11.21 (Current)\n of global tables.
\nDescribes auto scaling settings across replicas of the global table at once.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).
\nThe name of the table.
", + "smithy.api#documentation": "The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } } @@ -3418,9 +3535,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table to be described.
", + "smithy.api#documentation": "The name of the table to be described. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } } @@ -3475,6 +3592,12 @@ "traits": { "smithy.api#enumValue": "ENABLE_FAILED" } + }, + "UPDATING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UPDATING" + } } } }, @@ -3553,6 +3676,9 @@ { "target": "com.amazonaws.dynamodb#DeleteItem" }, + { + "target": "com.amazonaws.dynamodb#DeleteResourcePolicy" + }, { "target": "com.amazonaws.dynamodb#DeleteTable" }, @@ -3613,6 +3739,9 @@ { "target": "com.amazonaws.dynamodb#GetItem" }, + { + "target": "com.amazonaws.dynamodb#GetResourcePolicy" + }, { "target": "com.amazonaws.dynamodb#ImportTable" }, @@ -3640,6 +3769,9 @@ { "target": "com.amazonaws.dynamodb#PutItem" }, + { + "target": "com.amazonaws.dynamodb#PutResourcePolicy" + }, { "target": "com.amazonaws.dynamodb#Query" }, @@ -3679,6 +3811,9 @@ { "target": "com.amazonaws.dynamodb#UpdateItem" }, + { + "target": "com.amazonaws.dynamodb#UpdateKinesisStreamingDestination" + }, { "target": "com.amazonaws.dynamodb#UpdateTable" }, @@ -3706,6 +3841,9 @@ }, "aws.protocols#awsJson1_0": {}, "smithy.api#documentation": "Amazon DynamoDB is a fully managed NoSQL database service that provides fast\n and predictable performance with seamless scalability. DynamoDB lets you\n offload the administrative burdens of operating and scaling a distributed database, so\n that you don't have to worry about hardware provisioning, setup and configuration,\n replication, software patching, or cluster scaling.
\nWith DynamoDB, you can create database tables that can store and retrieve\n any amount of data, and serve any level of request traffic. You can scale up or scale\n down your tables' throughput capacity without downtime or performance degradation, and\n use the Amazon Web Services Management Console to monitor resource utilization and performance\n metrics.
\nDynamoDB automatically spreads the data and traffic for your tables over\n a sufficient number of servers to handle your throughput and storage requirements, while\n maintaining consistent and fast performance. All of your data is stored on solid state\n disks (SSDs) and automatically replicated across multiple Availability Zones in an\n Amazon Web Services Region, providing built-in high availability and data\n durability.
", + "smithy.api#suppress": [ + "RuleSetAwsBuiltIn.AWS::Auth::AccountId" + ], "smithy.api#title": "Amazon DynamoDB", "smithy.api#xmlNamespace": { "uri": "http://dynamodb.amazonaws.com/doc/2012-08-10/" @@ -4791,6 +4929,20 @@ } } }, + "com.amazonaws.dynamodb#EnableKinesisStreamingConfiguration": { + "type": "structure", + "members": { + "ApproximateCreationDateTimePrecision": { + "target": "com.amazonaws.dynamodb#ApproximateCreationDateTimePrecision", + "traits": { + "smithy.api#documentation": "Toggle for the precision of Kinesis data stream timestamp. The values are either MILLISECOND or MICROSECOND.
Enables setting the configuration for Kinesis Streaming.
" + } + }, "com.amazonaws.dynamodb#EnableKinesisStreamingDestination": { "type": "operation", "input": { @@ -5428,7 +5580,7 @@ "S3BucketOwner": { "target": "com.amazonaws.dynamodb#S3BucketOwner", "traits": { - "smithy.api#documentation": "The ID of the Amazon Web Services account that owns the bucket the export will be\n stored in.
" + "smithy.api#documentation": "The ID of the Amazon Web Services account that owns the bucket the export will be\n stored in.
\nS3BucketOwner is a required parameter when exporting to a S3 bucket in another account.
\nThe name of the table from which to retrieve the specified item.
", + "smithy.api#documentation": "The name of the table from which to retrieve the specified item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -5685,9 +5837,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table containing the requested item.
", + "smithy.api#documentation": "The name of the table containing the requested item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -5743,7 +5895,7 @@ "ConsumedCapacity": { "target": "com.amazonaws.dynamodb#ConsumedCapacity", "traits": { - "smithy.api#documentation": "The capacity units consumed by the GetItem operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see Provisioned Throughput in the Amazon DynamoDB Developer\n Guide.
The capacity units consumed by the GetItem operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see Capacity unit consumption for read operations in the Amazon DynamoDB Developer\n Guide.
Returns the resource-based policy document attached to the resource, which can be a table or stream, in JSON format.
\n\n GetResourcePolicy follows an \n eventually consistent\n model. The following list describes the outcomes when you issue the GetResourcePolicy request immediately after issuing another request:
If you issue a GetResourcePolicy request immediately after a PutResourcePolicy request, DynamoDB might return a PolicyNotFoundException.
If you issue a GetResourcePolicyrequest immediately after a DeleteResourcePolicy request, DynamoDB might return the policy that was present before the deletion request.
If you issue a GetResourcePolicy request immediately after a CreateTable request, which includes a resource-based policy, DynamoDB might return a ResourceNotFoundException or a PolicyNotFoundException.
Because GetResourcePolicy uses an eventually consistent query, the metadata for your policy or table might not be available at that moment. Wait for a few seconds, and then retry the GetResourcePolicy request.
After a GetResourcePolicy request returns a policy created using the PutResourcePolicy request, the policy will be applied in the authorization of requests to the resource. Because this process is eventually consistent, it will take some time to apply the policy to all requests to a resource. Policies that you attach while creating a table using the CreateTable request will always be applied to all requests for that table.
The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy is attached. The resources you can specify include tables and streams.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.dynamodb#GetResourcePolicyOutput": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.dynamodb#ResourcePolicy", + "traits": { + "smithy.api#documentation": "The resource-based policy document attached to the resource, which can be a table or stream, in JSON format.
" + } + }, + "RevisionId": { + "target": "com.amazonaws.dynamodb#PolicyRevisionId", + "traits": { + "smithy.api#documentation": "A unique string that represents the revision ID of the policy. If you're comparing revision IDs, make sure to always use string comparison logic.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.dynamodb#GlobalSecondaryIndex": { "type": "structure", "members": { @@ -5781,6 +5997,12 @@ "traits": { "smithy.api#documentation": "Represents the provisioned throughput settings for the specified global secondary\n index.
\nFor current minimum and maximum provisioned throughput values, see Service,\n Account, and Table Quotas in the Amazon DynamoDB Developer\n Guide.
" } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput", + "traits": { + "smithy.api#documentation": "The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
The Amazon Resource Name (ARN) that uniquely identifies the index.
" } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput", + "traits": { + "smithy.api#documentation": "The maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Represents the provisioned throughput settings for the specified global secondary\n index.
" } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput" } }, "traits": { @@ -6731,7 +6962,7 @@ "com.amazonaws.dynamodb#ItemCollectionMetricsPerTable": { "type": "map", "key": { - "target": "com.amazonaws.dynamodb#TableName" + "target": "com.amazonaws.dynamodb#TableArn" }, "value": { "target": "com.amazonaws.dynamodb#ItemCollectionMetricsMultiple" @@ -6959,6 +7190,12 @@ "traits": { "smithy.api#documentation": "The human-readable string that corresponds to the replica status.
" } + }, + "ApproximateCreationDateTimePrecision": { + "target": "com.amazonaws.dynamodb#ApproximateCreationDateTimePrecision", + "traits": { + "smithy.api#documentation": "The precision of the Kinesis data stream timestamp. The values are either MILLISECOND or MICROSECOND.
The name of the DynamoDB table.
", + "smithy.api#documentation": "The name of the DynamoDB table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -6987,6 +7224,12 @@ "smithy.api#documentation": "The ARN for a Kinesis data stream.
", "smithy.api#required": {} } + }, + "EnableKinesisStreamingConfiguration": { + "target": "com.amazonaws.dynamodb#EnableKinesisStreamingConfiguration", + "traits": { + "smithy.api#documentation": "The source for the Kinesis streaming information that is being enabled.
" + } } } }, @@ -7010,6 +7253,12 @@ "traits": { "smithy.api#documentation": "The current status of the replication.
" } + }, + "EnableKinesisStreamingConfiguration": { + "target": "com.amazonaws.dynamodb#EnableKinesisStreamingConfiguration", + "traits": { + "smithy.api#documentation": "The destination for the Kinesis streaming information that is being enabled.
" + } } } }, @@ -7064,9 +7313,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The backups from the table specified by TableName are listed.
Lists the backups from the table specified in TableName. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
The name of the table.
" + "smithy.api#documentation": "The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
" } }, "NextToken": { @@ -7305,7 +7554,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "Lists all global tables that have a replica in the specified Region.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nLists all global tables that have a replica in the specified Region.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version), as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nMaximum number of read request units for the specified table.
\nTo specify a maximum OnDemandThroughput on your table, set the value of MaxReadRequestUnits as greater than or equal to 1. To remove the maximum OnDemandThroughput that is currently set on your table, set the value of MaxReadRequestUnits to -1.
Maximum number of write request units for the specified table.
\nTo specify a maximum OnDemandThroughput on your table, set the value of MaxWriteRequestUnits as greater than or equal to 1. To remove the maximum OnDemandThroughput that is currently set on your table, set the value of MaxWriteRequestUnits to -1.
Sets the maximum number of read and write units for the specified on-demand table. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Maximum number of read request units for the specified replica table.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Overrides the on-demand throughput settings for this replica table. If you don't specify a value for this parameter, it uses the source table's on-demand throughput settings.
" + } + }, "com.amazonaws.dynamodb#ParameterizedStatement": { "type": "structure", "members": { "Statement": { "target": "com.amazonaws.dynamodb#PartiQLStatement", "traits": { - "smithy.api#documentation": "A PartiQL statment that uses parameters.
", + "smithy.api#documentation": "A PartiQL statement that uses parameters.
", "smithy.api#required": {} } }, @@ -7795,7 +8078,7 @@ } }, "traits": { - "smithy.api#documentation": "Represents a PartiQL statment that uses parameters.
" + "smithy.api#documentation": "Represents a PartiQL statement that uses parameters.
" } }, "com.amazonaws.dynamodb#ParameterizedStatements": { @@ -7916,6 +8199,27 @@ "smithy.api#error": "client" } }, + "com.amazonaws.dynamodb#PolicyNotFoundException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.dynamodb#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "The operation tried to access a nonexistent resource-based policy.
\nIf you specified an ExpectedRevisionId, it's possible that a policy is present for the resource but its revision ID didn't match the expected value.
The set of attributes that are projected into the index:
\n\n KEYS_ONLY - Only the index and primary keys are projected into the\n index.
\n INCLUDE - In addition to the attributes described in\n KEYS_ONLY, the secondary index will include other non-key\n attributes that you specify.
\n ALL - All of the table attributes are projected into the\n index.
The set of attributes that are projected into the index:
\n\n KEYS_ONLY - Only the index and primary keys are projected into the\n index.
\n INCLUDE - In addition to the attributes described in\n KEYS_ONLY, the secondary index will include other non-key\n attributes that you specify.
\n ALL - All of the table attributes are projected into the\n index.
When using the DynamoDB console, ALL is selected by default.
Name of the table in which to write the item.
", + "smithy.api#documentation": "Name of the table in which to write the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -8205,9 +8509,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table to contain the item.
", + "smithy.api#documentation": "The name of the table to contain the item. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -8296,7 +8600,7 @@ "ConsumedCapacity": { "target": "com.amazonaws.dynamodb#ConsumedCapacity", "traits": { - "smithy.api#documentation": "The capacity units consumed by the PutItem operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see Provisioned Throughput in the Amazon DynamoDB Developer\n Guide.
The capacity units consumed by the PutItem operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see Capacity unity consumption for write operations in the Amazon DynamoDB Developer\n Guide.
Represents a request to perform a PutItem operation on an item.
Attaches a resource-based policy document to the resource, which can be a table or stream. When you attach a resource-based policy using this API, the policy application is \n eventually consistent\n .
\n\n PutResourcePolicy is an idempotent operation; running it multiple times on the same resource using the same policy document will return the same revision ID. If you specify an ExpectedRevisionId that doesn't match the current policy's RevisionId, the PolicyNotFoundException will be returned.
\n PutResourcePolicy is an asynchronous operation. If you issue a GetResourcePolicy request immediately after a PutResourcePolicy request, DynamoDB might return your previous policy, if there was one, or return the PolicyNotFoundException. This is because GetResourcePolicy uses an eventually consistent query, and the metadata for your policy or table might not be available at that moment. Wait for a few seconds, and then try the GetResourcePolicy request again.
The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy will be attached. The resources you can specify include tables and streams.
\nYou can control index permissions using the base table's policy. To specify the same permission level for your table and its indexes, you can provide both the table and index Amazon Resource Name (ARN)s in the Resource field of a given Statement in your policy document. Alternatively, to specify different permissions for your table, indexes, or both, you can define multiple Statement fields in your policy document.
An Amazon Web Services resource-based policy document in JSON format.
\nThe maximum size supported for a resource-based policy document is 20 KB. DynamoDB counts whitespaces when calculating the size of a policy against this limit.
\nWithin a resource-based policy, if the action for a DynamoDB service-linked role (SLR) to replicate data for a global table is denied, adding or deleting a replica will fail with an error.
\nFor a full list of all considerations that apply while attaching a resource-based policy, see Resource-based policy considerations.
", + "smithy.api#required": {} + } + }, + "ExpectedRevisionId": { + "target": "com.amazonaws.dynamodb#PolicyRevisionId", + "traits": { + "smithy.api#documentation": "A string value that you can use to conditionally update your policy. You can provide the revision ID of your existing policy to make mutating requests against that policy.
\nWhen you provide an expected revision ID, if the revision ID of the existing policy on the resource doesn't match or if there's no policy attached to the resource, your request will be rejected with a PolicyNotFoundException.
To conditionally attach a policy when no policy exists for the resource, specify NO_POLICY for the revision ID.
Set this parameter to true to confirm that you want to remove your permissions to change the policy of this resource in the future.
A unique string that represents the revision ID of the policy. If you're comparing revision IDs, make sure to always use string comparison logic.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.dynamodb#Query": { "type": "operation", "input": { @@ -8399,9 +8788,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table containing the requested items.
", + "smithy.api#documentation": "The name of the table containing the requested items. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -8477,7 +8866,7 @@ "FilterExpression": { "target": "com.amazonaws.dynamodb#ConditionExpression", "traits": { - "smithy.api#documentation": "A string that contains conditions that DynamoDB applies after the Query\n operation, but before the data is returned to you. Items that do not satisfy the\n FilterExpression criteria are not returned.
A FilterExpression does not allow key attributes. You cannot define a\n filter expression based on a partition key or a sort key.
A FilterExpression is applied after the items have already been read;\n the process of filtering does not consume any additional read capacity units.
For more information, see Filter Expressions in the Amazon DynamoDB Developer\n Guide.
" + "smithy.api#documentation": "A string that contains conditions that DynamoDB applies after the Query\n operation, but before the data is returned to you. Items that do not satisfy the\n FilterExpression criteria are not returned.
A FilterExpression does not allow key attributes. You cannot define a\n filter expression based on a partition key or a sort key.
A FilterExpression is applied after the items have already been read;\n the process of filtering does not consume any additional read capacity units.
For more information, see Filter Expressions in the Amazon DynamoDB Developer\n Guide.
" } }, "KeyConditionExpression": { @@ -8536,7 +8925,7 @@ "ConsumedCapacity": { "target": "com.amazonaws.dynamodb#ConsumedCapacity", "traits": { - "smithy.api#documentation": "The capacity units consumed by the Query operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see Provisioned Throughput in the Amazon DynamoDB Developer\n Guide.
The capacity units consumed by the Query operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see Capacity unit consumption for read operations in the Amazon DynamoDB Developer\n Guide.
Replica-specific provisioned throughput. If not described, uses the source table's\n provisioned throughput settings.
" } }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughputOverride", + "traits": { + "smithy.api#documentation": "Overrides the maximum on-demand throughput settings for the specified replica table.
" + } + }, "GlobalSecondaryIndexes": { "target": "com.amazonaws.dynamodb#ReplicaGlobalSecondaryIndexDescriptionList", "traits": { @@ -8727,6 +9122,12 @@ "traits": { "smithy.api#documentation": "Replica table GSI-specific provisioned throughput. If not specified, uses the source\n table GSI's read capacity settings.
" } + }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughputOverride", + "traits": { + "smithy.api#documentation": "Overrides the maximum on-demand throughput settings for the specified global secondary index in the specified replica table.
" + } } }, "traits": { @@ -8802,6 +9203,12 @@ "traits": { "smithy.api#documentation": "If not described, uses the source table GSI's read capacity settings.
" } + }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughputOverride", + "traits": { + "smithy.api#documentation": "Overrides the maximum on-demand throughput for the specified global secondary index in the specified replica table.
" + } } }, "traits": { @@ -9217,6 +9624,9 @@ "smithy.api#error": "client" } }, + "com.amazonaws.dynamodb#ResourcePolicy": { + "type": "string" + }, "com.amazonaws.dynamodb#RestoreInProgress": { "type": "boolean" }, @@ -9333,6 +9743,9 @@ "smithy.api#documentation": "Provisioned throughput settings for the restored table.
" } }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput" + }, "SSESpecificationOverride": { "target": "com.amazonaws.dynamodb#SSESpecification", "traits": { @@ -9396,7 +9809,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "Restores the specified table to the specified point in time within\n EarliestRestorableDateTime and LatestRestorableDateTime.\n You can restore your table to any point in time during the last 35 days. Any number of\n users can execute up to 4 concurrent restores (any type of restore) in a given account.
When you restore using point in time recovery, DynamoDB restores your table data to\n the state based on the selected date and time (day:hour:minute:second) to a new table.
\nAlong with data, the following are also included on the new restored table using\n point in time recovery:
\nGlobal secondary indexes (GSIs)
\nLocal secondary indexes (LSIs)
\nProvisioned read and write capacity
\nEncryption settings
\nAll these settings come from the current settings of the source table at\n the time of restore.
\nYou must manually set up the following on the restored table:
\nAuto scaling policies
\nIAM policies
\nAmazon CloudWatch metrics and alarms
\nTags
\nStream settings
\nTime to Live (TTL) settings
\nPoint in time recovery settings
\nRestores the specified table to the specified point in time within\n EarliestRestorableDateTime and LatestRestorableDateTime.\n You can restore your table to any point in time during the last 35 days. Any number of\n users can execute up to 50 concurrent restores (any type of restore) in a given account.
When you restore using point in time recovery, DynamoDB restores your table data to\n the state based on the selected date and time (day:hour:minute:second) to a new table.
\nAlong with data, the following are also included on the new restored table using\n point in time recovery:
\nGlobal secondary indexes (GSIs)
\nLocal secondary indexes (LSIs)
\nProvisioned read and write capacity
\nEncryption settings
\nAll these settings come from the current settings of the source table at\n the time of restore.
\nYou must manually set up the following on the restored table:
\nAuto scaling policies
\nIAM policies
\nAmazon CloudWatch metrics and alarms
\nTags
\nStream settings
\nTime to Live (TTL) settings
\nPoint in time recovery settings
\nProvisioned throughput settings for the restored table.
" } }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput" + }, "SSESpecificationOverride": { "target": "com.amazonaws.dynamodb#SSESpecification", "traits": { @@ -9879,9 +10295,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table containing the requested items; or, if you provide\n IndexName, the name of the table to which that index belongs.
The name of the table containing the requested items or if you provide\n IndexName, the name of the table to which that index belongs.
You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -10010,7 +10426,7 @@ "ConsumedCapacity": { "target": "com.amazonaws.dynamodb#ConsumedCapacity", "traits": { - "smithy.api#documentation": "The capacity units consumed by the Scan operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see \n Provisioned Throughput \n in the Amazon DynamoDB Developer Guide.
The capacity units consumed by the Scan operation. The data returned\n includes the total provisioned throughput consumed, along with statistics for the table\n and any indexes involved in the operation. ConsumedCapacity is only\n returned if the ReturnConsumedCapacity parameter was specified. For more\n information, see \n Capacity unit consumption for read operations in the Amazon DynamoDB Developer Guide.
Indicates whether deletion protection is enabled (true) or disabled (false) on the table.
" } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput", + "traits": { + "smithy.api#documentation": "The maximum number of read and write units for the specified on-demand table. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Name of the table for the UpdateItem request.
Name of the table for the UpdateItem request. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
The name of the table.
", + "smithy.api#documentation": "The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -11293,9 +11727,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table.
", + "smithy.api#documentation": "The name of the table. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -11359,8 +11793,13 @@ "ProvisionedThroughput": { "target": "com.amazonaws.dynamodb#ProvisionedThroughput", "traits": { - "smithy.api#documentation": "Represents the provisioned throughput settings for the specified global secondary\n index.
\nFor current minimum and maximum provisioned throughput values, see Service,\n Account, and Table Quotas in the Amazon DynamoDB Developer\n Guide.
", - "smithy.api#required": {} + "smithy.api#documentation": "Represents the provisioned throughput settings for the specified global secondary\n index.
\nFor current minimum and maximum provisioned throughput values, see Service,\n Account, and Table Quotas in the Amazon DynamoDB Developer\n Guide.
" + } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput", + "traits": { + "smithy.api#documentation": "Updates the maximum number of read and write units for the specified global secondary index. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Adds or removes replicas in the specified global table. The global table must already\n exist to be able to use this operation. Any replica to be added must be empty, have the\n same name as the global table, have the same key schema, have DynamoDB Streams enabled,\n and have the same provisioned and maximum write capacity units.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\n\n This operation only applies to Version\n 2017.11.29 of global tables. If you are using global tables Version\n 2019.11.21 you can use DescribeTable instead.\n
\n\n Although you can use UpdateGlobalTable to add replicas and remove\n replicas in a single request, for simplicity we recommend that you issue separate\n requests for adding or removing replicas.\n
If global secondary indexes are specified, then the following conditions must also be\n met:
\nThe global secondary indexes must have the same name.
\nThe global secondary indexes must have the same hash key and sort key (if\n present).
\nThe global secondary indexes must have the same provisioned and maximum write\n capacity units.
\nAdds or removes replicas in the specified global table. The global table must already\n exist to be able to use this operation. Any replica to be added must be empty, have the\n same name as the global table, have the same key schema, have DynamoDB Streams enabled,\n and have the same provisioned and maximum write capacity units.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version), as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\n\n For global tables, this operation only applies to global tables using Version 2019.11.21 (Current version). If you are using global tables Version\n 2019.11.21 you can use UpdateTable instead.\n
\n\n Although you can use UpdateGlobalTable to add replicas and remove\n replicas in a single request, for simplicity we recommend that you issue separate\n requests for adding or removing replicas.\n
If global secondary indexes are specified, then the following conditions must also be\n met:
\nThe global secondary indexes must have the same name.
\nThe global secondary indexes must have the same hash key and sort key (if\n present).
\nThe global secondary indexes must have the same provisioned and maximum write\n capacity units.
\nUpdates settings for a global table.
\nThis operation only applies to Version\n 2017.11.29 (Legacy) of global tables. We recommend using\n Version 2019.11.21 (Current)\n when creating new global tables, as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nUpdates settings for a global table.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version), as it provides greater flexibility, higher efficiency and consumes less write capacity than \n 2017.11.29 (Legacy). To determine which version you are using, see \n Determining the version. \n To update existing global tables from version 2017.11.29 (Legacy) to version\n 2019.11.21 (Current), see \n Updating global tables.\n
\nThe billing mode of the global table. If GlobalTableBillingMode is not\n specified, the global table defaults to PROVISIONED capacity billing\n mode.
\n PROVISIONED - We recommend using PROVISIONED for\n predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode.
\n PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST\n for unpredictable workloads. PAY_PER_REQUEST sets the billing mode\n to On-Demand Mode.
The billing mode of the global table. If GlobalTableBillingMode is not\n specified, the global table defaults to PROVISIONED capacity billing\n mode.
\n PROVISIONED - We recommend using PROVISIONED for\n predictable workloads. PROVISIONED sets the billing mode to Provisioned capacity mode.
\n PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST\n for unpredictable workloads. PAY_PER_REQUEST sets the billing mode\n to On-demand capacity mode.
The name of the table containing the item to update.
", + "smithy.api#documentation": "The name of the table containing the item to update. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -11728,7 +12167,7 @@ "ConsumedCapacity": { "target": "com.amazonaws.dynamodb#ConsumedCapacity", "traits": { - "smithy.api#documentation": "The capacity units consumed by the UpdateItem operation. The data\n returned includes the total provisioned throughput consumed, along with statistics for\n the table and any indexes involved in the operation. ConsumedCapacity is\n only returned if the ReturnConsumedCapacity parameter was specified. For\n more information, see Provisioned Throughput in the Amazon DynamoDB Developer\n Guide.
The capacity units consumed by the UpdateItem operation. The data\n returned includes the total provisioned throughput consumed, along with statistics for\n the table and any indexes involved in the operation. ConsumedCapacity is\n only returned if the ReturnConsumedCapacity parameter was specified. For\n more information, see Capacity unity consumption for write operations in the Amazon DynamoDB Developer\n Guide.
Enables updating the precision of Kinesis data stream timestamp.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Enables updating the configuration for Kinesis Streaming.
" + } + }, + "com.amazonaws.dynamodb#UpdateKinesisStreamingDestination": { + "type": "operation", + "input": { + "target": "com.amazonaws.dynamodb#UpdateKinesisStreamingDestinationInput" + }, + "output": { + "target": "com.amazonaws.dynamodb#UpdateKinesisStreamingDestinationOutput" + }, + "errors": [ + { + "target": "com.amazonaws.dynamodb#InternalServerError" + }, + { + "target": "com.amazonaws.dynamodb#InvalidEndpointException" + }, + { + "target": "com.amazonaws.dynamodb#LimitExceededException" + }, + { + "target": "com.amazonaws.dynamodb#ResourceInUseException" + }, + { + "target": "com.amazonaws.dynamodb#ResourceNotFoundException" + } + ], + "traits": { + "aws.api#clientDiscoveredEndpoint": { + "required": false + }, + "smithy.api#documentation": "The command to update the Kinesis stream destination.
" + } + }, + "com.amazonaws.dynamodb#UpdateKinesisStreamingDestinationInput": { + "type": "structure", + "members": { + "TableName": { + "target": "com.amazonaws.dynamodb#TableArn", + "traits": { + "smithy.api#documentation": "The table name for the Kinesis streaming destination input. You can also provide the ARN of the table in this parameter.
", + "smithy.api#required": {} + } + }, + "StreamArn": { + "target": "com.amazonaws.dynamodb#StreamArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) for the Kinesis stream input.
", + "smithy.api#required": {} + } + }, + "UpdateKinesisStreamingConfiguration": { + "target": "com.amazonaws.dynamodb#UpdateKinesisStreamingConfiguration", + "traits": { + "smithy.api#documentation": "The command to update the Kinesis stream configuration.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.dynamodb#UpdateKinesisStreamingDestinationOutput": { + "type": "structure", + "members": { + "TableName": { + "target": "com.amazonaws.dynamodb#TableName", + "traits": { + "smithy.api#documentation": "The table name for the Kinesis streaming destination output.
" + } + }, + "StreamArn": { + "target": "com.amazonaws.dynamodb#StreamArn", + "traits": { + "smithy.api#documentation": "The ARN for the Kinesis stream input.
" + } + }, + "DestinationStatus": { + "target": "com.amazonaws.dynamodb#DestinationStatus", + "traits": { + "smithy.api#documentation": "The status of the attempt to update the Kinesis streaming destination output.
" + } + }, + "UpdateKinesisStreamingConfiguration": { + "target": "com.amazonaws.dynamodb#UpdateKinesisStreamingConfiguration", + "traits": { + "smithy.api#documentation": "The command to update the Kinesis streaming destination configuration.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.dynamodb#UpdateReplicationGroupMemberAction": { "type": "structure", "members": { @@ -11765,6 +12310,12 @@ "smithy.api#documentation": "Replica-specific provisioned throughput. If not specified, uses the source table's\n provisioned throughput settings.
" } }, + "OnDemandThroughputOverride": { + "target": "com.amazonaws.dynamodb#OnDemandThroughputOverride", + "traits": { + "smithy.api#documentation": "Overrides the maximum on-demand throughput for the replica table.
" + } + }, "GlobalSecondaryIndexes": { "target": "com.amazonaws.dynamodb#ReplicaGlobalSecondaryIndexList", "traits": { @@ -11811,7 +12362,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": false }, - "smithy.api#documentation": "Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB\n Streams settings for a given table.
\nThis operation only applies to Version 2019.11.21 (Current) \n of global tables.\n
\nYou can only perform one of the following operations at once:
\nModify the provisioned throughput settings of the table.
\nRemove a global secondary index from the table.
\nCreate a new global secondary index on the table. After the index begins\n backfilling, you can use UpdateTable to perform other\n operations.
\n UpdateTable is an asynchronous operation; while it is executing, the table\n status changes from ACTIVE to UPDATING. While it is\n UPDATING, you cannot issue another UpdateTable request.\n When the table returns to the ACTIVE state, the UpdateTable\n operation is complete.
Modifies the provisioned throughput settings, global secondary indexes, or DynamoDB\n Streams settings for a given table.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).\n
\nYou can only perform one of the following operations at once:
\nModify the provisioned throughput settings of the table.
\nRemove a global secondary index from the table.
\nCreate a new global secondary index on the table. After the index begins\n backfilling, you can use UpdateTable to perform other\n operations.
\n UpdateTable is an asynchronous operation; while it's executing, the table\n status changes from ACTIVE to UPDATING. While it's\n UPDATING, you can't issue another UpdateTable request.\n When the table returns to the ACTIVE state, the UpdateTable\n operation is complete.
The name of the table to be updated.
", + "smithy.api#documentation": "The name of the table to be updated. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, "BillingMode": { "target": "com.amazonaws.dynamodb#BillingMode", "traits": { - "smithy.api#documentation": "Controls how you are charged for read and write throughput and how you manage\n capacity. When switching from pay-per-request to provisioned capacity, initial\n provisioned capacity values must be set. The initial provisioned capacity values are\n estimated based on the consumed read and write capacity of your table and global\n secondary indexes over the past 30 minutes.
\n\n PROVISIONED - We recommend using PROVISIONED for\n predictable workloads. PROVISIONED sets the billing mode to Provisioned Mode.
\n PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST\n for unpredictable workloads. PAY_PER_REQUEST sets the billing mode\n to On-Demand Mode.
Controls how you are charged for read and write throughput and how you manage\n capacity. When switching from pay-per-request to provisioned capacity, initial\n provisioned capacity values must be set. The initial provisioned capacity values are\n estimated based on the consumed read and write capacity of your table and global\n secondary indexes over the past 30 minutes.
\n\n PROVISIONED - We recommend using PROVISIONED for\n predictable workloads. PROVISIONED sets the billing mode to Provisioned capacity mode.
\n PAY_PER_REQUEST - We recommend using PAY_PER_REQUEST\n for unpredictable workloads. PAY_PER_REQUEST sets the billing mode\n to On-demand capacity mode.
Represents the DynamoDB Streams configuration for the table.
\nYou receive a ResourceInUseException if you try to enable a stream on\n a table that already has a stream, or if you try to disable a stream on a table that\n doesn't have a stream.
Represents the DynamoDB Streams configuration for the table.
\nYou receive a ValidationException if you try to enable a stream on a\n table that already has a stream, or if you try to disable a stream on a table that\n doesn't have a stream.
A list of replica update actions (create, delete, or update) for the table.
\nThis property only applies to Version 2019.11.21 (Current)\n of global tables.\n
\nA list of replica update actions (create, delete, or update) for the table.
\nFor global tables, this property only applies to global tables using Version 2019.11.21 (Current version). \n
\nIndicates whether deletion protection is to be enabled (true) or disabled (false) on the table.
" } + }, + "OnDemandThroughput": { + "target": "com.amazonaws.dynamodb#OnDemandThroughput", + "traits": { + "smithy.api#documentation": "Updates the maximum number of read and write units for the specified table in on-demand capacity mode. If you use this parameter, you must specify MaxReadRequestUnits, MaxWriteRequestUnits, or both.
Updates auto scaling settings on your global tables at once.
\nThis operation only applies to Version 2019.11.21 (Current) \n of global tables.\n
\nUpdates auto scaling settings on your global tables at once.
\nFor global tables, this operation only applies to global tables using Version 2019.11.21 (Current version).\n
\nThe name of the global table to be updated.
", + "smithy.api#documentation": "The name of the global table to be updated. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, @@ -12005,9 +12562,9 @@ "type": "structure", "members": { "TableName": { - "target": "com.amazonaws.dynamodb#TableName", + "target": "com.amazonaws.dynamodb#TableArn", "traits": { - "smithy.api#documentation": "The name of the table to be configured.
", + "smithy.api#documentation": "The name of the table to be configured. You can also provide the Amazon Resource Name (ARN) of the table in this parameter.
", "smithy.api#required": {} } }, diff --git a/aws/sdk/aws-models/ec2.json b/aws/sdk/aws-models/ec2.json index 79ce1e574c..d6d3cb7ad3 100644 --- a/aws/sdk/aws-models/ec2.json +++ b/aws/sdk/aws-models/ec2.json @@ -99,6 +99,12 @@ "traits": { "smithy.api#enumValue": "xilinx" } + }, + "HABANA": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "habana" + } } } }, @@ -167,6 +173,24 @@ "traits": { "smithy.api#enumValue": "v100" } + }, + "A10G": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "a10g" + } + }, + "H100": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "h100" + } + }, + "T4G": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "t4g" + } } } }, @@ -1460,6 +1484,12 @@ "traits": { "smithy.api#documentation": "Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.
If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
\nYou can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
\nus-east-1-dfw-2
\nus-west-2-lax-1
\nus-west-2-phx-2
\nYou cannot provision or advertise BYOIPv6 address ranges in Local Zones at this time.
\nAmazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the Amazon Web Services Cloud. \n Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications \n faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the \n Amazon Web Services Cloud where you can launch Amazon Web Services resources in a virtual network that you've defined. Amazon Elastic Block Store \n (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available \n and reliable storage volumes that can be attached to any running instance and used like a hard drive.
\nTo learn more, see the following resources:
\nAmazon EC2: Amazon EC2 product page, Amazon EC2 documentation\n
\nAmazon EBS: Amazon EBS product page, Amazon EBS documentation\n
\nAmazon VPC: Amazon VPC product page, Amazon VPC documentation\n
\nVPN: VPN product page, VPN documentation\n
\nYou can access the features of Amazon Elastic Compute Cloud (Amazon EC2) programmatically. For more information,\n see the Amazon EC2 Developer Guide.
", "smithy.api#title": "Amazon Elastic Compute Cloud", "smithy.api#xmlNamespace": { "uri": "http://ec2.amazonaws.com/doc/2016-11-15" @@ -5939,6 +5987,14 @@ "10.0.0.82" ] } + }, + { + "title": "To assign secondary private IP addresses that Amazon EC2 selects to an interface", + "documentation": "This example assigns two secondary private IP addresses to the specified network interface. Amazon EC2 automatically assigns these IP addresses from the available IP addresses in the CIDR block range of the subnet the network interface is associated with.", + "input": { + "NetworkInterfaceId": "eni-e5aa89a3", + "SecondaryPrivateIpAddressCount": 2 + } } ] } @@ -6148,6 +6204,17 @@ "output": { "AssociationId": "eipassoc-2bebb745" } + }, + { + "title": "To associate an Elastic IP address with a network interface", + "documentation": "This example associates the specified Elastic IP address with the specified network interface.", + "input": { + "AllocationId": "eipalloc-64d5890a", + "NetworkInterfaceId": "eni-1a2b3c4d" + }, + "output": { + "AssociationId": "eipassoc-2bebb745" + } } ] } @@ -6317,6 +6384,14 @@ "DhcpOptionsId": "dopt-d9070ebb", "VpcId": "vpc-a01106c2" } + }, + { + "title": "To associate the default DHCP options set with a VPC", + "documentation": "This example associates the default DHCP options set with the specified VPC.", + "input": { + "DhcpOptionsId": "default", + "VpcId": "vpc-a01106c2" + } } ] } @@ -6410,7 +6485,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "CertificateS3ObjectKey", - "smithy.api#documentation": "The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The \n\t\t\tobject key is formatted as follows: role_arn/certificate_arn.
The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The \n\t\t\tobject key is formatted as follows: role_arn/certificate_arn.
The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle \n\t\t\tis stored. The object key is formated as follows: role_arn/certificate_arn.\n\t\t
The key of the Amazon S3 object where the certificate, certificate chain, and encrypted private key bundle \n\t\t\tare stored. The object key is formatted as follows: role_arn/certificate_arn.\n\t\t
The ID of the KMS customer master key (CMK) used to encrypt the private key.
", + "smithy.api#documentation": "The ID of the KMS key used to encrypt the private key.
", "smithy.api#xmlName": "encryptionKmsKeyId" } } @@ -7847,7 +7922,7 @@ "target": "com.amazonaws.ec2#VolumeAttachment" }, "traits": { - "smithy.api#documentation": "Attaches an EBS volume to a running or stopped instance and exposes it to the instance\n with the specified device name.
\nEncrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For\n more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
\nAfter you attach an EBS volume, you must make it available. For more information, see \n Make an EBS volume available for use.
\nIf a volume has an Amazon Web Services Marketplace product code:
\nThe volume can be attached only to a stopped instance.
\nAmazon Web Services Marketplace product codes are copied from the volume to the instance.
\nYou must be subscribed to the product.
\nThe instance type and operating system of the instance must support the product. For\n example, you can't detach a volume from a Windows instance and attach it to a Linux\n instance.
\nFor more information, see Attach an Amazon EBS volume to an instance in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Attaches an EBS volume to a running or stopped instance and exposes it to the instance\n with the specified device name.
\nEncrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For\n more information, see Amazon EBS encryption in the Amazon EBS User Guide.
\nAfter you attach an EBS volume, you must make it available. For more information, see \n Make an EBS volume available for use.
\nIf a volume has an Amazon Web Services Marketplace product code:
\nThe volume can be attached only to a stopped instance.
\nAmazon Web Services Marketplace product codes are copied from the volume to the instance.
\nYou must be subscribed to the product.
\nThe instance type and operating system of the instance must support the product. For\n example, you can't detach a volume from a Windows instance and attach it to a Linux\n instance.
\nFor more information, see Attach an Amazon EBS volume to an instance in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To attach a volume to an instance", @@ -7991,7 +8066,7 @@ } }, "traits": { - "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the\n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances.\n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same\n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the\n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets\n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express\n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" + "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" } }, "com.amazonaws.ec2#AttachmentEnaSrdUdpSpecification": { @@ -8001,13 +8076,13 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "EnaSrdUdpEnabled", - "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting,\n\t\t\tyou must first enable ENA Express.
", + "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, \n\t\t\tyou must first enable ENA Express.
", "smithy.api#xmlName": "enaSrdUdpEnabled" } } }, "traits": { - "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic\n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are\n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time\n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application\n\t\t\tenvironment needs.
" + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" } }, "com.amazonaws.ec2#AttachmentStatus": { @@ -8228,7 +8303,7 @@ "target": "com.amazonaws.ec2#AuthorizeSecurityGroupEgressResult" }, "traits": { - "smithy.api#documentation": "Adds the specified outbound (egress) rules to a security group for use with a VPC.
\nAn outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR\n address ranges, or to the instances that are associated with the specified source\n security groups. When specifying an outbound rule for your security group in a VPC, the\n IpPermissions must include a destination for the traffic.
You specify a protocol for each rule (for example, TCP). \n For the TCP and UDP protocols, you must also specify the destination port or port range. \n For the ICMP protocol, you must also specify the ICMP type and code. \n You can use -1 for the type or code to mean all types or all codes.
\nRule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.
\nFor information about VPC security group quotas, see Amazon VPC quotas.
\nIf you want to reference a security group across VPCs attached to a transit gateway using the\n security group\n referencing feature, note that you can only reference security groups\n for ingress rules. You cannot reference a security group for egress rules.
\nAdds the specified outbound (egress) rules to a security group.
\nAn outbound rule permits instances to send traffic to the specified IPv4 or IPv6 \n address ranges, the IP address ranges specified by a prefix list, or the instances \n that are associated with a source security group. For more information, see Security group rules.
\nYou must specify exactly one of the following destinations: an IPv4 or IPv6 address range, \n a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). \n If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is \n ICMP or ICMPv6, you must also specify the ICMP type and code.
\nRule changes are propagated to instances associated with the security group as quickly \n as possible. However, a small delay might occur.
\nFor examples of rules that you can add to security groups for specific access scenarios, \n see Security group rules for different use cases in the Amazon EC2 User Guide.
\nFor information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.
", "smithy.api#examples": [ { "title": "To add a rule that allows outbound traffic to a specific address range", @@ -8249,6 +8324,26 @@ ] }, "output": {} + }, + { + "title": "To add a rule that allows outbound traffic to a specific security group", + "documentation": "This example adds a rule that grants access to the specified security group on TCP port 80.", + "input": { + "GroupId": "sg-1a2b3c4d", + "IpPermissions": [ + { + "IpProtocol": "tcp", + "FromPort": 80, + "ToPort": 80, + "UserIdGroupPairs": [ + { + "GroupId": "sg-4b51a32f" + } + ] + } + ] + }, + "output": {} } ] } @@ -8278,7 +8373,7 @@ "target": "com.amazonaws.ec2#IpPermissionList", "traits": { "aws.protocols#ec2QueryName": "IpPermissions", - "smithy.api#documentation": "The sets of IP permissions. You can't specify a destination security group and a CIDR IP\n address range in the same set of permissions.
", + "smithy.api#documentation": "The permissions for the security group rules.
", "smithy.api#xmlName": "ipPermissions" } }, @@ -8293,7 +8388,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "CidrIp", - "smithy.api#documentation": "Not supported. Use a set of IP permissions to specify the CIDR.
", + "smithy.api#documentation": "Not supported. Use IP permissions instead.
", "smithy.api#xmlName": "cidrIp" } }, @@ -8301,7 +8396,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "FromPort", - "smithy.api#documentation": "Not supported. Use a set of IP permissions to specify the port.
", + "smithy.api#documentation": "Not supported. Use IP permissions instead.
", "smithy.api#xmlName": "fromPort" } }, @@ -8309,7 +8404,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "IpProtocol", - "smithy.api#documentation": "Not supported. Use a set of IP permissions to specify the protocol name or\n number.
", + "smithy.api#documentation": "Not supported. Use IP permissions instead.
", "smithy.api#xmlName": "ipProtocol" } }, @@ -8317,7 +8412,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "ToPort", - "smithy.api#documentation": "Not supported. Use a set of IP permissions to specify the port.
", + "smithy.api#documentation": "Not supported. Use IP permissions instead.
", "smithy.api#xmlName": "toPort" } }, @@ -8325,7 +8420,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "SourceSecurityGroupName", - "smithy.api#documentation": "Not supported. Use a set of IP permissions to specify a\n destination security group.
", + "smithy.api#documentation": "Not supported. Use IP permissions instead.
", "smithy.api#xmlName": "sourceSecurityGroupName" } }, @@ -8333,7 +8428,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "SourceSecurityGroupOwnerId", - "smithy.api#documentation": "Not supported. Use a set of IP permissions to specify a\n destination security group.
", + "smithy.api#documentation": "Not supported. Use IP permissions instead.
", "smithy.api#xmlName": "sourceSecurityGroupOwnerId" } } @@ -8375,7 +8470,7 @@ "target": "com.amazonaws.ec2#AuthorizeSecurityGroupIngressResult" }, "traits": { - "smithy.api#documentation": "Adds the specified inbound (ingress) rules to a security group.
\nAn inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR\n address range, or from the instances that are associated with the specified destination security \n groups. When specifying an inbound rule for your security group in a VPC, the\n IpPermissions must include a source for the traffic.
You specify a protocol for each rule (for example, TCP). \n For TCP and UDP, you must also specify the destination port or port range. \n For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. \n You can use -1 to mean all types or all codes.
\nRule changes are propagated to instances within the security group as quickly as possible. \n However, a small delay might occur.
\nFor more information about VPC security group quotas, see Amazon VPC quotas.
", + "smithy.api#documentation": "Adds the specified inbound (ingress) rules to a security group.
\nAn inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 \n address range, the IP address ranges that are specified by a prefix list, or the instances \n that are associated with a destination security group. For more information, see Security group rules.
\nYou must specify exactly one of the following sources: an IPv4 or IPv6 address range,\n a prefix list, or a security group. You must specify a protocol for each rule (for example, TCP). \n If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is \n ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code.
\nRule changes are propagated to instances associated with the security group as quickly \n as possible. However, a small delay might occur.
\nFor examples of rules that you can add to security groups for specific access scenarios, \n see Security group rules for different use cases in the Amazon EC2 User Guide.
\nFor more information about security group quotas, see Amazon VPC quotas in the Amazon VPC User Guide.
", "smithy.api#examples": [ { "title": "To add a rule that allows inbound SSH traffic from an IPv4 address range", @@ -8397,6 +8492,48 @@ ] }, "output": {} + }, + { + "title": "To add a rule that allows inbound HTTP traffic from another security group", + "documentation": "This example enables inbound traffic on TCP port 80 from the specified security group. The group must be in the same VPC or a peer VPC. Incoming traffic is allowed based on the private IP addresses of instances that are associated with the specified security group.", + "input": { + "GroupId": "sg-111aaa22", + "IpPermissions": [ + { + "IpProtocol": "tcp", + "FromPort": 80, + "ToPort": 80, + "UserIdGroupPairs": [ + { + "GroupId": "sg-1a2b3c4d", + "Description": "HTTP access from other instances" + } + ] + } + ] + }, + "output": {} + }, + { + "title": "To add a rule that allows inbound RDP traffic from an IPv6 address range", + "documentation": "This example adds an inbound rule that allows RDP traffic from the specified IPv6 address range. The rule includes a description to help you identify it later.", + "input": { + "GroupId": "sg-123abc12 ", + "IpPermissions": [ + { + "IpProtocol": "tcp", + "FromPort": 3389, + "ToPort": 3389, + "Ipv6Ranges": [ + { + "CidrIpv6": "2001:db8:1234:1a00::/64", + "Description": "RDP access from the NY office" + } + ] + } + ] + }, + "output": {} } ] } @@ -8407,55 +8544,55 @@ "CidrIp": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The IPv4 address range, in CIDR format. You can't specify this parameter when specifying a source\n security group. To specify an IPv6 address range, use a set of IP permissions.
\nAlternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
" + "smithy.api#documentation": "The IPv4 address range, in CIDR format.
\nTo specify an IPv6 address range, use IP permissions instead.
\nTo specify multiple rules and descriptions for the rules, use IP permissions instead.
" } }, "FromPort": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP, this is the type number. A value of -1 indicates all ICMP types. \n If you specify all ICMP types, you must specify all ICMP codes.
\nAlternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
" + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP, this is the ICMP type or -1 (all ICMP types).
\nTo specify multiple rules and descriptions for the rules, use IP permissions instead.
" } }, "GroupId": { "target": "com.amazonaws.ec2#SecurityGroupId", "traits": { - "smithy.api#documentation": "The ID of the security group. You must specify either the security group ID or the\n\t\t\tsecurity group name in the request. For security groups in a nondefault VPC, you must\n\t\t\tspecify the security group ID.
" + "smithy.api#documentation": "The ID of the security group.
" } }, "GroupName": { "target": "com.amazonaws.ec2#SecurityGroupName", "traits": { - "smithy.api#documentation": "[Default VPC] The name of the security group. You must specify either the\n security group ID or the security group name in the request. For security groups in a\n nondefault VPC, you must specify the security group ID.
" + "smithy.api#documentation": "[Default VPC] The name of the security group. For security groups for a default VPC\n you can specify either the ID or the name of the security group. For security groups for\n a nondefault VPC, you must specify the ID of the security group.
" } }, "IpPermissions": { "target": "com.amazonaws.ec2#IpPermissionList", "traits": { - "smithy.api#documentation": "The sets of IP permissions.
" + "smithy.api#documentation": "The permissions for the security group rules.
" } }, "IpProtocol": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The IP protocol name (tcp, udp, icmp) or number\n (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.
Use -1 to specify all protocols. If you specify -1 or a \n protocol other than tcp, udp, or icmp, traffic on all ports \n is allowed, regardless of any ports you specify.
Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
" + "smithy.api#documentation": "The IP protocol name (tcp, udp, icmp) or number\n (see Protocol Numbers). To specify all protocols, use -1.
To specify icmpv6, use IP permissions instead.
If you specify a protocol other than one of the supported values, traffic is allowed \n on all ports, regardless of any ports that you specify.
\nTo specify multiple rules and descriptions for the rules, use IP permissions instead.
" } }, "SourceSecurityGroupName": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "[Default VPC] The name of the source security group. You can't specify this parameter \n in combination with the following parameters: the CIDR IP address range, the start of the port range, \n the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. \n To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. \n The source security group must be in the same VPC.
" + "smithy.api#documentation": "[Default VPC] The name of the source security group.
\nThe rule grants full ICMP, UDP, and TCP access. To create a rule with a specific protocol\n and port range, specify a set of IP permissions instead.
" } }, "SourceSecurityGroupOwnerId": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "[Nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is \n in a different account. You can't specify this parameter in combination with the following parameters: \n the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. \n Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol \n and port range, use a set of IP permissions instead.
" + "smithy.api#documentation": "The Amazon Web Services account ID for the source security group, if the source security group is \n in a different account.
\nThe rule grants full ICMP, UDP, and TCP access. To create a rule with a specific protocol \n and port range, use IP permissions instead.
" } }, "ToPort": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP, this is the code. A value of -1 indicates all ICMP codes. \n If you specify all ICMP types, you must specify all ICMP codes.
\nAlternatively, use a set of IP permissions to specify multiple rules and a description for the rule.
" + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP, this is the ICMP code or -1 (all ICMP codes). \n If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
\nTo specify multiple rules and descriptions for the rules, use IP permissions instead.
" } }, "DryRun": { @@ -8469,7 +8606,7 @@ "TagSpecifications": { "target": "com.amazonaws.ec2#TagSpecificationList", "traits": { - "smithy.api#documentation": "[VPC Only] The tags applied to the security group rule.
", + "smithy.api#documentation": "The tags applied to the security group rule.
", "smithy.api#xmlName": "TagSpecification" } } @@ -8741,6 +8878,12 @@ "traits": { "smithy.api#enumValue": "unavailable" } + }, + "constrained": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "constrained" + } } } }, @@ -9069,6 +9212,9 @@ "com.amazonaws.ec2#BoxedDouble": { "type": "double" }, + "com.amazonaws.ec2#BoxedInteger": { + "type": "integer" + }, "com.amazonaws.ec2#BundleId": { "type": "string" }, @@ -9100,7 +9246,7 @@ "target": "com.amazonaws.ec2#InstanceId", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The ID of the instance to bundle.
\nType: String
\nDefault: None
\nRequired: Yes
", + "smithy.api#documentation": "The ID of the instance to bundle.
\nDefault: None
", "smithy.api#required": {} } }, @@ -9412,6 +9558,14 @@ "smithy.api#documentation": "The state of the address pool.
", "smithy.api#xmlName": "state" } + }, + "NetworkBorderGroup": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "NetworkBorderGroup", + "smithy.api#documentation": "If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
\nYou can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
\nus-east-1-dfw-2
\nus-west-2-lax-1
\nus-west-2-phx-2
\nYou cannot provision or advertise BYOIPv6 address ranges in Local Zones at this time.
\nCancels the specified Spot Fleet requests.
\nAfter you cancel a Spot Fleet request, the Spot Fleet launches no new instances.
\nYou must also specify whether a canceled Spot Fleet request should terminate its instances. If you\n choose to terminate the instances, the Spot Fleet request enters the\n cancelled_terminating state. Otherwise, the Spot Fleet request enters\n the cancelled_running state and the instances continue to run until they\n are interrupted or you terminate them manually.
Cancels the specified Spot Fleet requests.
\nAfter you cancel a Spot Fleet request, the Spot Fleet launches no new instances.
\nYou must also specify whether a canceled Spot Fleet request should terminate its instances. If you\n choose to terminate the instances, the Spot Fleet request enters the\n cancelled_terminating state. Otherwise, the Spot Fleet request enters\n the cancelled_running state and the instances continue to run until they\n are interrupted or you terminate them manually.
\n Restrictions\n
\nYou can delete up to 100 fleets in a single request. If you exceed the specified\n number, no fleets are deleted.
\nThe IDs of the Spot Fleet requests.
", + "smithy.api#documentation": "The IDs of the Spot Fleet requests.
\nConstraint: You can specify up to 100 IDs in a single request.
", "smithy.api#required": {}, "smithy.api#xmlName": "spotFleetRequestId" } @@ -13329,7 +13502,7 @@ "target": "com.amazonaws.ec2#CopyImageResult" }, "traits": { - "smithy.api#documentation": "Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a\n Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost\n to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
\nTo copy an AMI from one Region to another, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tdestination Region using its endpoint. Copies of encrypted backing snapshots for\n \t\tthe AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, \n \t\tunless you set Encrypted during the copy operation. You cannot \n \t\tcreate an unencrypted copy of an encrypted backing snapshot.
To copy an AMI from a Region to an Outpost, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tARN of the destination Outpost using DestinationOutpostArn. \n \t\tBacking snapshots copied to an Outpost are encrypted by default using the default\n \t\tencryption key for the Region, or a different key that you specify in the request using \n \t\tKmsKeyId. Outposts do not support unencrypted \n \t\tsnapshots. For more information, \n \t\t\tAmazon EBS local snapshots on Outposts in the Amazon EC2 User Guide.
\nFor more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the\n Amazon EC2 User Guide.
", + "smithy.api#documentation": "Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a\n Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost\n to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask.
\nTo copy an AMI from one Region to another, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tdestination Region using its endpoint. Copies of encrypted backing snapshots for\n \t\tthe AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, \n \t\tunless you set Encrypted during the copy operation. You cannot \n \t\tcreate an unencrypted copy of an encrypted backing snapshot.
To copy an AMI from a Region to an Outpost, specify the source Region using the \n \t\tSourceRegion parameter, and specify the \n \t\tARN of the destination Outpost using DestinationOutpostArn. \n \t\tBacking snapshots copied to an Outpost are encrypted by default using the default\n \t\tencryption key for the Region, or a different key that you specify in the request using \n \t\tKmsKeyId. Outposts do not support unencrypted \n \t snapshots. For more information, \n \t\t\tAmazon EBS local snapshots on Outposts in the Amazon EBS User Guide.
\nFor more information about the prerequisites and limits when copying an AMI, see Copy an AMI in the\n Amazon EC2 User Guide.
", "smithy.api#examples": [ { "title": "To copy an AMI to another region", @@ -13366,7 +13539,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "Encrypted", - "smithy.api#documentation": "Specifies whether the destination snapshots of the copied image should be encrypted. You\n can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an\n encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default\n Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the\n Amazon EC2 User Guide.
Specifies whether the destination snapshots of the copied image should be encrypted. You\n can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an\n encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default\n Key Management Service (KMS) KMS key using KmsKeyId. For more information, see Amazon EBS encryption in the\n Amazon EBS User Guide.
The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only \n \t\tspecify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. \n \t\tThe AMI must be in the Region of the destination Outpost. You cannot copy an \n \t\tAMI from an Outpost to a Region, from one Outpost to another, or within the same \n \t\tOutpost.
\nFor more information, see Copy AMIs from an Amazon Web Services\n Region to an Outpost in the Amazon EC2 User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only \n \t\tspecify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. \n \t\tThe AMI must be in the Region of the destination Outpost. You cannot copy an \n \t\tAMI from an Outpost to a Region, from one Outpost to another, or within the same \n \t\tOutpost.
\nFor more information, see Copy AMIs from an Amazon Web Services\n Region to an Outpost in the Amazon EBS User Guide.
" } }, "DryRun": { @@ -13421,6 +13594,13 @@ "traits": { "smithy.api#documentation": "Indicates whether to include your user-defined AMI tags when copying the AMI.
\nThe following tags will not be copied:
\nSystem tags (prefixed with aws:)
For public and shared AMIs, user-defined tags that are attached by other Amazon Web Services \n accounts
\nDefault: Your user-defined AMI tags are not copied.
" } + }, + "TagSpecifications": { + "target": "com.amazonaws.ec2#TagSpecificationList", + "traits": { + "smithy.api#documentation": "The tags to apply to the new AMI and new snapshots. You can tag the AMI, the snapshots, or\n both.
\nTo tag the new AMI, the value for ResourceType must be\n image.
To tag the new snapshots, the value for ResourceType must be\n snapshot. The same tag is applied to all the new snapshots.
If you specify other values for ResourceType, the request fails.
To tag an AMI or snapshot after it has been created, see CreateTags.
", + "smithy.api#xmlName": "TagSpecification" + } } }, "traits": { @@ -13454,7 +13634,7 @@ "target": "com.amazonaws.ec2#CopySnapshotResult" }, "traits": { - "smithy.api#documentation": "Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a\n snapshot within the same Region, from one Region to another, or from a Region to an Outpost. \n You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within \n the same Outpost.
\nYou can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).
\nWhen copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. \n \tCopies of unencrypted snapshots remain unencrypted, unless you enable encryption for the \n \tsnapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) \n \tKMS key; however, you can specify a different KMS key. To copy an encrypted \n \tsnapshot that has been shared from another account, you must have permissions for the KMS key \n \tused to encrypt the snapshot.
\nSnapshots copied to an Outpost are encrypted by default using the default\n \t\tencryption key for the Region, or a different key that you specify in the request using \n \t\tKmsKeyId. Outposts do not support unencrypted \n \t\tsnapshots. For more information, \n \t\t\tAmazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide.
\nSnapshots created by copying another snapshot have an arbitrary volume ID that should not\n be used for any purpose.
\nFor more information, see Copy an Amazon EBS snapshot in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a\n snapshot within the same Region, from one Region to another, or from a Region to an Outpost. \n You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within \n the same Outpost.
\nYou can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).
\nWhen copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. \n \tCopies of unencrypted snapshots remain unencrypted, unless you enable encryption for the \n \tsnapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) \n \tKMS key; however, you can specify a different KMS key. To copy an encrypted \n \tsnapshot that has been shared from another account, you must have permissions for the KMS key \n \tused to encrypt the snapshot.
\nSnapshots copied to an Outpost are encrypted by default using the default\n \t\tencryption key for the Region, or a different key that you specify in the request using \n \t\tKmsKeyId. Outposts do not support unencrypted \n \t snapshots. For more information, \n \t\t\tAmazon EBS local snapshots on Outposts in the Amazon EBS User Guide.
\nSnapshots created by copying another snapshot have an arbitrary volume ID that should not\n be used for any purpose.
\nFor more information, see Copy an Amazon EBS snapshot in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To copy a snapshot", @@ -13484,7 +13664,7 @@ "DestinationOutpostArn": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only \n\t\tspecify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. \n\t\tThe snapshot must be in the Region for the destination Outpost. You cannot copy a \n\t\tsnapshot from an Outpost to a Region, from one Outpost to another, or within the same \n\t\tOutpost.
\nFor more information, see \n \t\tCopy snapshots from an Amazon Web Services Region to an Outpost in the \n \t\tAmazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only \n\t\tspecify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. \n\t\tThe snapshot must be in the Region for the destination Outpost. You cannot copy a \n\t\tsnapshot from an Outpost to a Region, from one Outpost to another, or within the same \n\t\tOutpost.
\nFor more information, see \n \t\tCopy snapshots from an Amazon Web Services Region to an Outpost in the \n \t\tAmazon EBS User Guide.
" } }, "DestinationRegion": { @@ -13499,7 +13679,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "Encrypted", - "smithy.api#documentation": "To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, \n enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots \n are encrypted, even if you omit this parameter and encryption by default is not enabled. You \n cannot set this parameter to false. For more information, see Amazon EBS encryption in the \n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, \n enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots \n are encrypted, even if you omit this parameter and encryption by default is not enabled. You \n cannot set this parameter to false. For more information, see Amazon EBS encryption in the \n Amazon EBS User Guide.
", "smithy.api#xmlName": "encrypted" } }, @@ -13634,6 +13814,9 @@ } } }, + "com.amazonaws.ec2#CpuManufacturerName": { + "type": "string" + }, "com.amazonaws.ec2#CpuManufacturerSet": { "type": "list", "member": { @@ -14484,7 +14667,7 @@ "BgpAsn": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "For devices that support BGP, the customer gateway's BGP ASN.
\nDefault: 65000
" + "smithy.api#documentation": "For customer gateway devices that support BGP, specify the device's ASN. You must specify either BgpAsn or BgpAsnExtended when creating the customer gateway. If the ASN is larger than 2,147,483,647, you must use BgpAsnExtended.
Default: 65000
\nValid values: 1 to 2,147,483,647\n
\n IPv4 address for the customer gateway device's outside interface. The address must be static.\n
" + "smithy.api#documentation": "IPv4 address for the customer gateway device's outside interface. The address must be\n static. If OutsideIpAddressType in your VPN connection options is set to\n PrivateIpv4, you can use an RFC6598 or RFC1918 private IPv4 address. If\n OutsideIpAddressType is set to PublicIpv4, you can use a\n public IPv4 address.
Checks whether you have the required permissions for the action, without actually\n making the request, and provides an error response. If you have the required\n permissions, the error response is DryRunOperation. Otherwise, it is\n UnauthorizedOperation.
For customer gateway devices that support BGP, specify the device's ASN. You must specify either BgpAsn or BgpAsnExtended when creating the customer gateway. If the ASN is larger than 2,147,483,647, you must use BgpAsnExtended.
Valid values: 2,147,483,648 to 4,294,967,295\n
Creates a set of DHCP options for your VPC. After creating the set, you must\n\t\t\t\tassociate it with the VPC, causing all existing and new instances that you launch in\n\t\t\t\tthe VPC to use this set of DHCP options. The following are the individual DHCP\n\t\t\t\toptions you can specify. For more information about the options, see RFC 2132.
\n\n domain-name-servers - The IP addresses of up to four domain name\n servers, or AmazonProvidedDNS. The default DHCP option set specifies\n AmazonProvidedDNS. If specifying more than one domain name server, specify the\n IP addresses in a single parameter, separated by commas. To have your instance\n receive a custom DNS hostname as specified in domain-name, you must\n set domain-name-servers to a custom DNS server.
\n domain-name - If you're using AmazonProvidedDNS in\n us-east-1, specify ec2.internal. If you're using\n AmazonProvidedDNS in another Region, specify\n region.compute.internal (for example,\n ap-northeast-1.compute.internal). Otherwise, specify a domain\n name (for example, ExampleCompany.com). This value is used to complete\n unqualified DNS hostnames. Important: Some\n Linux operating systems accept multiple domain names separated by spaces.\n However, Windows and other Linux operating systems treat the value as a single\n domain, which results in unexpected behavior. If your DHCP options set is\n associated with a VPC that has instances with multiple operating systems,\n specify only one domain name.
\n ntp-servers - The IP addresses of up to four Network Time Protocol (NTP)\n servers.
\n netbios-name-servers - The IP addresses of up to four NetBIOS name\n servers.
\n netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that\n you specify 2 (broadcast and multicast are not currently supported). For more information\n about these node types, see RFC 2132.
Your VPC automatically starts out with a set of DHCP options that includes only a DNS\n\t\t\tserver that we provide (AmazonProvidedDNS). If you create a set of options, and if your\n\t\t\tVPC has an internet gateway, make sure to set the domain-name-servers\n\t\t\toption either to AmazonProvidedDNS or to a domain name server of your\n\t\t\tchoice. For more information, see DHCP options sets in the\n\t\t\tAmazon VPC User Guide.
Creates a custom set of DHCP options. After you create a DHCP option set, you associate\n\t it with a VPC. After you associate a DHCP option set with a VPC, all existing and newly \n\t launched instances in the VPC use this set of DHCP options.
\nThe following are the individual DHCP options you can specify. For more information, see \n DHCP options sets \n in the Amazon VPC User Guide.
\n\n domain-name - If you're using AmazonProvidedDNS in us-east-1, \n specify ec2.internal. If you're using AmazonProvidedDNS in any other Region, \n specify region.compute.internal. Otherwise, specify a custom domain name.\n This value is used to complete unqualified DNS hostnames.
Some Linux operating systems accept multiple domain names separated by spaces.\n However, Windows and other Linux operating systems treat the value as a single\n domain, which results in unexpected behavior. If your DHCP option set is\n associated with a VPC that has instances running operating systems that treat\n the value as a single domain, specify only one domain name.
\n\n domain-name-servers - The IP addresses of up to four DNS servers,\n or AmazonProvidedDNS. To specify multiple domain name servers in a single parameter, \n separate the IP addresses using commas. To have your instances receive custom DNS \n hostnames as specified in domain-name, you must specify a custom DNS\n server.
\n ntp-servers - The IP addresses of up to eight Network Time Protocol (NTP)\n servers (four IPv4 addresses and four IPv6 addresses).
\n netbios-name-servers - The IP addresses of up to four NetBIOS name\n servers.
\n netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that\n you specify 2. Broadcast and multicast are not supported. For more information about \n NetBIOS node types, see RFC 2132.
\n ipv6-address-preferred-lease-time - A value (in seconds, minutes, hours, or years) for how frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. \n Acceptable values are between 140 and 2147483647 seconds (approximately 68 years). If no value is entered, the default lease time is 140 seconds. If you use long-term addressing for EC2 instances, you can increase the lease time and avoid frequent \n lease renewal requests. Lease renewal typically occurs when half of the lease time has elapsed.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the\n\t\t\trequest. For more information, see How to ensure\n\t\t\t\tidempotency.
" + "smithy.api#documentation": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the\n\t\t\trequest. For more information, see Ensuring idempotency.
" } }, "DryRun": { @@ -14857,7 +15046,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "ErrorCode", - "smithy.api#documentation": "The error code that indicates why the instance could not be launched. For more\n information about error codes, see Error codes.
", + "smithy.api#documentation": "The error code that indicates why the instance could not be launched. For more\n information about error codes, see Error codes.
", "smithy.api#xmlName": "errorCode" } }, @@ -14865,7 +15054,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "ErrorMessage", - "smithy.api#documentation": "The error message that describes why the instance could not be launched. For more\n information about error messages, see Error codes.
", + "smithy.api#documentation": "The error message that describes why the instance could not be launched. For more\n information about error messages, see Error codes.
", "smithy.api#xmlName": "errorMessage" } } @@ -15099,7 +15288,7 @@ "DeliverLogsPermissionArn": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The ARN of the IAM role that allows Amazon EC2 to publish flow logs to a CloudWatch Logs log group in\n your account.
\nThis parameter is required if the destination type is cloud-watch-logs\n and unsupported otherwise.
The ARN of the IAM role that allows Amazon EC2 to publish flow logs to the log destination.
\nThis parameter is required if the destination type is cloud-watch-logs,\n or if the destination type is kinesis-data-firehose and the delivery stream\n and the resources to monitor are in different accounts.
Creates a launch template.
\nA launch template contains the parameters to launch an instance. When you launch an\n instance using RunInstances, you can specify a launch template instead\n of providing the launch parameters in the request. For more information, see Launch\n an instance from a launch template in the\n Amazon Elastic Compute Cloud User Guide.
\nIf you want to clone an existing launch template as the basis for creating a new\n launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support\n cloning a template. For more information, see Create a launch template from an existing launch template in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Creates a launch template.
\nA launch template contains the parameters to launch an instance. When you launch an\n instance using RunInstances, you can specify a launch template instead\n of providing the launch parameters in the request. For more information, see Launch\n an instance from a launch template in the\n Amazon Elastic Compute Cloud User Guide.
\nTo clone an existing launch template as the basis for a new launch template, use the \n Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more \n information, see Create a launch template from an existing launch template in the\n Amazon Elastic Compute Cloud User Guide.
", "smithy.api#examples": [ { "title": "To create a launch template", @@ -16211,7 +16400,7 @@ "TagSpecifications": { "target": "com.amazonaws.ec2#TagSpecificationList", "traits": { - "smithy.api#documentation": "The tags to apply to the launch template on creation. To tag the launch template, the\n resource type must be launch-template.
To specify the tags for the resources that are created when an instance is\n launched, you must use the TagSpecifications parameter in the launch\n template data structure.
The tags to apply to the launch template on creation. To tag the launch template, the\n resource type must be launch-template.
To specify the tags for the resources that are created when an instance is\n launched, you must use the TagSpecifications parameter in the launch template data structure.
Creates a new version of a launch template. You can specify an existing version of\n launch template from which to base the new version.
\nLaunch template versions are numbered in the order in which they are created. You\n cannot specify, change, or replace the numbering of launch template versions.
\nLaunch templates are immutable; after you create a launch template, you can't modify\n it. Instead, you can create a new version of the launch template that includes any\n changes you require.
\nFor more information, see Modify a launch template (manage launch template versions) in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Creates a new version of a launch template. You must specify an existing launch\n template, either by name or ID. You can determine whether the new version inherits \n parameters from a source version, and add or overwrite parameters as needed.
\nLaunch template versions are numbered in the order in which they are created. You\n can't specify, change, or replace the numbering of launch template versions.
\nLaunch templates are immutable; after you create a launch template, you can't modify\n it. Instead, you can create a new version of the launch template that includes the\n changes that you require.
\nFor more information, see Modify a launch template (manage launch template versions) in the\n Amazon Elastic Compute Cloud User Guide.
", "smithy.api#examples": [ { "title": "To create a launch template version", @@ -16315,19 +16504,19 @@ "LaunchTemplateId": { "target": "com.amazonaws.ec2#LaunchTemplateId", "traits": { - "smithy.api#documentation": "The ID of the launch template.
\nYou must specify either the LaunchTemplateId or the\n LaunchTemplateName, but not both.
The ID of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "LaunchTemplateName": { "target": "com.amazonaws.ec2#LaunchTemplateName", "traits": { - "smithy.api#documentation": "The name of the launch template.
\nYou must specify the LaunchTemplateName or the\n LaunchTemplateId, but not both.
The name of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "SourceVersion": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The version number of the launch template version on which to base the new version.\n The new version inherits the same launch parameters as the source version, except for\n parameters that you specify in LaunchTemplateData. Snapshots applied to the\n block device mapping are ignored when creating a new version unless they are explicitly\n included.
The version of the launch template on which to base the new version. \n Snapshots applied to the block device mapping are ignored when creating a new version \n unless they are explicitly included.
\nIf you specify this parameter, the new version inherits the launch parameters from the\n source version. If you specify additional launch parameters for the new version, they \n overwrite any corresponding launch parameters inherited from the source version.
\nIf you omit this parameter, the new version contains only the launch parameters\n that you specify for the new version.
" } }, "VersionDescription": { @@ -16781,7 +16970,7 @@ "ClientToken": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the\n\t\t\trequest. For more information, see How to ensure\n\t\t\t\tidempotency.
\nConstraint: Maximum 64 ASCII characters.
", + "smithy.api#documentation": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the\n\t\t\trequest. For more information, see Ensuring idempotency.
\nConstraint: Maximum 64 ASCII characters.
", "smithy.api#idempotencyToken": {} } }, @@ -17067,6 +17256,13 @@ "smithy.api#documentation": "The tags to assign to the network ACL.
", "smithy.api#xmlName": "TagSpecification" } + }, + "ClientToken": { + "target": "com.amazonaws.ec2#String", + "traits": { + "smithy.api#documentation": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the\n request. For more information, see Ensuring idempotency.
", + "smithy.api#idempotencyToken": {} + } } }, "traits": { @@ -17083,6 +17279,14 @@ "smithy.api#documentation": "Information about the network ACL.
", "smithy.api#xmlName": "networkAcl" } + }, + "ClientToken": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "ClientToken", + "smithy.api#documentation": "Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.
", + "smithy.api#xmlName": "clientToken" + } } }, "traits": { @@ -18125,6 +18329,13 @@ "smithy.api#documentation": "The tags to assign to the route table.
", "smithy.api#xmlName": "TagSpecification" } + }, + "ClientToken": { + "target": "com.amazonaws.ec2#String", + "traits": { + "smithy.api#documentation": "Unique, case-sensitive identifier that you provide to ensure the idempotency of the\n request. For more information, see Ensuring idempotency.
", + "smithy.api#idempotencyToken": {} + } } }, "traits": { @@ -18141,6 +18352,14 @@ "smithy.api#documentation": "Information about the route table.
", "smithy.api#xmlName": "routeTable" } + }, + "ClientToken": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "ClientToken", + "smithy.api#documentation": "Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.
", + "smithy.api#xmlName": "clientToken" + } } }, "traits": { @@ -18252,7 +18471,7 @@ "target": "com.amazonaws.ec2#Snapshot" }, "traits": { - "smithy.api#documentation": "Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for\n \tbackups, to make copies of EBS volumes, and to save data before shutting down an\n \tinstance.
\nYou can create snapshots of volumes in a Region and volumes on an Outpost. If you \n \tcreate a snapshot of a volume in a Region, the snapshot must be stored in the same \n \tRegion as the volume. If you create a snapshot of a volume on an Outpost, the snapshot \n \tcan be stored on the same Outpost as the volume, or in the Region for that Outpost.
\nWhen a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the\n source volume are propagated to the snapshot.
\nYou can take a snapshot of an attached volume that is in use. However, snapshots only\n capture data that has been written to your Amazon EBS volume at the time the snapshot command is\n issued; this might exclude any data that has been cached by any applications or the operating\n system. If you can pause any file systems on the volume long enough to take a snapshot, your\n snapshot should be complete. However, if you cannot pause all file writes to the volume, you\n should unmount the volume from within the instance, issue the snapshot command, and then\n remount the volume to ensure a consistent and complete snapshot. You may remount and use your\n volume while the snapshot status is pending.
When you create a snapshot for an EBS volume that serves as a root device, we recommend \n that you stop the instance before taking the snapshot.
\nSnapshots that are taken from encrypted volumes are automatically encrypted. Volumes that\n are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes\n and any associated snapshots always remain protected.
\nYou can tag your snapshots during creation. For more information, see Tag your Amazon EC2\n resources in the Amazon Elastic Compute Cloud User Guide.
\nFor more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Creates a snapshot of an EBS volume and stores it in Amazon S3. You can use snapshots for\n \tbackups, to make copies of EBS volumes, and to save data before shutting down an\n \tinstance.
\nYou can create snapshots of volumes in a Region and volumes on an Outpost. If you \n \tcreate a snapshot of a volume in a Region, the snapshot must be stored in the same \n \tRegion as the volume. If you create a snapshot of a volume on an Outpost, the snapshot \n \tcan be stored on the same Outpost as the volume, or in the Region for that Outpost.
\nWhen a snapshot is created, any Amazon Web Services Marketplace product codes that are associated with the\n source volume are propagated to the snapshot.
\nYou can take a snapshot of an attached volume that is in use. However, snapshots only\n capture data that has been written to your Amazon EBS volume at the time the snapshot command is\n issued; this might exclude any data that has been cached by any applications or the operating\n system. If you can pause any file systems on the volume long enough to take a snapshot, your\n snapshot should be complete. However, if you cannot pause all file writes to the volume, you\n should unmount the volume from within the instance, issue the snapshot command, and then\n remount the volume to ensure a consistent and complete snapshot. You may remount and use your\n volume while the snapshot status is pending.
When you create a snapshot for an EBS volume that serves as a root device, we recommend \n that you stop the instance before taking the snapshot.
\nSnapshots that are taken from encrypted volumes are automatically encrypted. Volumes that\n are created from encrypted snapshots are also automatically encrypted. Your encrypted volumes\n and any associated snapshots always remain protected.
\nYou can tag your snapshots during creation. For more information, see Tag your Amazon EC2\n resources in the Amazon Elastic Compute Cloud User Guide.
\nFor more information, see Amazon Elastic Block Store and Amazon EBS encryption in the Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To create a snapshot", @@ -18287,7 +18506,7 @@ "OutpostArn": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost on which to create a local \n \tsnapshot.
\nTo create a snapshot of a volume in a Region, omit this parameter. The snapshot \n \t\t\t\tis created in the same Region as the volume.
\nTo create a snapshot of a volume on an Outpost and store the snapshot in the \n \t\t\t\tRegion, omit this parameter. The snapshot is created in the Region for the \n \t\t\t\tOutpost.
\nTo create a snapshot of a volume on an Outpost and store the snapshot on an \n \t\t\tOutpost, specify the ARN of the destination Outpost. The snapshot must be created on \n \t\t\tthe same Outpost as the volume.
\nFor more information, see Create local snapshots from volumes on an Outpost in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost on which to create a local \n \tsnapshot.
\nTo create a snapshot of a volume in a Region, omit this parameter. The snapshot \n \t\t\t\tis created in the same Region as the volume.
\nTo create a snapshot of a volume on an Outpost and store the snapshot in the \n \t\t\t\tRegion, omit this parameter. The snapshot is created in the Region for the \n \t\t\t\tOutpost.
\nTo create a snapshot of a volume on an Outpost and store the snapshot on an \n \t\t\tOutpost, specify the ARN of the destination Outpost. The snapshot must be created on \n \t\t\tthe same Outpost as the volume.
\nFor more information, see Create local snapshots from volumes on an Outpost in the Amazon EBS User Guide.
" } }, "VolumeId": { @@ -18350,7 +18569,7 @@ "OutpostArn": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost on which to create the local \n \t\tsnapshots.
\nTo create snapshots from an instance in a Region, omit this parameter. The \n \t\t\t\tsnapshots are created in the same Region as the instance.
\nTo create snapshots from an instance on an Outpost and store the snapshots \n \t\t\t\tin the Region, omit this parameter. The snapshots are created in the Region \n \t\t\t\tfor the Outpost.
\nTo create snapshots from an instance on an Outpost and store the snapshots \n \t\t\t\ton an Outpost, specify the ARN of the destination Outpost. The snapshots must \n \t\t\t\tbe created on the same Outpost as the instance.
\nFor more information, see \n \t\tCreate multi-volume local snapshots from instances on an Outpost in the \n \t\tAmazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Outpost on which to create the local \n \t\tsnapshots.
\nTo create snapshots from an instance in a Region, omit this parameter. The \n \t\t\t\tsnapshots are created in the same Region as the instance.
\nTo create snapshots from an instance on an Outpost and store the snapshots \n \t\t\t\tin the Region, omit this parameter. The snapshots are created in the Region \n \t\t\t\tfor the Outpost.
\nTo create snapshots from an instance on an Outpost and store the snapshots \n \t\t\t\ton an Outpost, specify the ARN of the destination Outpost. The snapshots must \n \t\t\t\tbe created on the same Outpost as the instance.
\nFor more information, see \n \t\tCreate multi-volume local snapshots from instances on an Outpost in the \n \t\tAmazon EBS User Guide.
" } }, "TagSpecifications": { @@ -20030,7 +20249,7 @@ "SecurityGroupReferencingSupport": { "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", "traits": { - "smithy.api#documentation": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
\nIf you don't enable or disable SecurityGroupReferencingSupport in the request, the\n attachment will inherit the security group referencing support setting on the transit\n gateway.
\nFor important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.
" + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nEnables you to reference a security group across VPCs attached to a transit gateway. Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
\nIf you don't enable or disable SecurityGroupReferencingSupport in the request, the\n attachment will inherit the security group referencing support setting on the transit\n gateway.
" } }, "Ipv6Support": { @@ -20612,7 +20831,7 @@ "target": "com.amazonaws.ec2#Volume" }, "traits": { - "smithy.api#documentation": "Creates an EBS volume that can be attached to an instance in the same Availability Zone.
\nYou can create a new empty volume or restore a volume from an EBS snapshot.\n Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.
\nYou can create encrypted volumes. Encrypted volumes must be attached to instances that \n support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically \n encrypted. For more information, see Amazon EBS encryption\n in the Amazon Elastic Compute Cloud User Guide.
\nYou can tag your volumes during creation. For more information, see Tag your Amazon EC2\n resources in the Amazon Elastic Compute Cloud User Guide.
\nFor more information, see Create an Amazon EBS volume in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Creates an EBS volume that can be attached to an instance in the same Availability Zone.
\nYou can create a new empty volume or restore a volume from an EBS snapshot.\n Any Amazon Web Services Marketplace product codes from the snapshot are propagated to the volume.
\nYou can create encrypted volumes. Encrypted volumes must be attached to instances that \n support Amazon EBS encryption. Volumes that are created from encrypted snapshots are also automatically \n encrypted. For more information, see Amazon EBS encryption\n in the Amazon EBS User Guide.
\nYou can tag your volumes during creation. For more information, see Tag your Amazon EC2\n resources in the Amazon Elastic Compute Cloud User Guide.
\nFor more information, see Create an Amazon EBS volume in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To create a new volume", @@ -20633,6 +20852,28 @@ "CreateTime": "2016-08-29T18:52:32.724Z", "Size": 80 } + }, + { + "title": "To create a new Provisioned IOPS (SSD) volume from a snapshot", + "documentation": "This example creates a new Provisioned IOPS (SSD) volume with 1000 provisioned IOPS from a snapshot in the Availability Zone ``us-east-1a``.", + "input": { + "AvailabilityZone": "us-east-1a", + "Iops": 1000, + "VolumeType": "io1", + "SnapshotId": "snap-066877671789bd71b" + }, + "output": { + "AvailabilityZone": "us-east-1a", + "Attachments": [], + "Tags": [], + "VolumeType": "io1", + "VolumeId": "vol-1234567890abcdef0", + "State": "creating", + "Iops": 1000, + "SnapshotId": "snap-066877671789bd71b", + "CreateTime": "2016-08-29T18:52:32.724Z", + "Size": 500 + } } ] } @@ -20705,7 +20946,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "Encrypted", - "smithy.api#documentation": "Indicates whether the volume should be encrypted. \n The effect of setting the encryption state to true depends on \nthe volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. \n For more information, see Encryption by default\n in the Amazon Elastic Compute Cloud User Guide.
Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. \n For more information, see Supported\n instance types.
", + "smithy.api#documentation": "Indicates whether the volume should be encrypted. \n The effect of setting the encryption state to true depends on \nthe volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. \n For more information, see Encryption by default\n in the Amazon EBS User Guide.
Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. \n For more information, see Supported\n instance types.
", "smithy.api#xmlName": "encrypted" } }, @@ -20742,7 +20983,7 @@ "VolumeType": { "target": "com.amazonaws.ec2#VolumeType", "traits": { - "smithy.api#documentation": "The volume type. This parameter can be one of the following values:
\nGeneral Purpose SSD: gp2 | gp3\n
Provisioned IOPS SSD: io1 | io2\n
Throughput Optimized HDD: st1\n
Cold HDD: sc1\n
Magnetic: standard\n
Throughput Optimized HDD (st1) and Cold HDD (sc1) volumes can't be used as boot volumes.
For more information, see Amazon EBS volume types in the\n Amazon Elastic Compute Cloud User Guide.
\nDefault: gp2\n
The volume type. This parameter can be one of the following values:
\nGeneral Purpose SSD: gp2 | gp3\n
Provisioned IOPS SSD: io1 | io2\n
Throughput Optimized HDD: st1\n
Cold HDD: sc1\n
Magnetic: standard\n
Throughput Optimized HDD (st1) and Cold HDD (sc1) volumes can't be used as boot volumes.
For more information, see Amazon EBS volume types in the\n Amazon EBS User Guide.
\nDefault: gp2\n
Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the \n \tvolume to up to 16 Instances built on the Nitro System in the same Availability Zone. This parameter is \n \tsupported with io1 and io2 volumes only. For more information, \n \tsee \n \t\tAmazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.
Indicates whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the \n \tvolume to up to 16 Instances built on the Nitro System in the same Availability Zone. This parameter is \n \tsupported with io1 and io2 volumes only. For more information, \n \tsee \n \t\tAmazon EBS Multi-Attach in the Amazon EBS User Guide.
The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number\n (ASN).
", + "smithy.api#documentation": "The customer gateway device's Border Gateway Protocol (BGP) Autonomous System Number\n (ASN).
\nValid values: 1 to 2,147,483,647\n
The IP address of the customer gateway device's outside interface.
", + "smithy.api#documentation": "\n IPv4 address for the customer gateway device's outside interface. The address must be static. If OutsideIpAddressType in your VPN connection options is set to PrivateIpv4, you can use an RFC6598 or RFC1918 private IPv4 address. If OutsideIpAddressType is set to PublicIpv4, you can use a public IPv4 address.\n
Any tags assigned to the customer gateway.
", "smithy.api#xmlName": "tagSet" } + }, + "BgpAsnExtended": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "BgpAsnExtended", + "smithy.api#documentation": "The customer gateway device's Border Gateway Protocol (BGP) Autonomous System Number\n (ASN).
\nValid values: 2,147,483,648 to 4,294,967,295\n
Deletes the specified EC2 Fleets.
\nAfter you delete an EC2 Fleet, it launches no new instances.
\nYou must also specify whether a deleted EC2 Fleet should terminate its instances. If you\n choose to terminate the instances, the EC2 Fleet enters the deleted_terminating\n state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances\n continue to run until they are interrupted or you terminate them manually.
For instant fleets, EC2 Fleet must terminate the instances when the fleet is\n deleted. A deleted instant fleet with running instances is not\n supported.
\n Restrictions\n
\nYou can delete up to 25 instant fleets in a single request. If you exceed this\n number, no instant fleets are deleted and an error is returned. There is no\n restriction on the number of fleets of type maintain or request that can be deleted\n in a single request.
Up to 1000 instances can be terminated in a single request to delete\n instant fleets.
For more information, see Delete an EC2\n Fleet in the Amazon EC2 User Guide.
" + "smithy.api#documentation": "Deletes the specified EC2 Fleets.
\nAfter you delete an EC2 Fleet, it launches no new instances.
\nYou must also specify whether a deleted EC2 Fleet should terminate its instances. If you\n choose to terminate the instances, the EC2 Fleet enters the deleted_terminating\n state. Otherwise, the EC2 Fleet enters the deleted_running state, and the instances\n continue to run until they are interrupted or you terminate them manually.
For instant fleets, EC2 Fleet must terminate the instances when the fleet is\n deleted. Up to 1000 instances can be terminated in a single request to delete\n instant fleets. A deleted instant fleet with running instances\n is not supported.
\n Restrictions\n
\nYou can delete up to 25 fleets of type instant in a single\n request.
You can delete up to 100 fleets of type maintain or\n request in a single request.
You can delete up to 125 fleets in a single request, provided you do not exceed\n the quota for each fleet type, as specified above.
\nIf you exceed the specified number of fleets to delete, no fleets are\n deleted.
\nFor more information, see Delete an EC2\n Fleet in the Amazon EC2 User Guide.
" } }, "com.amazonaws.ec2#DeleteFleetsRequest": { @@ -22459,7 +22754,7 @@ "target": "com.amazonaws.ec2#FleetIdSet", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The IDs of the EC2 Fleets.
", + "smithy.api#documentation": "The IDs of the EC2 Fleets.
\nConstraints: In a single request, you can specify up to 25 instant fleet\n IDs and up to 100 maintain or request fleet IDs.
The ID of the launch template.
\nYou must specify either the LaunchTemplateId or the\n LaunchTemplateName, but not both.
The ID of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "LaunchTemplateName": { "target": "com.amazonaws.ec2#LaunchTemplateName", "traits": { - "smithy.api#documentation": "The name of the launch template.
\nYou must specify either the LaunchTemplateName or the\n LaunchTemplateId, but not both.
The name of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } } }, @@ -23160,13 +23455,13 @@ "LaunchTemplateId": { "target": "com.amazonaws.ec2#LaunchTemplateId", "traits": { - "smithy.api#documentation": "The ID of the launch template.
\nYou must specify either the LaunchTemplateId or the\n LaunchTemplateName, but not both.
The ID of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "LaunchTemplateName": { "target": "com.amazonaws.ec2#LaunchTemplateName", "traits": { - "smithy.api#documentation": "The name of the launch template.
\nYou must specify either the LaunchTemplateName or the\n LaunchTemplateId, but not both.
The name of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "Versions": { @@ -24439,7 +24734,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Deletes the specified snapshot.
\nWhen you make periodic snapshots of a volume, the snapshots are incremental, and only the\n blocks on the device that have changed since your last snapshot are saved in the new snapshot.\n When you delete a snapshot, only the data not needed for any other snapshot is removed. So\n regardless of which prior snapshots have been deleted, all active snapshots will have access\n to all the information needed to restore the volume.
\nYou cannot delete a snapshot of the root device of an EBS volume used by a registered AMI.\n You must first de-register the AMI before you can delete the snapshot.
\nFor more information, see Delete an Amazon EBS snapshot in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Deletes the specified snapshot.
\nWhen you make periodic snapshots of a volume, the snapshots are incremental, and only the\n blocks on the device that have changed since your last snapshot are saved in the new snapshot.\n When you delete a snapshot, only the data not needed for any other snapshot is removed. So\n regardless of which prior snapshots have been deleted, all active snapshots will have access\n to all the information needed to restore the volume.
\nYou cannot delete a snapshot of the root device of an EBS volume used by a registered AMI.\n You must first de-register the AMI before you can delete the snapshot.
\nFor more information, see Delete an Amazon EBS snapshot in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To delete a snapshot", @@ -25294,7 +25589,7 @@ "target": "com.amazonaws.ec2#DeleteTransitGatewayRouteTableResult" }, "traits": { - "smithy.api#documentation": "Deletes the specified transit gateway route table. You must disassociate the route table from any\n transit gateway route tables before you can delete it.
" + "smithy.api#documentation": "Deletes the specified transit gateway route table. If there are any route tables associated with\n the transit gateway route table, you must first run DisassociateRouteTable before you can delete the transit gateway route table. This removes any route tables associated with the transit gateway route table.
" } }, "com.amazonaws.ec2#DeleteTransitGatewayRouteTableAnnouncement": { @@ -25672,7 +25967,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Deletes the specified EBS volume. The volume must be in the available state\n (not attached to an instance).
The volume can remain in the deleting state for several minutes.
For more information, see Delete an Amazon EBS volume in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Deletes the specified EBS volume. The volume must be in the available state\n (not attached to an instance).
The volume can remain in the deleting state for several minutes.
For more information, see Delete an Amazon EBS volume in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To delete a volume", @@ -26548,7 +26843,7 @@ "target": "com.amazonaws.ec2#DescribeAccountAttributesResult" }, "traits": { - "smithy.api#documentation": "Describes attributes of your Amazon Web Services account. The following are the supported account attributes:
\n\n default-vpc: The ID of the default VPC for your account, or none.
\n max-instances: This attribute is no longer supported. The returned\n value does not reflect your actual vCPU limit for running On-Demand Instances.\n For more information, see On-Demand Instance Limits in the\n Amazon Elastic Compute Cloud User Guide.
\n max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate.
\n supported-platforms: This attribute is deprecated.
\n vpc-max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate.
\n vpc-max-security-groups-per-interface: The maximum number of security groups\n that you can assign to a network interface.
Describes attributes of your Amazon Web Services account. The following are the supported account attributes:
\n\n default-vpc: The ID of the default VPC for your account, or none.
\n max-instances: This attribute is no longer supported. The returned\n value does not reflect your actual vCPU limit for running On-Demand Instances.\n For more information, see On-Demand Instance Limits in the\n Amazon Elastic Compute Cloud User Guide.
\n max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate.
\n supported-platforms: This attribute is deprecated.
\n vpc-max-elastic-ips: The maximum number of Elastic IP addresses that you can allocate.
\n vpc-max-security-groups-per-interface: The maximum number of security groups\n that you can assign to a network interface.
The order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes the Availability Zones, Local Zones, and Wavelength Zones that are available to\n you. If there is an event impacting a zone, you can use this request to view the state and any\n provided messages for that zone.
\nFor more information about Availability Zones, Local Zones, and Wavelength Zones, see\n Regions and zones \n in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to\n you. If there is an event impacting a zone, you can use this request to view the state and any\n provided messages for that zone.
\nFor more information about Availability Zones, Local Zones, and Wavelength Zones, see\n Regions and zones \n in the Amazon Elastic Compute Cloud User Guide.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nThe filters.
\n\n group-name - For Availability Zones, use the Region name. For Local\n Zones, use the name of the group associated with the Local Zone (for example,\n us-west-2-lax-1) For Wavelength Zones, use the name of the group associated\n with the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).
\n message - The Zone message.
\n opt-in-status - The opt-in status (opted-in |\n not-opted-in | opt-in-not-required).
\n parent-zoneID - The ID of the zone that handles some of the Local Zone\n and Wavelength Zone control plane operations, such as API calls.
\n parent-zoneName - The ID of the zone that handles some of the Local Zone\n and Wavelength Zone control plane operations, such as API calls.
\n region-name - The name of the Region for the Zone (for example,\n us-east-1).
\n state - The state of the Availability Zone, the Local Zone, or the\n Wavelength Zone (available).
\n zone-id - The ID of the Availability Zone (for example,\n use1-az1), the Local Zone (for example, usw2-lax1-az1), or the\n Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).
\n zone-name - The name of the Availability Zone (for example,\n us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or\n the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).
\n zone-type - The type of zone (availability-zone | \n local-zone | wavelength-zone).
The filters.
\n\n group-name - For Availability Zones, use the Region name. For Local\n Zones, use the name of the group associated with the Local Zone (for example,\n us-west-2-lax-1) For Wavelength Zones, use the name of the group associated\n with the Wavelength Zone (for example, us-east-1-wl1).
\n message - The Zone message.
\n opt-in-status - The opt-in status (opted-in |\n not-opted-in | opt-in-not-required).
\n parent-zone-id - The ID of the zone that handles some of the Local Zone\n and Wavelength Zone control plane operations, such as API calls.
\n parent-zone-name - The ID of the zone that handles some of the Local Zone\n and Wavelength Zone control plane operations, such as API calls.
\n region-name - The name of the Region for the Zone (for example,\n us-east-1).
\n state - The state of the Availability Zone, the Local Zone, or the\n Wavelength Zone (available).
\n zone-id - The ID of the Availability Zone (for example,\n use1-az1), the Local Zone (for example, usw2-lax1-az1), or the\n Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).
\n zone-name - The name of the Availability Zone (for example,\n us-east-1a), the Local Zone (for example, us-west-2-lax-1a), or\n the Wavelength Zone (for example, us-east-1-wl1-bos-wlz-1).
\n zone-type - The type of zone (availability-zone | \n local-zone | wavelength-zone).
Describes the specified bundle tasks or all of your bundle tasks.
\nCompleted bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task.
Describes the specified bundle tasks or all of your bundle tasks.
\nCompleted bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name and image manifest name you provided to the bundle task.
The order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes Capacity Block offerings available for purchase. With Capacity Blocks, you purchase a specific instance type for a period of time.
", + "smithy.api#documentation": "Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using. With Capacity Blocks, you purchase a specific instance type for a period of time.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -27347,7 +27701,7 @@ "MaxResults": { "target": "com.amazonaws.ec2#DescribeCapacityBlockOfferingsMaxResults", "traits": { - "smithy.api#documentation": "The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, \n see Pagination.
" } } }, @@ -27425,7 +27779,7 @@ "MaxResults": { "target": "com.amazonaws.ec2#DescribeCapacityReservationFleetsMaxResults", "traits": { - "smithy.api#documentation": "The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, \n see Pagination.
" } }, "Filters": { @@ -27516,7 +27870,7 @@ "MaxResults": { "target": "com.amazonaws.ec2#DescribeCapacityReservationsMaxResults", "traits": { - "smithy.api#documentation": "The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, \n see Pagination.
" } }, "Filters": { @@ -28758,7 +29112,7 @@ "target": "com.amazonaws.ec2#DescribeElasticGpusResult" }, "traits": { - "smithy.api#documentation": "Describes the Elastic Graphics accelerator associated with your instances. For more information\n about Elastic Graphics, see Amazon Elastic Graphics.
" + "smithy.api#documentation": "Amazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nDescribes the Elastic Graphics accelerator associated with your instances. For more information\n about Elastic Graphics, see Amazon Elastic Graphics.
" } }, "com.amazonaws.ec2#DescribeElasticGpusMaxResults": { @@ -29542,7 +29896,7 @@ "target": "com.amazonaws.ec2#DescribeFleetInstancesResult" }, "traits": { - "smithy.api#documentation": "Describes the running instances for the specified EC2 Fleet.
\nFor more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.
" + "smithy.api#documentation": "Describes the running instances for the specified EC2 Fleet.
\nCurrently, DescribeFleetInstances does not support fleets of type\n instant. Instead, use DescribeFleets, specifying the\n instant fleet ID in the request.
For more information, see Describe your\n EC2 Fleet in the Amazon EC2 User Guide.
" } }, "com.amazonaws.ec2#DescribeFleetInstancesRequest": { @@ -29627,7 +29981,7 @@ "target": "com.amazonaws.ec2#DescribeFleetsResult" }, "traits": { - "smithy.api#documentation": "Describes the specified EC2 Fleets or all of your EC2 Fleets.
\nFor more information, see Monitor your EC2 Fleet in the Amazon EC2 User Guide.
", + "smithy.api#documentation": "Describes the specified EC2 Fleet or all of your EC2 Fleets.
\nIf a fleet is of type instant, you must specify the fleet ID in the\n request, otherwise the fleet does not appear in the response.
For more information, see Describe your\n EC2 Fleet in the Amazon EC2 User Guide.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -30468,7 +30822,7 @@ "target": "com.amazonaws.ec2#ImageAttribute" }, "traits": { - "smithy.api#documentation": "Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
", + "smithy.api#documentation": "Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
\nThe images available to you include public images, private images that you own, and private images owned by other \n Amazon Web Services accounts for which you have explicit launch permissions.
\nRecently deregistered images appear in the returned results for a short interval and then\n return empty results. After all instances that reference a deregistered AMI are terminated,\n specifying the ID of the image will eventually return an error indicating that the AMI ID\n cannot be found.
", + "smithy.api#documentation": "Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
\nThe images available to you include public images, private images that you own, and private images owned by other \n Amazon Web Services accounts for which you have explicit launch permissions.
\nRecently deregistered images appear in the returned results for a short interval and then\n return empty results. After all instances that reference a deregistered AMI are terminated,\n specifying the ID of the image will eventually return an error indicating that the AMI ID\n cannot be found.
\nWe strongly recommend using only paginated requests. Unpaginated requests are\n susceptible to throttling and timeouts.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes the status of the specified instances or all of your instances. By default,\n only running instances are described, unless you specifically indicate to return the\n status of all instances.
\nInstance status includes the following components:
\n\n Status checks - Amazon EC2 performs status\n checks on running EC2 instances to identify hardware and software issues. For\n more information, see Status checks for your instances and Troubleshoot\n instances with failed status checks in the Amazon EC2 User\n Guide.
\n\n Scheduled events - Amazon EC2 can schedule\n events (such as reboot, stop, or terminate) for your instances related to\n hardware issues, software updates, or system maintenance. For more information,\n see Scheduled events for your instances in the Amazon EC2 User\n Guide.
\n\n Instance state - You can manage your instances\n from the moment you launch them through their termination. For more information,\n see Instance\n lifecycle in the Amazon EC2 User Guide.
\nDescribes the status of the specified instances or all of your instances. By default,\n only running instances are described, unless you specifically indicate to return the\n status of all instances.
\nInstance status includes the following components:
\n\n Status checks - Amazon EC2 performs status\n checks on running EC2 instances to identify hardware and software issues. For\n more information, see Status checks for your instances and Troubleshoot\n instances with failed status checks in the Amazon EC2 User\n Guide.
\n\n Scheduled events - Amazon EC2 can schedule\n events (such as reboot, stop, or terminate) for your instances related to\n hardware issues, software updates, or system maintenance. For more information,\n see Scheduled events for your instances in the Amazon EC2 User\n Guide.
\n\n Instance state - You can manage your instances\n from the moment you launch them through their termination. For more information,\n see Instance\n lifecycle in the Amazon EC2 User Guide.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nReturns a list of all instance types offered. The results can be filtered by location (Region or Availability\n Zone). If no location is specified, the instance types offered in the current Region are returned.
", + "smithy.api#documentation": "Lists the instance types that are offered for the specified location. If no location is specified, the default\n is to list the instance types that are offered in the current Region.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -31592,13 +31977,13 @@ "LocationType": { "target": "com.amazonaws.ec2#LocationType", "traits": { - "smithy.api#documentation": "The location type.
" + "smithy.api#documentation": "The location type.
\n\n availability-zone - The Availability Zone. When you specify a location filter, it must be\n an Availability Zone for the current Region.
\n availability-zone-id - The AZ ID. When you specify a location filter, it must be\n an AZ ID for the current Region.
\n outpost - The Outpost ARN. When you specify a location filter, it must be an Outpost ARN\n for the current Region.
\n region - The current Region. If you specify a location filter, it must match the current Region.
One or more filters. Filter names and values are case-sensitive.
\n\n location - This depends on the location type. For example, if the location type is\n region (default), the location is the Region code (for example, us-east-2.)
\n instance-type - The instance type. For example,\n c5.2xlarge.
One or more filters. Filter names and values are case-sensitive.
\n\n instance-type - The instance type. For a list of possible values, see \n Instance.
\n location - The location. For a list of possible identifiers, see Regions and Zones.
The instance types offered.
", + "smithy.api#documentation": "The instance types offered in the location.
", "smithy.api#xmlName": "instanceTypeOfferingSet" } }, @@ -31652,7 +32037,7 @@ "target": "com.amazonaws.ec2#DescribeInstanceTypesResult" }, "traits": { - "smithy.api#documentation": "Describes the details of the instance types that are offered in a location. The results can be filtered by the\n attributes of the instance types.
", + "smithy.api#documentation": "Describes the specified instance types. By default, all instance types for the current Region are described.\n Alternatively, you can filter the results.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -31673,7 +32058,7 @@ "InstanceTypes": { "target": "com.amazonaws.ec2#RequestInstanceTypeList", "traits": { - "smithy.api#documentation": "The instance types. For more information, see Instance types in the Amazon EC2 User Guide.
", + "smithy.api#documentation": "The instance types.
", "smithy.api#xmlName": "InstanceType" } }, @@ -31708,7 +32093,7 @@ "target": "com.amazonaws.ec2#InstanceTypeInfoList", "traits": { "aws.protocols#ec2QueryName": "InstanceTypeSet", - "smithy.api#documentation": "The instance type. For more information, see Instance types in the Amazon EC2 User Guide.
", + "smithy.api#documentation": "The instance type.
", "smithy.api#xmlName": "instanceTypeSet" } }, @@ -31734,7 +32119,7 @@ "target": "com.amazonaws.ec2#DescribeInstancesResult" }, "traits": { - "smithy.api#documentation": "Describes the specified instances or all instances.
\nIf you specify instance IDs, the output includes information for only the specified\n instances. If you specify filters, the output includes information for only those\n instances that meet the filter criteria. If you do not specify instance IDs or filters,\n the output includes information for all instances, which can affect performance. We\n recommend that you use pagination to ensure that the operation returns quickly and\n successfully.
\nIf you specify an instance ID that is not valid, an error is returned. If you specify\n an instance that you do not own, it is not included in the output.
\nRecently terminated instances might appear in the returned results. This interval is\n usually less than one hour.
\nIf you describe instances in the rare case where an Availability Zone is experiencing\n a service disruption and you specify instance IDs that are in the affected zone, or do\n not specify any instance IDs at all, the call fails. If you describe instances and\n specify only instance IDs that are in an unaffected zone, the call works\n normally.
", + "smithy.api#documentation": "Describes the specified instances or all instances.
\nIf you specify instance IDs, the output includes information for only the specified\n instances. If you specify filters, the output includes information for only those\n instances that meet the filter criteria. If you do not specify instance IDs or filters,\n the output includes information for all instances, which can affect performance. We\n recommend that you use pagination to ensure that the operation returns quickly and\n successfully.
\nIf you specify an instance ID that is not valid, an error is returned. If you specify\n an instance that you do not own, it is not included in the output.
\nRecently terminated instances might appear in the returned results. This interval is\n usually less than one hour.
\nIf you describe instances in the rare case where an Availability Zone is experiencing\n a service disruption and you specify instance IDs that are in the affected zone, or do\n not specify any instance IDs at all, the call fails. If you describe instances and\n specify only instance IDs that are in an unaffected zone, the call works\n normally.
\nWe strongly recommend using only paginated requests. Unpaginated requests are\n susceptible to throttling and timeouts.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nThe ID of the launch template.
\nTo describe one or more versions of a specified launch template, you must specify\n either the LaunchTemplateId or the LaunchTemplateName, but not\n both.
To describe all the latest or default launch template versions in your account, you\n must omit this parameter.
" + "smithy.api#documentation": "The ID of the launch template.
\nTo describe one or more versions of a specified launch template, you must specify\n either the launch template ID or the launch template name, but not both.
\nTo describe all the latest or default launch template versions in your account, you\n must omit this parameter.
" } }, "LaunchTemplateName": { "target": "com.amazonaws.ec2#LaunchTemplateName", "traits": { - "smithy.api#documentation": "The name of the launch template.
\nTo describe one or more versions of a specified launch template, you must specify\n either the LaunchTemplateName or the LaunchTemplateId, but not\n both.
To describe all the latest or default launch template versions in your account, you\n must omit this parameter.
" + "smithy.api#documentation": "The name of the launch template.
\nTo describe one or more versions of a specified launch template, you must specify\n either the launch template name or the launch template ID, but not both.
\nTo describe all the latest or default launch template versions in your account, you\n must omit this parameter.
" } }, "Versions": { @@ -33671,6 +34103,91 @@ "smithy.api#output": {} } }, + "com.amazonaws.ec2#DescribeMacHosts": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#DescribeMacHostsRequest" + }, + "output": { + "target": "com.amazonaws.ec2#DescribeMacHostsResult" + }, + "traits": { + "smithy.api#documentation": "Describes the specified EC2 Mac Dedicated Host or all of your EC2 Mac Dedicated Hosts.
", + "smithy.api#paginated": { + "inputToken": "NextToken", + "outputToken": "NextToken", + "items": "MacHosts", + "pageSize": "MaxResults" + } + } + }, + "com.amazonaws.ec2#DescribeMacHostsRequest": { + "type": "structure", + "members": { + "Filters": { + "target": "com.amazonaws.ec2#FilterList", + "traits": { + "smithy.api#documentation": "The filters.
\n\n availability-zone - The Availability Zone of the EC2 Mac Dedicated Host.
\n instance-type - The instance type size that the EC2 Mac Dedicated Host is\n configured to support.
\n The IDs of the EC2 Mac Dedicated Hosts.\n
", + "smithy.api#xmlName": "HostId" + } + }, + "MaxResults": { + "target": "com.amazonaws.ec2#DescribeMacHostsRequestMaxResults", + "traits": { + "smithy.api#documentation": "The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.
The token to use to retrieve the next page of results.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.ec2#DescribeMacHostsRequestMaxResults": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 5, + "max": 500 + } + } + }, + "com.amazonaws.ec2#DescribeMacHostsResult": { + "type": "structure", + "members": { + "MacHosts": { + "target": "com.amazonaws.ec2#MacHostList", + "traits": { + "aws.protocols#ec2QueryName": "MacHostSet", + "smithy.api#documentation": "\n Information about the EC2 Mac Dedicated Hosts.\n
", + "smithy.api#xmlName": "macHostSet" + } + }, + "NextToken": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "NextToken", + "smithy.api#documentation": "The token to use to retrieve the next page of results.
", + "smithy.api#xmlName": "nextToken" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.ec2#DescribeManagedPrefixLists": { "type": "operation", "input": { @@ -34599,6 +35116,51 @@ "InstanceOwnerId": "123456789012" } } + }, + { + "title": "To describe the description attribute of a network interface", + "documentation": "This example describes the description attribute of the specified network interface.", + "input": { + "NetworkInterfaceId": "eni-686ea200", + "Attribute": "description" + }, + "output": { + "NetworkInterfaceId": "eni-686ea200", + "Description": { + "Value": "My description" + } + } + }, + { + "title": "To describe the groupSet attribute of a network interface", + "documentation": "This example describes the groupSet attribute of the specified network interface.", + "input": { + "NetworkInterfaceId": "eni-686ea200", + "Attribute": "groupSet" + }, + "output": { + "NetworkInterfaceId": "eni-686ea200", + "Groups": [ + { + "GroupName": "my-security-group", + "GroupId": "sg-903004f8" + } + ] + } + }, + { + "title": "To describe the sourceDestCheck attribute of a network interface", + "documentation": "This example describes the sourceDestCheck attribute of the specified network interface.", + "input": { + "NetworkInterfaceId": "eni-686ea200", + "Attribute": "sourceDestCheck" + }, + "output": { + "NetworkInterfaceId": "eni-686ea200", + "SourceDestCheck": { + "Value": true + } + } } ] } @@ -34680,6 +35242,14 @@ "smithy.api#documentation": "Indicates whether source/destination checking is enabled.
", "smithy.api#xmlName": "sourceDestCheck" } + }, + "AssociatePublicIpAddress": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "aws.protocols#ec2QueryName": "AssociatePublicIpAddress", + "smithy.api#documentation": "Indicates whether to assign a public IPv4 address to a network interface. \n This option can be enabled for any network interface but will only apply to the primary network interface (eth0).
", + "smithy.api#xmlName": "associatePublicIpAddress" + } } }, "traits": { @@ -34783,7 +35353,7 @@ "target": "com.amazonaws.ec2#DescribeNetworkInterfacesResult" }, "traits": { - "smithy.api#documentation": "Describes one or more of your network interfaces.
\nIf you have a large number of network interfaces, the operation fails unless \n you use pagination or one of the following filters: group-id, \n mac-address, private-dns-name, private-ip-address, \n private-dns-name, subnet-id, or vpc-id.
Describes one or more of your network interfaces.
\nIf you have a large number of network interfaces, the operation fails unless \n you use pagination or one of the following filters: group-id, \n mac-address, private-dns-name, private-ip-address, \n private-dns-name, subnet-id, or vpc-id.
We strongly recommend using only paginated requests. Unpaginated requests are\n susceptible to throttling and timeouts.
\nInformation about one or more network interfaces.
", + "smithy.api#documentation": "Information about the network interfaces.
", "smithy.api#xmlName": "networkInterfaceSet" } }, @@ -35276,7 +35846,7 @@ "target": "com.amazonaws.ec2#DescribeRegionsResult" }, "traits": { - "smithy.api#documentation": "Describes the Regions that are enabled for your account, or all Regions.
\nFor a list of the Regions supported by Amazon EC2, see \n Amazon Elastic Compute Cloud endpoints and quotas.
\nFor information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.
", + "smithy.api#documentation": "Describes the Regions that are enabled for your account, or all Regions.
\nFor a list of the Regions supported by Amazon EC2, see \n Amazon Elastic Compute Cloud endpoints and quotas.
\nFor information about enabling and disabling Regions for your account, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference.
\nThe order of the elements in the response, including those within nested structures,\n might vary. Applications should not assume the elements appear in a particular order.
\nDescribes one or more of the Reserved Instances that you purchased.
\nFor more information about Reserved Instances, see Reserved\n\t\t\t\tInstances in the Amazon EC2 User Guide.
" + "smithy.api#documentation": "Describes one or more of the Reserved Instances that you purchased.
\nFor more information about Reserved Instances, see Reserved\n\t\t\t\tInstances in the Amazon EC2 User Guide.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes your account's Reserved Instance listings in the Reserved Instance Marketplace.
\nThe Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.
\nAs a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.
\nAs a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you're searching for with what's available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.
\nFor more information, see Reserved Instance Marketplace \n in the Amazon EC2 User Guide.
" + "smithy.api#documentation": "Describes your account's Reserved Instance listings in the Reserved Instance Marketplace.
\nThe Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and sold through the Reserved Instance Marketplace work like any other Reserved Instances.
\nAs a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are available for purchase.
\nAs a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace matches what you're searching for with what's available. The Marketplace first sells the lowest priced Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your demand is met. You are charged based on the total price of all of the listings that you purchase.
\nFor more information, see Reserved Instance Marketplace \n in the Amazon EC2 User Guide.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.
\nFor more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.
", + "smithy.api#documentation": "Describes the modifications made to your Reserved Instances. If no parameter is specified, information about all your Reserved Instances modification requests is returned. If a modification ID is specified, only information about the specific modification is returned.
\nFor more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.
\nIf you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.
\nFor more information, see Reserved Instance Marketplace\n\t\t\t\tin the Amazon EC2 User Guide.
", + "smithy.api#documentation": "Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you purchase the right to launch instances for a period of time. During that time period, you do not receive insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances for the actual time used.
\nIf you have listed your own Reserved Instances for sale in the Reserved Instance Marketplace, they will be excluded from these results. This is to ensure that you do not purchase your own Reserved Instances.
\nFor more information, see Reserved Instance Marketplace\n\t\t\t\tin the Amazon EC2 User Guide.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nThe filters.
\n\n association.route-table-association-id - The ID of an association\n ID for the route table.
\n association.route-table-id - The ID of the route table involved in\n the association.
\n association.subnet-id - The ID of the subnet involved in the\n association.
\n association.main - Indicates whether the route table is the main\n route table for the VPC (true | false). Route tables\n that do not have an association ID are not returned in the response.
\n owner-id - The ID of the Amazon Web Services account that owns the route table.
\n route-table-id - The ID of the route table.
\n route.destination-cidr-block - The IPv4 CIDR range specified in a\n route in the table.
\n route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.
\n route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Service\n specified in a route in the table.
\n route.egress-only-internet-gateway-id - The ID of an\n egress-only Internet gateway specified in a route in the route table.
\n route.gateway-id - The ID of a gateway specified in a route in the table.
\n route.instance-id - The ID of an instance specified in a route in the table.
\n route.nat-gateway-id - The ID of a NAT gateway.
\n route.transit-gateway-id - The ID of a transit gateway.
\n route.origin - Describes how the route was created. \n CreateRouteTable indicates that the route was automatically\n created when the route table was created; CreateRoute indicates\n that the route was manually added to the route table;\n EnableVgwRoutePropagation indicates that the route was\n propagated by route propagation.
\n route.state - The state of a route in the route table\n (active | blackhole). The blackhole state\n indicates that the route's target isn't available (for example, the specified\n gateway isn't attached to the VPC, the specified NAT instance has been\n terminated, and so on).
\n route.vpc-peering-connection-id - The ID of a VPC peering\n\t\t connection specified in a route in the table.
\n tag:Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
\n vpc-id - The ID of the VPC for the route table.
The filters.
\n\n association.gateway-id - The ID of the gateway involved in the\n\t\t association.
\n association.route-table-association-id - The ID of an association\n ID for the route table.
\n association.route-table-id - The ID of the route table involved in\n the association.
\n association.subnet-id - The ID of the subnet involved in the\n association.
\n association.main - Indicates whether the route table is the main\n route table for the VPC (true | false). Route tables\n that do not have an association ID are not returned in the response.
\n owner-id - The ID of the Amazon Web Services account that owns the route table.
\n route-table-id - The ID of the route table.
\n route.destination-cidr-block - The IPv4 CIDR range specified in a\n route in the table.
\n route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.
\n route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Service\n specified in a route in the table.
\n route.egress-only-internet-gateway-id - The ID of an\n egress-only Internet gateway specified in a route in the route table.
\n route.gateway-id - The ID of a gateway specified in a route in the table.
\n route.instance-id - The ID of an instance specified in a route in the table.
\n route.nat-gateway-id - The ID of a NAT gateway.
\n route.transit-gateway-id - The ID of a transit gateway.
\n route.origin - Describes how the route was created. \n CreateRouteTable indicates that the route was automatically\n created when the route table was created; CreateRoute indicates\n that the route was manually added to the route table;\n EnableVgwRoutePropagation indicates that the route was\n propagated by route propagation.
\n route.state - The state of a route in the route table\n (active | blackhole). The blackhole state\n indicates that the route's target isn't available (for example, the specified\n gateway isn't attached to the VPC, the specified NAT instance has been\n terminated, and so on).
\n route.vpc-peering-connection-id - The ID of a VPC peering\n\t\t connection specified in a route in the table.
\n tag:Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
\n tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
\n vpc-id - The ID of the VPC for the route table.
Describes the VPCs on the other side of a VPC peering connection or the VPCs attached to a transit gateway that are referencing the security groups you've specified in this request.
", + "smithy.api#documentation": "Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.
", "smithy.api#examples": [ { "title": "To describe security group references", @@ -36352,6 +36935,21 @@ ] }, "output": {} + }, + { + "title": "To describe a tagged security group", + "documentation": "This example describes the security groups that include the specified tag (Purpose=test).", + "input": { + "Filters": [ + { + "Name": "tag:Purpose", + "Values": [ + "test" + ] + } + ] + }, + "output": {} } ], "smithy.api#paginated": { @@ -36479,7 +37077,7 @@ "target": "com.amazonaws.ec2#DescribeSnapshotAttributeResult" }, "traits": { - "smithy.api#documentation": "Describes the specified attribute of the specified snapshot. You can specify only one\n attribute at a time.
\nFor more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the specified attribute of the specified snapshot. You can specify only one\n attribute at a time.
\nFor more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To describe snapshot attributes", @@ -36647,7 +37245,7 @@ "target": "com.amazonaws.ec2#DescribeSnapshotsResult" }, "traits": { - "smithy.api#documentation": "Describes the specified EBS snapshots available to you or all of the EBS snapshots\n available to you.
\nThe snapshots available to you include public snapshots, private snapshots that you own,\n and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume\n permissions.
\nThe create volume permissions fall into the following categories:
\n\n public: The owner of the snapshot granted create volume\n permissions for the snapshot to the all group. All Amazon Web Services accounts have create\n volume permissions for these snapshots.
\n explicit: The owner of the snapshot granted create volume\n permissions to a specific Amazon Web Services account.
\n\n implicit: An Amazon Web Services account has implicit create volume permissions\n for all snapshots it owns.
\nThe list of snapshots returned can be filtered by specifying snapshot IDs, snapshot\n owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, \n Amazon EC2 returns all snapshots for which you have create volume permissions.
\nIf you specify one or more snapshot IDs, only snapshots that have the specified IDs are\n returned. If you specify an invalid snapshot ID, an error is returned. If you specify a\n snapshot ID for which you do not have access, it is not included in the returned\n results.
\nIf you specify one or more snapshot owners using the OwnerIds option, only\n snapshots from the specified owners and for which you have access are returned. The results\n can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots\n owned by Amazon, or self for snapshots that you own.
If you specify a list of restorable users, only snapshots with create snapshot permissions\n for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots),\n self for snapshots for which you own or have explicit permissions, or\n all for public snapshots.
If you are describing a long list of snapshots, we recommend that you paginate the output to make the\n list more manageable. For more information, see Pagination.
\nTo get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.
\nFor more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the specified EBS snapshots available to you or all of the EBS snapshots\n available to you.
\nThe snapshots available to you include public snapshots, private snapshots that you own,\n and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume\n permissions.
\nThe create volume permissions fall into the following categories:
\n\n public: The owner of the snapshot granted create volume\n permissions for the snapshot to the all group. All Amazon Web Services accounts have create\n volume permissions for these snapshots.
\n explicit: The owner of the snapshot granted create volume\n permissions to a specific Amazon Web Services account.
\n\n implicit: An Amazon Web Services account has implicit create volume permissions\n for all snapshots it owns.
\nThe list of snapshots returned can be filtered by specifying snapshot IDs, snapshot\n owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, \n Amazon EC2 returns all snapshots for which you have create volume permissions.
\nIf you specify one or more snapshot IDs, only snapshots that have the specified IDs are\n returned. If you specify an invalid snapshot ID, an error is returned. If you specify a\n snapshot ID for which you do not have access, it is not included in the returned\n results.
\nIf you specify one or more snapshot owners using the OwnerIds option, only\n snapshots from the specified owners and for which you have access are returned. The results\n can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots\n owned by Amazon, or self for snapshots that you own.
If you specify a list of restorable users, only snapshots with create snapshot permissions\n for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots),\n self for snapshots for which you own or have explicit permissions, or\n all for public snapshots.
If you are describing a long list of snapshots, we recommend that you paginate the output to make the\n list more manageable. For more information, see Pagination.
\nTo get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.
\nFor more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide.
\nWe strongly recommend using only paginated requests. Unpaginated requests are\n susceptible to throttling and timeouts.
\nThe token to include in another request to get the next page of items. This value is null when there\n are no more items to return.
The token to include in another request to get the next page of items. This value is\n an empty string (\"\") or null when there are no more items to return.
Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in the same VPC, peered VPC, or in separate VPCs attached to a transit gateway (with security group referencing support enabled). Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted or if they reference a security group in a VPC that has been detached from a transit gateway.
", + "smithy.api#documentation": "Describes the stale security group rules for security groups in a specified VPC. \n Rules are stale when they reference a deleted security group in the same VPC or peered VPC. Rules can also be stale if they reference a security group in a peer VPC for which the VPC peering connection has \n been deleted.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -38021,7 +38651,7 @@ "target": "com.amazonaws.ec2#DescribeTagsResult" }, "traits": { - "smithy.api#documentation": "Describes the specified tags for your EC2 resources.
\nFor more information about tags, see Tag your Amazon EC2 resources in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the specified tags for your EC2 resources.
\nFor more information about tags, see Tag your Amazon EC2 resources in the\n Amazon Elastic Compute Cloud User Guide.
\nWe strongly recommend using only paginated requests. Unpaginated requests are\n susceptible to throttling and timeouts.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nThe filters.
\n\n key - The tag key.
\n resource-id - The ID of the resource.
\n resource-type - The resource type (customer-gateway | dedicated-host | dhcp-options | elastic-ip | fleet | fpga-image | host-reservation | image | instance | internet-gateway | key-pair | launch-template | natgateway | network-acl | network-interface | placement-group | reserved-instances | route-table | security-group | snapshot | spot-instances-request | subnet | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-peering-connection | vpn-connection | vpn-gateway).
\n tag:
\n value - The tag value.
The filters.
\n\n key - The tag key.
\n resource-id - The ID of the resource.
\n resource-type - The resource type. For a list of possible values, see \n TagSpecification.
\n tag:
\n value - The tag value.
One or more filters. The possible values are:
\n\n options.propagation-default-route-table-id - The ID of the default propagation route table.
\n options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.
\n options.association-default-route-table-id - The ID of the default association route table.
\n options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable).
\n options.default-route-table-association - Indicates whether resource attachments are automatically \n associated with the default association route table (enable | disable).
\n options.default-route-table-propagation - Indicates whether resource attachments automatically propagate \n routes to the default propagation route table (enable | disable).
\n options.dns-support - Indicates whether DNS support is enabled (enable | disable).
\n options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable).
\n owner-id - The ID of the Amazon Web Services account that owns the transit gateway.
\n state - The state of the transit gateway (available | deleted | deleting | modifying | pending).
\n transit-gateway-id - The ID of the transit gateway.
One or more filters. The possible values are:
\n\n options.propagation-default-route-table-id - The ID of the default propagation route table.
\n options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.
\n options.association-default-route-table-id - The ID of the default association route table.
\n options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable).
\n options.default-route-table-association - Indicates whether resource attachments are automatically \n associated with the default association route table (enable | disable).
\n options.default-route-table-propagation - Indicates whether resource attachments automatically propagate \n routes to the default propagation route table (enable | disable).
\n options.dns-support - Indicates whether DNS support is enabled (enable | disable).
\n options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable).
\n owner-id - The ID of the Amazon Web Services account that owns the transit gateway.
\n state - The state of the transit gateway (available | deleted | deleting | modifying | pending).
\n transit-gateway-id - The ID of the transit gateway.
\n tag-key - The key/value combination of a tag assigned to the resource. Use the\n tag key in the filter name and the tag value as the filter value. For example, to\n find all resources that have a tag with the key Owner and the value TeamA, specify\n tag:Owner for the filter name and TeamA for the filter value.
Describes the specified attribute of the specified volume. You can specify only one\n attribute at a time.
\nFor more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the specified attribute of the specified volume. You can specify only one\n attribute at a time.
\nFor more information about EBS volumes, see Amazon EBS volumes in the Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To describe a volume attribute", @@ -39846,7 +40476,7 @@ "target": "com.amazonaws.ec2#DescribeVolumeStatusResult" }, "traits": { - "smithy.api#documentation": "Describes the status of the specified volumes. Volume status provides the result of the\n checks performed on your volumes to determine events that can impair the performance of your\n volumes. The performance of a volume can be affected if an issue occurs on the volume's\n underlying host. If the volume's underlying host experiences a power outage or system issue,\n after the system is restored, there could be data inconsistencies on the volume. Volume events\n notify you if this occurs. Volume actions notify you if any action needs to be taken in\n response to the event.
\nThe DescribeVolumeStatus operation provides the following information about\n the specified volumes:
\n Status: Reflects the current status of the volume. The possible\n values are ok, impaired , warning, or\n insufficient-data. If all checks pass, the overall status of the volume is\n ok. If the check fails, the overall status is impaired. If the\n status is insufficient-data, then the checks might still be taking place on your\n volume at the time. We recommend that you retry the request. For more information about volume\n status, see Monitor the status of your volumes in the\n Amazon Elastic Compute Cloud User Guide.
\n Events: Reflect the cause of a volume status and might require you to\n take action. For example, if your volume returns an impaired status, then the\n volume event might be potential-data-inconsistency. This means that your volume\n has been affected by an issue with the underlying host, has all I/O operations disabled, and\n might have inconsistent data.
\n Actions: Reflect the actions you might have to take in response to an\n event. For example, if the status of the volume is impaired and the volume event\n shows potential-data-inconsistency, then the action shows\n enable-volume-io. This means that you may want to enable the I/O operations for\n the volume by calling the EnableVolumeIO action and then check the volume\n for data consistency.
Volume status is based on the volume status checks, and does not reflect the volume state.\n Therefore, volume status does not indicate volumes in the error state (for\n example, when a volume is incapable of accepting I/O.)
Describes the status of the specified volumes. Volume status provides the result of the\n checks performed on your volumes to determine events that can impair the performance of your\n volumes. The performance of a volume can be affected if an issue occurs on the volume's\n underlying host. If the volume's underlying host experiences a power outage or system issue,\n after the system is restored, there could be data inconsistencies on the volume. Volume events\n notify you if this occurs. Volume actions notify you if any action needs to be taken in\n response to the event.
\nThe DescribeVolumeStatus operation provides the following information about\n the specified volumes:
\n Status: Reflects the current status of the volume. The possible\n values are ok, impaired , warning, or\n insufficient-data. If all checks pass, the overall status of the volume is\n ok. If the check fails, the overall status is impaired. If the\n status is insufficient-data, then the checks might still be taking place on your\n volume at the time. We recommend that you retry the request. For more information about volume\n status, see Monitor the status of your volumes in the Amazon EBS User Guide.
\n Events: Reflect the cause of a volume status and might require you to\n take action. For example, if your volume returns an impaired status, then the\n volume event might be potential-data-inconsistency. This means that your volume\n has been affected by an issue with the underlying host, has all I/O operations disabled, and\n might have inconsistent data.
\n Actions: Reflect the actions you might have to take in response to an\n event. For example, if the status of the volume is impaired and the volume event\n shows potential-data-inconsistency, then the action shows\n enable-volume-io. This means that you may want to enable the I/O operations for\n the volume by calling the EnableVolumeIO action and then check the volume\n for data consistency.
Volume status is based on the volume status checks, and does not reflect the volume state.\n Therefore, volume status does not indicate volumes in the error state (for\n example, when a volume is incapable of accepting I/O.)
The order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes the specified EBS volumes or all of your EBS volumes.
\nIf you are describing a long list of volumes, we recommend that you paginate the output to make the list\n more manageable. For more information, see Pagination.
\nFor more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the specified EBS volumes or all of your EBS volumes.
\nIf you are describing a long list of volumes, we recommend that you paginate the output to make the list\n more manageable. For more information, see Pagination.
\nFor more information about EBS volumes, see Amazon EBS volumes in the Amazon EBS User Guide.
\nWe strongly recommend using only paginated requests. Unpaginated requests are\n susceptible to throttling and timeouts.
\nThe order of the elements in the response, including those within nested\n structures, might vary. Applications should not assume the elements appear in a\n particular order.
\nDescribes the most recent volume modification request for the specified EBS volumes.
\nIf a volume has never been modified, some information in the output will be null.\n If a volume has been modified more than once, the output includes only the most \n recent modification request.
\nYou can also use CloudWatch Events to check the status of a modification to an EBS\n volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see\n Monitor the progress of volume modifications in the Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Describes the most recent volume modification request for the specified EBS volumes.
\nIf a volume has never been modified, some information in the output will be null.\n If a volume has been modified more than once, the output includes only the most \n recent modification request.
\nYou can also use CloudWatch Events to check the status of a modification to an EBS\n volume. For information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. For more information, see\n Monitor the progress of volume modifications in the Amazon EBS User Guide.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -40255,6 +40945,20 @@ "Value": true } } + }, + { + "title": "To describe the enableDnsHostnames attribute", + "documentation": "This example describes the enableDnsHostnames attribute. This attribute indicates whether the instances launched in the VPC get DNS hostnames. If this attribute is true, instances in the VPC get DNS hostnames; otherwise, they do not.", + "input": { + "VpcId": "vpc-a01106c2", + "Attribute": "enableDnsHostnames" + }, + "output": { + "VpcId": "vpc-a01106c2", + "EnableDnsHostnames": { + "Value": true + } + } } ] } @@ -41779,7 +42483,7 @@ "target": "com.amazonaws.ec2#VolumeAttachment" }, "traits": { - "smithy.api#documentation": "Detaches an EBS volume from an instance. Make sure to unmount any file systems on the\n device within your operating system before detaching the volume. Failure to do so can result\n in the volume becoming stuck in the busy state while detaching. If this happens,\n detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot\n the instance, or all three. If an EBS volume is the root device of an instance, it can't be\n detached while the instance is running. To detach the root volume, stop the instance\n first.
When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the\n product code is no longer associated with the instance.
\nFor more information, see Detach an Amazon EBS volume in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Detaches an EBS volume from an instance. Make sure to unmount any file systems on the\n device within your operating system before detaching the volume. Failure to do so can result\n in the volume becoming stuck in the busy state while detaching. If this happens,\n detachment can be delayed indefinitely until you unmount the volume, force detachment, reboot\n the instance, or all three. If an EBS volume is the root device of an instance, it can't be\n detached while the instance is running. To detach the root volume, stop the instance\n first.
When a volume with an Amazon Web Services Marketplace product code is detached from an instance, the\n product code is no longer associated with the instance.
\nYou can't detach or force detach volumes that are attached to Amazon ECS or \n Fargate tasks. Attempting to do this results in the UnsupportedOperationException \n exception with the Unable to detach volume attached to ECS tasks error message.
For more information, see Detach an Amazon EBS volume in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To detach a volume from an instance", @@ -42207,7 +42911,7 @@ "target": "com.amazonaws.ec2#DisableEbsEncryptionByDefaultResult" }, "traits": { - "smithy.api#documentation": "Disables EBS encryption by default for your account in the current Region.
\nAfter you disable encryption by default, you can still create encrypted volumes by \n enabling encryption when you create each volume.
\nDisabling encryption by default does not change the encryption status of your\n existing volumes.
\nFor more information, see Amazon EBS encryption in the\n Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Disables EBS encryption by default for your account in the current Region.
\nAfter you disable encryption by default, you can still create encrypted volumes by \n enabling encryption when you create each volume.
\nDisabling encryption by default does not change the encryption status of your\n existing volumes.
\nFor more information, see Amazon EBS encryption in the\n Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#DisableEbsEncryptionByDefaultRequest": { @@ -42727,6 +43431,56 @@ "smithy.api#output": {} } }, + "com.amazonaws.ec2#DisableImageDeregistrationProtection": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#DisableImageDeregistrationProtectionRequest" + }, + "output": { + "target": "com.amazonaws.ec2#DisableImageDeregistrationProtectionResult" + }, + "traits": { + "smithy.api#documentation": "Disables deregistration protection for an AMI. When deregistration protection is disabled,\n the AMI can be deregistered.
\nIf you chose to include a 24-hour cooldown period when you enabled deregistration\n protection for the AMI, then, when you disable deregistration protection, you won’t\n immediately be able to deregister the AMI.
\nFor more information, see Protect an\n AMI from deregistration in the Amazon EC2 User Guide.
" + } + }, + "com.amazonaws.ec2#DisableImageDeregistrationProtectionRequest": { + "type": "structure", + "members": { + "ImageId": { + "target": "com.amazonaws.ec2#ImageId", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "The ID of the AMI.
", + "smithy.api#required": {} + } + }, + "DryRun": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Checks whether you have the required permissions for the action, without actually making the request, \n\t\t\tand provides an error response. If you have the required permissions, the error response is \n\t\t\tDryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.
\nIf block public access is enabled in block-all-sharing mode, and \n you disable block public access, all snapshots that were previously publicly shared \n are no longer treated as private and they become publicly accessible again.
For more information, see \n Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide .
\n " + "smithy.api#documentation": "Disables the block public access for snapshots setting at \n the account level for the specified Amazon Web Services Region. After you disable block public \n access for snapshots in a Region, users can publicly share snapshots in that Region.
\nIf block public access is enabled in block-all-sharing mode, and \n you disable block public access, all snapshots that were previously publicly shared \n are no longer treated as private and they become publicly accessible again.
For more information, see \n Block public access for snapshots in the Amazon EBS User Guide .
\n " } }, "com.amazonaws.ec2#DisableSnapshotBlockPublicAccessRequest": { @@ -44478,7 +45232,7 @@ "target": "com.amazonaws.ec2#VolumeType", "traits": { "aws.protocols#ec2QueryName": "VolumeType", - "smithy.api#documentation": "The volume type. For more information, see Amazon EBS volume types in the\n Amazon EC2 User Guide.
", + "smithy.api#documentation": "The volume type. For more information, see Amazon EBS volume types in the\n Amazon EBS User Guide.
", "smithy.api#xmlName": "volumeType" } }, @@ -44510,7 +45264,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "Encrypted", - "smithy.api#documentation": "Indicates whether the encryption state of an EBS volume is changed while being\n restored from a backing snapshot. The effect of setting the encryption state to true depends on \nthe volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide.
In no case can you remove encryption from an encrypted volume.
\nEncrypted volumes can only be attached to instances that support Amazon EBS encryption. For\n more information, see Supported instance types.
\nThis parameter is not returned by DescribeImageAttribute.
\nFor CreateImage and RegisterImage, whether you can \n include this parameter, and the allowed values differ depending on the type of block \n device mapping you are creating.
\nIf you are creating a block device mapping for a new (empty) \n volume, you can include this parameter, and specify either true \n for an encrypted volume, or false for an unencrypted volume. If you omit \n this parameter, it defaults to false (unencrypted).
If you are creating a block device mapping from an existing \n encrypted or unencrypted snapshot, you must omit this parameter. If you \n include this parameter, the request will fail, regardless of the value that you \n specify.
\nIf you are creating a block device mapping from an existing \n unencrypted volume, you can include this parameter, but you must specify \n false. If you specify true, the request will fail. In this \n case, we recommend that you omit the parameter.
If you are creating a block device mapping from an existing \n encrypted volume, you can include this parameter, and specify either \n true or false. However, if you specify false, \n the parameter is ignored and the block device mapping is always encrypted. In this \n case, we recommend that you omit the parameter.
Indicates whether the encryption state of an EBS volume is changed while being\n restored from a backing snapshot. The effect of setting the encryption state to true depends on \nthe volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EBS User Guide.
In no case can you remove encryption from an encrypted volume.
\nEncrypted volumes can only be attached to instances that support Amazon EBS encryption. For\n more information, see Supported instance types.
\nThis parameter is not returned by DescribeImageAttribute.
\nFor CreateImage and RegisterImage, whether you can \n include this parameter, and the allowed values differ depending on the type of block \n device mapping you are creating.
\nIf you are creating a block device mapping for a new (empty) \n volume, you can include this parameter, and specify either true \n for an encrypted volume, or false for an unencrypted volume. If you omit \n this parameter, it defaults to false (unencrypted).
If you are creating a block device mapping from an existing \n encrypted or unencrypted snapshot, you must omit this parameter. If you \n include this parameter, the request will fail, regardless of the value that you \n specify.
\nIf you are creating a block device mapping from an existing \n unencrypted volume, you can include this parameter, but you must specify \n false. If you specify true, the request will fail. In this \n case, we recommend that you omit the parameter.
If you are creating a block device mapping from an existing \n encrypted volume, you can include this parameter, and specify either \n true or false. However, if you specify false, \n the parameter is ignored and the block device mapping is always encrypted. In this \n case, we recommend that you omit the parameter.
The ID of the EBS volume.
", "smithy.api#xmlName": "volumeId" } + }, + "AssociatedResource": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "AssociatedResource", + "smithy.api#documentation": "The ARN of the Amazon ECS or Fargate task \n to which the volume is attached.
", + "smithy.api#xmlName": "associatedResource" + } + }, + "VolumeOwnerId": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "VolumeOwnerId", + "smithy.api#documentation": "The ID of the Amazon Web Services account that owns the volume.
\nThis parameter is returned only for volumes that are attached to \n Fargate tasks.
", + "smithy.api#xmlName": "volumeOwnerId" + } } }, "traits": { @@ -44995,6 +45765,46 @@ } } }, + "com.amazonaws.ec2#EkPubKeyFormat": { + "type": "enum", + "members": { + "der": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "der" + } + }, + "tpmt": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "tpmt" + } + } + } + }, + "com.amazonaws.ec2#EkPubKeyType": { + "type": "enum", + "members": { + "RSA_2048": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "rsa-2048" + } + }, + "ECC_SEC_P384": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ecc-sec-p384" + } + } + } + }, + "com.amazonaws.ec2#EkPubKeyValue": { + "type": "string", + "traits": { + "smithy.api#sensitive": {} + } + }, "com.amazonaws.ec2#ElasticGpuAssociation": { "type": "structure", "members": { @@ -45032,7 +45842,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes the association between an instance and an Elastic Graphics accelerator.
" + "smithy.api#documentation": "Amazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nDescribes the association between an instance and an Elastic Graphics accelerator.
" } }, "com.amazonaws.ec2#ElasticGpuAssociationList": { @@ -45057,7 +45867,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes the status of an Elastic Graphics accelerator.
" + "smithy.api#documentation": "Amazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nDescribes the status of an Elastic Graphics accelerator.
" } }, "com.amazonaws.ec2#ElasticGpuId": { @@ -45094,7 +45904,7 @@ } }, "traits": { - "smithy.api#documentation": "A specification for an Elastic Graphics accelerator.
" + "smithy.api#documentation": "Amazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nA specification for an Elastic Graphics accelerator.
" } }, "com.amazonaws.ec2#ElasticGpuSpecificationList": { @@ -45113,13 +45923,13 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "Type", - "smithy.api#documentation": "The elastic GPU type.
", + "smithy.api#documentation": "Deprecated.
\nAmazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nDescribes an elastic GPU.
" + "smithy.api#documentation": "Deprecated.
\nAmazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nDescribes an Elastic Graphics accelerator.
" + "smithy.api#documentation": "Amazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nDescribes an Elastic Graphics accelerator.
" } }, "com.amazonaws.ec2#ElasticInferenceAccelerator": { @@ -45340,7 +46150,7 @@ } }, "traits": { - "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the\n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances.\n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same\n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the\n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets\n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express\n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" + "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" } }, "com.amazonaws.ec2#EnaSrdSpecificationRequest": { @@ -45372,12 +46182,12 @@ "EnaSrdUdpEnabled": { "target": "com.amazonaws.ec2#Boolean", "traits": { - "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting,\n\t\t\tyou must first enable ENA Express.
" + "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, \n\t\t\tyou must first enable ENA Express.
" } } }, "traits": { - "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic\n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are\n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time\n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application\n\t\t\tenvironment needs.
" + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" } }, "com.amazonaws.ec2#EnaSrdUdpSpecificationRequest": { @@ -45493,13 +46303,13 @@ "Source": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The source Region or Availability Zone that the metric subscription is enabled for. For example, us-east-1.
The source Region (like us-east-1) or Availability Zone ID (like use1-az1) that the metric subscription is enabled for. If you use Availability Zone IDs, the Source and Destination Availability Zones must be in the same Region.
The target Region or Availability Zone that the metric subscription is enabled for. For example, eu-west-1.
The target Region (like us-east-2) or Availability Zone ID (like use2-az2) that the metric subscription is enabled for. If you use Availability Zone IDs, the Source and Destination Availability Zones must be in the same Region.
Enables EBS encryption by default for your account in the current Region.
\nAfter you enable encryption by default, the EBS volumes that you create are\n \talways encrypted, either using the default KMS key or the KMS key that you specified\n when you created each volume. For more information, see Amazon EBS encryption in the\n Amazon Elastic Compute Cloud User Guide.
\nYou can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId\n or ResetEbsDefaultKmsKeyId.
\nEnabling encryption by default has no effect on the encryption status of your \n existing volumes.
\nAfter you enable encryption by default, you can no longer launch instances\n using instance types that do not support encryption. For more information, see Supported\n instance types.
" + "smithy.api#documentation": "Enables EBS encryption by default for your account in the current Region.
\nAfter you enable encryption by default, the EBS volumes that you create are\n \talways encrypted, either using the default KMS key or the KMS key that you specified\n when you created each volume. For more information, see Amazon EBS encryption in the\n Amazon EBS User Guide.
\nYou can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId\n or ResetEbsDefaultKmsKeyId.
\nEnabling encryption by default has no effect on the encryption status of your \n existing volumes.
\nAfter you enable encryption by default, you can no longer launch instances\n using instance types that do not support encryption. For more information, see Supported\n instance types.
" } }, "com.amazonaws.ec2#EnableEbsEncryptionByDefaultRequest": { @@ -45925,7 +46735,7 @@ "target": "com.amazonaws.ec2#EnableFastSnapshotRestoresResult" }, "traits": { - "smithy.api#documentation": "Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
\nYou get the full benefit of fast snapshot restores after they enter the enabled state.\n To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores.\n To disable fast snapshot restores, use DisableFastSnapshotRestores.
For more information, see Amazon EBS fast snapshot\n restore in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
\nYou get the full benefit of fast snapshot restores after they enter the enabled state.\n To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores.\n To disable fast snapshot restores, use DisableFastSnapshotRestores.
For more information, see Amazon EBS fast snapshot\n restore in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#EnableFastSnapshotRestoresRequest": { @@ -46104,6 +46914,62 @@ "smithy.api#output": {} } }, + "com.amazonaws.ec2#EnableImageDeregistrationProtection": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#EnableImageDeregistrationProtectionRequest" + }, + "output": { + "target": "com.amazonaws.ec2#EnableImageDeregistrationProtectionResult" + }, + "traits": { + "smithy.api#documentation": "Enables deregistration protection for an AMI. When deregistration protection is enabled,\n the AMI can't be deregistered.
\nTo allow the AMI to be deregistered, you must first disable deregistration protection\n using DisableImageDeregistrationProtection.
\nFor more information, see Protect an\n AMI from deregistration in the Amazon EC2 User Guide.
" + } + }, + "com.amazonaws.ec2#EnableImageDeregistrationProtectionRequest": { + "type": "structure", + "members": { + "ImageId": { + "target": "com.amazonaws.ec2#ImageId", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "The ID of the AMI.
", + "smithy.api#required": {} + } + }, + "WithCooldown": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "If true, enforces deregistration protection for 24 hours after deregistration\n protection is disabled.
Checks whether you have the required permissions for the action, without actually making the request, \n\t\t\tand provides an error response. If you have the required permissions, the error response is \n\t\t\tDryRunOperation. Otherwise, it is UnauthorizedOperation.
Returns true if the request succeeds; otherwise, it returns an error.
Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.
\nIf block public access is enabled in block-all-sharing mode, and \n you change the mode to block-new-sharing, all snapshots that were \n previously publicly shared are no longer treated as private and they become publicly \n accessible again.
For more information, see \n Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Enables or modifies the block public access for snapshots \n setting at the account level for the specified Amazon Web Services Region. After you enable block \n public access for snapshots in a Region, users can no longer request public sharing \n for snapshots in that Region. Snapshots that are already publicly shared are either \n treated as private or they remain publicly shared, depending on the \n State that you specify.
\nIf block public access is enabled in block-all-sharing mode, and \n you change the mode to block-new-sharing, all snapshots that were \n previously publicly shared are no longer treated as private and they become publicly \n accessible again.
For more information, see \n Block public access for snapshots in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#EnableSnapshotBlockPublicAccessRequest": { @@ -46295,7 +47161,7 @@ "target": "com.amazonaws.ec2#SnapshotBlockPublicAccessState", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:
\n\n block-all-sharing - Prevents all public sharing of snapshots in \n the Region. Users in the account will no longer be able to request new public \n sharing. Additionally, snapshots that are already publicly shared are treated as \n private and they are no longer publicly available.
If you enable block public access for snapshots in block-all-sharing \n mode, it does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.
\n block-new-sharing - Prevents only new public sharing of snapshots \n in the Region. Users in the account will no longer be able to request new public \n sharing. However, snapshots that are already publicly shared, remain publicly \n available.
The mode in which to enable block public access for snapshots for the Region. \n Specify one of the following values:
\n\n block-all-sharing - Prevents all public sharing of snapshots in \n the Region. Users in the account will no longer be able to request new public \n sharing. Additionally, snapshots that are already publicly shared are treated as \n private and they are no longer publicly available.
If you enable block public access for snapshots in block-all-sharing \n mode, it does not change the permissions for snapshots that are already publicly shared. \n Instead, it prevents these snapshots from be publicly visible and publicly accessible. \n Therefore, the attributes for these snapshots still indicate that they are publicly \n shared, even though they are not publicly available.
\n block-new-sharing - Prevents only new public sharing of snapshots \n in the Region. Users in the account will no longer be able to request new public \n sharing. However, snapshots that are already publicly shared, remain publicly \n available.
\n unblocked is not a valid value for EnableSnapshotBlockPublicAccess.
The number of units provided by the specified instance type.
", + "smithy.api#documentation": "The number of units provided by the specified instance type.
\nWhen specifying weights, the price used in the lowest-price and\n price-capacity-optimized allocation strategies is per\n unit hour (where the instance price is divided by the specified\n weight). However, if all the specified weights are above the requested\n TargetCapacity, resulting in only 1 instance being launched, the price\n used is per instance hour.
The number of units provided by the specified instance type.
" + "smithy.api#documentation": "The number of units provided by the specified instance type.
\nWhen specifying weights, the price used in the lowest-price and\n price-capacity-optimized allocation strategies is per\n unit hour (where the instance price is divided by the specified\n weight). However, if all the specified weights are above the requested\n TargetCapacity, resulting in only 1 instance being launched, the price\n used is per instance hour.
The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.
Valid range: Minimum value of 1. Maximum value of 1000.
" + "smithy.api#documentation": "The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, \n see Pagination.
" } }, "DryRun": { @@ -50508,7 +51374,7 @@ "target": "com.amazonaws.ec2#GetConsoleScreenshotResult" }, "traits": { - "smithy.api#documentation": "Retrieve a JPG-format screenshot of a running instance to help with\n troubleshooting.
\nThe returned content is Base64-encoded.
" + "smithy.api#documentation": "Retrieve a JPG-format screenshot of a running instance to help with\n troubleshooting.
\nThe returned content is Base64-encoded.
\nFor more information, see Instance console output in the Amazon EC2 User Guide.
" } }, "com.amazonaws.ec2#GetConsoleScreenshotRequest": { @@ -50622,7 +51488,7 @@ "target": "com.amazonaws.ec2#GetEbsDefaultKmsKeyIdResult" }, "traits": { - "smithy.api#documentation": "Describes the default KMS key for EBS encryption by default for your account in this Region. \n \t\tYou can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or\n ResetEbsDefaultKmsKeyId.
\nFor more information, see Amazon EBS encryption\n in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Describes the default KMS key for EBS encryption by default for your account in this Region. \n \t\tYou can change the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or\n ResetEbsDefaultKmsKeyId.
\nFor more information, see Amazon EBS encryption\n in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#GetEbsDefaultKmsKeyIdRequest": { @@ -50664,7 +51530,7 @@ "target": "com.amazonaws.ec2#GetEbsEncryptionByDefaultResult" }, "traits": { - "smithy.api#documentation": "Describes whether EBS encryption by default is enabled for your account in the current\n Region.
\nFor more information, see Amazon EBS encryption\n in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Describes whether EBS encryption by default is enabled for your account in the current\n Region.
\nFor more information, see Amazon EBS encryption\n in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#GetEbsEncryptionByDefaultRequest": { @@ -50810,7 +51676,7 @@ "MaxResults": { "target": "com.amazonaws.ec2#GetGroupsForCapacityReservationRequestMaxResults", "traits": { - "smithy.api#documentation": "The maximum number of results to return for the request in a single page. The remaining results can be seen by sending another request with the returned nextToken value. This value can be between 5 and 500. If maxResults is given a larger value than 500, you receive an error.
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, \n see Pagination.
" } }, "DryRun": { @@ -50975,6 +51841,139 @@ "smithy.api#output": {} } }, + "com.amazonaws.ec2#GetInstanceMetadataDefaults": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#GetInstanceMetadataDefaultsRequest" + }, + "output": { + "target": "com.amazonaws.ec2#GetInstanceMetadataDefaultsResult" + }, + "traits": { + "smithy.api#documentation": "Gets the default instance metadata service (IMDS) settings that are set at the account\n level in the specified Amazon Web Services\u2028 Region.
\nFor more information, see Order of precedence for instance metadata options in the\n Amazon EC2 User Guide.
" + } + }, + "com.amazonaws.ec2#GetInstanceMetadataDefaultsRequest": { + "type": "structure", + "members": { + "DryRun": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.
The account-level default IMDS settings.
", + "smithy.api#xmlName": "accountLevel" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.ec2#GetInstanceTpmEkPub": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#GetInstanceTpmEkPubRequest" + }, + "output": { + "target": "com.amazonaws.ec2#GetInstanceTpmEkPubResult" + }, + "traits": { + "smithy.api#documentation": "Gets the public endorsement key associated with the Nitro Trusted \n Platform Module (NitroTPM) for the specified instance.
" + } + }, + "com.amazonaws.ec2#GetInstanceTpmEkPubRequest": { + "type": "structure", + "members": { + "InstanceId": { + "target": "com.amazonaws.ec2#InstanceId", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "The ID of the instance for which to get the public endorsement key.
", + "smithy.api#required": {}, + "smithy.api#xmlName": "InstanceId" + } + }, + "KeyType": { + "target": "com.amazonaws.ec2#EkPubKeyType", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "The required public endorsement key type.
", + "smithy.api#required": {} + } + }, + "KeyFormat": { + "target": "com.amazonaws.ec2#EkPubKeyFormat", + "traits": { + "smithy.api#clientOptional": {}, + "smithy.api#documentation": "The required public endorsement key format. Specify der for a DER-encoded public \n key that is compatible with OpenSSL. Specify tpmt for a TPM 2.0 format that is \n compatible with tpm2-tools. The returned key is base64 encoded.
Specify this parameter to verify whether the request will succeed, without actually making the \n request. If the request will succeed, the response is DryRunOperation. Otherwise, \n the response is UnauthorizedOperation.
The ID of the instance.
", + "smithy.api#xmlName": "instanceId" + } + }, + "KeyType": { + "target": "com.amazonaws.ec2#EkPubKeyType", + "traits": { + "aws.protocols#ec2QueryName": "KeyType", + "smithy.api#documentation": "The public endorsement key type.
", + "smithy.api#xmlName": "keyType" + } + }, + "KeyFormat": { + "target": "com.amazonaws.ec2#EkPubKeyFormat", + "traits": { + "aws.protocols#ec2QueryName": "KeyFormat", + "smithy.api#documentation": "The public endorsement key format.
", + "smithy.api#xmlName": "keyFormat" + } + }, + "KeyValue": { + "target": "com.amazonaws.ec2#EkPubKeyValue", + "traits": { + "aws.protocols#ec2QueryName": "KeyValue", + "smithy.api#documentation": "The public endorsement key material.
", + "smithy.api#xmlName": "keyValue" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.ec2#GetInstanceTypesFromInstanceRequirements": { "type": "operation", "input": { @@ -51808,7 +52807,7 @@ "target": "com.amazonaws.ec2#GetLaunchTemplateDataResult" }, "traits": { - "smithy.api#documentation": "Retrieves the configuration data of the specified instance. You can use this data to\n create a launch template.
\nThis action calls on other describe actions to get instance information. Depending on\n your instance configuration, you may need to allow the following actions in your IAM\n policy: DescribeSpotInstanceRequests,\n DescribeInstanceCreditSpecifications, DescribeVolumes,\n DescribeInstanceAttribute, and DescribeElasticGpus. Or,\n you can allow describe* depending on your instance requirements.
Retrieves the configuration data of the specified instance. You can use this data to\n create a launch template.
\nThis action calls on other describe actions to get instance information. Depending on\n your instance configuration, you may need to allow the following actions in your IAM\n policy: DescribeSpotInstanceRequests, DescribeInstanceCreditSpecifications, \n DescribeVolumes, and DescribeInstanceAttribute. Or,\n you can allow describe* depending on your instance requirements.
The maximum number of results to return with a single call.\n To retrieve the remaining results, make another call with the returned nextToken value.
Gets the current state of block public access for snapshots setting \n for the account and Region.
\nFor more information, see \n Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Gets the current state of block public access for snapshots setting \n for the account and Region.
\nFor more information, see \n Block public access for snapshots in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#GetSnapshotBlockPublicAccessStateRequest": { @@ -52641,7 +53649,7 @@ "TargetCapacityUnitType": { "target": "com.amazonaws.ec2#TargetCapacityUnitType", "traits": { - "smithy.api#documentation": "The unit for the target capacity.
\nDefault: units (translates to number of instances)
The unit for the target capacity.
" } }, "SingleAvailabilityZone": { @@ -55011,7 +56019,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "ImageOwnerAlias", - "smithy.api#documentation": "The Amazon Web Services account alias (for example, amazon, self) or\n the Amazon Web Services account ID of the AMI owner.
The owner alias (amazon | aws-marketplace).
The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This field only appears if the AMI was created using\n CreateImage.
", "smithy.api#xmlName": "sourceInstanceId" } + }, + "DeregistrationProtection": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "DeregistrationProtection", + "smithy.api#documentation": "Indicates whether deregistration protection is enabled for the AMI.
", + "smithy.api#xmlName": "deregistrationProtection" + } + }, + "LastLaunchedTime": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "LastLaunchedTime", + "smithy.api#documentation": "The date and time, in ISO 8601 date-time\n format, when the AMI was last used to launch an EC2 instance. When the AMI is used\n to launch an instance, there is a 24-hour delay before that usage is reported.
\n\n lastLaunchedTime data is available starting April 2017.
If v2.0, it indicates that IMDSv2 is specified in the AMI. Instances launched\n from this AMI will have HttpTokens automatically set to required so\n that, by default, the instance requires that IMDSv2 is used when requesting instance metadata.\n In addition, HttpPutResponseHopLimit is set to 2. For more\n information, see Configure\n the AMI in the Amazon EC2 User Guide.
Indicates whether deregistration protection is enabled for the AMI.
", + "smithy.api#xmlName": "deregistrationProtection" + } } }, "traits": { @@ -55302,6 +56334,12 @@ "traits": { "smithy.api#enumValue": "imdsSupport" } + }, + "deregistrationProtection": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "deregistrationProtection" + } } } }, @@ -57112,7 +58150,7 @@ "target": "com.amazonaws.ec2#ElasticGpuAssociationList", "traits": { "aws.protocols#ec2QueryName": "ElasticGpuAssociationSet", - "smithy.api#documentation": "The Elastic GPU associated with the instance.
", + "smithy.api#documentation": "Deprecated.
\nAmazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the\n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances.\n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same\n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the\n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets\n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express\n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" + "smithy.api#documentation": "ENA Express uses Amazon Web Services Scalable Reliable Datagram (SRD) technology to increase the \n\t\t\tmaximum bandwidth used per stream and minimize tail latency of network traffic between EC2 instances. \n\t\t\tWith ENA Express, you can communicate between two EC2 instances in the same subnet within the same \n\t\t\taccount, or in different accounts. Both sending and receiving instances must have ENA Express enabled.
\nTo improve the reliability of network packet delivery, ENA Express reorders network packets on the \n\t\t\treceiving end by default. However, some UDP-based applications are designed to handle network packets \n\t\t\tthat are out of order to reduce the overhead for packet delivery at the network layer. When ENA Express \n\t\t\tis enabled, you can specify whether UDP network traffic uses it.
" } }, "com.amazonaws.ec2#InstanceAttachmentEnaSrdUdpSpecification": { @@ -57376,13 +58414,13 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "EnaSrdUdpEnabled", - "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting,\n\t\t\tyou must first enable ENA Express.
", + "smithy.api#documentation": "Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, \n\t\t\tyou must first enable ENA Express.
", "smithy.api#xmlName": "enaSrdUdpEnabled" } } }, "traits": { - "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic\n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are\n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time\n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application\n\t\t\tenvironment needs.
" + "smithy.api#documentation": "ENA Express is compatible with both TCP and UDP transport protocols. When it's enabled, TCP traffic \n\t\t\tautomatically uses it. However, some UDP-based applications are designed to handle network packets that are \n\t\t\tout of order, without a need for retransmission, such as live video broadcasting or other near-real-time \n\t\t\tapplications. For UDP traffic, you can specify whether to use ENA Express, based on your application \n\t\t\tenvironment needs.
" } }, "com.amazonaws.ec2#InstanceAttribute": { @@ -58598,6 +59636,46 @@ } } }, + "com.amazonaws.ec2#InstanceMetadataDefaultsResponse": { + "type": "structure", + "members": { + "HttpTokens": { + "target": "com.amazonaws.ec2#HttpTokensState", + "traits": { + "aws.protocols#ec2QueryName": "HttpTokens", + "smithy.api#documentation": "Indicates whether IMDSv2 is required.
\n\n optional – IMDSv2 is optional, which means that you can\n use either IMDSv2 or IMDSv1.
\n required – IMDSv2 is required, which means that IMDSv1 is\n disabled, and you must use IMDSv2.
The maximum number of hops that the metadata token can travel.
", + "smithy.api#xmlName": "httpPutResponseHopLimit" + } + }, + "HttpEndpoint": { + "target": "com.amazonaws.ec2#InstanceMetadataEndpointState", + "traits": { + "aws.protocols#ec2QueryName": "HttpEndpoint", + "smithy.api#documentation": "Indicates whether the IMDS endpoint for an instance is enabled or disabled. When disabled, the instance\n metadata can't be accessed.
", + "smithy.api#xmlName": "httpEndpoint" + } + }, + "InstanceMetadataTags": { + "target": "com.amazonaws.ec2#InstanceMetadataTagsState", + "traits": { + "aws.protocols#ec2QueryName": "InstanceMetadataTags", + "smithy.api#documentation": "Indicates whether access to instance tags from the instance metadata is enabled or\n disabled. For more information, see Work with\n instance tags using the instance metadata in the\n Amazon EC2 User Guide.
", + "smithy.api#xmlName": "instanceMetadataTags" + } + } + }, + "traits": { + "smithy.api#documentation": "The default instance metadata service (IMDS) settings that were set at the account\n level in the specified Amazon Web Services\u2028 Region.
" + } + }, "com.amazonaws.ec2#InstanceMetadataEndpointState": { "type": "enum", "members": { @@ -58621,13 +59699,13 @@ "HttpTokens": { "target": "com.amazonaws.ec2#HttpTokensState", "traits": { - "smithy.api#documentation": "IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional\n (in other words, set the use of IMDSv2 to optional) or\n required (in other words, set the use of IMDSv2 to\n required).
\n optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without \n a session token in your request. If you retrieve the IAM role credentials \n without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials \n using a valid session token, the IMDSv2 role credentials are returned.
\n required - When IMDSv2 is required, you must send a session token \n with any instance metadata retrieval requests. In this state, retrieving the IAM role \n credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.
Default: optional\n
Indicates whether IMDSv2 is required.
\n\n optional - IMDSv2 is optional, which means that you can use\n either IMDSv2 or IMDSv1.
\n required - IMDSv2 is required, which means that IMDSv1 is\n disabled, and you must use IMDSv2.
Default:
\nIf the value of ImdsSupport for the Amazon Machine Image (AMI)\n for your instance is v2.0 and the account level default is set to\n no-preference, the default is required.
If the value of ImdsSupport for the Amazon Machine Image (AMI)\n for your instance is v2.0, but the account level default is set to\n V1 or V2, the default is optional.
The default value can also be affected by other combinations of parameters. For more\n information, see Order of precedence for instance metadata options in the\n Amazon EC2 User Guide.
" } }, "HttpPutResponseHopLimit": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "The desired HTTP PUT response hop limit for instance metadata requests. The larger the\n number, the further instance metadata requests can travel.
\nDefault: 1
\nPossible values: Integers from 1 to 64
" + "smithy.api#documentation": "The maximum number of hops that the metadata token can travel.
\nPossible values: Integers from 1 to 64
" } }, "HttpEndpoint": { @@ -58639,7 +59717,7 @@ "HttpProtocolIpv6": { "target": "com.amazonaws.ec2#InstanceMetadataProtocolState", "traits": { - "smithy.api#documentation": "Enables or disables the IPv6 endpoint for the instance metadata service.
" + "smithy.api#documentation": "Enables or disables the IPv6 endpoint for the instance metadata service.
\nDefault: disabled\n
IMDSv2 uses token-backed sessions. Indicates whether the use of HTTP tokens is\n optional (in other words, indicates whether the use of IMDSv2 is\n optional) or required (in other words, indicates whether\n the use of IMDSv2 is required).
\n optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without \n a session token in your request. If you retrieve the IAM role credentials \n without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials \n using a valid session token, the IMDSv2 role credentials are returned.
\n required - When IMDSv2 is required, you must send a session token \n with any instance metadata retrieval requests. In this state, retrieving the IAM role \n credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.
Default: optional\n
Indicates whether IMDSv2 is required.
\n\n optional - IMDSv2 is optional, which means that you can use\n either IMDSv2 or IMDSv1.
\n required - IMDSv2 is required, which means that IMDSv1 is\n disabled, and you must use IMDSv2.
The desired HTTP PUT response hop limit for instance metadata requests. The larger the\n number, the further instance metadata requests can travel.
\nDefault: 1
\nPossible values: Integers from 1 to 64
", + "smithy.api#documentation": "The maximum number of hops that the metadata token can travel.
\nPossible values: Integers from 1 to 64\n
Indicates whether the IPv6 endpoint for the instance metadata service is enabled or\n disabled.
", + "smithy.api#documentation": "Indicates whether the IPv6 endpoint for the instance metadata service is enabled or\n disabled.
\nDefault: disabled\n
Contains the ENA Express settings for the network interface that's attached\n\t\t\tto the instance.
", + "smithy.api#documentation": "Contains the ENA Express settings for the network interface that's attached \n\t\t\tto the instance.
", "smithy.api#xmlName": "enaSrdSpecification" } } @@ -59081,7 +60159,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "AssociatePublicIpAddress", - "smithy.api#documentation": "Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The\n public IP address can only be assigned to a network interface for eth0, and can only be\n assigned to a new network interface, not an existing one. You cannot specify more than one\n network interface in the request. If launching into a default subnet, the default value is\n true.
Indicates whether to assign a public IPv4 address to an instance you launch in a VPC. The\n public IP address can only be assigned to a network interface for eth0, and can only be\n assigned to a new network interface, not an existing one. You cannot specify more than one\n network interface in the request. If launching into a default subnet, the default value is\n true.
Amazon Web Services charges for all public IPv4 addresses, including public IPv4 addresses \nassociated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the Amazon VPC pricing page.
", "smithy.api#xmlName": "associatePublicIpAddress" } }, @@ -59225,7 +60303,7 @@ "EnaSrdSpecification": { "target": "com.amazonaws.ec2#EnaSrdSpecificationRequest", "traits": { - "smithy.api#documentation": "Specifies the ENA Express settings for the network interface that's attached to\n\t\t\tthe instance.
" + "smithy.api#documentation": "Specifies the ENA Express settings for the network interface that's attached to \n\t\t\tthe instance.
" } }, "ConnectionTrackingSpecification": { @@ -59352,7 +60430,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "SpotMaxPricePercentageOverLowestPrice", - "smithy.api#documentation": "The price protection threshold for Spot Instances. This is the maximum you’ll pay for a Spot Instance,\n expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified\n attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance\n types priced above your threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nTo turn off price protection, specify a high value, such as 999999.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
Default: 100\n
[Price protection] The price protection threshold for Spot Instances, as a percentage higher than\n an identified Spot price. The identified Spot price is the Spot price of the lowest priced\n current generation C, M, or R instance type with your specified attributes. If no current\n generation C, M, or R instance type matches your attributes, then the identified Spot price\n is from the lowest priced current generation instance types, and failing that, from the\n lowest priced previous generation instance types that match your attributes. When Amazon EC2\n selects instance types with your attributes, it will exclude instance types whose Spot\n price exceeds your specified threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the per-vCPU\n or per-memory price instead of the per-instance price.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nOnly one of SpotMaxPricePercentageOverLowestPrice or\n MaxSpotPriceAsPercentageOfOptimalOnDemandPrice can be specified. If you\n don't specify either, Amazon EC2 will automatically apply optimal price protection to\n consistently select from a wide range of instance types. To indicate no price protection\n threshold for Spot Instances, meaning you want to consider all instance types that match your\n attributes, include one of these parameters and specify a high value, such as\n 999999.
Default: 100\n
The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance,\n expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified\n attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance\n types priced above your threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nTo turn off price protection, specify a high value, such as 999999.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
Default: 20\n
[Price protection] The price protection threshold for On-Demand Instances, as a percentage higher\n than an identified On-Demand price. The identified On-Demand price is the price of the\n lowest priced current generation C, M, or R instance type with your specified attributes.\n When Amazon EC2 selects instance types with your attributes, it will exclude instance types\n whose price exceeds your specified threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nTo turn off price protection, specify a high value, such as 999999.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
Default: 20\n
Indicates whether instance types must have accelerators by specific manufacturers.
\nFor instance types with NVIDIA devices, specify nvidia.
For instance types with AMD devices, specify amd.
For instance types with Amazon Web Services devices, specify amazon-web-services.
For instance types with Xilinx devices, specify xilinx.
Default: Any manufacturer
", + "smithy.api#documentation": "Indicates whether instance types must have accelerators by specific manufacturers.
\nFor instance types with Amazon Web Services devices, specify amazon-web-services.
For instance types with AMD devices, specify amd.
For instance types with Habana devices, specify habana.
For instance types with NVIDIA devices, specify nvidia.
For instance types with Xilinx devices, specify xilinx.
Default: Any manufacturer
", "smithy.api#xmlName": "acceleratorManufacturerSet" } }, @@ -59456,7 +60534,7 @@ "target": "com.amazonaws.ec2#AcceleratorNameSet", "traits": { "aws.protocols#ec2QueryName": "AcceleratorNameSet", - "smithy.api#documentation": "The accelerators that must be on the instance type.
\nFor instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA V100 GPUs, specify v100.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
Default: Any accelerator
", + "smithy.api#documentation": "The accelerators that must be on the instance type.
\nFor instance types with NVIDIA A10G GPUs, specify a10g.
For instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA H100 GPUs, specify h100.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA T4G GPUs, specify t4g.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with NVIDIA V100 GPUs, specify v100.
Default: Any accelerator
", "smithy.api#xmlName": "acceleratorNameSet" } }, @@ -59483,6 +60561,14 @@ "smithy.api#documentation": "The instance types to apply your specified attributes against. All other instance types \n are ignored, even if they match your specified attributes.
\nYou can use strings with one or more wild cards, represented by\n an asterisk (*), to allow an instance type, size, or generation. The\n following are examples: m5.8xlarge, c5*.*, m5a.*,\n r*, *3*.
For example, if you specify c5*,Amazon EC2 will allow the entire C5 instance\n family, which includes all C5a and C5n instance types. If you specify\n m5a.*, Amazon EC2 will allow all the M5a instance types, but not the M5n\n instance types.
If you specify AllowedInstanceTypes, you can't specify ExcludedInstanceTypes.
Default: All instance types
", "smithy.api#xmlName": "allowedInstanceTypeSet" } + }, + "MaxSpotPriceAsPercentageOfOptimalOnDemandPrice": { + "target": "com.amazonaws.ec2#Integer", + "traits": { + "aws.protocols#ec2QueryName": "MaxSpotPriceAsPercentageOfOptimalOnDemandPrice", + "smithy.api#documentation": "[Price protection] The price protection threshold for Spot Instances, as a percentage of an\n identified On-Demand price. The identified On-Demand price is the price of the lowest\n priced current generation C, M, or R instance type with your specified attributes. If no\n current generation C, M, or R instance type matches your attributes, then the identified\n price is from the lowest priced current generation instance types, and failing that, from\n the lowest priced previous generation instance types that match your attributes. When Amazon EC2\n selects instance types with your attributes, it will exclude instance types whose price\n exceeds your specified threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nIf you set DesiredCapacityType to vcpu or\n memory-mib, the price protection threshold is based on the per vCPU or per\n memory price instead of the per instance price.
Only one of SpotMaxPricePercentageOverLowestPrice or\n MaxSpotPriceAsPercentageOfOptimalOnDemandPrice can be specified. If you\n don't specify either, Amazon EC2 will automatically apply optimal price protection to\n consistently select from a wide range of instance types. To indicate no price protection\n threshold for Spot Instances, meaning you want to consider all instance types that match your\n attributes, include one of these parameters and specify a high value, such as\n 999999.
The price protection threshold for Spot Instance. This is the maximum you’ll pay for an Spot Instance,\n expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified\n attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance\n types priced above your threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nTo turn off price protection, specify a high value, such as 999999.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
Default: 100\n
[Price protection] The price protection threshold for Spot Instances, as a percentage higher than\n an identified Spot price. The identified Spot price is the Spot price of the lowest priced\n current generation C, M, or R instance type with your specified attributes. If no current\n generation C, M, or R instance type matches your attributes, then the identified Spot price\n is from the lowest priced current generation instance types, and failing that, from the\n lowest priced previous generation instance types that match your attributes. When Amazon EC2\n selects instance types with your attributes, it will exclude instance types whose Spot\n price exceeds your specified threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nOnly one of SpotMaxPricePercentageOverLowestPrice or\n MaxSpotPriceAsPercentageOfOptimalOnDemandPrice can be specified. If you\n don't specify either, Amazon EC2 will automatically apply optimal price protection to\n consistently select from a wide range of instance types. To indicate no price protection\n threshold for Spot Instances, meaning you want to consider all instance types that match your\n attributes, include one of these parameters and specify a high value, such as\n 999999.
Default: 100\n
The price protection threshold for On-Demand Instances. This is the maximum you’ll pay for an On-Demand Instance,\n expressed as a percentage above the least expensive current generation M, C, or R instance type with your specified\n attributes. When Amazon EC2 selects instance types with your attributes, it excludes instance\n types priced above your threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nTo turn off price protection, specify a high value, such as 999999.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
Default: 20\n
[Price protection] The price protection threshold for On-Demand Instances, as a percentage higher than\n an identified On-Demand price. The identified On-Demand price is the price of the lowest\n priced current generation C, M, or R instance type with your specified attributes. When\n Amazon EC2 selects instance types with your attributes, it will exclude instance types whose\n price exceeds your specified threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nTo indicate no price protection threshold, specify a high value, such as\n 999999.
This parameter is not supported for GetSpotPlacementScores and GetInstanceTypesFromInstanceRequirements.
\nIf you set TargetCapacityUnitType to vcpu or\n memory-mib, the price protection threshold is applied based on the\n per-vCPU or per-memory price instead of the per-instance price.
Default: 20\n
Indicates whether instance types must have accelerators by specific manufacturers.
\nFor instance types with NVIDIA devices, specify nvidia.
For instance types with AMD devices, specify amd.
For instance types with Amazon Web Services devices, specify amazon-web-services.
For instance types with Xilinx devices, specify xilinx.
Default: Any manufacturer
", + "smithy.api#documentation": "Indicates whether instance types must have accelerators by specific manufacturers.
\nFor instance types with Amazon Web Services devices, specify amazon-web-services.
For instance types with AMD devices, specify amd.
For instance types with Habana devices, specify habana.
For instance types with NVIDIA devices, specify nvidia.
For instance types with Xilinx devices, specify xilinx.
Default: Any manufacturer
", "smithy.api#xmlName": "AcceleratorManufacturer" } }, "AcceleratorNames": { "target": "com.amazonaws.ec2#AcceleratorNameSet", "traits": { - "smithy.api#documentation": "The accelerators that must be on the instance type.
\nFor instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA V100 GPUs, specify v100.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
Default: Any accelerator
", + "smithy.api#documentation": "The accelerators that must be on the instance type.
\nFor instance types with NVIDIA A10G GPUs, specify a10g.
For instance types with NVIDIA A100 GPUs, specify a100.
For instance types with NVIDIA H100 GPUs, specify h100.
For instance types with Amazon Web Services Inferentia chips, specify inferentia.
For instance types with NVIDIA GRID K520 GPUs, specify k520.
For instance types with NVIDIA K80 GPUs, specify k80.
For instance types with NVIDIA M60 GPUs, specify m60.
For instance types with AMD Radeon Pro V520 GPUs, specify radeon-pro-v520.
For instance types with NVIDIA T4 GPUs, specify t4.
For instance types with NVIDIA T4G GPUs, specify t4g.
For instance types with Xilinx VU9P FPGAs, specify vu9p.
For instance types with NVIDIA V100 GPUs, specify v100.
Default: Any accelerator
", "smithy.api#xmlName": "AcceleratorName" } }, @@ -59641,6 +60727,12 @@ "smithy.api#documentation": "The instance types to apply your specified attributes against. All other instance types \n are ignored, even if they match your specified attributes.
\nYou can use strings with one or more wild cards, represented by\n an asterisk (*), to allow an instance type, size, or generation. The\n following are examples: m5.8xlarge, c5*.*, m5a.*,\n r*, *3*.
For example, if you specify c5*,Amazon EC2 will allow the entire C5 instance\n family, which includes all C5a and C5n instance types. If you specify\n m5a.*, Amazon EC2 will allow all the M5a instance types, but not the M5n\n instance types.
If you specify AllowedInstanceTypes, you can't specify ExcludedInstanceTypes.
Default: All instance types
", "smithy.api#xmlName": "AllowedInstanceType" } + }, + "MaxSpotPriceAsPercentageOfOptimalOnDemandPrice": { + "target": "com.amazonaws.ec2#Integer", + "traits": { + "smithy.api#documentation": "[Price protection] The price protection threshold for Spot Instances, as a percentage of an\n identified On-Demand price. The identified On-Demand price is the price of the lowest\n priced current generation C, M, or R instance type with your specified attributes. If no\n current generation C, M, or R instance type matches your attributes, then the identified\n price is from the lowest priced current generation instance types, and failing that, from\n the lowest priced previous generation instance types that match your attributes. When Amazon EC2\n selects instance types with your attributes, it will exclude instance types whose price\n exceeds your specified threshold.
\nThe parameter accepts an integer, which Amazon EC2 interprets as a percentage.
\nIf you set DesiredCapacityType to vcpu or\n memory-mib, the price protection threshold is based on the per vCPU or per\n memory price instead of the per instance price.
Only one of SpotMaxPricePercentageOverLowestPrice or\n MaxSpotPriceAsPercentageOfOptimalOnDemandPrice can be specified. If you\n don't specify either, Amazon EC2 will automatically apply optimal price protection to\n consistently select from a wide range of instance types. To indicate no price protection\n threshold for Spot Instances, meaning you want to consider all instance types that match your\n attributes, include one of these parameters and specify a high value, such as\n 999999.
The network nodes. The nodes are hashed based on your account. Instances from\n different accounts running under the same droplet will return a different hashed list of\n strings.
", + "smithy.api#documentation": "The network nodes. The nodes are hashed based on your account. Instances from\n different accounts running under the same server will return a different hashed list of\n strings.
", "smithy.api#xmlName": "networkNodeSet" } }, @@ -64805,6 +65897,204 @@ "traits": { "smithy.api#enumValue": "dl2q.24xlarge" } + }, + "mac2_m2_metal": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "mac2-m2.metal" + } + }, + "i4i_12xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "i4i.12xlarge" + } + }, + "i4i_24xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "i4i.24xlarge" + } + }, + "c7i_metal_24xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i.metal-24xl" + } + }, + "c7i_metal_48xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i.metal-48xl" + } + }, + "m7i_metal_24xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "m7i.metal-24xl" + } + }, + "m7i_metal_48xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "m7i.metal-48xl" + } + }, + "r7i_metal_24xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "r7i.metal-24xl" + } + }, + "r7i_metal_48xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "r7i.metal-48xl" + } + }, + "r7iz_metal_16xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "r7iz.metal-16xl" + } + }, + "r7iz_metal_32xl": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "r7iz.metal-32xl" + } + }, + "c7gd_metal": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7gd.metal" + } + }, + "m7gd_metal": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "m7gd.metal" + } + }, + "r7gd_metal": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "r7gd.metal" + } + }, + "g6_xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.xlarge" + } + }, + "g6_2xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.2xlarge" + } + }, + "g6_4xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.4xlarge" + } + }, + "g6_8xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.8xlarge" + } + }, + "g6_12xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.12xlarge" + } + }, + "g6_16xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.16xlarge" + } + }, + "g6_24xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.24xlarge" + } + }, + "g6_48xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "g6.48xlarge" + } + }, + "gr6_4xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "gr6.4xlarge" + } + }, + "gr6_8xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "gr6.8xlarge" + } + }, + "c7i_flex_large": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i-flex.large" + } + }, + "c7i_flex_xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i-flex.xlarge" + } + }, + "c7i_flex_2xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i-flex.2xlarge" + } + }, + "c7i_flex_4xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i-flex.4xlarge" + } + }, + "c7i_flex_8xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "c7i-flex.8xlarge" + } + }, + "u7i_12tb_224xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "u7i-12tb.224xlarge" + } + }, + "u7in_16tb_224xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "u7in-16tb.224xlarge" + } + }, + "u7in_24tb_224xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "u7in-24tb.224xlarge" + } + }, + "u7in_32tb_224xlarge": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "u7in-32tb.224xlarge" + } } } }, @@ -65043,6 +66333,30 @@ "smithy.api#documentation": "Describes the supported NitroTPM versions for the instance type.
", "smithy.api#xmlName": "nitroTpmInfo" } + }, + "MediaAcceleratorInfo": { + "target": "com.amazonaws.ec2#MediaAcceleratorInfo", + "traits": { + "aws.protocols#ec2QueryName": "MediaAcceleratorInfo", + "smithy.api#documentation": "Describes the media accelerator settings for the instance type.
", + "smithy.api#xmlName": "mediaAcceleratorInfo" + } + }, + "NeuronInfo": { + "target": "com.amazonaws.ec2#NeuronInfo", + "traits": { + "aws.protocols#ec2QueryName": "NeuronInfo", + "smithy.api#documentation": "Describes the Neuron accelerator settings for the instance type.
", + "smithy.api#xmlName": "neuronInfo" + } + }, + "PhcSupport": { + "target": "com.amazonaws.ec2#PhcSupport", + "traits": { + "aws.protocols#ec2QueryName": "PhcSupport", + "smithy.api#documentation": "Indicates whether a local Precision Time Protocol (PTP) hardware clock (PHC) is\n supported.
", + "smithy.api#xmlName": "phcSupport" + } } }, "traits": { @@ -65396,7 +66710,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "FromPort", - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. \n If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
", + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
", "smithy.api#xmlName": "fromPort" } }, @@ -65412,7 +66726,7 @@ "target": "com.amazonaws.ec2#IpRangeList", "traits": { "aws.protocols#ec2QueryName": "IpRanges", - "smithy.api#documentation": "The IPv4 ranges.
", + "smithy.api#documentation": "The IPv4 address ranges.
", "smithy.api#xmlName": "ipRanges" } }, @@ -65420,7 +66734,7 @@ "target": "com.amazonaws.ec2#Ipv6RangeList", "traits": { "aws.protocols#ec2QueryName": "Ipv6Ranges", - "smithy.api#documentation": "The IPv6 ranges.
", + "smithy.api#documentation": "The IPv6 address ranges.
", "smithy.api#xmlName": "ipv6Ranges" } }, @@ -65436,7 +66750,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "ToPort", - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. \n If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
", + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). \n If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
", "smithy.api#xmlName": "toPort" } }, @@ -65450,7 +66764,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes a set of permissions for a security group rule.
" + "smithy.api#documentation": "Describes the permissions for a security group rule.
" } }, "com.amazonaws.ec2#IpPermissionList": { @@ -65478,7 +66792,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "CidrIp", - "smithy.api#documentation": "The IPv4 CIDR range. You can either specify a CIDR range or a source security group,\n not both. To specify a single IPv4 address, use the /32 prefix length.
", + "smithy.api#documentation": "The IPv4 address range. You can either specify a CIDR block or a source security group,\n not both. To specify a single IPv4 address, use the /32 prefix length.
", "smithy.api#xmlName": "cidrIp" } }, @@ -65492,7 +66806,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes an IPv4 range.
" + "smithy.api#documentation": "Describes an IPv4 address range.
" } }, "com.amazonaws.ec2#IpRangeList": { @@ -66517,6 +67831,7 @@ "target": "com.amazonaws.ec2#IpamPoolSourceResource", "traits": { "aws.protocols#ec2QueryName": "SourceResource", + "smithy.api#documentation": "The resource used to provision CIDRs to a resource planning pool.
", "smithy.api#xmlName": "sourceResource" } } @@ -68355,7 +69670,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "CidrIpv6", - "smithy.api#documentation": "The IPv6 CIDR range. You can either specify a CIDR range or a source security group,\n not both. To specify a single IPv6 address, use the /128 prefix length.
", + "smithy.api#documentation": "The IPv6 address range. You can either specify a CIDR block or a source security group,\n not both. To specify a single IPv6 address, use the /128 prefix length.
", "smithy.api#xmlName": "cidrIpv6" } }, @@ -68369,7 +69684,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes an IPv6 range.
" + "smithy.api#documentation": "Describes an IPv6 address range.
" } }, "com.amazonaws.ec2#Ipv6RangeList": { @@ -69259,7 +70574,7 @@ "VolumeType": { "target": "com.amazonaws.ec2#VolumeType", "traits": { - "smithy.api#documentation": "The volume type. For more information, see Amazon EBS volume types in the\n Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "The volume type. For more information, see Amazon EBS volume types in the\n Amazon EBS User Guide.
" } }, "Throughput": { @@ -69665,7 +70980,7 @@ "target": "com.amazonaws.ec2#LaunchTemplateHttpTokensState", "traits": { "aws.protocols#ec2QueryName": "HttpTokens", - "smithy.api#documentation": "Indicates whether IMDSv2 is optional or required.
\n optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without \n a session token in your request. If you retrieve the IAM role credentials \n without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials \n using a valid session token, the IMDSv2 role credentials are returned.
\n required - When IMDSv2 is required, you must send a session token \n with any instance metadata retrieval requests. In this state, retrieving the IAM role \n credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.
Default: optional\n
Indicates whether IMDSv2 is required.
\n\n optional - IMDSv2 is optional. You can choose whether to send a \n session token in your instance metadata retrieval requests. If you retrieve \n IAM role credentials without a session token, you receive the IMDSv1 role \n credentials. If you retrieve IAM role credentials using a valid session token, \n you receive the IMDSv2 role credentials.
\n required - IMDSv2 is required. You must send a session token \n in your instance metadata retrieval requests. With this option, retrieving the \n IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are \n not available.
IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional\n (in other words, set the use of IMDSv2 to optional) or\n required (in other words, set the use of IMDSv2 to\n required).
\n optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without \n a session token in your request. If you retrieve the IAM role credentials \n without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials \n using a valid session token, the IMDSv2 role credentials are returned.
\n required - When IMDSv2 is required, you must send a session token \n with any instance metadata retrieval requests. In this state, retrieving the IAM role \n credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.
Default: optional\n
Indicates whether IMDSv2 is required.
\n\n optional - IMDSv2 is optional. You can choose whether to send a \n session token in your instance metadata retrieval requests. If you retrieve \n IAM role credentials without a session token, you receive the IMDSv1 role \n credentials. If you retrieve IAM role credentials using a valid session token, \n you receive the IMDSv2 role credentials.
\n required - IMDSv2 is required. You must send a session token \n in your instance metadata retrieval requests. With this option, retrieving the \n IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are \n not available.
Default: If the value of ImdsSupport for the Amazon Machine Image (AMI) \n for your instance is v2.0, the default is required.
Indicates whether to associate a public IPv4 address with eth0 for a new network\n interface.
", + "smithy.api#documentation": "Indicates whether to associate a public IPv4 address with eth0 for a new network\n interface.
\nAmazon Web Services charges for all public IPv4 addresses, including public IPv4 addresses \nassociated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the Amazon VPC pricing page.
", "smithy.api#xmlName": "associatePublicIpAddress" } }, @@ -70000,7 +71315,7 @@ "AssociatePublicIpAddress": { "target": "com.amazonaws.ec2#Boolean", "traits": { - "smithy.api#documentation": "Associates a public IPv4 address with eth0 for a new network interface.
" + "smithy.api#documentation": "Associates a public IPv4 address with eth0 for a new network interface.
\nAmazon Web Services charges for all public IPv4 addresses, including public IPv4 addresses \nassociated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the Amazon VPC pricing page.
" } }, "DeleteOnTermination": { @@ -70018,7 +71333,7 @@ "DeviceIndex": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "The device index for the network interface attachment.
" + "smithy.api#documentation": "The device index for the network interface attachment. Each network interface requires\n a device index. If you create a launch template that includes secondary network interfaces \n but not a primary network interface, then you must add a primary network interface as a \n launch parameter when you launch an instance from the template.
" } }, "Groups": { @@ -70246,7 +71561,7 @@ "target": "com.amazonaws.ec2#Double", "traits": { "aws.protocols#ec2QueryName": "WeightedCapacity", - "smithy.api#documentation": "The number of units provided by the specified instance type.
", + "smithy.api#documentation": "The number of units provided by the specified instance type.
\nWhen specifying weights, the price used in the lowest-price and\n price-capacity-optimized allocation strategies is per\n unit hour (where the instance price is divided by the specified\n weight). However, if all the specified weights are above the requested\n TargetCapacity, resulting in only 1 instance being launched, the price\n used is per instance hour.
The ID of the launch template.
\nYou must specify the LaunchTemplateId or the\n LaunchTemplateName, but not both.
The ID of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "LaunchTemplateName": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The name of the launch template.
\nYou must specify the LaunchTemplateName or the\n LaunchTemplateId, but not both.
The name of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "Version": { "target": "com.amazonaws.ec2#String", "traits": { - "smithy.api#documentation": "The launch template version number, $Latest, or\n $Default.
If the value is $Latest, Amazon EC2 uses the latest version of the launch\n template.
If the value is $Default, Amazon EC2 uses the default version of the\n launch template.
Default: The default version of the launch template.
" + "smithy.api#documentation": "The launch template version number, $Latest, or\n $Default.
A value of $Latest uses the latest version of the launch template.
A value of $Default uses the default version of the launch template.
Default: The default version of the launch template.
" } } }, "traits": { - "smithy.api#documentation": "The launch template to use. You must specify either the launch template ID or launch\n template name in the request, but not both.
" + "smithy.api#documentation": "Describes the launch template to use.
" } }, "com.amazonaws.ec2#LaunchTemplateSpotMarketOptions": { @@ -70640,7 +71955,7 @@ "ResourceType": { "target": "com.amazonaws.ec2#ResourceType", "traits": { - "smithy.api#documentation": "The type of resource to tag.
\nValid Values lists all resource types for Amazon EC2 that can be tagged. When\n you create a launch template, you can specify tags for the following resource types\n only: instance | volume | elastic-gpu |\n network-interface | spot-instances-request.\n If the instance does not include the resource type that you specify, the instance \n launch fails. For example, not all instance types include an Elastic GPU.
To tag a resource after it has been created, see CreateTags.
" + "smithy.api#documentation": "The type of resource to tag.
\nValid Values lists all resource types for Amazon EC2 that can be tagged. When\n you create a launch template, you can specify tags for the following resource types\n only: instance | volume |\n network-interface | spot-instances-request.\n If the instance does not include the resource type that you specify, the instance \n launch fails. For example, not all instance types include a volume.
To tag a resource after it has been created, see CreateTags.
" } }, "Tags": { @@ -72241,6 +73556,48 @@ "com.amazonaws.ec2#Long": { "type": "long" }, + "com.amazonaws.ec2#MacHost": { + "type": "structure", + "members": { + "HostId": { + "target": "com.amazonaws.ec2#DedicatedHostId", + "traits": { + "aws.protocols#ec2QueryName": "HostId", + "smithy.api#documentation": "\n The EC2 Mac Dedicated Host ID.\n
", + "smithy.api#xmlName": "hostId" + } + }, + "MacOSLatestSupportedVersions": { + "target": "com.amazonaws.ec2#MacOSVersionStringList", + "traits": { + "aws.protocols#ec2QueryName": "MacOSLatestSupportedVersionSet", + "smithy.api#documentation": "\n The latest macOS versions that the EC2 Mac Dedicated Host can launch without being upgraded.\n
", + "smithy.api#xmlName": "macOSLatestSupportedVersionSet" + } + } + }, + "traits": { + "smithy.api#documentation": "\n Information about the EC2 Mac Dedicated Host.\n
" + } + }, + "com.amazonaws.ec2#MacHostList": { + "type": "list", + "member": { + "target": "com.amazonaws.ec2#MacHost", + "traits": { + "smithy.api#xmlName": "item" + } + } + }, + "com.amazonaws.ec2#MacOSVersionStringList": { + "type": "list", + "member": { + "target": "com.amazonaws.ec2#String", + "traits": { + "smithy.api#xmlName": "item" + } + } + }, "com.amazonaws.ec2#MaintenanceDetails": { "type": "structure", "members": { @@ -72423,6 +73780,107 @@ "com.amazonaws.ec2#MaximumThroughputInMBps": { "type": "double" }, + "com.amazonaws.ec2#MediaAcceleratorInfo": { + "type": "structure", + "members": { + "Accelerators": { + "target": "com.amazonaws.ec2#MediaDeviceInfoList", + "traits": { + "aws.protocols#ec2QueryName": "Accelerators", + "smithy.api#documentation": "Describes the media accelerators for the instance type.
", + "smithy.api#xmlName": "accelerators" + } + }, + "TotalMediaMemoryInMiB": { + "target": "com.amazonaws.ec2#TotalMediaMemory", + "traits": { + "aws.protocols#ec2QueryName": "TotalMediaMemoryInMiB", + "smithy.api#documentation": "The total size of the memory for the media accelerators for the instance type, in MiB.
", + "smithy.api#xmlName": "totalMediaMemoryInMiB" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the media accelerators for the instance type.
" + } + }, + "com.amazonaws.ec2#MediaDeviceCount": { + "type": "integer" + }, + "com.amazonaws.ec2#MediaDeviceInfo": { + "type": "structure", + "members": { + "Count": { + "target": "com.amazonaws.ec2#MediaDeviceCount", + "traits": { + "aws.protocols#ec2QueryName": "Count", + "smithy.api#documentation": "The number of media accelerators for the instance type.
", + "smithy.api#xmlName": "count" + } + }, + "Name": { + "target": "com.amazonaws.ec2#MediaDeviceName", + "traits": { + "aws.protocols#ec2QueryName": "Name", + "smithy.api#documentation": "The name of the media accelerator.
", + "smithy.api#xmlName": "name" + } + }, + "Manufacturer": { + "target": "com.amazonaws.ec2#MediaDeviceManufacturerName", + "traits": { + "aws.protocols#ec2QueryName": "Manufacturer", + "smithy.api#documentation": "The manufacturer of the media accelerator.
", + "smithy.api#xmlName": "manufacturer" + } + }, + "MemoryInfo": { + "target": "com.amazonaws.ec2#MediaDeviceMemoryInfo", + "traits": { + "aws.protocols#ec2QueryName": "MemoryInfo", + "smithy.api#documentation": "Describes the memory available to the media accelerator.
", + "smithy.api#xmlName": "memoryInfo" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the media accelerators for the instance type.
" + } + }, + "com.amazonaws.ec2#MediaDeviceInfoList": { + "type": "list", + "member": { + "target": "com.amazonaws.ec2#MediaDeviceInfo", + "traits": { + "smithy.api#xmlName": "item" + } + } + }, + "com.amazonaws.ec2#MediaDeviceManufacturerName": { + "type": "string" + }, + "com.amazonaws.ec2#MediaDeviceMemoryInfo": { + "type": "structure", + "members": { + "SizeInMiB": { + "target": "com.amazonaws.ec2#MediaDeviceMemorySize", + "traits": { + "aws.protocols#ec2QueryName": "SizeInMiB", + "smithy.api#documentation": "The size of the memory available to each media accelerator, in MiB.
", + "smithy.api#xmlName": "sizeInMiB" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the memory available to the media accelerator.
" + } + }, + "com.amazonaws.ec2#MediaDeviceMemorySize": { + "type": "integer" + }, + "com.amazonaws.ec2#MediaDeviceName": { + "type": "string" + }, "com.amazonaws.ec2#MembershipType": { "type": "enum", "members": { @@ -72549,6 +74007,29 @@ "com.amazonaws.ec2#MemorySize": { "type": "long" }, + "com.amazonaws.ec2#MetadataDefaultHttpTokensState": { + "type": "enum", + "members": { + "optional": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "optional" + } + }, + "required": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "required" + } + }, + "no_preference": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "no-preference" + } + } + } + }, "com.amazonaws.ec2#MetricPoint": { "type": "structure", "members": { @@ -73080,7 +74561,7 @@ "target": "com.amazonaws.ec2#ModifyEbsDefaultKmsKeyIdResult" }, "traits": { - "smithy.api#documentation": "Changes the default KMS key for EBS encryption by default for your account in this Region.
\nAmazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If\n you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services\n managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.
\nIf you delete or disable the customer managed KMS key that you specified for use with\n encryption by default, your instances will fail to launch.
\nFor more information, see Amazon EBS encryption\n in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Changes the default KMS key for EBS encryption by default for your account in this Region.
\nAmazon Web Services creates a unique Amazon Web Services managed KMS key in each Region for use with encryption by default. If\n you change the default KMS key to a symmetric customer managed KMS key, it is used instead of the Amazon Web Services\n managed KMS key. To reset the default KMS key to the Amazon Web Services managed KMS key for EBS, use ResetEbsDefaultKmsKeyId. Amazon EBS does not support asymmetric KMS keys.
\nIf you delete or disable the customer managed KMS key that you specified for use with\n encryption by default, your instances will fail to launch.
\nFor more information, see Amazon EBS encryption\n in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#ModifyEbsDefaultKmsKeyIdRequest": { @@ -73494,6 +74975,21 @@ } }, "output": {} + }, + { + "title": "To grant launch permissions", + "documentation": "This example grants launch permissions for the specified AMI to the specified AWS account.", + "input": { + "ImageId": "ami-5731123e", + "LaunchPermission": { + "Add": [ + { + "UserId": "123456789012" + } + ] + } + }, + "output": {} } ] } @@ -73615,6 +75111,17 @@ } }, "output": {} + }, + { + "title": "To enable enhanced networking", + "documentation": "This example enables enhanced networking for the specified stopped instance.", + "input": { + "InstanceId": "i-1234567890abcdef0", + "EnaSupport": { + "Value": true + } + }, + "output": {} } ] } @@ -73640,7 +75147,7 @@ "target": "com.amazonaws.ec2#InstanceBlockDeviceMappingSpecificationList", "traits": { "aws.protocols#ec2QueryName": "BlockDeviceMapping", - "smithy.api#documentation": "Modifies the DeleteOnTermination attribute for volumes that are currently\n attached. The volume must be owned by the caller. If no value is specified for\n DeleteOnTermination, the default is true and the volume is\n deleted when the instance is terminated.
To add instance store volumes to an Amazon EBS-backed instance, you must add them when\n you launch the instance. For more information, see Update the block device mapping when launching an instance in the\n Amazon EC2 User Guide.
", + "smithy.api#documentation": "Modifies the DeleteOnTermination attribute for volumes that are currently\n attached. The volume must be owned by the caller. If no value is specified for\n DeleteOnTermination, the default is true and the volume is\n deleted when the instance is terminated. You can't modify the DeleteOnTermination \n attribute for volumes that are attached to Fargate tasks.
To add instance store volumes to an Amazon EBS-backed instance, you must add them when\n you launch the instance. For more information, see Update the block device mapping when launching an instance in the\n Amazon EC2 User Guide.
", "smithy.api#xmlName": "blockDeviceMapping" } }, @@ -74082,6 +75589,72 @@ "smithy.api#output": {} } }, + "com.amazonaws.ec2#ModifyInstanceMetadataDefaults": { + "type": "operation", + "input": { + "target": "com.amazonaws.ec2#ModifyInstanceMetadataDefaultsRequest" + }, + "output": { + "target": "com.amazonaws.ec2#ModifyInstanceMetadataDefaultsResult" + }, + "traits": { + "smithy.api#documentation": "Modifies the default instance metadata service (IMDS) settings at the account level in\n the specified Amazon Web Services\u2028 Region.
\nTo remove a parameter's account-level default setting, specify\n no-preference. If an account-level setting is cleared with\n no-preference, then the instance launch considers the other\n instance metadata settings. For more information, see Order of precedence for instance metadata options in the\n Amazon EC2 User Guide.
Indicates whether IMDSv2 is required.
\n\n optional – IMDSv2 is optional, which means that you can\n use either IMDSv2 or IMDSv1.
\n required – IMDSv2 is required, which means that IMDSv1 is\n disabled, and you must use IMDSv2.
The maximum number of hops that the metadata token can travel. To indicate no\n preference, specify -1.
Possible values: Integers from 1 to 64, and -1\n to indicate no preference
Enables or disables the IMDS endpoint on an instance. When disabled, the instance\n metadata can't be accessed.
" + } + }, + "InstanceMetadataTags": { + "target": "com.amazonaws.ec2#DefaultInstanceMetadataTagsState", + "traits": { + "smithy.api#documentation": "Enables or disables access to an instance's tags from the instance metadata. For more\n information, see Work with\n instance tags using the instance metadata in the\n Amazon EC2 User Guide.
" + } + }, + "DryRun": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.
If the request succeeds, the response returns true. If the request fails,\n no response is returned, and instead an error message is returned.
IMDSv2 uses token-backed sessions. Set the use of HTTP tokens to optional\n (in other words, set the use of IMDSv2 to optional) or\n required (in other words, set the use of IMDSv2 to\n required).
\n optional - When IMDSv2 is optional, you can choose to retrieve instance metadata with or without \n a session token in your request. If you retrieve the IAM role credentials \n without a token, the IMDSv1 role credentials are returned. If you retrieve the IAM role credentials \n using a valid session token, the IMDSv2 role credentials are returned.
\n required - When IMDSv2 is required, you must send a session token \n with any instance metadata retrieval requests. In this state, retrieving the IAM role \n credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.
Default: optional\n
Indicates whether IMDSv2 is required.
\n\n optional - IMDSv2 is optional. You can choose whether to send a \n session token in your instance metadata retrieval requests. If you retrieve \n IAM role credentials without a session token, you receive the IMDSv1 role \n credentials. If you retrieve IAM role credentials using a valid session token, \n you receive the IMDSv2 role credentials.
\n required - IMDSv2 is required. You must send a session token \n in your instance metadata retrieval requests. With this option, retrieving the \n IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are \n not available.
Default:
\nIf the value of ImdsSupport for the Amazon Machine Image (AMI)\n for your instance is v2.0 and the account level default is set to\n no-preference, the default is required.
If the value of ImdsSupport for the Amazon Machine Image (AMI)\n for your instance is v2.0, but the account level default is set to\n V1 or V2, the default is optional.
The default value can also be affected by other combinations of parameters. For more\n information, see Order of precedence for instance metadata options in the\n Amazon EC2 User Guide.
" } }, "HttpPutResponseHopLimit": { @@ -74138,7 +75711,7 @@ "InstanceMetadataTags": { "target": "com.amazonaws.ec2#InstanceMetadataTagsState", "traits": { - "smithy.api#documentation": "Set to enabled to allow access to instance tags from the instance\n metadata. Set to disabled to turn off access to instance tags from the\n instance metadata. For more information, see Work with\n instance tags using the instance metadata.
Default: disabled\n
Set to enabled to allow access to instance tags from the instance\n metadata. Set to disabled to turn off access to instance tags from the\n instance metadata. For more information, see Work with\n instance tags using the instance metadata.
Modifies the placement attributes for a specified instance. You can do the\n following:
\nModify the affinity between an instance and a Dedicated\n Host. When affinity is set to host and the instance is\n not associated with a specific Dedicated Host, the next time the instance is\n launched, it is automatically associated with the host on which it lands. If the\n instance is restarted or rebooted, this relationship persists.
Change the Dedicated Host with which an instance is associated.
\nChange the instance tenancy of an instance.
\nMove an instance to or from a placement\n group.
\nAt least one attribute for affinity, host ID, tenancy, or placement group name must be\n specified in the request. Affinity and tenancy can be modified in the same\n request.
\nTo modify the host ID, tenancy, placement group, or partition for an instance, the\n instance must be in the stopped state.
Modifies the placement attributes for a specified instance. You can do the\n following:
\nModify the affinity between an instance and a Dedicated\n Host. When affinity is set to host and the instance is\n not associated with a specific Dedicated Host, the next time the instance is\n started, it is automatically associated with the host on which it lands. If the\n instance is restarted or rebooted, this relationship persists.
Change the Dedicated Host with which an instance is associated.
\nChange the instance tenancy of an instance.
\nMove an instance to or from a placement\n group.
\nAt least one attribute for affinity, host ID, tenancy, or placement group name must be\n specified in the request. Affinity and tenancy can be modified in the same\n request.
\nTo modify the host ID, tenancy, placement group, or partition for an instance, the\n instance must be in the stopped state.
The affinity setting for the instance.
", + "smithy.api#documentation": "The affinity setting for the instance. For more information, see Host affinity in the Amazon EC2 User Guide.
", "smithy.api#xmlName": "affinity" } }, @@ -74704,13 +76277,13 @@ "LaunchTemplateId": { "target": "com.amazonaws.ec2#LaunchTemplateId", "traits": { - "smithy.api#documentation": "The ID of the launch template.
\nYou must specify either the LaunchTemplateId or the\n LaunchTemplateName, but not both.
The ID of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "LaunchTemplateName": { "target": "com.amazonaws.ec2#LaunchTemplateName", "traits": { - "smithy.api#documentation": "The name of the launch template.
\nYou must specify either the LaunchTemplateName or the\n LaunchTemplateId, but not both.
The name of the launch template.
\nYou must specify either the launch template ID or the\n launch template name, but not both.
" } }, "DefaultVersion": { @@ -74918,6 +76491,37 @@ "DeleteOnTermination": false } } + }, + { + "title": "To modify the description attribute of a network interface", + "documentation": "This example modifies the description attribute of the specified network interface.", + "input": { + "NetworkInterfaceId": "eni-686ea200", + "Description": { + "Value": "My description" + } + } + }, + { + "title": "To modify the groupSet attribute of a network interface", + "documentation": "This example command modifies the groupSet attribute of the specified network interface.", + "input": { + "NetworkInterfaceId": "eni-686ea200", + "Groups": [ + "sg-903004f8", + "sg-1a2b3c4d" + ] + } + }, + { + "title": "To modify the sourceDestCheck attribute of a network interface", + "documentation": "This example command modifies the sourceDestCheck attribute of the specified network interface.", + "input": { + "NetworkInterfaceId": "eni-686ea200", + "SourceDestCheck": { + "Value": false + } + } } ] } @@ -74991,6 +76595,12 @@ "traits": { "smithy.api#documentation": "A connection tracking specification.
" } + }, + "AssociatePublicIpAddress": { + "target": "com.amazonaws.ec2#Boolean", + "traits": { + "smithy.api#documentation": "Indicates whether to assign a public IPv4 address to a network interface. \n This option can be enabled for any network interface but will only apply to the primary network interface (eth0).
" + } } }, "traits": { @@ -75198,7 +76808,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Adds or removes permission settings for the specified snapshot. You may add or remove\n specified Amazon Web Services account IDs from a snapshot's list of create volume permissions, but you cannot\n do both in a single operation. If you need to both add and remove account IDs for a snapshot,\n you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.
\nEncrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made\n public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.
\nFor more information about modifying snapshot permissions, see Share a snapshot in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Adds or removes permission settings for the specified snapshot. You may add or remove\n specified Amazon Web Services account IDs from a snapshot's list of create volume permissions, but you cannot\n do both in a single operation. If you need to both add and remove account IDs for a snapshot,\n you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.
\nEncrypted snapshots and snapshots with Amazon Web Services Marketplace product codes cannot be made\n public. Snapshots encrypted with your default KMS key cannot be shared with other accounts.
\nFor more information about modifying snapshot permissions, see Share a snapshot in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To modify a snapshot attribute", @@ -75212,6 +76822,19 @@ ] }, "output": {} + }, + { + "title": "To make a snapshot public", + "documentation": "This example makes the snapshot ``snap-1234567890abcdef0`` public.", + "input": { + "SnapshotId": "snap-1234567890abcdef0", + "Attribute": "createVolumePermission", + "OperationType": "add", + "GroupNames": [ + "all" + ] + }, + "output": {} } ] } @@ -75281,7 +76904,7 @@ "target": "com.amazonaws.ec2#ModifySnapshotTierResult" }, "traits": { - "smithy.api#documentation": "Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full \n snapshot that includes all of the blocks of data that were written to the volume at the \n time the snapshot was created, and moved from the standard tier to the archive \n tier. For more information, see Archive Amazon EBS snapshots \n in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Archives an Amazon EBS snapshot. When you archive a snapshot, it is converted to a full \n snapshot that includes all of the blocks of data that were written to the volume at the \n time the snapshot was created, and moved from the standard tier to the archive \n tier. For more information, see Archive Amazon EBS snapshots \n in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#ModifySnapshotTierRequest": { @@ -75468,7 +77091,7 @@ "MapPublicIpOnLaunch": { "target": "com.amazonaws.ec2#AttributeBooleanValue", "traits": { - "smithy.api#documentation": "Specify true to indicate that network interfaces attached to instances created in the\n specified subnet should be assigned a public IPv4 address.
Specify true to indicate that network interfaces attached to instances created in the\n specified subnet should be assigned a public IPv4 address.
Amazon Web Services charges for all public IPv4 addresses, including public IPv4 addresses \nassociated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the Amazon VPC pricing page.
" } }, "SubnetId": { @@ -75844,7 +77467,7 @@ "SecurityGroupReferencingSupport": { "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", "traits": { - "smithy.api#documentation": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
\nFor important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.
" + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nEnables you to reference a security group across VPCs attached to a transit gateway. Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
" } }, "AutoAcceptSharedAttachments": { @@ -76072,7 +77695,7 @@ "SecurityGroupReferencingSupport": { "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", "traits": { - "smithy.api#documentation": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
\nFor important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.
" + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nEnables you to reference a security group across VPCs attached to a transit gateway. Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
" } }, "Ipv6Support": { @@ -76778,7 +78401,7 @@ "target": "com.amazonaws.ec2#ModifyVolumeResult" }, "traits": { - "smithy.api#documentation": "You can modify several parameters of an existing EBS volume, including volume size, volume\n type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance\n type, you might be able to apply these changes without stopping the instance or detaching the\n volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes (Linux instances) \n or Amazon EBS Elastic Volumes (Windows instances).
\nWhen you complete a resize operation on your volume, you need to extend the volume's\n file-system size to take advantage of the new storage capacity. For more information, see Extend a Linux file system or \n Extend a Windows file system.
\nYou can use CloudWatch Events to check the status of a modification to an EBS volume. For\n information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a\n modification using DescribeVolumesModifications. For information\n about tracking status changes using either method, see Monitor the progress of volume modifications.
\nWith previous-generation instance types, resizing an EBS volume might require detaching and\n reattaching the volume or stopping and restarting the instance.
\nAfter modifying a volume, you must wait at least six hours and ensure that the volume \n is in the in-use or available state before you can modify the same \n volume. This is sometimes referred to as a cooldown period.
You can modify several parameters of an existing EBS volume, including volume size, volume\n type, and IOPS capacity. If your EBS volume is attached to a current-generation EC2 instance\n type, you might be able to apply these changes without stopping the instance or detaching the\n volume from it. For more information about modifying EBS volumes, see Amazon EBS Elastic Volumes \n in the Amazon EBS User Guide.
\nWhen you complete a resize operation on your volume, you need to extend the volume's\n file-system size to take advantage of the new storage capacity. For more information, see Extend the file system.
\nYou can use CloudWatch Events to check the status of a modification to an EBS volume. For\n information about CloudWatch Events, see the Amazon CloudWatch Events User Guide. You can also track the status of a\n modification using DescribeVolumesModifications. For information\n about tracking status changes using either method, see Monitor the progress of volume modifications.
\nWith previous-generation instance types, resizing an EBS volume might require detaching and\n reattaching the volume or stopping and restarting the instance.
\nAfter modifying a volume, you must wait at least six hours and ensure that the volume \n is in the in-use or available state before you can modify the same \n volume. This is sometimes referred to as a cooldown period.
The target EBS volume type of the volume. For more information, see Amazon EBS volume types in the Amazon Elastic Compute Cloud User Guide.
\nDefault: The existing type is retained.
" + "smithy.api#documentation": "The target EBS volume type of the volume. For more information, see Amazon EBS volume types in the Amazon EBS User Guide.
\nDefault: The existing type is retained.
" } }, "Iops": { @@ -76881,7 +78504,7 @@ "MultiAttachEnabled": { "target": "com.amazonaws.ec2#Boolean", "traits": { - "smithy.api#documentation": "Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the \n\t\tvolume to up to 16 \n\t\t\tNitro-based instances in the same Availability Zone. This parameter is \n\t\tsupported with io1 and io2 volumes only. For more information, see \n\t\t\n\t\t\tAmazon EBS Multi-Attach in the Amazon Elastic Compute Cloud User Guide.
Specifies whether to enable Amazon EBS Multi-Attach. If you enable Multi-Attach, you can attach the \n\t\tvolume to up to 16 \n\t\t\tNitro-based instances in the same Availability Zone. This parameter is \n\t\tsupported with io1 and io2 volumes only. For more information, see \n\t \n\t\t\tAmazon EBS Multi-Attach in the Amazon EBS User Guide.
The margin time, in seconds, before the phase 2 lifetime expires, during which the\n Amazon Web Services side of the VPN connection performs an IKE rekey. The exact time\n of the rekey is randomly selected based on the value for\n RekeyFuzzPercentage.
Constraints: A value between 60 and half of Phase2LifetimeSeconds.
Default: 540\n
The margin time, in seconds, before the phase 2 lifetime expires, during which the\n Amazon Web Services side of the VPN connection performs an IKE rekey. The exact time\n of the rekey is randomly selected based on the value for\n RekeyFuzzPercentage.
Constraints: A value between 60 and half of Phase2LifetimeSeconds.
Default: 270\n
The number of cores available to the neuron accelerator.
", + "smithy.api#xmlName": "count" + } + }, + "Version": { + "target": "com.amazonaws.ec2#NeuronDeviceCoreVersion", + "traits": { + "aws.protocols#ec2QueryName": "Version", + "smithy.api#documentation": "The version of the neuron accelerator.
", + "smithy.api#xmlName": "version" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the cores available to the neuron accelerator.
" + } + }, + "com.amazonaws.ec2#NeuronDeviceCoreVersion": { + "type": "integer" + }, + "com.amazonaws.ec2#NeuronDeviceCount": { + "type": "integer" + }, + "com.amazonaws.ec2#NeuronDeviceInfo": { + "type": "structure", + "members": { + "Count": { + "target": "com.amazonaws.ec2#NeuronDeviceCount", + "traits": { + "aws.protocols#ec2QueryName": "Count", + "smithy.api#documentation": "The number of neuron accelerators for the instance type.
", + "smithy.api#xmlName": "count" + } + }, + "Name": { + "target": "com.amazonaws.ec2#NeuronDeviceName", + "traits": { + "aws.protocols#ec2QueryName": "Name", + "smithy.api#documentation": "The name of the neuron accelerator.
", + "smithy.api#xmlName": "name" + } + }, + "CoreInfo": { + "target": "com.amazonaws.ec2#NeuronDeviceCoreInfo", + "traits": { + "aws.protocols#ec2QueryName": "CoreInfo", + "smithy.api#documentation": "Describes the cores available to each neuron accelerator.
", + "smithy.api#xmlName": "coreInfo" + } + }, + "MemoryInfo": { + "target": "com.amazonaws.ec2#NeuronDeviceMemoryInfo", + "traits": { + "aws.protocols#ec2QueryName": "MemoryInfo", + "smithy.api#documentation": "Describes the memory available to each neuron accelerator.
", + "smithy.api#xmlName": "memoryInfo" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the neuron accelerators for the instance type.
" + } + }, + "com.amazonaws.ec2#NeuronDeviceInfoList": { + "type": "list", + "member": { + "target": "com.amazonaws.ec2#NeuronDeviceInfo", + "traits": { + "smithy.api#xmlName": "item" + } + } + }, + "com.amazonaws.ec2#NeuronDeviceMemoryInfo": { + "type": "structure", + "members": { + "SizeInMiB": { + "target": "com.amazonaws.ec2#NeuronDeviceMemorySize", + "traits": { + "aws.protocols#ec2QueryName": "SizeInMiB", + "smithy.api#documentation": "The size of the memory available to the neuron accelerator, in MiB.
", + "smithy.api#xmlName": "sizeInMiB" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the memory available to the neuron accelerator.
" + } + }, + "com.amazonaws.ec2#NeuronDeviceMemorySize": { + "type": "integer" + }, + "com.amazonaws.ec2#NeuronDeviceName": { + "type": "string" + }, + "com.amazonaws.ec2#NeuronInfo": { + "type": "structure", + "members": { + "NeuronDevices": { + "target": "com.amazonaws.ec2#NeuronDeviceInfoList", + "traits": { + "aws.protocols#ec2QueryName": "NeuronDevices", + "smithy.api#documentation": "Describes the neuron accelerators for the instance type.
", + "smithy.api#xmlName": "neuronDevices" + } + }, + "TotalNeuronDeviceMemoryInMiB": { + "target": "com.amazonaws.ec2#TotalNeuronMemory", + "traits": { + "aws.protocols#ec2QueryName": "TotalNeuronDeviceMemoryInMiB", + "smithy.api#documentation": "The total size of the memory for the neuron accelerators for the instance type, in MiB.
", + "smithy.api#xmlName": "totalNeuronDeviceMemoryInMiB" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the neuron accelerators for the instance type.
" + } + }, "com.amazonaws.ec2#NewDhcpConfiguration": { "type": "structure", "members": { @@ -81745,6 +83512,23 @@ "smithy.api#documentation": "Specifies the integrity algorithm for the VPN tunnel for phase 2 IKE\n negotiations.
" } }, + "com.amazonaws.ec2#PhcSupport": { + "type": "enum", + "members": { + "UNSUPPORTED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "unsupported" + } + }, + "SUPPORTED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "supported" + } + } + } + }, "com.amazonaws.ec2#Placement": { "type": "structure", "members": { @@ -82830,6 +84614,14 @@ "smithy.api#documentation": "Indicates whether the instance type supports AMD SEV-SNP. If the request returns \n amd-sev-snp, AMD SEV-SNP is supported. Otherwise, it is not supported. \n For more information, see \n AMD SEV-SNP.
The manufacturer of the processor.
", + "smithy.api#xmlName": "manufacturer" + } } }, "traits": { @@ -83003,7 +84795,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can \n specify is /24. The most specific IPv6 prefix you can specify is /56. The address range cannot overlap with another address range that you've \n brought to this or another Region.
", + "smithy.api#documentation": "The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can \n specify is /24. The most specific IPv6 address range that you can bring is /48 for CIDRs that are publicly advertisable and /56 for CIDRs that are not publicly advertisable. The address range cannot overlap with another address range that you've \n brought to this or another Region.
", "smithy.api#required": {} } }, @@ -83043,6 +84835,12 @@ "traits": { "smithy.api#documentation": "Reserved.
" } + }, + "NetworkBorderGroup": { + "target": "com.amazonaws.ec2#String", + "traits": { + "smithy.api#documentation": "If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
\nYou can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
\nus-east-1-dfw-2
\nus-west-2-lax-1
\nus-west-2-phx-2
\nYou cannot provision or advertise BYOIPv6 address ranges in Local Zones at this time.
\nRegisters an AMI. When you're creating an AMI, this is the final step you must complete\n before you can launch an instance from the AMI. For more information about creating AMIs, see\n Create your\n own AMI in the Amazon Elastic Compute Cloud User Guide.
\nFor Amazon EBS-backed instances, CreateImage creates and registers the AMI\n in a single request, so you don't have to register the AMI yourself. We recommend that you\n always use CreateImage unless you have a specific reason to use\n RegisterImage.
\nIf needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. \n If you make changes to an image, deregister the previous image and register the new image.
\n\n Register a snapshot of a root device volume\n
\nYou can use RegisterImage to create an Amazon EBS-backed Linux AMI from\n a snapshot of a root device volume. You specify the snapshot using a block device mapping.\n You can't set the encryption state of the volume using the block device mapping. If the \n snapshot is encrypted, or encryption by default is enabled, the root volume of an instance \n launched from the AMI is encrypted.
For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs\n in the Amazon Elastic Compute Cloud User Guide.
\n\n Amazon Web Services Marketplace product codes\n
\nIf any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new\n AMI.
\nWindows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE\n Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to\n verify the subscription status for package updates. To create a new AMI for operating systems\n that require a billing product code, instead of registering the AMI, do the following to\n preserve the billing product code association:
\nLaunch an instance from an existing AMI with that billing product code.
\nCustomize the instance.
\nCreate an AMI from the instance using CreateImage.
\nIf you purchase a Reserved Instance to apply to an On-Demand Instance that was launched\n from an AMI with a billing product code, make sure that the Reserved Instance has the matching\n billing product code. If you purchase a Reserved Instance without the matching billing product\n code, the Reserved Instance will not be applied to the On-Demand Instance. For information\n about how to obtain the platform details and billing information of an AMI, see Understand AMI\n billing information in the Amazon EC2 User Guide.
" + "smithy.api#documentation": "Registers an AMI. When you're creating an instance-store backed AMI, registering the AMI\n is the final step in the creation process. For more information about creating AMIs, see\n Create your\n own AMI in the Amazon Elastic Compute Cloud User Guide.
\nFor Amazon EBS-backed instances, CreateImage creates and registers the AMI\n in a single request, so you don't have to register the AMI yourself. We recommend that you\n always use CreateImage unless you have a specific reason to use\n RegisterImage.
\nIf needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. \n If you make changes to an image, deregister the previous image and register the new image.
\n\n Register a snapshot of a root device volume\n
\nYou can use RegisterImage to create an Amazon EBS-backed Linux AMI from\n a snapshot of a root device volume. You specify the snapshot using a block device mapping.\n You can't set the encryption state of the volume using the block device mapping. If the \n snapshot is encrypted, or encryption by default is enabled, the root volume of an instance \n launched from the AMI is encrypted.
For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs\n in the Amazon Elastic Compute Cloud User Guide.
\n\n Amazon Web Services Marketplace product codes\n
\nIf any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new\n AMI.
\nWindows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE\n Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to\n verify the subscription status for package updates. To create a new AMI for operating systems\n that require a billing product code, instead of registering the AMI, do the following to\n preserve the billing product code association:
\nLaunch an instance from an existing AMI with that billing product code.
\nCustomize the instance.
\nCreate an AMI from the instance using CreateImage.
\nIf you purchase a Reserved Instance to apply to an On-Demand Instance that was launched\n from an AMI with a billing product code, make sure that the Reserved Instance has the matching\n billing product code. If you purchase a Reserved Instance without the matching billing product\n code, the Reserved Instance will not be applied to the On-Demand Instance. For information\n about how to obtain the platform details and billing information of an AMI, see Understand AMI\n billing information in the Amazon EC2 User Guide.
" } }, "com.amazonaws.ec2#RegisterImageRequest": { @@ -84217,7 +86015,7 @@ "BlockDeviceMappings": { "target": "com.amazonaws.ec2#BlockDeviceMappingRequestList", "traits": { - "smithy.api#documentation": "The block device mapping entries.
\nIf you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can't specify the encryption state of the volume.
\nIf you create an AMI on an Outpost, then all backing snapshots must be on the same\n Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can\n be used to launch instances on the same Outpost only. For more information, Amazon EBS local\n snapshots on Outposts in the Amazon EC2 User Guide.
", + "smithy.api#documentation": "The block device mapping entries.
\nIf you specify an Amazon EBS volume using the ID of an Amazon EBS snapshot, you can't specify the encryption state of the volume.
\nIf you create an AMI on an Outpost, then all backing snapshots must be on the same\n Outpost or in the Region of that Outpost. AMIs on an Outpost that include local snapshots can\n be used to launch instances on the same Outpost only. For more information, Amazon EBS local\n snapshots on Outposts in the Amazon EBS User Guide.
", "smithy.api#xmlName": "BlockDeviceMapping" } }, @@ -84325,6 +86123,13 @@ "traits": { "smithy.api#documentation": "Set to v2.0 to indicate that IMDSv2 is specified in the AMI. Instances\n launched from this AMI will have HttpTokens automatically set to\n required so that, by default, the instance requires that IMDSv2 is used when\n requesting instance metadata. In addition, HttpPutResponseHopLimit is set to\n 2. For more information, see Configure\n the AMI in the Amazon EC2 User Guide.
If you set the value to v2.0, make sure that your AMI software can support IMDSv2.
The tags to apply to the AMI.
\nTo tag the AMI, the value for ResourceType must be image. If you\n specify another value for ResourceType, the request fails.
To tag an AMI after it has been registered, see CreateTags.
", + "smithy.api#xmlName": "TagSpecification" + } } }, "traits": { @@ -86107,7 +87912,7 @@ "NetworkInterfaces": { "target": "com.amazonaws.ec2#LaunchTemplateInstanceNetworkInterfaceSpecificationRequestList", "traits": { - "smithy.api#documentation": "One or more network interfaces. If you specify a network interface, you must specify\n any security groups and subnets as part of the network interface.
", + "smithy.api#documentation": "The network interfaces for the instance.
", "smithy.api#xmlName": "NetworkInterface" } }, @@ -86168,14 +87973,14 @@ "TagSpecifications": { "target": "com.amazonaws.ec2#LaunchTemplateTagSpecificationRequestList", "traits": { - "smithy.api#documentation": "The tags to apply to the resources that are created during instance launch.
\nYou can specify tags for the following resources only:
\nInstances
\nVolumes
\nElastic graphics
\nSpot Instance requests
\nNetwork interfaces
\nTo tag a resource after it has been created, see CreateTags.
\nTo tag the launch template itself, you must use the TagSpecification parameter.
\nThe tags to apply to the resources that are created during instance launch. These\n tags are not applied to the launch template.
", "smithy.api#xmlName": "TagSpecification" } }, "ElasticGpuSpecifications": { "target": "com.amazonaws.ec2#ElasticGpuSpecificationList", "traits": { - "smithy.api#documentation": "An elastic GPU to associate with the instance.
", + "smithy.api#documentation": "Deprecated.
\nAmazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nOne or more security group IDs. You can create a security group using CreateSecurityGroup.
", + "smithy.api#documentation": "The IDs of the security groups.
\nIf you specify a network interface, you must specify any security groups as part of \n the network interface instead of using this parameter.
", "smithy.api#xmlName": "SecurityGroupId" } }, "SecurityGroups": { "target": "com.amazonaws.ec2#SecurityGroupStringList", "traits": { - "smithy.api#documentation": "One or more security group names. For a nondefault VPC, you must use security group\n IDs instead.
", + "smithy.api#documentation": "The names of the security groups. For a nondefault VPC, you must use security group\n IDs instead.
\nIf you specify a network interface, you must specify any security groups as part of \n the network interface instead of using this parameter.
", "smithy.api#xmlName": "SecurityGroup" } }, @@ -86318,6 +88123,104 @@ "output": { "SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE" } + }, + { + "title": "To request a Spot fleet in the Availability Zone with the lowest price", + "documentation": "This example creates a Spot fleet request with two launch specifications that differ only by Availability Zone. The Spot fleet launches the instances in the specified Availability Zone with the lowest price. If your account supports EC2-VPC only, Amazon EC2 launches the Spot instances in the default subnet of the Availability Zone.", + "input": { + "SpotFleetRequestConfig": { + "SpotPrice": "0.04", + "TargetCapacity": 2, + "IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role", + "LaunchSpecifications": [ + { + "ImageId": "ami-1a2b3c4d", + "KeyName": "my-key-pair", + "SecurityGroups": [ + { + "GroupId": "sg-1a2b3c4d" + } + ], + "InstanceType": "m3.medium", + "Placement": { + "AvailabilityZone": "us-west-2a, us-west-2b" + }, + "IamInstanceProfile": { + "Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role" + } + } + ] + } + }, + "output": { + "SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE" + } + }, + { + "title": "To launch Spot instances in a subnet and assign them public IP addresses", + "documentation": "This example assigns public addresses to instances launched in a nondefault VPC. Note that when you specify a network interface, you must include the subnet ID and security group ID using the network interface.", + "input": { + "SpotFleetRequestConfig": { + "SpotPrice": "0.04", + "TargetCapacity": 2, + "IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role", + "LaunchSpecifications": [ + { + "ImageId": "ami-1a2b3c4d", + "KeyName": "my-key-pair", + "InstanceType": "m3.medium", + "NetworkInterfaces": [ + { + "DeviceIndex": 0, + "SubnetId": "subnet-1a2b3c4d", + "Groups": [ + "sg-1a2b3c4d" + ], + "AssociatePublicIpAddress": true + } + ], + "IamInstanceProfile": { + "Arn": "arn:aws:iam::880185128111:instance-profile/my-iam-role" + } + } + ] + } + }, + "output": { + "SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE" + } + }, + { + "title": "To request a Spot fleet using the diversified allocation strategy", + "documentation": "This example creates a Spot fleet request that launches 30 instances using the diversified allocation strategy. The launch specifications differ by instance type. The Spot fleet distributes the instances across the launch specifications such that there are 10 instances of each type.", + "input": { + "SpotFleetRequestConfig": { + "SpotPrice": "0.70", + "TargetCapacity": 30, + "AllocationStrategy": "diversified", + "IamFleetRole": "arn:aws:iam::123456789012:role/my-spot-fleet-role", + "LaunchSpecifications": [ + { + "ImageId": "ami-1a2b3c4d", + "InstanceType": "c4.2xlarge", + "SubnetId": "subnet-1a2b3c4d" + }, + { + "ImageId": "ami-1a2b3c4d", + "InstanceType": "m3.2xlarge", + "SubnetId": "subnet-1a2b3c4d" + }, + { + "ImageId": "ami-1a2b3c4d", + "InstanceType": "r3.2xlarge", + "SubnetId": "subnet-1a2b3c4d" + } + ] + } + }, + "output": { + "SpotFleetRequestId": "sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE" + } } ] } @@ -86399,6 +88302,26 @@ } } } + }, + { + "title": "To create a one-time Spot Instance request", + "documentation": "This example command creates a one-time Spot Instance request for five instances in the specified subnet. Amazon EC2 launches the instances in the specified subnet. If the VPC is a nondefault VPC, the instances do not receive a public IP address by default.", + "input": { + "SpotPrice": "0.050", + "InstanceCount": 5, + "Type": "one-time", + "LaunchSpecification": { + "ImageId": "ami-1a2b3c4d", + "SecurityGroupIds": [ + "sg-1a2b3c4d" + ], + "InstanceType": "m3.medium", + "SubnetId": "subnet-1a2b3c4d", + "IamInstanceProfile": { + "Arn": "arn:aws:iam::123456789012:instance-profile/my-iam-role" + } + } + } } ] } @@ -87662,7 +89585,7 @@ "target": "com.amazonaws.ec2#ResetEbsDefaultKmsKeyIdResult" }, "traits": { - "smithy.api#documentation": "Resets the default KMS key for EBS encryption for your account in this Region \n to the Amazon Web Services managed KMS key for EBS.
\nAfter resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a \n customer managed KMS key by specifying it when you create the volume. For more information, see\n Amazon EBS encryption\n in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Resets the default KMS key for EBS encryption for your account in this Region \n to the Amazon Web Services managed KMS key for EBS.
\nAfter resetting the default KMS key to the Amazon Web Services managed KMS key, you can continue to encrypt by a \n customer managed KMS key by specifying it when you create the volume. For more information, see\n Amazon EBS encryption\n in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#ResetEbsDefaultKmsKeyIdRequest": { @@ -87944,7 +89867,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Resets permission settings for the specified snapshot.
\nFor more information about modifying snapshot permissions, see Share a snapshot in the\n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "Resets permission settings for the specified snapshot.
\nFor more information about modifying snapshot permissions, see Share a snapshot in the\n Amazon EBS User Guide.
", "smithy.api#examples": [ { "title": "To reset a snapshot attribute", @@ -88750,7 +90673,7 @@ "target": "com.amazonaws.ec2#ElasticGpuSpecificationResponseList", "traits": { "aws.protocols#ec2QueryName": "ElasticGpuSpecificationSet", - "smithy.api#documentation": "The elastic GPU specification.
", + "smithy.api#documentation": "Deprecated.
\nAmazon Elastic Graphics reached end of life on January 8, 2024. For \n workloads that require graphics acceleration, we recommend that you use Amazon EC2 G4ad, \n G4dn, or G5 instances.
\nRestores a snapshot from the Recycle Bin. For more information, see Restore \n snapshots from the Recycle Bin in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Restores a snapshot from the Recycle Bin. For more information, see Restore \n snapshots from the Recycle Bin in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#RestoreSnapshotFromRecycleBinRequest": { @@ -89112,7 +91035,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "OutpostArn", - "smithy.api#documentation": "The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the \n Amazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the \n Amazon EBS User Guide.
", "smithy.api#xmlName": "outpostArn" } }, @@ -89202,7 +91125,7 @@ "target": "com.amazonaws.ec2#RestoreSnapshotTierResult" }, "traits": { - "smithy.api#documentation": "Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore \n period or restore type for a snapshot that was previously temporarily restored.
\nFor more information see \n Restore an archived snapshot and \n modify the restore period or restore type for a temporarily restored snapshot in the Amazon Elastic Compute Cloud User Guide.
" + "smithy.api#documentation": "Restores an archived Amazon EBS snapshot for use temporarily or permanently, or modifies the restore \n period or restore type for a snapshot that was previously temporarily restored.
\nFor more information see \n Restore an archived snapshot and \n modify the restore period or restore type for a temporarily restored snapshot in the Amazon EBS User Guide.
" } }, "com.amazonaws.ec2#RestoreSnapshotTierRequest": { @@ -89522,7 +91445,7 @@ "FromPort": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP, this is the type number. A value of -1 indicates all ICMP types.
" + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP, this is the ICMP type or -1 (all ICMP types).
" } }, "GroupId": { @@ -89564,7 +91487,7 @@ "ToPort": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP, this is the code. A value of -1 indicates all ICMP codes.
" + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP, this is the ICMP code or -1 (all ICMP codes).
" } }, "DryRun": { @@ -90307,21 +92230,21 @@ "SecurityGroupIds": { "target": "com.amazonaws.ec2#SecurityGroupIdStringList", "traits": { - "smithy.api#documentation": "The IDs of the security groups. You can create a security group using CreateSecurityGroup.
\nIf you specify a network interface, you must specify any security groups as part of\n the network interface.
", + "smithy.api#documentation": "The IDs of the security groups. You can create a security group using CreateSecurityGroup.
\nIf you specify a network interface, you must specify any security groups as part of\n the network interface instead of using this parameter.
", "smithy.api#xmlName": "SecurityGroupId" } }, "SecurityGroups": { "target": "com.amazonaws.ec2#SecurityGroupStringList", "traits": { - "smithy.api#documentation": "[Default VPC] The names of the security groups.
\nIf you specify a network interface, you must specify any security groups as part of\n the network interface.
\nDefault: Amazon EC2 uses the default security group.
", + "smithy.api#documentation": "[Default VPC] The names of the security groups.
\nIf you specify a network interface, you must specify any security groups as part of\n the network interface instead of using this parameter.
\nDefault: Amazon EC2 uses the default security group.
", "smithy.api#xmlName": "SecurityGroup" } }, "SubnetId": { "target": "com.amazonaws.ec2#SubnetId", "traits": { - "smithy.api#documentation": "The ID of the subnet to launch the instance into.
\nIf you specify a network interface, you must specify any subnets as part of the\n network interface.
" + "smithy.api#documentation": "The ID of the subnet to launch the instance into.
\nIf you specify a network interface, you must specify any subnets as part of the\n network interface instead of using this parameter.
" } }, "UserData": { @@ -90391,7 +92314,7 @@ "target": "com.amazonaws.ec2#InstanceNetworkInterfaceSpecificationList", "traits": { "aws.protocols#ec2QueryName": "NetworkInterface", - "smithy.api#documentation": "The network interfaces to associate with the instance. If you specify a network\n interface, you must specify any security groups and subnets as part of the network\n interface.
", + "smithy.api#documentation": "The network interfaces to associate with the instance.
", "smithy.api#xmlName": "networkInterface" } }, @@ -90406,27 +92329,27 @@ "ElasticGpuSpecification": { "target": "com.amazonaws.ec2#ElasticGpuSpecifications", "traits": { - "smithy.api#documentation": "An elastic GPU to associate with the instance. An Elastic GPU is a GPU resource that\n you can attach to your Windows instance to accelerate the graphics performance of your\n applications. For more information, see Amazon EC2 Elastic GPUs in\n the Amazon EC2 User Guide.
" + "smithy.api#documentation": "An elastic GPU to associate with the instance.
\nAmazon Elastic Graphics reached end of life on January 8, 2024.
\nAn elastic inference accelerator to associate with the instance. Elastic inference\n accelerators are a resource you can attach to your Amazon EC2 instances to accelerate\n your Deep Learning (DL) inference workloads.
\nYou cannot specify accelerators from different generations in the same request.
\nStarting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon\n Elastic Inference (EI), and will help current customers migrate their workloads to\n options that offer better price and performance. After April 15, 2023, new customers\n will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker,\n Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during\n the past 30-day period are considered current customers and will be able to continue\n using the service.
\nAn elastic inference accelerator to associate with the instance.
\nAmazon Elastic Inference (EI) is no longer available to new customers. For more\n information, see Amazon Elastic Inference FAQs.
\nThe tags to apply to the resources that are created during instance launch.
\nYou can specify tags for the following resources only:
\nInstances
\nVolumes
\nElastic graphics
\nSpot Instance requests
\nNetwork interfaces
\nTo tag a resource after it has been created, see CreateTags.
", + "smithy.api#documentation": "The tags to apply to the resources that are created during instance launch.
\nYou can specify tags for the following resources only:
\nInstances
\nVolumes
\nSpot Instance requests
\nNetwork interfaces
\nTo tag a resource after it has been created, see CreateTags.
", "smithy.api#xmlName": "TagSpecification" } }, "LaunchTemplate": { "target": "com.amazonaws.ec2#LaunchTemplateSpecification", "traits": { - "smithy.api#documentation": "The launch template to use to launch the instances. Any parameters that you specify in\n RunInstances override the same parameters in the launch template.\n You can specify either the name or ID of a launch template, but not both.
" + "smithy.api#documentation": "The launch template. Any additional parameters that you specify for the new instance \n overwrite the corresponding parameters included in the launch template.
" } }, "InstanceMarketOptions": { @@ -91293,7 +93216,7 @@ "AssociatePublicIpAddress": { "target": "com.amazonaws.ec2#Boolean", "traits": { - "smithy.api#documentation": "Indicates whether to assign a public IPv4 address to instances launched in a VPC. The\n public IPv4 address can only be assigned to a network interface for eth0, and can only be\n assigned to a new network interface, not an existing one. You cannot specify more than one\n network interface in the request. If launching into a default subnet, the default value is\n true.
Indicates whether to assign a public IPv4 address to instances launched in a VPC. The\n public IPv4 address can only be assigned to a network interface for eth0, and can only be\n assigned to a new network interface, not an existing one. You cannot specify more than one\n network interface in the request. If launching into a default subnet, the default value is\n true.
Amazon Web Services charges for all public IPv4 addresses, including public IPv4 addresses \nassociated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the Amazon VPC pricing page.
" } }, "DeleteOnTermination": { @@ -91629,7 +93552,7 @@ "MaxResults": { "target": "com.amazonaws.ec2#TransitGatewayMaxResults", "traits": { - "smithy.api#documentation": "The maximum number of routes to return.
" + "smithy.api#documentation": "The maximum number of routes to return. If a value is not provided, the default is\n 1000.
" } }, "DryRun": { @@ -91908,7 +93831,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "VpcPeeringConnectionId", - "smithy.api#documentation": "The ID of the VPC peering connection (if applicable). For more information about security group referencing for peering connections, see Update your security groups to reference peer security groups in the VPC Peering Guide.
", + "smithy.api#documentation": "The ID of the VPC peering connection (if applicable). For more information about security group referencing for peering connections, see Update your security groups to reference peer security groups in the VPC Peering Guide.
", "smithy.api#xmlName": "vpcPeeringConnectionId" } }, @@ -91916,7 +93839,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "TransitGatewayId", - "smithy.api#documentation": "The ID of the transit gateway (if applicable). For more information about security group referencing for transit gateways, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.
", + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nThe ID of the transit gateway (if applicable).
", "smithy.api#xmlName": "transitGatewayId" } } @@ -91998,7 +93921,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "FromPort", - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. \n If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
", + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
", "smithy.api#xmlName": "fromPort" } }, @@ -92006,7 +93929,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "ToPort", - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 codes. \n If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
", + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). \n If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
", "smithy.api#xmlName": "toPort" } }, @@ -92125,13 +94048,13 @@ "FromPort": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP or ICMPv6, this is the type number. A value of -1 indicates all ICMP/ICMPv6 types. \n If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
" + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
" } }, "ToPort": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the code. A value of -1 indicates all ICMP/ICMPv6 codes. \n If you specify all ICMP/ICMPv6 types, you must specify all ICMP/ICMPv6 codes.
" + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes). \n If the start port is -1 (all ICMP types), then the end port must be -1 (all ICMP codes).
" } }, "CidrIpv4": { @@ -92818,7 +94741,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "OutpostArn", - "smithy.api#documentation": "The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the \n \t\tAmazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the \n \t\tAmazon EBS User Guide.
", "smithy.api#xmlName": "outpostArn" } }, @@ -93127,7 +95050,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "OutpostArn", - "smithy.api#documentation": "The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the \n \t\tAmazon Elastic Compute Cloud User Guide.
", + "smithy.api#documentation": "The ARN of the Outpost on which the snapshot is stored. For more information, see Amazon EBS local snapshots on Outposts in the \n \t\tAmazon EBS User Guide.
", "smithy.api#xmlName": "outpostArn" } }, @@ -93568,7 +95491,7 @@ "target": "com.amazonaws.ec2#GroupIdentifierList", "traits": { "aws.protocols#ec2QueryName": "GroupSet", - "smithy.api#documentation": "The security groups.
", + "smithy.api#documentation": "The security groups.
\nIf you specify a network interface, you must specify any security groups as part of\n the network interface instead of using this parameter.
", "smithy.api#xmlName": "groupSet" } }, @@ -93648,7 +95571,7 @@ "target": "com.amazonaws.ec2#InstanceNetworkInterfaceSpecificationList", "traits": { "aws.protocols#ec2QueryName": "NetworkInterfaceSet", - "smithy.api#documentation": "One or more network interfaces. If you specify a network interface, you must specify \n subnet IDs and security group IDs using the network interface.
\n\n SpotFleetLaunchSpecification currently does not support Elastic Fabric Adapter (EFA). To specify an EFA, you must use LaunchTemplateConfig.
The network interfaces.
\n\n SpotFleetLaunchSpecification does not support Elastic Fabric Adapter (EFA). \n You must use LaunchTemplateConfig instead.
The IDs of the subnets in which to launch the instances. To specify multiple subnets, separate\n them using commas; for example, \"subnet-1234abcdeexample1, subnet-0987cdef6example2\".
", + "smithy.api#documentation": "The IDs of the subnets in which to launch the instances. To specify multiple subnets, separate\n them using commas; for example, \"subnet-1234abcdeexample1, subnet-0987cdef6example2\".
\nIf you specify a network interface, you must specify any subnets as part of the\n network interface instead of using this parameter.
", "smithy.api#xmlName": "subnetId" } }, @@ -93866,7 +95789,7 @@ "target": "com.amazonaws.ec2#LaunchSpecsList", "traits": { "aws.protocols#ec2QueryName": "LaunchSpecifications", - "smithy.api#documentation": "The launch specifications for the Spot Fleet request. If you specify\n LaunchSpecifications, you can't specify\n LaunchTemplateConfigs. If you include On-Demand capacity in your\n request, you must use LaunchTemplateConfigs.
The launch specifications for the Spot Fleet request. If you specify\n LaunchSpecifications, you can't specify\n LaunchTemplateConfigs. If you include On-Demand capacity in your\n request, you must use LaunchTemplateConfigs.
If an AMI specified in a launch specification is deregistered or disabled, no new\n instances can be launched from the AMI. For fleets of type maintain, the\n target capacity will not be maintained.
The unit for the target capacity. TargetCapacityUnitType can only be specified when InstanceRequirements is specified.
Default: units (translates to number of instances)
The unit for the target capacity. You can specify this parameter only when \n using attribute-based instance type selection.
\nDefault: units (the number of instances)
The start of the port range for the TCP and UDP protocols, or an ICMP type number. A value of\n -1 indicates all ICMP types.
", + "smithy.api#documentation": "If the protocol is TCP or UDP, this is the start of the port range. \n If the protocol is ICMP or ICMPv6, this is the ICMP type or -1 (all ICMP types).
", "smithy.api#xmlName": "fromPort" } }, @@ -94746,7 +96669,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "IpProtocol", - "smithy.api#documentation": "The IP protocol name (for tcp, udp, and icmp) or number (see Protocol Numbers).
The IP protocol name (tcp, udp, icmp, icmpv6) or number\n (see Protocol Numbers).
The end of the port range for the TCP and UDP protocols, or an ICMP type number. A value of\n -1 indicates all ICMP types.
If the protocol is TCP or UDP, this is the end of the port range.\n If the protocol is ICMP or ICMPv6, this is the ICMP code or -1 (all ICMP codes).
", "smithy.api#xmlName": "toPort" } }, @@ -94870,7 +96793,7 @@ "target": "com.amazonaws.ec2#StartInstancesResult" }, "traits": { - "smithy.api#documentation": "Starts an Amazon EBS-backed instance that you've previously stopped.
\nInstances that use Amazon EBS volumes as their root devices can be quickly stopped and\n started. When an instance is stopped, the compute resources are released and you are not\n billed for instance usage. However, your root partition Amazon EBS volume remains and\n continues to persist your data, and you are charged for Amazon EBS volume usage. You can\n restart your instance at any time. Every time you start your instance, Amazon EC2\n charges a one-minute minimum for instance usage, and thereafter charges per second for\n instance usage.
\nBefore stopping an instance, make sure it is in a state from which it can be\n restarted. Stopping an instance does not preserve data stored in RAM.
\nPerforming this operation on an instance that uses an instance store as its root\n device returns an error.
\nIf you attempt to start a T3 instance with host tenancy and the\n unlimted CPU credit option, the request fails. The\n unlimited CPU credit option is not supported on Dedicated Hosts. Before\n you start the instance, either change its CPU credit option to standard, or\n change its tenancy to default or dedicated.
For more information, see Stop and start your instance\n in the Amazon EC2 User Guide.
", + "smithy.api#documentation": "Starts an Amazon EBS-backed instance that you've previously stopped.
\nInstances that use Amazon EBS volumes as their root devices can be quickly stopped and\n started. When an instance is stopped, the compute resources are released and you are not\n billed for instance usage. However, your root partition Amazon EBS volume remains and\n continues to persist your data, and you are charged for Amazon EBS volume usage. You can\n restart your instance at any time. Every time you start your instance, Amazon EC2\n charges a one-minute minimum for instance usage, and thereafter charges per second for\n instance usage.
\nBefore stopping an instance, make sure it is in a state from which it can be\n restarted. Stopping an instance does not preserve data stored in RAM.
\nPerforming this operation on an instance that uses an instance store as its root\n device returns an error.
\nIf you attempt to start a T3 instance with host tenancy and the\n unlimited CPU credit option, the request fails. The\n unlimited CPU credit option is not supported on Dedicated Hosts. Before\n you start the instance, either change its CPU credit option to standard, or\n change its tenancy to default or dedicated.
For more information, see Stop and start your instance\n in the Amazon EC2 User Guide.
", "smithy.api#examples": [ { "title": "To start a stopped EC2 instance", @@ -95212,7 +97135,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "Message", - "smithy.api#documentation": "The message for the state change.
\n\n Server.InsufficientInstanceCapacity: There was insufficient\n capacity available to satisfy the launch request.
\n Server.InternalError: An internal error caused the instance to\n terminate during launch.
\n Server.ScheduledStop: The instance was stopped due to a scheduled\n retirement.
\n Server.SpotInstanceShutdown: The instance was stopped because the\n number of Spot requests with a maximum price equal to or higher than the Spot\n price exceeded available capacity or because of an increase in the Spot\n price.
\n Server.SpotInstanceTermination: The instance was terminated\n because the number of Spot requests with a maximum price equal to or higher than\n the Spot price exceeded available capacity or because of an increase in the Spot\n price.
\n Client.InstanceInitiatedShutdown: The instance was shut down\n using the shutdown -h command from the instance.
\n Client.InstanceTerminated: The instance was terminated or\n rebooted during AMI creation.
\n Client.InternalError: A client error caused the instance to\n terminate during launch.
\n Client.InvalidSnapshot.NotFound: The specified snapshot was not\n found.
\n Client.UserInitiatedHibernate: Hibernation was initiated on the\n instance.
\n Client.UserInitiatedShutdown: The instance was shut down using\n the Amazon EC2 API.
\n Client.VolumeLimitExceeded: The limit on the number of EBS\n volumes or total storage was exceeded. Decrease usage or request an increase in\n your account limits.
The message for the state change.
\n\n Server.InsufficientInstanceCapacity: There was insufficient\n capacity available to satisfy the launch request.
\n Server.InternalError: An internal error caused the instance to\n terminate during launch.
\n Server.ScheduledStop: The instance was stopped due to a scheduled\n retirement.
\n Server.SpotInstanceShutdown: The instance was stopped because the\n number of Spot requests with a maximum price equal to or higher than the Spot\n price exceeded available capacity or because of an increase in the Spot\n price.
\n Server.SpotInstanceTermination: The instance was terminated\n because the number of Spot requests with a maximum price equal to or higher than\n the Spot price exceeded available capacity or because of an increase in the Spot\n price.
\n Client.InstanceInitiatedShutdown: The instance was shut down\n from the operating system of the instance.
\n Client.InstanceTerminated: The instance was terminated or\n rebooted during AMI creation.
\n Client.InternalError: A client error caused the instance to\n terminate during launch.
\n Client.InvalidSnapshot.NotFound: The specified snapshot was not\n found.
\n Client.UserInitiatedHibernate: Hibernation was initiated on the\n instance.
\n Client.UserInitiatedShutdown: The instance was shut down using\n the Amazon EC2 API.
\n Client.VolumeLimitExceeded: The limit on the number of EBS\n volumes or total storage was exceeded. Decrease usage or request an increase in\n your account limits.
Indicates whether instances launched in this subnet receive a public IPv4 address.
", + "smithy.api#documentation": "Indicates whether instances launched in this subnet receive a public IPv4 address.
\nAmazon Web Services charges for all public IPv4 addresses, including public IPv4 addresses \nassociated with running instances and Elastic IP addresses. For more information, see the Public IPv4 Address tab on the Amazon VPC pricing page.
", "smithy.api#xmlName": "mapPublicIpOnLaunch" } }, @@ -96032,6 +97955,12 @@ "traits": { "smithy.api#enumValue": "available" } + }, + "unavailable": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "unavailable" + } } } }, @@ -96336,7 +98265,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "aws.protocols#ec2QueryName": "TotalTargetCapacity", - "smithy.api#documentation": "The number of units to request, filled using\n DefaultTargetCapacityType.
The number of units to request, filled the default target capacity type.
", "smithy.api#xmlName": "totalTargetCapacity" } }, @@ -96360,7 +98289,7 @@ "target": "com.amazonaws.ec2#DefaultTargetCapacityType", "traits": { "aws.protocols#ec2QueryName": "DefaultTargetCapacityType", - "smithy.api#documentation": "The default TotalTargetCapacity, which is either Spot or\n On-Demand.
The default target capacity type.
", "smithy.api#xmlName": "defaultTargetCapacityType" } }, @@ -96368,7 +98297,7 @@ "target": "com.amazonaws.ec2#TargetCapacityUnitType", "traits": { "aws.protocols#ec2QueryName": "TargetCapacityUnitType", - "smithy.api#documentation": "The unit for the target capacity. TargetCapacityUnitType can only be specified when InstanceRequirements is specified.
Default: units (translates to number of instances)
The unit for the target capacity.
", "smithy.api#xmlName": "targetCapacityUnitType" } } @@ -96384,7 +98313,7 @@ "target": "com.amazonaws.ec2#Integer", "traits": { "smithy.api#clientOptional": {}, - "smithy.api#documentation": "The number of units to request, filled using\n DefaultTargetCapacityType.
The number of units to request, filled using the default target capacity type.
", "smithy.api#required": {} } }, @@ -96403,18 +98332,18 @@ "DefaultTargetCapacityType": { "target": "com.amazonaws.ec2#DefaultTargetCapacityType", "traits": { - "smithy.api#documentation": "The default TotalTargetCapacity, which is either Spot or\n On-Demand.
The default target capacity type.
" } }, "TargetCapacityUnitType": { "target": "com.amazonaws.ec2#TargetCapacityUnitType", "traits": { - "smithy.api#documentation": "The unit for the target capacity. TargetCapacityUnitType can only be specified when InstanceRequirements is specified.
Default: units (translates to number of instances)
The unit for the target capacity. You can specify this parameter only when using\n attributed-based instance type selection.
\nDefault: units (the number of instances)
The number of units to request. You can choose to set the target capacity as the number of \n instances. Or you can set the target capacity to a performance characteristic that is important to your application workload,\n such as vCPUs, memory, or I/O. If the request type is maintain, you can\n specify a target capacity of 0 and add capacity later.
You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance\n MaxTotalPrice parameter, or both parameters to ensure that your fleet cost\n does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances\n in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you're\n willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops\n launching instances even if it hasn’t met the target capacity. The\n MaxTotalPrice parameters are located in OnDemandOptionsRequest \n and SpotOptionsRequest.
The number of units to request. You can choose to set the target capacity as the number of \n instances. Or you can set the target capacity to a performance characteristic that is important to your application workload,\n such as vCPUs, memory, or I/O. If the request type is maintain, you can\n specify a target capacity of 0 and add capacity later.
You can use the On-Demand Instance MaxTotalPrice parameter, the Spot Instance\n MaxTotalPrice parameter, or both parameters to ensure that your fleet cost\n does not exceed your budget. If you set a maximum price per hour for the On-Demand Instances and Spot Instances\n in your request, EC2 Fleet will launch instances until it reaches the maximum amount that you're\n willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops\n launching instances even if it hasn't met the target capacity. The\n MaxTotalPrice parameters are located in OnDemandOptionsRequest \n and SpotOptionsRequest.
The minimum and maximum amount of total local storage, in GB.
" } }, + "com.amazonaws.ec2#TotalMediaMemory": { + "type": "integer" + }, + "com.amazonaws.ec2#TotalNeuronMemory": { + "type": "integer" + }, "com.amazonaws.ec2#TpmSupportValues": { "type": "enum", "members": { @@ -99094,7 +101029,7 @@ "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", "traits": { "aws.protocols#ec2QueryName": "SecurityGroupReferencingSupport", - "smithy.api#documentation": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
\nFor important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.
", + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nEnables you to reference a security group across VPCs attached to a transit gateway. Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
", "smithy.api#xmlName": "securityGroupReferencingSupport" } }, @@ -99745,7 +101680,7 @@ "SecurityGroupReferencingSupport": { "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", "traits": { - "smithy.api#documentation": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
\nFor important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide.
" + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nEnables you to reference a security group across VPCs attached to a transit gateway. Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
" } }, "MulticastSupport": { @@ -100530,7 +102465,7 @@ "target": "com.amazonaws.ec2#SecurityGroupReferencingSupportValue", "traits": { "aws.protocols#ec2QueryName": "SecurityGroupReferencingSupport", - "smithy.api#documentation": "For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide.
", + "smithy.api#documentation": "This parameter is in preview and may not be available for your account.
\nEnables you to reference a security group across VPCs attached to a transit gateway. Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.
", "smithy.api#xmlName": "securityGroupReferencingSupport" } }, @@ -103180,7 +105115,7 @@ "target": "com.amazonaws.ec2#VolumeAttachmentList", "traits": { "aws.protocols#ec2QueryName": "AttachmentSet", - "smithy.api#documentation": "Information about the volume attachments.
", + "smithy.api#documentation": "This parameter is not returned by CreateVolume.
\nInformation about the volume attachments.
", "smithy.api#xmlName": "attachmentSet" } }, @@ -103284,7 +105219,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "FastRestored", - "smithy.api#documentation": "Indicates whether the volume was created using fast snapshot restore.
", + "smithy.api#documentation": "This parameter is not returned by CreateVolume.
\nIndicates whether the volume was created using fast snapshot restore.
", "smithy.api#xmlName": "fastRestored" } }, @@ -103308,7 +105243,7 @@ "target": "com.amazonaws.ec2#SSEType", "traits": { "aws.protocols#ec2QueryName": "SseType", - "smithy.api#documentation": "Reserved for future use.
", + "smithy.api#documentation": "This parameter is not returned by CreateVolume.
\nReserved for future use.
", "smithy.api#xmlName": "sseType" } } @@ -103332,7 +105267,7 @@ "target": "com.amazonaws.ec2#String", "traits": { "aws.protocols#ec2QueryName": "Device", - "smithy.api#documentation": "The device name.
", + "smithy.api#documentation": "The device name.
\nIf the volume is attached to a Fargate task, this parameter \n returns null.
The ID of the instance.
", + "smithy.api#documentation": "The ID of the instance.
\nIf the volume is attached to a Fargate task, this parameter \n returns null.
Indicates whether the EBS volume is deleted on instance termination.
", "smithy.api#xmlName": "deleteOnTermination" } + }, + "AssociatedResource": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "AssociatedResource", + "smithy.api#documentation": "The ARN of the Amazon ECS or Fargate task \n to which the volume is attached.
", + "smithy.api#xmlName": "associatedResource" + } + }, + "InstanceOwningService": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "InstanceOwningService", + "smithy.api#documentation": "The service principal of Amazon Web Services service that owns the underlying \n instance to which the volume is attached.
\nThis parameter is returned only for volumes that are attached to \n Fargate tasks.
", + "smithy.api#xmlName": "instanceOwningService" + } } }, "traits": { @@ -105699,7 +107650,7 @@ "RekeyMarginTimeSeconds": { "target": "com.amazonaws.ec2#Integer", "traits": { - "smithy.api#documentation": "The margin time, in seconds, before the phase 2 lifetime expires, during which the\n Amazon Web Services side of the VPN connection performs an IKE rekey. The exact time\n of the rekey is randomly selected based on the value for\n RekeyFuzzPercentage.
Constraints: A value between 60 and half of Phase2LifetimeSeconds.
Default: 540\n
The margin time, in seconds, before the phase 2 lifetime expires, during which the\n Amazon Web Services side of the VPN connection performs an IKE rekey. The exact time\n of the rekey is randomly selected based on the value for\n RekeyFuzzPercentage.
Constraints: A value between 60 and half of Phase2LifetimeSeconds.
Default: 270\n
Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1318,7 +1321,7 @@ "type": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The type of the attachment, such as ElasticNetworkInterface.
The type of the attachment, such as ElasticNetworkInterface,\n\t\t\t\tService Connect, and AmazonElasticBlockStorage.
Details of the attachment. For elastic network interfaces, this includes the network\n\t\t\tinterface ID, the MAC address, the subnet ID, and the private IPv4 address.
" + "smithy.api#documentation": "Details of the attachment.
\nFor elastic network interfaces, this includes the network interface ID, the MAC\n\t\t\taddress, the subnet ID, and the private IPv4 address.
\nFor Service Connect services, this includes portName,\n\t\t\t\tclientAliases, discoveryName, and\n\t\t\t\tingressPortOverride.
For Elastic Block Storage, this includes roleArn,\n\t\t\t\tdeleteOnTermination, volumeName, volumeId,\n\t\t\tand statusReason (only when the attachment fails to create or\n\t\t\tattach).
Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1435,7 +1441,7 @@ "autoScalingGroupArn": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group name.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group\n\t\t\tname.
", "smithy.api#required": {} } }, @@ -1448,7 +1454,13 @@ "managedTerminationProtection": { "target": "com.amazonaws.ecs#ManagedTerminationProtection", "traits": { - "smithy.api#documentation": "The managed termination protection setting to use for the Auto Scaling group capacity\n\t\t\tprovider. This determines whether the Auto Scaling group has managed termination\n\t\t\tprotection. The default is off.
\nWhen using managed termination protection, managed scaling must also be used\n\t\t\t\totherwise managed termination protection doesn't work.
\nWhen managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto\n\t\t\tScaling group that contain tasks from being terminated during a scale-in action. The\n\t\t\tAuto Scaling group and each instance in the Auto Scaling group must have instance\n\t\t\tprotection from scale-in actions on as well. For more information, see Instance Protection in the Auto Scaling User Guide.
\nWhen managed termination protection is off, your Amazon EC2 instances aren't protected from\n\t\t\ttermination when the Auto Scaling group scales in.
" + "smithy.api#documentation": "The managed termination protection setting to use for the Auto Scaling group capacity\n\t\t\tprovider. This determines whether the Auto Scaling group has managed termination\n\t\t\tprotection. The default is off.
\nWhen using managed termination protection, managed scaling must also be used\n\t\t\t\totherwise managed termination protection doesn't work.
\nWhen managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an\n\t\t\tAuto Scaling group that contain tasks from being terminated during a scale-in action.\n\t\t\tThe Auto Scaling group and each instance in the Auto Scaling group must have instance\n\t\t\tprotection from scale-in actions on as well. For more information, see Instance Protection in the Auto Scaling User Guide.
\nWhen managed termination protection is off, your Amazon EC2 instances aren't protected from\n\t\t\ttermination when the Auto Scaling group scales in.
" + } + }, + "managedDraining": { + "target": "com.amazonaws.ecs#ManagedDraining", + "traits": { + "smithy.api#documentation": "The managed draining option for the Auto Scaling group capacity provider. When you enable this, Amazon ECS manages and gracefully drains the EC2 container instances that are in the Auto Scaling group capacity provider.
" } } }, @@ -1468,7 +1480,13 @@ "managedTerminationProtection": { "target": "com.amazonaws.ecs#ManagedTerminationProtection", "traits": { - "smithy.api#documentation": "The managed termination protection setting to use for the Auto Scaling group capacity\n\t\t\tprovider. This determines whether the Auto Scaling group has managed termination\n\t\t\tprotection.
\nWhen using managed termination protection, managed scaling must also be used\n\t\t\t\totherwise managed termination protection doesn't work.
\nWhen managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto\n\t\t\tScaling group that contain tasks from being terminated during a scale-in action. The\n\t\t\tAuto Scaling group and each instance in the Auto Scaling group must have instance\n\t\t\tprotection from scale-in actions on. For more information, see Instance Protection in the Auto Scaling User Guide.
\nWhen managed termination protection is off, your Amazon EC2 instances aren't protected from\n\t\t\ttermination when the Auto Scaling group scales in.
" + "smithy.api#documentation": "The managed termination protection setting to use for the Auto Scaling group capacity\n\t\t\tprovider. This determines whether the Auto Scaling group has managed termination\n\t\t\tprotection.
\nWhen using managed termination protection, managed scaling must also be used\n\t\t\t\totherwise managed termination protection doesn't work.
\nWhen managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an\n\t\t\tAuto Scaling group that contain tasks from being terminated during a scale-in action.\n\t\t\tThe Auto Scaling group and each instance in the Auto Scaling group must have instance\n\t\t\tprotection from scale-in actions on. For more information, see Instance Protection in the Auto Scaling User Guide.
\nWhen managed termination protection is off, your Amazon EC2 instances aren't protected from\n\t\t\ttermination when the Auto Scaling group scales in.
" + } + }, + "managedDraining": { + "target": "com.amazonaws.ecs#ManagedDraining", + "traits": { + "smithy.api#documentation": "The managed draining option for the Auto Scaling group capacity provider. When you enable this, Amazon ECS manages and gracefully drains the EC2 container instances that are in the Auto Scaling group capacity provider.
" } } }, @@ -1500,14 +1518,17 @@ } }, "traits": { - "smithy.api#documentation": "An object representing the networking details for a task or service.
" + "smithy.api#documentation": "An object representing the networking details for a task or service. For example\n\t\t\t\tawsvpcConfiguration={subnets=[\"subnet-12344321\"],securityGroups=[\"sg-12344321\"]}\n
Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1660,7 +1681,7 @@ } }, "traits": { - "smithy.api#documentation": "The details of a capacity provider strategy. A capacity provider strategy can be set\n\t\t\twhen using the RunTask or CreateCluster APIs or as\n\t\t\tthe default capacity provider strategy for a cluster with the CreateCluster API.
\nOnly capacity providers that are already associated with a cluster and have an\n\t\t\t\tACTIVE or UPDATING status can be used in a capacity\n\t\t\tprovider strategy. The PutClusterCapacityProviders API is used to\n\t\t\tassociate a capacity provider with a cluster.
If specifying a capacity provider that uses an Auto Scaling group, the capacity\n\t\t\tprovider must already be created. New Auto Scaling group capacity providers can be\n\t\t\tcreated with the CreateCapacityProvider API operation.
\nTo use a Fargate capacity provider, specify either the FARGATE or\n\t\t\t\tFARGATE_SPOT capacity providers. The Fargate capacity providers are\n\t\t\tavailable to all accounts and only need to be associated with a cluster to be used in a\n\t\t\tcapacity provider strategy.
A capacity provider strategy may contain a maximum of 6 capacity providers.
" + "smithy.api#documentation": "The details of a capacity provider strategy. A capacity provider strategy can be set\n\t\t\twhen using the RunTask or CreateCluster APIs or as\n\t\t\tthe default capacity provider strategy for a cluster with the CreateCluster API.
\nOnly capacity providers that are already associated with a cluster and have an\n\t\t\t\tACTIVE or UPDATING status can be used in a capacity\n\t\t\tprovider strategy. The PutClusterCapacityProviders API is used to\n\t\t\tassociate a capacity provider with a cluster.
If specifying a capacity provider that uses an Auto Scaling group, the capacity\n\t\t\tprovider must already be created. New Auto Scaling group capacity providers can be\n\t\t\tcreated with the CreateCapacityProvider API operation.
\nTo use a Fargate capacity provider, specify either the FARGATE or\n\t\t\t\tFARGATE_SPOT capacity providers. The Fargate capacity providers are\n\t\t\tavailable to all accounts and only need to be associated with a cluster to be used in a\n\t\t\tcapacity provider strategy.
With FARGATE_SPOT, you can run interruption\n\t\t\ttolerant tasks at a rate that's discounted compared to the FARGATE price.\n\t\t\t\tFARGATE_SPOT runs tasks on spare compute capacity. When Amazon Web Services needs the\n\t\t\tcapacity back, your tasks are interrupted with a two-minute warning.\n\t\t\t\tFARGATE_SPOT only supports Linux tasks with the X86_64 architecture on\n\t\t\tplatform version 1.3.0 or later.
A capacity provider strategy may contain a maximum of 6 capacity providers.
" } }, "com.amazonaws.ecs#CapacityProviderStrategyItemBase": { @@ -1734,7 +1755,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1812,7 +1836,7 @@ "settings": { "target": "com.amazonaws.ecs#ClusterSettings", "traits": { - "smithy.api#documentation": "The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is on\n\t\t\tor off for a cluster.
" + "smithy.api#documentation": "The settings for the cluster. This parameter indicates whether CloudWatch Container Insights\n\t\t\tis on or off for a cluster.
" } }, "capacityProviders": { @@ -1858,17 +1882,26 @@ "traits": { "smithy.api#documentation": "The details of the execute command configuration.
" } + }, + "managedStorageConfiguration": { + "target": "com.amazonaws.ecs#ManagedStorageConfiguration", + "traits": { + "smithy.api#documentation": "The details of the managed storage configuration.
" + } } }, "traits": { - "smithy.api#documentation": "The execute command configuration for the cluster.
" + "smithy.api#documentation": "The execute command and managed storage configuration for the cluster.
" } }, "com.amazonaws.ecs#ClusterContainsContainerInstancesException": { "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1880,7 +1913,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1892,7 +1928,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1945,7 +1984,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -1973,7 +2015,7 @@ "namespace": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace that's used when you create a service and don't specify\n\t\t\ta Service Connect configuration. The namespace name can include up to 1024 characters.\n\t\t\tThe name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than\n\t\t\t(>), less than (<), or slash (/).
\nIf you enter an existing namespace name or ARN, then that namespace will be used.\n\t\t\tAny namespace type is supported. The namespace must be in this account and this Amazon Web Services\n\t\t\tRegion.
\nIf you enter a new name, a Cloud Map namespace will be created. Amazon ECS creates a\n\t\t\tCloud Map namespace with the \"API calls\" method of instance discovery only. This instance\n\t\t\tdiscovery method is the \"HTTP\" namespace type in the Command Line Interface. Other types of instance\n\t\t\tdiscovery aren't used by Service Connect.
\nIf you update the cluster with an empty string \"\" for the namespace name,\n\t\t\tthe cluster configuration for Service Connect is removed. Note that the namespace will\n\t\t\tremain in Cloud Map and must be deleted separately.
For more information about Cloud Map, see Working\n\t\t\t\twith Services in the Cloud Map Developer Guide.
", + "smithy.api#documentation": "The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace that's used when you create a service and don't specify\n\t\t\ta Service Connect configuration. The namespace name can include up to 1024 characters.\n\t\t\tThe name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than\n\t\t\t(>), less than (<), or slash (/).
\nIf you enter an existing namespace name or ARN, then that namespace will be used.\n\t\t\tAny namespace type is supported. The namespace must be in this account and this Amazon Web Services\n\t\t\tRegion.
\nIf you enter a new name, a Cloud Map namespace will be created. Amazon ECS creates a\n\t\t\tCloud Map namespace with the \"API calls\" method of instance discovery only. This instance\n\t\t\tdiscovery method is the \"HTTP\" namespace type in the Command Line Interface. Other types of instance\n\t\t\tdiscovery aren't used by Service Connect.
\nIf you update the cluster with an empty string \"\" for the namespace name,\n\t\t\tthe cluster configuration for Service Connect is removed. Note that the namespace will\n\t\t\tremain in Cloud Map and must be deleted separately.
For more information about Cloud Map, see Working with Services\n\t\t\tin the Cloud Map Developer Guide.
", "smithy.api#required": {} } } @@ -1994,7 +2036,7 @@ "value": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The value to set for the cluster setting. The supported values are enabled and\n\t\t\t\tdisabled.
If you set name to containerInsights and value\n\t\t\tto enabled, CloudWatch Container Insights will be on for the cluster, otherwise\n\t\t\tit will be off unless the containerInsights account setting is turned on.\n\t\t\tIf a cluster value is specified, it will override the containerInsights\n\t\t\tvalue set with PutAccountSetting or PutAccountSettingDefault.
The value to set for the cluster setting. The supported values are\n\t\t\t\tenabled and disabled.
If you set name to containerInsights and value\n\t\t\tto enabled, CloudWatch Container Insights will be on for the cluster, otherwise\n\t\t\tit will be off unless the containerInsights account setting is turned on.\n\t\t\tIf a cluster value is specified, it will override the containerInsights\n\t\t\tvalue set with PutAccountSetting or PutAccountSettingDefault.
The existing task ARNs which are already associated with the clientToken.
The existing task ARNs which are already associated with the\n\t\t\t\tclientToken.
Message that describes the cause of the exception.
" + } } }, "traits": { - "smithy.api#documentation": "The RunTask request could not be processed due to conflicts. The provided\n\t\t\t\tclientToken is already in use with a different RunTask\n\t\t\trequest. The resourceIds are the existing task ARNs which are already\n\t\t\tassociated with the clientToken.
To fix this issue:
\nRun RunTask with a unique\n\t\t\t\tclientToken.
Run RunTask with the clientToken and the original set of\n\t\t\t\t\tparameters
The RunTask request could not be processed due to conflicts. The provided\n\t\t\t\tclientToken is already in use with a different RunTask\n\t\t\trequest. The resourceIds are the existing task ARNs which are already\n\t\t\tassociated with the clientToken.
To fix this issue:
\nRun RunTask with a unique clientToken.
Run RunTask with the clientToken and the original\n\t\t\t\t\tset of parameters
When this parameter is true, networking is off within the container. This parameter maps to\n\t\t\t\tNetworkDisabled in the Create a container section of\n\t\t\tthe Docker Remote API.
This parameter is not supported for Windows containers.
\nWhen this parameter is true, networking is off within the container. This parameter\n\t\t\tmaps to NetworkDisabled in the Create a container section\n\t\t\tof the Docker Remote API.
This parameter is not supported for Windows containers.
\nA list of strings to provide custom configuration for multiple\n\t\t\tsecurity systems. For more information about valid values, see Docker Run Security Configuration. This field isn't valid\n\t\t\tfor containers in tasks using the Fargate launch\n\t\t\ttype.
\nFor Linux tasks on EC2, this parameter can be used to reference custom\n\t\t\tlabels for SELinux and AppArmor multi-level security systems.
\nFor any tasks on EC2, this parameter can be used to reference a\n\t\t\tcredential spec file that configures a container for Active Directory\n\t\t\tauthentication. For more\n\t\t\tinformation, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\t\tContainers in the Amazon Elastic Container Service Developer Guide.
\nThis parameter maps to SecurityOpt in the\n\t\t\tCreate a container section of the Docker Remote API and the\n\t\t\t\t--security-opt option to docker\n\t\t\t\trun.
The Amazon ECS container agent running on a container instance must register with the\n\t\t\t\t\tECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true\n\t\t\t\tenvironment variables before containers placed on that instance can use these\n\t\t\t\tsecurity options. For more information, see Amazon ECS Container\n\t\t\t\t\tAgent Configuration in the Amazon Elastic Container Service Developer Guide.
For more information about valid values, see Docker\n\t\t\t\tRun Security Configuration.
\nValid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" |\n\t\t\t\"credentialspec:CredentialSpecFilePath\"
" + "smithy.api#documentation": "A list of strings to provide custom configuration for multiple security systems. For\n\t\t\tmore information about valid values, see Docker\n\t\t\t\tRun Security Configuration. This field isn't valid for containers in tasks\n\t\t\tusing the Fargate launch type.
\nFor Linux tasks on EC2, this parameter can be used to reference custom\n\t\t\tlabels for SELinux and AppArmor multi-level security systems.
\nFor any tasks on EC2, this parameter can be used to reference a\n\t\t\tcredential spec file that configures a container for Active Directory authentication.\n\t\t\tFor more information, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\tContainers in the Amazon Elastic Container Service Developer Guide.
\nThis parameter maps to SecurityOpt in the\n\t\t\tCreate a container section of the Docker Remote API and the\n\t\t\t\t--security-opt option to docker\n\t\t\t\trun.
The Amazon ECS container agent running on a container instance must register with the\n\t\t\t\t\tECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true\n\t\t\t\tenvironment variables before containers placed on that instance can use these\n\t\t\t\tsecurity options. For more information, see Amazon ECS Container\n\t\t\t\t\tAgent Configuration in the Amazon Elastic Container Service Developer Guide.
For more information about valid values, see Docker\n\t\t\t\tRun Security Configuration.
\nValid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" |\n\t\t\t\"credentialspec:CredentialSpecFilePath\"
" } }, "interactive": { @@ -2433,7 +2478,7 @@ "ulimits": { "target": "com.amazonaws.ecs#UlimitList", "traits": { - "smithy.api#documentation": "A list of ulimits to set in the container. If a ulimit value\n\t\t\tis specified in a task definition, it overrides the default values set by Docker. This\n\t\t\tparameter maps to Ulimits in the Create a container section\n\t\t\tof the Docker Remote API and the --ulimit option to docker run. Valid naming values are displayed\n\t\t\tin the Ulimit data type.
Amazon ECS tasks hosted on Fargate use the default\n\t\t\t\t\t\t\tresource limit values set by the operating system with the exception of\n\t\t\t\t\t\t\tthe nofile resource limit parameter which Fargate\n\t\t\t\t\t\t\toverrides. The nofile resource limit sets a restriction on\n\t\t\t\t\t\t\tthe number of open files that a container can use. The default\n\t\t\t\t\t\t\t\tnofile soft limit is 1024 and the default hard limit\n\t\t\t\t\t\t\tis 4096.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
This parameter is not supported for Windows containers.
\nA list of ulimits to set in the container. If a ulimit value\n\t\t\tis specified in a task definition, it overrides the default values set by Docker. This\n\t\t\tparameter maps to Ulimits in the Create a container section\n\t\t\tof the Docker Remote API and the --ulimit option to docker run. Valid naming values are displayed\n\t\t\tin the Ulimit data type.
Amazon ECS tasks hosted on Fargate use the default\n\t\t\t\t\t\t\tresource limit values set by the operating system with the exception of\n\t\t\t\t\t\t\tthe nofile resource limit parameter which Fargate\n\t\t\t\t\t\t\toverrides. The nofile resource limit sets a restriction on\n\t\t\t\t\t\t\tthe number of open files that a container can use. The default\n\t\t\t\t\t\t\t\tnofile soft limit is 1024 and the default hard limit\n\t\t\t\t\t\t\tis 65535.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'\n
This parameter is not supported for Windows containers.
\nA list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl option to docker run. For example, you can\n\t\t\tconfigure net.ipv4.tcp_keepalive_time setting to maintain\n\t\t\tlonger lived connections.
We don't recommended that you specify network-related systemControls\n\t\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\t\tawsvpc or host network modes. For tasks that use the\n\t\t\t\t\tawsvpc network mode, the container that's started last determines\n\t\t\t\twhich systemControls parameters take effect. For tasks that use the\n\t\t\t\t\thost network mode, it changes the container instance's namespaced\n\t\t\t\tkernel parameters as well as the containers.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl option to docker run. For example, you can configure\n\t\t\t\tnet.ipv4.tcp_keepalive_time setting to maintain longer lived\n\t\t\tconnections.
A list of ARNs in SSM or Amazon S3 to a credential spec\n\t\t\t\t(CredSpec) file that configures the container for Active Directory\n\t\t\tauthentication. We recommend that you use this parameter instead of the\n\t\t\t\tdockerSecurityOptions. The maximum number of ARNs is\n\t\t\t1.
There are two formats for each ARN.
\nYou use credentialspecdomainless:MyARN to provide a\n\t\t\t\t\t\t\tCredSpec with an additional section for a secret in Secrets Manager.\n\t\t\t\t\t\tYou provide the login credentials to the domain in the secret.
Each task that runs on any container instance can join different\n\t\t\t\t\t\tdomains.
\nYou can use this format without joining the container instance to a\n\t\t\t\t\t\tdomain.
\nYou use credentialspec:MyARN to provide a\n\t\t\t\t\t\t\tCredSpec for a single domain.
You must join the container instance to the domain before you start any\n\t\t\t\t\t\ttasks that use this task definition.
\nIn both formats, replace MyARN with the ARN in\n\t\t\tSSM or Amazon S3.
If you provide a credentialspecdomainless:MyARN, the\n\t\t\t\tcredspec must provide a ARN in Secrets Manager for a secret containing the\n\t\t\tusername, password, and the domain to connect to. For better security, the instance\n\t\t\tisn't joined to the domain for domainless authentication. Other applications on the\n\t\t\tinstance can't use the domainless credentials. You can use this parameter to run tasks\n\t\t\ton the same instance, even it the tasks need to join different domains. For more\n\t\t\tinformation, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\tContainers.
A list of ARNs in SSM or Amazon S3 to a credential spec (CredSpec) file that\n\t\t\tconfigures the container for Active Directory authentication. We recommend that you use\n\t\t\tthis parameter instead of the dockerSecurityOptions. The maximum number of\n\t\t\tARNs is 1.
There are two formats for each ARN.
\nYou use credentialspecdomainless:MyARN to provide a\n\t\t\t\t\t\t\tCredSpec with an additional section for a secret in Secrets Manager.\n\t\t\t\t\t\tYou provide the login credentials to the domain in the secret.
Each task that runs on any container instance can join different\n\t\t\t\t\t\tdomains.
\nYou can use this format without joining the container instance to a\n\t\t\t\t\t\tdomain.
\nYou use credentialspec:MyARN to provide a\n\t\t\t\t\t\t\tCredSpec for a single domain.
You must join the container instance to the domain before you start any\n\t\t\t\t\t\ttasks that use this task definition.
\nIn both formats, replace MyARN with the ARN in SSM or Amazon S3.
If you provide a credentialspecdomainless:MyARN, the\n\t\t\t\tcredspec must provide a ARN in Secrets Manager for a secret containing the\n\t\t\tusername, password, and the domain to connect to. For better security, the instance\n\t\t\tisn't joined to the domain for domainless authentication. Other applications on the\n\t\t\tinstance can't use the domainless credentials. You can use this parameter to run tasks\n\t\t\ton the same instance, even it the tasks need to join different domains. For more\n\t\t\tinformation, see Using gMSAs for Windows\n\t\t\t\tContainers and Using gMSAs for Linux\n\t\t\t\tContainers.
The dependencies defined for container startup and shutdown. A container can contain\n\t\t\tmultiple dependencies. When a dependency is defined for container startup, for container\n\t\t\tshutdown it is reversed.
\nYour Amazon ECS container instances require at least version 1.26.0 of the container agent\n\t\t\tto use container dependencies. However, we recommend using the latest container agent\n\t\t\tversion. For information about checking your agent version and updating to the latest\n\t\t\tversion, see Updating the Amazon ECS\n\t\t\t\tContainer Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI,\n\t\t\tyour instance needs at least version 1.26.0-1 of the ecs-init package. If\n\t\t\tyour container instances are launched from version 20190301 or later, then\n\t\t\tthey contain the required versions of the container agent and ecs-init. For\n\t\t\tmore information, see Amazon ECS-optimized Linux AMI\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
For tasks that use the Fargate launch type, the task or service\n\t\t\t\trequires the following platforms:
\nLinux platform version 1.3.0 or later.
Windows platform version 1.0.0 or later.
The dependencies defined for container startup and shutdown. A container can contain\n\t\t\tmultiple dependencies. When a dependency is defined for container startup, for container\n\t\t\tshutdown it is reversed.
\nYour Amazon ECS container instances require at least version 1.26.0 of the container agent\n\t\t\tto use container dependencies. However, we recommend using the latest container agent\n\t\t\tversion. For information about checking your agent version and updating to the latest\n\t\t\tversion, see Updating the Amazon ECS\n\t\t\t\tContainer Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI,\n\t\t\tyour instance needs at least version 1.26.0-1 of the ecs-init package. If\n\t\t\tyour container instances are launched from version 20190301 or later, then\n\t\t\tthey contain the required versions of the container agent and ecs-init. For\n\t\t\tmore information, see Amazon ECS-optimized Linux AMI\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
For tasks that use the Fargate launch type, the task or service\n\t\t\t\trequires the following platforms:
\nLinux platform version 1.3.0 or later.
Windows platform version 1.0.0 or later.
For more information about how to create a container dependency, see Container dependency in the Amazon Elastic Container Service Developer Guide.
" } }, "com.amazonaws.ecs#ContainerInstance": { @@ -2580,7 +2625,7 @@ "target": "com.amazonaws.ecs#Integer", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "The number of tasks on the container instance that have a desired status (desiredStatus) of RUNNING.
The number of tasks on the container instance that have a desired status\n\t\t\t\t(desiredStatus) of RUNNING.
The overrides that are sent to a container. An empty container override can be passed\n\t\t\tin. An example of an empty container override is {\"containerOverrides\": [ ]\n\t\t\t\t}. If a non-empty container override is specified, the name\n\t\t\tparameter must be included.
You can use Secrets Manager or Amazon Web Services Systems Manager Parameter Store to store the sensitive\n\t\t\tdata. For more information, see Retrieve secrets through environment variables in the Amazon ECS Developer Guide.
" + "smithy.api#documentation": "The overrides that are sent to a container. An empty container override can be passed\n\t\t\tin. An example of an empty container override is {\"containerOverrides\": [ ]\n\t\t\t\t}. If a non-empty container override is specified, the name\n\t\t\tparameter must be included.
You can use Secrets Manager or Amazon Web Services Systems Manager Parameter Store to store the\n\t\t\tsensitive data. For more information, see Retrieve secrets through\n\t\t\t\tenvironment variables in the Amazon ECS Developer Guide.
" } }, "com.amazonaws.ecs#ContainerOverrides": { @@ -2933,7 +2978,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a new Amazon ECS cluster. By default, your account receives a default\n\t\t\tcluster when you launch your first container instance. However, you can create your own\n\t\t\tcluster with a unique name with the CreateCluster action.
When you call the CreateCluster API operation, Amazon ECS attempts to\n\t\t\t\tcreate the Amazon ECS service-linked role for your account. This is so that it can manage\n\t\t\t\trequired resources in other Amazon Web Services services on your behalf. However, if the user\n\t\t\t\tthat makes the call doesn't have permissions to create the service-linked role, it\n\t\t\t\tisn't created. For more information, see Using\n\t\t\t\t\tservice-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
\nCreates a new Amazon ECS cluster. By default, your account receives a default\n\t\t\tcluster when you launch your first container instance. However, you can create your own\n\t\t\tcluster with a unique name with the CreateCluster action.
When you call the CreateCluster API operation, Amazon ECS attempts to\n\t\t\t\tcreate the Amazon ECS service-linked role for your account. This is so that it can manage\n\t\t\t\trequired resources in other Amazon Web Services services on your behalf. However, if the user that\n\t\t\t\tmakes the call doesn't have permissions to create the service-linked role, it isn't\n\t\t\t\tcreated. For more information, see Using\n\t\t\t\t\tservice-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
\nThe short name of one or more capacity providers to associate with the cluster. A\n\t\t\tcapacity provider must be associated with a cluster before it can be included as part of\n\t\t\tthe default capacity provider strategy of the cluster or used in a capacity provider\n\t\t\tstrategy when calling the CreateService or RunTask\n\t\t\tactions.
\nIf specifying a capacity provider that uses an Auto Scaling group, the capacity\n\t\t\tprovider must be created but not associated with another cluster. New Auto Scaling group\n\t\t\tcapacity providers can be created with the CreateCapacityProvider API\n\t\t\toperation.
\nTo use a Fargate capacity provider, specify either the FARGATE or\n\t\t\t\tFARGATE_SPOT capacity providers. The Fargate capacity providers are\n\t\t\tavailable to all accounts and only need to be associated with a cluster to be\n\t\t\tused.
The PutCapacityProvider API operation is used to update the\n\t\t\tlist of available capacity providers for a cluster after the cluster is created.
" + "smithy.api#documentation": "The short name of one or more capacity providers to associate with the cluster. A\n\t\t\tcapacity provider must be associated with a cluster before it can be included as part of\n\t\t\tthe default capacity provider strategy of the cluster or used in a capacity provider\n\t\t\tstrategy when calling the CreateService or\n\t\t\t\tRunTask actions.
\nIf specifying a capacity provider that uses an Auto Scaling group, the capacity\n\t\t\tprovider must be created but not associated with another cluster. New Auto Scaling group\n\t\t\tcapacity providers can be created with the CreateCapacityProvider API operation.
\nTo use a Fargate capacity provider, specify either the FARGATE or\n\t\t\t\tFARGATE_SPOT capacity providers. The Fargate capacity providers are\n\t\t\tavailable to all accounts and only need to be associated with a cluster to be\n\t\t\tused.
The PutCapacityProvider API operation is used to update the list of available\n\t\t\tcapacity providers for a cluster after the cluster is created.
" } }, "defaultCapacityProviderStrategy": { "target": "com.amazonaws.ecs#CapacityProviderStrategy", "traits": { - "smithy.api#documentation": "The capacity provider strategy to set as the default for the cluster. After a default\n\t\t\tcapacity provider strategy is set for a cluster, when you call the CreateService or RunTask APIs with no capacity\n\t\t\tprovider strategy or launch type specified, the default capacity provider strategy for\n\t\t\tthe cluster is used.
\nIf a default capacity provider strategy isn't defined for a cluster when it was\n\t\t\tcreated, it can be defined later with the PutClusterCapacityProviders\n\t\t\tAPI operation.
" + "smithy.api#documentation": "The capacity provider strategy to set as the default for the cluster. After a default\n\t\t\tcapacity provider strategy is set for a cluster, when you call the CreateService or RunTask APIs with no\n\t\t\tcapacity provider strategy or launch type specified, the default capacity provider\n\t\t\tstrategy for the cluster is used.
\nIf a default capacity provider strategy isn't defined for a cluster when it was\n\t\t\tcreated, it can be defined later with the PutClusterCapacityProviders\n\t\t\tAPI operation.
" } }, "serviceConnectDefaults": { @@ -3058,7 +3103,7 @@ } ], "traits": { - "smithy.api#documentation": "Runs and maintains your desired number of tasks from a specified task definition. If\n\t\t\tthe number of tasks running in a service drops below the desiredCount,\n\t\t\tAmazon ECS runs another copy of the task in the specified cluster. To update an existing\n\t\t\tservice, see the UpdateService action.
Starting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
\nIn addition to maintaining the desired count of tasks in your service, you can\n\t\t\toptionally run your service behind one or more load balancers. The load balancers\n\t\t\tdistribute traffic across the tasks that are associated with the service. For more\n\t\t\tinformation, see Service load balancing in the Amazon Elastic Container Service Developer Guide.
\nTasks for services that don't use a load balancer are considered healthy if they're in\n\t\t\tthe RUNNING state. Tasks for services that use a load balancer are\n\t\t\tconsidered healthy if they're in the RUNNING state and are reported as\n\t\t\thealthy by the load balancer.
There are two service scheduler strategies available:
\n\n REPLICA - The replica scheduling strategy places and\n\t\t\t\t\tmaintains your desired number of tasks across your cluster. By default, the\n\t\t\t\t\tservice scheduler spreads tasks across Availability Zones. You can use task\n\t\t\t\t\tplacement strategies and constraints to customize task placement decisions. For\n\t\t\t\t\tmore information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
\n DAEMON - The daemon scheduling strategy deploys exactly one\n\t\t\t\t\ttask on each active container instance that meets all of the task placement\n\t\t\t\t\tconstraints that you specify in your cluster. The service scheduler also\n\t\t\t\t\tevaluates the task placement constraints for running tasks. It also stops tasks\n\t\t\t\t\tthat don't meet the placement constraints. When using this strategy, you don't\n\t\t\t\t\tneed to specify a desired number of tasks, a task placement strategy, or use\n\t\t\t\t\tService Auto Scaling policies. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
You can optionally specify a deployment configuration for your service. The deployment\n\t\t\tis initiated by changing properties. For example, the deployment might be initiated by\n\t\t\tthe task definition or by your desired count of a service. This is done with an UpdateService operation. The default value for a replica service for\n\t\t\t\tminimumHealthyPercent is 100%. The default value for a daemon service\n\t\t\tfor minimumHealthyPercent is 0%.
If a service uses the ECS deployment controller, the minimum healthy\n\t\t\tpercent represents a lower limit on the number of tasks in a service that must remain in\n\t\t\tthe RUNNING state during a deployment. Specifically, it represents it as a\n\t\t\tpercentage of your desired number of tasks (rounded up to the nearest integer). This\n\t\t\thappens when any of your container instances are in the DRAINING state if\n\t\t\tthe service contains tasks using the EC2 launch type. Using this\n\t\t\tparameter, you can deploy without using additional cluster capacity. For example, if you\n\t\t\tset your service to have desired number of four tasks and a minimum healthy percent of\n\t\t\t50%, the scheduler might stop two existing tasks to free up cluster capacity before\n\t\t\tstarting two new tasks. If they're in the RUNNING state, tasks for services\n\t\t\tthat don't use a load balancer are considered healthy . If they're in the\n\t\t\t\tRUNNING state and reported as healthy by the load balancer, tasks for\n\t\t\tservices that do use a load balancer are considered healthy . The\n\t\t\tdefault value for minimum healthy percent is 100%.
If a service uses the ECS deployment controller, the maximum percent parameter represents an upper limit on the\n\t\t\tnumber of tasks in a service that are allowed in the RUNNING or\n\t\t\t\tPENDING state during a deployment. Specifically, it represents it as a\n\t\t\tpercentage of the desired number of tasks (rounded down to the nearest integer). This\n\t\t\thappens when any of your container instances are in the DRAINING state if\n\t\t\tthe service contains tasks using the EC2 launch type. Using this\n\t\t\tparameter, you can define the deployment batch size. For example, if your service has a\n\t\t\tdesired number of four tasks and a maximum percent value of 200%, the scheduler may\n\t\t\tstart four new tasks before stopping the four older tasks (provided that the cluster\n\t\t\tresources required to do this are available). The default value for maximum percent is\n\t\t\t200%.
If a service uses either the CODE_DEPLOY or EXTERNAL\n\t\t\tdeployment controller types and tasks that use the EC2 launch type, the\n\t\t\t\tminimum healthy percent and maximum percent values are used only to define the lower and upper limit\n\t\t\ton the number of the tasks in the service that remain in the RUNNING state.\n\t\t\tThis is while the container instances are in the DRAINING state. If the\n\t\t\ttasks in the service use the Fargate launch type, the minimum healthy\n\t\t\tpercent and maximum percent values aren't used. This is the case even if they're\n\t\t\tcurrently visible when describing your service.
When creating a service that uses the EXTERNAL deployment controller, you\n\t\t\tcan specify only parameters that aren't controlled at the task set level. The only\n\t\t\trequired parameter is the service name. You control your services using the CreateTaskSet operation. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
When the service scheduler launches new tasks, it determines task placement. For\n\t\t\tinformation about task placement and task placement strategies, see Amazon ECS\n\t\t\t\ttask placement in the Amazon Elastic Container Service Developer Guide.
", + "smithy.api#documentation": "Runs and maintains your desired number of tasks from a specified task definition. If\n\t\t\tthe number of tasks running in a service drops below the desiredCount,\n\t\t\tAmazon ECS runs another copy of the task in the specified cluster. To update an existing\n\t\t\tservice, see the UpdateService action.
On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.
\nIn addition to maintaining the desired count of tasks in your service, you can\n\t\t\toptionally run your service behind one or more load balancers. The load balancers\n\t\t\tdistribute traffic across the tasks that are associated with the service. For more\n\t\t\tinformation, see Service load balancing in the Amazon Elastic Container Service Developer Guide.
\nYou can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or\n\t\t\tupdating a service. volumeConfigurations is only supported for REPLICA\n\t\t\tservice and not DAEMON service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.
Tasks for services that don't use a load balancer are considered healthy if they're in\n\t\t\tthe RUNNING state. Tasks for services that use a load balancer are\n\t\t\tconsidered healthy if they're in the RUNNING state and are reported as\n\t\t\thealthy by the load balancer.
There are two service scheduler strategies available:
\n\n REPLICA - The replica scheduling strategy places and\n\t\t\t\t\tmaintains your desired number of tasks across your cluster. By default, the\n\t\t\t\t\tservice scheduler spreads tasks across Availability Zones. You can use task\n\t\t\t\t\tplacement strategies and constraints to customize task placement decisions. For\n\t\t\t\t\tmore information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
\n DAEMON - The daemon scheduling strategy deploys exactly one\n\t\t\t\t\ttask on each active container instance that meets all of the task placement\n\t\t\t\t\tconstraints that you specify in your cluster. The service scheduler also\n\t\t\t\t\tevaluates the task placement constraints for running tasks. It also stops tasks\n\t\t\t\t\tthat don't meet the placement constraints. When using this strategy, you don't\n\t\t\t\t\tneed to specify a desired number of tasks, a task placement strategy, or use\n\t\t\t\t\tService Auto Scaling policies. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
You can optionally specify a deployment configuration for your service. The deployment\n\t\t\tis initiated by changing properties. For example, the deployment might be initiated by\n\t\t\tthe task definition or by your desired count of a service. This is done with an UpdateService operation. The default value for a replica service for\n\t\t\t\tminimumHealthyPercent is 100%. The default value for a daemon service\n\t\t\tfor minimumHealthyPercent is 0%.
If a service uses the ECS deployment controller, the minimum healthy\n\t\t\tpercent represents a lower limit on the number of tasks in a service that must remain in\n\t\t\tthe RUNNING state during a deployment. Specifically, it represents it as a\n\t\t\tpercentage of your desired number of tasks (rounded up to the nearest integer). This\n\t\t\thappens when any of your container instances are in the DRAINING state if\n\t\t\tthe service contains tasks using the EC2 launch type. Using this\n\t\t\tparameter, you can deploy without using additional cluster capacity. For example, if you\n\t\t\tset your service to have desired number of four tasks and a minimum healthy percent of\n\t\t\t50%, the scheduler might stop two existing tasks to free up cluster capacity before\n\t\t\tstarting two new tasks. If they're in the RUNNING state, tasks for services\n\t\t\tthat don't use a load balancer are considered healthy . If they're in the\n\t\t\t\tRUNNING state and reported as healthy by the load balancer, tasks for\n\t\t\tservices that do use a load balancer are considered healthy . The\n\t\t\tdefault value for minimum healthy percent is 100%.
If a service uses the ECS deployment controller, the maximum percent parameter represents an upper limit on the\n\t\t\tnumber of tasks in a service that are allowed in the RUNNING or\n\t\t\t\tPENDING state during a deployment. Specifically, it represents it as a\n\t\t\tpercentage of the desired number of tasks (rounded down to the nearest integer). This\n\t\t\thappens when any of your container instances are in the DRAINING state if\n\t\t\tthe service contains tasks using the EC2 launch type. Using this\n\t\t\tparameter, you can define the deployment batch size. For example, if your service has a\n\t\t\tdesired number of four tasks and a maximum percent value of 200%, the scheduler may\n\t\t\tstart four new tasks before stopping the four older tasks (provided that the cluster\n\t\t\tresources required to do this are available). The default value for maximum percent is\n\t\t\t200%.
If a service uses either the CODE_DEPLOY or EXTERNAL\n\t\t\tdeployment controller types and tasks that use the EC2 launch type, the\n\t\t\t\tminimum healthy percent and maximum percent values are used only to define the lower and upper limit\n\t\t\ton the number of the tasks in the service that remain in the RUNNING state.\n\t\t\tThis is while the container instances are in the DRAINING state. If the\n\t\t\ttasks in the service use the Fargate launch type, the minimum healthy\n\t\t\tpercent and maximum percent values aren't used. This is the case even if they're\n\t\t\tcurrently visible when describing your service.
When creating a service that uses the EXTERNAL deployment controller, you\n\t\t\tcan specify only parameters that aren't controlled at the task set level. The only\n\t\t\trequired parameter is the service name. You control your services using the CreateTaskSet operation. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
When the service scheduler launches new tasks, it determines task placement. For information\n\t\t\tabout task placement and task placement strategies, see Amazon ECS\n\t\t\t\ttask placement in the Amazon Elastic Container Service Developer Guide\n
\nStarting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
", "smithy.api#examples": [ { "title": "To create a new service", @@ -3109,6 +3154,61 @@ "taskDefinition": "arn:aws:ecs:us-east-1:012345678910:task-definition/default/hello_world:6" } } + }, + { + "title": "To create a new service behind a load balancer", + "documentation": "This example creates a service in your default region called ``ecs-simple-service-elb``. The service uses the ``ecs-demo`` task definition and it maintains 10 copies of that task. You must reference an existing load balancer in the same region by its name.", + "input": { + "loadBalancers": [ + { + "containerName": "simple-app", + "containerPort": 80, + "loadBalancerName": "EC2Contai-EcsElast-15DCDAURT3ZO2" + } + ], + "serviceName": "ecs-simple-service-elb", + "role": "ecsServiceRole", + "taskDefinition": "console-sample-app-static", + "desiredCount": 10 + }, + "output": { + "service": { + "clusterArn": "arn:aws:ecs:us-east-1:012345678910:cluster/default", + "createdAt": "2016-08-29T16:02:54.884Z", + "deploymentConfiguration": { + "maximumPercent": 200, + "minimumHealthyPercent": 100 + }, + "deployments": [ + { + "createdAt": "2016-08-29T16:02:54.884Z", + "desiredCount": 10, + "id": "ecs-svc/9223370564343000923", + "pendingCount": 0, + "runningCount": 0, + "status": "PRIMARY", + "taskDefinition": "arn:aws:ecs:us-east-1:012345678910:task-definition/console-sample-app-static:6", + "updatedAt": "2016-08-29T16:02:54.884Z" + } + ], + "desiredCount": 10, + "events": [], + "loadBalancers": [ + { + "containerName": "simple-app", + "containerPort": 80, + "loadBalancerName": "EC2Contai-EcsElast-15DCDAURT3ZO2" + } + ], + "pendingCount": 0, + "roleArn": "arn:aws:iam::012345678910:role/ecsServiceRole", + "runningCount": 0, + "serviceArn": "arn:aws:ecs:us-east-1:012345678910:service/default/ecs-simple-service-elb", + "serviceName": "ecs-simple-service-elb", + "status": "ACTIVE", + "taskDefinition": "arn:aws:ecs:us-east-1:012345678910:task-definition/default/console-sample-app-static:6" + } + } } ] } @@ -3132,7 +3232,7 @@ "taskDefinition": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The family and revision (family:revision) or\n\t\t\tfull ARN of the task definition to run in your service. If a revision\n\t\t\tisn't specified, the latest ACTIVE revision is used.
A task definition must be specified if the service uses either the ECS or\n\t\t\t\tCODE_DEPLOY deployment controllers.
For more information about deployment types, see Amazon ECS deployment types.
" + "smithy.api#documentation": "The family and revision (family:revision) or\n\t\t\tfull ARN of the task definition to run in your service. If a revision\n\t\t\tisn't specified, the latest ACTIVE revision is used.
A task definition must be specified if the service uses either the ECS or\n\t\t\t\tCODE_DEPLOY deployment controllers.
For more information about deployment types, see Amazon ECS deployment\n\t\t\t\ttypes.
" } }, "loadBalancers": { @@ -3150,7 +3250,7 @@ "desiredCount": { "target": "com.amazonaws.ecs#BoxedInteger", "traits": { - "smithy.api#documentation": "The number of instantiations of the specified task definition to place and keep running in your service.
\nThis is required if schedulingStrategy is REPLICA or isn't\n\t\t\tspecified. If schedulingStrategy is DAEMON then this isn't\n\t\t\trequired.
The number of instantiations of the specified task definition to place and keep\n\t\t\trunning in your service.
\nThis is required if schedulingStrategy is REPLICA or isn't\n\t\t\tspecified. If schedulingStrategy is DAEMON then this isn't\n\t\t\trequired.
The infrastructure that you run your service on. For more information, see Amazon ECS\n\t\t\t\tlaunch types in the Amazon Elastic Container Service Developer Guide.
\nThe FARGATE launch type runs your tasks on Fargate On-Demand\n\t\t\tinfrastructure.
Fargate Spot infrastructure is available for use but a capacity provider\n\t\t\t\tstrategy must be used. For more information, see Fargate capacity providers in the\n\t\t\t\t\tAmazon ECS User Guide for Fargate.
\nThe EC2 launch type runs your tasks on Amazon EC2 instances registered to your\n\t\t\tcluster.
The EXTERNAL launch type runs your tasks on your on-premises server or\n\t\t\tvirtual machine (VM) capacity registered to your cluster.
A service can use either a launch type or a capacity provider strategy. If a\n\t\t\t\tlaunchType is specified, the capacityProviderStrategy\n\t\t\tparameter must be omitted.
The infrastructure that you run your service on. For more information, see Amazon ECS\n\t\t\t\tlaunch types in the Amazon Elastic Container Service Developer Guide.
\nThe FARGATE launch type runs your tasks on Fargate On-Demand\n\t\t\tinfrastructure.
Fargate Spot infrastructure is available for use but a capacity provider\n\t\t\t\tstrategy must be used. For more information, see Fargate capacity providers in the\n\t\t\t\t\tAmazon ECS Developer Guide.
\nThe EC2 launch type runs your tasks on Amazon EC2 instances registered to your\n\t\t\tcluster.
The EXTERNAL launch type runs your tasks on your on-premises server or\n\t\t\tvirtual machine (VM) capacity registered to your cluster.
A service can use either a launch type or a capacity provider strategy. If a\n\t\t\t\tlaunchType is specified, the capacityProviderStrategy\n\t\t\tparameter must be omitted.
The platform version that your tasks in the service are running on. A platform version\n\t\t\tis specified only for tasks using the Fargate launch type. If one isn't\n\t\t\tspecified, the LATEST platform version is used. For more information, see\n\t\t\t\tFargate platform\n\t\t\t\tversions in the Amazon Elastic Container Service Developer Guide.
The platform version that your tasks in the service are running on. A platform version\n\t\t\tis specified only for tasks using the Fargate launch type. If one isn't\n\t\t\tspecified, the LATEST platform version is used. For more information, see\n\t\t\t\tFargate platform versions in the Amazon Elastic Container Service Developer Guide.
The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your\n\t\t\tload balancer on your behalf. This parameter is only permitted if you are using a load\n\t\t\tbalancer with your service and your task definition doesn't use the awsvpc\n\t\t\tnetwork mode. If you specify the role parameter, you must also specify a\n\t\t\tload balancer object with the loadBalancers parameter.
If your account has already created the Amazon ECS service-linked role, that role is\n\t\t\t\tused for your service unless you specify a role here. The service-linked role is\n\t\t\t\trequired if your task definition uses the awsvpc network mode or if the\n\t\t\t\tservice is configured to use service discovery, an external deployment controller,\n\t\t\t\tmultiple target groups, or Elastic Inference accelerators in which case you don't\n\t\t\t\tspecify a role here. For more information, see Using\n\t\t\t\t\tservice-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
If your specified role has a path other than /, then you must either\n\t\t\tspecify the full role ARN (this is recommended) or prefix the role name with the path.\n\t\t\tFor example, if a role with the name bar has a path of /foo/\n\t\t\tthen you would specify /foo/bar as the role name. For more information, see\n\t\t\t\tFriendly names and paths in the IAM User Guide.
The name or full Amazon Resource Name (ARN) of the IAM role that allows Amazon ECS to make calls to your\n\t\t\tload balancer on your behalf. This parameter is only permitted if you are using a load\n\t\t\tbalancer with your service and your task definition doesn't use the awsvpc\n\t\t\tnetwork mode. If you specify the role parameter, you must also specify a\n\t\t\tload balancer object with the loadBalancers parameter.
If your account has already created the Amazon ECS service-linked role, that role is\n\t\t\t\tused for your service unless you specify a role here. The service-linked role is\n\t\t\t\trequired if your task definition uses the awsvpc network mode or if the\n\t\t\t\tservice is configured to use service discovery, an external deployment controller,\n\t\t\t\tmultiple target groups, or Elastic Inference accelerators in which case you don't\n\t\t\t\tspecify a role here. For more information, see Using\n\t\t\t\t\tservice-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
If your specified role has a path other than /, then you must either\n\t\t\tspecify the full role ARN (this is recommended) or prefix the role name with the path.\n\t\t\tFor example, if a role with the name bar has a path of /foo/\n\t\t\tthen you would specify /foo/bar as the role name. For more information, see\n\t\t\t\tFriendly names and paths in the IAM User\n\t\t\tGuide.
The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy\n\t\t\tElastic Load Balancing target health checks after a task has first started. This is only used when your\n\t\t\tservice is configured to use a load balancer. If your service has a load balancer\n\t\t\tdefined and you don't specify a health check grace period value, the default value of\n\t\t\t\t0 is used.
If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in\n\t\t\tthe task definition health check parameters. For more information, see Health\n\t\t\t\tcheck.
If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you\n\t\t\tcan specify a health check grace period of up to\n\t\t\t2,147,483,647\n\t\t\tseconds (about 69 years). During that time, the Amazon ECS service\n\t\t\tscheduler ignores health check status. This grace period can prevent the service\n\t\t\tscheduler from marking tasks as unhealthy and stopping them before they have time to\n\t\t\tcome up.
" + "smithy.api#documentation": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy\n\t\t\tElastic Load Balancing target health checks after a task has first started. This is only used when your\n\t\t\tservice is configured to use a load balancer. If your service has a load balancer\n\t\t\tdefined and you don't specify a health check grace period value, the default value of\n\t\t\t\t0 is used.
If you do not use an Elastic Load Balancing, we recommend that you use the startPeriod in\n\t\t\tthe task definition health check parameters. For more information, see Health\n\t\t\t\tcheck.
If your service's tasks take a while to start and respond to Elastic Load Balancing health checks, you can\n\t\t\tspecify a health check grace period of up to 2,147,483,647 seconds (about 69 years).\n\t\t\tDuring that time, the Amazon ECS service scheduler ignores health check status. This grace\n\t\t\tperiod can prevent the service scheduler from marking tasks as unhealthy and stopping\n\t\t\tthem before they have time to come up.
" } }, "schedulingStrategy": { @@ -3241,7 +3341,7 @@ "propagateTags": { "target": "com.amazonaws.ecs#PropagateTags", "traits": { - "smithy.api#documentation": "Specifies whether to propagate the tags from the task definition to the task. If no\n\t\t\tvalue is specified, the tags aren't propagated. Tags can only be propagated to the task\n\t\t\tduring task creation. To add tags to a task after task creation, use the TagResource API action.
\nThe default is NONE.
Specifies whether to propagate the tags from the task definition to the task. If no\n\t\t\tvalue is specified, the tags aren't propagated. Tags can only be propagated to the task\n\t\t\tduring task creation. To add tags to a task after task creation, use the TagResource API action.
\nYou must set this to a value other than NONE when you use Cost Explorer. For more information, see Amazon ECS usage reports in the Amazon Elastic Container Service Developer Guide.
The default is NONE.
The configuration for this service to discover and connect to\n\tservices, and be discovered by, and connected from, other services within a namespace.
\nTasks that run in a namespace can use short names to connect\n\tto services in the namespace. Tasks can connect to services across all of the clusters in the namespace.\n\tTasks connect through a managed proxy container\n\tthat collects logs and metrics for increased visibility.\n\tOnly the tasks that Amazon ECS services create are supported with Service Connect.\n\tFor more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
" } + }, + "volumeConfigurations": { + "target": "com.amazonaws.ecs#ServiceVolumeConfigurations", + "traits": { + "smithy.api#documentation": "The configuration for a volume specified in the task definition as a volume that is\n\t\t\tconfigured at launch time. Currently, the only supported volume type is an Amazon EBS\n\t\t\tvolume.
" + } } }, "traits": { @@ -3320,7 +3426,7 @@ } ], "traits": { - "smithy.api#documentation": "Create a task set in the specified cluster and service. This is used when a service\n\t\t\tuses the EXTERNAL deployment controller type. For more information, see\n\t\t\t\tAmazon ECS deployment\n\t\t\t\ttypes in the Amazon Elastic Container Service Developer Guide.
Create a task set in the specified cluster and service. This is used when a service\n\t\t\tuses the EXTERNAL deployment controller type. For more information, see\n\t\t\t\tAmazon ECS deployment\n\t\t\t\ttypes in the Amazon Elastic Container Service Developer Guide.
On March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.
\nFor information about the maximum number of task sets and otther quotas, see Amazon ECS\n\t\t\tservice quotas in the Amazon Elastic Container Service Developer Guide.
" } }, "com.amazonaws.ecs#CreateTaskSetRequest": { @@ -3349,7 +3455,7 @@ "taskDefinition": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The task definition for the tasks in the task set to use. If a revision isn't specified, the\n\t\t\tlatest ACTIVE revision is used.
The task definition for the tasks in the task set to use. If a revision isn't\n\t\t\tspecified, the latest ACTIVE revision is used.
Disables an account setting for a specified user, role, or the root user for\n\t\t\tan account.
", + "smithy.api#documentation": "Disables an account setting for a specified user, role, or the root user for an\n\t\t\taccount.
", "smithy.api#examples": [ { "title": "To delete your account setting", @@ -3461,6 +3567,21 @@ "principalArn": "arn:aws:iam::The Amazon Resource Name (ARN) of the principal. It can be an user, role, or\n\t\t\tthe root user. If you specify the root user, it disables the account setting for all users, roles, and the root user of the account unless a user or role explicitly\n\t\t\toverrides these settings. If this field is omitted, the setting is changed only for the\n\t\t\tauthenticated user.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the principal. It can be an user, role, or the\n\t\t\troot user. If you specify the root user, it disables the account setting for all users, roles,\n\t\t\tand the root user of the account unless a user or role explicitly overrides these settings.\n\t\t\tIf this field is omitted, the setting is changed only for the authenticated user.
" } } }, @@ -3800,7 +3921,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes one or more task definitions.
\nYou must deregister a task definition revision before you delete it. For more information,\n\t\t\tsee DeregisterTaskDefinition.
\nWhen you delete a task definition revision, it is immediately transitions from the\n\t\tINACTIVE to DELETE_IN_PROGRESS. Existing tasks and services\n\t\tthat reference a DELETE_IN_PROGRESS task definition revision continue to run\n\t\twithout disruption. Existing services that reference a DELETE_IN_PROGRESS task\n\t\tdefinition revision can still scale up or down by modifying the service's desired\n\t\tcount.
You can't use a DELETE_IN_PROGRESS task definition revision to run new tasks\n\t\t\tor create new services. You also can't update an existing service to reference a\n\t\t\tDELETE_IN_PROGRESS task definition revision.
A task definition revision will stay in DELETE_IN_PROGRESS status until\n\t\t\tall the associated tasks and services have been terminated.
When you delete all INACTIVE task definition revisions, the task definition name is not displayed in the console and not returned in the API. If a task definition revisions are in the DELETE_IN_PROGRESS state, the task definition name is displayed in the console and returned in the API. The task definition name is retained by Amazon ECS and the revision is incremented the next time you create a task definition with that name.
Deletes one or more task definitions.
\nYou must deregister a task definition revision before you delete it. For more\n\t\t\tinformation, see DeregisterTaskDefinition.
\nWhen you delete a task definition revision, it is immediately transitions from the\n\t\t\t\tINACTIVE to DELETE_IN_PROGRESS. Existing tasks and\n\t\t\tservices that reference a DELETE_IN_PROGRESS task definition revision\n\t\t\tcontinue to run without disruption. Existing services that reference a\n\t\t\t\tDELETE_IN_PROGRESS task definition revision can still scale up or down\n\t\t\tby modifying the service's desired count.
You can't use a DELETE_IN_PROGRESS task definition revision to run new\n\t\t\ttasks or create new services. You also can't update an existing service to reference a\n\t\t\t\tDELETE_IN_PROGRESS task definition revision.
A task definition revision will stay in DELETE_IN_PROGRESS status until\n\t\t\tall the associated tasks and services have been terminated.
When you delete all INACTIVE task definition revisions, the task\n\t\t\tdefinition name is not displayed in the console and not returned in the API. If a task\n\t\t\tdefinition revisions are in the DELETE_IN_PROGRESS state, the task\n\t\t\tdefinition name is displayed in the console and returned in the API. The task definition\n\t\t\tname is retained by Amazon ECS and the revision is incremented the next time you create a\n\t\t\ttask definition with that name.
The list of Service Connect resources that are associated with this deployment. Each\n\t\t\tlist entry maps a discovery name to a Cloud Map service name.
" } + }, + "volumeConfigurations": { + "target": "com.amazonaws.ecs#ServiceVolumeConfigurations", + "traits": { + "smithy.api#documentation": "The details of the volume that was configuredAtLaunch. You can configure\n\t\t\tdifferent settings like the size, throughput, volumeType, and ecryption in ServiceManagedEBSVolumeConfiguration. The name of the volume\n\t\t\tmust match the name from the task definition.
The Fargate ephemeral storage settings for the deployment.
" + } } }, "traits": { @@ -4062,7 +4195,7 @@ "target": "com.amazonaws.ecs#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "Determines whether to use the CloudWatch alarm option in the service deployment process.
", + "smithy.api#documentation": "Determines whether to use the CloudWatch alarm option in the service deployment\n\t\t\tprocess.
", "smithy.api#required": {} } }, @@ -4076,7 +4209,7 @@ } }, "traits": { - "smithy.api#documentation": "One of the methods which provide a way for you to quickly identify when a deployment\n\t\t\thas failed, and then to optionally roll back the failure to the last working\n\t\t\tdeployment.
\nWhen the alarms are generated, Amazon ECS sets the service deployment to failed. Set the rollback\n\t\t\tparameter to have Amazon ECS to roll back your service to the last completed deployment\n\t\t\tafter a failure.
\nYou can only use the DeploymentAlarms method to detect failures when the\n\t\t\t\tDeploymentController is set to ECS (rolling\n\t\t\tupdate).
For more information, see Rolling\n\t\t\t\tupdate in the \n Amazon Elastic Container Service Developer Guide\n .
" + "smithy.api#documentation": "One of the methods which provide a way for you to quickly identify when a deployment\n\t\t\thas failed, and then to optionally roll back the failure to the last working\n\t\t\tdeployment.
\nWhen the alarms are generated, Amazon ECS sets the service deployment to failed. Set the\n\t\t\trollback parameter to have Amazon ECS to roll back your service to the last completed\n\t\t\tdeployment after a failure.
\nYou can only use the DeploymentAlarms method to detect failures when the\n\t\t\t\tDeploymentController is set to ECS (rolling\n\t\t\tupdate).
For more information, see Rolling\n\t\t\t\tupdate in the \n Amazon Elastic Container Service Developer Guide\n .
" } }, "com.amazonaws.ecs#DeploymentCircuitBreaker": { @@ -4100,7 +4233,7 @@ } }, "traits": { - "smithy.api#documentation": "The deployment circuit breaker can only be used for services using the rolling\n\t\t\t\tupdate (ECS) deployment type.
The deployment circuit breaker determines whether a\n\t\t\tservice deployment will fail if the service can't reach a steady state. If it is turned on, a\n\t\t\tservice deployment will transition to a failed state and stop launching new tasks. You\n\t\t\tcan also configure Amazon ECS to roll back your service to the last completed deployment\n\t\t\tafter a failure. For more information, see Rolling\n\t\t\t\tupdate in the Amazon Elastic Container Service Developer Guide.
\nFor more information about API failure reasons, see API failure reasons in the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "The deployment circuit breaker can only be used for services using the rolling\n\t\t\t\tupdate (ECS) deployment type.
The deployment circuit breaker determines whether a\n\t\t\tservice deployment will fail if the service can't reach a steady state. If it is turned\n\t\t\ton, a service deployment will transition to a failed state and stop launching new tasks.\n\t\t\tYou can also configure Amazon ECS to roll back your service to the last completed deployment\n\t\t\tafter a failure. For more information, see Rolling\n\t\t\t\tupdate in the Amazon Elastic Container Service Developer Guide.
\nFor more information about API failure reasons, see API failure\n\t\t\t\treasons in the Amazon Elastic Container Service Developer Guide.
" } }, "com.amazonaws.ecs#DeploymentConfiguration": { @@ -4109,7 +4242,7 @@ "deploymentCircuitBreaker": { "target": "com.amazonaws.ecs#DeploymentCircuitBreaker", "traits": { - "smithy.api#documentation": "The deployment circuit breaker can only be used for services using the rolling\n\t\t\t\tupdate (ECS) deployment type.
The deployment circuit breaker determines whether a\n\t\t\tservice deployment will fail if the service can't reach a steady state. If you use the deployment\n\t\t\tcircuit breaker, a service deployment will transition to a failed state and\n\t\t\tstop launching new tasks. If you use the rollback option, when a service deployment fails, the\n\t\t\tservice is rolled back to the last deployment that completed successfully. For more information, see Rolling\n\t\t\t\tupdate in the Amazon Elastic Container Service Developer\n\t\t\t\t\tGuide\n
" + "smithy.api#documentation": "The deployment circuit breaker can only be used for services using the rolling\n\t\t\t\tupdate (ECS) deployment type.
The deployment circuit breaker determines whether a\n\t\t\tservice deployment will fail if the service can't reach a steady state. If you use the\n\t\t\tdeployment circuit breaker, a service deployment will transition to a failed state and\n\t\t\tstop launching new tasks. If you use the rollback option, when a service deployment\n\t\t\tfails, the service is rolled back to the last deployment that completed successfully.\n\t\t\tFor more information, see Rolling\n\t\t\t\tupdate in the Amazon Elastic Container Service Developer\n\t\t\t\tGuide\n
" } }, "maximumPercent": { @@ -4121,7 +4254,7 @@ "minimumHealthyPercent": { "target": "com.amazonaws.ecs#BoxedInteger", "traits": { - "smithy.api#documentation": "If a service is using the rolling update (ECS) deployment type, the\n\t\t\t\tminimumHealthyPercent represents a lower limit on the number of your\n\t\t\tservice's tasks that must remain in the RUNNING state during a deployment,\n\t\t\tas a percentage of the desiredCount (rounded up to the nearest integer).\n\t\t\tThis parameter enables you to deploy without using additional cluster capacity. For\n\t\t\texample, if your service has a desiredCount of four tasks and a\n\t\t\t\tminimumHealthyPercent of 50%, the service scheduler may stop two\n\t\t\texisting tasks to free up cluster capacity before starting two new tasks.
For services that do not use a load balancer, the following\n\t\t\tshould be noted:
\nA service is considered healthy if all essential containers within the tasks\n\t\t\t\t\tin the service pass their health checks.
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for 40 seconds after a task reaches a RUNNING\n\t\t\t\t\tstate before the task is counted towards the minimum healthy percent\n\t\t\t\t\ttotal.
If a task has one or more essential containers with a health check defined,\n\t\t\t\t\tthe service scheduler will wait for the task to reach a healthy status before\n\t\t\t\t\tcounting it towards the minimum healthy percent total. A task is considered\n\t\t\t\t\thealthy when all essential containers within the task have passed their health\n\t\t\t\t\tchecks. The amount of time the service scheduler can wait for is determined by\n\t\t\t\t\tthe container health check settings.
\nFor services are that do use a load balancer, the following\n\t\t\tshould be noted:
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for the load balancer target group health check to return a\n\t\t\t\t\thealthy status before counting the task towards the minimum healthy percent\n\t\t\t\t\ttotal.
\nIf a task has an essential container with a health check defined, the service\n\t\t\t\t\tscheduler will wait for both the task to reach a healthy status and the load\n\t\t\t\t\tbalancer target group health check to return a healthy status before counting\n\t\t\t\t\tthe task towards the minimum healthy percent total.
\nIf a service is using either the blue/green (CODE_DEPLOY) or\n\t\t\t\tEXTERNAL deployment types and is running tasks that use the\n\t\t\tEC2 launch type, the minimum healthy\n\t\t\t\tpercent value is set to the default value and is used to define the lower\n\t\t\tlimit on the number of the tasks in the service that remain in the RUNNING\n\t\t\tstate while the container instances are in the DRAINING state. If a service\n\t\t\tis using either the blue/green (CODE_DEPLOY) or EXTERNAL\n\t\t\tdeployment types and is running tasks that use the Fargate launch type,\n\t\t\tthe minimum healthy percent value is not used, although it is returned when describing\n\t\t\tyour service.
If a service is using the rolling update (ECS) deployment type, the\n\t\t\t\tminimumHealthyPercent represents a lower limit on the number of your\n\t\t\tservice's tasks that must remain in the RUNNING state during a deployment,\n\t\t\tas a percentage of the desiredCount (rounded up to the nearest integer).\n\t\t\tThis parameter enables you to deploy without using additional cluster capacity. For\n\t\t\texample, if your service has a desiredCount of four tasks and a\n\t\t\t\tminimumHealthyPercent of 50%, the service scheduler may stop two\n\t\t\texisting tasks to free up cluster capacity before starting two new tasks.
For services that do not use a load balancer, the following\n\t\t\tshould be noted:
\nA service is considered healthy if all essential containers within the tasks\n\t\t\t\t\tin the service pass their health checks.
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for 40 seconds after a task reaches a RUNNING\n\t\t\t\t\tstate before the task is counted towards the minimum healthy percent\n\t\t\t\t\ttotal.
If a task has one or more essential containers with a health check defined,\n\t\t\t\t\tthe service scheduler will wait for the task to reach a healthy status before\n\t\t\t\t\tcounting it towards the minimum healthy percent total. A task is considered\n\t\t\t\t\thealthy when all essential containers within the task have passed their health\n\t\t\t\t\tchecks. The amount of time the service scheduler can wait for is determined by\n\t\t\t\t\tthe container health check settings.
\nFor services that do use a load balancer, the following should be\n\t\t\tnoted:
\nIf a task has no essential containers with a health check defined, the service\n\t\t\t\t\tscheduler will wait for the load balancer target group health check to return a\n\t\t\t\t\thealthy status before counting the task towards the minimum healthy percent\n\t\t\t\t\ttotal.
\nIf a task has an essential container with a health check defined, the service\n\t\t\t\t\tscheduler will wait for both the task to reach a healthy status and the load\n\t\t\t\t\tbalancer target group health check to return a healthy status before counting\n\t\t\t\t\tthe task towards the minimum healthy percent total.
\nThe default value for a replica service for\n\t\t\tminimumHealthyPercent is 100%. The default\n\t\t\tminimumHealthyPercent value for a service using\n\t\t\tthe DAEMON service schedule is 0% for the CLI,\n\t\t\tthe Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.
The minimum number of healthy tasks during a deployment is the\n\t\t\tdesiredCount multiplied by the\n\t\t\tminimumHealthyPercent/100, rounded up to the\n\t\t\tnearest integer value.
If a service is using either the blue/green (CODE_DEPLOY) or\n\t\t\t\tEXTERNAL deployment types and is running tasks that use the\n\t\t\tEC2 launch type, the minimum healthy\n\t\t\t\tpercent value is set to the default value and is used to define the lower\n\t\t\tlimit on the number of the tasks in the service that remain in the RUNNING\n\t\t\tstate while the container instances are in the DRAINING state. If a service\n\t\t\tis using either the blue/green (CODE_DEPLOY) or EXTERNAL\n\t\t\tdeployment types and is running tasks that use the Fargate launch type,\n\t\t\tthe minimum healthy percent value is not used, although it is returned when describing\n\t\t\tyour service.
Specify an Key Management Service key ID to encrypt the ephemeral storage for deployment.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The amount of ephemeral storage to allocate for the deployment.
" + } + }, "com.amazonaws.ecs#DeploymentRolloutState": { "type": "enum", "members": { @@ -4301,7 +4448,7 @@ } ], "traits": { - "smithy.api#documentation": "Deregisters the specified task definition by family and revision. Upon deregistration, the\n\t\t\ttask definition is marked as INACTIVE. Existing tasks and services that\n\t\t\treference an INACTIVE task definition continue to run without disruption.\n\t\t\tExisting services that reference an INACTIVE task definition can still\n\t\t\tscale up or down by modifying the service's desired count. If you want to delete a task\n\t\t\tdefinition revision, you must first deregister the task definition revision.
You can't use an INACTIVE task definition to run new tasks or create new\n\t\t\tservices, and you can't update an existing service to reference an INACTIVE\n\t\t\ttask definition. However, there may be up to a 10-minute window following deregistration\n\t\t\twhere these restrictions have not yet taken effect.
At this time, INACTIVE task definitions remain discoverable in your\n\t\t\t\taccount indefinitely. However, this behavior is subject to change in the future. We\n\t\t\t\tdon't recommend that you rely on INACTIVE task definitions persisting\n\t\t\t\tbeyond the lifecycle of any associated tasks and services.
You must deregister a task definition revision before you delete it. For more information,\n\t\t\tsee DeleteTaskDefinitions.
" + "smithy.api#documentation": "Deregisters the specified task definition by family and revision. Upon deregistration,\n\t\t\tthe task definition is marked as INACTIVE. Existing tasks and services that\n\t\t\treference an INACTIVE task definition continue to run without disruption.\n\t\t\tExisting services that reference an INACTIVE task definition can still\n\t\t\tscale up or down by modifying the service's desired count. If you want to delete a task\n\t\t\tdefinition revision, you must first deregister the task definition revision.
You can't use an INACTIVE task definition to run new tasks or create new\n\t\t\tservices, and you can't update an existing service to reference an INACTIVE\n\t\t\ttask definition. However, there may be up to a 10-minute window following deregistration\n\t\t\twhere these restrictions have not yet taken effect.
At this time, INACTIVE task definitions remain discoverable in your\n\t\t\t\taccount indefinitely. However, this behavior is subject to change in the future. We\n\t\t\t\tdon't recommend that you rely on INACTIVE task definitions persisting\n\t\t\t\tbeyond the lifecycle of any associated tasks and services.
You must deregister a task definition revision before you delete it. For more\n\t\t\tinformation, see DeleteTaskDefinitions.
" } }, "com.amazonaws.ecs#DeregisterTaskDefinitionRequest": { @@ -5437,19 +5584,84 @@ "smithy.api#default": 0 } }, + "com.amazonaws.ecs#Duration": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 0, + "max": 2147483647 + } + } + }, + "com.amazonaws.ecs#EBSKMSKeyId": { + "type": "string" + }, + "com.amazonaws.ecs#EBSResourceType": { + "type": "enum", + "members": { + "VOLUME": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "volume" + } + } + } + }, + "com.amazonaws.ecs#EBSSnapshotId": { + "type": "string" + }, + "com.amazonaws.ecs#EBSTagSpecification": { + "type": "structure", + "members": { + "resourceType": { + "target": "com.amazonaws.ecs#EBSResourceType", + "traits": { + "smithy.api#documentation": "The type of volume resource.
", + "smithy.api#required": {} + } + }, + "tags": { + "target": "com.amazonaws.ecs#Tags", + "traits": { + "smithy.api#documentation": "The tags applied to this Amazon EBS volume. AmazonECSCreated and\n\t\t\t\tAmazonECSManaged are reserved tags that can't be used.
Determines whether to propagate the tags from the task definition to \u2028the Amazon EBS\n\t\t\tvolume. Tags can only propagate to a SERVICE specified in\n\t\t\t\t\u2028ServiceVolumeConfiguration. If no value is specified, the tags aren't\n\t\t\t\u2028propagated.
The tag specifications of an Amazon EBS volume.
" + } + }, + "com.amazonaws.ecs#EBSTagSpecifications": { + "type": "list", + "member": { + "target": "com.amazonaws.ecs#EBSTagSpecification" + } + }, + "com.amazonaws.ecs#EBSVolumeType": { + "type": "string" + }, + "com.amazonaws.ecs#ECSVolumeName": { + "type": "string" + }, "com.amazonaws.ecs#EFSAuthorizationConfig": { "type": "structure", "members": { "accessPointId": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The Amazon EFS access point ID to use. If an access point is specified, the root directory\n\t\t\tvalue specified in the EFSVolumeConfiguration must either be omitted or set\n\t\t\tto / which will enforce the path set on the EFS access point. If an access\n\t\t\tpoint is used, transit encryption must be on in the\n\t\t\t\tEFSVolumeConfiguration. For more information, see Working with Amazon\n\t\t\t\tEFS access points in the Amazon Elastic File System User Guide.
The Amazon EFS access point ID to use. If an access point is specified, the root directory\n\t\t\tvalue specified in the EFSVolumeConfiguration must either be omitted or set\n\t\t\tto / which will enforce the path set on the EFS access point. If an access\n\t\t\tpoint is used, transit encryption must be on in the EFSVolumeConfiguration.\n\t\t\tFor more information, see Working with Amazon EFS access\n\t\t\t\tpoints in the Amazon Elastic File System User Guide.
Determines whether to use the Amazon ECS task role defined in a task definition when\n\t\t\tmounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on in the\n\t\t\t\tEFSVolumeConfiguration. If this parameter is omitted, the default value\n\t\t\tof DISABLED is used. For more information, see Using\n\t\t\t\tAmazon EFS access points in the Amazon Elastic Container Service Developer Guide.
Determines whether to use the Amazon ECS task role defined in a task definition when\n\t\t\tmounting the Amazon EFS file system. If it is turned on, transit encryption must be turned on\n\t\t\tin the EFSVolumeConfiguration. If this parameter is omitted, the default\n\t\t\tvalue of DISABLED is used. For more information, see Using\n\t\t\t\tAmazon EFS access points in the Amazon Elastic Container Service Developer Guide.
Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host\n\t\t\tand the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization is\n\t\t\tused. If this parameter is omitted, the default value of DISABLED is used.\n\t\t\tFor more information, see Encrypting data in transit in\n\t\t\tthe Amazon Elastic File System User Guide.
Determines whether to use encryption for Amazon EFS data in transit between the Amazon ECS host\n\t\t\tand the Amazon EFS server. Transit encryption must be turned on if Amazon EFS IAM authorization\n\t\t\tis used. If this parameter is omitted, the default value of DISABLED is\n\t\t\tused. For more information, see Encrypting data in transit in\n\t\t\tthe Amazon Elastic File System User Guide.
The file type to use. The only supported value is s3.
The file type to use. Environment files are objects in Amazon S3. The only supported value is\n\t\t\t\ts3.
A list of files containing the environment variables to pass to a container. You can specify\n\t\t\tup to ten environment files. The file must have a .env file extension. Each\n\t\t\tline in an environment file should contain an environment variable in\n\t\t\t\tVARIABLE=VALUE format. Lines beginning with # are treated\n\t\t\tas comments and are ignored.
If there are environment variables specified using the environment\n\t\t\tparameter in a container definition, they take precedence over the variables contained\n\t\t\twithin an environment file. If multiple environment files are specified that contain the\n\t\t\tsame variable, they're processed from the top down. We recommend that you use unique\n\t\t\tvariable names. For more information, see Specifying environment\n\t\t\t\tvariables in the Amazon Elastic Container Service Developer Guide.
You must use the following platforms for the Fargate launch type:
\nLinux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
Consider the following when using the Fargate launch type:
\nThe file is handled like a native Docker env-file.
\nThere is no support for shell escape handling.
\nThe container entry point interperts the VARIABLE values.
A list of files containing the environment variables to pass to a container. You can\n\t\t\tspecify up to ten environment files. The file must have a .env file\n\t\t\textension. Each line in an environment file should contain an environment variable in\n\t\t\t\tVARIABLE=VALUE format. Lines beginning with # are treated\n\t\t\tas comments and are ignored.
If there are environment variables specified using the environment\n\t\t\tparameter in a container definition, they take precedence over the variables contained\n\t\t\twithin an environment file. If multiple environment files are specified that contain the\n\t\t\tsame variable, they're processed from the top down. We recommend that you use unique\n\t\t\tvariable names. For more information, see Use a file to pass environment variables to a container in the Amazon Elastic Container Service Developer Guide.
Environment variable files are objects in Amazon S3 and all Amazon S3 security considerations apply.
\nYou must use the following platforms for the Fargate launch type:
\nLinux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
Consider the following when using the Fargate launch type:
\nThe file is handled like a native Docker env-file.
\nThere is no support for shell escape handling.
\nThe container entry point interperts the VARIABLE values.
The total amount, in GiB, of ephemeral storage to set for the task. The minimum\n\t\t\tsupported value is 21 GiB and the maximum supported value is\n\t\t\t\t200 GiB.
The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported\n\t\t\tvalue is 20 GiB and the maximum supported value is\n\t\t\t\t200 GiB.
The amount of ephemeral storage to allocate for the task. This parameter is used to\n\t\t\texpand the total amount of ephemeral storage available, beyond the default amount, for\n\t\t\ttasks hosted on Fargate. For more information, see Fargate task\n\t\t\t\tstorage in the Amazon ECS User Guide for Fargate.
\nFor tasks using the Fargate launch type, the task requires\n\t\t\t\tthe following platforms:
\nLinux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
The amount of ephemeral storage to allocate for the task. This parameter is used to\n\t\t\texpand the total amount of ephemeral storage available, beyond the default amount, for\n\t\t\ttasks hosted on Fargate. For more information, see Using data volumes in\n\t\t\t\ttasks in the Amazon ECS Developer Guide;.
\nFor tasks using the Fargate launch type, the task requires the\n\t\t\t\tfollowing platforms:
\nLinux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
Runs a command remotely on a container within a task.
\nIf you use a condition key in your IAM policy to refine the conditions for the policy\n\t\t\tstatement, for example limit the actions to a specific cluster, you receive an\n\t\t\t\tAccessDeniedException when there is a mismatch between the condition\n\t\t\tkey value and the corresponding parameter value.
For information about required permissions and considerations, see Using Amazon ECS Exec for\n\t\t\tdebugging in the Amazon ECS Developer Guide.
" + "smithy.api#documentation": "Runs a command remotely on a container within a task.
\nIf you use a condition key in your IAM policy to refine the conditions for the\n\t\t\tpolicy statement, for example limit the actions to a specific cluster, you receive an\n\t\t\t\tAccessDeniedException when there is a mismatch between the condition\n\t\t\tkey value and the corresponding parameter value.
For information about required permissions and considerations, see Using Amazon ECS\n\t\t\t\tExec for debugging in the Amazon ECS Developer Guide.\n\t\t
" } }, "com.amazonaws.ecs#ExecuteCommandConfiguration": { @@ -5662,7 +5874,7 @@ "target": "com.amazonaws.ecs#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "Determines whether to use encryption on the CloudWatch logs. If not specified, encryption\n\t\t\twill be off.
" + "smithy.api#documentation": "Determines whether to use encryption on the CloudWatch logs. If not specified,\n\t\t\tencryption will be off.
" } }, "s3BucketName": { @@ -6013,7 +6225,7 @@ "protectedTasks": { "target": "com.amazonaws.ecs#ProtectedTasks", "traits": { - "smithy.api#documentation": "A list of tasks with the following information.
\n\n taskArn: The task ARN.
\n protectionEnabled: The protection status of the task. If scale-in\n\t\t\t\t\tprotection is turned on for a task, the value is true. Otherwise, it\n\t\t\t\t\tis false.
\n expirationDate: The epoch time when protection for the task will\n\t\t\t\t\texpire.
A list of tasks with the following information.
\n\n taskArn: The task ARN.
\n protectionEnabled: The protection status of the task. If scale-in\n\t\t\t\t\tprotection is turned on for a task, the value is true. Otherwise,\n\t\t\t\t\tit is false.
\n expirationDate: The epoch time when protection for the task will\n\t\t\t\t\texpire.
A string array representing the command that the container runs to determine if it is\n\t\t\thealthy. The string array must start with CMD to run the command arguments\n\t\t\tdirectly, or CMD-SHELL to run the command with the container's default\n\t\t\tshell.
When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of\n\t\t\tcommands in double quotes and brackets.
\n\n [ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]\n
You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.
\n\n CMD-SHELL, curl -f http://localhost/ || exit 1\n
An exit code of 0 indicates success, and non-zero exit code indicates failure. For\n\t\t\tmore information, see HealthCheck in the Create a container\n\t\t\tsection of the Docker Remote API.
A string array representing the command that the container runs to determine if it is\n\t\t\thealthy. The string array must start with CMD to run the command arguments\n\t\t\tdirectly, or CMD-SHELL to run the command with the container's default\n\t\t\tshell.
When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list\n\t\t\tof commands in double quotes and brackets.
\n\n [ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]\n
You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.
\n\n CMD-SHELL, curl -f http://localhost/ || exit 1\n
An exit code of 0 indicates success, and non-zero exit code indicates failure. For\n\t\t\tmore information, see HealthCheck in the Create a container\n\t\t\tsection of the Docker Remote API.
An object representing a container health check. Health check parameters that are\n\t\t\tspecified in a container definition override any Docker health checks that exist in the\n\t\t\tcontainer image (such as those specified in a parent image or from the image's\n\t\t\tDockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.
The Amazon ECS container agent only monitors and reports on the health checks specified\n\t\t\t\tin the task definition. Amazon ECS does not monitor Docker health checks that are\n\t\t\t\tembedded in a container image and not specified in the container definition. Health\n\t\t\t\tcheck parameters that are specified in a container definition override any Docker\n\t\t\t\thealth checks that exist in the container image.
\nYou can view the health status of both individual containers and a task with the\n\t\t\tDescribeTasks API operation or when viewing the task details in the console.
\nThe health check is designed to make sure that your containers survive agent restarts,\n\t\t\tupgrades, or temporary unavailability.
\nThe following describes the possible healthStatus values for a\n\t\t\tcontainer:
\n HEALTHY-The container health check has passed\n\t\t\t\t\tsuccessfully.
\n UNHEALTHY-The container health check has failed.
\n UNKNOWN-The container health check is being evaluated,\n\t\t\t\t\tthere's no container health check defined, or Amazon ECS doesn't have the health\n\t\t\t\t\tstatus of the container.
The following describes the possible healthStatus values based on the\n\t\t\tcontainer health checker status of essential containers in the task with the following\n\t\t\tpriority order (high to low):
\n UNHEALTHY-One or more essential containers have failed\n\t\t\t\t\ttheir health check.
\n UNKNOWN-Any essential container running within the task is\n\t\t\t\t\tin an UNKNOWN state and no other essential containers have an\n\t\t\t\t\t\tUNHEALTHY state.
\n HEALTHY-All essential containers within the task have\n\t\t\t\t\tpassed their health checks.
Consider the following task health example with 2 containers.
\nIf Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tUNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tHEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN,\n\t\t\t\t\tthe task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY,\n\t\t\t\t\tthe task health is HEALTHY.
Consider the following task health example with 3 containers.
\nIf Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3\n\t\t\t\t\tis UNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is UNKNOWN, and Container3\n\t\t\t\t\tis HEALTHY, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is HEALTHY, and Container3\n\t\t\t\t\tis HEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN, and Container3\n\t\t\t\t\tis HEALTHY, the task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is UNKNOWN,\n\t\t\t\t\tand Container3 is UNKNOWN, the task health is\n\t\t\t\t\tUNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY,\n\t\t\t\t\tand Container3 is HEALTHY, the task health is\n\t\t\t\t\tHEALTHY.
If a task is run manually, and not as part of a service, the task will continue its\n\t\t\tlifecycle regardless of its health status. For tasks that are part of a service, if the\n\t\t\ttask reports as unhealthy then the task will be stopped and the service scheduler will\n\t\t\treplace it.
\nThe following are notes about container health check support:
\nWhen the Amazon ECS agent cannot connect to the Amazon ECS service, the service reports\n\t\t\t\t\tthe container as UNHEALTHY.
The health check statuses are the \"last heard from\" response from the Amazon ECS\n\t\t\t\t\tagent. There are no assumptions made about the status of the container health\n\t\t\t\t\tchecks.
\nContainer health checks require version 1.17.0 or greater of the Amazon ECS\n\t\t\t\t\tcontainer agent. For more information, see Updating the\n\t\t\t\t\t\tAmazon ECS container agent.
\nContainer health checks are supported for Fargate tasks if\n\t\t\t\t\tyou're using platform version 1.1.0 or greater. For more\n\t\t\t\t\tinformation, see Fargate\n\t\t\t\t\t\tplatform versions.
Container health checks aren't supported for tasks that are part of a service\n\t\t\t\t\tthat's configured to use a Classic Load Balancer.
\nAn object representing a container health check. Health check parameters that are\n\t\t\tspecified in a container definition override any Docker health checks that exist in the\n\t\t\tcontainer image (such as those specified in a parent image or from the image's\n\t\t\tDockerfile). This configuration maps to the HEALTHCHECK parameter of docker run.
The Amazon ECS container agent only monitors and reports on the health checks specified\n\t\t\t\tin the task definition. Amazon ECS does not monitor Docker health checks that are\n\t\t\t\tembedded in a container image and not specified in the container definition. Health\n\t\t\t\tcheck parameters that are specified in a container definition override any Docker\n\t\t\t\thealth checks that exist in the container image.
\nYou can view the health status of both individual containers and a task with the\n\t\t\tDescribeTasks API operation or when viewing the task details in the console.
\nThe health check is designed to make sure that your containers survive agent restarts,\n\t\t\tupgrades, or temporary unavailability.
\nAmazon ECS performs health checks on containers with the default that launched the\n\t\t\tcontainer instance or the task.
\nThe following describes the possible healthStatus values for a\n\t\t\tcontainer:
\n HEALTHY-The container health check has passed\n\t\t\t\t\tsuccessfully.
\n UNHEALTHY-The container health check has failed.
\n UNKNOWN-The container health check is being evaluated,\n\t\t\t\t\tthere's no container health check defined, or Amazon ECS doesn't have the health\n\t\t\t\t\tstatus of the container.
The following describes the possible healthStatus values based on the\n\t\t\tcontainer health checker status of essential containers in the task with the following\n\t\t\tpriority order (high to low):
\n UNHEALTHY-One or more essential containers have failed\n\t\t\t\t\ttheir health check.
\n UNKNOWN-Any essential container running within the task is\n\t\t\t\t\tin an UNKNOWN state and no other essential containers have an\n\t\t\t\t\t\tUNHEALTHY state.
\n HEALTHY-All essential containers within the task have\n\t\t\t\t\tpassed their health checks.
Consider the following task health example with 2 containers.
\nIf Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tUNKNOWN, the task health is UNHEALTHY.
If Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tHEALTHY, the task health is UNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN,\n\t\t\t\t\tthe task health is UNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY,\n\t\t\t\t\tthe task health is HEALTHY.
Consider the following task health example with 3 containers.
\nIf Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tUNKNOWN, and Container3 is UNKNOWN, the task health is\n\t\t\t\t\t\tUNHEALTHY.
If Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tUNKNOWN, and Container3 is HEALTHY, the task health is\n\t\t\t\t\t\tUNHEALTHY.
If Container1 is UNHEALTHY and Container2 is\n\t\t\t\t\tHEALTHY, and Container3 is HEALTHY, the task health is\n\t\t\t\t\t\tUNHEALTHY.
If Container1 is HEALTHY and Container2 is UNKNOWN,\n\t\t\t\t\tand Container3 is HEALTHY, the task health is\n\t\t\t\t\tUNKNOWN.
If Container1 is HEALTHY and Container2 is UNKNOWN,\n\t\t\t\t\tand Container3 is UNKNOWN, the task health is\n\t\t\t\t\tUNKNOWN.
If Container1 is HEALTHY and Container2 is HEALTHY,\n\t\t\t\t\tand Container3 is HEALTHY, the task health is\n\t\t\t\t\tHEALTHY.
If a task is run manually, and not as part of a service, the task will continue its\n\t\t\tlifecycle regardless of its health status. For tasks that are part of a service, if the\n\t\t\ttask reports as unhealthy then the task will be stopped and the service scheduler will\n\t\t\treplace it.
\nThe following are notes about container health check support:
\nIf the Amazon ECS container agent becomes disconnected from the Amazon ECS service, this won't\n\t\t\t\t\tcause a container to transition to an UNHEALTHY status. This is by design,\n\t\t\t\t\tto ensure that containers remain running during agent restarts or temporary\n\t\t\t\t\tunavailability. The health check status is the \"last heard from\" response from the Amazon ECS\n\t\t\t\t\tagent, so if the container was considered HEALTHY prior to the disconnect,\n\t\t\t\t\tthat status will remain until the agent reconnects and another health check occurs.\n\t\t\t\t\tThere are no assumptions made about the status of the container health checks.
Container health checks require version 1.17.0 or greater of the Amazon ECS\n\t\t\t\t\tcontainer agent. For more information, see Updating the\n\t\t\t\t\t\tAmazon ECS container agent.
Container health checks are supported for Fargate tasks if\n\t\t\t\t\tyou're using platform version 1.1.0 or greater. For more\n\t\t\t\t\tinformation, see Fargate\n\t\t\t\t\t\tplatform versions.
Container health checks aren't supported for tasks that are part of a service\n\t\t\t\t\tthat's configured to use a Classic Load Balancer.
\nDetails on a container instance bind mount host volume.
" } }, + "com.amazonaws.ecs#IAMRoleArn": { + "type": "string" + }, "com.amazonaws.ecs#InferenceAccelerator": { "type": "structure", "members": { @@ -6156,7 +6371,7 @@ } }, "traits": { - "smithy.api#documentation": "Details on an Elastic Inference accelerator. For more information, see Working with Amazon Elastic Inference on\n\t\t\t\tAmazon ECS in the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "Details on an Elastic Inference accelerator. For more information, see Working with Amazon Elastic Inference on Amazon ECS in the\n\t\t\tAmazon Elastic Container Service Developer Guide.
" } }, "com.amazonaws.ecs#InferenceAcceleratorOverride": { @@ -6279,7 +6494,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -6327,7 +6545,7 @@ } }, "traits": { - "smithy.api#documentation": "The Linux capabilities for the container that are added to or dropped from the default\n\t\t\tconfiguration provided by Docker. For more information about the default capabilities\n\t\t\tand the non-default available capabilities, see Runtime privilege and Linux capabilities in the Docker run\n\t\t\t\treference. For more detailed information about these Linux capabilities,\n\t\t\tsee the capabilities(7) Linux manual page.
" + "smithy.api#documentation": "The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more information about the default capabilities\n\t\t\tand the non-default available capabilities, see Runtime privilege and Linux capabilities in the Docker run\n\t\t\t\treference. For more detailed information about these Linux capabilities,\n\t\t\tsee the capabilities(7) Linux manual page.
" } }, "com.amazonaws.ecs#KeyValuePair": { @@ -6377,7 +6595,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -6421,13 +6642,13 @@ "maxSwap": { "target": "com.amazonaws.ecs#BoxedInteger", "traits": { - "smithy.api#documentation": "The total amount of swap memory (in MiB) a container can use. This parameter will be\n\t\t\ttranslated to the --memory-swap option to docker run where the value would be the sum of\n\t\t\tthe container memory plus the maxSwap value.
If a maxSwap value of 0 is specified, the container will not\n\t\t\tuse swap. Accepted values are 0 or any positive integer. If the\n\t\t\t\tmaxSwap parameter is omitted, the container will use the swap\n\t\t\tconfiguration for the container instance it is running on. A maxSwap value\n\t\t\tmust be set for the swappiness parameter to be used.
If you're using tasks that use the Fargate launch type, the\n\t\t\t\t\tmaxSwap parameter isn't supported.
If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't supported.
The total amount of swap memory (in MiB) a container can use. This parameter will be\n\t\t\ttranslated to the --memory-swap option to docker run where the value would be the sum of\n\t\t\tthe container memory plus the maxSwap value.
If a maxSwap value of 0 is specified, the container will not\n\t\t\tuse swap. Accepted values are 0 or any positive integer. If the\n\t\t\t\tmaxSwap parameter is omitted, the container will use the swap\n\t\t\tconfiguration for the container instance it is running on. A maxSwap value\n\t\t\tmust be set for the swappiness parameter to be used.
If you're using tasks that use the Fargate launch type, the\n\t\t\t\t\tmaxSwap parameter isn't supported.
If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't\n\t\t\t\tsupported.
This allows you to tune a container's memory swappiness behavior. A\n\t\t\t\tswappiness value of 0 will cause swapping to not happen\n\t\t\tunless absolutely necessary. A swappiness value of 100 will\n\t\t\tcause pages to be swapped very aggressively. Accepted values are whole numbers between\n\t\t\t\t0 and 100. If the swappiness parameter is not\n\t\t\tspecified, a default value of 60 is used. If a value is not specified for\n\t\t\t\tmaxSwap then this parameter is ignored. This parameter maps to the\n\t\t\t\t--memory-swappiness option to docker run.
If you're using tasks that use the Fargate launch type, the\n\t\t\t\t\tswappiness parameter isn't supported.
If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't supported.
This allows you to tune a container's memory swappiness behavior. A\n\t\t\t\tswappiness value of 0 will cause swapping to not happen\n\t\t\tunless absolutely necessary. A swappiness value of 100 will\n\t\t\tcause pages to be swapped very aggressively. Accepted values are whole numbers between\n\t\t\t\t0 and 100. If the swappiness parameter is not\n\t\t\tspecified, a default value of 60 is used. If a value is not specified for\n\t\t\t\tmaxSwap then this parameter is ignored. This parameter maps to the\n\t\t\t\t--memory-swappiness option to docker run.
If you're using tasks that use the Fargate launch type, the\n\t\t\t\t\tswappiness parameter isn't supported.
If you're using tasks on Amazon Linux 2023 the swappiness parameter isn't\n\t\t\t\tsupported.
The ARN of the principal, which can be a user, role, or the root user. If\n\t\t\tthis field is omitted, the account settings are listed only for the authenticated\n\t\t\tuser.
\nFederated users assume the account setting of the root user and can't have\n\t\t\t\texplicit account settings set for them.
\nThe ARN of the principal, which can be a user, role, or the root user. If this field is\n\t\t\tomitted, the account settings are listed only for the authenticated user.
\nFederated users assume the account setting of the root user and can't have explicit\n\t\t\t\taccount settings set for them.
\nReturns a list of tasks. You can filter the results by cluster, task definition\n\t\t\tfamily, container instance, launch type, what IAM principal started the task, or by the\n\t\t\tdesired status of the task.
\nRecently stopped tasks might appear in the returned results.
", + "smithy.api#documentation": "Returns a list of tasks. You can filter the results by cluster, task definition\n\t\t\tfamily, container instance, launch type, what IAM principal started the task, or by\n\t\t\tthe desired status of the task.
\nRecently stopped tasks might appear in the returned results.
", "smithy.api#examples": [ { "title": "To list the tasks in a cluster", @@ -7325,6 +7601,19 @@ "arn:aws:ecs:us-east-1:012345678910:task/default/6b809ef6-c67e-4467-921f-ee261c15a0a1" ] } + }, + { + "title": "To list the tasks on a particular container instance", + "documentation": "This example lists the tasks of a specified container instance. Specifying a ``containerInstance`` value limits the results to tasks that belong to that container instance.", + "input": { + "cluster": "default", + "containerInstance": "f6bbb147-5370-4ace-8c73-c7181ded911f" + }, + "output": { + "taskArns": [ + "arn:aws:ecs:us-east-1:012345678910:task/default/0cc43cdb-3bee-4407-9c26-c0e6ea5bee84" + ] + } } ], "smithy.api#paginated": { @@ -7435,7 +7724,7 @@ "containerName": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The name of the container (as it appears in a container definition) to associate with\n\t\t\tthe load balancer.
" + "smithy.api#documentation": "The name of the container (as it appears in a container definition) to associate with\n\t\t\tthe load balancer.
\nYou need to specify the container name when configuring the target group for an Amazon ECS\n\t\t\tload balancer.
" } }, "containerPort": { @@ -7479,7 +7768,7 @@ } }, "traits": { - "smithy.api#documentation": "The log configuration for the container. This parameter maps to LogConfig\n\t\t\tin the Create a container section of the Docker Remote API and the\n\t\t\t\t--log-driver option to \n docker\n\t\t\t\t\trun\n .
By default, containers use the same logging driver that the Docker daemon uses.\n\t\t\tHowever, the container might use a different logging driver than the Docker daemon by\n\t\t\tspecifying a log driver configuration in the container definition. For more information\n\t\t\tabout the options for different supported log drivers, see Configure logging\n\t\t\t\tdrivers in the Docker documentation.
\nUnderstand the following when specifying a log configuration for your\n\t\t\tcontainers.
\nAmazon ECS currently supports a subset of the logging drivers available to the Docker daemon.\n\t\t\t\t\tAdditional log drivers may be available in future releases of the Amazon ECS\n\t\t\t\t\tcontainer agent.
\nFor tasks on Fargate, the supported log drivers are awslogs,\n\t\t\t\t\t\tsplunk, and awsfirelens.
For tasks hosted on Amazon EC2 instances, the supported log drivers are\n\t\t\t\t\t\tawslogs, fluentd, gelf,\n\t\t\t\t\t\tjson-file, journald,\n\t\t\t\t\t\tlogentries,syslog, splunk, and\n\t\t\t\t\t\tawsfirelens.
This parameter requires version 1.18 of the Docker Remote API or greater on\n\t\t\t\t\tyour container instance.
\nFor tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must\n\t\t\t\t\tregister the available logging drivers with the\n\t\t\t\t\t\tECS_AVAILABLE_LOGGING_DRIVERS environment variable before\n\t\t\t\t\tcontainers placed on that instance can use these log configuration options. For\n\t\t\t\t\tmore information, see Amazon ECS container agent configuration in the\n\t\t\t\t\tAmazon Elastic Container Service Developer Guide.
For tasks that are on Fargate, because you don't have access to the\n\t\t\t\t\tunderlying infrastructure your tasks are hosted on, any additional software\n\t\t\t\t\tneeded must be installed outside of the task. For example, the Fluentd output\n\t\t\t\t\taggregators or a remote host running Logstash to send Gelf logs to.
\nThe log configuration for the container. This parameter maps to LogConfig\n\t\t\tin the Create a container section of the Docker Remote API and the\n\t\t\t\t--log-driver option to \n docker\n\t\t\t\t\trun\n .
By default, containers use the same logging driver that the Docker daemon uses.\n\t\t\tHowever, the container might use a different logging driver than the Docker daemon by\n\t\t\tspecifying a log driver configuration in the container definition. For more information\n\t\t\tabout the options for different supported log drivers, see Configure logging\n\t\t\t\tdrivers in the Docker documentation.
\nUnderstand the following when specifying a log configuration for your\n\t\t\tcontainers.
\nAmazon ECS currently supports a subset of the logging drivers available to the\n\t\t\t\t\tDocker daemon. Additional log drivers may be available in future releases of the\n\t\t\t\t\tAmazon ECS container agent.
\nFor tasks on Fargate, the supported log drivers are awslogs,\n\t\t\t\t\t\tsplunk, and awsfirelens.
For tasks hosted on Amazon EC2 instances, the supported log drivers are\n\t\t\t\t\t\tawslogs, fluentd, gelf,\n\t\t\t\t\t\tjson-file, journald,\n\t\t\t\t\t\tlogentries,syslog, splunk, and\n\t\t\t\t\t\tawsfirelens.
This parameter requires version 1.18 of the Docker Remote API or greater on\n\t\t\t\t\tyour container instance.
\nFor tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must\n\t\t\t\t\tregister the available logging drivers with the\n\t\t\t\t\t\tECS_AVAILABLE_LOGGING_DRIVERS environment variable before\n\t\t\t\t\tcontainers placed on that instance can use these log configuration options. For\n\t\t\t\t\tmore information, see Amazon ECS container agent configuration in the\n\t\t\t\t\tAmazon Elastic Container Service Developer Guide.
For tasks that are on Fargate, because you don't have access to the\n\t\t\t\t\tunderlying infrastructure your tasks are hosted on, any additional software\n\t\t\t\t\tneeded must be installed outside of the task. For example, the Fluentd output\n\t\t\t\t\taggregators or a remote host running Logstash to send Gelf logs to.
\nThe target capacity utilization as a percentage for the capacity provider. The\n\t\t\tspecified value must be greater than 0 and less than or equal to\n\t\t\t\t100. For example, if you want the capacity provider to maintain 10%\n\t\t\tspare capacity, then that means the utilization is 90%, so use a\n\t\t\t\ttargetCapacity of 90. The default value of\n\t\t\t\t100 percent results in the Amazon EC2 instances in your Auto Scaling group being\n\t\t\tcompletely used.
The target capacity utilization as a percentage for the capacity provider. The\n\t\t\tspecified value must be greater than 0 and less than or equal to\n\t\t\t\t100. For example, if you want the capacity provider to maintain 10%\n\t\t\tspare capacity, then that means the utilization is 90%, so use a\n\t\t\t\ttargetCapacity of 90. The default value of\n\t\t\t\t100 percent results in the Amazon EC2 instances in your Auto Scaling group\n\t\t\tbeing completely used.
The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale in\n\t\t\tprocess is not affected by this parameter. If this parameter is omitted, the default\n\t\t\tvalue of 10000 is used.
The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. The scale\n\t\t\tin process is not affected by this parameter. If this parameter is omitted, the default\n\t\t\tvalue of 10000 is used.
Specify a Key Management Service key ID to encrypt the managed storage.
" + } + }, + "fargateEphemeralStorageKmsKeyId": { + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Specify the Key Management Service key ID for the Fargate ephemeral storage.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The managed storage configuration for the cluster.
" + } + }, "com.amazonaws.ecs#ManagedTerminationProtection": { "type": "enum", "members": { @@ -7743,7 +8069,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -7787,7 +8116,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -7825,13 +8157,13 @@ "containerPortRange": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The port number range on the container that's bound to the dynamically mapped host port\n\t\t\trange.
\nThe following rules apply when you specify a containerPortRange:
You must use either the bridge network mode or the awsvpc\n\t\t\t\t\tnetwork mode.
This parameter is available for both the EC2 and Fargate launch types.
\nThis parameter is available for both the Linux and Windows operating systems.
\nThe container instance must have at least version 1.67.0 of the container agent\n\t\t\t\t\tand at least version 1.67.0-1 of the ecs-init package
You can specify a maximum of 100 port ranges per container.
\nYou do not specify a hostPortRange. The value of the hostPortRange is set\n\t\t\t\t\tas follows:
For containers in a task with the awsvpc network mode,\n\t\t\t\t\t\t\tthe hostPortRange is set to the same value as the\n\t\t\t\t\t\t\t\tcontainerPortRange. This is a static mapping\n\t\t\t\t\t\t\tstrategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.
The containerPortRange valid values are between 1 and\n\t\t\t\t\t65535.
A port can only be included in one port mapping per container.
\nYou cannot specify overlapping port ranges.
\nThe first port in the range must be less than last port in the range.
\nDocker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
\nFor more information, see Issue #11185 on the Github website.
\nFor information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.
\nYou can call \n DescribeTasks\n to view the hostPortRange which\n\t\t\tare the host ports that are bound to the container ports.
The port number range on the container that's bound to the dynamically mapped host\n\t\t\tport range.
\nThe following rules apply when you specify a containerPortRange:
You must use either the bridge network mode or the awsvpc\n\t\t\t\t\tnetwork mode.
This parameter is available for both the EC2 and Fargate launch types.
\nThis parameter is available for both the Linux and Windows operating systems.
\nThe container instance must have at least version 1.67.0 of the container agent\n\t\t\t\t\tand at least version 1.67.0-1 of the ecs-init package
You can specify a maximum of 100 port ranges per container.
\nYou do not specify a hostPortRange. The value of the hostPortRange is set\n\t\t\t\t\tas follows:
For containers in a task with the awsvpc network mode,\n\t\t\t\t\t\t\tthe hostPortRange is set to the same value as the\n\t\t\t\t\t\t\t\tcontainerPortRange. This is a static mapping\n\t\t\t\t\t\t\tstrategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.
The containerPortRange valid values are between 1 and\n\t\t\t\t\t65535.
A port can only be included in one port mapping per container.
\nYou cannot specify overlapping port ranges.
\nThe first port in the range must be less than last port in the range.
\nDocker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
\nFor more information, see Issue #11185 on the Github website.
\nFor information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.
\nYou can call \n DescribeTasks\n to view the hostPortRange which\n\t\t\tare the host ports that are bound to the container ports.
The port number range on the host that's used with the network binding. This is assigned is\n\t\t\tassigned by Docker and delivered by the Amazon ECS agent.
" + "smithy.api#documentation": "The port number range on the host that's used with the network binding. This is\n\t\t\tassigned is assigned by Docker and delivered by the Amazon ECS agent.
" } } }, @@ -7924,7 +8256,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -8137,7 +8472,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -8149,7 +8487,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -8169,13 +8510,13 @@ "hostPort": { "target": "com.amazonaws.ecs#BoxedInteger", "traits": { - "smithy.api#documentation": "The port number on the container instance to reserve for your container.
\nIf you specify a containerPortRange, leave this field empty and the value of\n\t\t\tthe hostPort is set as follows:
For containers in a task with the awsvpc network mode, the\n\t\t\t\t\t\thostPort is set to the same value as the\n\t\t\t\t\t\tcontainerPort. This is a static mapping strategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds\n\t\t\t\t\topen ports on the host and automatically binds them to the container ports. This\n\t\t\t\t\tis a dynamic mapping strategy.
If you use containers in a task with the awsvpc or host\n\t\t\tnetwork mode, the hostPort can either be left blank or set to the same\n\t\t\tvalue as the containerPort.
If you use containers in a task with the bridge network mode, you can\n\t\t\tspecify a non-reserved host port for your container port mapping, or you can omit the\n\t\t\t\thostPort (or set it to 0) while specifying a\n\t\t\t\tcontainerPort and your container automatically receives a port in the\n\t\t\tephemeral port range for your container instance operating system and Docker\n\t\t\tversion.
The default ephemeral port range for Docker version 1.6.0 and later is listed on the\n\t\t\tinstance under /proc/sys/net/ipv4/ip_local_port_range. If this kernel\n\t\t\tparameter is unavailable, the default ephemeral port range from 49153 through 65535\n\t\t\t(Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port\n\t\t\tin the ephemeral port range as these are reserved for automatic assignment. In general,\n\t\t\tports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the\n\t\t\tAmazon ECS container agent ports 51678-51680. Any host port that was previously specified in\n\t\t\ta running task is also reserved while the task is running. That is, after a task stops,\n\t\t\tthe host port is released. The current reserved ports are displayed in the\n\t\t\tremainingResources of DescribeContainerInstances\n\t\t\toutput. A container instance can have up to 100 reserved ports at a time. This number\n\t\t\tincludes the default reserved ports. Automatically assigned ports aren't included in the\n\t\t\t100 reserved ports quota.
The port number on the container instance to reserve for your container.
\nIf you specify a containerPortRange, leave this field empty and the value\n\t\t\tof the hostPort is set as follows:
For containers in a task with the awsvpc network mode, the\n\t\t\t\t\t\thostPort is set to the same value as the\n\t\t\t\t\t\tcontainerPort. This is a static mapping strategy.
For containers in a task with the bridge network mode, the Amazon ECS\n\t\t\t\t\tagent finds open ports on the host and automatically binds them to the container\n\t\t\t\t\tports. This is a dynamic mapping strategy.
If you use containers in a task with the awsvpc or host\n\t\t\tnetwork mode, the hostPort can either be left blank or set to the same\n\t\t\tvalue as the containerPort.
If you use containers in a task with the bridge network mode, you can\n\t\t\tspecify a non-reserved host port for your container port mapping, or you can omit the\n\t\t\t\thostPort (or set it to 0) while specifying a\n\t\t\t\tcontainerPort and your container automatically receives a port in the\n\t\t\tephemeral port range for your container instance operating system and Docker\n\t\t\tversion.
The default ephemeral port range for Docker version 1.6.0 and later is listed on the\n\t\t\tinstance under /proc/sys/net/ipv4/ip_local_port_range. If this kernel\n\t\t\tparameter is unavailable, the default ephemeral port range from 49153 through 65535\n\t\t\t(Linux) or 49152 through 65535 (Windows) is used. Do not attempt to specify a host port\n\t\t\tin the ephemeral port range as these are reserved for automatic assignment. In general,\n\t\t\tports below 32768 are outside of the ephemeral port range.
The default reserved ports are 22 for SSH, the Docker ports 2375 and 2376, and the\n\t\t\tAmazon ECS container agent ports 51678-51680. Any host port that was previously specified in\n\t\t\ta running task is also reserved while the task is running. That is, after a task stops,\n\t\t\tthe host port is released. The current reserved ports are displayed in the\n\t\t\t\tremainingResources of DescribeContainerInstances output. A container instance can have up to 100\n\t\t\treserved ports at a time. This number includes the default reserved ports. Automatically\n\t\t\tassigned ports aren't included in the 100 reserved ports quota.
The protocol used for the port mapping. Valid values are tcp and\n\t\t\tudp. The default is tcp. protocol is immutable in a \n\t\t\tService Connect service. Updating this field requires a service deletion and \n\t\t\tredeployment.\n\t\t
The protocol used for the port mapping. Valid values are tcp and\n\t\t\t\tudp. The default is tcp. protocol is\n\t\t\timmutable in a Service Connect service. Updating this field requires a service deletion\n\t\t\tand redeployment.
The application protocol that's used for the port mapping. This parameter only applies\n\t\t\tto Service Connect. We recommend that you set this parameter to be consistent with the\n\t\t\tprotocol that your application uses. If you set this parameter, Amazon ECS adds\n\t\t\tprotocol-specific connection handling to the Service Connect proxy. If you set this\n\t\t\tparameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch.
\nIf you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't\n\t\t\tadd protocol-specific telemetry for TCP.
\n\n appProtocol is immutable in a Service Connect service. Updating this field \n\t\t\trequires a service deletion and redeployment.
Tasks that run in a namespace can use short names to connect\n\tto services in the namespace. Tasks can connect to services across all of the clusters in the namespace.\n\tTasks connect through a managed proxy container\n\tthat collects logs and metrics for increased visibility.\n\tOnly the tasks that Amazon ECS services create are supported with Service Connect.\n\tFor more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "The application protocol that's used for the port mapping. This parameter only applies\n\t\t\tto Service Connect. We recommend that you set this parameter to be consistent with the\n\t\t\tprotocol that your application uses. If you set this parameter, Amazon ECS adds\n\t\t\tprotocol-specific connection handling to the Service Connect proxy. If you set this\n\t\t\tparameter, Amazon ECS adds protocol-specific telemetry in the Amazon ECS console and CloudWatch.
\nIf you don't set a value for this parameter, then TCP is used. However, Amazon ECS doesn't\n\t\t\tadd protocol-specific telemetry for TCP.
\n\n appProtocol is immutable in a Service Connect service. Updating this\n\t\t\tfield requires a service deletion and redeployment.
Tasks that run in a namespace can use short names to connect\n\tto services in the namespace. Tasks can connect to services across all of the clusters in the namespace.\n\tTasks connect through a managed proxy container\n\tthat collects logs and metrics for increased visibility.\n\tOnly the tasks that Amazon ECS services create are supported with Service Connect.\n\tFor more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
" } }, "containerPortRange": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The port number range on the container that's bound to the dynamically mapped host port\n\t\t\trange.
\nThe following rules apply when you specify a containerPortRange:
You must use either the bridge network mode or the awsvpc\n\t\t\t\t\tnetwork mode.
This parameter is available for both the EC2 and Fargate launch types.
\nThis parameter is available for both the Linux and Windows operating systems.
\nThe container instance must have at least version 1.67.0 of the container agent\n\t\t\t\t\tand at least version 1.67.0-1 of the ecs-init package
You can specify a maximum of 100 port ranges per container.
\nYou do not specify a hostPortRange. The value of the hostPortRange is set\n\t\t\t\t\tas follows:
For containers in a task with the awsvpc network mode,\n\t\t\t\t\t\t\tthe hostPortRange is set to the same value as the\n\t\t\t\t\t\t\t\tcontainerPortRange. This is a static mapping\n\t\t\t\t\t\t\tstrategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.
The containerPortRange valid values are between 1 and\n\t\t\t\t\t65535.
A port can only be included in one port mapping per container.
\nYou cannot specify overlapping port ranges.
\nThe first port in the range must be less than last port in the range.
\nDocker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
\nFor more information, see Issue #11185 on the Github website.
\nFor information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.
\nYou can call \n DescribeTasks\n to view the hostPortRange which\n\t\t\tare the host ports that are bound to the container ports.
The port number range on the container that's bound to the dynamically mapped host\n\t\t\tport range.
\nThe following rules apply when you specify a containerPortRange:
You must use either the bridge network mode or the awsvpc\n\t\t\t\t\tnetwork mode.
This parameter is available for both the EC2 and Fargate launch types.
\nThis parameter is available for both the Linux and Windows operating systems.
\nThe container instance must have at least version 1.67.0 of the container agent\n\t\t\t\t\tand at least version 1.67.0-1 of the ecs-init package
You can specify a maximum of 100 port ranges per container.
\nYou do not specify a hostPortRange. The value of the hostPortRange is set\n\t\t\t\t\tas follows:
For containers in a task with the awsvpc network mode,\n\t\t\t\t\t\t\tthe hostPortRange is set to the same value as the\n\t\t\t\t\t\t\t\tcontainerPortRange. This is a static mapping\n\t\t\t\t\t\t\tstrategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.
The containerPortRange valid values are between 1 and\n\t\t\t\t\t65535.
A port can only be included in one port mapping per container.
\nYou cannot specify overlapping port ranges.
\nThe first port in the range must be less than last port in the range.
\nDocker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
\nFor more information, see Issue #11185 on the Github website.
\nFor information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.
\nYou can call \n DescribeTasks\n to view the hostPortRange which\n\t\t\tare the host ports that are bound to the container ports.
The protection status of the task. If scale-in protection is on for a task, the\n\t\t\tvalue is true. Otherwise, it is false.
The protection status of the task. If scale-in protection is on for a task, the value\n\t\t\tis true. Otherwise, it is false.
Modifies an account setting. Account settings are set on a per-Region basis.
\nIf you change the root user account setting, the default settings are reset for users\n\t\t\tand roles that do not have specified individual account settings. For more information,\n\t\t\tsee Account\n\t\t\t\tSettings in the Amazon Elastic Container Service Developer Guide.
\nWhen you specify serviceLongArnFormat, taskLongArnFormat, or\n\t\t\t\tcontainerInstanceLongArnFormat, the Amazon Resource Name (ARN) and\n\t\t\tresource ID format of the resource type for a specified user, role, or the root user for an\n\t\t\taccount is affected. The opt-in and opt-out account setting must be set for each Amazon ECS\n\t\t\tresource separately. The ARN and resource ID format of a resource is defined by the\n\t\t\topt-in status of the user or role that created the resource. You must turn on this\n\t\t\tsetting to use Amazon ECS features such as resource tagging.
When you specify awsvpcTrunking, the elastic network interface (ENI) limit for\n\t\t\tany new container instances that support the feature is changed. If\n\t\t\t\tawsvpcTrunking is turned on, any new container instances that support\n\t\t\tthe feature are launched have the increased ENI limits available to them. For more\n\t\t\tinformation, see Elastic Network\n\t\t\t\tInterface Trunking in the Amazon Elastic Container Service Developer Guide.
When you specify containerInsights, the default setting indicating whether\n\t\t\tAmazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If\n\t\t\t\tcontainerInsights is turned on, any new clusters that are created will\n\t\t\thave Container Insights turned on unless you disable it during cluster creation. For\n\t\t\tmore information, see CloudWatch\n\t\t\t\tContainer Insights in the Amazon Elastic Container Service Developer Guide.
Amazon ECS is introducing tagging authorization for resource creation. Users must have\n\t\t\tpermissions for actions that create the resource, such as ecsCreateCluster.\n\t\t\tIf tags are specified when you create a resource, Amazon Web Services performs additional\n\t\t\tauthorization to verify if users or roles have permissions to create tags. Therefore,\n\t\t\tyou must grant explicit permissions to use the ecs:TagResource action. For\n\t\t\tmore information, see Grant\n\t\t\t\tpermission to tag resources on creation in the Amazon ECS Developer\n\t\t\t\t\tGuide.
When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS\n\t\t\ttask hosted on Fargate, the tasks need to be stopped and new tasks launched to replace\n\t\t\tthem. Use fargateTaskRetirementWaitPeriod to configure the wait time to\n\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.
The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
Modifies an account setting. Account settings are set on a per-Region basis.
\nIf you change the root user account setting, the default settings are reset for users and\n\t\t\troles that do not have specified individual account settings. For more information, see\n\t\t\t\tAccount\n\t\t\t\tSettings in the Amazon Elastic Container Service Developer Guide.
", "smithy.api#examples": [ { "title": "To modify your account settings", @@ -8352,8 +8693,24 @@ "principalArn": "arn:aws:iam::Modifies an account setting for all users on an account for whom no individual\n\t\t\taccount setting has been specified. Account settings are set on a per-Region\n\t\t\tbasis.
", + "smithy.api#documentation": "Modifies an account setting for all users on an account for whom no individual account\n\t\t\tsetting has been specified. Account settings are set on a per-Region basis.
", "smithy.api#examples": [ { "title": "To modify the default account settings for all IAM users or roles on an account", @@ -8402,14 +8759,14 @@ "name": { "target": "com.amazonaws.ecs#SettingName", "traits": { - "smithy.api#documentation": "The resource name for which to modify the account setting. If you specify\n\t\t\t\tserviceLongArnFormat, the ARN for your Amazon ECS services is affected. If\n\t\t\tyou specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS\n\t\t\ttasks is affected. If you specify containerInstanceLongArnFormat, the ARN\n\t\t\tand resource ID for your Amazon ECS container instances is affected. If you specify\n\t\t\t\tawsvpcTrunking, the ENI limit for your Amazon ECS container instances is\n\t\t\taffected. If you specify containerInsights, the default setting for Amazon Web Services\n\t\t\tCloudWatch Container Insights for your clusters is affected. If you specify\n\t\t\t\ttagResourceAuthorization, the opt-in option for tagging resources on\n\t\t\tcreation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide. If you specify fargateTaskRetirementWaitPeriod, the\n\t\t\tdefault wait time to retire a Fargate task due to required maintenance is\n\t\t\taffected.
When you specify fargateFIPSMode for the name and\n\t\t\tenabled for the value, Fargate uses FIPS-140 compliant\n\t\t\tcryptographic algorithms on your tasks. For more information about FIPS-140 compliance\n\t\t\twith Fargate, see Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2\n\t\t\t\tcompliance in the Amazon Elastic Container Service Developer Guide.
When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task\n\t\t\thosted on Fargate, the tasks need to be stopped and new tasks launched to replace\n\t\t\tthem. Use fargateTaskRetirementWaitPeriod to set the wait time to retire a\n\t\t\tFargate task to the default. For information about the Fargate tasks maintenance,\n\t\t\tsee Amazon Web Services Fargate task\n\t\t\t\tmaintenance in the Amazon ECS Developer Guide.
The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The resource name for which to modify the account setting.
\nThe following are the valid values for the account setting name.
\n\n serviceLongArnFormat - When modified, the Amazon Resource Name\n\t\t\t\t\t(ARN) and resource ID format of the resource type for a specified user, role, or\n\t\t\t\t\tthe root user for an account is affected. The opt-in and opt-out account setting\n\t\t\t\t\tmust be set for each Amazon ECS resource separately. The ARN and resource ID format\n\t\t\t\t\tof a resource is defined by the opt-in status of the user or role that created\n\t\t\t\t\tthe resource. You must turn on this setting to use Amazon ECS features such as\n\t\t\t\t\tresource tagging.
\n taskLongArnFormat - When modified, the Amazon Resource Name (ARN)\n\t\t\t\t\tand resource ID format of the resource type for a specified user, role, or the\n\t\t\t\t\troot user for an account is affected. The opt-in and opt-out account setting must\n\t\t\t\t\tbe set for each Amazon ECS resource separately. The ARN and resource ID format of a\n\t\t\t\t\tresource is defined by the opt-in status of the user or role that created the\n\t\t\t\t\tresource. You must turn on this setting to use Amazon ECS features such as resource\n\t\t\t\t\ttagging.
\n containerInstanceLongArnFormat - When modified, the Amazon\n\t\t\t\t\tResource Name (ARN) and resource ID format of the resource type for a specified\n\t\t\t\t\tuser, role, or the root user for an account is affected. The opt-in and opt-out\n\t\t\t\t\taccount setting must be set for each Amazon ECS resource separately. The ARN and\n\t\t\t\t\tresource ID format of a resource is defined by the opt-in status of the user or\n\t\t\t\t\trole that created the resource. You must turn on this setting to use Amazon ECS\n\t\t\t\t\tfeatures such as resource tagging.
\n awsvpcTrunking - When modified, the elastic network interface\n\t\t\t\t\t(ENI) limit for any new container instances that support the feature is changed.\n\t\t\t\t\tIf awsvpcTrunking is turned on, any new container instances that\n\t\t\t\t\tsupport the feature are launched have the increased ENI limits available to\n\t\t\t\t\tthem. For more information, see Elastic\n\t\t\t\t\t\tNetwork Interface Trunking in the Amazon Elastic Container Service Developer Guide.
\n containerInsights - When modified, the default setting indicating\n\t\t\t\t\twhether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed.\n\t\t\t\t\tIf containerInsights is turned on, any new clusters that are\n\t\t\t\t\tcreated will have Container Insights turned on unless you disable it during\n\t\t\t\t\tcluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
\n dualStackIPv6 - When turned on, when using a VPC in dual stack\n\t\t\t\t\tmode, your tasks using the awsvpc network mode can have an IPv6\n\t\t\t\t\taddress assigned. For more information on using IPv6 with tasks launched on\n\t\t\t\t\tAmazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6\n\t\t\t\t\twith tasks launched on Fargate, see Using a VPC in dual-stack mode.
\n fargateFIPSMode - If you specify fargateFIPSMode,\n\t\t\t\t\tFargate FIPS 140 compliance is affected.
\n fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a\n\t\t\t\t\tsecurity or infrastructure update is needed for an Amazon ECS task hosted on\n\t\t\t\t\tFargate, the tasks need to be stopped and new tasks launched to replace them.\n\t\t\t\t\tUse fargateTaskRetirementWaitPeriod to configure the wait time to\n\t\t\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance,\n\t\t\t\t\tsee Amazon Web Services Fargate\n\t\t\t\t\t\ttask maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.
\n tagResourceAuthorization - Amazon ECS is introducing tagging\n\t\t\t\t\tauthorization for resource creation. Users must have permissions for actions\n\t\t\t\t\tthat create the resource, such as ecsCreateCluster. If tags are\n\t\t\t\t\tspecified when you create a resource, Amazon Web Services performs additional authorization to\n\t\t\t\t\tverify if users or roles have permissions to create tags. Therefore, you must\n\t\t\t\t\tgrant explicit permissions to use the ecs:TagResource action. For\n\t\t\t\t\tmore information, see Grant permission to tag resources on creation in the\n\t\t\t\t\t\tAmazon ECS Developer Guide.
\n guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.
When you specify fargateTaskRetirementWaitPeriod for the\n\t\t\t\tname, the following are the valid values:
\n 0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.
\n 7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.
\n 14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.
When you specify fargateTaskRetirementWaitPeriod for the\n\t\t\t\tname, the following are the valid values:
\n 0 - Amazon Web Services sends the notification, and immediately retires the\n\t\t\t\t\taffected tasks.
\n 7 - Amazon Web Services sends the notification, and waits 7 calendar days to\n\t\t\t\t\tretire the tasks.
\n 14 - Amazon Web Services sends the notification, and waits 14 calendar days to\n\t\t\t\t\tretire the tasks.
The Amazon ECS resource name for which to modify the account setting. If you specify\n\t\t\t\tserviceLongArnFormat, the ARN for your Amazon ECS services is affected. If\n\t\t\tyou specify taskLongArnFormat, the ARN and resource ID for your Amazon ECS\n\t\t\ttasks is affected. If you specify containerInstanceLongArnFormat, the ARN\n\t\t\tand resource ID for your Amazon ECS container instances is affected. If you specify\n\t\t\t\tawsvpcTrunking, the elastic network interface (ENI) limit for your\n\t\t\tAmazon ECS container instances is affected. If you specify containerInsights,\n\t\t\tthe default setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If\n\t\t\tyou specify fargateFIPSMode, Fargate FIPS 140 compliance is affected. If\n\t\t\tyou specify tagResourceAuthorization, the opt-in option for tagging\n\t\t\tresources on creation is affected. For information about the opt-in timeline, see Tagging authorization timeline in the Amazon ECS Developer\n\t\t\t\tGuide. If you specify fargateTaskRetirementWaitPeriod, the\n\t\t\twait time to retire a Fargate task is affected.
The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The Amazon ECS account setting name to modify.
\nThe following are the valid values for the account setting name.
\n\n serviceLongArnFormat - When modified, the Amazon Resource Name\n\t\t\t\t\t(ARN) and resource ID format of the resource type for a specified user, role, or\n\t\t\t\t\tthe root user for an account is affected. The opt-in and opt-out account setting\n\t\t\t\t\tmust be set for each Amazon ECS resource separately. The ARN and resource ID format\n\t\t\t\t\tof a resource is defined by the opt-in status of the user or role that created\n\t\t\t\t\tthe resource. You must turn on this setting to use Amazon ECS features such as\n\t\t\t\t\tresource tagging.
\n taskLongArnFormat - When modified, the Amazon Resource Name (ARN)\n\t\t\t\t\tand resource ID format of the resource type for a specified user, role, or the\n\t\t\t\t\troot user for an account is affected. The opt-in and opt-out account setting must\n\t\t\t\t\tbe set for each Amazon ECS resource separately. The ARN and resource ID format of a\n\t\t\t\t\tresource is defined by the opt-in status of the user or role that created the\n\t\t\t\t\tresource. You must turn on this setting to use Amazon ECS features such as resource\n\t\t\t\t\ttagging.
\n containerInstanceLongArnFormat - When modified, the Amazon\n\t\t\t\t\tResource Name (ARN) and resource ID format of the resource type for a specified\n\t\t\t\t\tuser, role, or the root user for an account is affected. The opt-in and opt-out\n\t\t\t\t\taccount setting must be set for each Amazon ECS resource separately. The ARN and\n\t\t\t\t\tresource ID format of a resource is defined by the opt-in status of the user or\n\t\t\t\t\trole that created the resource. You must turn on this setting to use Amazon ECS\n\t\t\t\t\tfeatures such as resource tagging.
\n awsvpcTrunking - When modified, the elastic network interface\n\t\t\t\t\t(ENI) limit for any new container instances that support the feature is changed.\n\t\t\t\t\tIf awsvpcTrunking is turned on, any new container instances that\n\t\t\t\t\tsupport the feature are launched have the increased ENI limits available to\n\t\t\t\t\tthem. For more information, see Elastic\n\t\t\t\t\t\tNetwork Interface Trunking in the Amazon Elastic Container Service Developer Guide.
\n containerInsights - When modified, the default setting indicating\n\t\t\t\t\twhether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed.\n\t\t\t\t\tIf containerInsights is turned on, any new clusters that are\n\t\t\t\t\tcreated will have Container Insights turned on unless you disable it during\n\t\t\t\t\tcluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
\n dualStackIPv6 - When turned on, when using a VPC in dual stack\n\t\t\t\t\tmode, your tasks using the awsvpc network mode can have an IPv6\n\t\t\t\t\taddress assigned. For more information on using IPv6 with tasks launched on\n\t\t\t\t\tAmazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6\n\t\t\t\t\twith tasks launched on Fargate, see Using a VPC in dual-stack mode.
\n fargateFIPSMode - If you specify fargateFIPSMode,\n\t\t\t\t\tFargate FIPS 140 compliance is affected.
\n fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a\n\t\t\t\t\tsecurity or infrastructure update is needed for an Amazon ECS task hosted on\n\t\t\t\t\tFargate, the tasks need to be stopped and new tasks launched to replace them.\n\t\t\t\t\tUse fargateTaskRetirementWaitPeriod to configure the wait time to\n\t\t\t\t\tretire a Fargate task. For information about the Fargate tasks maintenance,\n\t\t\t\t\tsee Amazon Web Services Fargate\n\t\t\t\t\t\ttask maintenance in the Amazon ECS Developer\n\t\t\t\t\tGuide.
\n tagResourceAuthorization - Amazon ECS is introducing tagging\n\t\t\t\t\tauthorization for resource creation. Users must have permissions for actions\n\t\t\t\t\tthat create the resource, such as ecsCreateCluster. If tags are\n\t\t\t\t\tspecified when you create a resource, Amazon Web Services performs additional authorization to\n\t\t\t\t\tverify if users or roles have permissions to create tags. Therefore, you must\n\t\t\t\t\tgrant explicit permissions to use the ecs:TagResource action. For\n\t\t\t\t\tmore information, see Grant permission to tag resources on creation in the\n\t\t\t\t\t\tAmazon ECS Developer Guide.
\n guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether\n\t\t\tAmazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your\n\t\t\tAmazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.
When you specify fargateTaskRetirementWaitPeriod for the name, the\n\t\t\tfollowing are the valid values:
\n 0 - Amazon Web Services sends the notification, and immediately retires the affected tasks.
\n 7 - Amazon Web Services sends the notification, and waits 7 calendar days to retire the tasks.
\n 14 - Amazon Web Services sends the notification, and waits 14 calendar days to retire the tasks.
The account setting value for the specified principal ARN. Accepted values are\n\t\t\t\tenabled, disabled, on, and\n\t\t\toff.
When you specify fargateTaskRetirementWaitPeriod for the\n\t\t\t\tname, the following are the valid values:
\n 0 - Amazon Web Services sends the notification, and immediately retires the\n\t\t\t\t\taffected tasks.
\n 7 - Amazon Web Services sends the notification, and waits 7 calendar days to\n\t\t\t\t\tretire the tasks.
\n 14 - Amazon Web Services sends the notification, and waits 14 calendar days to\n\t\t\t\t\tretire the tasks.
The ARN of the principal, which can be a user, role, or the root user. If\n\t\t\tyou specify the root user, it modifies the account setting for all users, roles,\n\t\t\tand the root user of the account unless a user or role explicitly overrides these\n\t\t\tsettings. If this field is omitted, the setting is changed only for the authenticated\n\t\t\tuser.
\nYou must use the root user when you set the Fargate wait time\n\t\t\t\t\t(fargateTaskRetirementWaitPeriod).
Federated users assume the account setting of the root user and can't have\n\t\t\t\texplicit account settings set for them.
\nThe ARN of the principal, which can be a user, role, or the root user. If you specify\n\t\t\tthe root user, it modifies the account setting for all users, roles, and the root user of the\n\t\t\taccount unless a user or role explicitly overrides these settings. If this field is\n\t\t\tomitted, the setting is changed only for the authenticated user.
\nYou must use the root user when you set the Fargate wait time\n\t\t\t\t\t(fargateTaskRetirementWaitPeriod).
Federated users assume the account setting of the root user and can't have explicit\n\t\t\t\taccount settings set for them.
\nRegisters a new task definition from the supplied family and\n\t\t\t\tcontainerDefinitions. Optionally, you can add data volumes to your\n\t\t\tcontainers with the volumes parameter. For more information about task\n\t\t\tdefinition parameters and defaults, see Amazon ECS Task\n\t\t\t\tDefinitions in the Amazon Elastic Container Service Developer Guide.
You can specify a role for your task with the taskRoleArn parameter.\n\t\t\tWhen you specify a role for a task, its containers can then use the latest versions\n\t\t\tof the CLI or SDKs to make API requests to the Amazon Web Services services that are specified in\n\t\t\tthe policy that's associated with the role. For more information, see IAM\n\t\t\t\tRoles for Tasks in the Amazon Elastic Container Service Developer Guide.
You can specify a Docker networking mode for the containers in your task definition\n\t\t\twith the networkMode parameter. The available network modes correspond to\n\t\t\tthose described in Network\n\t\t\t\tsettings in the Docker run reference. If you specify the awsvpc\n\t\t\tnetwork mode, the task is allocated an elastic network interface, and you must specify a\n\t\t\t\tNetworkConfiguration when you create a service or run a task with\n\t\t\tthe task definition. For more information, see Task Networking\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
Registers a new task definition from the supplied family and\n\t\t\t\tcontainerDefinitions. Optionally, you can add data volumes to your\n\t\t\tcontainers with the volumes parameter. For more information about task\n\t\t\tdefinition parameters and defaults, see Amazon ECS Task\n\t\t\t\tDefinitions in the Amazon Elastic Container Service Developer Guide.
You can specify a role for your task with the taskRoleArn parameter. When\n\t\t\tyou specify a role for a task, its containers can then use the latest versions of the\n\t\t\tCLI or SDKs to make API requests to the Amazon Web Services services that are specified in the\n\t\t\tpolicy that's associated with the role. For more information, see IAM\n\t\t\t\tRoles for Tasks in the Amazon Elastic Container Service Developer Guide.
You can specify a Docker networking mode for the containers in your task definition\n\t\t\twith the networkMode parameter. The available network modes correspond to\n\t\t\tthose described in Network\n\t\t\t\tsettings in the Docker run reference. If you specify the awsvpc\n\t\t\tnetwork mode, the task is allocated an elastic network interface, and you must specify a\n\t\t\t\tNetworkConfiguration when you create a service or run a task with\n\t\t\tthe task definition. For more information, see Task Networking\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
The amount of ephemeral storage to allocate for the task. This parameter is used to\n\t\t\texpand the total amount of ephemeral storage available, beyond the default amount, for\n\t\t\ttasks hosted on Fargate. For more information, see Fargate task\n\t\t\t\tstorage in the Amazon ECS User Guide for Fargate.
\nFor tasks using the Fargate launch type, the task requires\n\t\t\t\tthe following platforms:
\nLinux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
The amount of ephemeral storage to allocate for the task. This parameter is used to\n\t\t\texpand the total amount of ephemeral storage available, beyond the default amount, for\n\t\t\ttasks hosted on Fargate. For more information, see Using data volumes in\n\t\t\t\ttasks in the Amazon ECS Developer Guide.
\nFor tasks using the Fargate launch type, the task requires the\n\t\t\t\tfollowing platforms:
\nLinux platform version 1.4.0 or later.
Windows platform version 1.0.0 or later.
The operating system that your tasks definitions run on. A platform family is\n\t\t\tspecified only for tasks using the Fargate launch type.
\nWhen you specify a task definition in a service, this value must match the\n\t\t\t\truntimePlatform value of the service.
The operating system that your tasks definitions run on. A platform family is\n\t\t\tspecified only for tasks using the Fargate launch type.
" } } }, @@ -8991,7 +9348,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -9003,7 +9363,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -9017,20 +9380,20 @@ "value": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The value for the specified resource type.
\nIf the GPU type is used, the value is the number of physical\n\t\t\t\tGPUs the Amazon ECS container agent reserves for the container. The number\n\t\t\tof GPUs that's reserved for all containers in a task can't exceed the number of\n\t\t\tavailable GPUs on the container instance that the task is launched on.
If the InferenceAccelerator type is used, the value matches\n\t\t\tthe deviceName for an InferenceAccelerator specified in a\n\t\t\ttask definition.
The value for the specified resource type.
\nWhen the type is GPU, the value is the number of physical GPUs the\n\t\t\tAmazon ECS container agent reserves for the container. The number of GPUs that's reserved for\n\t\t\tall containers in a task can't exceed the number of available GPUs on the container\n\t\t\tinstance that the task is launched on.
When the type is InferenceAccelerator, the value matches\n\t\t\tthe deviceName for an InferenceAccelerator specified in a task definition.
The type of resource to assign to a container. The supported values are\n\t\t\t\tGPU or InferenceAccelerator.
The type of resource to assign to a container.
", "smithy.api#required": {} } } }, "traits": { - "smithy.api#documentation": "The type and amount of a resource to assign to a container. The supported resource types are\n\t\t\tGPUs and Elastic Inference accelerators. For more information, see Working with\n\t\t\t\tGPUs on Amazon ECS or Working with\n\t\t\t\tAmazon Elastic Inference on Amazon ECS in the Amazon Elastic Container Service Developer Guide\n
" + "smithy.api#documentation": "The type and amount of a resource to assign to a container. The supported resource\n\t\t\ttypes are GPUs and Elastic Inference accelerators. For more information, see Working with\n\t\t\t\tGPUs on Amazon ECS or Working with Amazon Elastic\n\t\t\t\tInference on Amazon ECS in the Amazon Elastic Container Service Developer Guide\n
" } }, "com.amazonaws.ecs#ResourceRequirements": { @@ -9103,7 +9466,7 @@ } ], "traits": { - "smithy.api#documentation": "Starts a new task using the specified task definition.
\nYou can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places\n\t\t\ttasks using placement constraints and placement strategies. For more information, see\n\t\t\t\tScheduling Tasks in the Amazon Elastic Container Service Developer Guide.
\nAlternatively, you can use StartTask to use your own scheduler or\n\t\t\tplace tasks manually on specific container instances.
\nStarting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
\nThe Amazon ECS API follows an eventual consistency model. This is because of the\n\t\t\tdistributed nature of the system supporting the API. This means that the result of an\n\t\t\tAPI command you run that affects your Amazon ECS resources might not be immediately visible\n\t\t\tto all subsequent commands you run. Keep this in mind when you carry out an API command\n\t\t\tthat immediately follows a previous API command.
\nTo manage eventual consistency, you can do the following:
\nConfirm the state of the resource before you run a command to modify it. Run\n\t\t\t\t\tthe DescribeTasks command using an exponential backoff algorithm to ensure that\n\t\t\t\t\tyou allow enough time for the previous command to propagate through the system.\n\t\t\t\t\tTo do this, run the DescribeTasks command repeatedly, starting with a couple of\n\t\t\t\t\tseconds of wait time and increasing gradually up to five minutes of wait\n\t\t\t\t\ttime.
\nAdd wait time between subsequent commands, even if the DescribeTasks command\n\t\t\t\t\treturns an accurate response. Apply an exponential backoff algorithm starting\n\t\t\t\t\twith a couple of seconds of wait time, and increase gradually up to about five\n\t\t\t\t\tminutes of wait time.
\nStarts a new task using the specified task definition.
\nOn March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.
\nYou can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places\n\t\t\ttasks using placement constraints and placement strategies. For more information, see\n\t\t\t\tScheduling Tasks in the Amazon Elastic Container Service Developer Guide.
\nAlternatively, you can use StartTask to use your own scheduler or\n\t\t\tplace tasks manually on specific container instances.
\nStarting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
\nYou can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or\n\t\t\tupdating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.
\nThe Amazon ECS API follows an eventual consistency model. This is because of the\n\t\t\tdistributed nature of the system supporting the API. This means that the result of an\n\t\t\tAPI command you run that affects your Amazon ECS resources might not be immediately visible\n\t\t\tto all subsequent commands you run. Keep this in mind when you carry out an API command\n\t\t\tthat immediately follows a previous API command.
\nTo manage eventual consistency, you can do the following:
\nConfirm the state of the resource before you run a command to modify it. Run\n\t\t\t\t\tthe DescribeTasks command using an exponential backoff algorithm to ensure that\n\t\t\t\t\tyou allow enough time for the previous command to propagate through the system.\n\t\t\t\t\tTo do this, run the DescribeTasks command repeatedly, starting with a couple of\n\t\t\t\t\tseconds of wait time and increasing gradually up to five minutes of wait\n\t\t\t\t\ttime.
\nAdd wait time between subsequent commands, even if the DescribeTasks command\n\t\t\t\t\treturns an accurate response. Apply an exponential backoff algorithm starting\n\t\t\t\t\twith a couple of seconds of wait time, and increase gradually up to about five\n\t\t\t\t\tminutes of wait time.
\nThe infrastructure to run your standalone task on. For more information, see Amazon ECS\n\t\t\t\tlaunch types in the Amazon Elastic Container Service Developer Guide.
\nThe FARGATE launch type runs your tasks on Fargate On-Demand\n\t\t\tinfrastructure.
Fargate Spot infrastructure is available for use but a capacity provider\n\t\t\t\tstrategy must be used. For more information, see Fargate capacity providers in the\n\t\t\t\t\tAmazon ECS User Guide for Fargate.
\nThe EC2 launch type runs your tasks on Amazon EC2 instances registered to your\n\t\t\tcluster.
The EXTERNAL launch type runs your tasks on your on-premises server or\n\t\t\tvirtual machine (VM) capacity registered to your cluster.
A task can use either a launch type or a capacity provider strategy. If a\n\t\t\t\tlaunchType is specified, the capacityProviderStrategy\n\t\t\tparameter must be omitted.
When you use cluster auto scaling, you must specify\n\t\t\t\tcapacityProviderStrategy and not launchType.
The infrastructure to run your standalone task on. For more information, see Amazon ECS\n\t\t\t\tlaunch types in the Amazon Elastic Container Service Developer Guide.
\nThe FARGATE launch type runs your tasks on Fargate On-Demand\n\t\t\tinfrastructure.
Fargate Spot infrastructure is available for use but a capacity provider\n\t\t\t\tstrategy must be used. For more information, see Fargate capacity providers in the\n\t\t\t\t\tAmazon ECS Developer Guide.
\nThe EC2 launch type runs your tasks on Amazon EC2 instances registered to your\n\t\t\tcluster.
The EXTERNAL launch type runs your tasks on your on-premises server or\n\t\t\tvirtual machine (VM) capacity registered to your cluster.
A task can use either a launch type or a capacity provider strategy. If a\n\t\t\t\tlaunchType is specified, the capacityProviderStrategy\n\t\t\tparameter must be omitted.
When you use cluster auto scaling, you must specify\n\t\t\t\tcapacityProviderStrategy and not launchType.
An optional tag specified when a task is started. For example, if you automatically trigger\n\t\t\ta task to run a batch process job, you could apply a unique identifier for that job to\n\t\t\tyour task with the startedBy parameter. You can then identify which tasks\n\t\t\tbelong to that job by filtering the results of a ListTasks call with\n\t\t\tthe startedBy value. Up to 128 letters (uppercase and lowercase), numbers,\n\t\t\thyphens (-), and underscores (_) are allowed.
If a task is started by an Amazon ECS service, then the startedBy parameter\n\t\t\tcontains the deployment ID of the service that starts it.
An optional tag specified when a task is started. For example, if you automatically\n\t\t\ttrigger a task to run a batch process job, you could apply a unique identifier for that\n\t\t\tjob to your task with the startedBy parameter. You can then identify which\n\t\t\ttasks belong to that job by filtering the results of a ListTasks call\n\t\t\twith the startedBy value. Up to 128 letters (uppercase and lowercase),\n\t\t\tnumbers, hyphens (-), and underscores (_) are allowed.
If a task is started by an Amazon ECS service, then the startedBy parameter\n\t\t\tcontains the deployment ID of the service that starts it.
The family and revision (family:revision) or\n\t\t\tfull ARN of the task definition to run. If a revision isn't specified,\n\t\t\tthe latest ACTIVE revision is used.
When you create a policy for run-task, you can set the resource to be the latest\n\t\t\ttask definition revision, or a specific revision.
\nThe full ARN value must match the value that you specified as the\n\t\t\t\tResource of the principal's permissions policy.
When you specify the policy resource as the latest task definition version (by setting\n\t\t\tthe Resource in the policy to\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName),\n\t\t\tthen set this value to\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName.
When you specify the policy resource as a specific task definition version (by setting\n\t\t\tthe Resource in the policy to\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:1 or\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:*),\n\t\t\tthen set this value to\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:1.
For more information, see Policy Resources for Amazon ECS in the Amazon Elastic Container Service developer Guide.
", + "smithy.api#documentation": "The family and revision (family:revision) or\n\t\t\tfull ARN of the task definition to run. If a revision isn't specified,\n\t\t\tthe latest ACTIVE revision is used.
The full ARN value must match the value that you specified as the\n\t\t\t\tResource of the principal's permissions policy.
When you specify a task definition, you must either specify a specific revision, or\n\t\t\tall revisions in the ARN.
\nTo specify a specific revision, include the revision number in the ARN. For example,\n\t\t\tto specify revision 2, use\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:2.
To specify all revisions, use the wildcard (*) in the ARN. For example, to specify all\n\t\t\trevisions, use\n\t\t\t\tarn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:*.
For more information, see Policy Resources for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
", "smithy.api#required": {} } }, "clientToken": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "An identifier that you provide to ensure the idempotency of the request. It must be unique\n\t\t\tand is case sensitive. Up to 64 characters are allowed. The valid characters are characters in the range of 33-126, inclusive. For more information, see\n\t\t\t\tEnsuring idempotency.
", + "smithy.api#documentation": "An identifier that you provide to ensure the idempotency of the request. It must be\n\t\t\tunique and is case sensitive. Up to 64 characters are allowed. The valid characters are\n\t\t\tcharacters in the range of 33-126, inclusive. For more information, see Ensuring idempotency.
", "smithy.api#idempotencyToken": {} } + }, + "volumeConfigurations": { + "target": "com.amazonaws.ecs#TaskVolumeConfigurations", + "traits": { + "smithy.api#documentation": "The details of the volume that was configuredAtLaunch. You can configure\n\t\t\tthe size, volumeType, IOPS, throughput, snapshot and encryption in in TaskManagedEBSVolumeConfiguration. The name of the volume must\n\t\t\tmatch the name from the task definition.
Any failures associated with the call.
" + "smithy.api#documentation": "Any failures associated with the call.
\nFor information about how to address failures, see Service event messages and API failure\n\t\t\t\treasons in the Amazon Elastic Container Service Developer Guide.
" } } }, @@ -9381,7 +9750,7 @@ "valueFrom": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The secret to expose to the container. The supported values are either the full ARN\n\t\t\tof the Secrets Manager secret or the full ARN of the parameter in the SSM Parameter\n\t\t\tStore.
\nFor information about the require Identity and Access Management permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter\n\t\t\tstore) in the Amazon Elastic Container Service Developer Guide.
\nIf the SSM Parameter Store parameter exists in the same Region as the task\n\t\t\t\tyou're launching, then you can use either the full ARN or name of the parameter.\n\t\t\t\tIf the parameter exists in a different Region, then the full ARN must be\n\t\t\t\tspecified.
\nThe secret to expose to the container. The supported values are either the full ARN\n\t\t\tof the Secrets Manager secret or the full ARN of the parameter in the SSM\n\t\t\tParameter Store.
\nFor information about the require Identity and Access Management permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or\n\t\t\t\tRequired IAM permissions for Amazon ECS secrets (for Systems Manager Parameter\n\t\t\tstore) in the Amazon Elastic Container Service Developer Guide.
\nIf the SSM Parameter Store parameter exists in the same Region as the task\n\t\t\t\tyou're launching, then you can use either the full ARN or name of the parameter.\n\t\t\t\tIf the parameter exists in a different Region, then the full ARN must be\n\t\t\t\tspecified.
\nMessage that describes the cause of the exception.
" + } } }, "traits": { @@ -9654,7 +10026,7 @@ "namespace": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace for use with Service Connect. The namespace must be in\n\t\t\tthe same Amazon Web Services Region as the Amazon ECS service and cluster. The type of namespace doesn't\n\t\t\taffect Service Connect. For more information about Cloud Map, see Working with Services in the\n\t\t\tCloud Map Developer Guide.
" + "smithy.api#documentation": "The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace for use with Service Connect. The namespace must be in\n\t\t\tthe same Amazon Web Services Region as the Amazon ECS service and cluster. The type of namespace doesn't\n\t\t\taffect Service Connect. For more information about Cloud Map, see Working\n\t\t\t\twith Services in the Cloud Map Developer Guide.
" } }, "services": { @@ -9698,6 +10070,18 @@ "traits": { "smithy.api#documentation": "The port number for the Service Connect proxy to listen on.
\nUse the value of this field to bypass the proxy for traffic on the port number\n\t\t\tspecified in the named portMapping in the task definition of this\n\t\t\tapplication, and then use it in your VPC security groups to allow traffic into the proxy\n\t\t\tfor this Amazon ECS service.
In awsvpc mode and Fargate, the default value is the container port\n\t\t\tnumber. The container port number is in the portMapping in the task\n\t\t\tdefinition. In bridge mode, the default value is the ephemeral port of the\n\t\t\tService Connect proxy.
A reference to an object that represents the configured timeouts for\n\t\t\tService Connect.
" + } + }, + "tls": { + "target": "com.amazonaws.ecs#ServiceConnectTlsConfiguration", + "traits": { + "smithy.api#documentation": "A reference to an object that represents a Transport Layer Security (TLS)\n\t\t\tconfiguration.
" + } } }, "traits": { @@ -9736,6 +10120,47 @@ "target": "com.amazonaws.ecs#ServiceConnectServiceResource" } }, + "com.amazonaws.ecs#ServiceConnectTlsCertificateAuthority": { + "type": "structure", + "members": { + "awsPcaAuthorityArn": { + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "The ARN of the Amazon Web Services Private Certificate Authority certificate.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The certificate root authority that secures your service.
" + } + }, + "com.amazonaws.ecs#ServiceConnectTlsConfiguration": { + "type": "structure", + "members": { + "issuerCertificateAuthority": { + "target": "com.amazonaws.ecs#ServiceConnectTlsCertificateAuthority", + "traits": { + "smithy.api#documentation": "The signer certificate authority.
", + "smithy.api#required": {} + } + }, + "kmsKey": { + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "The Amazon Web Services Key Management Service key.
" + } + }, + "roleArn": { + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role that's associated with the Service Connect TLS.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The key that encrypts and decrypts your resources for Service Connect TLS.
" + } + }, "com.amazonaws.ecs#ServiceEvent": { "type": "structure", "members": { @@ -9785,11 +10210,83 @@ "target": "com.amazonaws.ecs#ServiceField" } }, + "com.amazonaws.ecs#ServiceManagedEBSVolumeConfiguration": { + "type": "structure", + "members": { + "encrypted": { + "target": "com.amazonaws.ecs#BoxedBoolean", + "traits": { + "smithy.api#documentation": "Indicates whether the volume should be encrypted. If no value is specified, encryption\n\t\t\tis turned on by default. This parameter maps 1:1 with the Encrypted\n\t\t\tparameter of the CreateVolume API in\n\t\t\tthe Amazon EC2 API Reference.
The Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. When\n\t\t\tencryption is turned on and no Amazon Web Services Key Management Service key is specified, the default Amazon Web Services managed key\n\t\t\tfor Amazon EBS volumes is used. This parameter maps 1:1 with the KmsKeyId\n\t\t\tparameter of the CreateVolume API in\n\t\t\tthe Amazon EC2 API Reference.
Amazon Web Services authenticates the Amazon Web Services Key Management Service key asynchronously. Therefore, if you specify an\n\t\t\t\tID, alias, or ARN that is invalid, the action can appear to complete, but\n\t\t\t\teventually fails.
\nThe volume type. This parameter maps 1:1 with the VolumeType parameter of\n\t\t\tthe CreateVolume API in the Amazon EC2 API Reference. For more\n\t\t\tinformation, see Amazon EBS volume types in\n\t\t\tthe Amazon EC2 User Guide.
The following are the supported volume types.
\nGeneral Purpose SSD: gp2|gp3\n
Provisioned IOPS SSD: io1|io2\n
Throughput Optimized HDD: st1\n
Cold HDD: sc1\n
Magnetic: standard\n
The magnetic volume type is not supported on Fargate.
\nThe size of the volume in GiB. You must specify either a volume size or a snapshot ID.\n\t\t\tIf you specify a snapshot ID, the snapshot size is used for the volume size by default.\n\t\t\tYou can optionally specify a volume size greater than or equal to the snapshot size.\n\t\t\tThis parameter maps 1:1 with the Size parameter of the CreateVolume API in the Amazon EC2 API Reference.
The following are the supported volume size values for each volume type.
\n\n gp2 and gp3: 1-16,384
\n io1 and io2: 4-16,384
\n st1 and sc1: 125-16,384
\n standard: 1-1,024
The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot\n\t\t\tID or a volume size. This parameter maps 1:1 with the SnapshotId parameter\n\t\t\tof the CreateVolume API in\n\t\t\tthe Amazon EC2 API Reference.
The number of I/O operations per second (IOPS). For gp3,\n\t\t\tio1, and io2 volumes, this represents the number of IOPS that\n\t\t\tare provisioned for the volume. For gp2 volumes, this represents the\n\t\t\tbaseline performance of the volume and the rate at which the volume accumulates I/O\n\t\t\tcredits for bursting.
The following are the supported values for each volume type.
\n\n gp3: 3,000 - 16,000 IOPS
\n io1: 100 - 64,000 IOPS
\n io2: 100 - 256,000 IOPS
This parameter is required for io1 and io2 volume types. The\n\t\t\tdefault for gp3 volumes is 3,000 IOPS. This parameter is not\n\t\t\tsupported for st1, sc1, or standard volume\n\t\t\ttypes.
This parameter maps 1:1 with the Iops parameter of the CreateVolume API in the Amazon EC2 API Reference.
The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s.\n\t\t\tThis parameter maps 1:1 with the Throughput parameter of the CreateVolume API in the Amazon EC2 API Reference.
This parameter is only supported for the gp3 volume type.
The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This\n\t\t\tparameter maps 1:1 with the TagSpecifications.N parameter of the CreateVolume API in the Amazon EC2 API Reference.
The ARN of the IAM role to associate with this volume. This is the Amazon ECS\n\t\t\tinfrastructure IAM role that is used to manage your Amazon Web Services infrastructure. We recommend\n\t\t\tusing the Amazon ECS-managed AmazonECSInfrastructureRolePolicyForVolumes IAM\n\t\t\tpolicy with this role. For more information, see Amazon ECS\n\t\t\t\tinfrastructure IAM role in the Amazon ECS Developer\n\t\t\tGuide.
The Linux filesystem type for the volume. For volumes created from a snapshot, you\n\t\t\tmust specify the same filesystem type that the volume was using when the snapshot was\n\t\t\tcreated. If there is a filesystem type mismatch, the task will fail to start.
\nThe available filesystem types are\u2028 ext3, ext4, and\n\t\t\t\txfs. If no value is specified, the xfs filesystem type is\n\t\t\tused by default.
The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.\n\t\t\tThese settings are used to create each Amazon EBS volume, with one volume created for each\n\t\t\ttask in the service.
\nMany of these parameters map 1:1 with the Amazon EBS CreateVolume API request\n\t\t\tparameters.
Message that describes the cause of the exception.
" + } } }, "traits": { @@ -9801,7 +10298,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -9847,6 +10347,33 @@ "smithy.api#documentation": "The details for the service registry.
\nEach service may be associated with one service registry. Multiple service registries\n\t\t\tfor each service are not supported.
\nWhen you add, update, or remove the service registries configuration, Amazon ECS starts a\n\t\t\tnew deployment. New tasks are registered and deregistered to the updated service\n\t\t\tregistry configuration.
" } }, + "com.amazonaws.ecs#ServiceVolumeConfiguration": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.ecs#ECSVolumeName", + "traits": { + "smithy.api#documentation": "The name of the volume. This value must match the volume name from the\n\t\t\t\tVolume object in the task definition.
The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.\n\t\t\tThese settings are used to create each Amazon EBS volume, with one volume created for each\n\t\t\ttask in the service. The Amazon EBS volumes are visible in your account in the Amazon EC2 console\n\t\t\tonce they are created.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The configuration for a volume specified in the task definition as a volume that is\n\t\t\tconfigured at launch time. Currently, the only supported volume type is an Amazon EBS\n\t\t\tvolume.
" + } + }, + "com.amazonaws.ecs#ServiceVolumeConfigurations": { + "type": "list", + "member": { + "target": "com.amazonaws.ecs#ServiceVolumeConfiguration" + } + }, "com.amazonaws.ecs#Services": { "type": "list", "member": { @@ -9897,7 +10424,7 @@ "principalArn": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The ARN of the principal. It can be a user, role, or the root user. If this\n\t\t\tfield is omitted, the authenticated user is assumed.
" + "smithy.api#documentation": "The ARN of the principal. It can be a user, role, or the root user. If this field is\n\t\t\tomitted, the authenticated user is assumed.
" } }, "type": { @@ -10047,10 +10574,13 @@ }, { "target": "com.amazonaws.ecs#ServerException" + }, + { + "target": "com.amazonaws.ecs#UnsupportedFeatureException" } ], "traits": { - "smithy.api#documentation": "Starts a new task from the specified task definition on the specified container\n\t\t\tinstance or instances.
\nStarting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
\nAlternatively, you can use RunTask to place tasks for you. For more\n\t\t\tinformation, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "Starts a new task from the specified task definition on the specified container\n\t\t\tinstance or instances.
\nOn March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.
\nStarting April 15, 2023, Amazon Web Services will not onboard new customers to Amazon Elastic Inference (EI), and will help current customers migrate their workloads to options that offer better price and performance. After April 15, 2023, new customers will not be able to launch instances with Amazon EI accelerators in Amazon SageMaker, Amazon ECS, or Amazon EC2. However, customers who have used Amazon EI at least once during the past 30-day period are considered current customers and will be able to continue using the service.
\nAlternatively, you can use RunTask to place tasks for you. For more\n\t\t\tinformation, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
\nYou can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when creating or\n\t\t\tupdating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.
" } }, "com.amazonaws.ecs#StartTaskRequest": { @@ -10080,7 +10610,7 @@ "target": "com.amazonaws.ecs#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "Whether or not the execute command functionality is turned on for the task. If\n\t\t\t\ttrue, this turns on the execute command functionality on all containers in\n\t\t\tthe task.
Whether or not the execute command functionality is turned on for the task. If\n\t\t\t\ttrue, this turns on the execute command functionality on all containers\n\t\t\tin the task.
The family and revision (family:revision) or\n\t\t\tfull ARN of the task definition to start. If a revision isn't specified,\n\t\t\tthe latest ACTIVE revision is used.
The details of the volume that was configuredAtLaunch. You can configure\n\t\t\tthe size, volumeType, IOPS, throughput, snapshot and encryption in TaskManagedEBSVolumeConfiguration. The name of the volume must\n\t\t\tmatch the name from the task definition.
Stops a running task. Any tags associated with the task will be deleted.
\nWhen StopTask is called on a task, the equivalent of docker\n\t\t\t\tstop is issued to the containers running in the task. This results in a\n\t\t\t\tSIGTERM value and a default 30-second timeout, after which the\n\t\t\t\tSIGKILL value is sent and the containers are forcibly stopped. If the\n\t\t\tcontainer handles the SIGTERM value gracefully and exits within 30 seconds\n\t\t\tfrom receiving it, no SIGKILL value is sent.
The default 30-second timeout can be configured on the Amazon ECS container agent with\n\t\t\t\tthe ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see\n\t\t\t\t\tAmazon ECS Container Agent Configuration in the\n\t\t\t\tAmazon Elastic Container Service Developer Guide.
Stops a running task. Any tags associated with the task will be deleted.
\nWhen StopTask is called on a task, the equivalent of docker\n\t\t\t\tstop is issued to the containers running in the task. This results in a\n\t\t\t\tSIGTERM value and a default 30-second timeout, after which the\n\t\t\t\tSIGKILL value is sent and the containers are forcibly stopped. If the\n\t\t\tcontainer handles the SIGTERM value gracefully and exits within 30 seconds\n\t\t\tfrom receiving it, no SIGKILL value is sent.
For Windows containers, POSIX signals do not work and runtime stops the container by sending\n\t\t\ta CTRL_SHUTDOWN_EVENT. For more information, see Unable to react to graceful shutdown\n\t\t\t\tof (Windows) container #25982 on GitHub.
The default 30-second timeout can be configured on the Amazon ECS container agent with\n\t\t\t\tthe ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see\n\t\t\t\t\tAmazon ECS Container Agent Configuration in the\n\t\t\t\tAmazon Elastic Container Service Developer Guide.
An optional message specified when a task is stopped. For example, if you're using a\n\t\t\tcustom scheduler, you can use this parameter to specify the reason for stopping the task\n\t\t\there, and the message appears in subsequent DescribeTasks API\n\t\t\toperations on this task. Up to 255 characters are allowed in this message.
" + "smithy.api#documentation": "An optional message specified when a task is stopped. For example, if you're using a\n\t\t\tcustom scheduler, you can use this parameter to specify the reason for stopping the task\n\t\t\there, and the message appears in subsequent DescribeTasks API\n\t\t\toperations on this task.
" } } }, @@ -10522,12 +11058,12 @@ "value": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The namespaced kernel parameter to set a\n\t\t\tvalue for.
Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\"\n\t\t\t| \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" |\n\t\t\t\"kernel.shmmni\" | \"kernel.shm_rmid_forced\", and\n\t\t\tSysctls that start with\n\t\t\t\"fs.mqueue.*\"\n
Valid network namespace values: Sysctls that start with\n\t\t\t\"net.*\"\n
All of these values are supported by Fargate.
" + "smithy.api#documentation": "The namespaced kernel parameter to set a value for.
Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\"\n\t\t\t\t| \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" | \"kernel.shmmni\" |\n\t\t\t\t\"kernel.shm_rmid_forced\", and Sysctls that start with\n\t\t\t\t\"fs.mqueue.*\"\n
Valid network namespace values: Sysctls that start with\n\t\t\t\t\"net.*\"\n
All of these values are supported by Fargate.
" } } }, "traits": { - "smithy.api#documentation": "A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl option to docker run.
We don't recommend that you specify network-related systemControls\n\t\t\tparameters for multiple containers in a single task. This task also uses either the\n\t\t\t\tawsvpc or host network mode. It does it for the following\n\t\t\treasons.
For tasks that use the awsvpc network mode, if you set\n\t\t\t\t\t\tsystemControls for any container, it applies to all containers\n\t\t\t\t\tin the task. If you set different systemControls for multiple\n\t\t\t\t\tcontainers in a single task, the container that's started last determines which\n\t\t\t\t\t\tsystemControls take effect.
For tasks that use the host network mode, the\n\t\t\t\t\t\tsystemControls parameter applies to the container instance's\n\t\t\t\t\tkernel parameter and that of all containers of any tasks running on that\n\t\t\t\t\tcontainer instance.
A list of namespaced kernel parameters to set in the container. This parameter maps to\n\t\t\t\tSysctls in the Create a container section of the\n\t\t\tDocker Remote API and the --sysctl option to docker run. For example, you can configure\n\t\t\t\tnet.ipv4.tcp_keepalive_time setting to maintain longer lived\n\t\t\tconnections.
We don't recommend that you specify network-related systemControls\n\t\t\tparameters for multiple containers in a single task that also uses either the\n\t\t\t\tawsvpc or host network mode. Doing this has the following\n\t\t\tdisadvantages:
For tasks that use the awsvpc network mode including Fargate,\n\t\t\t\t\tif you set systemControls for any container, it applies to all\n\t\t\t\t\tcontainers in the task. If you set different systemControls for\n\t\t\t\t\tmultiple containers in a single task, the container that's started last\n\t\t\t\t\tdetermines which systemControls take effect.
For tasks that use the host network mode, the network namespace\n\t\t\t\t\t\tsystemControls aren't supported.
If you're setting an IPC resource namespace to use for the containers in the task, the\n\t\t\tfollowing conditions apply to your system controls. For more information, see IPC mode.
\nFor tasks that use the host IPC mode, IPC namespace\n\t\t\t\t\t\tsystemControls aren't supported.
For tasks that use the task IPC mode, IPC namespace\n\t\t\t\t\t\tsystemControls values apply to all containers within a\n\t\t\t\t\ttask.
This parameter is not supported for Windows containers.
\nThis parameter is only supported for tasks that are hosted on\n Fargate if the tasks are using platform version 1.4.0 or later\n (Linux). This isn't supported for Windows containers on\n Fargate.
Message that describes the cause of the exception.
" + } } }, "traits": { - "smithy.api#documentation": "The execute command cannot run. This error can be caused by any of the following\n\t\t\tconfiguration issues:
\nIncorrect IAM permissions
\nThe SSM agent is not installed or is not running
\nThere is an interface Amazon VPC endpoint for Amazon ECS, but there is not one for Systems\n\t\t\t\t\tManager Session Manager
\nFor information about how to troubleshoot the issues, see Troubleshooting issues with ECS\n\t\t\t\tExec in the Amazon Elastic Container Service Developer Guide.
", + "smithy.api#documentation": "The execute command cannot run. This error can be caused by any of the following\n\t\t\tconfiguration issues:
\nIncorrect IAM permissions
\nThe SSM agent is not installed or is not running
\nThere is an interface Amazon VPC endpoint for Amazon ECS, but there is not one for\n\t\t\t\t\tSystems Manager Session Manager
\nFor information about how to troubleshoot the issues, see Troubleshooting issues with ECS\n\t\t\t\tExec in the Amazon Elastic Container Service Developer Guide.
", "smithy.api#error": "client" } }, @@ -10684,7 +11223,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -10872,7 +11414,7 @@ "stopCode": { "target": "com.amazonaws.ecs#TaskStopCode", "traits": { - "smithy.api#documentation": "The stop code indicating why a task was stopped. The stoppedReason might\n\t\t\tcontain additional details.
For more information about stop code, see Stopped tasks error codes in the Amazon ECS User Guide.
\nThe following are valid values:
\n\n TaskFailedToStart\n
\n EssentialContainerExited\n
\n UserInitiated\n
\n TerminationNotice\n
\n ServiceSchedulerInitiated\n
\n SpotInterruption\n
The stop code indicating why a task was stopped. The stoppedReason might\n\t\t\tcontain additional details.
For more information about stop code, see Stopped tasks\n\t\t\t\terror codes in the Amazon ECS Developer Guide.
" } }, "stoppedAt": { @@ -10923,6 +11465,12 @@ "traits": { "smithy.api#documentation": "The ephemeral storage settings for the task.
" } + }, + "fargateEphemeralStorage": { + "target": "com.amazonaws.ecs#TaskEphemeralStorage", + "traits": { + "smithy.api#documentation": "The Fargate ephemeral storage settings for the task.
" + } } }, "traits": { @@ -10953,7 +11501,7 @@ "taskRoleArn": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The short name or full Amazon Resource Name (ARN) of the Identity and Access Management role that grants containers in the\n\t\t\ttask permission to call Amazon Web Services APIs on your behalf. For more information, see Amazon ECS\n\t\t\t\tTask Role in the Amazon Elastic Container Service Developer Guide.
\nIAM roles for tasks on Windows require that the -EnableTaskIAMRole option\n\t\t\tis set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some\n\t\t\tconfiguration code to use the feature. For more information, see Windows IAM roles\n\t\t\t\tfor tasks in the Amazon Elastic Container Service Developer Guide.
The short name or full Amazon Resource Name (ARN) of the Identity and Access Management role that grants containers in the\n\t\t\ttask permission to call Amazon Web Services APIs on your behalf. For more information, see Amazon ECS\n\t\t\t\tTask Role in the Amazon Elastic Container Service Developer Guide.
\nIAM roles for tasks on Windows require that the -EnableTaskIAMRole\n\t\t\toption is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some\n\t\t\tconfiguration code to use the feature. For more information, see Windows IAM roles\n\t\t\t\tfor tasks in the Amazon Elastic Container Service Developer Guide.
The constraint on task placement in the task definition. For more\n\t\t\tinformation, see Task placement constraints in the\n\t\t\tAmazon Elastic Container Service Developer Guide.
\nTask placement constraints aren't supported for tasks run on Fargate.
\nThe constraint on task placement in the task definition. For more information, see\n\t\t\t\tTask placement constraints in the\n\t\t\tAmazon Elastic Container Service Developer Guide.
\nTask placement constraints aren't supported for tasks run on Fargate.
\nThe total amount, in GiB, of the ephemeral storage to set for the task. The minimum \t\t\n\t\t\tsupported value is 20 GiB and the maximum supported value is\u2028 200 \n\t\t\tGiB.
Specify an Key Management Service key ID to encrypt the ephemeral storage for the task.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The amount of ephemeral storage to allocate for the task.
" + } + }, "com.amazonaws.ecs#TaskField": { "type": "enum", "members": { @@ -11205,6 +11774,119 @@ "target": "com.amazonaws.ecs#TaskField" } }, + "com.amazonaws.ecs#TaskFilesystemType": { + "type": "enum", + "members": { + "EXT3": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ext3" + } + }, + "EXT4": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ext4" + } + }, + "XFS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "xfs" + } + } + } + }, + "com.amazonaws.ecs#TaskManagedEBSVolumeConfiguration": { + "type": "structure", + "members": { + "encrypted": { + "target": "com.amazonaws.ecs#BoxedBoolean", + "traits": { + "smithy.api#documentation": "Indicates whether the volume should be encrypted. If no value is specified, encryption\n\t\t\tis turned on by default. This parameter maps 1:1 with the Encrypted\n\t\t\tparameter of the CreateVolume API in\n\t\t\tthe Amazon EC2 API Reference.
The Amazon Resource Name (ARN) identifier of the Amazon Web Services Key Management Service key to use for Amazon EBS encryption. When\n\t\t\tencryption is turned on and no Amazon Web Services Key Management Service key is specified, the default Amazon Web Services managed key\n\t\t\tfor Amazon EBS volumes is used. This parameter maps 1:1 with the KmsKeyId\n\t\t\tparameter of the CreateVolume API in\n\t\t\tthe Amazon EC2 API Reference.
Amazon Web Services authenticates the Amazon Web Services Key Management Service key asynchronously. Therefore, if you specify an\n\t\t\t\tID, alias, or ARN that is invalid, the action can appear to complete, but\n\t\t\t\teventually fails.
\nThe volume type. This parameter maps 1:1 with the VolumeType parameter of\n\t\t\tthe CreateVolume API in the Amazon EC2 API Reference. For more\n\t\t\tinformation, see Amazon EBS volume types in\n\t\t\tthe Amazon EC2 User Guide.
The following are the supported volume types.
\nGeneral Purpose SSD: gp2|gp3\n
Provisioned IOPS SSD: io1|io2\n
Throughput Optimized HDD: st1\n
Cold HDD: sc1\n
Magnetic: standard\n
The magnetic volume type is not supported on Fargate.
\nThe size of the volume in GiB. You must specify either a volume size or a snapshot ID.\n\t\t\tIf you specify a snapshot ID, the snapshot size is used for the volume size by default.\n\t\t\tYou can optionally specify a volume size greater than or equal to the snapshot size.\n\t\t\tThis parameter maps 1:1 with the Size parameter of the CreateVolume API in the Amazon EC2 API Reference.
The following are the supported volume size values for each volume type.
\n\n gp2 and gp3: 1-16,384
\n io1 and io2: 4-16,384
\n st1 and sc1: 125-16,384
\n standard: 1-1,024
The snapshot that Amazon ECS uses to create the volume. You must specify either a snapshot\n\t\t\tID or a volume size. This parameter maps 1:1 with the SnapshotId parameter\n\t\t\tof the CreateVolume API in\n\t\t\tthe Amazon EC2 API Reference.
The number of I/O operations per second (IOPS). For gp3,\n\t\t\tio1, and io2 volumes, this represents the number of IOPS that\n\t\t\tare provisioned for the volume. For gp2 volumes, this represents the\n\t\t\tbaseline performance of the volume and the rate at which the volume accumulates I/O\n\t\t\tcredits for bursting.
The following are the supported values for each volume type.
\n\n gp3: 3,000 - 16,000 IOPS
\n io1: 100 - 64,000 IOPS
\n io2: 100 - 256,000 IOPS
This parameter is required for io1 and io2 volume types. The\n\t\t\tdefault for gp3 volumes is 3,000 IOPS. This parameter is not\n\t\t\tsupported for st1, sc1, or standard volume\n\t\t\ttypes.
This parameter maps 1:1 with the Iops parameter of the CreateVolume API in the Amazon EC2 API Reference.
The throughput to provision for a volume, in MiB/s, with a maximum of 1,000 MiB/s.\n\t\t\tThis parameter maps 1:1 with the Throughput parameter of the CreateVolume API in the Amazon EC2 API Reference.
This parameter is only supported for the gp3 volume type.
The tags to apply to the volume. Amazon ECS applies service-managed tags by default. This\n\t\t\tparameter maps 1:1 with the TagSpecifications.N parameter of the CreateVolume API in the Amazon EC2 API Reference.
The ARN of the IAM role to associate with this volume. This is the Amazon ECS\n\t\t\tinfrastructure IAM role that is used to manage your Amazon Web Services infrastructure. We recommend\n\t\t\tusing the Amazon ECS-managed AmazonECSInfrastructureRolePolicyForVolumes IAM\n\t\t\tpolicy with this role. For more information, see Amazon ECS\n\t\t\t\tinfrastructure IAM role in the Amazon ECS Developer\n\t\t\tGuide.
The termination policy for the volume when the task exits. This provides a way to\n\t\t\tcontrol whether Amazon ECS terminates the Amazon EBS volume when the task stops.
" + } + }, + "filesystemType": { + "target": "com.amazonaws.ecs#TaskFilesystemType", + "traits": { + "smithy.api#documentation": "The Linux filesystem type for the volume. For volumes created from a snapshot, you\n\t\t\tmust specify the same filesystem type that the volume was using when the snapshot was\n\t\t\tcreated. If there is a filesystem type mismatch, the task will fail to start.
\nThe available filesystem types are\u2028 ext3, ext4, and\n\t\t\t\txfs. If no value is specified, the xfs filesystem type is\n\t\t\tused by default.
The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.\n\t\t\tThese settings are used to create each Amazon EBS volume, with one volume created for each\n\t\t\ttask.
" + } + }, + "com.amazonaws.ecs#TaskManagedEBSVolumeTerminationPolicy": { + "type": "structure", + "members": { + "deleteOnTermination": { + "target": "com.amazonaws.ecs#BoxedBoolean", + "traits": { + "smithy.api#documentation": "Indicates whether the volume should be deleted on when the task stops. If a value of\n\t\t\t\ttrue is specified, \u2028Amazon ECS deletes the Amazon EBS volume on your behalf when\n\t\t\tthe task goes into the STOPPED state. If no value is specified, the\n\t\t\t\u2028default value is true is used. When set to false, Amazon ECS\n\t\t\tleaves the volume in your \u2028account.
The termination policy for the Amazon EBS volume when the task exits. For more information,\n\t\t\tsee Amazon ECS volume termination policy.
" + } + }, "com.amazonaws.ecs#TaskOverride": { "type": "structure", "members": { @@ -11229,7 +11911,7 @@ "executionRoleArn": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the task execution role override for the task. For more\n\t\t\tinformation, see Amazon ECS task\n\t\t\t\texecution IAM role in the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the task execution role override for the task. For more information,\n\t\t\tsee Amazon ECS task\n\t\t\t\texecution IAM role in the Amazon Elastic Container Service Developer Guide.
" } }, "memory": { @@ -11241,7 +11923,7 @@ "taskRoleArn": { "target": "com.amazonaws.ecs#String", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the role that containers in this task can assume. All containers\n\t\t\tin this task are granted the permissions that are specified in this role. For more\n\t\t\tinformation, see IAM Role for Tasks\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the role that containers in this task can assume. All containers in\n\t\t\tthis task are granted the permissions that are specified in this role. For more\n\t\t\tinformation, see IAM Role for Tasks\n\t\t\tin the Amazon Elastic Container Service Developer Guide.
" } }, "ephemeralStorage": { @@ -11404,6 +12086,12 @@ "traits": { "smithy.api#documentation": "The metadata that you apply to the task set to help you categorize and organize them.\n\t\t\tEach tag consists of a key and an optional value. You define both.
\nThe following basic restrictions apply to tags:
\nMaximum number of tags per resource - 50
\nFor each resource, each tag key must be unique, and each tag key can have only\n one value.
\nMaximum key length - 128 Unicode characters in UTF-8
\nMaximum value length - 256 Unicode characters in UTF-8
\nIf your tagging schema is used across multiple services and resources,\n remember that other services may have restrictions on allowed characters.\n Generally allowed characters are: letters, numbers, and spaces representable in\n UTF-8, and the following characters: + - = . _ : / @.
\nTag keys and values are case-sensitive.
\nDo not use aws:, AWS:, or any upper or lowercase\n combination of such as a prefix for either keys or values as it is reserved for\n Amazon Web Services use. You cannot edit or delete tag keys or values with this prefix. Tags with\n this prefix do not count against your tags per resource limit.
The Fargate ephemeral storage settings for the task set.
" + } } }, "traits": { @@ -11431,7 +12119,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -11486,12 +12177,59 @@ } } }, + "com.amazonaws.ecs#TaskVolumeConfiguration": { + "type": "structure", + "members": { + "name": { + "target": "com.amazonaws.ecs#ECSVolumeName", + "traits": { + "smithy.api#documentation": "The name of the volume. This value must match the volume name from the\n\t\t\t\tVolume object in the task definition.
The configuration for the Amazon EBS volume that Amazon ECS creates and manages on your behalf.\n\t\t\tThese settings are used to create each Amazon EBS volume, with one volume created for each\n\t\t\ttask. The Amazon EBS volumes are visible in your account in the Amazon EC2 console once they are\n\t\t\tcreated.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Configuration settings for the task volume that was configuredAtLaunch\n\t\t\tthat weren't set during RegisterTaskDef.
The amount of time in seconds a connection will stay active while idle. A value of\n\t\t\t\t0 can be set to disable idleTimeout.
The idleTimeout default for\n\t\t\t\tHTTP/HTTP2/GRPC is 5 minutes.
The idleTimeout default for TCP is 1 hour.
The amount of time waiting for the upstream to respond with a complete response per\n\t\t\trequest. A value of 0 can be set to disable perRequestTimeout.\n\t\t\t\tperRequestTimeout can only be set if Service Connect\n\t\t\t\tappProtocol isn't TCP. Only idleTimeout is\n\t\t\tallowed for TCP\n appProtocol.
An object that represents the timeout configurations for Service Connect.
\nIf idleTimeout is set to a time that is less than\n\t\t\t\t\tperRequestTimeout, the connection will close when the\n\t\t\t\t\tidleTimeout is reached and not the\n\t\t\t\tperRequestTimeout.
The ulimit settings to pass to the container.
Amazon ECS tasks hosted on Fargate use the default\n\t\t\t\t\t\t\tresource limit values set by the operating system with the exception of\n\t\t\t\t\t\t\tthe nofile resource limit parameter which Fargate\n\t\t\t\t\t\t\toverrides. The nofile resource limit sets a restriction on\n\t\t\t\t\t\t\tthe number of open files that a container can use. The default\n\t\t\t\t\t\t\t\tnofile soft limit is 1024 and the default hard limit\n\t\t\t\t\t\t\tis 4096.
You can specify the ulimit settings for a container in a task\n\t\t\tdefinition.
The ulimit settings to pass to the container.
Amazon ECS tasks hosted on Fargate use the default\n\t\t\t\t\t\t\tresource limit values set by the operating system with the exception of\n\t\t\t\t\t\t\tthe nofile resource limit parameter which Fargate\n\t\t\t\t\t\t\toverrides. The nofile resource limit sets a restriction on\n\t\t\t\t\t\t\tthe number of open files that a container can use. The default\n\t\t\t\t\t\t\t\tnofile soft limit is 1024 and the default hard limit\n\t\t\t\t\t\t\tis 65535.
You can specify the ulimit settings for a container in a task\n\t\t\tdefinition.
Message that describes the cause of the exception.
" + } } }, "traits": { @@ -12107,7 +12848,10 @@ "type": "structure", "members": { "message": { - "target": "com.amazonaws.ecs#String" + "target": "com.amazonaws.ecs#String", + "traits": { + "smithy.api#documentation": "Message that describes the cause of the exception.
" + } } }, "traits": { @@ -12153,10 +12897,13 @@ }, { "target": "com.amazonaws.ecs#ServiceNotFoundException" + }, + { + "target": "com.amazonaws.ecs#UnsupportedFeatureException" } ], "traits": { - "smithy.api#documentation": "Modifies the parameters of a service.
\nFor services using the rolling update (ECS) you can update the desired\n\t\t\tcount, deployment configuration, network configuration, load balancers, service\n\t\t\tregistries, enable ECS managed tags option, propagate tags option, task placement\n\t\t\tconstraints and strategies, and task definition. When you update any of these\n\t\t\tparameters, Amazon ECS starts new tasks with the new configuration.
For services using the blue/green (CODE_DEPLOY) deployment controller,\n\t\t\tonly the desired count, deployment configuration, health check grace period, task\n\t\t\tplacement constraints and strategies, enable ECS managed tags option, and propagate tags\n\t\t\tcan be updated using this API. If the network configuration, platform version, task\n\t\t\tdefinition, or load balancer need to be updated, create a new CodeDeploy deployment. For more\n\t\t\tinformation, see CreateDeployment in the CodeDeploy API Reference.
For services using an external deployment controller, you can update only the desired\n\t\t\tcount, task placement constraints and strategies, health check grace period, enable ECS\n\t\t\tmanaged tags option, and propagate tags option, using this API. If the launch type, load\n\t\t\tbalancer, network configuration, platform version, or task definition need to be\n\t\t\tupdated, create a new task set For more information, see CreateTaskSet.
\nYou can add to or subtract from the number of instantiations of a task definition in a\n\t\t\tservice by specifying the cluster that the service is running in and a new\n\t\t\t\tdesiredCount parameter.
If you have updated the Docker image of your application, you can create a new task\n\t\t\tdefinition with that image and deploy it to your service. The service scheduler uses the\n\t\t\tminimum healthy percent and maximum percent parameters (in the service's deployment\n\t\t\tconfiguration) to determine the deployment strategy.
\nIf your updated Docker image uses the same tag as what is in the existing task\n\t\t\t\tdefinition for your service (for example, my_image:latest), you don't\n\t\t\t\tneed to create a new revision of your task definition. You can update the service\n\t\t\t\tusing the forceNewDeployment option. The new tasks launched by the\n\t\t\t\tdeployment pull the current image/tag combination from your repository when they\n\t\t\t\tstart.
You can also update the deployment configuration of a service. When a deployment is\n\t\t\ttriggered by updating the task definition of a service, the service scheduler uses the\n\t\t\tdeployment configuration parameters, minimumHealthyPercent and\n\t\t\t\tmaximumPercent, to determine the deployment strategy.
If minimumHealthyPercent is below 100%, the scheduler can ignore\n\t\t\t\t\t\tdesiredCount temporarily during a deployment. For example, if\n\t\t\t\t\t\tdesiredCount is four tasks, a minimum of 50% allows the\n\t\t\t\t\tscheduler to stop two existing tasks before starting two new tasks. Tasks for\n\t\t\t\t\tservices that don't use a load balancer are considered healthy if they're in the\n\t\t\t\t\t\tRUNNING state. Tasks for services that use a load balancer are\n\t\t\t\t\tconsidered healthy if they're in the RUNNING state and are reported\n\t\t\t\t\tas healthy by the load balancer.
The maximumPercent parameter represents an upper limit on the\n\t\t\t\t\tnumber of running tasks during a deployment. You can use it to define the\n\t\t\t\t\tdeployment batch size. For example, if desiredCount is four tasks,\n\t\t\t\t\ta maximum of 200% starts four new tasks before stopping the four older tasks\n\t\t\t\t\t(provided that the cluster resources required to do this are available).
When UpdateService stops a task during a deployment, the equivalent\n\t\t\tof docker stop is issued to the containers running in the task. This\n\t\t\tresults in a SIGTERM and a 30-second timeout. After this,\n\t\t\t\tSIGKILL is sent and the containers are forcibly stopped. If the\n\t\t\tcontainer handles the SIGTERM gracefully and exits within 30 seconds from\n\t\t\treceiving it, no SIGKILL is sent.
When the service scheduler launches new tasks, it determines task placement in your\n\t\t\tcluster with the following logic.
\nDetermine which of the container instances in your cluster can support your\n\t\t\t\t\tservice's task definition. For example, they have the required CPU, memory,\n\t\t\t\t\tports, and container instance attributes.
\nBy default, the service scheduler attempts to balance tasks across\n\t\t\t\t\tAvailability Zones in this manner even though you can choose a different\n\t\t\t\t\tplacement strategy.
\nSort the valid container instances by the fewest number of running\n\t\t\t\t\t\t\ttasks for this service in the same Availability Zone as the instance.\n\t\t\t\t\t\t\tFor example, if zone A has one running service task and zones B and C\n\t\t\t\t\t\t\teach have zero, valid container instances in either zone B or C are\n\t\t\t\t\t\t\tconsidered optimal for placement.
\nPlace the new service task on a valid container instance in an optimal\n\t\t\t\t\t\t\tAvailability Zone (based on the previous steps), favoring container\n\t\t\t\t\t\t\tinstances with the fewest number of running tasks for this\n\t\t\t\t\t\t\tservice.
\nWhen the service scheduler stops running tasks, it attempts to maintain balance across\n\t\t\tthe Availability Zones in your cluster using the following logic:
\nSort the container instances by the largest number of running tasks for this\n\t\t\t\t\tservice in the same Availability Zone as the instance. For example, if zone A\n\t\t\t\t\thas one running service task and zones B and C each have two, container\n\t\t\t\t\tinstances in either zone B or C are considered optimal for termination.
\nStop the task on a container instance in an optimal Availability Zone (based\n\t\t\t\t\ton the previous steps), favoring container instances with the largest number of\n\t\t\t\t\trunning tasks for this service.
\nYou must have a service-linked role when you update any of the following service\n\t\t\t\tproperties:
\n\n loadBalancers,
\n serviceRegistries\n
For more information about the role see the CreateService request parameter\n\t\t\t\t\n role\n .
Modifies the parameters of a service.
\nOn March 21, 2024, a change was made to resolve the task definition revision before authorization. When a task definition revision is not specified, authorization will occur using the latest revision of a task definition.
\nFor services using the rolling update (ECS) you can update the desired\n\t\t\tcount, deployment configuration, network configuration, load balancers, service\n\t\t\tregistries, enable ECS managed tags option, propagate tags option, task placement\n\t\t\tconstraints and strategies, and task definition. When you update any of these\n\t\t\tparameters, Amazon ECS starts new tasks with the new configuration.
You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when starting or\n\t\t\trunning a task, or when creating or updating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide. You can update\n\t\t\tyour volume configurations and trigger a new deployment.\n\t\t\t\tvolumeConfigurations is only supported for REPLICA service and not\n\t\t\tDAEMON service. If you leave volumeConfigurations\n null, it doesn't trigger a new deployment. For more infomation on volumes,\n\t\t\tsee Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.
For services using the blue/green (CODE_DEPLOY) deployment controller,\n\t\t\tonly the desired count, deployment configuration, health check grace period, task\n\t\t\tplacement constraints and strategies, enable ECS managed tags option, and propagate tags\n\t\t\tcan be updated using this API. If the network configuration, platform version, task\n\t\t\tdefinition, or load balancer need to be updated, create a new CodeDeploy deployment. For more\n\t\t\tinformation, see CreateDeployment in the CodeDeploy API Reference.
For services using an external deployment controller, you can update only the desired\n\t\t\tcount, task placement constraints and strategies, health check grace period, enable ECS\n\t\t\tmanaged tags option, and propagate tags option, using this API. If the launch type, load\n\t\t\tbalancer, network configuration, platform version, or task definition need to be\n\t\t\tupdated, create a new task set For more information, see CreateTaskSet.
\nYou can add to or subtract from the number of instantiations of a task definition in a\n\t\t\tservice by specifying the cluster that the service is running in and a new\n\t\t\t\tdesiredCount parameter.
You can attach Amazon EBS volumes to Amazon ECS tasks by configuring the volume when starting or\n\t\t\trunning a task, or when creating or updating a service. For more infomation, see Amazon EBS volumes in the Amazon Elastic Container Service Developer Guide.
\nIf you have updated the container image of your application, you can create a new task\n\t\t\tdefinition with that image and deploy it to your service. The service scheduler uses the\n\t\t\tminimum healthy percent and maximum percent parameters (in the service's deployment\n\t\t\tconfiguration) to determine the deployment strategy.
\nIf your updated Docker image uses the same tag as what is in the existing task\n\t\t\t\tdefinition for your service (for example, my_image:latest), you don't\n\t\t\t\tneed to create a new revision of your task definition. You can update the service\n\t\t\t\tusing the forceNewDeployment option. The new tasks launched by the\n\t\t\t\tdeployment pull the current image/tag combination from your repository when they\n\t\t\t\tstart.
You can also update the deployment configuration of a service. When a deployment is\n\t\t\ttriggered by updating the task definition of a service, the service scheduler uses the\n\t\t\tdeployment configuration parameters, minimumHealthyPercent and\n\t\t\t\tmaximumPercent, to determine the deployment strategy.
If minimumHealthyPercent is below 100%, the scheduler can ignore\n\t\t\t\t\t\tdesiredCount temporarily during a deployment. For example, if\n\t\t\t\t\t\tdesiredCount is four tasks, a minimum of 50% allows the\n\t\t\t\t\tscheduler to stop two existing tasks before starting two new tasks. Tasks for\n\t\t\t\t\tservices that don't use a load balancer are considered healthy if they're in the\n\t\t\t\t\t\tRUNNING state. Tasks for services that use a load balancer are\n\t\t\t\t\tconsidered healthy if they're in the RUNNING state and are reported\n\t\t\t\t\tas healthy by the load balancer.
The maximumPercent parameter represents an upper limit on the\n\t\t\t\t\tnumber of running tasks during a deployment. You can use it to define the\n\t\t\t\t\tdeployment batch size. For example, if desiredCount is four tasks,\n\t\t\t\t\ta maximum of 200% starts four new tasks before stopping the four older tasks\n\t\t\t\t\t(provided that the cluster resources required to do this are available).
When UpdateService stops a task during a deployment, the equivalent\n\t\t\tof docker stop is issued to the containers running in the task. This\n\t\t\tresults in a SIGTERM and a 30-second timeout. After this,\n\t\t\t\tSIGKILL is sent and the containers are forcibly stopped. If the\n\t\t\tcontainer handles the SIGTERM gracefully and exits within 30 seconds from\n\t\t\treceiving it, no SIGKILL is sent.
When the service scheduler launches new tasks, it determines task placement in your\n\t\t\tcluster with the following logic.
\nDetermine which of the container instances in your cluster can support your\n\t\t\t\t\tservice's task definition. For example, they have the required CPU, memory,\n\t\t\t\t\tports, and container instance attributes.
\nBy default, the service scheduler attempts to balance tasks across\n\t\t\t\t\tAvailability Zones in this manner even though you can choose a different\n\t\t\t\t\tplacement strategy.
\nSort the valid container instances by the fewest number of running\n\t\t\t\t\t\t\ttasks for this service in the same Availability Zone as the instance.\n\t\t\t\t\t\t\tFor example, if zone A has one running service task and zones B and C\n\t\t\t\t\t\t\teach have zero, valid container instances in either zone B or C are\n\t\t\t\t\t\t\tconsidered optimal for placement.
\nPlace the new service task on a valid container instance in an optimal\n\t\t\t\t\t\t\tAvailability Zone (based on the previous steps), favoring container\n\t\t\t\t\t\t\tinstances with the fewest number of running tasks for this\n\t\t\t\t\t\t\tservice.
\nWhen the service scheduler stops running tasks, it attempts to maintain balance across\n\t\t\tthe Availability Zones in your cluster using the following logic:
\nSort the container instances by the largest number of running tasks for this\n\t\t\t\t\tservice in the same Availability Zone as the instance. For example, if zone A\n\t\t\t\t\thas one running service task and zones B and C each have two, container\n\t\t\t\t\tinstances in either zone B or C are considered optimal for termination.
\nStop the task on a container instance in an optimal Availability Zone (based\n\t\t\t\t\ton the previous steps), favoring container instances with the largest number of\n\t\t\t\t\trunning tasks for this service.
\nYou must have a service-linked role when you update any of the following service\n\t\t\t\tproperties:
\n\n loadBalancers,
\n serviceRegistries\n
For more information about the role see the CreateService request\n\t\t\t\tparameter \n role\n .
The configuration for this service to discover and connect to\n\tservices, and be discovered by, and connected from, other services within a namespace.
\nTasks that run in a namespace can use short names to connect\n\tto services in the namespace. Tasks can connect to services across all of the clusters in the namespace.\n\tTasks connect through a managed proxy container\n\tthat collects logs and metrics for increased visibility.\n\tOnly the tasks that Amazon ECS services create are supported with Service Connect.\n\tFor more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
" } + }, + "volumeConfigurations": { + "target": "com.amazonaws.ecs#ServiceVolumeConfigurations", + "traits": { + "smithy.api#documentation": "The details of the volume that was configuredAtLaunch. You can configure\n\t\t\tthe size, volumeType, IOPS, throughput, snapshot and encryption in ServiceManagedEBSVolumeConfiguration. The name of the volume\n\t\t\tmust match the name from the task definition. If set to null, no new\n\t\t\tdeployment is triggered. Otherwise, if this configuration differs from the existing one,\n\t\t\tit triggers a new deployment.
A list of tasks with the following information.
\n\n taskArn: The task ARN.
\n protectionEnabled: The protection status of the task. If scale-in\n\t\t\t\t\tprotection is turned on for a task, the value is true. Otherwise, it\n\t\t\t\t\tis false.
\n expirationDate: The epoch time when protection for the task will\n\t\t\t\t\texpire.
A list of tasks with the following information.
\n\n taskArn: The task ARN.
\n protectionEnabled: The protection status of the task. If scale-in\n\t\t\t\t\tprotection is turned on for a task, the value is true. Otherwise,\n\t\t\t\t\tit is false.
\n expirationDate: The epoch time when protection for the task will\n\t\t\t\t\texpire.
The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This name is referenced in the\n\t\t\t\tsourceVolume parameter of container definition\n\t\t\tmountPoints.
This is required wwhen you use an Amazon EFS volume.
" + "smithy.api#documentation": "The name of the volume. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.
\nWhen using a volume configured at launch, the name is required and must\n\t\t\talso be specified as the volume name in the ServiceVolumeConfiguration or\n\t\t\t\tTaskVolumeConfiguration parameter when creating your service or\n\t\t\tstandalone task.
For all other types of volumes, this name is referenced in the\n\t\t\t\tsourceVolume parameter of the mountPoints object in the\n\t\t\tcontainer definition.
When a volume is using the efsVolumeConfiguration, the name is\n\t\t\trequired.
This parameter is specified when you use Amazon FSx for Windows File Server file system for task\n\t\t\tstorage.
" } + }, + "configuredAtLaunch": { + "target": "com.amazonaws.ecs#BoxedBoolean", + "traits": { + "smithy.api#documentation": "Indicates whether the volume should be configured at launch time. This is used to\n\t\t\tcreate Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each\n\t\t\ttask definition revision may only have one volume configured at launch in the volume\n\t\t\tconfiguration.
\nTo configure a volume at launch time, use this task definition revision and specify a\n\t\t\t\tvolumeConfigurations object when calling the\n\t\t\tCreateService, UpdateService, RunTask or\n\t\t\t\tStartTask APIs.
A data volume that's used in a task definition. For tasks that use the Amazon Elastic File System\n\t\t\t(Amazon EFS), specify an efsVolumeConfiguration. For Windows tasks that use\n\t\t\tAmazon FSx for Windows File Server file system, specify a\n\t\t\tfsxWindowsFileServerVolumeConfiguration. For tasks that use a Docker\n\t\t\tvolume, specify a DockerVolumeConfiguration. For tasks that use a bind\n\t\t\tmount host volume, specify a host and optional sourcePath. For\n\t\t\tmore information, see Using Data Volumes in\n\t\t\t\tTasks.
The data volume configuration for tasks launched using this task definition.\n\t\t\tSpecifying a volume configuration in a task definition is optional. The volume\n\t\t\tconfiguration may contain multiple volumes but only one volume configured at launch is\n\t\t\tsupported. Each volume defined in the volume configuration may only specify a\n\t\t\t\tname and one of either configuredAtLaunch,\n\t\t\t\tdockerVolumeConfiguration, efsVolumeConfiguration,\n\t\t\t\tfsxWindowsFileServerVolumeConfiguration, or host. If an\n\t\t\tempty volume configuration is specified, by default Amazon ECS uses a host volume. For more\n\t\t\tinformation, see Using data volumes in\n\t\t\t\ttasks.
Creates a new instance profile. For information about instance profiles, see Using\n roles for applications on Amazon EC2 in the\n IAM User Guide, and Instance profiles in the Amazon EC2 User Guide.
\nFor information about the number of instance profiles you can create, see IAM object\n quotas in the IAM User Guide.
", + "smithy.api#documentation": "Creates a new instance profile. For information about instance profiles, see Using\n roles for applications on Amazon EC2 in the\n IAM User Guide, and Instance profiles in the Amazon EC2 User Guide.
\nFor information about the number of instance profiles you can create, see IAM object\n quotas in the IAM User Guide.
", "smithy.api#examples": [ { "title": "To create an instance profile", @@ -3099,12 +3132,15 @@ { "target": "com.amazonaws.iam#LimitExceededException" }, + { + "target": "com.amazonaws.iam#OpenIdIdpCommunicationErrorException" + }, { "target": "com.amazonaws.iam#ServiceFailureException" } ], "traits": { - "smithy.api#documentation": "Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
\nThe OIDC provider that you create with this operation can be used as a principal in a\n role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and\n the OIDC provider.
\nIf you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't\n need to create a separate IAM identity provider. These OIDC identity providers are\n already built-in to Amazon Web Services and are available for your use. Instead, you can move directly\n to creating new roles using your identity provider. To learn more, see Creating\n a role for web identity or OpenID connect federation in the IAM\n User Guide.
\nWhen you create the IAM OIDC provider, you specify the following:
\nThe URL of the OIDC identity provider (IdP) to trust
\nA list of client IDs (also known as audiences) that identify the application\n or applications allowed to authenticate using the OIDC provider
\nA list of tags that are attached to the specified IAM OIDC provider
\nA list of thumbprints of one or more server certificates that the IdP\n uses
\nYou get all of this information from the OIDC IdP you want to use to access\n Amazon Web Services.
\nAmazon Web Services secures communication with some OIDC identity providers (IdPs) through our\n library of trusted root certificate authorities (CAs) instead of using a certificate\n thumbprint to verify your IdP server certificate. These OIDC IdPs include Auth0, GitHub,\n Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In\n these cases, your legacy thumbprint remains in your configuration, but is no longer used\n for validation.
\nThe trust for the OIDC provider is derived from the IAM provider that this\n operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged\n users.
\nCreates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).
\nThe OIDC provider that you create with this operation can be used as a principal in a\n role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and\n the OIDC provider.
\nIf you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't\n need to create a separate IAM identity provider. These OIDC identity providers are\n already built-in to Amazon Web Services and are available for your use. Instead, you can move directly\n to creating new roles using your identity provider. To learn more, see Creating\n a role for web identity or OpenID connect federation in the IAM\n User Guide.
\nWhen you create the IAM OIDC provider, you specify the following:
\nThe URL of the OIDC identity provider (IdP) to trust
\nA list of client IDs (also known as audiences) that identify the application\n or applications allowed to authenticate using the OIDC provider
\nA list of tags that are attached to the specified IAM OIDC provider
\nA list of thumbprints of one or more server certificates that the IdP\n uses
\nYou get all of this information from the OIDC IdP you want to use to access\n Amazon Web Services.
\nAmazon Web Services secures communication with some OIDC identity providers (IdPs) through our library\n of trusted root certificate authorities (CAs) instead of using a certificate thumbprint to\n verify your IdP server certificate. In these cases, your legacy thumbprint remains in your\n configuration, but is no longer used for validation. These OIDC IdPs include Auth0, GitHub,\n GitLab, Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)\n endpoint.
\nThe trust for the OIDC provider is derived from the IAM provider that this\n operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged\n users.
\nA list of server certificate thumbprints for the OpenID Connect (OIDC) identity\n provider's server certificates. Typically this list includes only one entry. However,\n IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain\n multiple thumbprints if the identity provider is rotating certificates.
\nThe server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509\n certificate used by the domain where the OpenID Connect provider makes its keys\n available. It is always a 40-character string.
\nYou must provide at least one thumbprint when creating an IAM OIDC provider. For\n example, assume that the OIDC provider is server.example.com and the\n provider stores its keys at https://keys.server.example.com/openid-connect. In that\n case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate\n used by https://keys.server.example.com.\n
For more information about obtaining the OIDC provider thumbprint, see Obtaining the\n thumbprint for an OpenID Connect provider in the IAM user\n Guide.
", - "smithy.api#required": {} + "smithy.api#documentation": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity\n provider's server certificates. Typically this list includes only one entry. However,\n IAM lets you have up to five thumbprints for an OIDC provider. This lets you maintain\n multiple thumbprints if the identity provider is rotating certificates.
\nThis parameter is optional. If it is not included, IAM will retrieve and use the top\n intermediate certificate authority (CA) thumbprint of the OpenID Connect identity\n provider server certificate.
\nThe server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509\n certificate used by the domain where the OpenID Connect provider makes its keys\n available. It is always a 40-character string.
\nFor example, assume that the OIDC provider is server.example.com and the\n provider stores its keys at https://keys.server.example.com/openid-connect. In that\n case, the thumbprint string would be the hex-encoded SHA-1 hash value of the certificate\n used by https://keys.server.example.com.\n
For more information about obtaining the OIDC provider thumbprint, see Obtaining the\n thumbprint for an OpenID Connect provider in the IAM user\n Guide.
" } }, "Tags": { @@ -4445,7 +4480,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role\n programmatically, you must delete the items attached to the role manually, or the\n deletion fails. For more information, see Deleting an IAM role. Before attempting to delete a role, remove the\n following attached items:
\nInline policies (DeleteRolePolicy)
\nAttached managed policies (DetachRolePolicy)
\nInstance profile (RemoveRoleFromInstanceProfile)
\nOptional – Delete instance profile after detaching from role for\n resource clean up (DeleteInstanceProfile)
\nMake sure that you do not have any Amazon EC2 instances running with the role you\n are about to delete. Deleting a role or instance profile that is associated with a\n running instance will break any applications running on the instance.
\nDeletes the specified role. Unlike the Amazon Web Services Management Console, when you delete a role\n programmatically, you must delete the items attached to the role manually, or the\n deletion fails. For more information, see Deleting an IAM role. Before attempting to delete a role, remove the\n following attached items:
\nInline policies (DeleteRolePolicy)
\nAttached managed policies (DetachRolePolicy)
\nInstance profile (RemoveRoleFromInstanceProfile)
\nOptional – Delete instance profile after detaching from role for\n resource clean up (DeleteInstanceProfile)
\nMake sure that you do not have any Amazon EC2 instances running with the role you are\n about to delete. Deleting a role or instance profile that is associated with a\n running instance will break any applications running on the instance.
\nThe request failed because IAM cannot connect to the OpenID Connect identity provider URL.
", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, "com.amazonaws.iam#OrganizationsDecisionDetail": { "type": "structure", "members": { @@ -12166,7 +12218,7 @@ } ], "traits": { - "smithy.api#documentation": "Removes the specified IAM role from the specified EC2 instance profile.
\nMake sure that you do not have any Amazon EC2 instances running with the role you\n are about to remove from the instance profile. Removing a role from an instance\n profile that is associated with a running instance might break any applications\n running on the instance.
\nFor more information about roles, see IAM roles in the\n IAM User Guide. For more information about instance profiles,\n see Using\n instance profiles in the IAM User Guide.
", + "smithy.api#documentation": "Removes the specified IAM role from the specified Amazon EC2 instance profile.
\nMake sure that you do not have any Amazon EC2 instances running with the role you are\n about to remove from the instance profile. Removing a role from an instance profile\n that is associated with a running instance might break any applications running on\n the instance.
\nFor more information about roles, see IAM roles in the\n IAM User Guide. For more information about instance profiles,\n see Using\n instance profiles in the IAM User Guide.
", "smithy.api#examples": [ { "title": "To remove a role from an instance profile", @@ -13350,7 +13402,7 @@ "ResourceHandlingOption": { "target": "com.amazonaws.iam#ResourceHandlingOptionType", "traits": { - "smithy.api#documentation": "Specifies the type of simulation to run. Different API operations that support\n resource-based policies require different combinations of resources. By specifying the\n type of simulation to run, you enable the policy simulator to enforce the presence of\n the required resources to ensure reliable simulation results. If your simulation does\n not match one of the following scenarios, then you can omit this parameter. The\n following list shows each of the supported scenario values and the resources that you\n must define to run the simulation.
\nEach of the EC2 scenarios requires that you specify instance, image, and security\n group resources. If your scenario includes an EBS volume, then you must specify that\n volume as a resource. If the EC2 scenario includes VPC, then you must supply the network\n interface resource. If it includes an IP subnet, then you must specify the subnet\n resource. For more information on the EC2 scenario options, see Supported platforms in the Amazon EC2 User\n Guide.
\n\n EC2-VPC-InstanceStore\n
\ninstance, image, security group, network interface
\n\n EC2-VPC-InstanceStore-Subnet\n
\ninstance, image, security group, network interface, subnet
\n\n EC2-VPC-EBS\n
\ninstance, image, security group, network interface, volume
\n\n EC2-VPC-EBS-Subnet\n
\ninstance, image, security group, network interface, subnet, volume
\nSpecifies the type of simulation to run. Different API operations that support\n resource-based policies require different combinations of resources. By specifying the\n type of simulation to run, you enable the policy simulator to enforce the presence of\n the required resources to ensure reliable simulation results. If your simulation does\n not match one of the following scenarios, then you can omit this parameter. The\n following list shows each of the supported scenario values and the resources that you\n must define to run the simulation.
\nEach of the Amazon EC2 scenarios requires that you specify instance, image, and security\n group resources. If your scenario includes an EBS volume, then you must specify that\n volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the\n network interface resource. If it includes an IP subnet, then you must specify the\n subnet resource. For more information on the Amazon EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.
\n\n EC2-VPC-InstanceStore\n
\ninstance, image, security group, network interface
\n\n EC2-VPC-InstanceStore-Subnet\n
\ninstance, image, security group, network interface, subnet
\n\n EC2-VPC-EBS\n
\ninstance, image, security group, network interface, volume
\n\n EC2-VPC-EBS-Subnet\n
\ninstance, image, security group, network interface, subnet, volume
\nSpecifies the type of simulation to run. Different API operations that support\n resource-based policies require different combinations of resources. By specifying the\n type of simulation to run, you enable the policy simulator to enforce the presence of\n the required resources to ensure reliable simulation results. If your simulation does\n not match one of the following scenarios, then you can omit this parameter. The\n following list shows each of the supported scenario values and the resources that you\n must define to run the simulation.
\nEach of the EC2 scenarios requires that you specify instance, image, and security\n group resources. If your scenario includes an EBS volume, then you must specify that\n volume as a resource. If the EC2 scenario includes VPC, then you must supply the network\n interface resource. If it includes an IP subnet, then you must specify the subnet\n resource. For more information on the EC2 scenario options, see Supported platforms in the Amazon EC2 User\n Guide.
\n\n EC2-VPC-InstanceStore\n
\ninstance, image, security group, network interface
\n\n EC2-VPC-InstanceStore-Subnet\n
\ninstance, image, security group, network interface, subnet
\n\n EC2-VPC-EBS\n
\ninstance, image, security group, network interface, volume
\n\n EC2-VPC-EBS-Subnet\n
\ninstance, image, security group, network interface, subnet, volume
\nSpecifies the type of simulation to run. Different API operations that support\n resource-based policies require different combinations of resources. By specifying the\n type of simulation to run, you enable the policy simulator to enforce the presence of\n the required resources to ensure reliable simulation results. If your simulation does\n not match one of the following scenarios, then you can omit this parameter. The\n following list shows each of the supported scenario values and the resources that you\n must define to run the simulation.
\nEach of the Amazon EC2 scenarios requires that you specify instance, image, and security\n group resources. If your scenario includes an EBS volume, then you must specify that\n volume as a resource. If the Amazon EC2 scenario includes VPC, then you must supply the\n network interface resource. If it includes an IP subnet, then you must specify the\n subnet resource. For more information on the Amazon EC2 scenario options, see Supported platforms in the Amazon EC2 User Guide.
\n\n EC2-VPC-InstanceStore\n
\ninstance, image, security group, network interface
\n\n EC2-VPC-InstanceStore-Subnet\n
\ninstance, image, security group, network interface, subnet
\n\n EC2-VPC-EBS\n
\ninstance, image, security group, network interface, volume
\n\n EC2-VPC-EBS-Subnet\n
\ninstance, image, security group, network interface, subnet, volume
\nReplaces the existing list of server certificate thumbprints associated with an OpenID\n Connect (OIDC) provider resource object with a new list of thumbprints.
\nThe list that you pass with this operation completely replaces the existing list of\n thumbprints. (The lists are not merged.)
\nTypically, you need to update a thumbprint only when the identity provider certificate\n changes, which occurs rarely. However, if the provider's certificate\n does change, any attempt to assume an IAM role that specifies\n the OIDC provider as a principal fails until the certificate thumbprint is\n updated.
\nAmazon Web Services secures communication with some OIDC identity providers (IdPs) through our\n library of trusted root certificate authorities (CAs) instead of using a certificate\n thumbprint to verify your IdP server certificate. These OIDC IdPs include Auth0, GitHub,\n Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS) endpoint. In\n these cases, your legacy thumbprint remains in your configuration, but is no longer used\n for validation.
\nTrust for the OIDC provider is derived from the provider certificate and is\n validated by the thumbprint. Therefore, it is best to limit access to the\n UpdateOpenIDConnectProviderThumbprint operation to highly\n privileged users.
Replaces the existing list of server certificate thumbprints associated with an OpenID\n Connect (OIDC) provider resource object with a new list of thumbprints.
\nThe list that you pass with this operation completely replaces the existing list of\n thumbprints. (The lists are not merged.)
\nTypically, you need to update a thumbprint only when the identity provider certificate\n changes, which occurs rarely. However, if the provider's certificate\n does change, any attempt to assume an IAM role that specifies\n the OIDC provider as a principal fails until the certificate thumbprint is\n updated.
\nAmazon Web Services secures communication with some OIDC identity providers (IdPs) through our library\n of trusted root certificate authorities (CAs) instead of using a certificate thumbprint to\n verify your IdP server certificate. In these cases, your legacy thumbprint remains in your\n configuration, but is no longer used for validation. These OIDC IdPs include Auth0, GitHub,\n GitLab, Google, and those that use an Amazon S3 bucket to host a JSON Web Key Set (JWKS)\n endpoint.
\nTrust for the OIDC provider is derived from the provider certificate and is\n validated by the thumbprint. Therefore, it is best to limit access to the\n UpdateOpenIDConnectProviderThumbprint operation to highly\n privileged users.
The maximum session duration (in seconds) that you want to set for the specified role.\n If you do not specify a value for this setting, the default value of one hour is\n applied. This setting can have a value from 1 hour to 12 hours.
\nAnyone who assumes the role from the CLI or API can use the\n DurationSeconds API parameter or the duration-seconds\n CLI parameter to request a longer session. The MaxSessionDuration setting\n determines the maximum duration that can be requested using the\n DurationSeconds parameter. If users don't specify a value for the\n DurationSeconds parameter, their security credentials are valid for one\n hour by default. This applies when you use the AssumeRole* API operations\n or the assume-role* CLI operations but does not apply when you use those\n operations to create a console URL. For more information, see Using IAM\n roles in the IAM User Guide.
The maximum session duration (in seconds) that you want to set for the specified role.\n If you do not specify a value for this setting, the default value of one hour is\n applied. This setting can have a value from 1 hour to 12 hours.
\nAnyone who assumes the role from the CLI or API can use the\n DurationSeconds API parameter or the duration-seconds\n CLI parameter to request a longer session. The MaxSessionDuration setting\n determines the maximum duration that can be requested using the\n DurationSeconds parameter. If users don't specify a value for the\n DurationSeconds parameter, their security credentials are valid for one\n hour by default. This applies when you use the AssumeRole* API operations\n or the assume-role* CLI operations but does not apply when you use those\n operations to create a console URL. For more information, see Using IAM\n roles in the IAM User Guide.
IAM role credentials provided by Amazon EC2 instances assigned to the role are not\n subject to the specified maximum session duration.
\nCancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS\n key is Disabled. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the\n Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:CancelKeyDeletion (key policy)
\n\n Related operations: ScheduleKeyDeletion\n
", + "smithy.api#documentation": "Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS\n key is Disabled. To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the\n Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:CancelKeyDeletion (key policy)
\n\n Related operations: ScheduleKeyDeletion\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To cancel deletion of a KMS key", @@ -336,6 +342,23 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.kms#ConflictException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.kms#ErrorMessageType" + } + }, + "traits": { + "aws.protocols#awsQueryError": { + "code": "ConflictException", + "httpResponseCode": 409 + }, + "smithy.api#documentation": "The request was rejected because an automatic rotation of this key is currently in \n progress or scheduled to begin within the next 20 minutes.
", + "smithy.api#error": "client", + "smithy.api#httpError": 409 + } + }, "com.amazonaws.kms#ConnectCustomKeyStore": { "type": "operation", "input": { @@ -362,7 +385,7 @@ } ], "traits": { - "smithy.api#documentation": "Connects or reconnects a custom key store to its backing key store. For an CloudHSM key\n store, ConnectCustomKeyStore connects the key store to its associated CloudHSM\n cluster. For an external key store, ConnectCustomKeyStore connects the key store\n to the external key store proxy that communicates with your external key manager.
The custom key store must be connected before you can create KMS keys in the key store or\n use the KMS keys it contains. You can disconnect and reconnect a custom key store at any\n time.
\nThe connection process for a custom key store can take an extended amount of time to\n complete. This operation starts the connection process, but it does not wait for it to\n complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON\n object with no properties. However, this response does not indicate that the custom key store\n is connected. To get the connection state of the custom key store, use the DescribeCustomKeyStores operation.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nThe ConnectCustomKeyStore operation might fail for various reasons. To find\n the reason, use the DescribeCustomKeyStores operation and see the\n ConnectionErrorCode in the response. For help interpreting the\n ConnectionErrorCode, see CustomKeyStoresListEntry.
To fix the failure, use the DisconnectCustomKeyStore operation to\n disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use\n ConnectCustomKeyStore again.
\n CloudHSM key store\n
\nDuring the connection process for an CloudHSM key store, KMS finds the CloudHSM cluster that\n is associated with the custom key store, creates the connection infrastructure, connects to\n the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates its\n password.
To connect an CloudHSM key store, its associated CloudHSM cluster must have at least one active\n HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs\n to the cluster, use the CreateHsm operation. Also, the \n kmsuser crypto\n user (CU) must not be logged into the cluster. This prevents KMS from using this\n account to log in.
If you are having trouble connecting or disconnecting a CloudHSM key store, see Troubleshooting an CloudHSM key\n store in the Key Management Service Developer Guide.
\n\n External key store\n
\nWhen you connect an external key store that uses public endpoint connectivity, KMS tests\n its ability to communicate with your external key manager by sending a request via the\n external key store proxy.
\nWhen you connect to an external key store that uses VPC endpoint service connectivity,\n KMS establishes the networking elements that it needs to communicate with your external key\n manager via the external key store proxy. This includes creating an interface endpoint to the\n VPC endpoint service and a private hosted zone for traffic between KMS and the VPC endpoint\n service.
\nTo connect an external key store, KMS must be able to connect to the external key store\n proxy, the external key store proxy must be able to communicate with your external key\n manager, and the external key manager must be available for cryptographic operations.
\nIf you are having trouble connecting or disconnecting an external key store, see Troubleshooting an external\n key store in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:ConnectCustomKeyStore (IAM policy)
\n\n Related operations\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\nConnects or reconnects a custom key store to its backing key store. For an CloudHSM key\n store, ConnectCustomKeyStore connects the key store to its associated CloudHSM\n cluster. For an external key store, ConnectCustomKeyStore connects the key store\n to the external key store proxy that communicates with your external key manager.
The custom key store must be connected before you can create KMS keys in the key store or\n use the KMS keys it contains. You can disconnect and reconnect a custom key store at any\n time.
\nThe connection process for a custom key store can take an extended amount of time to\n complete. This operation starts the connection process, but it does not wait for it to\n complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON\n object with no properties. However, this response does not indicate that the custom key store\n is connected. To get the connection state of the custom key store, use the DescribeCustomKeyStores operation.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nThe ConnectCustomKeyStore operation might fail for various reasons. To find\n the reason, use the DescribeCustomKeyStores operation and see the\n ConnectionErrorCode in the response. For help interpreting the\n ConnectionErrorCode, see CustomKeyStoresListEntry.
To fix the failure, use the DisconnectCustomKeyStore operation to\n disconnect the custom key store, correct the error, use the UpdateCustomKeyStore operation if necessary, and then use\n ConnectCustomKeyStore again.
\n CloudHSM key store\n
\nDuring the connection process for an CloudHSM key store, KMS finds the CloudHSM cluster that\n is associated with the custom key store, creates the connection infrastructure, connects to\n the cluster, logs into the CloudHSM client as the kmsuser CU, and rotates its\n password.
To connect an CloudHSM key store, its associated CloudHSM cluster must have at least one active\n HSM. To get the number of active HSMs in a cluster, use the DescribeClusters operation. To add HSMs\n to the cluster, use the CreateHsm operation. Also, the \n kmsuser crypto\n user (CU) must not be logged into the cluster. This prevents KMS from using this\n account to log in.
If you are having trouble connecting or disconnecting a CloudHSM key store, see Troubleshooting an CloudHSM key\n store in the Key Management Service Developer Guide.
\n\n External key store\n
\nWhen you connect an external key store that uses public endpoint connectivity, KMS tests\n its ability to communicate with your external key manager by sending a request via the\n external key store proxy.
\nWhen you connect to an external key store that uses VPC endpoint service connectivity,\n KMS establishes the networking elements that it needs to communicate with your external key\n manager via the external key store proxy. This includes creating an interface endpoint to the\n VPC endpoint service and a private hosted zone for traffic between KMS and the VPC endpoint\n service.
\nTo connect an external key store, KMS must be able to connect to the external key store\n proxy, the external key store proxy must be able to communicate with your external key\n manager, and the external key manager must be available for cryptographic operations.
\nIf you are having trouble connecting or disconnecting an external key store, see Troubleshooting an external\n key store in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:ConnectCustomKeyStore (IAM policy)
\n\n Related operations\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To connect a custom key store", @@ -577,7 +600,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a friendly name for a KMS key.
\nAdding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nYou can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and\n GenerateDataKey. You can also change the KMS key that's associated with\n the alias (UpdateAlias) or delete the alias (DeleteAlias)\n at any time. These operations don't affect the underlying KMS key.
\nYou can associate the alias with any customer managed key in the same Amazon Web Services Region. Each\n alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases.\n A valid KMS key is required. You can't create an alias without a KMS key.
\nThe alias must be unique in the account and Region, but you can have aliases with the same\n name in different Regions. For detailed information about aliases, see Using aliases in the\n Key Management Service Developer Guide.
\nThis operation does not return a response. To get the alias that you created, use the\n ListAliases operation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
\n\n Required permissions\n
\n\n kms:CreateAlias on\n the alias (IAM policy).
\n\n kms:CreateAlias on\n the KMS key (key policy).
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n DeleteAlias\n
\n\n ListAliases\n
\n\n UpdateAlias\n
\nCreates a friendly name for a KMS key.
\nAdding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nYou can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation and in cryptographic operations, such as Encrypt and\n GenerateDataKey. You can also change the KMS key that's associated with\n the alias (UpdateAlias) or delete the alias (DeleteAlias)\n at any time. These operations don't affect the underlying KMS key.
\nYou can associate the alias with any customer managed key in the same Amazon Web Services Region. Each\n alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases.\n A valid KMS key is required. You can't create an alias without a KMS key.
\nThe alias must be unique in the account and Region, but you can have aliases with the same\n name in different Regions. For detailed information about aliases, see Using aliases in the\n Key Management Service Developer Guide.
\nThis operation does not return a response. To get the alias that you created, use the\n ListAliases operation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
\n\n Required permissions\n
\n\n kms:CreateAlias on\n the alias (IAM policy).
\n\n kms:CreateAlias on\n the KMS key (key policy).
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n DeleteAlias\n
\n\n ListAliases\n
\n\n UpdateAlias\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To create an alias", @@ -674,7 +697,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a custom key store backed by a key store that you own and manage. When you use a\n KMS key in a custom key store for a cryptographic operation, the cryptographic operation is\n actually performed in your key store using your keys. KMS supports CloudHSM key stores\n backed by an CloudHSM cluster\n and external key\n stores backed by an external key store proxy and external key manager outside of\n Amazon Web Services.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nBefore you create the custom key store, the required elements must be in place and\n operational. We recommend that you use the test tools that KMS provides to verify the\n configuration your external key store proxy. For details about the required elements and\n verification tests, see Assemble the prerequisites (for\n CloudHSM key stores) or Assemble the prerequisites (for\n external key stores) in the Key Management Service Developer Guide.
\nTo create a custom key store, use the following parameters.
\nTo create an CloudHSM key store, specify the CustomKeyStoreName,\n CloudHsmClusterId, KeyStorePassword, and\n TrustAnchorCertificate. The CustomKeyStoreType parameter is\n optional for CloudHSM key stores. If you include it, set it to the default value,\n AWS_CLOUDHSM. For help with failures, see Troubleshooting an CloudHSM key store in the\n Key Management Service Developer Guide.
To create an external key store, specify the CustomKeyStoreName and a\n CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values\n for XksProxyConnectivity, XksProxyAuthenticationCredential,\n XksProxyUriEndpoint, and XksProxyUriPath. If your\n XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify\n the XksProxyVpcEndpointServiceName parameter. For help with failures, see\n Troubleshooting\n an external key store in the Key Management Service Developer Guide.
For external key stores:
\nSome external key managers provide a simpler method for creating an external key store.\n For details, see your external key manager documentation.
\nWhen creating an external key store in the KMS console, you can upload a JSON-based\n proxy configuration file with the desired values. You cannot use a proxy configuration with\n the CreateCustomKeyStore operation. However, you can use the values in the file\n to help you determine the correct values for the CreateCustomKeyStore\n parameters.
When the operation completes successfully, it returns the ID of the new custom key store.\n Before you can use your new custom key store, you need to use the ConnectCustomKeyStore operation to connect a new CloudHSM key store to its CloudHSM\n cluster, or to connect a new external key store to the external key store proxy for your\n external key manager. Even if you are not going to use your custom key store immediately, you\n might want to connect it to verify that all settings are correct and then disconnect it until\n you are ready to use it.
\nFor help with failures, see Troubleshooting a custom key store in the\n Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:CreateCustomKeyStore (IAM policy).
\n\n Related operations:\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\nCreates a custom key store backed by a key store that you own and manage. When you use a\n KMS key in a custom key store for a cryptographic operation, the cryptographic operation is\n actually performed in your key store using your keys. KMS supports CloudHSM key stores\n backed by an CloudHSM cluster\n and external key\n stores backed by an external key store proxy and external key manager outside of\n Amazon Web Services.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nBefore you create the custom key store, the required elements must be in place and\n operational. We recommend that you use the test tools that KMS provides to verify the\n configuration your external key store proxy. For details about the required elements and\n verification tests, see Assemble the prerequisites (for\n CloudHSM key stores) or Assemble the prerequisites (for\n external key stores) in the Key Management Service Developer Guide.
\nTo create a custom key store, use the following parameters.
\nTo create an CloudHSM key store, specify the CustomKeyStoreName,\n CloudHsmClusterId, KeyStorePassword, and\n TrustAnchorCertificate. The CustomKeyStoreType parameter is\n optional for CloudHSM key stores. If you include it, set it to the default value,\n AWS_CLOUDHSM. For help with failures, see Troubleshooting an CloudHSM key store in the\n Key Management Service Developer Guide.
To create an external key store, specify the CustomKeyStoreName and a\n CustomKeyStoreType of EXTERNAL_KEY_STORE. Also, specify values\n for XksProxyConnectivity, XksProxyAuthenticationCredential,\n XksProxyUriEndpoint, and XksProxyUriPath. If your\n XksProxyConnectivity value is VPC_ENDPOINT_SERVICE, specify\n the XksProxyVpcEndpointServiceName parameter. For help with failures, see\n Troubleshooting\n an external key store in the Key Management Service Developer Guide.
For external key stores:
\nSome external key managers provide a simpler method for creating an external key store.\n For details, see your external key manager documentation.
\nWhen creating an external key store in the KMS console, you can upload a JSON-based\n proxy configuration file with the desired values. You cannot use a proxy configuration with\n the CreateCustomKeyStore operation. However, you can use the values in the file\n to help you determine the correct values for the CreateCustomKeyStore\n parameters.
When the operation completes successfully, it returns the ID of the new custom key store.\n Before you can use your new custom key store, you need to use the ConnectCustomKeyStore operation to connect a new CloudHSM key store to its CloudHSM\n cluster, or to connect a new external key store to the external key store proxy for your\n external key manager. Even if you are not going to use your custom key store immediately, you\n might want to connect it to verify that all settings are correct and then disconnect it until\n you are ready to use it.
\nFor help with failures, see Troubleshooting a custom key store in the\n Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:CreateCustomKeyStore (IAM policy).
\n\n Related operations:\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To create an AWS CloudHSM key store", @@ -729,7 +752,7 @@ "XksProxyUriEndpoint": { "target": "com.amazonaws.kms#XksProxyUriEndpointType", "traits": { - "smithy.api#documentation": "Specifies the endpoint that KMS uses to send requests to the external key store proxy\n (XKS proxy). This parameter is required for custom key stores with a\n CustomKeyStoreType of EXTERNAL_KEY_STORE.
The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the\n XksProxyUriEndpoint value.
For external key stores with XksProxyConnectivity value of\n VPC_ENDPOINT_SERVICE, specify https:// followed by the private DNS\n name of the VPC endpoint service.
For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must\n be reachable before you create the custom key store. KMS connects to the external key store\n proxy while creating the custom key store. For external key stores with\n VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call the ConnectCustomKeyStore operation.
The value of this parameter must begin with https://. The remainder can\n contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and\n hyphens (-). Additional slashes (/ and \\) are not\n permitted.
\n Uniqueness requirements: \n
\nThe combined XksProxyUriEndpoint and XksProxyUriPath values\n must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity cannot use the\n same XksProxyUriEndpoint value as an external key store with\n VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web Services Region.
Each external key store with VPC_ENDPOINT_SERVICE connectivity must have\n its own private DNS name. The XksProxyUriEndpoint value for external key\n stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be\n unique in the Amazon Web Services account and Region.
Specifies the endpoint that KMS uses to send requests to the external key store proxy\n (XKS proxy). This parameter is required for custom key stores with a\n CustomKeyStoreType of EXTERNAL_KEY_STORE.
The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the\n XksProxyUriEndpoint value.
For external key stores with XksProxyConnectivity value of\n VPC_ENDPOINT_SERVICE, specify https:// followed by the private DNS\n name of the VPC endpoint service.
For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint must\n be reachable before you create the custom key store. KMS connects to the external key store\n proxy while creating the custom key store. For external key stores with\n VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call the ConnectCustomKeyStore operation.
The value of this parameter must begin with https://. The remainder can\n contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), and\n hyphens (-). Additional slashes (/ and \\) are not\n permitted.
\n Uniqueness requirements: \n
\nThe combined XksProxyUriEndpoint and XksProxyUriPath values\n must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity cannot use the\n same XksProxyUriEndpoint value as an external key store with\n VPC_ENDPOINT_SERVICE connectivity in this Amazon Web Services Region.
Each external key store with VPC_ENDPOINT_SERVICE connectivity must have\n its own private DNS name. The XksProxyUriEndpoint value for external key\n stores with VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be\n unique in the Amazon Web Services account and Region.
Adds a grant to a KMS key.
\nA grant is a policy instrument that allows Amazon Web Services principals to use\n KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key,\n grants are considered along with key policies and IAM policies. Grants are often used for\n temporary permissions because you can create one, use its permissions, and delete it without\n changing your key policies or IAM policies.
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\nThe CreateGrant operation returns a GrantToken and a\n GrantId.
When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee\n principal can use the permissions in the grant without identifying the grant.
\nHowever, to use the permissions in the grant immediately, use the\n GrantToken that CreateGrant returns. For details, see Using a\n grant token in the \n Key Management Service Developer Guide\n .
The CreateGrant operation also returns a GrantId. You can\n use the GrantId and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant\n ID, use the ListGrants or ListRetirableGrants\n operations.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:CreateGrant (key policy)
\n\n Related operations:\n
\n\n ListGrants\n
\n\n ListRetirableGrants\n
\n\n RetireGrant\n
\n\n RevokeGrant\n
\nAdds a grant to a KMS key.
\nA grant is a policy instrument that allows Amazon Web Services principals to use\n KMS keys in cryptographic operations. It also can allow them to view a KMS key (DescribeKey) and create and manage grants. When authorizing access to a KMS key,\n grants are considered along with key policies and IAM policies. Grants are often used for\n temporary permissions because you can create one, use its permissions, and delete it without\n changing your key policies or IAM policies.
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\nThe CreateGrant operation returns a GrantToken and a\n GrantId.
When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. Once the grant has achieved eventual consistency, the grantee\n principal can use the permissions in the grant without identifying the grant.
\nHowever, to use the permissions in the grant immediately, use the\n GrantToken that CreateGrant returns. For details, see Using a\n grant token in the \n Key Management Service Developer Guide\n .
The CreateGrant operation also returns a GrantId. You can\n use the GrantId and a key identifier to identify the grant in the RetireGrant and RevokeGrant operations. To find the grant\n ID, use the ListGrants or ListRetirableGrants\n operations.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:CreateGrant (key policy)
\n\n Related operations:\n
\n\n ListGrants\n
\n\n ListRetirableGrants\n
\n\n RetireGrant\n
\n\n RevokeGrant\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To create a grant", @@ -963,7 +986,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a unique customer managed KMS key in your Amazon Web Services account and Region.\n You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services\n services let you use KMS keys that you create and manage to protect your service\n resources.
\nA KMS key is a logical representation of a cryptographic key. In addition to the key\n material used in cryptographic operations, a KMS key includes metadata, such as the key ID,\n key policy, creation date, description, and key state. For details, see Managing keys in the\n Key Management Service Developer Guide\n
\nUse the parameters of CreateKey to specify the type of KMS key, the source of\n its key material, its key policy, description, tags, and other properties.
KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
\nTo create different types of KMS keys, use the following guidance:
\nBy default, CreateKey creates a symmetric encryption KMS key with key\n material that KMS generates. This is the basic and most widely used type of KMS key, and\n provides the best performance.
To create a symmetric encryption KMS key, you don't need to specify any parameters.\n The default value for KeySpec, SYMMETRIC_DEFAULT, the default\n value for KeyUsage, ENCRYPT_DECRYPT, and the default value for\n Origin, AWS_KMS, create a symmetric encryption KMS key with\n KMS key material.
If you need a key for basic encryption and decryption or you are creating a KMS key\n to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key.\n The key material in a symmetric encryption key never leaves KMS unencrypted. You can\n use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but\n they are typically used to generate data keys and data keys pairs. For details, see\n GenerateDataKey and GenerateDataKeyPair.
\n\n
To create an asymmetric KMS key, use the KeySpec parameter to specify\n the type of key material in the KMS key. Then, use the KeyUsage parameter\n to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.\n You can't change these properties after the KMS key is created.
Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an\n SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves\n KMS unencrypted. However, you can use the GetPublicKey operation to\n download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key\n pairs can be used to encrypt or decrypt data or sign and verify messages (but not both).\n KMS keys with ECC key pairs can be used only to sign and verify messages. For\n information about asymmetric KMS keys, see Asymmetric KMS keys in the\n Key Management Service Developer Guide.
\n\n
To create an HMAC KMS key, set the KeySpec parameter to a key spec\n value for HMAC KMS keys. Then set the KeyUsage parameter to\n GENERATE_VERIFY_MAC. You must set the key usage even though\n GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys.\n You can't change these properties after the KMS key is created.
HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use\n HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
\n\n
To create a multi-Region primary key in the local Amazon Web Services Region,\n use the MultiRegion parameter with a value of True. To create\n a multi-Region replica key, that is, a KMS key with the same key ID\n and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its\n primary key to a replica key, use the UpdatePrimaryRegion\n operation.
You can create multi-Region KMS keys for all supported KMS key types: symmetric\n encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric\n signing KMS keys. You can also create multi-Region keys with imported key material.\n However, you can't create multi-Region keys in a custom key store.
\nThis operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\n\n
To import your own key material into a KMS key, begin by creating a KMS key with no\n key material. To do this, use the Origin parameter of\n CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token. Use\n the wrapping public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For\n step-by-step instructions, see Importing Key Material in the \n Key Management Service Developer Guide\n .
You can import key material into KMS keys of all supported KMS key types: symmetric\n encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric\n signing KMS keys. You can also create multi-Region keys with imported key material.\n However, you can't import key material into a KMS key in a custom key store.
\nTo create a multi-Region primary key with imported key material, use the\n Origin parameter of CreateKey with a value of\n EXTERNAL and the MultiRegion parameter with a value of\n True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material into\n multi-Region keys. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\n
A custom key store lets you protect your Amazon Web Services resources using keys in a backing key\n store that you own and manage. When you request a cryptographic operation with a KMS key\n in a custom key store, the operation is performed in the backing key store using its\n cryptographic keys.
\nKMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an\n external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store,\n KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS\n key. When you create a KMS key in an external key store, you specify an existing\n encryption key in the external key manager.
\nSome external key managers provide a simpler method for creating a KMS key in an\n external key store. For details, see your external key manager documentation.
\nBefore you create a KMS key in a custom key store, the ConnectionState\n of the key store must be CONNECTED. To connect the custom key store, use\n the ConnectCustomKeyStore operation. To find the\n ConnectionState, use the DescribeCustomKeyStores\n operation.
To create a KMS key in a custom key store, use the CustomKeyStoreId.\n Use the default KeySpec value, SYMMETRIC_DEFAULT, and the\n default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric\n encryption key. No other key type is supported in a custom key store.
To create a KMS key in an CloudHSM key store, use the\n Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM\n cluster that is associated with the custom key store must have at least two active HSMs\n in different Availability Zones in the Amazon Web Services Region.
To create a KMS key in an external key store, use the\n Origin parameter with a value of EXTERNAL_KEY_STORE and an\n XksKeyId parameter that identifies an existing external key.
Some external key managers provide a simpler method for creating a KMS key in an\n external key store. For details, see your external key manager documentation.
\n\n Cross-account use: No. You cannot use this operation to\n create a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:CreateKey (IAM policy). To use the\n Tags parameter, kms:TagResource (IAM policy). For examples and information about related\n permissions, see Allow a user to create\n KMS keys in the Key Management Service Developer Guide.
\n Related operations:\n
\n\n DescribeKey\n
\n\n ListKeys\n
\n\n ScheduleKeyDeletion\n
\nCreates a unique customer managed KMS key in your Amazon Web Services account and Region.\n You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services\n services let you use KMS keys that you create and manage to protect your service\n resources.
\nA KMS key is a logical representation of a cryptographic key. In addition to the key\n material used in cryptographic operations, a KMS key includes metadata, such as the key ID,\n key policy, creation date, description, and key state. For details, see Managing keys in the\n Key Management Service Developer Guide\n
\nUse the parameters of CreateKey to specify the type of KMS key, the source of\n its key material, its key policy, description, tags, and other properties.
KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.
\nTo create different types of KMS keys, use the following guidance:
\nBy default, CreateKey creates a symmetric encryption KMS key with key\n material that KMS generates. This is the basic and most widely used type of KMS key, and\n provides the best performance.
To create a symmetric encryption KMS key, you don't need to specify any parameters.\n The default value for KeySpec, SYMMETRIC_DEFAULT, the default\n value for KeyUsage, ENCRYPT_DECRYPT, and the default value for\n Origin, AWS_KMS, create a symmetric encryption KMS key with\n KMS key material.
If you need a key for basic encryption and decryption or you are creating a KMS key\n to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key.\n The key material in a symmetric encryption key never leaves KMS unencrypted. You can\n use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but\n they are typically used to generate data keys and data keys pairs. For details, see\n GenerateDataKey and GenerateDataKeyPair.
\n\n
To create an asymmetric KMS key, use the KeySpec parameter to specify\n the type of key material in the KMS key. Then, use the KeyUsage parameter\n to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.\n You can't change these properties after the KMS key is created.
Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an\n SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves\n KMS unencrypted. However, you can use the GetPublicKey operation to\n download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key\n pairs can be used to encrypt or decrypt data or sign and verify messages (but not both).\n KMS keys with ECC key pairs can be used only to sign and verify messages. For\n information about asymmetric KMS keys, see Asymmetric KMS keys in the\n Key Management Service Developer Guide.
\n\n
To create an HMAC KMS key, set the KeySpec parameter to a key spec\n value for HMAC KMS keys. Then set the KeyUsage parameter to\n GENERATE_VERIFY_MAC. You must set the key usage even though\n GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys.\n You can't change these properties after the KMS key is created.
HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use\n HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
\n\n
To create a multi-Region primary key in the local Amazon Web Services Region,\n use the MultiRegion parameter with a value of True. To create\n a multi-Region replica key, that is, a KMS key with the same key ID\n and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its\n primary key to a replica key, use the UpdatePrimaryRegion\n operation.
You can create multi-Region KMS keys for all supported KMS key types: symmetric\n encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric\n signing KMS keys. You can also create multi-Region keys with imported key material.\n However, you can't create multi-Region keys in a custom key store.
\nThis operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\n\n
To import your own key material into a KMS key, begin by creating a KMS key with no\n key material. To do this, use the Origin parameter of\n CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token. Use\n the wrapping public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For\n step-by-step instructions, see Importing Key Material in the \n Key Management Service Developer Guide\n .
You can import key material into KMS keys of all supported KMS key types: symmetric\n encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric\n signing KMS keys. You can also create multi-Region keys with imported key material.\n However, you can't import key material into a KMS key in a custom key store.
\nTo create a multi-Region primary key with imported key material, use the\n Origin parameter of CreateKey with a value of\n EXTERNAL and the MultiRegion parameter with a value of\n True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material into\n multi-Region keys. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\n
A custom key store lets you protect your Amazon Web Services resources using keys in a backing key\n store that you own and manage. When you request a cryptographic operation with a KMS key\n in a custom key store, the operation is performed in the backing key store using its\n cryptographic keys.
\nKMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an\n external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store,\n KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS\n key. When you create a KMS key in an external key store, you specify an existing\n encryption key in the external key manager.
\nSome external key managers provide a simpler method for creating a KMS key in an\n external key store. For details, see your external key manager documentation.
\nBefore you create a KMS key in a custom key store, the ConnectionState\n of the key store must be CONNECTED. To connect the custom key store, use\n the ConnectCustomKeyStore operation. To find the\n ConnectionState, use the DescribeCustomKeyStores\n operation.
To create a KMS key in a custom key store, use the CustomKeyStoreId.\n Use the default KeySpec value, SYMMETRIC_DEFAULT, and the\n default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric\n encryption key. No other key type is supported in a custom key store.
To create a KMS key in an CloudHSM key store, use the\n Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM\n cluster that is associated with the custom key store must have at least two active HSMs\n in different Availability Zones in the Amazon Web Services Region.
To create a KMS key in an external key store, use the\n Origin parameter with a value of EXTERNAL_KEY_STORE and an\n XksKeyId parameter that identifies an existing external key.
Some external key managers provide a simpler method for creating a KMS key in an\n external key store. For details, see your external key manager documentation.
\n\n Cross-account use: No. You cannot use this operation to\n create a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:CreateKey (IAM policy). To use the\n Tags parameter, kms:TagResource (IAM policy). For examples and information about related\n permissions, see Allow a user to create\n KMS keys in the Key Management Service Developer Guide.
\n Related operations:\n
\n\n DescribeKey\n
\n\n ListKeys\n
\n\n ScheduleKeyDeletion\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
" } }, "com.amazonaws.kms#CreateKeyRequest": { @@ -1018,7 +1041,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "Skips (\"bypasses\") the key policy lockout safety check. The default value is false.
\nSetting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately.
\nFor more information, see Default key policy in the Key Management Service Developer Guide.
\nUse this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent PutKeyPolicy request on the KMS key.
" + "smithy.api#documentation": "Skips (\"bypasses\") the key policy lockout safety check. The default value is false.
\nSetting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately.
\nFor more information, see Default key policy in the Key Management Service Developer Guide.
\nUse this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent PutKeyPolicy\n request on the KMS key.
" } }, "Tags": { @@ -1434,7 +1457,7 @@ } ], "traits": { - "smithy.api#documentation": "Decrypts ciphertext that was encrypted by a KMS key using any of the following\n operations:
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\nYou can use this operation to decrypt ciphertext that was encrypted under a symmetric\n encryption KMS key or an asymmetric encryption KMS key. When the KMS key is asymmetric, you\n must specify the KMS key and the encryption algorithm that was used to encrypt the ciphertext.\n For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
\nThe Decrypt operation also decrypts ciphertext that was encrypted outside of\n KMS by the public key in an KMS asymmetric KMS key. However, it cannot decrypt symmetric\n ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption.\n These libraries return a ciphertext format that is incompatible with KMS.
If the ciphertext was encrypted under a symmetric encryption KMS key, the\n KeyId parameter is optional. KMS can get this information from metadata that\n it adds to the symmetric ciphertext blob. This feature adds durability to your implementation\n by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even\n if they've lost track of the key ID. However, specifying the KMS key is always recommended as\n a best practice. When you use the KeyId parameter to specify a KMS key, KMS\n only uses the KMS key you specify. If the ciphertext was encrypted under a different KMS key,\n the Decrypt operation fails. This practice ensures that you use the KMS key that\n you intend.
Whenever possible, use key policies to give users permission to call the\n Decrypt operation on a particular KMS key, instead of using &IAM; policies.\n Otherwise, you might create an &IAM; policy that gives the user Decrypt\n permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys\n in other accounts if the key policy for the cross-account KMS key permits it. If you must use\n an IAM policy for Decrypt permissions, limit the user to particular KMS keys or\n particular trusted accounts. For details, see Best practices for IAM\n policies in the Key Management Service Developer Guide.
\n Decrypt also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call Decrypt for a Nitro enclave, use\n the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the\n attestation document for the enclave. Instead of the plaintext data, the response includes the\n plaintext data encrypted with the public key from the attestation document\n (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. If you use the KeyId\n parameter to identify a KMS key in a different Amazon Web Services account, specify the key ARN or the alias\n ARN of the KMS key.
\n Required permissions: kms:Decrypt (key policy)
\n\n Related operations:\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\n\n ReEncrypt\n
\nDecrypts ciphertext that was encrypted by a KMS key using any of the following\n operations:
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\nYou can use this operation to decrypt ciphertext that was encrypted under a symmetric\n encryption KMS key or an asymmetric encryption KMS key. When the KMS key is asymmetric, you\n must specify the KMS key and the encryption algorithm that was used to encrypt the ciphertext.\n For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
\nThe Decrypt operation also decrypts ciphertext that was encrypted outside of\n KMS by the public key in an KMS asymmetric KMS key. However, it cannot decrypt symmetric\n ciphertext produced by other libraries, such as the Amazon Web Services Encryption SDK or Amazon S3 client-side encryption.\n These libraries return a ciphertext format that is incompatible with KMS.
If the ciphertext was encrypted under a symmetric encryption KMS key, the\n KeyId parameter is optional. KMS can get this information from metadata that\n it adds to the symmetric ciphertext blob. This feature adds durability to your implementation\n by ensuring that authorized users can decrypt ciphertext decades after it was encrypted, even\n if they've lost track of the key ID. However, specifying the KMS key is always recommended as\n a best practice. When you use the KeyId parameter to specify a KMS key, KMS\n only uses the KMS key you specify. If the ciphertext was encrypted under a different KMS key,\n the Decrypt operation fails. This practice ensures that you use the KMS key that\n you intend.
Whenever possible, use key policies to give users permission to call the\n Decrypt operation on a particular KMS key, instead of using &IAM; policies.\n Otherwise, you might create an &IAM; policy that gives the user Decrypt\n permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys\n in other accounts if the key policy for the cross-account KMS key permits it. If you must use\n an IAM policy for Decrypt permissions, limit the user to particular KMS keys or\n particular trusted accounts. For details, see Best practices for IAM\n policies in the Key Management Service Developer Guide.
\n Decrypt also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call Decrypt for a Nitro enclave, use\n the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the\n attestation document for the enclave. Instead of the plaintext data, the response includes the\n plaintext data encrypted with the public key from the attestation document\n (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. If you use the KeyId\n parameter to identify a KMS key in a different Amazon Web Services account, specify the key ARN or the alias\n ARN of the KMS key.
\n Required permissions: kms:Decrypt (key policy)
\n\n Related operations:\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\n\n ReEncrypt\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To decrypt data with a symmetric encryption KMS key", @@ -1448,6 +1471,20 @@ "Plaintext": "A signed attestation document from\n an Amazon Web Services Nitro enclave and the encryption algorithm to use with the enclave's public key. The\n only valid encryption algorithm is RSAES_OAEP_SHA_256.
This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this\n parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.
\nWhen you use this parameter, instead of returning the plaintext data, KMS encrypts the\n plaintext data with the public key in the attestation document, and returns the resulting\n ciphertext in the CiphertextForRecipient field in the response. This ciphertext\n can be decrypted only with the private key in the enclave. The Plaintext field in\n the response is null or empty.
For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
" + "smithy.api#documentation": "A signed attestation\n document from an Amazon Web Services Nitro enclave and the encryption algorithm to use with the\n enclave's public key. The only valid encryption algorithm is RSAES_OAEP_SHA_256.
This parameter only supports attestation documents for Amazon Web Services Nitro Enclaves. To include this\n parameter, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK.
\nWhen you use this parameter, instead of returning the plaintext data, KMS encrypts the\n plaintext data with the public key in the attestation document, and returns the resulting\n ciphertext in the CiphertextForRecipient field in the response. This ciphertext\n can be decrypted only with the private key in the enclave. The Plaintext field in\n the response is null or empty.
For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
" } }, "DryRun": { @@ -1558,7 +1595,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes the specified alias.
\nAdding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nBecause an alias is not a property of a KMS key, you can delete and change the aliases of\n a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the\n DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
\nEach KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to\n create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.
\n\n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
\n\n Required permissions\n
\n\n kms:DeleteAlias on\n the alias (IAM policy).
\n\n kms:DeleteAlias on\n the KMS key (key policy).
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateAlias\n
\n\n ListAliases\n
\n\n UpdateAlias\n
\nDeletes the specified alias.
\nAdding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nBecause an alias is not a property of a KMS key, you can delete and change the aliases of\n a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the\n DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
\nEach KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to\n create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.
\n\n Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
\n\n Required permissions\n
\n\n kms:DeleteAlias on\n the alias (IAM policy).
\n\n kms:DeleteAlias on\n the KMS key (key policy).
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateAlias\n
\n\n ListAliases\n
\n\n UpdateAlias\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To delete an alias", @@ -1608,7 +1645,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a custom key store. This operation does not affect any backing elements of the\n custom key store. It does not delete the CloudHSM cluster that is associated with an CloudHSM key\n store, or affect any users or keys in the cluster. For an external key store, it does not\n affect the external key store proxy, external key manager, or any external keys.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nThe custom key store that you delete cannot contain any KMS keys. Before deleting the key store,\n verify that you will never need to use any of the KMS keys in the key store for any\n cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the\n key store. After the required waiting period expires and all KMS keys are deleted from the\n custom key store, use DisconnectCustomKeyStore to disconnect the key store\n from KMS. Then, you can delete the custom key store.
\nFor keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes a\n best effort to delete the key material from the associated cluster. However, you might need to\n manually delete the orphaned key\n material from the cluster and its backups. KMS never creates, manages, or deletes\n cryptographic keys in the external key manager associated with an external key store. You must\n manage them using your external key manager tools.
Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore operation to disconnect the custom key store from its\n backing key store. While the key store is disconnected, you cannot create or use the KMS keys\n in the key store. But, you do not need to delete KMS keys and you can reconnect a disconnected\n custom key store at any time.
\nIf the operation succeeds, it returns a JSON object with no\nproperties.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:DeleteCustomKeyStore (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\nDeletes a custom key store. This operation does not affect any backing elements of the\n custom key store. It does not delete the CloudHSM cluster that is associated with an CloudHSM key\n store, or affect any users or keys in the cluster. For an external key store, it does not\n affect the external key store proxy, external key manager, or any external keys.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nThe custom key store that you delete cannot contain any KMS keys. Before deleting the key store,\n verify that you will never need to use any of the KMS keys in the key store for any\n cryptographic operations. Then, use ScheduleKeyDeletion to delete the KMS keys from the\n key store. After the required waiting period expires and all KMS keys are deleted from the\n custom key store, use DisconnectCustomKeyStore to disconnect the key store\n from KMS. Then, you can delete the custom key store.
\nFor keys in an CloudHSM key store, the ScheduleKeyDeletion operation makes a\n best effort to delete the key material from the associated cluster. However, you might need to\n manually delete the orphaned key\n material from the cluster and its backups. KMS never creates, manages, or deletes\n cryptographic keys in the external key manager associated with an external key store. You must\n manage them using your external key manager tools.
Instead of deleting the custom key store, consider using the DisconnectCustomKeyStore operation to disconnect the custom key store from its\n backing key store. While the key store is disconnected, you cannot create or use the KMS keys\n in the key store. But, you do not need to delete KMS keys and you can reconnect a disconnected\n custom key store at any time.
\nIf the operation succeeds, it returns a JSON object with no\nproperties.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:DeleteCustomKeyStore (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To delete a custom key store from AWS KMS", @@ -1672,7 +1709,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes key material that was previously imported. This operation makes the specified KMS\n key temporarily unusable. To restore the usability of the KMS key, reimport the same key\n material. For more information about importing key material into KMS, see Importing Key Material\n in the Key Management Service Developer Guide.
\nWhen the specified KMS key is in the PendingDeletion state, this operation\n does not change the KMS key's state. Otherwise, it changes the KMS key's state to\n PendingImport.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:DeleteImportedKeyMaterial (key policy)
\n\n Related operations:\n
\n\n ImportKeyMaterial\n
\nDeletes key material that was previously imported. This operation makes the specified KMS\n key temporarily unusable. To restore the usability of the KMS key, reimport the same key\n material. For more information about importing key material into KMS, see Importing Key Material\n in the Key Management Service Developer Guide.
\nWhen the specified KMS key is in the PendingDeletion state, this operation\n does not change the KMS key's state. Otherwise, it changes the KMS key's state to\n PendingImport.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:DeleteImportedKeyMaterial (key policy)
\n\n Related operations:\n
\n\n ImportKeyMaterial\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To delete imported key material", @@ -1736,7 +1773,7 @@ } ], "traits": { - "smithy.api#documentation": "Gets information about custom key stores in the account and Region.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nBy default, this operation returns information about all custom key stores in the account\n and Region. To get only information about a particular custom key store, use either the\n CustomKeyStoreName or CustomKeyStoreId parameter (but not\n both).
To determine whether the custom key store is connected to its CloudHSM cluster or external\n key store proxy, use the ConnectionState element in the response. If an attempt\n to connect the custom key store failed, the ConnectionState value is\n FAILED and the ConnectionErrorCode element in the response\n indicates the cause of the failure. For help interpreting the\n ConnectionErrorCode, see CustomKeyStoresListEntry.
Custom key stores have a DISCONNECTED connection state if the key store has\n never been connected or you used the DisconnectCustomKeyStore operation to\n disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store\n connection state is CONNECTED but you are having trouble using it, verify that\n the backing store is active and available. For an CloudHSM key store, verify that the associated\n CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if\n any. For an external key store, verify that the external key store proxy and its associated\n external key manager are reachable and enabled.
For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help\n repairing your external key store, see the Troubleshooting external key stores.\n Both topics are in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:DescribeCustomKeyStores (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\nGets information about custom key stores in the account and Region.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nBy default, this operation returns information about all custom key stores in the account\n and Region. To get only information about a particular custom key store, use either the\n CustomKeyStoreName or CustomKeyStoreId parameter (but not\n both).
To determine whether the custom key store is connected to its CloudHSM cluster or external\n key store proxy, use the ConnectionState element in the response. If an attempt\n to connect the custom key store failed, the ConnectionState value is\n FAILED and the ConnectionErrorCode element in the response\n indicates the cause of the failure. For help interpreting the\n ConnectionErrorCode, see CustomKeyStoresListEntry.
Custom key stores have a DISCONNECTED connection state if the key store has\n never been connected or you used the DisconnectCustomKeyStore operation to\n disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store\n connection state is CONNECTED but you are having trouble using it, verify that\n the backing store is active and available. For an CloudHSM key store, verify that the associated\n CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if\n any. For an external key store, verify that the external key store proxy and its associated\n external key manager are reachable and enabled.
For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help\n repairing your external key store, see the Troubleshooting external key stores.\n Both topics are in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:DescribeCustomKeyStores (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To get detailed information about custom key stores in the account and Region", @@ -1805,7 +1842,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in thisresponse to the Marker parameter in a\n subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Provides detailed information about a KMS key. You can run DescribeKey on a\n customer managed\n key or an Amazon Web Services managed key.
This detailed information includes the key ARN, creation date (and deletion date, if\n applicable), the key state, and the origin and expiration date (if any) of the key material.\n It includes fields, like KeySpec, that help you distinguish different types of\n KMS keys. It also displays the key usage (encryption, signing, or generating and verifying\n MACs) and the algorithms that the KMS key supports.
For multi-Region keys,\n DescribeKey displays the primary key and all related replica keys. For KMS keys\n in CloudHSM key stores, it includes\n information about the key store, such as the key store ID and the CloudHSM cluster ID. For KMS\n keys in external key stores, it\n includes the custom key store ID and the ID of the external key.
\n DescribeKey does not return the following information:
Aliases associated with the KMS key. To get this information, use ListAliases.
\nWhether automatic key rotation is enabled on the KMS key. To get this information, use\n GetKeyRotationStatus. Also, some key states prevent a KMS key from\n being automatically rotated. For details, see How Automatic Key Rotation\n Works in the Key Management Service Developer Guide.
\nTags on the KMS key. To get this information, use ListResourceTags.
\nKey policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.
\nIn general, DescribeKey is a non-mutating operation. It returns data about\n KMS keys, but doesn't change them. However, Amazon Web Services services use DescribeKey to\n create Amazon Web Services\n managed keys from a predefined Amazon Web Services alias with no key\n ID.
\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:DescribeKey (key policy)
\n\n Related operations:\n
\n\n GetKeyPolicy\n
\n\n GetKeyRotationStatus\n
\n\n ListAliases\n
\n\n ListGrants\n
\n\n ListKeys\n
\n\n ListResourceTags\n
\n\n ListRetirableGrants\n
\nProvides detailed information about a KMS key. You can run DescribeKey on a\n customer managed\n key or an Amazon Web Services managed key.
This detailed information includes the key ARN, creation date (and deletion date, if\n applicable), the key state, and the origin and expiration date (if any) of the key material.\n It includes fields, like KeySpec, that help you distinguish different types of\n KMS keys. It also displays the key usage (encryption, signing, or generating and verifying\n MACs) and the algorithms that the KMS key supports.
For multi-Region keys, DescribeKey displays the primary key and all\n related replica keys. For KMS keys in CloudHSM key stores, it includes information\n about the key store, such as the key store ID and the CloudHSM cluster ID. For KMS keys in external key stores,\n it includes the custom key store ID and the ID of the external key.
\n DescribeKey does not return the following information:
Aliases associated with the KMS key. To get this information, use ListAliases.
\nWhether automatic key rotation is enabled on the KMS key. To get this information, use\n GetKeyRotationStatus. Also, some key states prevent a KMS key from\n being automatically rotated. For details, see How Automatic Key Rotation\n Works in the Key Management Service Developer Guide.
\nTags on the KMS key. To get this information, use ListResourceTags.
\nKey policies and grants on the KMS key. To get this information, use GetKeyPolicy and ListGrants.
\nIn general, DescribeKey is a non-mutating operation. It returns data about\n KMS keys, but doesn't change them. However, Amazon Web Services services use DescribeKey to\n create Amazon Web Services\n managed keys from a predefined Amazon Web Services alias with no key\n ID.
\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:DescribeKey (key policy)
\n\n Related operations:\n
\n\n GetKeyPolicy\n
\n\n GetKeyRotationStatus\n
\n\n ListAliases\n
\n\n ListGrants\n
\n\n ListKeys\n
\n\n ListResourceTags\n
\n\n ListRetirableGrants\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", + "smithy.api#examples": [ + { + "title": "To get details about an RSA asymmetric KMS key", + "documentation": "The following example gets metadata for an asymmetric RSA KMS key used for signing and verification.", + "input": { + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "output": { + "KeyMetadata": { + "AWSAccountId": "111122223333", + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "CreationDate": 1.571767572317E9, + "CustomerMasterKeySpec": "RSA_2048", + "Enabled": false, + "Description": "", + "KeyState": "Disabled", + "Origin": "AWS_KMS", + "MultiRegion": false, + "KeyManager": "CUSTOMER", + "KeySpec": "RSA_2048", + "KeyUsage": "SIGN_VERIFY", + "SigningAlgorithms": [ + "RSASSA_PKCS1_V1_5_SHA_256", + "RSASSA_PKCS1_V1_5_SHA_384", + "RSASSA_PKCS1_V1_5_SHA_512", + "RSASSA_PSS_SHA_256", + "RSASSA_PSS_SHA_384", + "RSASSA_PSS_SHA_512" + ] + } + } + }, + { + "title": "To get details about a multi-Region key", + "documentation": "The following example gets metadata for a multi-Region replica key. This multi-Region key is a symmetric encryption key. DescribeKey returns information about the primary key and all of its replicas.", + "input": { + "KeyId": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab" + }, + "output": { + "KeyMetadata": { + "MultiRegion": true, + "AWSAccountId": "111122223333", + "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", + "CreationDate": 1.586329200918E9, + "Description": "", + "Enabled": true, + "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab", + "KeyManager": "CUSTOMER", + "KeyState": "Enabled", + "KeyUsage": "ENCRYPT_DECRYPT", + "Origin": "AWS_KMS", + "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", + "EncryptionAlgorithms": [ + "SYMMETRIC_DEFAULT" + ], + "MultiRegionConfiguration": { + "MultiRegionKeyType": "PRIMARY", + "PrimaryKey": { + "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", + "Region": "us-west-2" + }, + "ReplicaKeys": [ + { + "Arn": "arn:aws:kms:eu-west-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", + "Region": "eu-west-1" + }, + { + "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", + "Region": "ap-northeast-1" + }, + { + "Arn": "arn:aws:kms:sa-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", + "Region": "sa-east-1" + } + ] + } + } + } + }, + { + "title": "To get details about an HMAC KMS key", + "documentation": "The following example gets the metadata of an HMAC KMS key.", + "input": { + "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "output": { + "KeyMetadata": { + "AWSAccountId": "123456789012", + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "CreationDate": 1.566160362664E9, + "Enabled": true, + "Description": "Development test key", + "KeyUsage": "GENERATE_VERIFY_MAC", + "KeyState": "Enabled", + "Origin": "AWS_KMS", + "KeyManager": "CUSTOMER", + "CustomerMasterKeySpec": "HMAC_256", + "MacAlgorithms": [ + "HMAC_SHA_256" + ], + "MultiRegion": false + } + } + }, + { + "title": "To get details about a KMS key in an AWS CloudHSM key store", + "documentation": "The following example gets the metadata of a KMS key in an AWS CloudHSM key store.", + "input": { + "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "output": { + "KeyMetadata": { + "AWSAccountId": "123456789012", + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "CreationDate": 1.646160362664E9, + "Description": "CloudHSM key store test key", + "Enabled": true, + "MultiRegion": false, + "KeyManager": "CUSTOMER", + "KeyState": "Enabled", + "KeyUsage": "ENCRYPT_DECRYPT", + "Origin": "AWS_CLOUDHSM", + "CloudHsmClusterId": "cluster-234abcdefABC", + "CustomKeyStoreId": "cks-1234567890abcdef0", + "KeySpec": "SYMMETRIC_DEFAULT", + "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", + "EncryptionAlgorithms": [ + "SYMMETRIC_DEFAULT" + ] + } + } + }, + { + "title": "To get details about a KMS key in an external key store", + "documentation": "The following example gets the metadata of a KMS key in an external key store.", + "input": { + "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "output": { + "KeyMetadata": { + "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", + "AWSAccountId": "123456789012", + "CreationDate": 1.646160362664E9, + "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", + "CustomKeyStoreId": "cks-1234567890abcdef0", + "Description": "External key store test key", + "Enabled": true, + "EncryptionAlgorithms": [ + "SYMMETRIC_DEFAULT" + ], + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "KeyManager": "CUSTOMER", + "KeySpec": "SYMMETRIC_DEFAULT", + "KeyState": "Enabled", + "KeyUsage": "ENCRYPT_DECRYPT", + "MultiRegion": false, + "Origin": "EXTERNAL_KEY_STORE", + "XksKeyConfiguration": { + "Id": "bb8562717f809024" + } + } + } + } + ] } }, "com.amazonaws.kms#DescribeKeyRequest": { @@ -1909,7 +2113,7 @@ } ], "traits": { - "smithy.api#documentation": "Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS\n key for cryptographic operations.
\nFor more information about how key state affects the use of a KMS key, see\n Key states of KMS keys in the \n Key Management Service Developer Guide\n .
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:DisableKey (key policy)
\n\n Related operations: EnableKey\n
", + "smithy.api#documentation": "Sets the state of a KMS key to disabled. This change temporarily prevents use of the KMS\n key for cryptographic operations.
\nFor more information about how key state affects the use of a KMS key, see\n Key states of KMS keys in the \n Key Management Service Developer Guide\n .
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:DisableKey (key policy)
\n\n Related operations: EnableKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To disable a KMS key", @@ -1968,7 +2172,7 @@ } ], "traits": { - "smithy.api#documentation": "Disables automatic\n rotation of the key material of the specified symmetric encryption KMS key.
\nAutomatic key rotation is supported only on symmetric encryption KMS keys.\n You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
\nYou can enable (EnableKeyRotation) and disable automatic rotation of the\n key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not\n configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS\n keys varies.
\nIn May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three\n years to every year. For details, see EnableKeyRotation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:DisableKeyRotation (key policy)
\n\n Related operations:\n
\n\n EnableKeyRotation\n
\n\n GetKeyRotationStatus\n
\nDisables automatic\n rotation of the key material of the specified symmetric encryption KMS key.
\nAutomatic key rotation is supported only on symmetric encryption KMS keys.\n You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
\nYou can enable (EnableKeyRotation) and disable automatic rotation of the\n key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not\n configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS\n keys varies.
\nIn May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three\n years to every year. For details, see EnableKeyRotation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:DisableKeyRotation (key policy)
\n\n Related operations:\n
\n\n EnableKeyRotation\n
\n\n GetKeyRotationStatus\n
\n\n ListKeyRotations\n
\n\n RotateKeyOnDemand\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To disable automatic rotation of key material", @@ -2032,7 +2236,7 @@ } ], "traits": { - "smithy.api#documentation": "Disconnects the custom key store from its backing key store. This operation disconnects an\n CloudHSM key store from its associated CloudHSM cluster or disconnects an external key store from\n the external key store proxy that communicates with your external key manager.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nWhile a custom key store is disconnected, you can manage the custom key store and its KMS\n keys, but you cannot create or use its KMS keys. You can reconnect the custom key store at any\n time.
\nWhile a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will\n fail. This action can prevent users from storing and accessing sensitive data.
\nWhen you disconnect a custom key store, its ConnectionState changes to\n Disconnected. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the\n ConnectCustomKeyStore operation.
If the operation succeeds, it returns a JSON object with no\nproperties.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\nDisconnects the custom key store from its backing key store. This operation disconnects an\n CloudHSM key store from its associated CloudHSM cluster or disconnects an external key store from\n the external key store proxy that communicates with your external key manager.
\nThis operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nWhile a custom key store is disconnected, you can manage the custom key store and its KMS\n keys, but you cannot create or use its KMS keys. You can reconnect the custom key store at any\n time.
\nWhile a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will\n fail. This action can prevent users from storing and accessing sensitive data.
\nWhen you disconnect a custom key store, its ConnectionState changes to\n Disconnected. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the\n ConnectCustomKeyStore operation.
If the operation succeeds, it returns a JSON object with no\nproperties.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n UpdateCustomKeyStore\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To disconnect a custom key store from its CloudHSM cluster", @@ -2079,7 +2283,7 @@ "code": "DryRunOperation", "httpResponseCode": 412 }, - "smithy.api#documentation": "\n The request was rejected because the DryRun parameter was specified.\n
", + "smithy.api#documentation": "The request was rejected because the DryRun parameter was specified.
", "smithy.api#error": "client", "smithy.api#httpError": 412 } @@ -2113,7 +2317,7 @@ } ], "traits": { - "smithy.api#documentation": "Sets the key state of a KMS key to enabled. This allows you to use the KMS key for\n cryptographic operations.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:EnableKey (key policy)
\n\n Related operations: DisableKey\n
", + "smithy.api#documentation": "Sets the key state of a KMS key to enabled. This allows you to use the KMS key for\n cryptographic operations.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:EnableKey (key policy)
\n\n Related operations: DisableKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To enable a KMS key", @@ -2172,13 +2376,14 @@ } ], "traits": { - "smithy.api#documentation": "Enables automatic rotation\n of the key material of the specified symmetric encryption KMS key.
\nWhen you enable automatic rotation of acustomer managed KMS key, KMS\n rotates the key material of the KMS key one year (approximately 365 days) from the enable date\n and every year thereafter. You can monitor rotation of the key material for your KMS keys in\n CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer\n managed KMS key, use the DisableKeyRotation operation.
\nAutomatic key rotation is supported only on symmetric encryption KMS keys.\n You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
\nYou cannot enable or disable automatic rotation Amazon Web Services managed KMS keys. KMS\n always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS\n keys varies.
\nIn May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three\n years (approximately 1,095 days) to every year (approximately 365 days).
\nNew Amazon Web Services managed keys are automatically rotated one year after they are created, and\n approximately every year thereafter.
\nExisting Amazon Web Services managed keys are automatically rotated one year after their most recent\n rotation, and every year thereafter.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:EnableKeyRotation (key policy)
\n\n Related operations:\n
\n\n DisableKeyRotation\n
\n\n GetKeyRotationStatus\n
\nEnables automatic rotation\n of the key material of the specified symmetric encryption KMS key.
\nBy default, when you enable automatic rotation of a customer managed KMS key, KMS\n rotates the key material of the KMS key one year (approximately 365 days) from the enable date\n and every year thereafter. You can use the optional RotationPeriodInDays\n parameter to specify a custom rotation period when you enable key rotation, or you can use \n RotationPeriodInDays to modify the rotation period of a key that you previously \n enabled automatic key rotation on.
You can monitor rotation of the key material\n for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key\n material in a customer managed KMS key, use the DisableKeyRotation\n operation. You can use the GetKeyRotationStatus operation to identify any in progress \n rotations. You can use the ListKeyRotations operation to view the details of\n completed rotations.
\nAutomatic key rotation is supported only on symmetric encryption KMS keys.\n You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
\nYou cannot enable or disable automatic rotation of Amazon Web Services managed KMS keys. KMS\n always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS\n keys is managed by the Amazon Web Services service that owns the key.
\nIn May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three\n years (approximately 1,095 days) to every year (approximately 365 days).
\nNew Amazon Web Services managed keys are automatically rotated one year after they are created, and\n approximately every year thereafter.
\nExisting Amazon Web Services managed keys are automatically rotated one year after their most recent\n rotation, and every year thereafter.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:EnableKeyRotation (key policy)
\n\n Related operations:\n
\n\n DisableKeyRotation\n
\n\n GetKeyRotationStatus\n
\n\n ListKeyRotations\n
\n\n RotateKeyOnDemand\n
\nYou can perform on-demand (RotateKeyOnDemand) rotation of the \n key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled.
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To enable automatic rotation of key material", - "documentation": "The following example enables automatic annual rotation of the key material for the specified KMS key.", + "documentation": "The following example enables automatic rotation with a rotation period of 365 days for the specified KMS key.", "input": { - "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", + "RotationPeriodInDays": 365 } } ] @@ -2193,6 +2398,12 @@ "smithy.api#documentation": "Identifies a symmetric encryption KMS key. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
\nSpecify the key ID or key ARN of the KMS key.
\nFor example:
\nKey ID: 1234abcd-12ab-34cd-56ef-1234567890ab\n
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\n
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
", "smithy.api#required": {} } + }, + "RotationPeriodInDays": { + "target": "com.amazonaws.kms#RotationPeriodInDaysType", + "traits": { + "smithy.api#documentation": "Use this parameter to specify a custom period of time between each rotation date. If no\n value is specified, the default value is 365 days.
\nThe rotation period defines the number of days after you enable automatic key rotation\n that KMS will rotate your key material, and the number of days between each automatic\n rotation thereafter.
\nYou can use the \n kms:RotationPeriodInDays\n condition key to further constrain the \n values that principals can specify in the RotationPeriodInDays parameter.
" + } } }, "traits": { @@ -2237,7 +2448,7 @@ } ], "traits": { - "smithy.api#documentation": "
Encrypts plaintext of up to 4,096 bytes using a KMS key. You can use a symmetric or\n asymmetric KMS key with a KeyUsage of ENCRYPT_DECRYPT.
You can use this operation to encrypt small amounts of arbitrary data, such as a personal\n identifier or database password, or other sensitive information. You don't need to use the\n Encrypt operation to encrypt a data key. The GenerateDataKey\n and GenerateDataKeyPair operations return a plaintext data key and an\n encrypted copy of that data key.
If you use a symmetric encryption KMS key, you can use an encryption context to add\n additional security to your encryption operation. If you specify an\n EncryptionContext when encrypting data, you must specify the same encryption\n context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to\n decrypt fails with an InvalidCiphertextException. For more information, see\n Encryption\n Context in the Key Management Service Developer Guide.
If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The\n algorithm must be compatible with the KMS key spec.
\nWhen you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
\nYou are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
\nThe maximum size of the data that you can encrypt varies with the type of KMS key and the\n encryption algorithm that you choose.
\nSymmetric encryption KMS keys
\n\n SYMMETRIC_DEFAULT: 4096 bytes
\n RSA_2048\n
\n RSAES_OAEP_SHA_1: 214 bytes
\n RSAES_OAEP_SHA_256: 190 bytes
\n RSA_3072\n
\n RSAES_OAEP_SHA_1: 342 bytes
\n RSAES_OAEP_SHA_256: 318 bytes
\n RSA_4096\n
\n RSAES_OAEP_SHA_1: 470 bytes
\n RSAES_OAEP_SHA_256: 446 bytes
\n SM2PKE: 1024 bytes (China Regions only)
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:Encrypt (key policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\nEncrypts plaintext of up to 4,096 bytes using a KMS key. You can use a symmetric or\n asymmetric KMS key with a KeyUsage of ENCRYPT_DECRYPT.
You can use this operation to encrypt small amounts of arbitrary data, such as a personal\n identifier or database password, or other sensitive information. You don't need to use the\n Encrypt operation to encrypt a data key. The GenerateDataKey\n and GenerateDataKeyPair operations return a plaintext data key and an\n encrypted copy of that data key.
If you use a symmetric encryption KMS key, you can use an encryption context to add\n additional security to your encryption operation. If you specify an\n EncryptionContext when encrypting data, you must specify the same encryption\n context (a case-sensitive exact match) when decrypting the data. Otherwise, the request to\n decrypt fails with an InvalidCiphertextException. For more information, see\n Encryption\n Context in the Key Management Service Developer Guide.
If you specify an asymmetric KMS key, you must also specify the encryption algorithm. The\n algorithm must be compatible with the KMS key spec.
\nWhen you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
\nYou are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
\nThe maximum size of the data that you can encrypt varies with the type of KMS key and the\n encryption algorithm that you choose.
\nSymmetric encryption KMS keys
\n\n SYMMETRIC_DEFAULT: 4096 bytes
\n RSA_2048\n
\n RSAES_OAEP_SHA_1: 214 bytes
\n RSAES_OAEP_SHA_256: 190 bytes
\n RSA_3072\n
\n RSAES_OAEP_SHA_1: 342 bytes
\n RSAES_OAEP_SHA_256: 318 bytes
\n RSA_4096\n
\n RSAES_OAEP_SHA_1: 470 bytes
\n RSAES_OAEP_SHA_256: 446 bytes
\n SM2PKE: 1024 bytes (China Regions only)
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:Encrypt (key policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To encrypt data with a symmetric encryption KMS key", @@ -2251,6 +2462,20 @@ "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "EncryptionAlgorithm": "SYMMETRIC_DEFAULT" } + }, + { + "title": "To encrypt data with an asymmetric encryption KMS key", + "documentation": "The following example encrypts data with the specified RSA asymmetric KMS key. When you encrypt with an asymmetric key, you must specify the encryption algorithm.", + "input": { + "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", + "Plaintext": "Returns a unique symmetric data key for use outside of KMS. This operation returns a\n plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS\n key that you specify. The bytes in the plaintext key are random; they are not related to the\n caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and\n store the encrypted data key with the encrypted data.
\nTo generate a data key, specify the symmetric encryption KMS key that will be used to\n encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the\n type of your KMS key, use the DescribeKey operation.
\nYou must also specify the length of the data key. Use either the KeySpec or\n NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use\n the KeySpec parameter.
To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec\n value of AES_128 or a NumberOfBytes value of 16. The\n symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption\n key.
To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use\n the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure\n random byte string, use GenerateRandom.
\nYou can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
\n GenerateDataKey also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call GenerateDataKey for an Amazon Web Services Nitro\n enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter\n to provide the attestation document for the enclave. GenerateDataKey returns a\n copy of the data key encrypted under the specified KMS key, as usual. But instead of a\n plaintext copy of the data key, the response includes a copy of the data key encrypted under\n the public key from the attestation document (CiphertextForRecipient).\n For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n How to use your data key\n
\nWe recommend that you use the following pattern to encrypt data locally in your\n application. You can write your own code or use a client-side encryption library, such as the\n Amazon Web Services Encryption SDK, the\n Amazon DynamoDB Encryption Client,\n or Amazon S3\n client-side encryption to do these tasks for you.
\nTo encrypt data outside of KMS:
\nUse the GenerateDataKey operation to get a data key.
Use the plaintext data key (in the Plaintext field of the response) to\n encrypt your data outside of KMS. Then erase the plaintext data key from memory.
Store the encrypted data key (in the CiphertextBlob field of the\n response) with the encrypted data.
To decrypt data outside of KMS:
\nUse the Decrypt operation to decrypt the encrypted data key. The\n operation returns a plaintext copy of the data key.
\nUse the plaintext data key to decrypt data outside of KMS, then erase the plaintext\n data key from memory.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKey (key policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKeyPair\n
\nReturns a unique symmetric data key for use outside of KMS. This operation returns a\n plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS\n key that you specify. The bytes in the plaintext key are random; they are not related to the\n caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and\n store the encrypted data key with the encrypted data.
\nTo generate a data key, specify the symmetric encryption KMS key that will be used to\n encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the\n type of your KMS key, use the DescribeKey operation.
\nYou must also specify the length of the data key. Use either the KeySpec or\n NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use\n the KeySpec parameter.
To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec\n value of AES_128 or a NumberOfBytes value of 16. The\n symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption\n key.
To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key pair, use\n the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext operation. To get a cryptographically secure\n random byte string, use GenerateRandom.
\nYou can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
\n GenerateDataKey also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call GenerateDataKey for an Amazon Web Services Nitro\n enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter\n to provide the attestation document for the enclave. GenerateDataKey returns a\n copy of the data key encrypted under the specified KMS key, as usual. But instead of a\n plaintext copy of the data key, the response includes a copy of the data key encrypted under\n the public key from the attestation document (CiphertextForRecipient).\n For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n How to use your data key\n
\nWe recommend that you use the following pattern to encrypt data locally in your\n application. You can write your own code or use a client-side encryption library, such as the\n Amazon Web Services Encryption SDK, the\n Amazon DynamoDB Encryption Client,\n or Amazon S3\n client-side encryption to do these tasks for you.
\nTo encrypt data outside of KMS:
\nUse the GenerateDataKey operation to get a data key.
Use the plaintext data key (in the Plaintext field of the response) to\n encrypt your data outside of KMS. Then erase the plaintext data key from memory.
Store the encrypted data key (in the CiphertextBlob field of the\n response) with the encrypted data.
To decrypt data outside of KMS:
\nUse the Decrypt operation to decrypt the encrypted data key. The\n operation returns a plaintext copy of the data key.
\nUse the plaintext data key to decrypt data outside of KMS, then erase the plaintext\n data key from memory.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKey (key policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKeyPair\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To generate a data key", @@ -2511,7 +2736,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns a unique asymmetric data key pair for use outside of KMS. This operation returns\n a plaintext public key, a plaintext private key, and a copy of the private key that is\n encrypted under the symmetric encryption KMS key you specify. You can use the data key pair to\n perform asymmetric cryptography and implement digital signatures outside of KMS. The bytes\n in the keys are random; they not related to the caller or to the KMS key that is used to\n encrypt the private key.
\nYou can use the public key that GenerateDataKeyPair returns to encrypt data\n or verify a signature outside of KMS. Then, store the encrypted private key with the data.\n When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt\n the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a\n custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
\nUse the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that\n you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or\n signing, but not both. However, KMS cannot enforce any restrictions on the use of data key\n pairs outside of KMS.
If you are using the data key pair to encrypt data, or for any operation where you don't\n immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation.\n GenerateDataKeyPairWithoutPlaintext returns a plaintext public key and an\n encrypted private key, but omits the plaintext private key that you need only to decrypt\n ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use\n the Decrypt operation to decrypt the encrypted private key in the data key\n pair.
\n GenerateDataKeyPair returns a unique data key pair for each request. The\n bytes in the keys are random; they are not related to the caller or the KMS key that is used\n to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as\n specified in RFC 5280. The private\n key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958.
\n GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call GenerateDataKeyPair for an Amazon Web Services\n Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient\n parameter to provide the attestation document for the enclave.\n GenerateDataKeyPair returns the public data key and a copy of the private data\n key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the\n private data key (PrivateKeyPlaintext), the response includes a copy of the\n private data key encrypted under the public key from the attestation document\n (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..
You can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKeyPair (key policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\nReturns a unique asymmetric data key pair for use outside of KMS. This operation returns\n a plaintext public key, a plaintext private key, and a copy of the private key that is\n encrypted under the symmetric encryption KMS key you specify. You can use the data key pair to\n perform asymmetric cryptography and implement digital signatures outside of KMS. The bytes\n in the keys are random; they are not related to the caller or to the KMS key that is used to\n encrypt the private key.
\nYou can use the public key that GenerateDataKeyPair returns to encrypt data\n or verify a signature outside of KMS. Then, store the encrypted private key with the data.\n When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt\n the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a\n custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
\nUse the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that\n you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or\n signing, but not both. However, KMS cannot enforce any restrictions on the use of data key\n pairs outside of KMS.
If you are using the data key pair to encrypt data, or for any operation where you don't\n immediately need a private key, consider using the GenerateDataKeyPairWithoutPlaintext operation.\n GenerateDataKeyPairWithoutPlaintext returns a plaintext public key and an\n encrypted private key, but omits the plaintext private key that you need only to decrypt\n ciphertext or sign a message. Later, when you need to decrypt the data or sign a message, use\n the Decrypt operation to decrypt the encrypted private key in the data key\n pair.
\n GenerateDataKeyPair returns a unique data key pair for each request. The\n bytes in the keys are random; they are not related to the caller or the KMS key that is used\n to encrypt the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as\n specified in RFC 5280. The private\n key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in RFC 5958.
\n GenerateDataKeyPair also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call GenerateDataKeyPair for an Amazon Web Services\n Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient\n parameter to provide the attestation document for the enclave.\n GenerateDataKeyPair returns the public data key and a copy of the private data\n key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the\n private data key (PrivateKeyPlaintext), the response includes a copy of the\n private data key encrypted under the public key from the attestation document\n (CiphertextForRecipient). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide..
You can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKeyPair (key policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To generate an RSA key pair for encryption and decryption", @@ -2662,7 +2887,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns a unique asymmetric data key pair for use outside of KMS. This operation returns\n a plaintext public key and a copy of the private key that is encrypted under the symmetric\n encryption KMS key you specify. Unlike GenerateDataKeyPair, this operation\n does not return a plaintext private key. The bytes in the keys are random; they are not\n related to the caller or to the KMS key that is used to encrypt the private key.
\nYou can use the public key that GenerateDataKeyPairWithoutPlaintext returns\n to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key\n with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt\n the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a\n custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
\nUse the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that\n you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or\n signing, but not both. However, KMS cannot enforce any restrictions on the use of data key\n pairs outside of KMS.
\n GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each\n request. The bytes in the key are not related to the caller or KMS key that is used to encrypt\n the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in\n RFC 5280.
You can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key\n policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\nReturns a unique asymmetric data key pair for use outside of KMS. This operation returns\n a plaintext public key and a copy of the private key that is encrypted under the symmetric\n encryption KMS key you specify. Unlike GenerateDataKeyPair, this operation\n does not return a plaintext private key. The bytes in the keys are random; they are not\n related to the caller or to the KMS key that is used to encrypt the private key.
\nYou can use the public key that GenerateDataKeyPairWithoutPlaintext returns\n to encrypt data or verify a signature outside of KMS. Then, store the encrypted private key\n with the data. When you are ready to decrypt data or sign a message, you can use the Decrypt operation to decrypt the encrypted private key.
To generate a data key pair, you must specify a symmetric encryption KMS key to encrypt\n the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a\n custom key store. To get the type and origin of your KMS key, use the DescribeKey operation.
\nUse the KeyPairSpec parameter to choose an RSA or Elliptic Curve (ECC) data\n key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that\n you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or\n signing, but not both. However, KMS cannot enforce any restrictions on the use of data key\n pairs outside of KMS.
\n GenerateDataKeyPairWithoutPlaintext returns a unique data key pair for each\n request. The bytes in the key are not related to the caller or KMS key that is used to encrypt\n the private key. The public key is a DER-encoded X.509 SubjectPublicKeyInfo, as specified in\n RFC 5280.
You can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKeyPairWithoutPlaintext (key\n policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To generate an asymmetric data key pair without a plaintext key", @@ -2874,7 +3099,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns a unique symmetric data key for use outside of KMS. This operation returns a\n data key that is encrypted under a symmetric encryption KMS key that you specify. The bytes in\n the key are random; they are not related to the caller or to the KMS key.
\n\n GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation except that it does not return a plaintext copy of the\n data key.
This operation is useful for systems that need to encrypt data at some point, but not\n immediately. When you need to encrypt the data, you call the Decrypt\n operation on the encrypted copy of the key.
\nIt's also useful in distributed systems with different levels of trust. For example, you\n might store encrypted data in containers. One component of your system creates new containers\n and stores an encrypted data key with each container. Then, a different component puts the\n data into the containers. That component first decrypts the data key, uses the plaintext data\n key to encrypt data, puts the encrypted data into the container, and then destroys the\n plaintext data key. In this system, the component that creates the containers never sees the\n plaintext data key.
\nTo request an asymmetric data key pair, use the GenerateDataKeyPair or\n GenerateDataKeyPairWithoutPlaintext operations.
\nTo generate a data key, you must specify the symmetric encryption KMS key that is used to\n encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to\n generate a data key. To get the type of your KMS key, use the DescribeKey\n operation.
\nYou must also specify the length of the data key. Use either the KeySpec or\n NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use\n the KeySpec parameter.
To generate an SM4 data key (China Regions only), specify a KeySpec value of\n AES_128 or NumberOfBytes value of 16. The symmetric\n encryption key used in China Regions to encrypt your data key is an SM4 encryption key.
If the operation succeeds, you will find the encrypted copy of the data key in the\n CiphertextBlob field.
You can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKeyWithoutPlaintext (key\n policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\nReturns a unique symmetric data key for use outside of KMS. This operation returns a\n data key that is encrypted under a symmetric encryption KMS key that you specify. The bytes in\n the key are random; they are not related to the caller or to the KMS key.
\n\n GenerateDataKeyWithoutPlaintext is identical to the GenerateDataKey operation except that it does not return a plaintext copy of the\n data key.
This operation is useful for systems that need to encrypt data at some point, but not\n immediately. When you need to encrypt the data, you call the Decrypt\n operation on the encrypted copy of the key.
\nIt's also useful in distributed systems with different levels of trust. For example, you\n might store encrypted data in containers. One component of your system creates new containers\n and stores an encrypted data key with each container. Then, a different component puts the\n data into the containers. That component first decrypts the data key, uses the plaintext data\n key to encrypt data, puts the encrypted data into the container, and then destroys the\n plaintext data key. In this system, the component that creates the containers never sees the\n plaintext data key.
\nTo request an asymmetric data key pair, use the GenerateDataKeyPair or\n GenerateDataKeyPairWithoutPlaintext operations.
\nTo generate a data key, you must specify the symmetric encryption KMS key that is used to\n encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to\n generate a data key. To get the type of your KMS key, use the DescribeKey\n operation.
\nYou must also specify the length of the data key. Use either the KeySpec or\n NumberOfBytes parameters (but not both). For 128-bit and 256-bit data keys, use\n the KeySpec parameter.
To generate an SM4 data key (China Regions only), specify a KeySpec value of\n AES_128 or NumberOfBytes value of 16. The symmetric\n encryption key used in China Regions to encrypt your data key is an SM4 encryption key.
If the operation succeeds, you will find the encrypted copy of the data key in the\n CiphertextBlob field.
You can use an optional encryption context to add additional security to the encryption\n operation. If you specify an EncryptionContext, you must specify the same\n encryption context (a case-sensitive exact match) when decrypting the encrypted data key.\n Otherwise, the request to decrypt fails with an InvalidCiphertextException. For more information, see Encryption Context in the\n Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateDataKeyWithoutPlaintext (key\n policy)
\n\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To generate an encrypted data key", @@ -2991,7 +3216,7 @@ } ], "traits": { - "smithy.api#documentation": "Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS\n key and a MAC algorithm that the key supports. HMAC KMS keys and the HMAC algorithms that\n KMS uses conform to industry standards defined in RFC 2104.
\nYou can use value that GenerateMac returns in the VerifyMac operation to\n demonstrate that the original message has not changed. Also, because a secret key is used to\n create the hash, you can verify that the party that generated the hash has the required secret\n key. You can also use the raw result to implement HMAC-based algorithms such as key derivation\n functions. This operation is part of KMS support for HMAC KMS keys. For\n details, see HMAC keys in\n KMS in the \n Key Management Service Developer Guide\n .
\nBest practices recommend that you limit the time during which any signing mechanism,\n including an HMAC, is effective. This deters an attack where the actor uses a signed message\n to establish validity repeatedly or long after the message is superseded. HMAC tags do not\n include a timestamp, but you can include a timestamp in the token or message to help you\n detect when its time to refresh the HMAC.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateMac (key policy)
\n\n Related operations: VerifyMac\n
", + "smithy.api#documentation": "Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS\n key and a MAC algorithm that the key supports. HMAC KMS keys and the HMAC algorithms that\n KMS uses conform to industry standards defined in RFC 2104.
\nYou can use value that GenerateMac returns in the VerifyMac operation to\n demonstrate that the original message has not changed. Also, because a secret key is used to\n create the hash, you can verify that the party that generated the hash has the required secret\n key. You can also use the raw result to implement HMAC-based algorithms such as key derivation\n functions. This operation is part of KMS support for HMAC KMS keys. For\n details, see HMAC keys in\n KMS in the \n Key Management Service Developer Guide\n .
\nBest practices recommend that you limit the time during which any signing mechanism,\n including an HMAC, is effective. This deters an attack where the actor uses a signed message\n to establish validity repeatedly or long after the message is superseded. HMAC tags do not\n include a timestamp, but you can include a timestamp in the token or message to help you\n detect when its time to refresh the HMAC.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GenerateMac (key policy)
\n\n Related operations: VerifyMac\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To generate an HMAC for a message", @@ -3103,7 +3328,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns a random byte string that is cryptographically secure.
\nYou must use the NumberOfBytes parameter to specify the length of the random\n byte string. There is no default value for string length.
By default, the random byte string is generated in KMS. To generate the byte string in\n the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId\n parameter.
\n GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro\n enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter\n to provide the attestation document for the enclave. Instead of plaintext bytes, the response\n includes the plaintext bytes encrypted under the public key from the attestation document\n (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
For more information about entropy and random number generation, see\n Key Management Service Cryptographic Details.
\n\n Cross-account use: Not applicable.\n GenerateRandom does not use any account-specific resources, such as KMS\n keys.
\n Required permissions: kms:GenerateRandom (IAM policy)
", + "smithy.api#documentation": "Returns a random byte string that is cryptographically secure.
\nYou must use the NumberOfBytes parameter to specify the length of the random\n byte string. There is no default value for string length.
By default, the random byte string is generated in KMS. To generate the byte string in\n the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId\n parameter.
\n GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an\n isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro\n enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter\n to provide the attestation document for the enclave. Instead of plaintext bytes, the response\n includes the plaintext bytes encrypted under the public key from the attestation document\n (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
For more information about entropy and random number generation, see\n Key Management Service Cryptographic Details.
\n\n Cross-account use: Not applicable.\n GenerateRandom does not use any account-specific resources, such as KMS\n keys.
\n Required permissions: kms:GenerateRandom (IAM policy)
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To generate random data", @@ -3190,7 +3415,7 @@ } ], "traits": { - "smithy.api#documentation": "Gets a key policy attached to the specified KMS key.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:GetKeyPolicy (key policy)
\n\n Related operations: PutKeyPolicy\n
", + "smithy.api#documentation": "Gets a key policy attached to the specified KMS key.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:GetKeyPolicy (key policy)
\n\n Related operations: PutKeyPolicy\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To retrieve a key policy", @@ -3219,8 +3444,7 @@ "PolicyName": { "target": "com.amazonaws.kms#PolicyNameType", "traits": { - "smithy.api#documentation": "Specifies the name of the key policy. The only valid name is default. To get\n the names of key policies, use ListKeyPolicies.
Specifies the name of the key policy. If no policy name is specified, the default value is default. The only valid name is default. To get\n the names of key policies, use ListKeyPolicies.
A key policy document in JSON format.
" } + }, + "PolicyName": { + "target": "com.amazonaws.kms#PolicyNameType", + "traits": { + "smithy.api#documentation": "The name of the key policy. The only valid value is default.
Gets a Boolean value that indicates whether automatic rotation of the key material is\n enabled for the specified KMS key.
\nWhen you enable automatic rotation for customer managed KMS keys, KMS\n rotates the key material of the KMS key one year (approximately 365 days) from the enable date\n and every year thereafter. You can monitor rotation of the key material for your KMS keys in\n CloudTrail and Amazon CloudWatch.
\nAutomatic key rotation is supported only on symmetric encryption KMS keys.\n You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key..
\nYou can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key\n material rotation of Amazon Web Services managed KMS keys is not\n configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The\n key rotation status for Amazon Web Services managed KMS keys is always true.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three\n years to every year. For details, see EnableKeyRotation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\nDisabled: The key rotation status does not change when you disable a KMS key. However,\n while the KMS key is disabled, KMS does not rotate the key material. When you re-enable\n the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been\n rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been\n less than a year since the key material in the re-enabled KMS key was rotated, the KMS key\n resumes its prior rotation schedule.
\nPending deletion: While a KMS key is pending deletion, its key rotation status is\n false and KMS does not rotate the key material. If you cancel the\n deletion, the original key rotation status returns to true.
\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:GetKeyRotationStatus (key policy)
\n\n Related operations:\n
\n\n DisableKeyRotation\n
\n\n EnableKeyRotation\n
\nProvides detailed information about the rotation status for a KMS key, including \n whether automatic rotation of the key material is enabled for the specified KMS key, the\n rotation period, and the next scheduled\n rotation date.
\nAutomatic key rotation is supported only on symmetric encryption KMS keys.\n You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key..
\nYou can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key\n material rotation of Amazon Web Services managed KMS keys is not\n configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The\n key rotation status for Amazon Web Services managed KMS keys is always true.
You can perform on-demand (RotateKeyOnDemand) rotation of the \n key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. \n You can use GetKeyRotationStatus to identify the date and time that an in progress on-demand rotation\n was initiated. You can use ListKeyRotations to view the details of completed rotations.
\nIn May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three\n years to every year. For details, see EnableKeyRotation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\nDisabled: The key rotation status does not change when you disable a KMS key. However,\n while the KMS key is disabled, KMS does not rotate the key material. When you re-enable\n the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been\n rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been\n less than a year since the key material in the re-enabled KMS key was rotated, the KMS key\n resumes its prior rotation schedule.
\nPending deletion: While a KMS key is pending deletion, its key rotation status is\n false and KMS does not rotate the key material. If you cancel the\n deletion, the original key rotation status returns to true.
\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:GetKeyRotationStatus (key policy)
\n\n Related operations:\n
\n\n DisableKeyRotation\n
\n\n EnableKeyRotation\n
\n\n ListKeyRotations\n
\n\n RotateKeyOnDemand\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
" } }, "com.amazonaws.kms#GetKeyRotationStatusRequest": { @@ -3310,6 +3528,30 @@ "smithy.api#default": false, "smithy.api#documentation": "A Boolean value that specifies whether key rotation is enabled.
" } + }, + "KeyId": { + "target": "com.amazonaws.kms#KeyIdType", + "traits": { + "smithy.api#documentation": "Identifies the specified symmetric encryption KMS key.
" + } + }, + "RotationPeriodInDays": { + "target": "com.amazonaws.kms#RotationPeriodInDaysType", + "traits": { + "smithy.api#documentation": "The number of days between each automatic rotation. The default value is 365 days.
" + } + }, + "NextRotationDate": { + "target": "com.amazonaws.kms#DateType", + "traits": { + "smithy.api#documentation": "The next date that KMS will automatically rotate the key material.
" + } + }, + "OnDemandRotationStartDate": { + "target": "com.amazonaws.kms#DateType", + "traits": { + "smithy.api#documentation": "Identifies the date and time that an in progress on-demand rotation was initiated.
\nThe KMS API follows an eventual consistency model\n due to the distributed nature of the system. As a result, there might be a slight delay\n between initiating on-demand key rotation and the rotation's completion. Once the on-demand\n rotation is complete, use ListKeyRotations to view the details of the\n on-demand rotation.
" + } } }, "traits": { @@ -3345,7 +3587,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns the public key and an import token you need to import or reimport key material for\n a KMS key.
\nBy default, KMS keys are created with key material that KMS generates. This operation\n supports Importing key\n material, an advanced feature that lets you generate and import the cryptographic\n key material for a KMS key. For more information about importing key material into KMS, see\n Importing key\n material in the Key Management Service Developer Guide.
\nBefore calling GetParametersForImport, use the CreateKey\n operation with an Origin value of EXTERNAL to create a KMS key with\n no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key,\n asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material\n into a multi-Region key of\n any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use\n GetParametersForImport to get a public key and import token to reimport the original key\n material into a KMS key whose key material expired or was deleted.
\n GetParametersForImport returns the items that you need to import your key\n material.
The public key (or \"wrapping key\") of an RSA key pair that KMS generates.
\nYou will use this public key to encrypt (\"wrap\") your key material while it's in\n transit to KMS.
\nA import token that ensures that KMS can decrypt your key material and associate it\n with the correct KMS key.
\nThe public key and its import token are permanently linked and must be used together. Each\n public key and import token set is valid for 24 hours. The expiration date and time appear in\n the ParametersValidTo field in the GetParametersForImport response.\n You cannot use an expired public key or import token in an ImportKeyMaterial\n request. If your key and token expire, send another GetParametersForImport\n request.
\n GetParametersForImport requires the following information:
The key ID of the KMS key for which you are importing the key material.
\nThe key spec of the public key (\"wrapping key\") that you will use to encrypt your key\n material during import.
\nThe wrapping algorithm that you will use with the public key to encrypt your key\n material.
\nYou can use the same or a different public key spec and wrapping algorithm each time you\n import or reimport the same key material.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:GetParametersForImport (key policy)
\n\n Related operations:\n
\n\n ImportKeyMaterial\n
\nReturns the public key and an import token you need to import or reimport key material for\n a KMS key.
\nBy default, KMS keys are created with key material that KMS generates. This operation\n supports Importing key\n material, an advanced feature that lets you generate and import the cryptographic\n key material for a KMS key. For more information about importing key material into KMS, see\n Importing key\n material in the Key Management Service Developer Guide.
\nBefore calling GetParametersForImport, use the CreateKey\n operation with an Origin value of EXTERNAL to create a KMS key with\n no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key,\n asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material\n into a multi-Region key of any supported type. However, you can't import key material into\n a KMS key in a custom key store. You can also use GetParametersForImport to get a\n public key and import token to reimport the original key\n material into a KMS key whose key material expired or was deleted.
\n GetParametersForImport returns the items that you need to import your key\n material.
The public key (or \"wrapping key\") of an asymmetric key pair that KMS generates.
\nYou will use this public key to encrypt (\"wrap\") your key material while it's in\n transit to KMS.
\nA import token that ensures that KMS can decrypt your key material and associate it\n with the correct KMS key.
\nThe public key and its import token are permanently linked and must be used together. Each\n public key and import token set is valid for 24 hours. The expiration date and time appear in\n the ParametersValidTo field in the GetParametersForImport response.\n You cannot use an expired public key or import token in an ImportKeyMaterial\n request. If your key and token expire, send another GetParametersForImport\n request.
\n GetParametersForImport requires the following information:
The key ID of the KMS key for which you are importing the key material.
\nThe key spec of the public key (\"wrapping key\") that you will use to encrypt your key\n material during import.
\nThe wrapping algorithm that you will use with the public key to encrypt your key\n material.
\nYou can use the same or a different public key spec and wrapping algorithm each time you\n import or reimport the same key material.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:GetParametersForImport (key policy)
\n\n Related operations:\n
\n\n ImportKeyMaterial\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
" } }, "com.amazonaws.kms#GetParametersForImportRequest": { @@ -3361,14 +3603,14 @@ "WrappingAlgorithm": { "target": "com.amazonaws.kms#AlgorithmSpec", "traits": { - "smithy.api#documentation": "The algorithm you will use with the RSA public key (PublicKey) in the\n response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.
For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you\n generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping\n algorithms, you encrypt your key material directly with the RSA public key from KMS.
\nThe wrapping algorithms that you can use depend on the type of key material that you are\n importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.
\n\n RSA_AES_KEY_WRAP_SHA_256 — Supported for\n wrapping RSA and ECC key material.
\n\n RSA_AES_KEY_WRAP_SHA_1 — Supported for\n wrapping RSA and ECC key material.
\n\n RSAES_OAEP_SHA_256 — Supported for all types\n of key material, except RSA key material (private key).
\nYou cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping\n key spec to wrap ECC_NIST_P521 key material.
\n\n RSAES_OAEP_SHA_1 — Supported for all types of\n key material, except RSA key material (private key).
\nYou cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key\n spec to wrap ECC_NIST_P521 key material.
\n\n RSAES_PKCS1_V1_5 (Deprecated) — Supported only\n for symmetric encryption key material (and only in legacy mode).
\nThe algorithm you will use with the asymmetric public key (PublicKey) in the\n response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.
For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you\n generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping\n algorithms, you encrypt your key material directly with the RSA public key from KMS. \n For SM2PKE wrapping algorithms, you encrypt your key material directly with the SM2 public key \n from KMS.
\nThe wrapping algorithms that you can use depend on the type of key material that you are\n importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm, except \n in China Regions, where you must use the SM2PKE wrapping algorithm to import an RSA private key.
\nThe SM2PKE wrapping algorithm is available only in China Regions. The \n RSA_AES_KEY_WRAP_SHA_256 and RSA_AES_KEY_WRAP_SHA_1 \n wrapping algorithms are not supported in China Regions.
\n RSA_AES_KEY_WRAP_SHA_256 — Supported for\n wrapping RSA and ECC key material.
\n\n RSA_AES_KEY_WRAP_SHA_1 — Supported for\n wrapping RSA and ECC key material.
\n\n RSAES_OAEP_SHA_256 — Supported for all types\n of key material, except RSA key material (private key).
\nYou cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping\n key spec to wrap ECC_NIST_P521 key material.
\n\n RSAES_OAEP_SHA_1 — Supported for all types of\n key material, except RSA key material (private key).
\nYou cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key\n spec to wrap ECC_NIST_P521 key material.
\n\n RSAES_PKCS1_V1_5 (Deprecated) — As of October\n 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.
\n\n SM2PKE (China Regions only) — supported for \n wrapping RSA, ECC, and SM2 key material.
\nThe type of RSA public key to return in the response. You will use this wrapping key with\n the specified wrapping algorithm to protect your key material during import.
\nUse the longest RSA wrapping key that is practical.
\nYou cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key.\n Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
", + "smithy.api#documentation": "The type of public key to return in the response. You will use this wrapping key with\n the specified wrapping algorithm to protect your key material during import.
\nUse the longest wrapping key that is practical.
\nYou cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key.\n Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
\nThe SM2 wrapping key spec is available only in China Regions.
", "smithy.api#required": {} } } @@ -3450,7 +3692,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric\n KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey\n permission can download the public key of an asymmetric KMS key. You can share the public key\n to allow others to encrypt messages and verify signatures outside of KMS.\n For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within\n KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the\n public key within KMS, you benefit from the authentication, authorization, and logging that\n are part of every KMS operation. You also reduce of risk of encrypting data that cannot be\n decrypted. These features are not effective outside of KMS.
\nTo help you use the public key safely outside of KMS, GetPublicKey returns\n important information about the public key in the response, including:
\n KeySpec: The type of key material in the public key, such as\n RSA_4096 or ECC_NIST_P521.
\n KeyUsage: Whether the key is used for encryption or signing.
\n\n EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing\n algorithms for the key.
\nAlthough KMS cannot enforce these restrictions on external operations, it is crucial\n that you use this information to prevent the public key from being used improperly. For\n example, you can prevent a public signing key from being used encrypt data, or prevent a\n public key from being used with an encryption algorithm that is not supported by KMS. You\n can also avoid errors, such as using the wrong signing algorithm in a verification\n operation.
\nTo verify a signature outside of KMS with an SM2 public key (China Regions only), you\n must specify the distinguishing ID. By default, KMS uses 1234567812345678 as\n the distinguishing ID. For more information, see Offline\n verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GetPublicKey (key policy)
\n\n Related operations: CreateKey\n
", + "smithy.api#documentation": "Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric\n KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey\n permission can download the public key of an asymmetric KMS key. You can share the public key\n to allow others to encrypt messages and verify signatures outside of KMS.\n For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within\n KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the\n public key within KMS, you benefit from the authentication, authorization, and logging that\n are part of every KMS operation. You also reduce of risk of encrypting data that cannot be\n decrypted. These features are not effective outside of KMS.
\nTo help you use the public key safely outside of KMS, GetPublicKey returns\n important information about the public key in the response, including:
\n KeySpec: The type of key material in the public key, such as\n RSA_4096 or ECC_NIST_P521.
\n KeyUsage: Whether the key is used for encryption or signing.
\n\n EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing\n algorithms for the key.
\nAlthough KMS cannot enforce these restrictions on external operations, it is crucial\n that you use this information to prevent the public key from being used improperly. For\n example, you can prevent a public signing key from being used encrypt data, or prevent a\n public key from being used with an encryption algorithm that is not supported by KMS. You\n can also avoid errors, such as using the wrong signing algorithm in a verification\n operation.
\nTo verify a signature outside of KMS with an SM2 public key (China Regions only), you\n must specify the distinguishing ID. By default, KMS uses 1234567812345678 as\n the distinguishing ID. For more information, see Offline\n verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:GetPublicKey (key policy)
\n\n Related operations: CreateKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To download the public key of an asymmetric KMS key", @@ -3822,7 +4064,7 @@ } ], "traits": { - "smithy.api#documentation": "Imports or reimports key material into an existing KMS key that was created without key\n material. ImportKeyMaterial also sets the expiration model and expiration date of\n the imported key material.
By default, KMS keys are created with key material that KMS generates. This operation\n supports Importing key\n material, an advanced feature that lets you generate and import the cryptographic\n key material for a KMS key. For more information about importing key material into KMS, see\n Importing key\n material in the Key Management Service Developer Guide.
\nAfter you successfully import key material into a KMS key, you can reimport\n the same key material into that KMS key, but you cannot import different key\n material. You might reimport key material to replace key material that expired or key material\n that you deleted. You might also reimport key material to change the expiration model or\n expiration date of the key material. Before reimporting key material, if necessary, call DeleteImportedKeyMaterial to delete the current imported key material.
\nEach time you import key material into KMS, you can determine whether\n (ExpirationModel) and when (ValidTo) the key material expires. To\n change the expiration of your key material, you must import it again, either by calling\n ImportKeyMaterial or using the import features of the KMS console.
Before calling ImportKeyMaterial:
Create or identify a KMS key with no key material. The KMS key must have an\n Origin value of EXTERNAL, which indicates that the KMS key is\n designed for imported key material.
To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a\n symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric\n signing KMS key. You can also import key material into a multi-Region key of any\n supported type. However, you can't import key material into a KMS key in a custom key store.
Use the DescribeKey operation to verify that the\n KeyState of the KMS key is PendingImport, which indicates that\n the KMS key has no key material.
If you are reimporting the same key material into an existing KMS key, you might need\n to call the DeleteImportedKeyMaterial to delete its existing key\n material.
\nCall the GetParametersForImport operation to get a public key and\n import token set for importing key material.
\nUse the public key in the GetParametersForImport response to encrypt\n your key material.
\n Then, in an ImportKeyMaterial request, you submit your encrypted key\n material and import token. When calling this operation, you must specify the following\n values:
The key ID or key ARN of the KMS key to associate with the imported key material. Its\n Origin must be EXTERNAL and its KeyState must be\n PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS\n key in a different Amazon Web Services account. To get the Origin and KeyState\n of a KMS key, call DescribeKey.
The encrypted key material.
\nThe import token that GetParametersForImport returned. You must use\n a public key and token from the same GetParametersForImport response.
Whether the key material expires (ExpirationModel) and, if so, when\n (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.
If you set an expiration date, KMS deletes the key material from the KMS key on the\n specified date, making the KMS key unusable. To use the KMS key in cryptographic\n operations again, you must reimport the same key material. However, you can delete and\n reimport the key material at any time, including before the key material expires. Each\n time you reimport, you can eliminate or reset the expiration time.
\nWhen this operation is successful, the key state of the KMS key changes from\n PendingImport to Enabled, and you can use the KMS key in\n cryptographic operations.
If this operation fails, use the exception to help determine the problem. If the error is\n related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key\n and repeat the import procedure. For help, see How To Import Key\n Material in the Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ImportKeyMaterial (key policy)
\n\n Related operations:\n
\nImports or reimports key material into an existing KMS key that was created without key\n material. ImportKeyMaterial also sets the expiration model and expiration date of\n the imported key material.
By default, KMS keys are created with key material that KMS generates. This operation\n supports Importing key\n material, an advanced feature that lets you generate and import the cryptographic\n key material for a KMS key. For more information about importing key material into KMS, see\n Importing key\n material in the Key Management Service Developer Guide.
\nAfter you successfully import key material into a KMS key, you can reimport\n the same key material into that KMS key, but you cannot import different key\n material. You might reimport key material to replace key material that expired or key material\n that you deleted. You might also reimport key material to change the expiration model or\n expiration date of the key material.
\nEach time you import key material into KMS, you can determine whether\n (ExpirationModel) and when (ValidTo) the key material expires. To\n change the expiration of your key material, you must import it again, either by calling\n ImportKeyMaterial or using the import features of the KMS console.
Before calling ImportKeyMaterial:
Create or identify a KMS key with no key material. The KMS key must have an\n Origin value of EXTERNAL, which indicates that the KMS key is\n designed for imported key material.
To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a\n symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric\n signing KMS key. You can also import key material into a multi-Region key of any\n supported type. However, you can't import key material into a KMS key in a custom key store.
Use the DescribeKey operation to verify that the\n KeyState of the KMS key is PendingImport, which indicates that\n the KMS key has no key material.
If you are reimporting the same key material into an existing KMS key, you might need\n to call the DeleteImportedKeyMaterial to delete its existing key\n material.
\nCall the GetParametersForImport operation to get a public key and\n import token set for importing key material.
\nUse the public key in the GetParametersForImport response to encrypt\n your key material.
\n Then, in an ImportKeyMaterial request, you submit your encrypted key\n material and import token. When calling this operation, you must specify the following\n values:
The key ID or key ARN of the KMS key to associate with the imported key material. Its\n Origin must be EXTERNAL and its KeyState must be\n PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS\n key in a different Amazon Web Services account. To get the Origin and KeyState\n of a KMS key, call DescribeKey.
The encrypted key material.
\nThe import token that GetParametersForImport returned. You must use\n a public key and token from the same GetParametersForImport response.
Whether the key material expires (ExpirationModel) and, if so, when\n (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.
If you set an expiration date, KMS deletes the key material from the KMS key on the\n specified date, making the KMS key unusable. To use the KMS key in cryptographic\n operations again, you must reimport the same key material. However, you can delete and\n reimport the key material at any time, including before the key material expires. Each\n time you reimport, you can eliminate or reset the expiration time.
\nWhen this operation is successful, the key state of the KMS key changes from\n PendingImport to Enabled, and you can use the KMS key in\n cryptographic operations.
If this operation fails, use the exception to help determine the problem. If the error is\n related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key\n and repeat the import procedure. For help, see How To Import Key\n Material in the Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ImportKeyMaterial (key policy)
\n\n Related operations:\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To import key material into a KMS key", @@ -4598,7 +4840,7 @@ } ], "traits": { - "smithy.api#documentation": "Gets a list of aliases in the caller's Amazon Web Services account and region. For more information\n about aliases, see CreateAlias.
\nBy default, the ListAliases operation returns all aliases in the account and\n region. To get only the aliases associated with a particular KMS key, use the\n KeyId parameter.
The ListAliases response can include aliases that you created and associated\n with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services\n managed keys in your account. You can recognize Amazon Web Services aliases because their names have the\n format aws/, such as aws/dynamodb.
The response might also include aliases that have no TargetKeyId field. These\n are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.\n Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against\n your KMS aliases\n quota.
\n Cross-account use: No. ListAliases does not\n return aliases in other Amazon Web Services accounts.
\n Required permissions: kms:ListAliases (IAM policy)
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateAlias\n
\n\n DeleteAlias\n
\n\n UpdateAlias\n
\nGets a list of aliases in the caller's Amazon Web Services account and region. For more information\n about aliases, see CreateAlias.
\nBy default, the ListAliases operation returns all aliases in the account and\n region. To get only the aliases associated with a particular KMS key, use the\n KeyId parameter.
The ListAliases response can include aliases that you created and associated\n with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services\n managed keys in your account. You can recognize Amazon Web Services aliases because their names have the\n format aws/, such as aws/dynamodb.
The response might also include aliases that have no TargetKeyId field. These\n are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.\n Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against\n your KMS aliases\n quota.
\n Cross-account use: No. ListAliases does not\n return aliases in other Amazon Web Services accounts.
\n Required permissions: kms:ListAliases (IAM policy)
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateAlias\n
\n\n DeleteAlias\n
\n\n UpdateAlias\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To list aliases", @@ -4703,7 +4945,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in thisresponse to the Marker parameter in a\n subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Gets a list of all grants for the specified KMS key.
\nYou must specify the KMS key in all requests. You can filter the grant list by grant ID or\n grantee principal.
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\nThe GranteePrincipal field in the ListGrants response usually contains the\n user or role designated as the grantee principal in the grant. However, when the grantee\n principal in the grant is an Amazon Web Services service, the GranteePrincipal field contains\n the service\n principal, which might represent several different grantee principals.
\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:ListGrants (key policy)
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListRetirableGrants\n
\n\n RetireGrant\n
\n\n RevokeGrant\n
\nGets a list of all grants for the specified KMS key.
\nYou must specify the KMS key in all requests. You can filter the grant list by grant ID or\n grantee principal.
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\nThe GranteePrincipal field in the ListGrants response usually contains the\n user or role designated as the grantee principal in the grant. However, when the grantee\n principal in the grant is an Amazon Web Services service, the GranteePrincipal field contains\n the service\n principal, which might represent several different grantee principals.
\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:ListGrants (key policy)
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListRetirableGrants\n
\n\n RetireGrant\n
\n\n RevokeGrant\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#paginated": { "inputToken": "Marker", "outputToken": "NextMarker", @@ -4810,7 +5052,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in thisresponse to the Marker parameter in a\n subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Gets the names of the key policies that are attached to a KMS key. This operation is\n designed to get policy names that you can use in a GetKeyPolicy operation.\n However, the only valid policy name is default.
\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListKeyPolicies (key policy)
\n\n Related operations:\n
\n\n GetKeyPolicy\n
\n\n PutKeyPolicy\n
\nGets the names of the key policies that are attached to a KMS key. This operation is\n designed to get policy names that you can use in a GetKeyPolicy operation.\n However, the only valid policy name is default.
\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListKeyPolicies (key policy)
\n\n Related operations:\n
\n\n GetKeyPolicy\n
\n\n PutKeyPolicy\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To list key policies for a KMS key", @@ -4911,7 +5153,99 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in thisresponse to the Marker parameter in a\n subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Returns information about all completed key material rotations for the specified KMS\n key.
\nYou must specify the KMS key in all requests. You can refine the key rotations list by\n limiting the number of rotations returned.
\nFor detailed information about automatic and on-demand key rotations, see Rotating KMS keys in the\n Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListKeyRotations (key policy)
\n\n Related operations:\n
\n\n EnableKeyRotation\n
\n\n DisableKeyRotation\n
\n\n GetKeyRotationStatus\n
\n\n RotateKeyOnDemand\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", + "smithy.api#paginated": { + "inputToken": "Marker", + "outputToken": "NextMarker", + "items": "Rotations", + "pageSize": "Limit" + } + } + }, + "com.amazonaws.kms#ListKeyRotationsRequest": { + "type": "structure", + "members": { + "KeyId": { + "target": "com.amazonaws.kms#KeyIdType", + "traits": { + "smithy.api#documentation": "Gets the key rotations for the specified KMS key.
\nSpecify the key ID or key ARN of the KMS key.
\nFor example:
\nKey ID: 1234abcd-12ab-34cd-56ef-1234567890ab\n
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\n
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
", + "smithy.api#required": {} + } + }, + "Limit": { + "target": "com.amazonaws.kms#LimitType", + "traits": { + "smithy.api#documentation": "Use this parameter to specify the maximum number of items to return. When this\n value is present, KMS does not return more than the specified number of items, but it might\n return fewer.
\nThis value is optional. If you include a value, it must be between\n 1 and 1000, inclusive. If you do not include a value, it defaults to 100.
" + } + }, + "Marker": { + "target": "com.amazonaws.kms#MarkerType", + "traits": { + "smithy.api#documentation": "Use this parameter in a subsequent request after you receive a response with\n truncated results. Set it to the value of NextMarker from the truncated response\n you just received.
A list of completed key material rotations.
" + } + }, + "NextMarker": { + "target": "com.amazonaws.kms#MarkerType", + "traits": { + "smithy.api#documentation": "When Truncated is true, this element is present and contains the\n value to use for the Marker parameter in a subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListKeys (IAM policy)
\n\n Related operations:\n
\n\n CreateKey\n
\n\n DescribeKey\n
\n\n ListAliases\n
\n\n ListResourceTags\n
\nGets a list of all KMS keys in the caller's Amazon Web Services account and Region.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListKeys (IAM policy)
\n\n Related operations:\n
\n\n CreateKey\n
\n\n DescribeKey\n
\n\n ListAliases\n
\n\n ListResourceTags\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To list KMS keys", @@ -5026,7 +5360,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in thisresponse to the Marker parameter in a\n subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Returns all tags on the specified KMS key.
\nFor general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in\n the Amazon Web Services General Reference. For information about using\n tags in KMS, see Tagging\n keys.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListResourceTags (key policy)
\n\n Related operations:\n
\n\n CreateKey\n
\n\n ReplicateKey\n
\n\n TagResource\n
\n\n UntagResource\n
\nReturns all tags on the specified KMS key.
\nFor general information about tags, including the format and syntax, see Tagging Amazon Web Services resources in\n the Amazon Web Services General Reference. For information about using\n tags in KMS, see Tagging\n keys.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ListResourceTags (key policy)
\n\n Related operations:\n
\n\n CreateKey\n
\n\n ReplicateKey\n
\n\n TagResource\n
\n\n UntagResource\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To list tags for a KMS key", @@ -5138,7 +5472,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in thisresponse to the Marker parameter in a\n subsequent request.
A flag that indicates whether there are more items in the list. When this\n value is true, the list in this response is truncated. To get more items, pass the value of\n the NextMarker element in this response to the Marker parameter in a\n subsequent request.
Returns information about all grants in the Amazon Web Services account and Region that have the\n specified retiring principal.
\nYou can specify any principal in your Amazon Web Services account. The grants that are returned include\n grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this\n operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\n\n Cross-account use: You must specify a principal in your\n Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need\n kms:ListRetirableGrants permission (or any other additional permission) in any\n Amazon Web Services account other than your own.
\n Required permissions: kms:ListRetirableGrants (IAM policy) in your\n Amazon Web Services account.
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListGrants\n
\n\n RetireGrant\n
\n\n RevokeGrant\n
\nReturns information about all grants in the Amazon Web Services account and Region that have the\n specified retiring principal.
\nYou can specify any principal in your Amazon Web Services account. The grants that are returned include\n grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this\n operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\n\n Cross-account use: You must specify a principal in your\n Amazon Web Services account. This operation returns a list of grants where the retiring principal specified\n in the ListRetirableGrants request is the same retiring principal on the grant.\n This can include grants on KMS keys owned by other Amazon Web Services accounts, but you do not need\n kms:ListRetirableGrants permission (or any other additional permission) in any\n Amazon Web Services account other than your own.
\n Required permissions: kms:ListRetirableGrants (IAM policy) in your\n Amazon Web Services account.
\nKMS authorizes ListRetirableGrants requests by evaluating the caller\n account's kms:ListRetirableGrants permissions. The authorized resource in\n ListRetirableGrants calls is the retiring principal specified in the request.\n KMS does not evaluate the caller's permissions to verify their access to any KMS keys or\n grants that might be returned by the ListRetirableGrants call.
\n Related operations:\n
\n\n CreateGrant\n
\n\n ListGrants\n
\n\n RetireGrant\n
\n\n RevokeGrant\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#paginated": { "inputToken": "Marker", "outputToken": "NextMarker", @@ -5513,7 +5847,7 @@ } ], "traits": { - "smithy.api#documentation": "Attaches a key policy to the specified KMS key.
\nFor more information about key policies, see Key Policies in the Key Management Service Developer Guide.\n For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the \n Identity and Access Management User Guide\n . For examples of adding a key policy in multiple programming languages,\n see Setting a key policy in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:PutKeyPolicy (key policy)
\n\n Related operations: GetKeyPolicy\n
", + "smithy.api#documentation": "Attaches a key policy to the specified KMS key.
\nFor more information about key policies, see Key Policies in the Key Management Service Developer Guide.\n For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the \n Identity and Access Management User Guide\n . For examples of adding a key policy in multiple programming languages,\n see Setting a key policy in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:PutKeyPolicy (key policy)
\n\n Related operations: GetKeyPolicy\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To attach a key policy to a KMS key", @@ -5540,8 +5874,7 @@ "PolicyName": { "target": "com.amazonaws.kms#PolicyNameType", "traits": { - "smithy.api#documentation": "The name of the key policy. The only valid value is default.
The name of the key policy. If no policy name is specified, the default value is default. The only valid value is default.
Skips (\"bypasses\") the key policy lockout safety check. The default value is false.
\nSetting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately.
\nFor more information, see Default key policy in the Key Management Service Developer Guide.
\nUse this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent PutKeyPolicy request on the KMS key.
" + "smithy.api#documentation": "Skips (\"bypasses\") the key policy lockout safety check. The default value is false.
\nSetting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately.
\nFor more information, see Default key policy in the Key Management Service Developer Guide.
\nUse this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent PutKeyPolicy\n request on the KMS key.
" } } }, @@ -5607,7 +5940,7 @@ } ], "traits": { - "smithy.api#documentation": "Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this\n operation to change the KMS key under which data is encrypted, such as when you manually\n rotate a KMS key or change the KMS key that protects a ciphertext. You can also use\n it to reencrypt ciphertext under the same KMS key, such as to change the encryption\n context of a ciphertext.
\nThe ReEncrypt operation can decrypt ciphertext that was encrypted by using a\n KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the\n public key of an asymmetric KMS key\n outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as\n the Amazon Web Services Encryption SDK or\n Amazon S3\n client-side encryption. These libraries return a ciphertext format that is\n incompatible with KMS.
When you use the ReEncrypt operation, you need to provide information for the\n decrypt operation and the subsequent encrypt operation.
If your ciphertext was encrypted under an asymmetric KMS key, you must use the\n SourceKeyId parameter to identify the KMS key that encrypted the\n ciphertext. You must also supply the encryption algorithm that was used. This information\n is required to decrypt the data.
If your ciphertext was encrypted under a symmetric encryption KMS key, the\n SourceKeyId parameter is optional. KMS can get this information from\n metadata that it adds to the symmetric ciphertext blob. This feature adds durability to\n your implementation by ensuring that authorized users can decrypt ciphertext decades after\n it was encrypted, even if they've lost track of the key ID. However, specifying the source\n KMS key is always recommended as a best practice. When you use the\n SourceKeyId parameter to specify a KMS key, KMS uses only the KMS key you\n specify. If the ciphertext was encrypted under a different KMS key, the\n ReEncrypt operation fails. This practice ensures that you use the KMS key\n that you intend.
To reencrypt the data, you must use the DestinationKeyId parameter to\n specify the KMS key that re-encrypts the data after it is decrypted. If the destination\n KMS key is an asymmetric KMS key, you must also provide the encryption algorithm. The\n algorithm that you choose must be compatible with the KMS key.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
\nYou are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. The source KMS key and\n destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a\n different account than the caller. To specify a KMS key in a different account, you must use\n its key ARN or alias ARN.
\n\n Required permissions:
\n\n kms:ReEncryptFrom\n permission on the source KMS key (key policy)
\n\n kms:ReEncryptTo\n permission on the destination KMS key (key policy)
\nTo permit reencryption from or to a KMS key, include the \"kms:ReEncrypt*\"\n permission in your key policy. This permission is\n automatically included in the key policy when you use the console to create a KMS key. But you\n must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.
\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\nDecrypts ciphertext and then reencrypts it entirely within KMS. You can use this\n operation to change the KMS key under which data is encrypted, such as when you manually\n rotate a KMS key or change the KMS key that protects a ciphertext. You can also use\n it to reencrypt ciphertext under the same KMS key, such as to change the encryption\n context of a ciphertext.
\nThe ReEncrypt operation can decrypt ciphertext that was encrypted by using a\n KMS key in an KMS operation, such as Encrypt or GenerateDataKey. It can also decrypt ciphertext that was encrypted by using the\n public key of an asymmetric KMS key\n outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as\n the Amazon Web Services Encryption SDK or\n Amazon S3\n client-side encryption. These libraries return a ciphertext format that is\n incompatible with KMS.
When you use the ReEncrypt operation, you need to provide information for the\n decrypt operation and the subsequent encrypt operation.
If your ciphertext was encrypted under an asymmetric KMS key, you must use the\n SourceKeyId parameter to identify the KMS key that encrypted the\n ciphertext. You must also supply the encryption algorithm that was used. This information\n is required to decrypt the data.
If your ciphertext was encrypted under a symmetric encryption KMS key, the\n SourceKeyId parameter is optional. KMS can get this information from\n metadata that it adds to the symmetric ciphertext blob. This feature adds durability to\n your implementation by ensuring that authorized users can decrypt ciphertext decades after\n it was encrypted, even if they've lost track of the key ID. However, specifying the source\n KMS key is always recommended as a best practice. When you use the\n SourceKeyId parameter to specify a KMS key, KMS uses only the KMS key you\n specify. If the ciphertext was encrypted under a different KMS key, the\n ReEncrypt operation fails. This practice ensures that you use the KMS key\n that you intend.
To reencrypt the data, you must use the DestinationKeyId parameter to\n specify the KMS key that re-encrypts the data after it is decrypted. If the destination\n KMS key is an asymmetric KMS key, you must also provide the encryption algorithm. The\n algorithm that you choose must be compatible with the KMS key.
When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.
\nYou are not required to supply the key ID and encryption algorithm when you decrypt with symmetric encryption KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. The source KMS key and\n destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a\n different account than the caller. To specify a KMS key in a different account, you must use\n its key ARN or alias ARN.
\n\n Required permissions:
\n\n kms:ReEncryptFrom\n permission on the source KMS key (key policy)
\n\n kms:ReEncryptTo\n permission on the destination KMS key (key policy)
\nTo permit reencryption from or to a KMS key, include the \"kms:ReEncrypt*\"\n permission in your key policy. This permission is\n automatically included in the key policy when you use the console to create a KMS key. But you\n must include it manually when you create a KMS key programmatically or when you use the PutKeyPolicy operation to set a key policy.
\n Related operations:\n
\n\n Decrypt\n
\n\n Encrypt\n
\n\n GenerateDataKey\n
\n\n GenerateDataKeyPair\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To reencrypt data", @@ -5798,7 +6131,7 @@ } ], "traits": { - "smithy.api#documentation": "Replicates a multi-Region key into the specified Region. This operation creates a\n multi-Region replica key based on a multi-Region primary key in a different Region of the same\n Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a\n different Region. To create a multi-Region primary key, use the CreateKey\n operation.
\nThis operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\nA replica key is a fully-functional KMS key that can be used\n independently of its primary and peer replica keys. A primary key and its replica keys share\n properties that make them interoperable. They have the same key ID and key material. They also\n have the same key\n spec, key\n usage, key\n material origin, and automatic key rotation status. KMS automatically synchronizes these shared\n properties among related multi-Region keys. All other properties of a replica key can differ,\n including its key\n policy, tags, aliases, and Key states of KMS keys. KMS pricing and quotas for KMS keys apply to each\n primary key and replica key.
\nWhen this operation completes, the new replica key has a transient key state of\n Creating. This key state changes to Enabled (or\n PendingImport) after a few seconds when the process of creating the new replica\n key is complete. While the key state is Creating, you can manage key, but you\n cannot yet use it in cryptographic operations. If you are creating and using the replica key\n programmatically, retry on KMSInvalidStateException or call\n DescribeKey to check its KeyState value before using it. For\n details about the Creating key state, see Key states of KMS keys in the\n Key Management Service Developer Guide.
You cannot create more than one replica of a primary key in any Region. If the Region\n already includes a replica of the key you're trying to replicate, ReplicateKey\n returns an AlreadyExistsException error. If the key state of the existing replica\n is PendingDeletion, you can cancel the scheduled key deletion (CancelKeyDeletion) or wait for the key to be deleted. The new replica key you\n create will have the same shared\n properties as the original replica key.
The CloudTrail log of a ReplicateKey operation records a\n ReplicateKey operation in the primary key's Region and a CreateKey operation in the replica key's Region.
If you replicate a multi-Region primary key with imported key material, the replica key is\n created with no key material. You must import the same key material that you imported into the\n primary key. For details, see Importing key material into multi-Region keys in the Key Management Service Developer Guide.
\nTo convert a replica key to a primary key, use the UpdatePrimaryRegion\n operation.
\n\n ReplicateKey uses different default values for the KeyPolicy\n and Tags parameters than those used in the KMS console. For details, see the\n parameter descriptions.
\n Cross-account use: No. You cannot use this operation to\n create a replica key in a different Amazon Web Services account.
\n\n Required permissions:
\n\n kms:ReplicateKey on the primary key (in the primary key's Region).\n Include this permission in the primary key's key policy.
\n kms:CreateKey in an IAM policy in the replica Region.
To use the Tags parameter, kms:TagResource in an IAM policy\n in the replica Region.
\n Related operations\n
\n\n CreateKey\n
\n\n UpdatePrimaryRegion\n
\nReplicates a multi-Region key into the specified Region. This operation creates a\n multi-Region replica key based on a multi-Region primary key in a different Region of the same\n Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a\n different Region. To create a multi-Region primary key, use the CreateKey\n operation.
\nThis operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\nA replica key is a fully-functional KMS key that can be used\n independently of its primary and peer replica keys. A primary key and its replica keys share\n properties that make them interoperable. They have the same key ID and key material. They also\n have the same key\n spec, key\n usage, key\n material origin, and automatic key rotation status. KMS automatically synchronizes these shared\n properties among related multi-Region keys. All other properties of a replica key can differ,\n including its key\n policy, tags, aliases, and Key states of KMS keys. KMS pricing and quotas for KMS keys apply to each\n primary key and replica key.
\nWhen this operation completes, the new replica key has a transient key state of\n Creating. This key state changes to Enabled (or\n PendingImport) after a few seconds when the process of creating the new replica\n key is complete. While the key state is Creating, you can manage key, but you\n cannot yet use it in cryptographic operations. If you are creating and using the replica key\n programmatically, retry on KMSInvalidStateException or call\n DescribeKey to check its KeyState value before using it. For\n details about the Creating key state, see Key states of KMS keys in the\n Key Management Service Developer Guide.
You cannot create more than one replica of a primary key in any Region. If the Region\n already includes a replica of the key you're trying to replicate, ReplicateKey\n returns an AlreadyExistsException error. If the key state of the existing replica\n is PendingDeletion, you can cancel the scheduled key deletion (CancelKeyDeletion) or wait for the key to be deleted. The new replica key you\n create will have the same shared\n properties as the original replica key.
The CloudTrail log of a ReplicateKey operation records a\n ReplicateKey operation in the primary key's Region and a CreateKey operation in the replica key's Region.
If you replicate a multi-Region primary key with imported key material, the replica key is\n created with no key material. You must import the same key material that you imported into the\n primary key. For details, see Importing key material into multi-Region\n keys in the Key Management Service Developer Guide.
\nTo convert a replica key to a primary key, use the UpdatePrimaryRegion\n operation.
\n\n ReplicateKey uses different default values for the KeyPolicy\n and Tags parameters than those used in the KMS console. For details, see the\n parameter descriptions.
\n Cross-account use: No. You cannot use this operation to\n create a replica key in a different Amazon Web Services account.
\n\n Required permissions:
\n\n kms:ReplicateKey on the primary key (in the primary key's Region).\n Include this permission in the primary key's key policy.
\n kms:CreateKey in an IAM policy in the replica Region.
To use the Tags parameter, kms:TagResource in an IAM policy\n in the replica Region.
\n Related operations\n
\n\n CreateKey\n
\n\n UpdatePrimaryRegion\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To replicate a multi-Region key in a different AWS Region", @@ -5872,7 +6205,7 @@ "target": "com.amazonaws.kms#BooleanType", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "Skips (\"bypasses\") the key policy lockout safety check. The default value is false.
\nSetting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately.
\nFor more information, see Default key policy in the Key Management Service Developer Guide.
\nUse this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent PutKeyPolicy request on the KMS key.
" + "smithy.api#documentation": "Skips (\"bypasses\") the key policy lockout safety check. The default value is false.
\nSetting this value to true increases the risk that the KMS key becomes unmanageable. Do\n not set this value to true indiscriminately.
\nFor more information, see Default key policy in the Key Management Service Developer Guide.
\nUse this parameter only when you intend to prevent the principal that is making the\n request from making a subsequent PutKeyPolicy\n request on the KMS key.
" } }, "Description": { @@ -5953,7 +6286,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To\n identify the grant to retire, use a grant token, or both the grant ID and a\n key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation\n returns both values.
\nThis operation can be called by the retiring principal for a grant,\n by the grantee principal if the grant allows the RetireGrant\n operation, and by the Amazon Web Services account in which the grant is created. It can also be called by\n principals to whom permission for retiring a grant is delegated. For details, see Retiring and revoking\n grants in the Key Management Service Developer Guide.
For detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\n\n Cross-account use: Yes. You can retire a grant on a KMS\n key in a different Amazon Web Services account.
\n\n Required permissions::Permission to retire a grant is\n determined primarily by the grant. For details, see Retiring and revoking grants in\n the Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListGrants\n
\n\n ListRetirableGrants\n
\n\n RevokeGrant\n
\nDeletes a grant. Typically, you retire a grant when you no longer need its permissions. To\n identify the grant to retire, use a grant token, or both the grant ID and a\n key identifier (key ID or key ARN) of the KMS key. The CreateGrant operation\n returns both values.
\nThis operation can be called by the retiring principal for a grant,\n by the grantee principal if the grant allows the RetireGrant\n operation, and by the Amazon Web Services account in which the grant is created. It can also be called by\n principals to whom permission for retiring a grant is delegated. For details, see Retiring and revoking\n grants in the Key Management Service Developer Guide.
For detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\n\n Cross-account use: Yes. You can retire a grant on a KMS\n key in a different Amazon Web Services account.
\n\n Required permissions: Permission to retire a grant is\n determined primarily by the grant. For details, see Retiring and revoking grants in\n the Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListGrants\n
\n\n ListRetirableGrants\n
\n\n RevokeGrant\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To retire a grant", @@ -6030,7 +6363,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes the specified grant. You revoke a grant to terminate the permissions that the\n grant allows. For more information, see Retiring and revoking grants in\n the \n Key Management Service Developer Guide\n .
\nWhen you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in\n the \n Key Management Service Developer Guide\n .
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\n\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:RevokeGrant (key policy).
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListGrants\n
\n\n ListRetirableGrants\n
\n\n RetireGrant\n
\nDeletes the specified grant. You revoke a grant to terminate the permissions that the\n grant allows. For more information, see Retiring and revoking grants in\n the \n Key Management Service Developer Guide\n .
\nWhen you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in\n the \n Key Management Service Developer Guide\n .
\nFor detailed information about grants, including grant terminology, see Grants in KMS in the\n \n Key Management Service Developer Guide\n . For examples of working with grants in several\n programming languages, see Programming grants.
\n\n Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key\n ARN in the value of the KeyId parameter.
\n Required permissions: kms:RevokeGrant (key policy).
\n\n Related operations:\n
\n\n CreateGrant\n
\n\n ListGrants\n
\n\n ListRetirableGrants\n
\n\n RetireGrant\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To revoke a grant", @@ -6071,6 +6404,146 @@ "smithy.api#input": {} } }, + "com.amazonaws.kms#RotateKeyOnDemand": { + "type": "operation", + "input": { + "target": "com.amazonaws.kms#RotateKeyOnDemandRequest" + }, + "output": { + "target": "com.amazonaws.kms#RotateKeyOnDemandResponse" + }, + "errors": [ + { + "target": "com.amazonaws.kms#ConflictException" + }, + { + "target": "com.amazonaws.kms#DependencyTimeoutException" + }, + { + "target": "com.amazonaws.kms#DisabledException" + }, + { + "target": "com.amazonaws.kms#InvalidArnException" + }, + { + "target": "com.amazonaws.kms#KMSInternalException" + }, + { + "target": "com.amazonaws.kms#KMSInvalidStateException" + }, + { + "target": "com.amazonaws.kms#LimitExceededException" + }, + { + "target": "com.amazonaws.kms#NotFoundException" + }, + { + "target": "com.amazonaws.kms#UnsupportedOperationException" + } + ], + "traits": { + "smithy.api#documentation": "Immediately initiates rotation of the key material of the specified symmetric encryption\n KMS key.
\nYou can perform on-demand rotation\n of the key material in customer managed KMS keys, \n regardless of whether or not automatic key rotation is enabled.\n On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that\n has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to \n automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate,\n as scheduled, on April 14, 2024 and every 730 days thereafter.
\nYou can perform on-demand key rotation a maximum of 10 times\n per KMS key. You can use the KMS console \n to view the number of remaining on-demand rotations available for a KMS key.
\nYou can use GetKeyRotationStatus to identify any in progress \n on-demand rotations. You can use ListKeyRotations to identify the date that\n completed on-demand rotations were performed. You can monitor rotation of the key material \n for your KMS keys in CloudTrail and Amazon CloudWatch.
\nOn-demand key rotation is supported only on symmetric encryption KMS keys.\n You cannot perform on-demand rotation of asymmetric KMS keys,\n HMAC KMS keys, \n KMS keys with imported key material, or KMS keys in a custom key store. To perform\n on-demand rotation of a set of related multi-Region keys,\n invoke the on-demand rotation on the primary key.
\nYou cannot initiate on-demand rotation of Amazon Web Services managed KMS keys. KMS\n always rotates the key material of Amazon Web Services managed keys every year. Rotation of Amazon Web Services owned KMS\n keys is managed by the Amazon Web Services service that owns the key.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:RotateKeyOnDemand (key policy)
\n\n Related operations:\n
\n\n EnableKeyRotation\n
\n\n DisableKeyRotation\n
\n\n GetKeyRotationStatus\n
\n\n ListKeyRotations\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", + "smithy.api#examples": [ + { + "title": "To perform on-demand rotation of key material", + "documentation": "The following example immediately initiates rotation of the key material for the specified KMS key.", + "input": { + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" + }, + "output": { + "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" + } + } + ] + } + }, + "com.amazonaws.kms#RotateKeyOnDemandRequest": { + "type": "structure", + "members": { + "KeyId": { + "target": "com.amazonaws.kms#KeyIdType", + "traits": { + "smithy.api#documentation": "Identifies a symmetric encryption KMS key. You cannot perform on-demand rotation of asymmetric KMS keys,\n HMAC KMS keys, \n KMS keys with imported key material, or KMS keys in a custom key store. To perform\n on-demand rotation of a set of related multi-Region keys,\n invoke the on-demand rotation on the primary key.
\nSpecify the key ID or key ARN of the KMS key.
\nFor example:
\nKey ID: 1234abcd-12ab-34cd-56ef-1234567890ab\n
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\n
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.kms#RotateKeyOnDemandResponse": { + "type": "structure", + "members": { + "KeyId": { + "target": "com.amazonaws.kms#KeyIdType", + "traits": { + "smithy.api#documentation": "Identifies the symmetric encryption KMS key that you initiated on-demand rotation\n on.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.kms#RotationPeriodInDaysType": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 90, + "max": 2560 + } + } + }, + "com.amazonaws.kms#RotationType": { + "type": "enum", + "members": { + "AUTOMATIC": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AUTOMATIC" + } + }, + "ON_DEMAND": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ON_DEMAND" + } + } + } + }, + "com.amazonaws.kms#RotationsList": { + "type": "list", + "member": { + "target": "com.amazonaws.kms#RotationsListEntry" + } + }, + "com.amazonaws.kms#RotationsListEntry": { + "type": "structure", + "members": { + "KeyId": { + "target": "com.amazonaws.kms#KeyIdType", + "traits": { + "smithy.api#documentation": "Unique identifier of the key.
" + } + }, + "RotationDate": { + "target": "com.amazonaws.kms#DateType", + "traits": { + "smithy.api#documentation": "Date and time that the key material rotation completed. Formatted as Unix time.
" + } + }, + "RotationType": { + "target": "com.amazonaws.kms#RotationType", + "traits": { + "smithy.api#documentation": "Identifies whether the key material rotation was a scheduled automatic rotation or an on-demand rotation.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Contains information about completed key material rotations.
" + } + }, "com.amazonaws.kms#ScheduleKeyDeletion": { "type": "operation", "input": { @@ -6097,7 +6570,7 @@ } ], "traits": { - "smithy.api#documentation": "Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30\n days, but you can specify a waiting period of 7-30 days. When this operation is successful,\n the key state of the KMS key changes to PendingDeletion and the key can't be used\n in any cryptographic operations. It remains in this state for the duration of the waiting\n period. Before the waiting period ends, you can use CancelKeyDeletion to\n cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,\n its key material, and all KMS data associated with it, including all aliases that refer to\n it.
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key\n is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only\n exception is a multi-Region replica\n key, or an asymmetric or HMAC KMS\n key with imported key material.) To prevent the use of a KMS key without deleting\n it, use DisableKey.
\nYou can schedule the deletion of a multi-Region primary key and its replica keys at any\n time. However, KMS will not delete a multi-Region primary key with existing replica keys. If\n you schedule the deletion of a primary key with replicas, its key state changes to\n PendingReplicaDeletion and it cannot be replicated or used in cryptographic\n operations. This status can continue indefinitely. When the last of its replicas keys is\n deleted (not just scheduled), the key state of the primary key changes to\n PendingDeletion and its waiting period (PendingWindowInDays)\n begins. For details, see Deleting multi-Region keys in the\n Key Management Service Developer Guide.
When KMS deletes\n a KMS key from an CloudHSM key store, it makes a best effort to delete the associated\n key material from the associated CloudHSM cluster. However, you might need to manually delete\n the orphaned key material from the cluster and its backups. Deleting a KMS key from an\n external key store has no effect on the associated external key. However, for both\n types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot\n decrypt ciphertext encrypted under the KMS key by using only its associated external key or\n CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS\n key with the same key material.
\nFor more information about scheduling a KMS key for deletion, see Deleting KMS keys in the\n Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ScheduleKeyDeletion (key\n policy)
\n\n Related operations\n
\n\n CancelKeyDeletion\n
\n\n DisableKey\n
\nSchedules the deletion of a KMS key. By default, KMS applies a waiting period of 30\n days, but you can specify a waiting period of 7-30 days. When this operation is successful,\n the key state of the KMS key changes to PendingDeletion and the key can't be used\n in any cryptographic operations. It remains in this state for the duration of the waiting\n period. Before the waiting period ends, you can use CancelKeyDeletion to\n cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,\n its key material, and all KMS data associated with it, including all aliases that refer to\n it.
Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key\n is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only\n exception is a multi-Region replica key, or an asymmetric or HMAC KMS\n key with imported key material.) To prevent the use of a KMS key without deleting\n it, use DisableKey.
\nYou can schedule the deletion of a multi-Region primary key and its replica keys at any\n time. However, KMS will not delete a multi-Region primary key with existing replica keys. If\n you schedule the deletion of a primary key with replicas, its key state changes to\n PendingReplicaDeletion and it cannot be replicated or used in cryptographic\n operations. This status can continue indefinitely. When the last of its replicas keys is\n deleted (not just scheduled), the key state of the primary key changes to\n PendingDeletion and its waiting period (PendingWindowInDays)\n begins. For details, see Deleting multi-Region keys in the\n Key Management Service Developer Guide.
When KMS deletes\n a KMS key from an CloudHSM key store, it makes a best effort to delete the associated\n key material from the associated CloudHSM cluster. However, you might need to manually delete\n the orphaned key material from the cluster and its backups. Deleting a KMS key from an\n external key store has no effect on the associated external key. However, for both\n types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot\n decrypt ciphertext encrypted under the KMS key by using only its associated external key or\n CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS\n key with the same key material.
\nFor more information about scheduling a KMS key for deletion, see Deleting KMS keys in the\n Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:ScheduleKeyDeletion (key\n policy)
\n\n Related operations\n
\n\n CancelKeyDeletion\n
\n\n DisableKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
" } }, "com.amazonaws.kms#ScheduleKeyDeletionRequest": { @@ -6191,7 +6664,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a digital\n signature for a message or message digest by using the private key in an asymmetric\n signing KMS key. To verify the signature, use the Verify operation, or use\n the public key in the same asymmetric KMS key outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
\nDigital signatures are generated and verified by using asymmetric key pair, such as an RSA\n or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized\n user) uses their private key to sign a message. Anyone with the public key can verify that the\n message was signed with that particular private key and that the message hasn't changed since\n it was signed.
\nTo use the Sign operation, provide the following information:
Use the KeyId parameter to identify an asymmetric KMS key with a\n KeyUsage value of SIGN_VERIFY. To get the\n KeyUsage value of a KMS key, use the DescribeKey\n operation. The caller must have kms:Sign permission on the KMS key.
Use the Message parameter to specify the message or message digest to\n sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a\n hash digest of the message, and then provide the hash digest in the Message\n parameter. To indicate whether the message is a full message or a digest, use the\n MessageType parameter.
Choose a signing algorithm that is compatible with the KMS key.
\nWhen signing a message, be sure to record the KMS key and the signing algorithm. This\n information is required to verify the signature.
\nBest practices recommend that you limit the time during which any signature is\n effective. This deters an attack where the actor uses a signed message to establish validity\n repeatedly or long after the message is superseded. Signatures do not include a timestamp,\n but you can include a timestamp in the signed message to help you detect when its time to\n refresh the signature.
\nTo verify the signature that this operation generates, use the Verify\n operation. Or use the GetPublicKey operation to download the public key and\n then use the public key to verify the signature outside of KMS.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:Sign (key policy)
\n\n Related operations: Verify\n
", + "smithy.api#documentation": "Creates a digital\n signature for a message or message digest by using the private key in an asymmetric\n signing KMS key. To verify the signature, use the Verify operation, or use\n the public key in the same asymmetric KMS key outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
\nDigital signatures are generated and verified by using asymmetric key pair, such as an RSA\n or ECC pair that is represented by an asymmetric KMS key. The key owner (or an authorized\n user) uses their private key to sign a message. Anyone with the public key can verify that the\n message was signed with that particular private key and that the message hasn't changed since\n it was signed.
\nTo use the Sign operation, provide the following information:
Use the KeyId parameter to identify an asymmetric KMS key with a\n KeyUsage value of SIGN_VERIFY. To get the\n KeyUsage value of a KMS key, use the DescribeKey\n operation. The caller must have kms:Sign permission on the KMS key.
Use the Message parameter to specify the message or message digest to\n sign. You can submit messages of up to 4096 bytes. To sign a larger message, generate a\n hash digest of the message, and then provide the hash digest in the Message\n parameter. To indicate whether the message is a full message or a digest, use the\n MessageType parameter.
Choose a signing algorithm that is compatible with the KMS key.
\nWhen signing a message, be sure to record the KMS key and the signing algorithm. This\n information is required to verify the signature.
\nBest practices recommend that you limit the time during which any signature is\n effective. This deters an attack where the actor uses a signed message to establish validity\n repeatedly or long after the message is superseded. Signatures do not include a timestamp,\n but you can include a timestamp in the signed message to help you detect when its time to\n refresh the signature.
\nTo verify the signature that this operation generates, use the Verify\n operation. Or use the GetPublicKey operation to download the public key and\n then use the public key to verify the signature outside of KMS.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:Sign (key policy)
\n\n Related operations: Verify\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To digitally sign a message with an asymmetric KMS key.", @@ -6207,6 +6680,21 @@ "Signature": "Adds or edits tags on a customer managed key.
\nTagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nEach tag consists of a tag key and a tag value, both of which are case-sensitive strings.\n The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag\n value. To edit a tag, specify an existing tag key and a new tag value.
\nYou can use this operation to tag a customer managed key, but you cannot\n tag an Amazon Web Services\n managed key, an Amazon Web Services owned key, a custom key\n store, or an alias.
\nYou can also add tags to a KMS key while creating it (CreateKey) or\n replicating it (ReplicateKey).
\nFor information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:TagResource (key policy)
\n\n Related operations\n
\n\n CreateKey\n
\n\n ListResourceTags\n
\n\n ReplicateKey\n
\n\n UntagResource\n
\nAdds or edits tags on a customer managed key.
\nTagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nEach tag consists of a tag key and a tag value, both of which are case-sensitive strings.\n The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag\n value. To edit a tag, specify an existing tag key and a new tag value.
\nYou can use this operation to tag a customer managed key, but you cannot\n tag an Amazon Web Services\n managed key, an Amazon Web Services owned key, a custom key\n store, or an alias.
\nYou can also add tags to a KMS key while creating it (CreateKey) or\n replicating it (ReplicateKey).
\nFor information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:TagResource (key policy)
\n\n Related operations\n
\n\n CreateKey\n
\n\n ListResourceTags\n
\n\n ReplicateKey\n
\n\n UntagResource\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To tag a KMS key", @@ -6593,6 +7081,9 @@ { "target": "com.amazonaws.kms#ListKeyPolicies" }, + { + "target": "com.amazonaws.kms#ListKeyRotations" + }, { "target": "com.amazonaws.kms#ListKeys" }, @@ -6617,6 +7108,9 @@ { "target": "com.amazonaws.kms#RevokeGrant" }, + { + "target": "com.amazonaws.kms#RotateKeyOnDemand" + }, { "target": "com.amazonaws.kms#ScheduleKeyDeletion" }, @@ -7958,7 +8452,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes tags from a customer managed key. To delete a tag,\n specify the tag key and the KMS key.
\nTagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nWhen it succeeds, the UntagResource operation doesn't return any output.\n Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or\n return a response. To confirm that the operation worked, use the ListResourceTags operation.
For information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:UntagResource (key policy)
\n\n Related operations\n
\n\n CreateKey\n
\n\n ListResourceTags\n
\n\n ReplicateKey\n
\n\n TagResource\n
\nDeletes tags from a customer managed key. To delete a tag,\n specify the tag key and the KMS key.
\nTagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nWhen it succeeds, the UntagResource operation doesn't return any output.\n Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or\n return a response. To confirm that the operation worked, use the ListResourceTags operation.
For information about using tags in KMS, see Tagging keys. For general information about\n tags, including the format and syntax, see Tagging Amazon Web Services resources in the Amazon\n Web Services General Reference.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:UntagResource (key policy)
\n\n Related operations\n
\n\n CreateKey\n
\n\n ListResourceTags\n
\n\n ReplicateKey\n
\n\n TagResource\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To remove tags from a KMS key", @@ -8022,7 +8516,7 @@ } ], "traits": { - "smithy.api#documentation": "Associates an existing KMS alias with a different KMS key. Each alias is associated with\n only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the\n KMS key must be in the same Amazon Web Services account and Region.
\nAdding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nThe current and new KMS key must be the same type (both symmetric or both asymmetric or\n both HMAC), and they must have the same key usage. This restriction prevents errors in code\n that uses aliases. If you must assign an alias to a different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create\n a new alias.
\nYou cannot use UpdateAlias to change an alias name. To change an alias name,\n use DeleteAlias to delete the old alias and CreateAlias to\n create a new alias.
Because an alias is not a property of a KMS key, you can create, update, and delete the\n aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the\n response from the DescribeKey operation. To get the aliases of all KMS keys\n in the account, use the ListAliases operation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions\n
\n\n kms:UpdateAlias on\n the alias (IAM policy).
\n\n kms:UpdateAlias on\n the current KMS key (key policy).
\n\n kms:UpdateAlias on\n the new KMS key (key policy).
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateAlias\n
\n\n DeleteAlias\n
\n\n ListAliases\n
\nAssociates an existing KMS alias with a different KMS key. Each alias is associated with\n only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the\n KMS key must be in the same Amazon Web Services account and Region.
\nAdding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
\nThe current and new KMS key must be the same type (both symmetric or both asymmetric or\n both HMAC), and they must have the same key usage. This restriction prevents errors in code\n that uses aliases. If you must assign an alias to a different type of KMS key, use DeleteAlias to delete the old alias and CreateAlias to create\n a new alias.
\nYou cannot use UpdateAlias to change an alias name. To change an alias name,\n use DeleteAlias to delete the old alias and CreateAlias to\n create a new alias.
Because an alias is not a property of a KMS key, you can create, update, and delete the\n aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the\n response from the DescribeKey operation. To get the aliases of all KMS keys\n in the account, use the ListAliases operation.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions\n
\n\n kms:UpdateAlias on\n the alias (IAM policy).
\n\n kms:UpdateAlias on\n the current KMS key (key policy).
\n\n kms:UpdateAlias on\n the new KMS key (key policy).
\nFor details, see Controlling access to aliases in the\n Key Management Service Developer Guide.
\n\n Related operations:\n
\n\n CreateAlias\n
\n\n DeleteAlias\n
\n\n ListAliases\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To update an alias", @@ -8119,7 +8613,7 @@ } ], "traits": { - "smithy.api#documentation": "Changes the properties of a custom key store. You can use this operation to change the\n properties of an CloudHSM key store or an external key store.
\nUse the required CustomKeyStoreId parameter to identify the custom key store.\n Use the remaining optional parameters to change its properties. This operation does not return\n any property values. To verify the updated property values, use the DescribeCustomKeyStores operation.
This operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nWhen updating the properties of an external key store, verify that the updated settings\n connect your key store, via the external key store proxy, to the same external key manager\n as the previous settings, or to a backup or snapshot of the external key manager with the\n same cryptographic keys. If the updated connection settings fail, you can fix them and\n retry, although an extended delay might disrupt Amazon Web Services services. However, if KMS\n permanently loses its access to cryptographic keys, ciphertext encrypted under those keys is\n unrecoverable.
\nFor external key stores:
\nSome external key managers provide a simpler method for updating an external key store.\n For details, see your external key manager documentation.
\nWhen updating an external key store in the KMS console, you can upload a JSON-based\n proxy configuration file with the desired values. You cannot upload the proxy configuration\n file to the UpdateCustomKeyStore operation. However, you can use the file to\n help you determine the correct values for the UpdateCustomKeyStore\n parameters.
For an CloudHSM key store, you can use this operation to change the custom key store friendly\n name (NewCustomKeyStoreName), to tell KMS about a change to the\n kmsuser crypto user password (KeyStorePassword), or to associate\n the custom key store with a different, but related, CloudHSM cluster\n (CloudHsmClusterId). To update any property of an CloudHSM key store, the\n ConnectionState of the CloudHSM key store must be DISCONNECTED.
For an external key store, you can use this operation to change the custom key store\n friendly name (NewCustomKeyStoreName), or to tell KMS about a change to the\n external key store proxy authentication credentials\n (XksProxyAuthenticationCredential), connection method\n (XksProxyConnectivity), external proxy endpoint\n (XksProxyUriEndpoint) and path (XksProxyUriPath). For external key\n stores with an XksProxyConnectivity of VPC_ENDPOINT_SERVICE, you can\n also update the Amazon VPC endpoint service name (XksProxyVpcEndpointServiceName). To\n update most properties of an external key store, the ConnectionState of the\n external key store must be DISCONNECTED. However, you can update the\n CustomKeyStoreName, XksProxyAuthenticationCredential, and\n XksProxyUriPath of an external key store when it is in the CONNECTED or\n DISCONNECTED state.
If your update requires a DISCONNECTED state, before using\n UpdateCustomKeyStore, use the DisconnectCustomKeyStore\n operation to disconnect the custom key store. After the UpdateCustomKeyStore\n operation completes, use the ConnectCustomKeyStore to reconnect the custom\n key store. To find the ConnectionState of the custom key store, use the DescribeCustomKeyStores operation.
\n
\nBefore updating the custom key store, verify that the new values allow KMS to connect\n the custom key store to its backing key store. For example, before you change the\n XksProxyUriPath value, verify that the external key store proxy is reachable at\n the new path.
If the operation succeeds, it returns a JSON object with no\nproperties.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:UpdateCustomKeyStore (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\nChanges the properties of a custom key store. You can use this operation to change the\n properties of an CloudHSM key store or an external key store.
\nUse the required CustomKeyStoreId parameter to identify the custom key store.\n Use the remaining optional parameters to change its properties. This operation does not return\n any property values. To verify the updated property values, use the DescribeCustomKeyStores operation.
This operation is part of the custom key stores feature in KMS, which\ncombines the convenience and extensive integration of KMS with the isolation and control of a\nkey store that you own and manage.
\nWhen updating the properties of an external key store, verify that the updated settings\n connect your key store, via the external key store proxy, to the same external key manager\n as the previous settings, or to a backup or snapshot of the external key manager with the\n same cryptographic keys. If the updated connection settings fail, you can fix them and\n retry, although an extended delay might disrupt Amazon Web Services services. However, if KMS\n permanently loses its access to cryptographic keys, ciphertext encrypted under those keys is\n unrecoverable.
\nFor external key stores:
\nSome external key managers provide a simpler method for updating an external key store.\n For details, see your external key manager documentation.
\nWhen updating an external key store in the KMS console, you can upload a JSON-based\n proxy configuration file with the desired values. You cannot upload the proxy configuration\n file to the UpdateCustomKeyStore operation. However, you can use the file to\n help you determine the correct values for the UpdateCustomKeyStore\n parameters.
For an CloudHSM key store, you can use this operation to change the custom key store friendly\n name (NewCustomKeyStoreName), to tell KMS about a change to the\n kmsuser crypto user password (KeyStorePassword), or to associate\n the custom key store with a different, but related, CloudHSM cluster\n (CloudHsmClusterId). To update any property of an CloudHSM key store, the\n ConnectionState of the CloudHSM key store must be DISCONNECTED.
For an external key store, you can use this operation to change the custom key store\n friendly name (NewCustomKeyStoreName), or to tell KMS about a change to the\n external key store proxy authentication credentials\n (XksProxyAuthenticationCredential), connection method\n (XksProxyConnectivity), external proxy endpoint\n (XksProxyUriEndpoint) and path (XksProxyUriPath). For external key\n stores with an XksProxyConnectivity of VPC_ENDPOINT_SERVICE, you can\n also update the Amazon VPC endpoint service name (XksProxyVpcEndpointServiceName). To\n update most properties of an external key store, the ConnectionState of the\n external key store must be DISCONNECTED. However, you can update the\n CustomKeyStoreName, XksProxyAuthenticationCredential, and\n XksProxyUriPath of an external key store when it is in the CONNECTED or\n DISCONNECTED state.
If your update requires a DISCONNECTED state, before using\n UpdateCustomKeyStore, use the DisconnectCustomKeyStore\n operation to disconnect the custom key store. After the UpdateCustomKeyStore\n operation completes, use the ConnectCustomKeyStore to reconnect the custom\n key store. To find the ConnectionState of the custom key store, use the DescribeCustomKeyStores operation.
\n
\nBefore updating the custom key store, verify that the new values allow KMS to connect\n the custom key store to its backing key store. For example, before you change the\n XksProxyUriPath value, verify that the external key store proxy is reachable at\n the new path.
If the operation succeeds, it returns a JSON object with no\nproperties.
\n\n Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
\n\n Required permissions: kms:UpdateCustomKeyStore (IAM policy)
\n\n Related operations:\n
\n\n CreateCustomKeyStore\n
\n\n DeleteCustomKeyStore\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To edit the friendly name of a custom key store", @@ -8129,6 +8623,44 @@ "NewCustomKeyStoreName": "DevelopmentKeys" }, "output": {} + }, + { + "title": "To edit the password of an AWS CloudHSM key store", + "documentation": "This example tells AWS KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with the AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return any data.", + "input": { + "CustomKeyStoreId": "cks-1234567890abcdef0", + "KeyStorePassword": "ExamplePassword" + }, + "output": {} + }, + { + "title": "To associate the custom key store with a different, but related, AWS CloudHSM cluster.", + "documentation": "This example changes the AWS CloudHSM cluster that is associated with an AWS CloudHSM key store to a related cluster, such as a different backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.", + "input": { + "CustomKeyStoreId": "cks-1234567890abcdef0", + "CloudHsmClusterId": "cluster-234abcdefABC" + }, + "output": {} + }, + { + "title": "To edit the proxy URI path of an external key store.", + "documentation": "This example updates the proxy URI path for an external key store", + "input": { + "CustomKeyStoreId": "cks-1234567890abcdef0", + "XksProxyUriPath": "/new-path/kms/xks/v1" + }, + "output": {} + }, + { + "title": "To update the proxy connectivity of an external key store to VPC_ENDPOINT_SERVICE", + "documentation": "To change the external key store proxy connectivity option from public endpoint connectivity to VPC endpoint service connectivity, in addition to changing theXksProxyConnectivity value, you must change the XksProxyUriEndpoint value to reflect the private DNS name associated with the VPC endpoint service. You must also add an XksProxyVpcEndpointServiceName value.",
+ "input": {
+ "CustomKeyStoreId": "cks-1234567890abcdef0",
+ "XksProxyConnectivity": "VPC_ENDPOINT_SERVICE",
+ "XksProxyUriEndpoint": "https://myproxy-private.xks.example.com",
+ "XksProxyVpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example"
+ },
+ "output": {}
}
]
}
@@ -8229,7 +8761,7 @@
}
],
"traits": {
- "smithy.api#documentation": "Updates the description of a KMS key. To see the description of a KMS key, use DescribeKey.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:UpdateKeyDescription (key policy)
\n\n Related operations\n
\n\n CreateKey\n
\n\n DescribeKey\n
\nUpdates the description of a KMS key. To see the description of a KMS key, use DescribeKey.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
\n\n Required permissions: kms:UpdateKeyDescription (key policy)
\n\n Related operations\n
\n\n CreateKey\n
\n\n DescribeKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To update the description of a KMS key", @@ -8293,7 +8825,7 @@ } ], "traits": { - "smithy.api#documentation": "Changes the primary key of a multi-Region key.
\nThis operation changes the replica key in the specified Region to a primary key and\n changes the former primary key to a replica key. For example, suppose you have a primary key\n in us-east-1 and a replica key in eu-west-2. If you run\n UpdatePrimaryRegion with a PrimaryRegion value of\n eu-west-2, the primary key is now the key in eu-west-2, and the\n key in us-east-1 becomes a replica key. For details, see Updating the primary Region in the Key Management Service Developer Guide.
This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\nThe primary key of a multi-Region key is the source for properties\n that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material\n origin, and automatic\n key rotation. It's the only key that can be replicated. You cannot delete the primary\n key until all replica keys are deleted.
\nThe key ID and primary Region that you specify uniquely identify the replica key that will\n become the primary key. The primary Region must already have a replica key. This operation\n does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica\n key, use the ReplicateKey operation.
\nYou can run this operation while using the affected multi-Region keys in cryptographic\n operations. This operation should not delay, interrupt, or cause failures in cryptographic\n operations.
\nEven after this operation completes, the process of updating the primary Region might\n still be in progress for a few more seconds. Operations such as DescribeKey might\n display both the old and new primary keys as replicas. The old and new primary keys have a\n transient key state of Updating. The original key state is restored when the\n update is complete. While the key state is Updating, you can use the keys in\n cryptographic operations, but you cannot replicate the new primary key or perform certain\n management operations, such as enabling or disabling these keys. For details about the\n Updating key state, see Key states of KMS keys in the Key Management Service Developer Guide.
This operation does not return any output. To verify that primary key is changed, use the\n DescribeKey operation.
\n\n Cross-account use: No. You cannot use this operation in a\n different Amazon Web Services account.
\n\n Required permissions:
\n\n kms:UpdatePrimaryRegion on the current primary key (in the primary key's\n Region). Include this permission primary key's key policy.
\n kms:UpdatePrimaryRegion on the current replica key (in the replica key's\n Region). Include this permission in the replica key's key policy.
\n Related operations\n
\n\n CreateKey\n
\n\n ReplicateKey\n
\nChanges the primary key of a multi-Region key.
\nThis operation changes the replica key in the specified Region to a primary key and\n changes the former primary key to a replica key. For example, suppose you have a primary key\n in us-east-1 and a replica key in eu-west-2. If you run\n UpdatePrimaryRegion with a PrimaryRegion value of\n eu-west-2, the primary key is now the key in eu-west-2, and the\n key in us-east-1 becomes a replica key. For details, see Updating the primary Region in the Key Management Service Developer Guide.
This operation supports multi-Region keys, an KMS feature that lets you create multiple\n interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key\n material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt\n it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide.
\nThe primary key of a multi-Region key is the source for properties\n that are always shared by primary and replica keys, including the key material, key ID, key spec, key usage, key material\n origin, and automatic\n key rotation. It's the only key that can be replicated. You cannot delete the primary\n key until all replica keys are deleted.
\nThe key ID and primary Region that you specify uniquely identify the replica key that will\n become the primary key. The primary Region must already have a replica key. This operation\n does not create a KMS key in the specified Region. To find the replica keys, use the DescribeKey operation on the primary key or any replica key. To create a replica\n key, use the ReplicateKey operation.
\nYou can run this operation while using the affected multi-Region keys in cryptographic\n operations. This operation should not delay, interrupt, or cause failures in cryptographic\n operations.
\nEven after this operation completes, the process of updating the primary Region might\n still be in progress for a few more seconds. Operations such as DescribeKey might\n display both the old and new primary keys as replicas. The old and new primary keys have a\n transient key state of Updating. The original key state is restored when the\n update is complete. While the key state is Updating, you can use the keys in\n cryptographic operations, but you cannot replicate the new primary key or perform certain\n management operations, such as enabling or disabling these keys. For details about the\n Updating key state, see Key states of KMS keys in the Key Management Service Developer Guide.
This operation does not return any output. To verify that primary key is changed, use the\n DescribeKey operation.
\n\n Cross-account use: No. You cannot use this operation in a\n different Amazon Web Services account.
\n\n Required permissions:
\n\n kms:UpdatePrimaryRegion on the current primary key (in the primary key's\n Region). Include this permission primary key's key policy.
\n kms:UpdatePrimaryRegion on the current replica key (in the replica key's\n Region). Include this permission in the replica key's key policy.
\n Related operations\n
\n\n CreateKey\n
\n\n ReplicateKey\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To update the primary Region of a multi-Region KMS key", @@ -8369,7 +8901,7 @@ } ], "traits": { - "smithy.api#documentation": "Verifies a digital signature that was generated by the Sign operation.
\n \nVerification confirms that an authorized user signed the message with the specified KMS\n key and signing algorithm, and the message hasn't changed since it was signed. If the\n signature is verified, the value of the SignatureValid field in the response is\n True. If the signature verification fails, the Verify operation\n fails with an KMSInvalidSignatureException exception.
A digital signature is generated by using the private key in an asymmetric KMS key. The\n signature is verified by using the public key in the same asymmetric KMS key.\n For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
\nTo use the Verify operation, specify the same asymmetric KMS key, message,\n and signing algorithm that were used to produce the signature. The message type does not need\n to be the same as the one used for signing, but it must indicate whether the value of the\n Message parameter should be hashed as part of the verification process.
You can also verify the digital signature by using the public key of the KMS key outside\n of KMS. Use the GetPublicKey operation to download the public key in the\n asymmetric KMS key and then use the public key to verify the signature outside of KMS. The\n advantage of using the Verify operation is that it is performed within KMS. As\n a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged\n in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use\n the KMS key to verify signatures.
To verify a signature outside of KMS with an SM2 public key (China Regions only), you\n must specify the distinguishing ID. By default, KMS uses 1234567812345678 as\n the distinguishing ID. For more information, see Offline\n verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:Verify (key policy)
\n\n Related operations: Sign\n
", + "smithy.api#documentation": "Verifies a digital signature that was generated by the Sign operation.
\n \nVerification confirms that an authorized user signed the message with the specified KMS\n key and signing algorithm, and the message hasn't changed since it was signed. If the\n signature is verified, the value of the SignatureValid field in the response is\n True. If the signature verification fails, the Verify operation\n fails with an KMSInvalidSignatureException exception.
A digital signature is generated by using the private key in an asymmetric KMS key. The\n signature is verified by using the public key in the same asymmetric KMS key.\n For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
\nTo use the Verify operation, specify the same asymmetric KMS key, message,\n and signing algorithm that were used to produce the signature. The message type does not need\n to be the same as the one used for signing, but it must indicate whether the value of the\n Message parameter should be hashed as part of the verification process.
You can also verify the digital signature by using the public key of the KMS key outside\n of KMS. Use the GetPublicKey operation to download the public key in the\n asymmetric KMS key and then use the public key to verify the signature outside of KMS. The\n advantage of using the Verify operation is that it is performed within KMS. As\n a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged\n in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use\n the KMS key to verify signatures.
To verify a signature outside of KMS with an SM2 public key (China Regions only), you\n must specify the distinguishing ID. By default, KMS uses 1234567812345678 as\n the distinguishing ID. For more information, see Offline\n verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:Verify (key policy)
\n\n Related operations: Sign\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To use an asymmetric KMS key to verify a digital signature", @@ -8386,6 +8918,22 @@ "SignatureValid": true, "SigningAlgorithm": "ECDSA_SHA_384" } + }, + { + "title": "To use an asymmetric KMS key to verify a digital signature on a message digest", + "documentation": "This operation uses the public key in an RSA asymmetric signing key pair to verify the digital signature of a message digest. Hashing a message into a digest before sending it to KMS lets you verify messages that exceed the 4096-byte message size limit. To indicate that the value of Message is a digest, use the MessageType parameter ", + "input": { + "KeyId": "arn:aws:kms:us-east-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", + "Message": "Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC\n KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using\n the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC\n to the HMAC that you specify. If the HMACs are identical, the verification succeeds;\n otherwise, it fails. Verification indicates that the message hasn't changed since the HMAC was\n calculated, and the specified key was used to generate and verify the HMAC.
HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards\n defined in RFC 2104.
\nThis operation is part of KMS support for HMAC KMS keys. For details, see\n HMAC keys in KMS in the\n Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:VerifyMac (key policy)
\n\n Related operations: GenerateMac\n
", + "smithy.api#documentation": "Verifies the hash-based message authentication code (HMAC) for a specified message, HMAC\n KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using\n the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC\n to the HMAC that you specify. If the HMACs are identical, the verification succeeds;\n otherwise, it fails. Verification indicates that the message hasn't changed since the HMAC was\n calculated, and the specified key was used to generate and verify the HMAC.
HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards\n defined in RFC 2104.
\nThis operation is part of KMS support for HMAC KMS keys. For details, see\n HMAC keys in KMS in the\n Key Management Service Developer Guide.
\nThe KMS key that you use for this operation must be in a compatible key state. For\ndetails, see Key states of KMS keys in the Key Management Service Developer Guide.
\n\n Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify\n the key ARN or alias ARN in the value of the KeyId parameter.
\n Required permissions: kms:VerifyMac (key policy)
\n\n Related operations: GenerateMac\n
\n\n Eventual consistency: The KMS API follows an eventual consistency model. \n For more information, see KMS eventual consistency.
", "smithy.api#examples": [ { "title": "To verify an HMAC", @@ -8624,6 +9172,12 @@ "traits": { "smithy.api#enumValue": "RSA_4096" } + }, + "SM2": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SM2" + } } } }, @@ -8639,7 +9193,7 @@ "code": "XksKeyAlreadyInUse", "httpResponseCode": 400 }, - "smithy.api#documentation": "The request was rejected because the (XksKeyId) is already associated with a\n KMS key in this external key store. Each KMS key in an external key store must be associated\n with a different external key.
The request was rejected because the (XksKeyId) is already associated with\n another KMS key in this external key store. Each KMS key in an external key store must be\n associated with a different external key.
The request was rejected because the Amazon VPC endpoint service configuration does not fulfill\n the requirements for an external key store proxy. For details, see the exception\n message.
", + "smithy.api#documentation": "The request was rejected because the external key store proxy is not configured correctly.\n To identify the cause, see the error message that accompanies the exception.
", "smithy.api#error": "client", "smithy.api#httpError": 400 } @@ -8864,7 +9418,7 @@ "code": "XksProxyUriEndpointInUseException", "httpResponseCode": 400 }, - "smithy.api#documentation": "The request was rejected because the concatenation of the XksProxyUriEndpoint\n is already associated with an external key store in the Amazon Web Services account and Region. Each\n external key store in an account and Region must use a unique external key store proxy\n address.
The request was rejected because the XksProxyUriEndpoint is already\n associated with another external key store in this Amazon Web Services Region. To identify the cause, see\n the error message that accompanies the exception.
The request was rejected because the concatenation of the XksProxyUriEndpoint\n and XksProxyUriPath is already associated with an external key store in the\n Amazon Web Services account and Region. Each external key store in an account and Region must use a unique\n external key store proxy API address.
The request was rejected because the concatenation of the XksProxyUriEndpoint\n and XksProxyUriPath is already associated with another external key store in this\n Amazon Web Services Region. Each external key store in a Region must use a unique external key store proxy\n API address.
The request was rejected because the specified Amazon VPC endpoint service is already\n associated with an external key store in the Amazon Web Services account and Region. Each external key store\n in an Amazon Web Services account and Region must use a different Amazon VPC endpoint service.
", + "smithy.api#documentation": "The request was rejected because the specified Amazon VPC endpoint service is already\n associated with another external key store in this Amazon Web Services Region. Each external key store in a\n Region must use a different Amazon VPC endpoint service.
", "smithy.api#error": "client", "smithy.api#httpError": 400 } @@ -8952,7 +9506,7 @@ "code": "XksProxyVpcEndpointServiceInvalidConfigurationException", "httpResponseCode": 400 }, - "smithy.api#documentation": "The request was rejected because the Amazon VPC endpoint service configuration does not fulfill\n the requirements for an external key store proxy. For details, see the exception message and\n review the\n requirements for Amazon VPC endpoint service connectivity for an external key\n store.
", + "smithy.api#documentation": "The request was rejected because the Amazon VPC endpoint service configuration does not fulfill\n the requirements for an external key store. To identify the cause, see the error message that\n accompanies the exception and review the\n requirements for Amazon VPC endpoint service connectivity for an external key\n store.
", "smithy.api#error": "client", "smithy.api#httpError": 400 } diff --git a/aws/sdk/aws-models/lambda.json b/aws/sdk/aws-models/lambda.json index 981d7acab4..656c0e9553 100644 --- a/aws/sdk/aws-models/lambda.json +++ b/aws/sdk/aws-models/lambda.json @@ -1761,7 +1761,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -2386,7 +2386,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -2529,13 +2529,13 @@ "EventSourceArn": { "target": "com.amazonaws.lambda#Arn", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the event source.
\n\n Amazon Kinesis – The ARN of the data stream or a stream consumer.
\n\n Amazon DynamoDB Streams – The ARN of the stream.
\n\n Amazon Simple Queue Service – The ARN of the queue.
\n\n Amazon Managed Streaming for Apache Kafka – The ARN of the cluster.
\n\n Amazon MQ – The ARN of the broker.
\n\n Amazon DocumentDB – The ARN of the DocumentDB change stream.
\nThe Amazon Resource Name (ARN) of the event source.
\n\n Amazon Kinesis – The ARN of the data stream or a stream consumer.
\n\n Amazon DynamoDB Streams – The ARN of the stream.
\n\n Amazon Simple Queue Service – The ARN of the queue.
\n\n Amazon Managed Streaming for Apache Kafka – The ARN of the cluster or the ARN of the VPC connection (for cross-account event source mappings).
\n\n Amazon MQ – The ARN of the broker.
\n\n Amazon DocumentDB – The ARN of the DocumentDB change stream.
\nThe name of the Lambda function.
\n\n Name formats\n
\n\n Function name – MyFunction.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
\n Partial ARN – 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – MyFunction.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
\n Partial ARN – 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64\n characters in length.
", "smithy.api#required": {} } }, @@ -2584,7 +2584,7 @@ "DestinationConfig": { "target": "com.amazonaws.lambda#DestinationConfig", "traits": { - "smithy.api#documentation": "(Kinesis and DynamoDB Streams only) A standard Amazon SQS queue or standard Amazon SNS topic destination for discarded records.
" + "smithy.api#documentation": "(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Kafka only) A configuration object that specifies the destination of an event after Lambda processes it.
" } }, "MaximumRecordAgeInSeconds": { @@ -2722,7 +2722,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#required": {} } }, @@ -2834,7 +2834,7 @@ "ImageConfig": { "target": "com.amazonaws.lambda#ImageConfig", "traits": { - "smithy.api#documentation": "Container image configuration\n values that override the values in the container image Dockerfile.
" + "smithy.api#documentation": "Container image configuration\n values that override the values in the container image Dockerfile.
" } }, "CodeSigningConfigArn": { @@ -2852,7 +2852,7 @@ "EphemeralStorage": { "target": "com.amazonaws.lambda#EphemeralStorage", "traits": { - "smithy.api#documentation": "The size of the function's /tmp directory in MB. The default value is 512, but can be any whole\n number between 512 and 10,240 MB.
The size of the function's /tmp directory in MB. The default value is 512, but can be any whole\n number between 512 and 10,240 MB. For more information, see Configuring ephemeral storage (console).
The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3060,7 +3060,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3262,7 +3262,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3312,7 +3312,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3362,7 +3362,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3385,7 +3385,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function or version.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:1 (with version).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function or version.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:1 (with version).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3439,7 +3439,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3546,7 +3546,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -3902,7 +3902,7 @@ } }, "traits": { - "smithy.api#documentation": "The size of the function's /tmp directory in MB. The default value is 512, but it can be any\n whole number between 512 and 10,240 MB.
The size of the function's /tmp directory in MB. The default value is 512, but can be any whole\n number between 512 and 10,240 MB. For more information, see Configuring ephemeral storage (console).
(Kinesis and DynamoDB Streams only) An Amazon SQS queue or Amazon SNS topic destination for discarded records.
" + "smithy.api#documentation": "(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Apache Kafka event sources only) A configuration object that specifies the destination of an event after Lambda processes it.
" } }, "Topics": { @@ -4499,7 +4499,7 @@ "EphemeralStorage": { "target": "com.amazonaws.lambda#EphemeralStorage", "traits": { - "smithy.api#documentation": "The size of the function’s /tmp directory in MB. The default value is 512, but it can be any\n whole number between 512 and 10,240 MB.
The size of the function's /tmp directory in MB. The default value is 512, but can be any whole\n number between 512 and 10,240 MB. For more information, see Configuring ephemeral storage (console).
The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5085,7 +5085,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5108,7 +5108,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#required": {} } } @@ -5154,7 +5154,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5325,7 +5325,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5379,7 +5379,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5402,7 +5402,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5488,7 +5488,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5836,7 +5836,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -5913,7 +5913,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -6012,7 +6012,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -6295,7 +6295,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -6317,7 +6317,7 @@ "ClientContext": { "target": "com.amazonaws.lambda#String", "traits": { - "smithy.api#documentation": "Up to 3,583 bytes of base64-encoded data about the invoking client to pass to the function in the context\n object.
", + "smithy.api#documentation": "Up to 3,583 bytes of base64-encoded data about the invoking client to pass to the function in the context\n object. Lambda passes the ClientContext object to your function for\n synchronous invocations only.
For asynchronous function invocation, use Invoke.
\nInvokes a function asynchronously.
", + "smithy.api#documentation": "For asynchronous function invocation, use Invoke.
\nInvokes a function asynchronously.
\nIf you do use the InvokeAsync action, note that it doesn't support the use of X-Ray active tracing. Trace ID is not \n propagated to the function, even if X-Ray active tracing is turned on.
\nThe name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -6767,7 +6767,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -7406,7 +7406,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -7573,14 +7573,14 @@ "EventSourceArn": { "target": "com.amazonaws.lambda#Arn", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the event source.
\n\n Amazon Kinesis – The ARN of the data stream or a stream consumer.
\n\n Amazon DynamoDB Streams – The ARN of the stream.
\n\n Amazon Simple Queue Service – The ARN of the queue.
\n\n Amazon Managed Streaming for Apache Kafka – The ARN of the cluster.
\n\n Amazon MQ – The ARN of the broker.
\n\n Amazon DocumentDB – The ARN of the DocumentDB change stream.
\nThe Amazon Resource Name (ARN) of the event source.
\n\n Amazon Kinesis – The ARN of the data stream or a stream consumer.
\n\n Amazon DynamoDB Streams – The ARN of the stream.
\n\n Amazon Simple Queue Service – The ARN of the queue.
\n\n Amazon Managed Streaming for Apache Kafka – The ARN of the cluster or the ARN of the VPC connection (for cross-account event source mappings).
\n\n Amazon MQ – The ARN of the broker.
\n\n Amazon DocumentDB – The ARN of the DocumentDB change stream.
\nThe name of the Lambda function.
\n\n Name formats\n
\n\n Function name – MyFunction.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
\n Partial ARN – 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – MyFunction.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
\n Partial ARN – 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64\n characters in length.
", "smithy.api#httpQuery": "FunctionName" } }, @@ -7666,7 +7666,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - my-function.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - my-function.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -7753,7 +7753,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -8016,7 +8016,7 @@ "CompatibleRuntime": { "target": "com.amazonaws.lambda#Runtime", "traits": { - "smithy.api#documentation": "A runtime identifier. For example, go1.x.
The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
", + "smithy.api#documentation": "A runtime identifier. For example, java21.
The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
", "smithy.api#httpQuery": "CompatibleRuntime" } }, @@ -8114,7 +8114,7 @@ "CompatibleRuntime": { "target": "com.amazonaws.lambda#Runtime", "traits": { - "smithy.api#documentation": "A runtime identifier. For example, go1.x.
The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
", + "smithy.api#documentation": "A runtime identifier. For example, java21.
The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
", "smithy.api#httpQuery": "CompatibleRuntime" } }, @@ -8207,7 +8207,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -8355,7 +8355,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#NamespacedFunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -8465,13 +8465,13 @@ "ApplicationLogLevel": { "target": "com.amazonaws.lambda#ApplicationLogLevel", "traits": { - "smithy.api#documentation": "Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the \n selected level and lower.
" + "smithy.api#documentation": "Set this property to filter the application logs for your function that Lambda sends to CloudWatch. Lambda only sends application logs at the \n selected level of detail and lower, where TRACE is the highest level and FATAL is the lowest.
Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the \n selected level and lower.
" + "smithy.api#documentation": "Set this property to filter the system logs for your function that Lambda sends to CloudWatch. Lambda only sends system logs at the \n selected level of detail and lower, where DEBUG is the highest level and WARN is the lowest.
The Amazon Resource Name (ARN) of the destination resource.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the destination resource.
\nTo retain records of asynchronous invocations,\n you can configure an Amazon SNS topic, Amazon SQS queue, Lambda function,\n or Amazon EventBridge event bus as the destination.
\nTo retain records of failed invocations from Kinesis and\n DynamoDB event sources, you can configure an Amazon SNS topic or\n Amazon SQS queue as the destination.
\nTo retain records of failed invocations from self-managed Kafka or\n Amazon MSK,\n you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.
" } } }, @@ -9092,7 +9092,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9170,7 +9170,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9193,7 +9193,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#required": {} } } @@ -9242,7 +9242,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9299,7 +9299,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9374,7 +9374,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9483,7 +9483,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9709,7 +9709,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name – my-function (name-only), my-function:v1 (with alias).
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9999,6 +9999,12 @@ "smithy.api#enumValue": "dotnet6" } }, + "dotnet8": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "dotnet8" + } + }, "nodejs43edge": { "target": "smithy.api#Unit", "traits": { @@ -10059,6 +10065,12 @@ "smithy.api#enumValue": "ruby3.2" } }, + "ruby33": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ruby3.3" + } + }, "python311": { "target": "smithy.api#Unit", "traits": { @@ -11098,7 +11110,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name - MyFunction.
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Partial ARN - 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -11268,7 +11280,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – MyFunction.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
\n Partial ARN – 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64\n characters in length.
" + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – MyFunction.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction.
\n Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD.
\n Partial ARN – 123456789012:function:MyFunction.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64\n characters in length.
" } }, "Enabled": { @@ -11298,7 +11310,7 @@ "DestinationConfig": { "target": "com.amazonaws.lambda#DestinationConfig", "traits": { - "smithy.api#documentation": "(Kinesis and DynamoDB Streams only) A standard Amazon SQS queue or standard Amazon SNS topic destination for discarded records.
" + "smithy.api#documentation": "(Kinesis, DynamoDB Streams, Amazon MSK, and self-managed Kafka only) A configuration object that specifies the destination of an event after Lambda processes it.
" } }, "MaximumRecordAgeInSeconds": { @@ -11415,7 +11427,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -11533,7 +11545,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -11625,13 +11637,13 @@ "ImageConfig": { "target": "com.amazonaws.lambda#ImageConfig", "traits": { - "smithy.api#documentation": "\n Container image configuration\n values that override the values in the container image Docker file.
" + "smithy.api#documentation": "\n Container image configuration\n values that override the values in the container image Docker file.
" } }, "EphemeralStorage": { "target": "com.amazonaws.lambda#EphemeralStorage", "traits": { - "smithy.api#documentation": "The size of the function's /tmp directory in MB. The default value is 512, but can be any whole\n number between 512 and 10,240 MB.
The size of the function's /tmp directory in MB. The default value is 512, but can be any whole\n number between 512 and 10,240 MB. For more information, see Configuring ephemeral storage (console).
The name of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function, version, or alias.
\n\n Name formats\n
\n\n Function name - my-function (name-only), my-function:v1 (with alias).
\n Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN - 123456789012:function:my-function.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN.\n If you specify only the function name, it is limited to 64 characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -11766,7 +11778,7 @@ "FunctionName": { "target": "com.amazonaws.lambda#FunctionName", "traits": { - "smithy.api#documentation": "The name of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", + "smithy.api#documentation": "The name or ARN of the Lambda function.
\n\n Name formats\n
\n\n Function name – my-function.
\n Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function.
\n Partial ARN – 123456789012:function:my-function.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64\n characters in length.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } diff --git a/aws/sdk/aws-models/polly.json b/aws/sdk/aws-models/polly.json index def7aa319b..5bac0ca422 100644 --- a/aws/sdk/aws-models/polly.json +++ b/aws/sdk/aws-models/polly.json @@ -167,7 +167,7 @@ "Engine": { "target": "com.amazonaws.polly#Engine", "traits": { - "smithy.api#documentation": "Specifies the engine (standard, neural or\n long-form) used by Amazon Polly when processing input text for\n speech synthesis.
Specifies the engine (standard, neural,\n long-form or generative) used by Amazon Polly when\n processing input text for speech synthesis.
Specifies the engine (standard, neural or\n long-form) for Amazon Polly to use when processing input text for\n speech synthesis. Using a voice that is not supported for the engine\n selected will result in an error.
Specifies the engine (standard, neural,\n long-form or generative) for Amazon Polly to use\n when processing input text for speech synthesis. Using a voice that\n is not supported for the engine selected will result in an error.
The audio frequency specified in Hz.
\nThe valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\",\n and \"24000\". The default value for standard voices is \"22050\". The default\n value for neural voices is \"24000\". The default value for long-form voices\n is \"24000\".
\nValid values for pcm are \"8000\" and \"16000\" The default value is\n \"16000\".
" + "smithy.api#documentation": "The audio frequency specified in Hz.
\nThe valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\",\n and \"24000\". The default value for standard voices is \"22050\". The default\n value for neural voices is \"24000\". The default value for long-form voices\n is \"24000\". The default value for generative voices is \"24000\".
\nValid values for pcm are \"8000\" and \"16000\" The default value is\n \"16000\".
" } }, "SnsTopicArn": { @@ -2504,7 +2510,7 @@ "Engine": { "target": "com.amazonaws.polly#Engine", "traits": { - "smithy.api#documentation": "Specifies the engine (standard, neural or\n long-form) for Amazon Polly to use when processing input text for\n speech synthesis. Using a voice that is not supported for the engine\n selected will result in an error.
Specifies the engine (standard, neural,\n long-form or generative) for Amazon Polly to use\n when processing input text for speech synthesis. Using a voice that\n is not supported for the engine selected will result in an error.
The audio frequency specified in Hz.
\nThe valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\",\n and \"24000\". The default value for standard voices is \"22050\". The default\n value for neural voices is \"24000\". The default value for long-form voices\n is \"24000\".
\nValid values for pcm are \"8000\" and \"16000\" The default value is\n \"16000\".
" + "smithy.api#documentation": "The audio frequency specified in Hz.
\nThe valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\",\n and \"24000\". The default value for standard voices is \"22050\". The default\n value for neural voices is \"24000\". The default value for long-form voices\n is \"24000\". The default value for generative voices is \"24000\".
\nValid values for pcm are \"8000\" and \"16000\" The default value is\n \"16000\".
" } }, "SpeechMarkTypes": { @@ -2689,7 +2695,7 @@ "Engine": { "target": "com.amazonaws.polly#Engine", "traits": { - "smithy.api#documentation": "Specifies the engine (standard, neural or\n long-form) for Amazon Polly to use when processing input text for\n speech synthesis. For information on Amazon Polly voices and which voices are\n available for each engine, see Available Voices.
\n NTTS-only voices\n
\nWhen using NTTS-only voices such as Kevin (en-US), this parameter is\n required and must be set to neural. If the engine is not\n specified, or is set to standard, this will result in an\n error.
\n long-form-only voices\n
\nWhen using long-form-only voices such as Danielle (en-US), this\n parameter is required and must be set to long-form. If the\n engine is not specified, or is set to standard or\n neural, this will result in an error.
Type: String
\nValid Values: standard | neural |\n long-form\n
Required: Yes
\n\n Standard voices\n
\nFor standard voices, this is not required; the engine parameter\n defaults to standard. If the engine is not specified, or is\n set to standard and an NTTS-only voice is selected, this will\n result in an error.
Specifies the engine (standard, neural,\n long-form, or generative) for Amazon Polly\n to use when processing input text for speech synthesis. Provide an engine\n that is supported by the voice you select. If you don't provide an engine,\n the standard engine is selected by default. If a chosen voice isn't supported\n by the standard engine, this will result in an error. For information on\n Amazon Polly voices and which voices are available for each engine, see Available Voices.
Type: String
\nValid Values: standard | neural |\n long-form | generative\n
Required: Yes
" } }, "LanguageCode": { @@ -2714,7 +2720,7 @@ "SampleRate": { "target": "com.amazonaws.polly#SampleRate", "traits": { - "smithy.api#documentation": "The audio frequency specified in Hz.
\nThe valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\",\n and \"24000\". The default value for standard voices is \"22050\". The default\n value for neural voices is \"24000\". The default value for long-form voices\n is \"24000\".
\nValid values for pcm are \"8000\" and \"16000\" The default value is\n \"16000\".
" + "smithy.api#documentation": "The audio frequency specified in Hz.
\nThe valid values for mp3 and ogg_vorbis are \"8000\", \"16000\", \"22050\",\n and \"24000\". The default value for standard voices is \"22050\". The default\n value for neural voices is \"24000\". The default value for long-form voices\n is \"24000\". The default value for generative voices is \"24000\".
\nValid values for pcm are \"8000\" and \"16000\" The default value is\n \"16000\".
" } }, "SpeechMarkTypes": { @@ -2918,7 +2924,7 @@ "SupportedEngines": { "target": "com.amazonaws.polly#EngineList", "traits": { - "smithy.api#documentation": "Specifies which engines (standard, neural or\n long-form) are supported by a given voice.
Specifies which engines (standard, neural,\n long-form or generative) are supported by a given voice.
\n Alias resource records sets only: The value used depends on where\n\t\t\tyou want to route traffic:
\nSpecify the hosted zone ID for your API. You can get the applicable value\n\t\t\t\t\t\tusing the CLI command get-domain-names:
\nFor regional APIs, specify the value of\n\t\t\t\t\t\t\t\t\tregionalHostedZoneId.
For edge-optimized APIs, specify the value of\n\t\t\t\t\t\t\t\t\tdistributionHostedZoneId.
Specify the hosted zone ID for your interface endpoint. You can get the\n\t\t\t\t\t\tvalue of HostedZoneId using the CLI command\n\t\t\t\t\t\t\tdescribe-vpc-endpoints.
Specify Z2FDTNDATAQYW2.
Alias resource record sets for CloudFront can't be created in a\n\t\t\t\t\t\t\tprivate zone.
\nSpecify the hosted zone ID for the region that you created the environment\n\t\t\t\t\t\tin. The environment must have a regionalized subdomain. For a list of\n\t\t\t\t\t\tregions and the corresponding hosted zone IDs, see Elastic Beanstalk endpoints and quotas in the the\n\t\t\t\t\t\t\tAmazon Web Services General Reference.
\nSpecify the value of the hosted zone ID for the load balancer. Use the\n\t\t\t\t\t\tfollowing methods to get the hosted zone ID:
\n\n Elastic Load Balancing endpoints and quotas topic in\n\t\t\t\t\t\t\t\tthe Amazon Web Services General Reference: Use\n\t\t\t\t\t\t\t\tthe value that corresponds with the region that you created your\n\t\t\t\t\t\t\t\tload balancer in. Note that there are separate columns for\n\t\t\t\t\t\t\t\tApplication and Classic Load Balancers and for Network Load\n\t\t\t\t\t\t\t\tBalancers.
\n\n Amazon Web Services Management Console: Go to the\n\t\t\t\t\t\t\t\tAmazon EC2 page, choose Load\n\t\t\t\t\t\t\t\t\tBalancers in the navigation pane, select the load\n\t\t\t\t\t\t\t\tbalancer, and get the value of the Hosted\n\t\t\t\t\t\t\t\t\tzone field on the Description tab.
\n\n Elastic Load Balancing API: Use\n\t\t\t\t\t\t\t\t\tDescribeLoadBalancers to get the applicable value.\n\t\t\t\t\t\t\t\tFor more information, see the applicable guide:
Classic Load Balancers: Use DescribeLoadBalancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneNameId.
Application and Network Load Balancers: Use DescribeLoadBalancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneId.
\n CLI: Use\n\t\t\t\t\t\t\t\t\tdescribe-load-balancers to get the applicable\n\t\t\t\t\t\t\t\tvalue. For more information, see the applicable guide:
Classic Load Balancers: Use describe-load-balancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneNameId.
Application and Network Load Balancers: Use describe-load-balancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneId.
Specify Z2BJ6XQ5FK7U4H.
Specify the hosted zone ID for the region that you created the bucket in.\n\t\t\t\t\t\tFor more information about valid values, see the table Amazon S3\n\t\t\t\t\t\t\tWebsite Endpoints in the Amazon Web Services General\n\t\t\t\t\t\t\tReference.
\nSpecify the hosted zone ID of your hosted zone. (An alias resource record\n\t\t\t\t\t\tset can't reference a resource record set in a different hosted\n\t\t\t\t\t\tzone.)
\n\n Alias resource records sets only: The value used depends on where\n\t\t\tyou want to route traffic:
\nSpecify the hosted zone ID for your API. You can get the applicable value\n\t\t\t\t\t\tusing the CLI command get-domain-names:
\nFor regional APIs, specify the value of\n\t\t\t\t\t\t\t\t\tregionalHostedZoneId.
For edge-optimized APIs, specify the value of\n\t\t\t\t\t\t\t\t\tdistributionHostedZoneId.
Specify the hosted zone ID for your interface endpoint. You can get the\n\t\t\t\t\t\tvalue of HostedZoneId using the CLI command\n\t\t\t\t\t\t\tdescribe-vpc-endpoints.
Specify Z2FDTNDATAQYW2.
Alias resource record sets for CloudFront can't be created in a\n\t\t\t\t\t\t\tprivate zone.
\nSpecify the hosted zone ID for the region that you created the environment in. The\n\t\t\t\t\t\tenvironment must have a regionalized subdomain. For a list of regions and\n\t\t\t\t\t\tthe corresponding hosted zone IDs, see Elastic Beanstalk\n\t\t\t\t\t\t\tendpoints and quotas in the Amazon Web Services\n\t\t\t\t\t\t\tGeneral Reference.
\nSpecify the value of the hosted zone ID for the load balancer. Use the\n\t\t\t\t\t\tfollowing methods to get the hosted zone ID:
\n\n Elastic Load Balancing endpoints and quotas topic in\n\t\t\t\t\t\t\t\tthe Amazon Web Services General Reference: Use\n\t\t\t\t\t\t\t\tthe value that corresponds with the region that you created your\n\t\t\t\t\t\t\t\tload balancer in. Note that there are separate columns for\n\t\t\t\t\t\t\t\tApplication and Classic Load Balancers and for Network Load\n\t\t\t\t\t\t\t\tBalancers.
\n\n Amazon Web Services Management Console: Go to the\n\t\t\t\t\t\t\t\tAmazon EC2 page, choose Load\n\t\t\t\t\t\t\t\t\tBalancers in the navigation pane, select the load\n\t\t\t\t\t\t\t\tbalancer, and get the value of the Hosted\n\t\t\t\t\t\t\t\t\tzone field on the Description tab.
\n\n Elastic Load Balancing API: Use\n\t\t\t\t\t\t\t\t\tDescribeLoadBalancers to get the applicable value.\n\t\t\t\t\t\t\t\tFor more information, see the applicable guide:
Classic Load Balancers: Use DescribeLoadBalancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneNameId.
Application and Network Load Balancers: Use DescribeLoadBalancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneId.
\n CLI: Use\n\t\t\t\t\t\t\t\t\tdescribe-load-balancers to get the applicable\n\t\t\t\t\t\t\t\tvalue. For more information, see the applicable guide:
Classic Load Balancers: Use describe-load-balancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneNameId.
Application and Network Load Balancers: Use describe-load-balancers to get the value of\n\t\t\t\t\t\t\t\t\t\t\tCanonicalHostedZoneId.
Specify Z2BJ6XQ5FK7U4H.
Specify the hosted zone ID for the region that you created the bucket in.\n\t\t\t\t\t\tFor more information about valid values, see the table Amazon S3\n\t\t\t\t\t\t\tWebsite Endpoints in the Amazon Web Services General\n\t\t\t\t\t\t\tReference.
\nSpecify the hosted zone ID of your hosted zone. (An alias resource record\n\t\t\t\t\t\tset can't reference a resource record set in a different hosted\n\t\t\t\t\t\tzone.)
\nCreates, changes, or deletes a resource record set, which contains authoritative DNS\n\t\t\tinformation for a specified domain name or subdomain name. For example, you can use\n\t\t\t\tChangeResourceRecordSets to create a resource record set that routes\n\t\t\ttraffic for test.example.com to a web server that has an IP address of\n\t\t\t192.0.2.44.
\n Deleting Resource Record Sets\n
\nTo delete a resource record set, you must specify all the same values that you\n\t\t\tspecified when you created it.
\n\n Change Batches and Transactional Changes\n
\nThe request body must include a document with a\n\t\t\t\tChangeResourceRecordSetsRequest element. The request body contains a\n\t\t\tlist of change items, known as a change batch. Change batches are considered\n\t\t\ttransactional changes. Route 53 validates the changes in the request and then either\n\t\t\tmakes all or none of the changes in the change batch request. This ensures that DNS\n\t\t\trouting isn't adversely affected by partial changes to the resource record sets in a\n\t\t\thosted zone.
For example, suppose a change batch request contains two changes: it deletes the\n\t\t\t\tCNAME resource record set for www.example.com and creates an alias\n\t\t\tresource record set for www.example.com. If validation for both records succeeds, Route\n\t\t\t53 deletes the first resource record set and creates the second resource record set in a\n\t\t\tsingle operation. If validation for either the DELETE or the\n\t\t\t\tCREATE action fails, then the request is canceled, and the original\n\t\t\t\tCNAME record continues to exist.
If you try to delete the same resource record set more than once in a single\n\t\t\t\tchange batch, Route 53 returns an InvalidChangeBatch error.
\n Traffic Flow\n
\nTo create resource record sets for complex routing configurations, use either the\n\t\t\ttraffic flow visual editor in the Route 53 console or the API actions for traffic\n\t\t\tpolicies and traffic policy instances. Save the configuration as a traffic policy, then\n\t\t\tassociate the traffic policy with one or more domain names (such as example.com) or\n\t\t\tsubdomain names (such as www.example.com), in the same hosted zone or in multiple hosted\n\t\t\tzones. You can roll back the updates if the new configuration isn't performing as\n\t\t\texpected. For more information, see Using Traffic Flow to Route\n\t\t\t\tDNS Traffic in the Amazon Route 53 Developer\n\t\t\tGuide.
\n\n Create, Delete, and Upsert\n
\nUse ChangeResourceRecordsSetsRequest to perform the following\n\t\t\tactions:
\n CREATE: Creates a resource record set that has the specified\n\t\t\t\t\tvalues.
\n DELETE: Deletes an existing resource record set that has the\n\t\t\t\t\tspecified values.
\n UPSERT: If a resource set doesn't exist, Route 53 creates it. If a resource\n\t\t\t\t\tset exists Route 53 updates it with the values in the request.
\n Syntaxes for Creating, Updating, and Deleting Resource Record\n\t\t\t\tSets\n
\nThe syntax for a request depends on the type of resource record set that you want to\n\t\t\tcreate, delete, or update, such as weighted, alias, or failover. The XML elements in\n\t\t\tyour request must appear in the order listed in the syntax.
\nFor an example for each type of resource record set, see \"Examples.\"
\nDon't refer to the syntax in the \"Parameter Syntax\" section, which includes\n\t\t\tall of the elements for every kind of resource record set that you can create, delete,\n\t\t\tor update by using ChangeResourceRecordSets.
\n Change Propagation to Route 53 DNS Servers\n
\nWhen you submit a ChangeResourceRecordSets request, Route 53 propagates your\n\t\t\tchanges to all of the Route 53 authoritative DNS servers managing the hosted zone. While\n\t\t\tyour changes are propagating, GetChange returns a status of\n\t\t\t\tPENDING. When propagation is complete, GetChange returns a\n\t\t\tstatus of INSYNC. Changes generally propagate to all Route 53 name servers\n\t\t\tmanaging the hosted zone within 60 seconds. For more information, see GetChange.
\n Limits on ChangeResourceRecordSets Requests\n
\nFor information about the limits on a ChangeResourceRecordSets request,\n\t\t\tsee Limits in the Amazon Route 53 Developer Guide.
Name of the location that is associated with the CIDR\n\t\t\tcollection.
", + "smithy.api#documentation": "Name of the location that is associated with the CIDR collection.
", "smithy.api#required": {} } }, @@ -2882,6 +3437,12 @@ "traits": { "smithy.api#enumValue": "il-central-1" } + }, + "ca_west_1": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ca-west-1" + } } }, "traits": { @@ -3020,6 +3581,28 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.route53#Coordinates": { + "type": "structure", + "members": { + "Latitude": { + "target": "com.amazonaws.route53#Latitude", + "traits": { + "smithy.api#documentation": "Specifies a coordinate of the north–south position of a geographic point on the surface of\n\t\t\tthe Earth (-90 - 90).
", + "smithy.api#required": {} + } + }, + "Longitude": { + "target": "com.amazonaws.route53#Longitude", + "traits": { + "smithy.api#documentation": "Specifies a coordinate of the east–west position of a geographic point on the surface of\n\t\t\tthe Earth (-180 - 180).
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "\n\t\t\tA complex type that lists the coordinates for a geoproximity resource record.\n\t\t
" + } + }, "com.amazonaws.route53#CreateCidrCollection": { "type": "operation", "input": { @@ -3984,7 +4567,7 @@ } }, "traits": { - "smithy.api#documentation": "A string repesenting the status of DNSSEC signing.
" + "smithy.api#documentation": "A string representing the status of DNSSEC signing.
" } }, "com.amazonaws.route53#DeactivateKeySigningKey": { @@ -5063,7 +5646,7 @@ "CountryCode": { "target": "com.amazonaws.route53#GeoLocationCountryCode", "traits": { - "smithy.api#documentation": "For geolocation resource record sets, the two-letter code for a country.
\nAmazon Route 53 uses the two-letter country codes that are specified in ISO standard 3166-1\n\t\t\t\talpha-2.
\nRoute 53 also supports the contry code UA forr Ukraine.
" + "smithy.api#documentation": "For geolocation resource record sets, the two-letter code for a country.
\nAmazon Route 53 uses the two-letter country codes that are specified in ISO standard 3166-1\n\t\t\t\talpha-2.
\nRoute 53 also supports the country code UA for\n\t\t\tUkraine.
" } }, "SubdivisionCode": { @@ -5184,6 +5767,38 @@ } } }, + "com.amazonaws.route53#GeoProximityLocation": { + "type": "structure", + "members": { + "AWSRegion": { + "target": "com.amazonaws.route53#AWSRegion", + "traits": { + "smithy.api#documentation": "The Amazon Web Services Region the resource you are directing DNS traffic to, is in.
" + } + }, + "LocalZoneGroup": { + "target": "com.amazonaws.route53#LocalZoneGroup", + "traits": { + "smithy.api#documentation": "\n\t\t\tSpecifies an Amazon Web Services Local Zone Group.\n\t\t
\nA local Zone Group is usually the Local Zone code without the ending character. For example, \n\t\t\tif the Local Zone is us-east-1-bue-1a the Local Zone Group is us-east-1-bue-1.
You can identify the Local Zones Group for a specific Local Zone by using the describe-availability-zones CLI command:
\nThis command returns: \"GroupName\": \"us-west-2-den-1\", specifying that the Local Zone us-west-2-den-1a \n\t\t\tbelongs to the Local Zone Group us-west-2-den-1.
Contains the longitude and latitude for a geographic region.
" + } + }, + "Bias": { + "target": "com.amazonaws.route53#Bias", + "traits": { + "smithy.api#documentation": "\n\t\t\tThe bias increases or decreases the size of the geographic region from which Route 53 routes traffic to a resource.\n\t\t
\nTo use Bias to change the size of the geographic region, specify the \n\t\t\tapplicable value for the bias:
To expand the size of the geographic region from which Route 53 routes traffic to a resource, specify a \n\t\t\t\tpositive integer from 1 to 99 for the bias. Route 53 shrinks the size of adjacent regions.
\nTo shrink the size of the geographic region from which Route 53 routes traffic to a resource, specify a \n\t\t\t\tnegative bias of -1 to -99. Route 53 expands the size of adjacent regions.
\n (Resource record sets only): A complex type that lets you specify where your resources are\n\t\t\tlocated. Only one of LocalZoneGroup, Coordinates, or\n\t\t\t\t\tAmazon Web ServicesRegion is allowed per request at a time.
For more information about geoproximity routing, see Geoproximity routing in the\n\t\t\t\t\tAmazon Route 53 Developer Guide.
" + } + }, "com.amazonaws.route53#GetAccountLimit": { "type": "operation", "input": { @@ -5413,7 +6028,7 @@ "Status": { "target": "com.amazonaws.route53#DNSSECStatus", "traits": { - "smithy.api#documentation": "A string repesenting the status of DNSSEC.
", + "smithy.api#documentation": "A string representing the status of DNSSEC.
", "smithy.api#required": {} } }, @@ -5467,7 +6082,7 @@ "CountryCode": { "target": "com.amazonaws.route53#GeoLocationCountryCode", "traits": { - "smithy.api#documentation": "Amazon Route 53 uses the two-letter country codes that are specified in ISO standard 3166-1\n\t\t\t\talpha-2.
\nRoute 53 also supports the contry code UA forr Ukraine.
", + "smithy.api#documentation": "Amazon Route 53 uses the two-letter country codes that are specified in ISO standard 3166-1\n\t\t\t\talpha-2.
\nRoute 53 also supports the country code UA for\n\t\t\tUkraine.
", "smithy.api#httpQuery": "countrycode" } }, @@ -6377,7 +6992,7 @@ "Type": { "target": "com.amazonaws.route53#HealthCheckType", "traits": { - "smithy.api#documentation": "The type of health check that you want to create, which indicates how Amazon Route 53\n\t\t\tdetermines whether an endpoint is healthy.
\nYou can't change the value of Type after you create a health\n\t\t\t\tcheck.
You can create the following types of health checks:
\n\n HTTP: Route 53 tries to establish a TCP\n\t\t\t\t\tconnection. If successful, Route 53 submits an HTTP request and waits for an\n\t\t\t\t\tHTTP status code of 200 or greater and less than 400.
\n\n HTTPS: Route 53 tries to establish a TCP\n\t\t\t\t\tconnection. If successful, Route 53 submits an HTTPS request and waits for an\n\t\t\t\t\tHTTP status code of 200 or greater and less than 400.
\nIf you specify HTTPS for the value of Type, the\n\t\t\t\t\t\tendpoint must support TLS v1.0 or later.
\n HTTP_STR_MATCH: Route 53 tries to establish a\n\t\t\t\t\tTCP connection. If successful, Route 53 submits an HTTP request and searches the\n\t\t\t\t\tfirst 5,120 bytes of the response body for the string that you specify in\n\t\t\t\t\t\tSearchString.
\n HTTPS_STR_MATCH: Route 53 tries to establish\n\t\t\t\t\ta TCP connection. If successful, Route 53 submits an HTTPS request\n\t\t\t\t\tand searches the first 5,120 bytes of the response body for the string that you\n\t\t\t\t\tspecify in SearchString.
\n TCP: Route 53 tries to establish a TCP\n\t\t\t\t\tconnection.
\n\n CLOUDWATCH_METRIC: The health check is\n\t\t\t\t\tassociated with a CloudWatch alarm. If the state of the alarm is\n\t\t\t\t\tOK, the health check is considered healthy. If the state is\n\t\t\t\t\t\tALARM, the health check is considered unhealthy. If CloudWatch\n\t\t\t\t\tdoesn't have sufficient data to determine whether the state is OK\n\t\t\t\t\tor ALARM, the health check status depends on the setting for\n\t\t\t\t\t\tInsufficientDataHealthStatus: Healthy,\n\t\t\t\t\t\tUnhealthy, or LastKnownStatus.
\n CALCULATED: For health checks that monitor\n\t\t\t\t\tthe status of other health checks, Route 53 adds up the number of health checks\n\t\t\t\t\tthat Route 53 health checkers consider to be healthy and compares that number\n\t\t\t\t\twith the value of HealthThreshold.
\n RECOVERY_CONTROL: The health check is\n\t\t\t\t\tassocated with a Route53 Application Recovery Controller routing control. If the\n\t\t\t\t\trouting control state is ON, the health check is considered\n\t\t\t\t\thealthy. If the state is OFF, the health check is considered\n\t\t\t\t\tunhealthy.
For more information, see How Route 53 Determines Whether an Endpoint Is Healthy in the\n\t\t\t\tAmazon Route 53 Developer Guide.
", + "smithy.api#documentation": "The type of health check that you want to create, which indicates how Amazon Route 53\n\t\t\tdetermines whether an endpoint is healthy.
\nYou can't change the value of Type after you create a health\n\t\t\t\tcheck.
You can create the following types of health checks:
\n\n HTTP: Route 53 tries to establish a TCP\n\t\t\t\t\tconnection. If successful, Route 53 submits an HTTP request and waits for an\n\t\t\t\t\tHTTP status code of 200 or greater and less than 400.
\n\n HTTPS: Route 53 tries to establish a TCP\n\t\t\t\t\tconnection. If successful, Route 53 submits an HTTPS request and waits for an\n\t\t\t\t\tHTTP status code of 200 or greater and less than 400.
\nIf you specify HTTPS for the value of Type, the\n\t\t\t\t\t\tendpoint must support TLS v1.0 or later.
\n HTTP_STR_MATCH: Route 53 tries to establish a\n\t\t\t\t\tTCP connection. If successful, Route 53 submits an HTTP request and searches the\n\t\t\t\t\tfirst 5,120 bytes of the response body for the string that you specify in\n\t\t\t\t\t\tSearchString.
\n HTTPS_STR_MATCH: Route 53 tries to establish\n\t\t\t\t\ta TCP connection. If successful, Route 53 submits an HTTPS request\n\t\t\t\t\tand searches the first 5,120 bytes of the response body for the string that you\n\t\t\t\t\tspecify in SearchString.
\n TCP: Route 53 tries to establish a TCP\n\t\t\t\t\tconnection.
\n\n CLOUDWATCH_METRIC: The health check is\n\t\t\t\t\tassociated with a CloudWatch alarm. If the state of the alarm is\n\t\t\t\t\tOK, the health check is considered healthy. If the state is\n\t\t\t\t\t\tALARM, the health check is considered unhealthy. If CloudWatch\n\t\t\t\t\tdoesn't have sufficient data to determine whether the state is OK\n\t\t\t\t\tor ALARM, the health check status depends on the setting for\n\t\t\t\t\t\tInsufficientDataHealthStatus: Healthy,\n\t\t\t\t\t\tUnhealthy, or LastKnownStatus.
\n CALCULATED: For health checks that monitor\n\t\t\t\t\tthe status of other health checks, Route 53 adds up the number of health checks\n\t\t\t\t\tthat Route 53 health checkers consider to be healthy and compares that number\n\t\t\t\t\twith the value of HealthThreshold.
\n RECOVERY_CONTROL: The health check is associated with a\n\t\t\t\t\tRoute53 Application Recovery Controller routing control. If the routing control\n\t\t\t\t\tstate is ON, the health check is considered healthy. If the state\n\t\t\t\t\tis OFF, the health check is considered unhealthy.
For more information, see How Route 53 Determines Whether an Endpoint Is Healthy in the\n\t\t\t\tAmazon Route 53 Developer Guide.
", "smithy.api#required": {} } }, @@ -7400,6 +8015,16 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.route53#Latitude": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 6 + }, + "smithy.api#pattern": "^[-+]?[0-9]{1,2}(\\.[0-9]{0,2})?$" + } + }, "com.amazonaws.route53#LimitValue": { "type": "long", "traits": { @@ -7734,7 +8359,7 @@ "MaxItems": { "target": "smithy.api#Integer", "traits": { - "smithy.api#documentation": "(Optional) The maximum number of geolocations to be included in the response body for\n\t\t\tthis request. If more than maxitems geolocations remain to be listed, then\n\t\t\tthe value of the IsTruncated element in the response is\n\t\t\ttrue.
(Optional) The maximum number of geolocations to be included in the response body for this\n\t\t\trequest. If more than maxitems geolocations remain to be listed, then the\n\t\t\tvalue of the IsTruncated element in the response is\n\t\t\ttrue.
A complex type that contains information about the CIDR location.
" } }, + "com.amazonaws.route53#Longitude": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 7 + }, + "smithy.api#pattern": "^[-+]?[0-9]{1,3}(\\.[0-9]{0,2})?$" + } + }, "com.amazonaws.route53#MeasureLatency": { "type": "boolean" }, @@ -9868,7 +10512,7 @@ "Name": { "target": "com.amazonaws.route53#DNSName", "traits": { - "smithy.api#documentation": "For ChangeResourceRecordSets requests, the name of the record that you\n\t\t\twant to create, update, or delete. For ListResourceRecordSets responses,\n\t\t\tthe name of a record in the specified hosted zone.
\n ChangeResourceRecordSets Only\n
\nEnter a fully qualified domain name, for example, www.example.com. You\n\t\t\tcan optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53\n\t\t\tassumes that the domain name that you specify is fully qualified. This means that Route\n\t\t\t53 treats www.example.com (without a trailing dot) and\n\t\t\t\twww.example.com. (with a trailing dot) as identical.
For information about how to specify characters other than a-z,\n\t\t\t\t0-9, and - (hyphen) and how to specify internationalized\n\t\t\tdomain names, see DNS Domain Name\n\t\t\t\tFormat in the Amazon Route 53 Developer Guide.
You can use the asterisk (*) wildcard to replace the leftmost label in a domain name,\n\t\t\tfor example, *.example.com. Note the following:
The * must replace the entire label. For example, you can't specify\n\t\t\t\t\t\t*prod.example.com or prod*.example.com.
The * can't replace any of the middle labels, for example,\n\t\t\t\t\tmarketing.*.example.com.
\nIf you include * in any position other than the leftmost label in a domain\n\t\t\t\t\tname, DNS treats it as an * character (ASCII 42), not as a wildcard.
\nYou can't use the * wildcard for resource records sets that have a type of\n\t\t\t\t\t\tNS.
\nYou can use the * wildcard as the leftmost label in a domain name, for example,\n\t\t\t\t*.example.com. You can't use an * for one of the middle labels, for\n\t\t\texample, marketing.*.example.com. In addition, the * must replace the\n\t\t\tentire label; for example, you can't specify prod*.example.com.
For ChangeResourceRecordSets requests, the name of the record that you\n\t\t\twant to create, update, or delete. For ListResourceRecordSets responses,\n\t\t\tthe name of a record in the specified hosted zone.
\n ChangeResourceRecordSets Only\n
\nEnter a fully qualified domain name, for example, www.example.com. You\n\t\t\tcan optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53\n\t\t\tassumes that the domain name that you specify is fully qualified. This means that Route\n\t\t\t53 treats www.example.com (without a trailing dot) and\n\t\t\t\twww.example.com. (with a trailing dot) as identical.
For information about how to specify characters other than a-z,\n\t\t\t\t0-9, and - (hyphen) and how to specify internationalized\n\t\t\tdomain names, see DNS Domain Name\n\t\t\t\tFormat in the Amazon Route 53 Developer Guide.
You can use the asterisk (*) wildcard to replace the leftmost label in a domain name,\n\t\t\tfor example, *.example.com. Note the following:
The * must replace the entire label. For example, you can't specify\n\t\t\t\t\t\t*prod.example.com or prod*.example.com.
The * can't replace any of the middle labels, for example,\n\t\t\t\t\tmarketing.*.example.com.
\nIf you include * in any position other than the leftmost label in a domain\n\t\t\t\t\tname, DNS treats it as an * character (ASCII 42), not as a wildcard.
\nYou can't use the * wildcard for resource records sets that have a type of\n\t\t\t\t\t\tNS.
\n\n Geolocation resource record sets only: A complex type that lets\n\t\t\tyou control how Amazon Route 53 responds to DNS queries based on the geographic origin\n\t\t\tof the query. For example, if you want all queries from Africa to be routed to a web\n\t\t\tserver with an IP address of 192.0.2.111, create a resource record set with\n\t\t\ta Type of A and a ContinentCode of\n\t\t\t\tAF.
Although creating geolocation and geolocation alias resource record sets in a\n\t\t\t\tprivate hosted zone is allowed, it's not supported.
\nIf you create separate resource record sets for overlapping geographic regions (for\n\t\t\texample, one resource record set for a continent and one for a country on the same\n\t\t\tcontinent), priority goes to the smallest geographic region. This allows you to route\n\t\t\tmost queries for a continent to one resource and to route queries for a country on that\n\t\t\tcontinent to a different resource.
\nYou can't create two geolocation resource record sets that specify the same geographic\n\t\t\tlocation.
\nThe value * in the CountryCode element matches all\n\t\t\tgeographic locations that aren't specified in other geolocation resource record sets\n\t\t\tthat have the same values for the Name and Type\n\t\t\telements.
Geolocation works by mapping IP addresses to locations. However, some IP addresses\n\t\t\t\taren't mapped to geographic locations, so even if you create geolocation resource\n\t\t\t\trecord sets that cover all seven continents, Route 53 will receive some DNS queries\n\t\t\t\tfrom locations that it can't identify. We recommend that you create a resource\n\t\t\t\trecord set for which the value of CountryCode is *. Two\n\t\t\t\tgroups of queries are routed to the resource that you specify in this record:\n\t\t\t\tqueries that come from locations for which you haven't created geolocation resource\n\t\t\t\trecord sets and queries from IP addresses that aren't mapped to a location. If you\n\t\t\t\tdon't create a * resource record set, Route 53 returns a \"no answer\"\n\t\t\t\tresponse for queries from those locations.
You can't create non-geolocation resource record sets that have the same values for\n\t\t\tthe Name and Type elements as geolocation resource record\n\t\t\tsets.
\n Geolocation resource record sets only: A complex type that lets you\n\t\t\tcontrol how Amazon Route 53 responds to DNS queries based on the geographic origin of\n\t\t\tthe query. For example, if you want all queries from Africa to be routed to a web server\n\t\t\twith an IP address of 192.0.2.111, create a resource record set with a\n\t\t\t\tType of A and a ContinentCode of\n\t\t\t\tAF.
If you create separate resource record sets for overlapping geographic regions (for\n\t\t\texample, one resource record set for a continent and one for a country on the same\n\t\t\tcontinent), priority goes to the smallest geographic region. This allows you to route\n\t\t\tmost queries for a continent to one resource and to route queries for a country on that\n\t\t\tcontinent to a different resource.
\nYou can't create two geolocation resource record sets that specify the same geographic\n\t\t\tlocation.
\nThe value * in the CountryCode element matches all\n\t\t\tgeographic locations that aren't specified in other geolocation resource record sets\n\t\t\tthat have the same values for the Name and Type\n\t\t\telements.
Geolocation works by mapping IP addresses to locations. However, some IP addresses\n\t\t\t\taren't mapped to geographic locations, so even if you create geolocation resource\n\t\t\t\trecord sets that cover all seven continents, Route 53 will receive some DNS queries\n\t\t\t\tfrom locations that it can't identify. We recommend that you create a resource\n\t\t\t\trecord set for which the value of CountryCode is *. Two\n\t\t\t\tgroups of queries are routed to the resource that you specify in this record:\n\t\t\t\tqueries that come from locations for which you haven't created geolocation resource\n\t\t\t\trecord sets and queries from IP addresses that aren't mapped to a location. If you\n\t\t\t\tdon't create a * resource record set, Route 53 returns a \"no answer\"\n\t\t\t\tresponse for queries from those locations.
You can't create non-geolocation resource record sets that have the same values for\n\t\t\tthe Name and Type elements as geolocation resource record\n\t\t\tsets.
\n GeoproximityLocation resource record sets only: A complex type that lets you control how\n\t\t\t\tRoute 53 responds to DNS queries based on the geographic origin of the\n\t\t\tquery and your resources.
" + } } }, "traits": { @@ -10164,6 +10814,12 @@ "traits": { "smithy.api#enumValue": "il-central-1" } + }, + "ca_west_1": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ca-west-1" + } } }, "traits": { @@ -11184,7 +11840,7 @@ "FullyQualifiedDomainName": { "target": "com.amazonaws.route53#FullyQualifiedDomainName", "traits": { - "smithy.api#documentation": "Amazon Route 53 behavior depends on whether you specify a value for\n\t\t\t\tIPAddress.
If a health check already has a value for IPAddress, you can change\n\t\t\t\tthe value. However, you can't update an existing health check to add or remove the\n\t\t\t\tvalue of IPAddress.
\n If you specify a value for\n IPAddress:
Route 53 sends health check requests to the specified IPv4 or IPv6 address and passes\n\t\t\tthe value of FullyQualifiedDomainName in the Host header for\n\t\t\tall health checks except TCP health checks. This is typically the fully qualified DNS\n\t\t\tname of the endpoint on which you want Route 53 to perform health checks.
When Route 53 checks the health of an endpoint, here is how it constructs the\n\t\t\t\tHost header:
If you specify a value of 80 for Port and\n\t\t\t\t\t\tHTTP or HTTP_STR_MATCH for Type,\n\t\t\t\t\tRoute 53 passes the value of FullyQualifiedDomainName to the\n\t\t\t\t\tendpoint in the Host header.
If you specify a value of 443 for Port and\n\t\t\t\t\t\tHTTPS or HTTPS_STR_MATCH for Type,\n\t\t\t\t\tRoute 53 passes the value of FullyQualifiedDomainName to the\n\t\t\t\t\tendpoint in the Host header.
If you specify another value for Port and any value except\n\t\t\t\t\t\tTCP for Type, Route 53 passes\n\t\t\t\t\t\t\t\n FullyQualifiedDomainName:Port\n \n\t\t\t\t\tto the endpoint in the Host header.
If you don't specify a value for FullyQualifiedDomainName, Route 53\n\t\t\tsubstitutes the value of IPAddress in the Host header in each\n\t\t\tof the above cases.
\n If you don't specify a value for\n IPAddress:
If you don't specify a value for IPAddress, Route 53 sends a DNS request\n\t\t\tto the domain that you specify in FullyQualifiedDomainName at the interval\n\t\t\tyou specify in RequestInterval. Using an IPv4 address that is returned by\n\t\t\tDNS, Route 53 then checks the health of the endpoint.
If you don't specify a value for IPAddress, Route 53 uses only IPv4\n\t\t\t\tto send health checks to the endpoint. If there's no resource record set with a type\n\t\t\t\tof A for the name that you specify for FullyQualifiedDomainName, the\n\t\t\t\thealth check fails with a \"DNS resolution failed\" error.
If you want to check the health of weighted, latency, or failover resource record sets\n\t\t\tand you choose to specify the endpoint only by FullyQualifiedDomainName, we\n\t\t\trecommend that you create a separate health check for each endpoint. For example, create\n\t\t\ta health check for each HTTP server that is serving content for www.example.com. For the\n\t\t\tvalue of FullyQualifiedDomainName, specify the domain name of the server\n\t\t\t(such as us-east-2-www.example.com), not the name of the resource record\n\t\t\tsets (www.example.com).
In this configuration, if the value of FullyQualifiedDomainName\n\t\t\t\tmatches the name of the resource record sets and you then associate the health check\n\t\t\t\twith those resource record sets, health check results will be unpredictable.
In addition, if the value of Type is HTTP,\n\t\t\t\tHTTPS, HTTP_STR_MATCH, or HTTPS_STR_MATCH,\n\t\t\tRoute 53 passes the value of FullyQualifiedDomainName in the\n\t\t\t\tHost header, as it does when you specify a value for\n\t\t\t\tIPAddress. If the value of Type is TCP, Route\n\t\t\t53 doesn't pass a Host header.
Amazon Route 53 behavior depends on whether you specify a value for\n\t\t\t\tIPAddress.
If a health check already has a value for IPAddress, you can change\n\t\t\t\tthe value. However, you can't update an existing health check to add or remove the\n\t\t\t\tvalue of IPAddress.
\n If you specify a value for\n IPAddress:
Route 53 sends health check requests to the specified IPv4 or IPv6 address and passes\n\t\t\tthe value of FullyQualifiedDomainName in the Host header for\n\t\t\tall health checks except TCP health checks. This is typically the fully qualified DNS\n\t\t\tname of the endpoint on which you want Route 53 to perform health checks.
When Route 53 checks the health of an endpoint, here is how it constructs the\n\t\t\t\tHost header:
If you specify a value of 80 for Port and\n\t\t\t\t\t\tHTTP or HTTP_STR_MATCH for Type,\n\t\t\t\t\tRoute 53 passes the value of FullyQualifiedDomainName to the\n\t\t\t\t\tendpoint in the Host header.
If you specify a value of 443 for Port and\n\t\t\t\t\t\tHTTPS or HTTPS_STR_MATCH for Type,\n\t\t\t\t\tRoute 53 passes the value of FullyQualifiedDomainName to the\n\t\t\t\t\tendpoint in the Host header.
If you specify another value for Port and any value except\n\t\t\t\t\t\tTCP for Type, Route 53 passes\n\t\t\t\t\t\t\t\n FullyQualifiedDomainName:Port\n \n\t\t\t\t\tto the endpoint in the Host header.
If you don't specify a value for FullyQualifiedDomainName, Route 53\n\t\t\tsubstitutes the value of IPAddress in the Host header in each\n\t\t\tof the above cases.
\n If you don't specify a value for\n IPAddress:
If you don't specify a value for IPAddress, Route 53 sends a DNS request\n\t\t\tto the domain that you specify in FullyQualifiedDomainName at the interval\n\t\t\tyou specify in RequestInterval. Using an IPv4 address that is returned by\n\t\t\tDNS, Route 53 then checks the health of the endpoint.
If you don't specify a value for IPAddress, you can’t update the health check to remove the FullyQualifiedDomainName; if you don’t specify a value for IPAddress on creation, a \n\t\t\tFullyQualifiedDomainName is required.
If you don't specify a value for IPAddress, Route 53 uses only IPv4\n\t\t\t\tto send health checks to the endpoint. If there's no resource record set with a type\n\t\t\t\tof A for the name that you specify for FullyQualifiedDomainName, the\n\t\t\t\thealth check fails with a \"DNS resolution failed\" error.
If you want to check the health of weighted, latency, or failover resource record sets\n\t\t\tand you choose to specify the endpoint only by FullyQualifiedDomainName, we\n\t\t\trecommend that you create a separate health check for each endpoint. For example, create\n\t\t\ta health check for each HTTP server that is serving content for www.example.com. For the\n\t\t\tvalue of FullyQualifiedDomainName, specify the domain name of the server\n\t\t\t(such as us-east-2-www.example.com), not the name of the resource record\n\t\t\tsets (www.example.com).
In this configuration, if the value of FullyQualifiedDomainName\n\t\t\t\tmatches the name of the resource record sets and you then associate the health check\n\t\t\t\twith those resource record sets, health check results will be unpredictable.
In addition, if the value of Type is HTTP,\n\t\t\t\tHTTPS, HTTP_STR_MATCH, or HTTPS_STR_MATCH,\n\t\t\tRoute 53 passes the value of FullyQualifiedDomainName in the\n\t\t\t\tHost header, as it does when you specify a value for\n\t\t\t\tIPAddress. If the value of Type is TCP, Route\n\t\t\t53 doesn't pass a Host header.
This action creates an Amazon S3 bucket. To create an Amazon S3 on Outposts bucket, see \n CreateBucket\n .
Creates a new S3 bucket. To create a bucket, you must set up Amazon S3 and have a\n valid Amazon Web Services Access Key ID to authenticate requests. Anonymous requests are never allowed to\n create buckets. By creating the bucket, you become the bucket owner.
\nThere are two types of buckets: general purpose buckets and directory buckets. For more\n information about these bucket types, see Creating, configuring, and\n working with Amazon S3 buckets in the Amazon S3 User Guide.
\n\n General purpose buckets - If you send your CreateBucket request to the s3.amazonaws.com global endpoint,\n the request goes to the us-east-1 Region. So the signature\n calculations in Signature Version 4 must use us-east-1 as the Region, even\n if the location constraint in the request specifies another Region where the bucket is\n to be created. If you create a bucket in a Region other than US East (N. Virginia), your\n application must be able to handle 307 redirect. For more information, see Virtual hosting of\n buckets in the Amazon S3 User Guide.
\n Directory buckets - For directory buckets, you must make requests for this API operation to the Regional endpoint. These endpoints support path-style requests in the format https://s3express-control.region_code.amazonaws.com/bucket-name\n . Virtual-hosted-style requests aren't supported. \nFor more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
\n General purpose bucket permissions - In addition to the s3:CreateBucket permission, the following permissions are\n required in a policy when your CreateBucket request includes specific\n headers:
\n Access control lists (ACLs) - In your CreateBucket request, if you specify an access control list (ACL) \n and set it to public-read, public-read-write,\n authenticated-read, or if you explicitly specify any other custom ACLs, both s3:CreateBucket and\n s3:PutBucketAcl permissions are required. In your CreateBucket request, if you set the ACL to private, \n or if you don't specify any ACLs, only the s3:CreateBucket permission is required.\n
\n Object Lock - In your\n CreateBucket request, if you set \n x-amz-bucket-object-lock-enabled to true, the \n s3:PutBucketObjectLockConfiguration and\n s3:PutBucketVersioning permissions are required.
\n S3 Object Ownership - If your\n CreateBucket request includes the\n x-amz-object-ownership header, then the\n s3:PutBucketOwnershipControls permission is required.
To set an ACL on a bucket as part of a\n CreateBucket request, you must explicitly set S3\n Object Ownership for the bucket to a different value than the\n default, BucketOwnerEnforced. Additionally, if your\n desired bucket ACL grants public access, you must first create the\n bucket (without the bucket ACL) and then explicitly disable Block\n Public Access on the bucket before using PutBucketAcl\n to set the ACL. If you try to create a bucket with a public ACL,\n the request will fail.
For the majority of modern use cases in S3, we recommend\n that you keep all Block Public Access settings enabled and keep\n ACLs disabled. If you would like to share data with users outside\n of your account, you can use bucket policies as needed. For more\n information, see Controlling ownership of objects and disabling ACLs for your\n bucket and Blocking public access to your Amazon S3 storage in\n the Amazon S3 User Guide.
\n\n S3 Block Public Access - If your\n specific use case requires granting public access to your S3 resources, you\n can disable Block Public Access. Specifically, you can create a new bucket with Block\n Public Access enabled, then separately call the \n DeletePublicAccessBlock\n API. To use this operation, you must have the\n s3:PutBucketPublicAccessBlock permission. For more information about S3 Block Public\n Access, see Blocking\n public access to your Amazon S3 storage in the\n Amazon S3 User Guide.
\n Directory bucket permissions - You must have the s3express:CreateBucket permission in an IAM identity-based policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can only be performed by the Amazon Web Services account that owns the resource. For more information about directory bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One Zone in the Amazon S3 User Guide.
The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for directory buckets. \n For directory buckets, all Block Public Access settings are enabled at the bucket level and S3 \n Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified.\n
\nFor more information about permissions for creating and working with \n directory buckets, see Directory buckets in the Amazon S3 User Guide. \n For more information about supported S3 features for directory buckets, see Features of S3 Express One Zone in the Amazon S3 User Guide.
\n\n Directory buckets - The HTTP Host header syntax is s3express-control.region.amazonaws.com.
The following operations are related to CreateBucket:
\n PutObject\n
\n\n DeleteBucket\n
\nThis operation is not supported by directory buckets.
\nRemoves the entire tag set from the specified object. For more information about\n managing object tags, see Object Tagging.
\nTo use this operation, you must have permission to perform the\n s3:DeleteObjectTagging action.
To delete tags of a specific object version, add the versionId query\n parameter in the request. You will need permission for the\n s3:DeleteObjectVersionTagging action.
The following operations are related to DeleteObjectTagging:
\n PutObjectTagging\n
\n\n GetObjectTagging\n
\nThis operation is not supported by directory buckets.
\nReturns the tag-set of an object. You send the GET request against the tagging\n subresource associated with the object.
\nTo use this operation, you must have permission to perform the\n s3:GetObjectTagging action. By default, the GET action returns information\n about current version of an object. For a versioned bucket, you can have multiple versions\n of an object in your bucket. To retrieve tags of any other version, use the versionId query\n parameter. You also need permission for the s3:GetObjectVersionTagging\n action.
By default, the bucket owner has this permission and can grant this permission to\n others.
\nFor information about the Amazon S3 object tagging feature, see Object Tagging.
\nThe following actions are related to GetObjectTagging:
\n DeleteObjectTagging\n
\n\n GetObjectAttributes\n
\n\n PutObjectTagging\n
\nAdds an object to a bucket.
\nAmazon S3 never adds partial objects; if you receive a success response, Amazon S3 added the\n entire object to the bucket. You cannot use PutObject to only update a\n single piece of metadata for an existing object. You must put the entire object with\n updated metadata if you want to update some values.
If your bucket uses the bucket owner enforced setting for Object Ownership, ACLs are disabled and no longer affect permissions. All\n objects written to the bucket by any account will be owned by the bucket owner.
\n\n Directory buckets - For directory buckets, you must make requests for this API operation to the Zonal endpoint. These endpoints support virtual-hosted-style requests in the format https://bucket_name.s3express-az_id.region.amazonaws.com/key-name\n . Path-style requests are not supported. For more information, see Regional and Zonal endpoints in the\n Amazon S3 User Guide.
Amazon S3 is a distributed system. If it receives multiple write requests for the same object\n simultaneously, it overwrites all but the last object written. However, Amazon S3 provides features that can modify this behavior:
\n\n S3 Object Lock - To prevent objects from\n being deleted or overwritten, you can use Amazon S3 Object\n Lock in the Amazon S3 User Guide.
\nThis functionality is not supported for directory buckets.
\n\n S3 Versioning - When you enable\n versioning for a bucket, if Amazon S3 receives multiple write requests for the same object\n simultaneously, it stores all versions of the objects. For each write request that is made to the same object, Amazon S3 automatically generates a unique version ID\n of that object being stored in Amazon S3. \n You can retrieve, replace, or delete any version of the object. For more information about versioning, see\n Adding Objects to\n Versioning-Enabled Buckets in the Amazon S3\n User Guide. For information about returning the versioning state\n of a bucket, see GetBucketVersioning.
\nThis functionality is not supported for directory buckets.
\n\n General purpose bucket permissions - The following permissions are required in your policies when your \n PutObject request includes specific headers.
\n \n s3:PutObject\n - To successfully complete the PutObject request, you must always have the s3:PutObject permission on a bucket to add an object\n to it.
\n \n s3:PutObjectAcl\n - To successfully change the objects ACL of your PutObject request, you must have the s3:PutObjectAcl.
\n \n s3:PutObjectTagging\n - To successfully set the tag-set with your PutObject request, you\n must have the s3:PutObjectTagging.
\n Directory bucket permissions - To grant access to this API operation on a directory bucket, we recommend that you use the \n CreateSession\n API operation for session-based authorization. Specifically, you grant the s3express:CreateSession permission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make the CreateSession API call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make another CreateSession API call to generate a new session token for use. \nAmazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, see \n CreateSession\n .
\n General purpose bucket - To ensure that data is not corrupted traversing the network, use the\n Content-MD5 header. When you use this header, Amazon S3 checks the object\n against the provided MD5 value and, if they do not match, Amazon S3 returns an error. Alternatively, when the object's ETag is its MD5 digest, \n you can calculate the MD5 while putting the object to Amazon S3 and compare the returned ETag to\n the calculated MD5 value.
\n Directory bucket - This functionality is not supported for directory buckets.
\n\n Directory buckets - The HTTP Host header syntax is \n Bucket_name.s3express-az_id.region.amazonaws.com.
For more information about related Amazon S3 APIs, see the following:
\n\n CopyObject\n
\n\n DeleteObject\n
\nA container for information about access control for replicas.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe S3SubPrefix is appended to the location scope creating the grant scope. Use this field to narrow the scope of the grant to a subset of the location scope. This field is required if the location scope is the default location s3:// because you cannot create a grant for all of your S3 data in the Region and must narrow the scope. For example, if the location scope is the default location s3://, the S3SubPrefx can be a s3://. Or the S3SubPrefx can be s3://.
If the S3SubPrefix includes a prefix, append the wildcard character * after the prefix to indicate that you want to include all object key names in the bucket that start with that prefix.
The configuration options of the S3 Access Grants location. It contains the S3SubPrefix field. The grant scope, the data to which you are granting access, is the result of appending the Subprefix field to the scope of the registered location.
A container for S3 Storage Lens activity metrics.
" + "smithy.api#documentation": "A container element for S3 Storage Lens activity metrics.
" } }, "BucketLevel": { "target": "com.amazonaws.s3control#BucketLevel", "traits": { - "smithy.api#documentation": "A container for the S3 Storage Lens bucket-level configuration.
", + "smithy.api#documentation": "A container element for the S3 Storage Lens bucket-level configuration.
", "smithy.api#required": {} } }, "AdvancedCostOptimizationMetrics": { "target": "com.amazonaws.s3control#AdvancedCostOptimizationMetrics", "traits": { - "smithy.api#documentation": "A container for S3 Storage Lens advanced cost-optimization metrics.
" + "smithy.api#documentation": "A container element for S3 Storage Lens advanced cost-optimization metrics.
" } }, "AdvancedDataProtectionMetrics": { "target": "com.amazonaws.s3control#AdvancedDataProtectionMetrics", "traits": { - "smithy.api#documentation": "A container for S3 Storage Lens advanced data-protection metrics.
" + "smithy.api#documentation": "A container element for S3 Storage Lens advanced data-protection metrics.
" } }, "DetailedStatusCodesMetrics": { "target": "com.amazonaws.s3control#DetailedStatusCodesMetrics", "traits": { - "smithy.api#documentation": "A container for detailed status code metrics.
" + "smithy.api#documentation": "A container element for detailed status code metrics.
" + } + }, + "StorageLensGroupLevel": { + "target": "com.amazonaws.s3control#StorageLensGroupLevel", + "traits": { + "smithy.api#documentation": "\nA container element for S3 Storage Lens groups metrics.\n
" } } }, "traits": { - "smithy.api#documentation": "A container for the account-level Amazon S3 Storage Lens configuration.
\nFor more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" + "smithy.api#documentation": "A container element for the account-level Amazon S3 Storage Lens configuration.
\nFor more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" } }, "com.amazonaws.s3control#ActivityMetrics": { @@ -6170,6 +6367,59 @@ "smithy.api#pattern": "^[0-9a-z\\\\-]{63}$" } }, + "com.amazonaws.s3control#AssociateAccessGrantsIdentityCenter": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#AssociateAccessGrantsIdentityCenterRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, + "traits": { + "smithy.api#documentation": "Associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance. Use this action if you want to create access grants for users or groups from your corporate identity directory. First, you must add your corporate identity directory to Amazon Web Services IAM Identity Center. Then, you can associate this IAM Identity Center instance with your S3 Access Grants instance.
\nYou must have the s3:AssociateAccessGrantsIdentityCenter permission to use this operation.
You must also have the following permissions: sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod.
The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "IdentityCenterArn": { + "target": "com.amazonaws.s3control#IdentityCenterArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, "com.amazonaws.s3control#AsyncCreationTimestamp": { "type": "timestamp" }, @@ -6616,49 +6866,25 @@ "com.amazonaws.s3control#ContinuationToken": { "type": "string" }, - "com.amazonaws.s3control#CreateAccessPoint": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#CreateAccessPointRequest" - }, - "output": { - "target": "com.amazonaws.s3control#CreateAccessPointResult" - }, - "traits": { - "smithy.api#documentation": "Creates an access point and associates it with the specified bucket. For more information, see\n Managing\n Data Access with Amazon S3 Access Points in the\n Amazon S3 User Guide.
\n \nS3 on Outposts only supports VPC-style access points.
\nFor more information, see Accessing Amazon S3 on Outposts using\n virtual private cloud (VPC) only access points in the\n Amazon S3 User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint:
\n GetAccessPoint\n
\n\n DeleteAccessPoint\n
\n\n ListAccessPoints\n
\nCreates an Object Lambda Access Point. For more information, see Transforming objects with\n Object Lambda Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n CreateAccessPointForObjectLambda:
Creates an access grant that gives a grantee access to your S3 data. The grantee can be an IAM user or role or a directory user, or group. Before you can create a grant, you must have an S3 Access Grants instance in the same Region as the S3 data. You can create an S3 Access Grants instance using the CreateAccessGrantsInstance. You must also have registered at least one S3 data location in your S3 Access Grants instance using CreateAccessGrantsLocation.
\nYou must have the s3:CreateAccessGrant permission to use this operation.
For any directory identity - sso:DescribeInstance and sso:DescribeApplication\n
For directory users - identitystore:DescribeUser\n
For directory groups - identitystore:DescribeGroup\n
The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -6681,115 +6907,111 @@ } } }, - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", "traits": { - "smithy.api#documentation": "The name you want to assign to this Object Lambda Access Point.
", - "smithy.api#httpLabel": {}, + "smithy.api#documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.
Object Lambda Access Point configuration as a JSON document.
", + "smithy.api#documentation": "The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access. It contains the S3SubPrefix field. The grant scope is the result of appending the subprefix to the location scope of the registered location.
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
", + "smithy.api#required": {} + } + }, + "Permission": { + "target": "com.amazonaws.s3control#Permission", + "traits": { + "smithy.api#documentation": "The type of access that you are granting to your S3 data, which can be set to one of the following values:
\n\n READ – Grant read-only access to the S3 data.
\n WRITE – Grant write-only access to the S3 data.
\n READWRITE – Grant both read and write access to the S3 data.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If an application ARN is included in the request to create an access grant, the grantee can only access the S3 data through this application.
" + } + }, + "S3PrefixType": { + "target": "com.amazonaws.s3control#S3PrefixType", + "traits": { + "smithy.api#documentation": "The type of S3SubPrefix. The only possible value is Object. Pass this value if the access grant scope is an object. Do not pass this value if the access grant scope is a bucket or a bucket and a prefix.
The Amazon Web Services resource tags that you are adding to the access grant. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
" + } } }, "traits": { "smithy.api#input": {} } }, - "com.amazonaws.s3control#CreateAccessPointForObjectLambdaResult": { + "com.amazonaws.s3control#CreateAccessGrantResult": { "type": "structure", "members": { - "ObjectLambdaAccessPointArn": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointArn", + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", "traits": { - "smithy.api#documentation": "Specifies the ARN for the Object Lambda Access Point.
" + "smithy.api#documentation": "The date and time when you created the access grant.
" } }, - "Alias": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointAlias", + "AccessGrantId": { + "target": "com.amazonaws.s3control#AccessGrantId", "traits": { - "smithy.api#documentation": "The alias of the Object Lambda Access Point.
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.s3control#CreateAccessPointRequest": { - "type": "structure", - "members": { - "AccountId": { - "target": "com.amazonaws.s3control#AccountId", - "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID for the account that owns the specified access point.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
" } }, - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", + "AccessGrantArn": { + "target": "com.amazonaws.s3control#AccessGrantArn", "traits": { - "smithy.api#documentation": "The name you want to assign to this access point.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the access grant.
" } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "Grantee": { + "target": "com.amazonaws.s3control#Grantee", "traits": { - "smithy.api#documentation": "The name of the bucket that you want to associate this access point with.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" } }, - "VpcConfiguration": { - "target": "com.amazonaws.s3control#VpcConfiguration", + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", "traits": { - "smithy.api#documentation": "If you include this field, Amazon S3 restricts access to this access point to requests from the\n specified virtual private cloud (VPC).
\nThis is required for creating an access point for Amazon S3 on Outposts buckets.
\nThe ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The PublicAccessBlock configuration that you want to apply to the access point.\n
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
" } }, - "BucketAccountId": { - "target": "com.amazonaws.s3control#AccountId", + "Permission": { + "target": "com.amazonaws.s3control#Permission", "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
" + "smithy.api#documentation": "The type of access that you are granting to your S3 data, which can be set to one of the following values:
\n\n READ – Grant read-only access to the S3 data.
\n WRITE – Grant write-only access to the S3 data.
\n READWRITE – Grant both read and write access to the S3 data.
The ARN of the access point.
\nThis is only supported by Amazon S3 on Outposts.
\nThe Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" } }, - "Alias": { - "target": "com.amazonaws.s3control#Alias", + "GrantScope": { + "target": "com.amazonaws.s3control#S3Prefix", "traits": { - "smithy.api#documentation": "The name or alias of the access point.
" + "smithy.api#documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create\n Bucket in the Amazon S3 API Reference.
\nCreates a new Outposts bucket. By creating the bucket, you become the bucket owner. To\n create an Outposts bucket, you must have S3 on Outposts. For more information, see Using\n Amazon S3 on Outposts in Amazon S3 User Guide.
\nNot every string is an acceptable bucket name. For information on bucket naming\n restrictions, see Working with\n Amazon S3 Buckets.
\nS3 on Outposts buckets support:
\nTags
\nLifecycleConfigurations for deleting expired objects
\nFor a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see\n \n Amazon S3 on Outposts Restrictions and Limitations.
\nFor an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts\n endpoint hostname prefix and x-amz-outpost-id in your API request, see the\n Examples section.
The following actions are related to CreateBucket for\n Amazon S3 on Outposts:
\n PutObject\n
\n\n GetBucket\n
\n\n DeleteBucket\n
\n\n CreateAccessPoint\n
\n\n PutAccessPointPolicy\n
\nCreates an S3 Access Grants instance, which serves as a logical grouping for access grants. You can create one S3 Access Grants instance per Region per account.
\nYou must have the s3:CreateAccessGrantsInstance permission to use this operation.
To associate an IAM Identity Center instance with your S3 Access Grants instance, you must also have the sso:DescribeInstance, sso:CreateApplication, sso:PutApplicationGrant, and sso:PutApplicationAuthenticationMethod permissions.
Specifies the Region where the bucket will be created. If you are creating a bucket on\n the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe container for the bucket configuration.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe canned ACL to apply to the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe name of the bucket.
", - "smithy.api#httpLabel": {}, + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, "smithy.rules#contextParam": { - "name": "Bucket" + "name": "AccountId" } } }, - "CreateBucketConfiguration": { - "target": "com.amazonaws.s3control#CreateBucketConfiguration", - "traits": { - "smithy.api#documentation": "The configuration information for the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee the read, write, read ACP, and write ACP permissions on the\n bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to list the objects in the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to read the bucket ACL.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to create, overwrite, and delete any object in the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to write the ACL for the applicable bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nSpecifies whether you want S3 Object Lock to be enabled for the new bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nIf you would like to associate your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, use this field to pass the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance that you are associating with your S3 Access Grants instance. An IAM Identity Center instance is your corporate identity directory that you added to the IAM Identity Center. You can use the ListInstances API operation to retrieve a list of your Identity Center instances and their ARNs.
" } }, - "OutpostId": { - "target": "com.amazonaws.s3control#NonEmptyMaxLength64String", + "Tags": { + "target": "com.amazonaws.s3control#TagList", "traits": { - "smithy.api#documentation": "The ID of the Outposts where the bucket is being created.
\nThis ID is required by Amazon S3 on Outposts buckets.
\nThe Amazon Web Services resource tags that you are adding to the S3 Access Grants instance. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
" } } }, @@ -6924,20 +7077,31 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#CreateBucketResult": { + "com.amazonaws.s3control#CreateAccessGrantsInstanceResult": { "type": "structure", "members": { - "Location": { - "target": "com.amazonaws.s3control#Location", + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", "traits": { - "smithy.api#documentation": "The location of the bucket.
", - "smithy.api#httpHeader": "Location" + "smithy.api#documentation": "The date and time when you created the S3 Access Grants instance.
" } }, - "BucketArn": { - "target": "com.amazonaws.s3control#S3RegionalBucketArn", + "AccessGrantsInstanceId": { + "target": "com.amazonaws.s3control#AccessGrantsInstanceId", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" + } + }, + "IdentityCenterArn": { + "target": "com.amazonaws.s3control#IdentityCenterArn", + "traits": { + "smithy.api#documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance passed in the request. S3 Access Grants creates this Identity Center application for this specific S3 Access Grants instance.
" } } }, @@ -6945,38 +7109,25 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#CreateJob": { + "com.amazonaws.s3control#CreateAccessGrantsLocation": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#CreateJobRequest" + "target": "com.amazonaws.s3control#CreateAccessGrantsLocationRequest" }, "output": { - "target": "com.amazonaws.s3control#CreateJobResult" + "target": "com.amazonaws.s3control#CreateAccessGrantsLocationResult" }, - "errors": [ - { - "target": "com.amazonaws.s3control#BadRequestException" - }, - { - "target": "com.amazonaws.s3control#IdempotencyException" - }, - { - "target": "com.amazonaws.s3control#InternalServiceException" - }, - { - "target": "com.amazonaws.s3control#TooManyRequestsException" - } - ], "traits": { - "smithy.api#documentation": "You can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects.\n Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more\n information, see S3 Batch Operations in the Amazon S3 User Guide.
\nThis action creates a S3 Batch Operations job.
\n \nRelated actions include:
\n\n DescribeJob\n
\n\n ListJobs\n
\n\n UpdateJobPriority\n
\n\n UpdateJobStatus\n
\n\n JobOperation\n
\nThe S3 data location that you would like to register in your S3 Access Grants instance. Your S3 data must be in the same Region as your S3 Access Grants instance. The location can be one of the following:
\nThe default S3 location s3://\n
A bucket - S3://\n
A bucket and prefix - S3://\n
When you register a location, you must include the IAM role that has permission to manage the S3 location that you are registering. Give S3 Access Grants permission to assume this role using a policy. S3 Access Grants assumes this role to manage access to the location and to vend temporary credentials to grantees or client applications.
\nYou must have the s3:CreateAccessGrantsLocation permission to use this operation.
You must also have the following permission for the specified IAM role: iam:PassRole\n
The Amazon Web Services account ID that creates the job.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -6999,86 +7150,62 @@ } } }, - "ConfirmationRequired": { - "target": "com.amazonaws.s3control#ConfirmationRequired", - "traits": { - "smithy.api#default": null, - "smithy.api#documentation": "Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is\n only required for jobs created through the Amazon S3 console.
" - } - }, - "Operation": { - "target": "com.amazonaws.s3control#JobOperation", - "traits": { - "smithy.api#documentation": "The action that you want this job to perform on every object listed in the manifest. For\n more information about the available actions, see Operations in the\n Amazon S3 User Guide.
", - "smithy.api#required": {} - } - }, - "Report": { - "target": "com.amazonaws.s3control#JobReport", + "LocationScope": { + "target": "com.amazonaws.s3control#S3Prefix", "traits": { - "smithy.api#documentation": "Configuration parameters for the optional job-completion report.
", + "smithy.api#documentation": "The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://, or the S3 path to a bucket and prefix s3://. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
An idempotency token to ensure that you don't accidentally submit the same request\n twice. You can use any string up to the maximum length.
", - "smithy.api#idempotencyToken": {}, + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
", "smithy.api#required": {} } }, - "Manifest": { - "target": "com.amazonaws.s3control#JobManifest", + "Tags": { + "target": "com.amazonaws.s3control#TagList", "traits": { - "smithy.api#documentation": "Configuration parameters for the manifest.
" + "smithy.api#documentation": "The Amazon Web Services resource tags that you are adding to the S3 Access Grants location. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
" } - }, - "Description": { - "target": "com.amazonaws.s3control#NonEmptyMaxLength256String", + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#CreateAccessGrantsLocationResult": { + "type": "structure", + "members": { + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", "traits": { - "smithy.api#documentation": "A description for this job. You can use any string within the permitted length.\n Descriptions don't need to be unique and can be used for multiple jobs.
" + "smithy.api#documentation": "The date and time when you registered the location.
" } }, - "Priority": { - "target": "com.amazonaws.s3control#JobPriority", + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", "traits": { - "smithy.api#default": null, - "smithy.api#documentation": "The numerical priority for this job. Higher numbers indicate higher priority.
", - "smithy.api#required": {} + "smithy.api#documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will\n use to run this job's action on every object in the manifest.
", - "smithy.api#required": {} + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the location you are registering.
" } }, - "Tags": { - "target": "com.amazonaws.s3control#S3TagSet", + "LocationScope": { + "target": "com.amazonaws.s3control#S3Prefix", "traits": { - "smithy.api#documentation": "A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.\n
" + "smithy.api#documentation": "The S3 URI path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The attribute container for the ManifestGenerator details. Jobs must be created with\n either a manifest file or a ManifestGenerator, but not both.
" - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.s3control#CreateJobResult": { - "type": "structure", - "members": { - "JobId": { - "target": "com.amazonaws.s3control#JobId", - "traits": { - "smithy.api#documentation": "The ID for this job. Amazon S3 generates this ID automatically and returns it after a\n successful Create Job request.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } } }, @@ -7086,25 +7213,24 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#CreateMultiRegionAccessPoint": { + "com.amazonaws.s3control#CreateAccessPoint": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#CreateMultiRegionAccessPointRequest" + "target": "com.amazonaws.s3control#CreateAccessPointRequest" }, "output": { - "target": "com.amazonaws.s3control#CreateMultiRegionAccessPointResult" + "target": "com.amazonaws.s3control#CreateAccessPointResult" }, "traits": { - "smithy.api#documentation": "Creates a Multi-Region Access Point and associates it with the specified buckets. For more information\n about creating Multi-Region Access Points, see Creating\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThis request is asynchronous, meaning that you might receive a response before the\n command has completed. When this request provides a response, it provides a token that you\n can use to monitor the status of the request with\n DescribeMultiRegionAccessPointOperation.
The following actions are related to CreateMultiRegionAccessPoint:
This operation is not supported by directory buckets.
\nCreates an access point and associates it with the specified bucket. For more information, see\n Managing\n Data Access with Amazon S3 Access Points in the\n Amazon S3 User Guide.
\n \nS3 on Outposts only supports VPC-style access points.
\nFor more information, see Accessing Amazon S3 on Outposts using\n virtual private cloud (VPC) only access points in the\n Amazon S3 User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to CreateAccessPoint:
\n GetAccessPoint\n
\n\n DeleteAccessPoint\n
\n\n ListAccessPoints\n
\nThe name of the Multi-Region Access Point associated with this request.
", - "smithy.api#required": {} - } + "com.amazonaws.s3control#CreateAccessPointForObjectLambda": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#CreateAccessPointForObjectLambdaRequest" + }, + "output": { + "target": "com.amazonaws.s3control#CreateAccessPointForObjectLambdaResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nCreates an Object Lambda Access Point. For more information, see Transforming objects with\n Object Lambda Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n CreateAccessPointForObjectLambda:
The buckets in different Regions that are associated with the Multi-Region Access Point.
", - "smithy.api#required": {} + "smithy.rules#staticContextParams": { + "RequiresAccountId": { + "value": true } } - }, - "traits": { - "smithy.api#documentation": "A container for the information associated with a CreateMultiRegionAccessPoint request.
" } }, - "com.amazonaws.s3control#CreateMultiRegionAccessPointRequest": { + "com.amazonaws.s3control#CreateAccessPointForObjectLambdaRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own\n the underlying buckets.
", + "smithy.api#documentation": "The Amazon Web Services account ID for owner of the specified Object Lambda Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7152,18 +7278,18 @@ } } }, - "ClientToken": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointClientToken", + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", "traits": { - "smithy.api#documentation": "An idempotency token used to identify the request and guarantee that requests are\n unique.
", - "smithy.api#idempotencyToken": {}, + "smithy.api#documentation": "The name you want to assign to this Object Lambda Access Point.
", + "smithy.api#httpLabel": {}, "smithy.api#required": {} } }, - "Details": { - "target": "com.amazonaws.s3control#CreateMultiRegionAccessPointInput", + "Configuration": { + "target": "com.amazonaws.s3control#ObjectLambdaConfiguration", "traits": { - "smithy.api#documentation": "A container element containing details about the Multi-Region Access Point.
", + "smithy.api#documentation": "Object Lambda Access Point configuration as a JSON document.
", "smithy.api#required": {} } } @@ -7172,98 +7298,33 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#CreateMultiRegionAccessPointResult": { + "com.amazonaws.s3control#CreateAccessPointForObjectLambdaResult": { "type": "structure", "members": { - "RequestTokenARN": { - "target": "com.amazonaws.s3control#AsyncRequestTokenARN", + "ObjectLambdaAccessPointArn": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointArn", "traits": { - "smithy.api#documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous\n requests.
" + "smithy.api#documentation": "Specifies the ARN for the Object Lambda Access Point.
" } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.s3control#CreationDate": { - "type": "timestamp" - }, - "com.amazonaws.s3control#CreationTimestamp": { - "type": "timestamp" - }, - "com.amazonaws.s3control#Date": { - "type": "timestamp" - }, - "com.amazonaws.s3control#Days": { - "type": "integer", - "traits": { - "smithy.api#default": 0 - } - }, - "com.amazonaws.s3control#DaysAfterInitiation": { - "type": "integer", - "traits": { - "smithy.api#default": 0 - } - }, - "com.amazonaws.s3control#DeleteAccessPoint": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#DeleteAccessPointRequest" - }, - "output": { - "target": "smithy.api#Unit" - }, - "traits": { - "smithy.api#documentation": "Deletes the specified access point.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint:
\n CreateAccessPoint\n
\n\n GetAccessPoint\n
\n\n ListAccessPoints\n
\nThe alias of the Object Lambda Access Point.
" } } - } - }, - "com.amazonaws.s3control#DeleteAccessPointForObjectLambda": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#DeleteAccessPointForObjectLambdaRequest" - }, - "output": { - "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Deletes the specified Object Lambda Access Point.
\nThe following actions are related to\n DeleteAccessPointForObjectLambda:
The account ID for the account that owns the specified Object Lambda Access Point.
", + "smithy.api#documentation": "The Amazon Web Services account ID for the account that owns the specified access point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7273,119 +7334,185 @@ } }, "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "target": "com.amazonaws.s3control#AccessPointName", "traits": { - "smithy.api#documentation": "The name of the access point you want to delete.
", + "smithy.api#documentation": "The name you want to assign to this access point.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "The name of the bucket that you want to associate this access point with.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
If you include this field, Amazon S3 restricts access to this access point to requests from the\n specified virtual private cloud (VPC).
\nThis is required for creating an access point for Amazon S3 on Outposts buckets.
\n The PublicAccessBlock configuration that you want to apply to the access point.\n
The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
\nFor same account access point when your bucket and access point belong to the same account owner, the BucketAccountId is not required. \n For cross-account access point when your bucket and access point are not in the same account, the BucketAccountId is required.\n
Deletes the access point policy for the specified access point.
\n \nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy:
\n PutAccessPointPolicy\n
\n\n GetAccessPointPolicy\n
\nThe ARN of the access point.
\nThis is only supported by Amazon S3 on Outposts.
\nThe name or alias of the access point.
" } } + }, + "traits": { + "smithy.api#output": {} } }, - "com.amazonaws.s3control#DeleteAccessPointPolicyForObjectLambda": { + "com.amazonaws.s3control#CreateBucket": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DeleteAccessPointPolicyForObjectLambdaRequest" + "target": "com.amazonaws.s3control#CreateBucketRequest" }, "output": { - "target": "smithy.api#Unit" + "target": "com.amazonaws.s3control#CreateBucketResult" }, - "traits": { - "smithy.api#documentation": "Removes the resource policy for an Object Lambda Access Point.
\nThe following actions are related to\n DeleteAccessPointPolicyForObjectLambda:
This action creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create\n Bucket in the Amazon S3 API Reference.
\nCreates a new Outposts bucket. By creating the bucket, you become the bucket owner. To\n create an Outposts bucket, you must have S3 on Outposts. For more information, see Using\n Amazon S3 on Outposts in Amazon S3 User Guide.
\nNot every string is an acceptable bucket name. For information on bucket naming\n restrictions, see Working with\n Amazon S3 Buckets.
\nS3 on Outposts buckets support:
\nTags
\nLifecycleConfigurations for deleting expired objects
\nFor a complete list of restrictions and Amazon S3 feature limitations on S3 on Outposts, see\n \n Amazon S3 on Outposts Restrictions and Limitations.
\nFor an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts\n endpoint hostname prefix and x-amz-outpost-id in your API request, see the\n Examples section.
The following actions are related to CreateBucket for\n Amazon S3 on Outposts:
\n PutObject\n
\n\n GetBucket\n
\n\n DeleteBucket\n
\n\n CreateAccessPoint\n
\n\n PutAccessPointPolicy\n
\nThe account ID for the account that owns the specified Object Lambda Access Point.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } - } - }, - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "LocationConstraint": { + "target": "com.amazonaws.s3control#BucketLocationConstraint", "traits": { - "smithy.api#documentation": "The name of the Object Lambda Access Point you want to delete the policy for.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} + "smithy.api#documentation": "Specifies the Region where the bucket will be created. If you are creating a bucket on\n the US East (N. Virginia) Region (us-east-1), you do not need to specify the location.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe container for the bucket configuration.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe account ID for the account that owns the specified access point.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#documentation": "The canned ACL to apply to the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe name of the bucket.
", + "smithy.api#httpLabel": {}, "smithy.api#required": {}, "smithy.rules#contextParam": { - "name": "AccountId" + "name": "Bucket" } } }, - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", + "CreateBucketConfiguration": { + "target": "com.amazonaws.s3control#CreateBucketConfiguration", "traits": { - "smithy.api#documentation": "The name of the access point whose policy you want to delete.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The configuration information for the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee the read, write, read ACP, and write ACP permissions on the\n bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to list the objects in the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to read the bucket ACL.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to create, overwrite, and delete any object in the bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nAllows grantee to write the ACL for the applicable bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nSpecifies whether you want S3 Object Lock to be enabled for the new bucket.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe ID of the Outposts where the bucket is being created.
\nThis ID is required by Amazon S3 on Outposts buckets.
\nThe Amazon Web Services account ID for the account that owns the specified access point.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#documentation": "The location of the bucket.
", + "smithy.api#httpHeader": "Location" } }, - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", + "BucketArn": { + "target": "com.amazonaws.s3control#S3RegionalBucketArn", "traits": { - "smithy.api#documentation": "The name of the access point you want to delete.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The Amazon Resource Name (ARN) of the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
This action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.
\nDeletes the Amazon S3 on Outposts bucket. All objects (including all object versions and\n delete markers) in the bucket must be deleted before the bucket itself can be deleted. For\n more information, see Using Amazon S3 on Outposts in\n Amazon S3 User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
\n Related Resources\n
\n\n CreateBucket\n
\n\n GetBucket\n
\n\n DeleteObject\n
\nThis action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete\n an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.
\nDeletes the lifecycle configuration from the specified Outposts bucket.\n Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource\n associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer\n automatically deletes any objects on the basis of rules contained in the deleted lifecycle\n configuration. For more information, see Using Amazon S3 on Outposts in\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3-outposts:DeleteLifecycleConfiguration action. By default, the bucket\n owner has this permission and the Outposts bucket owner can grant this permission to\n others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions.
\nRelated actions include:
\nThis operation creates an S3 Batch Operations job.
\nYou can use S3 Batch Operations to perform large-scale batch actions on Amazon S3 objects.\n Batch Operations can run a single action on lists of Amazon S3 objects that you specify. For more\n information, see S3 Batch Operations in the Amazon S3 User Guide.
\nFor information about permissions required to use the Batch Operations, see Granting permissions for S3 Batch Operations in the Amazon S3\n User Guide.
\nRelated actions include:
\n\n DescribeJob\n
\n\n ListJobs\n
\n\n UpdateJobPriority\n
\n\n UpdateJobStatus\n
\n\n JobOperation\n
\nThe account ID of the lifecycle configuration to delete.
", + "smithy.api#documentation": "The Amazon Web Services account ID that creates the job.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7490,71 +7596,72 @@ } } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "ConfirmationRequired": { + "target": "com.amazonaws.s3control#ConfirmationRequired", "traits": { - "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Indicates whether confirmation is required before Amazon S3 runs the job. Confirmation is\n only required for jobs created through the Amazon S3 console.
" } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.s3control#DeleteBucketPolicy": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#DeleteBucketPolicyRequest" - }, - "output": { - "target": "smithy.api#Unit" - }, - "traits": { - "smithy.api#documentation": "This action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy,\n see DeleteBucketPolicy in the Amazon S3 API Reference.
\nThis implementation of the DELETE action uses the policy subresource to delete the\n policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the\n root user of the Amazon Web Services account that owns the bucket, the calling identity must have the\n s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket\n and belong to the bucket owner's account to use this action. For more information, see\n Using\n Amazon S3 on Outposts in Amazon S3 User Guide.
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403\n Access Denied error. If you have the correct permissions, but you're not using an\n identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not\n Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can\n always use this action, even if the policy explicitly denies the root user the ability\n to perform this action.
\nFor more information about bucket policies, see Using Bucket Policies and User\n Policies.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy:
\n GetBucketPolicy\n
\n\n PutBucketPolicy\n
\nThe action that you want this job to perform on every object listed in the manifest. For\n more information about the available actions, see Operations in the\n Amazon S3 User Guide.
", + "smithy.api#required": {} + } }, - "smithy.rules#staticContextParams": { - "RequiresAccountId": { - "value": true + "Report": { + "target": "com.amazonaws.s3control#JobReport", + "traits": { + "smithy.api#documentation": "Configuration parameters for the optional job-completion report.
", + "smithy.api#required": {} } - } - } - }, - "com.amazonaws.s3control#DeleteBucketPolicyRequest": { - "type": "structure", - "members": { - "AccountId": { - "target": "com.amazonaws.s3control#AccountId", + }, + "ClientRequestToken": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength64String", "traits": { - "smithy.api#documentation": "The account ID of the Outposts bucket.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#documentation": "An idempotency token to ensure that you don't accidentally submit the same request\n twice. You can use any string up to the maximum length.
", + "smithy.api#idempotencyToken": {}, + "smithy.api#required": {} } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "Manifest": { + "target": "com.amazonaws.s3control#JobManifest", "traits": { - "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Configuration parameters for the manifest.
" + } + }, + "Description": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength256String", + "traits": { + "smithy.api#documentation": "A description for this job. You can use any string within the permitted length.\n Descriptions don't need to be unique and can be used for multiple jobs.
" + } + }, + "Priority": { + "target": "com.amazonaws.s3control#JobPriority", + "traits": { + "smithy.api#default": null, + "smithy.api#documentation": "The numerical priority for this job. Higher numbers indicate higher priority.
", + "smithy.api#required": {} + } + }, + "RoleArn": { + "target": "com.amazonaws.s3control#IAMRoleArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role that Batch Operations will\n use to run this job's action on every object in the manifest.
", + "smithy.api#required": {} + } + }, + "Tags": { + "target": "com.amazonaws.s3control#S3TagSet", + "traits": { + "smithy.api#documentation": "A set of tags to associate with the S3 Batch Operations job. This is an optional parameter.\n
" + } + }, + "ManifestGenerator": { + "target": "com.amazonaws.s3control#JobManifestGenerator", + "traits": { + "smithy.api#documentation": "The attribute container for the ManifestGenerator details. Jobs must be created with\n either a manifest file or a ManifestGenerator, but not both.
" } } }, @@ -7562,24 +7669,39 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteBucketReplication": { + "com.amazonaws.s3control#CreateJobResult": { + "type": "structure", + "members": { + "JobId": { + "target": "com.amazonaws.s3control#JobId", + "traits": { + "smithy.api#documentation": "The ID for this job. Amazon S3 generates this ID automatically and returns it after a\n successful Create Job request.
This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To\n delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.
\nDeletes the replication configuration from the specified S3 on Outposts bucket.
\nTo use this operation, you must have permissions to perform the\n s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner\n has this permission by default and can grant it to others. For more information about\n permissions, see Setting up IAM with\n S3 on Outposts and Managing access to\n S3 on Outposts buckets in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for\n a replication configuration to all S3 on Outposts systems. Therefore, the replication\n configuration that's returned by a GET request soon after a\n PUT or DELETE request might return a more recent result\n than what's on the Outpost. If an Outpost is offline, the delay in updating the\n replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the\n Amazon S3 User Guide.
\nThe following operations are related to DeleteBucketReplication:
\n PutBucketReplication\n
\n\n GetBucketReplication\n
\nThis operation is not supported by directory buckets.
\nCreates a Multi-Region Access Point and associates it with the specified buckets. For more information\n about creating Multi-Region Access Points, see Creating Multi-Region Access Points in the Amazon S3 User Guide.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThis request is asynchronous, meaning that you might receive a response before the\n command has completed. When this request provides a response, it provides a token that you\n can use to monitor the status of the request with\n DescribeMultiRegionAccessPointOperation.
The following actions are related to CreateMultiRegionAccessPoint:
The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration\n for.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#documentation": "The name of the Multi-Region Access Point associated with this request.
", + "smithy.api#required": {} } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "PublicAccessBlock": { + "target": "com.amazonaws.s3control#PublicAccessBlockConfiguration" + }, + "Regions": { + "target": "com.amazonaws.s3control#RegionCreationList", "traits": { - "smithy.api#documentation": "Specifies the S3 on Outposts bucket to delete the replication configuration for.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The buckets in different Regions that are associated with the Multi-Region Access Point.
", + "smithy.api#required": {} } } }, "traits": { - "smithy.api#input": {} + "smithy.api#documentation": "A container for the information associated with a CreateMultiRegionAccessPoint request.
" } }, - "com.amazonaws.s3control#DeleteBucketRequest": { + "com.amazonaws.s3control#CreateMultiRegionAccessPointRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID that owns the Outposts bucket.
", + "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point. The owner of the Multi-Region Access Point also must own\n the underlying buckets.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7633,15 +7749,19 @@ } } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "ClientToken": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointClientToken", "traits": { - "smithy.api#documentation": "Specifies the bucket being deleted.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
An idempotency token used to identify the request and guarantee that requests are\n unique.
", + "smithy.api#idempotencyToken": {}, + "smithy.api#required": {} + } + }, + "Details": { + "target": "com.amazonaws.s3control#CreateMultiRegionAccessPointInput", + "traits": { + "smithy.api#documentation": "A container element containing details about the Multi-Region Access Point.
", + "smithy.api#required": {} } } }, @@ -7649,22 +7769,36 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteBucketTagging": { + "com.amazonaws.s3control#CreateMultiRegionAccessPointResult": { + "type": "structure", + "members": { + "RequestTokenARN": { + "target": "com.amazonaws.s3control#AsyncRequestTokenARN", + "traits": { + "smithy.api#documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous\n requests.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#CreateStorageLensGroup": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DeleteBucketTaggingRequest" + "target": "com.amazonaws.s3control#CreateStorageLensGroupRequest" }, "output": { "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags,\n see DeleteBucketTagging in the Amazon S3 API Reference.
\nDeletes the tags from the Outposts bucket. For more information, see Using\n Amazon S3 on Outposts in Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n PutBucketTagging action. By default, the bucket owner has this permission\n and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging:
\n GetBucketTagging\n
\n\n PutBucketTagging\n
\nCreates a new S3 Storage Lens group and associates it with the specified Amazon Web Services account ID. An\n S3 Storage Lens group is a custom grouping of objects based on prefix, suffix, object tags,\n object size, object age, or a combination of these filters. For each Storage Lens group\n that you’ve created, you can also optionally add Amazon Web Services resource tags. For more information\n about S3 Storage Lens groups, see Working with S3 Storage Lens\n groups.
\nTo use this operation, you must have the permission to perform the\n s3:CreateStorageLensGroup action. If you’re trying to create a Storage Lens\n group with Amazon Web Services resource tags, you must also have permission to perform the\n s3:TagResource action. For more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage\n Lens error codes.
", "smithy.api#endpoint": { "hostPrefix": "{AccountId}." }, "smithy.api#http": { - "method": "DELETE", - "uri": "/v20180820/bucket/{Bucket}/tagging", + "method": "POST", + "uri": "/v20180820/storagelensgroup", "code": 204 }, "smithy.rules#staticContextParams": { @@ -7674,13 +7808,13 @@ } } }, - "com.amazonaws.s3control#DeleteBucketTaggingRequest": { + "com.amazonaws.s3control#CreateStorageLensGroupRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID of the Outposts bucket tag set to be removed.
", + "smithy.api#documentation": "\nThe Amazon Web Services account ID that the Storage Lens group is created from and associated with.\n
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7689,15 +7823,17 @@ } } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "StorageLensGroup": { + "target": "com.amazonaws.s3control#StorageLensGroup", "traits": { - "smithy.api#documentation": "The bucket ARN that has the tag set to be removed.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
\nThe Storage Lens group configuration.\n
", + "smithy.api#required": {} + } + }, + "Tags": { + "target": "com.amazonaws.s3control#TagList", + "traits": { + "smithy.api#documentation": "\nThe Amazon Web Services resource tags that you're adding to your Storage Lens group. This parameter is optional.\n
" } } }, @@ -7705,35 +7841,79 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteJobTagging": { + "com.amazonaws.s3control#CreationDate": { + "type": "timestamp" + }, + "com.amazonaws.s3control#CreationTimestamp": { + "type": "timestamp" + }, + "com.amazonaws.s3control#Credentials": { + "type": "structure", + "members": { + "AccessKeyId": { + "target": "com.amazonaws.s3control#AccessKeyId", + "traits": { + "smithy.api#documentation": "The unique access key ID of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
" + } + }, + "SecretAccessKey": { + "target": "com.amazonaws.s3control#SecretAccessKey", + "traits": { + "smithy.api#documentation": "The secret access key of the Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
" + } + }, + "SessionToken": { + "target": "com.amazonaws.s3control#SessionToken", + "traits": { + "smithy.api#documentation": "The Amazon Web Services STS temporary credential that S3 Access Grants vends to grantees and client applications.
" + } + }, + "Expiration": { + "target": "com.amazonaws.s3control#Expiration", + "traits": { + "smithy.api#documentation": "The expiration date and time of the temporary credential that S3 Access Grants vends to grantees and client applications.
" + } + } + }, + "traits": { + "smithy.api#documentation": "The Amazon Web Services Security Token Service temporary credential that S3 Access Grants vends to grantees and client applications.
", + "smithy.api#sensitive": {} + } + }, + "com.amazonaws.s3control#Date": { + "type": "timestamp" + }, + "com.amazonaws.s3control#Days": { + "type": "integer", + "traits": { + "smithy.api#default": 0 + } + }, + "com.amazonaws.s3control#DaysAfterInitiation": { + "type": "integer", + "traits": { + "smithy.api#default": 0 + } + }, + "com.amazonaws.s3control#DeleteAccessGrant": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DeleteJobTaggingRequest" + "target": "com.amazonaws.s3control#DeleteAccessGrantRequest" }, "output": { - "target": "com.amazonaws.s3control#DeleteJobTaggingResult" + "target": "smithy.api#Unit" }, - "errors": [ - { - "target": "com.amazonaws.s3control#InternalServiceException" - }, - { - "target": "com.amazonaws.s3control#NotFoundException" - }, - { - "target": "com.amazonaws.s3control#TooManyRequestsException" - } - ], "traits": { - "smithy.api#documentation": "Removes the entire tag set from the specified S3 Batch Operations job. To use\n the\n DeleteJobTagging operation, you must have permission to\n perform the s3:DeleteJobTagging action. For more information, see Controlling\n access and labeling jobs using tags in the\n Amazon S3 User Guide.
Related actions include:
\n\n CreateJob\n
\n\n GetJobTagging\n
\n\n PutJobTagging\n
\nDeletes the access grant from the S3 Access Grants instance. You cannot undo an access grant deletion and the grantee will no longer have access to the S3 data.
\nYou must have the s3:DeleteAccessGrant permission to use this operation.
The Amazon Web Services account ID associated with the S3 Batch Operations job.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7756,10 +7936,10 @@ } } }, - "JobId": { - "target": "com.amazonaws.s3control#JobId", + "AccessGrantId": { + "target": "com.amazonaws.s3control#AccessGrantId", "traits": { - "smithy.api#documentation": "The ID for the S3 Batch Operations job whose tags you want to delete.
", + "smithy.api#documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -7769,61 +7949,68 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteJobTaggingResult": { - "type": "structure", - "members": {}, + "com.amazonaws.s3control#DeleteAccessGrantsInstance": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#DeleteAccessGrantsInstanceRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "Deletes your S3 Access Grants instance. You must first delete the access grants and locations before S3 Access Grants can delete the instance. See DeleteAccessGrant and DeleteAccessGrantsLocation. If you have associated an IAM Identity Center instance with your S3 Access Grants instance, you must first dissassociate the Identity Center instance from the S3 Access Grants instance before you can delete the S3 Access Grants instance. See AssociateAccessGrantsIdentityCenter and DissociateAccessGrantsIdentityCenter.
\nYou must have the s3:DeleteAccessGrantsInstance permission to use this operation.
Indicates whether to replicate delete markers.
", - "smithy.api#required": {} + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } } }, "traits": { - "smithy.api#documentation": "Specifies whether S3 on Outposts replicates delete markers. If you specify a\n Filter element in your replication configuration, you must also include a\n DeleteMarkerReplication element. If your Filter includes a\n Tag element, the DeleteMarkerReplication element's\n Status child element must be set to Disabled, because\n S3 on Outposts does not support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.
" + "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteMarkerReplicationStatus": { - "type": "enum", - "members": { - "Enabled": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Enabled" - } - }, - "Disabled": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Disabled" - } - } - } - }, - "com.amazonaws.s3control#DeleteMultiRegionAccessPoint": { + "com.amazonaws.s3control#DeleteAccessGrantsInstanceResourcePolicy": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DeleteMultiRegionAccessPointRequest" + "target": "com.amazonaws.s3control#DeleteAccessGrantsInstanceResourcePolicyRequest" }, "output": { - "target": "com.amazonaws.s3control#DeleteMultiRegionAccessPointResult" + "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Deletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point,\n only the Multi-Region Access Point itself.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThis request is asynchronous, meaning that you might receive a response before the\n command has completed. When this request provides a response, it provides a token that you\n can use to monitor the status of the request with\n DescribeMultiRegionAccessPointOperation.
The following actions are related to DeleteMultiRegionAccessPoint:
Deletes the resource policy of the S3 Access Grants instance. The resource policy is used to manage cross-account access to your S3 Access Grants instance. By deleting the resource policy, you delete any cross-account permissions to your S3 Access Grants instance.
\nYou must have the s3:DeleteAccessGrantsInstanceResourcePolicy permission to use this operation.
The name of the Multi-Region Access Point associated with this request.
", - "smithy.api#required": {} - } - } - }, - "traits": { - "smithy.api#documentation": "A container for the information associated with a DeleteMultiRegionAccessPoint request.
" - } - }, - "com.amazonaws.s3control#DeleteMultiRegionAccessPointRequest": { + "com.amazonaws.s3control#DeleteAccessGrantsInstanceResourcePolicyRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7863,59 +8035,31 @@ "name": "AccountId" } } - }, - "ClientToken": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointClientToken", - "traits": { - "smithy.api#documentation": "An idempotency token used to identify the request and guarantee that requests are\n unique.
", - "smithy.api#idempotencyToken": {}, - "smithy.api#required": {} - } - }, - "Details": { - "target": "com.amazonaws.s3control#DeleteMultiRegionAccessPointInput", - "traits": { - "smithy.api#documentation": "A container element containing details about the Multi-Region Access Point.
", - "smithy.api#required": {} - } } }, "traits": { "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteMultiRegionAccessPointResult": { - "type": "structure", - "members": { - "RequestTokenARN": { - "target": "com.amazonaws.s3control#AsyncRequestTokenARN", - "traits": { - "smithy.api#documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous\n requests.
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.s3control#DeletePublicAccessBlock": { + "com.amazonaws.s3control#DeleteAccessGrantsLocation": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DeletePublicAccessBlockRequest" + "target": "com.amazonaws.s3control#DeleteAccessGrantsLocationRequest" }, "output": { "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Removes the PublicAccessBlock configuration for an Amazon Web Services account. For more\n information, see Using Amazon S3 block\n public access.
Related actions include:
\n\n GetPublicAccessBlock\n
\n\n PutPublicAccessBlock\n
\nDeregisters a location from your S3 Access Grants instance. You can only delete a location registration from an S3 Access Grants instance if there are no grants associated with this location. See Delete a grant for information on how to delete grants. You need to have at least one registered location in your S3 Access Grants instance in order to create access grants.
\nYou must have the s3:DeleteAccessGrantsLocation permission to use this operation.
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration\n you want to remove.
The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -7937,28 +8081,36 @@ "name": "AccountId" } } + }, + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", + "traits": { + "smithy.api#documentation": "The ID of the registered location that you are deregistering from your S3 Access Grants instance. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage\n activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:DeleteStorageLensConfiguration action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
\nDeletes the specified access point.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPoint:
\n CreateAccessPoint\n
\n\n GetAccessPoint\n
\n\n ListAccessPoints\n
\nThe ID of the S3 Storage Lens configuration.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - }, - "AccountId": { - "target": "com.amazonaws.s3control#AccountId", - "traits": { - "smithy.api#documentation": "The account ID of the requester.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.s3control#DeleteStorageLensConfigurationTagging": { + "com.amazonaws.s3control#DeleteAccessPointForObjectLambda": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DeleteStorageLensConfigurationTaggingRequest" + "target": "com.amazonaws.s3control#DeleteAccessPointForObjectLambdaRequest" }, "output": { - "target": "com.amazonaws.s3control#DeleteStorageLensConfigurationTaggingResult" + "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see\n Assessing your\n storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:DeleteStorageLensConfigurationTagging action. For more information,\n see Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
\nDeletes the specified Object Lambda Access Point.
\nThe following actions are related to\n DeleteAccessPointForObjectLambda:
The ID of the S3 Storage Lens configuration.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - }, "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID of the requester.
", + "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8043,49 +8159,61 @@ "name": "AccountId" } } + }, + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "traits": { + "smithy.api#documentation": "The name of the access point you want to delete.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } } }, "traits": { "smithy.api#input": {} } }, - "com.amazonaws.s3control#DeleteStorageLensConfigurationTaggingResult": { - "type": "structure", - "members": {}, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.s3control#DescribeJob": { + "com.amazonaws.s3control#DeleteAccessPointPolicy": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#DescribeJobRequest" + "target": "com.amazonaws.s3control#DeleteAccessPointPolicyRequest" }, "output": { - "target": "com.amazonaws.s3control#DescribeJobResult" + "target": "smithy.api#Unit" }, - "errors": [ - { - "target": "com.amazonaws.s3control#BadRequestException" - }, - { - "target": "com.amazonaws.s3control#InternalServiceException" + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nDeletes the access point policy for the specified access point.
\n \nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteAccessPointPolicy:
\n PutAccessPointPolicy\n
\n\n GetAccessPointPolicy\n
\nRetrieves the configuration parameters and status for a Batch Operations job. For more\n information, see S3 Batch Operations in the Amazon S3 User Guide.
\n \nRelated actions include:
\n\n CreateJob\n
\n\n ListJobs\n
\n\n UpdateJobPriority\n
\n\n UpdateJobStatus\n
\nThis operation is not supported by directory buckets.
\nRemoves the resource policy for an Object Lambda Access Point.
\nThe following actions are related to\n DeleteAccessPointPolicyForObjectLambda:
The Amazon Web Services account ID associated with the S3 Batch Operations job.
", + "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8110,10 +8238,10 @@ } } }, - "JobId": { - "target": "com.amazonaws.s3control#JobId", + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", "traits": { - "smithy.api#documentation": "The ID for the job whose information you want to retrieve.
", + "smithy.api#documentation": "The name of the Object Lambda Access Point you want to delete the policy for.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -8123,53 +8251,13 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#DescribeJobResult": { - "type": "structure", - "members": { - "Job": { - "target": "com.amazonaws.s3control#JobDescriptor", - "traits": { - "smithy.api#documentation": "Contains the configuration parameters and status for the job specified in the\n Describe Job request.
Retrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information\n about managing Multi-Region Access Points and how asynchronous requests work, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to GetMultiRegionAccessPoint:
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "The account ID for the account that owns the specified access point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8178,12 +8266,15 @@ } } }, - "RequestTokenARN": { - "target": "com.amazonaws.s3control#AsyncRequestTokenARN", + "Name": { + "target": "com.amazonaws.s3control#AccessPointName", "traits": { - "smithy.api#documentation": "The request token associated with the request you want to know about. This request token\n is returned as part of the response when you make an asynchronous request. You provide this\n token to query about the status of the asynchronous action.
", + "smithy.api#documentation": "The name of the access point whose policy you want to delete.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
A container element containing the details of the asynchronous operation.
" + "smithy.api#documentation": "The Amazon Web Services account ID for the account that owns the specified access point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#AccessPointName", + "traits": { + "smithy.api#documentation": "The name of the access point you want to delete.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The destination bucket owner's account ID.
" - } - }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketIdentifierString", - "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the access point for the destination bucket where you want\n S3 on Outposts to store the replication results.
", - "smithy.api#required": {} - } - }, - "ReplicationTime": { - "target": "com.amazonaws.s3control#ReplicationTime", - "traits": { - "smithy.api#documentation": "A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled\n and the time when all objects and operations on objects must be replicated. Must be\n specified together with a Metrics block.
This is not supported by Amazon S3 on Outposts buckets.
\nThis action deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon S3 API Reference.
\nDeletes the Amazon S3 on Outposts bucket. All objects (including all object versions and\n delete markers) in the bucket must be deleted before the bucket itself can be deleted. For\n more information, see Using Amazon S3 on Outposts in\n Amazon S3 User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
\n Related Resources\n
\n\n CreateBucket\n
\n\n GetBucket\n
\n\n DeleteObject\n
\nSpecify this property only in a cross-account scenario (where the source and destination\n bucket owners are not the same), and you want to change replica ownership to the\n Amazon Web Services account that owns the destination bucket. If this property is not specified in the\n replication configuration, the replicas are owned by same Amazon Web Services account that owns the\n source object.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nA container that provides information about encryption. If\n SourceSelectionCriteria is specified, you must specify this element.
This is not supported by Amazon S3 on Outposts buckets.
\nThis action deletes an Amazon S3 on Outposts bucket's lifecycle configuration. To delete\n an S3 bucket's lifecycle configuration, see DeleteBucketLifecycle in the Amazon S3 API Reference.
\nDeletes the lifecycle configuration from the specified Outposts bucket.\n Amazon S3 on Outposts removes all the lifecycle configuration rules in the lifecycle subresource\n associated with the bucket. Your objects never expire, and Amazon S3 on Outposts no longer\n automatically deletes any objects on the basis of rules contained in the deleted lifecycle\n configuration. For more information, see Using Amazon S3 on Outposts in\n Amazon S3 User Guide.
\nTo use this operation, you must have permission to perform the\n s3-outposts:PutLifecycleConfiguration action. By default, the bucket owner\n has this permission and the Outposts bucket owner can grant this permission to\n others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For more information about object expiration, see Elements to Describe Lifecycle Actions.
\nRelated actions include:
\nA container that specifies replication metrics-related settings.
" - } + "smithy.api#http": { + "method": "DELETE", + "uri": "/v20180820/bucket/{Bucket}/lifecycleconfiguration", + "code": 200 }, - "StorageClass": { - "target": "com.amazonaws.s3control#ReplicationStorageClass", - "traits": { - "smithy.api#documentation": " The storage class to use when replicating objects. All objects stored on S3 on Outposts\n are stored in the OUTPOSTS storage class. S3 on Outposts uses the\n OUTPOSTS storage class to create the object replicas.
Values other than OUTPOSTS are not supported by Amazon S3 on Outposts.
Specifies information about the replication destination bucket and its settings for an\n S3 on Outposts replication configuration.
" } }, - "com.amazonaws.s3control#DetailedStatusCodesMetrics": { + "com.amazonaws.s3control#DeleteBucketLifecycleConfigurationRequest": { "type": "structure", "members": { - "IsEnabled": { - "target": "com.amazonaws.s3control#IsEnabled", + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#default": false, - "smithy.api#documentation": "A container that indicates whether detailed status code metrics are enabled.
" + "smithy.api#documentation": "The account ID of the lifecycle configuration to delete.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } - } - }, - "traits": { - "smithy.api#documentation": "The container element for Amazon S3 Storage Lens detailed status code metrics. Detailed status\n code metrics generate metrics for HTTP status codes, such as 200 OK, 403\n Forbidden, 503 Service Unavailable and others.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" - } - }, - "com.amazonaws.s3control#EncryptionConfiguration": { - "type": "structure", - "members": { - "ReplicaKmsKeyID": { - "target": "com.amazonaws.s3control#ReplicaKmsKeyID", + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", "traits": { - "smithy.api#documentation": "Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS)\n for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the\n KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt\n replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information,\n see Symmetric encryption\n KMS keys in the Amazon Web Services Key Management Service Developer\n Guide.
" + "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Specifies encryption-related information for an Amazon S3 bucket that is a destination for\n replicated objects.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThis action deletes an Amazon S3 on Outposts bucket policy. To delete an S3 bucket policy,\n see DeleteBucketPolicy in the Amazon S3 API Reference.
\nThis implementation of the DELETE action uses the policy subresource to delete the\n policy of a specified Amazon S3 on Outposts bucket. If you are using an identity other than the\n root user of the Amazon Web Services account that owns the bucket, the calling identity must have the\n s3-outposts:DeleteBucketPolicy permissions on the specified Outposts bucket\n and belong to the bucket owner's account to use this action. For more information, see\n Using\n Amazon S3 on Outposts in Amazon S3 User Guide.
If you don't have DeleteBucketPolicy permissions, Amazon S3 returns a 403\n Access Denied error. If you have the correct permissions, but you're not using an\n identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not\n Allowed error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can\n always use this action, even if the policy explicitly denies the root user the ability\n to perform this action.
\nFor more information about bucket policies, see Using Bucket Policies and User\n Policies.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketPolicy:
\n GetBucketPolicy\n
\n\n PutBucketPolicy\n
\nThe details of the last established policy.
" + "smithy.api#documentation": "The account ID of the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The last established access control policy for a Multi-Region Access Point.
\nWhen you update the policy, the update is first listed as the proposed policy. After the\n update is finished and all Regions have been updated, the proposed policy is listed as the\n established policy. If both policies have the same version number, the proposed policy is\n the established policy.
" + "smithy.api#input": {} } }, - "com.amazonaws.s3control#ExceptionMessage": { - "type": "string", + "com.amazonaws.s3control#DeleteBucketReplication": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#DeleteBucketReplicationRequest" + }, + "output": { + "target": "smithy.api#Unit" + }, "traits": { - "smithy.api#length": { - "min": 1, - "max": 1024 + "smithy.api#documentation": "This operation deletes an Amazon S3 on Outposts bucket's replication configuration. To\n delete an S3 bucket's replication configuration, see DeleteBucketReplication in the Amazon S3 API Reference.
\nDeletes the replication configuration from the specified S3 on Outposts bucket.
\nTo use this operation, you must have permissions to perform the\n s3-outposts:PutReplicationConfiguration action. The Outposts bucket owner\n has this permission by default and can grant it to others. For more information about\n permissions, see Setting up IAM with\n S3 on Outposts and Managing access to\n S3 on Outposts buckets in the Amazon S3 User Guide.
It can take a while to propagate PUT or DELETE requests for\n a replication configuration to all S3 on Outposts systems. Therefore, the replication\n configuration that's returned by a GET request soon after a\n PUT or DELETE request might return a more recent result\n than what's on the Outpost. If an Outpost is offline, the delay in updating the\n replication configuration on that Outpost can be significant.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
For information about S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the\n Amazon S3 User Guide.
\nThe following operations are related to DeleteBucketReplication:
\n PutBucketReplication\n
\n\n GetBucketReplication\n
\nA container for the S3 Storage Lens bucket excludes.
" + "smithy.api#documentation": "The Amazon Web Services account ID of the Outposts bucket to delete the replication configuration\n for.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } }, - "Regions": { - "target": "com.amazonaws.s3control#Regions", + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", "traits": { - "smithy.api#documentation": "A container for the S3 Storage Lens Region excludes.
" + "smithy.api#documentation": "Specifies the S3 on Outposts bucket to delete the replication configuration for.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
A container for what Amazon S3 Storage Lens will exclude.
" + "smithy.api#input": {} } }, - "com.amazonaws.s3control#ExistingObjectReplication": { + "com.amazonaws.s3control#DeleteBucketRequest": { "type": "structure", "members": { - "Status": { - "target": "com.amazonaws.s3control#ExistingObjectReplicationStatus", - "traits": { - "smithy.api#documentation": "Specifies whether Amazon S3 replicates existing source bucket objects.
", - "smithy.api#required": {} - } - } - }, - "traits": { - "smithy.api#documentation": "An optional configuration to replicate existing source bucket objects.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe account ID that owns the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } }, - "Disabled": { - "target": "smithy.api#Unit", + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", "traits": { - "smithy.api#enumValue": "Disabled" + "smithy.api#documentation": "Specifies the bucket being deleted.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
This action deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags,\n see DeleteBucketTagging in the Amazon S3 API Reference.
\nDeletes the tags from the Outposts bucket. For more information, see Using\n Amazon S3 on Outposts in Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n PutBucketTagging action. By default, the bucket owner has this permission\n and can grant this permission to others.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to DeleteBucketTagging:
\n GetBucketTagging\n
\n\n PutBucketTagging\n
\nSpecifies the use of SSE-S3 to encrypt generated manifest objects.
", - "smithy.api#xmlName": "SSE-S3" + "smithy.api#documentation": "The Amazon Web Services account ID of the Outposts bucket tag set to be removed.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } }, - "SSEKMS": { - "target": "com.amazonaws.s3control#SSEKMSEncryption", + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", "traits": { - "smithy.api#documentation": "Configuration details on how SSE-KMS is used to encrypt generated manifest\n objects.
", - "smithy.api#xmlName": "SSE-KMS" + "smithy.api#documentation": "The bucket ARN that has the tag set to be removed.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The encryption configuration to use when storing the generated manifest.
" - } - }, - "com.amazonaws.s3control#GeneratedManifestFormat": { - "type": "enum", - "members": { - "S3InventoryReport_CSV_20211130": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "S3InventoryReport_CSV_20211130" - } - } + "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetAccessPoint": { + "com.amazonaws.s3control#DeleteJobTagging": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetAccessPointRequest" + "target": "com.amazonaws.s3control#DeleteJobTaggingRequest" }, "output": { - "target": "com.amazonaws.s3control#GetAccessPointResult" + "target": "com.amazonaws.s3control#DeleteJobTaggingResult" }, - "traits": { - "smithy.api#documentation": "Returns configuration information about the specified access point.
\n \nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint:
\n CreateAccessPoint\n
\n\n DeleteAccessPoint\n
\n\n ListAccessPoints\n
\nReturns configuration for an Object Lambda Access Point.
\nThe following actions are related to\n GetAccessPointConfigurationForObjectLambda:
Removes the entire tag set from the specified S3 Batch Operations job.
\nTo use the\n DeleteJobTagging operation, you must have permission to\n perform the s3:DeleteJobTagging action. For more information, see Controlling\n access and labeling jobs using tags in the\n Amazon S3 User Guide.
Related actions include:
\n\n CreateJob\n
\n\n GetJobTagging\n
\n\n PutJobTagging\n
\nThe account ID for the account that owns the specified Object Lambda Access Point.
", + "smithy.api#documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8517,10 +8644,10 @@ } } }, - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "JobId": { + "target": "com.amazonaws.s3control#JobId", "traits": { - "smithy.api#documentation": "The name of the Object Lambda Access Point you want to return the configuration for.
", + "smithy.api#documentation": "The ID for the S3 Batch Operations job whose tags you want to delete.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -8530,38 +8657,64 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetAccessPointConfigurationForObjectLambdaResult": { + "com.amazonaws.s3control#DeleteJobTaggingResult": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#DeleteMarkerReplication": { "type": "structure", "members": { - "Configuration": { - "target": "com.amazonaws.s3control#ObjectLambdaConfiguration", + "Status": { + "target": "com.amazonaws.s3control#DeleteMarkerReplicationStatus", "traits": { - "smithy.api#documentation": "Object Lambda Access Point configuration document.
" + "smithy.api#documentation": "Indicates whether to replicate delete markers.
", + "smithy.api#required": {} } } }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "Specifies whether S3 on Outposts replicates delete markers. If you specify a\n Filter element in your replication configuration, you must also include a\n DeleteMarkerReplication element. If your Filter includes a\n Tag element, the DeleteMarkerReplication element's\n Status child element must be set to Disabled, because\n S3 on Outposts does not support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the\n Amazon S3 User Guide.
" } }, - "com.amazonaws.s3control#GetAccessPointForObjectLambda": { + "com.amazonaws.s3control#DeleteMarkerReplicationStatus": { + "type": "enum", + "members": { + "Enabled": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Enabled" + } + }, + "Disabled": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Disabled" + } + } + } + }, + "com.amazonaws.s3control#DeleteMultiRegionAccessPoint": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetAccessPointForObjectLambdaRequest" + "target": "com.amazonaws.s3control#DeleteMultiRegionAccessPointRequest" }, "output": { - "target": "com.amazonaws.s3control#GetAccessPointForObjectLambdaResult" + "target": "com.amazonaws.s3control#DeleteMultiRegionAccessPointResult" }, "traits": { - "smithy.api#documentation": "Returns configuration information about the specified Object Lambda Access Point
\nThe following actions are related to GetAccessPointForObjectLambda:
This operation is not supported by directory buckets.
\nDeletes a Multi-Region Access Point. This action does not delete the buckets associated with the Multi-Region Access Point,\n only the Multi-Region Access Point itself.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThis request is asynchronous, meaning that you might receive a response before the\n command has completed. When this request provides a response, it provides a token that you\n can use to monitor the status of the request with\n DescribeMultiRegionAccessPointOperation.
The following actions are related to DeleteMultiRegionAccessPoint:
The name of the Multi-Region Access Point associated with this request.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "A container for the information associated with a DeleteMultiRegionAccessPoint request.
" + } + }, + "com.amazonaws.s3control#DeleteMultiRegionAccessPointRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", + "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8584,11 +8752,18 @@ } } }, - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "ClientToken": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointClientToken", "traits": { - "smithy.api#documentation": "The name of the Object Lambda Access Point.
", - "smithy.api#httpLabel": {}, + "smithy.api#documentation": "An idempotency token used to identify the request and guarantee that requests are\n unique.
", + "smithy.api#idempotencyToken": {}, + "smithy.api#required": {} + } + }, + "Details": { + "target": "com.amazonaws.s3control#DeleteMultiRegionAccessPointInput", + "traits": { + "smithy.api#documentation": "A container element containing details about the Multi-Region Access Point.
", "smithy.api#required": {} } } @@ -8597,31 +8772,13 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetAccessPointForObjectLambdaResult": { + "com.amazonaws.s3control#DeleteMultiRegionAccessPointResult": { "type": "structure", "members": { - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", - "traits": { - "smithy.api#documentation": "The name of the Object Lambda Access Point.
" - } - }, - "PublicAccessBlockConfiguration": { - "target": "com.amazonaws.s3control#PublicAccessBlockConfiguration", - "traits": { - "smithy.api#documentation": "Configuration to block all public access. This setting is turned on and can not be\n edited.
" - } - }, - "CreationDate": { - "target": "com.amazonaws.s3control#CreationDate", - "traits": { - "smithy.api#documentation": "The date and time when the specified Object Lambda Access Point was created.
" - } - }, - "Alias": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointAlias", + "RequestTokenARN": { + "target": "com.amazonaws.s3control#AsyncRequestTokenARN", "traits": { - "smithy.api#documentation": "The alias of the Object Lambda Access Point.
" + "smithy.api#documentation": "The request token associated with the request. You can use this token with DescribeMultiRegionAccessPointOperation to determine the status of asynchronous\n requests.
" } } }, @@ -8629,22 +8786,22 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetAccessPointPolicy": { + "com.amazonaws.s3control#DeletePublicAccessBlock": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetAccessPointPolicyRequest" + "target": "com.amazonaws.s3control#DeletePublicAccessBlockRequest" }, "output": { - "target": "com.amazonaws.s3control#GetAccessPointPolicyResult" + "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Returns the access point policy associated with the specified access point.
\nThe following actions are related to GetAccessPointPolicy:
\n PutAccessPointPolicy\n
\nThis operation is not supported by directory buckets.
\nRemoves the PublicAccessBlock configuration for an Amazon Web Services account. For more\n information, see Using Amazon S3 block\n public access.
Related actions include:
\n\n GetPublicAccessBlock\n
\n\n PutPublicAccessBlock\n
\nThe account ID for the Amazon Web Services account whose PublicAccessBlock configuration\n you want to remove.
Returns the resource policy for an Object Lambda Access Point.
\nThe following actions are related to\n GetAccessPointPolicyForObjectLambda:
This operation is not supported by directory buckets.
\nDeletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage\n activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:DeleteStorageLensConfiguration action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
The ID of the S3 Storage Lens configuration.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", + "smithy.api#documentation": "The account ID of the requester.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8693,41 +8878,52 @@ "name": "AccountId" } } - }, - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", - "traits": { - "smithy.api#documentation": "The name of the Object Lambda Access Point.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } } }, "traits": { "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetAccessPointPolicyForObjectLambdaResult": { - "type": "structure", - "members": { - "Policy": { - "target": "com.amazonaws.s3control#ObjectLambdaPolicy", - "traits": { - "smithy.api#documentation": "Object Lambda Access Point resource policy document.
" - } - } + "com.amazonaws.s3control#DeleteStorageLensConfigurationTagging": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#DeleteStorageLensConfigurationTaggingRequest" + }, + "output": { + "target": "com.amazonaws.s3control#DeleteStorageLensConfigurationTaggingResult" }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nDeletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see\n Assessing your\n storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:DeleteStorageLensConfigurationTagging action. For more information,\n see Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
The ID of the S3 Storage Lens configuration.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID for the account that owns the specified access point.
", + "smithy.api#documentation": "The account ID of the requester.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8735,54 +8931,36 @@ "name": "AccountId" } } - }, - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", - "traits": { - "smithy.api#documentation": "The name of the access point whose policy you want to retrieve.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The access point policy associated with the specified access point.
" - } - } - }, + "members": {}, "traits": { "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetAccessPointPolicyStatus": { + "com.amazonaws.s3control#DeleteStorageLensGroup": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusRequest" + "target": "com.amazonaws.s3control#DeleteStorageLensGroupRequest" }, "output": { - "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusResult" + "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Indicates whether the specified access point currently has a policy that allows public access.\n For more information about public access through access points, see Managing Data Access with Amazon S3\n access points in the Amazon S3 User Guide.
", + "smithy.api#documentation": "\nDeletes an existing S3 Storage Lens group.
\nTo use this operation, you must have the permission to perform the\n s3:DeleteStorageLensGroup action. For more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage\n Lens error codes.
", "smithy.api#endpoint": { "hostPrefix": "{AccountId}." }, "smithy.api#http": { - "method": "GET", - "uri": "/v20180820/accesspoint/{Name}/policyStatus", - "code": 200 + "method": "DELETE", + "uri": "/v20180820/storagelensgroup/{Name}", + "code": 204 }, "smithy.rules#staticContextParams": { "RequiresAccountId": { @@ -8791,22 +8969,64 @@ } } }, - "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambda": { + "com.amazonaws.s3control#DeleteStorageLensGroupRequest": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.s3control#StorageLensGroupName", + "traits": { + "smithy.api#documentation": "\nThe name of the Storage Lens group that you're trying to delete.\n
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "\nThe Amazon Web Services account ID used to create the Storage Lens group that you're trying to delete.\n
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#DescribeJob": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaRequest" + "target": "com.amazonaws.s3control#DescribeJobRequest" }, "output": { - "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaResult" + "target": "com.amazonaws.s3control#DescribeJobResult" }, + "errors": [ + { + "target": "com.amazonaws.s3control#BadRequestException" + }, + { + "target": "com.amazonaws.s3control#InternalServiceException" + }, + { + "target": "com.amazonaws.s3control#NotFoundException" + }, + { + "target": "com.amazonaws.s3control#TooManyRequestsException" + } + ], "traits": { - "smithy.api#documentation": "Returns the status of the resource policy associated with an Object Lambda Access Point.
", + "smithy.api#documentation": "Retrieves the configuration parameters and status for a Batch Operations job. For more\n information, see S3 Batch Operations in the Amazon S3 User Guide.
\nTo use the DescribeJob operation, you must have permission to perform the s3:DescribeJob action.
Related actions include:
\n\n CreateJob\n
\n\n ListJobs\n
\n\n UpdateJobPriority\n
\n\n UpdateJobStatus\n
\nThe account ID for the account that owns the specified Object Lambda Access Point.
", + "smithy.api#documentation": "The Amazon Web Services account ID associated with the S3 Batch Operations job.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8831,10 +9051,10 @@ } } }, - "Name": { - "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "JobId": { + "target": "com.amazonaws.s3control#JobId", "traits": { - "smithy.api#documentation": "The name of the Object Lambda Access Point.
", + "smithy.api#documentation": "The ID for the job whose information you want to retrieve.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -8844,69 +9064,53 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaResult": { + "com.amazonaws.s3control#DescribeJobResult": { "type": "structure", "members": { - "PolicyStatus": { - "target": "com.amazonaws.s3control#PolicyStatus" + "Job": { + "target": "com.amazonaws.s3control#JobDescriptor", + "traits": { + "smithy.api#documentation": "Contains the configuration parameters and status for the job specified in the\n Describe Job request.
The account ID for the account that owns the specified access point.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } - } - }, - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", - "traits": { - "smithy.api#documentation": "The name of the access point whose policy status you want to retrieve.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccessPointName" - } - } - } + "com.amazonaws.s3control#DescribeMultiRegionAccessPointOperation": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#DescribeMultiRegionAccessPointOperationRequest" + }, + "output": { + "target": "com.amazonaws.s3control#DescribeMultiRegionAccessPointOperationResult" }, "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.s3control#GetAccessPointPolicyStatusResult": { - "type": "structure", - "members": { - "PolicyStatus": { - "target": "com.amazonaws.s3control#PolicyStatus", - "traits": { - "smithy.api#documentation": "Indicates the current policy status of the specified access point.
" + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nRetrieves the status of an asynchronous request to manage a Multi-Region Access Point. For more information\n about managing Multi-Region Access Points and how asynchronous requests work, see Using Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to GetMultiRegionAccessPoint:
The Amazon Web Services account ID for the account that owns the specified access point.
", + "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -8915,15 +9119,12 @@ } } }, - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", + "RequestTokenARN": { + "target": "com.amazonaws.s3control#AsyncRequestTokenARN", "traits": { - "smithy.api#documentation": "The name of the access point whose configuration information you want to retrieve.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The request token associated with the request you want to know about. This request token\n is returned as part of the response when you make an asynchronous request. You provide this\n token to query about the status of the asynchronous action.
", "smithy.api#httpLabel": {}, - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccessPointName" - } + "smithy.api#required": {} } } }, @@ -8931,114 +9132,105 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetAccessPointResult": { + "com.amazonaws.s3control#DescribeMultiRegionAccessPointOperationResult": { "type": "structure", "members": { - "Name": { - "target": "com.amazonaws.s3control#AccessPointName", - "traits": { - "smithy.api#documentation": "The name of the specified access point.
" - } - }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "AsyncOperation": { + "target": "com.amazonaws.s3control#AsyncOperation", "traits": { - "smithy.api#documentation": "The name of the bucket associated with the specified access point.
" + "smithy.api#documentation": "A container element containing the details of the asynchronous operation.
" } - }, - "NetworkOrigin": { - "target": "com.amazonaws.s3control#NetworkOrigin", + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#Destination": { + "type": "structure", + "members": { + "Account": { + "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "Indicates whether this access point allows access from the public internet. If\n VpcConfiguration is specified for this access point, then\n NetworkOrigin is VPC, and the access point doesn't allow access from\n the public internet. Otherwise, NetworkOrigin is Internet, and\n the access point allows access from the public internet, subject to the access point and bucket access\n policies.
This will always be true for an Amazon S3 on Outposts access point
" + "smithy.api#documentation": "The destination bucket owner's account ID.
" } }, - "VpcConfiguration": { - "target": "com.amazonaws.s3control#VpcConfiguration", + "Bucket": { + "target": "com.amazonaws.s3control#BucketIdentifierString", "traits": { - "smithy.api#documentation": "Contains the virtual private cloud (VPC) configuration for the specified access point.
\nThis element is empty if this access point is an Amazon S3 on Outposts access point that is used by other\n Amazon Web Services.
\nThe Amazon Resource Name (ARN) of the access point for the destination bucket where you want\n S3 on Outposts to store the replication results.
", + "smithy.api#required": {} } }, - "PublicAccessBlockConfiguration": { - "target": "com.amazonaws.s3control#PublicAccessBlockConfiguration" - }, - "CreationDate": { - "target": "com.amazonaws.s3control#CreationDate", + "ReplicationTime": { + "target": "com.amazonaws.s3control#ReplicationTime", "traits": { - "smithy.api#documentation": "The date and time when the specified access point was created.
" + "smithy.api#documentation": "A container that specifies S3 Replication Time Control (S3 RTC) settings, including whether S3 RTC is enabled\n and the time when all objects and operations on objects must be replicated. Must be\n specified together with a Metrics block.
This is not supported by Amazon S3 on Outposts buckets.
\nThe name or alias of the access point.
" + "smithy.api#documentation": "Specify this property only in a cross-account scenario (where the source and destination\n bucket owners are not the same), and you want to change replica ownership to the\n Amazon Web Services account that owns the destination bucket. If this property is not specified in the\n replication configuration, the replicas are owned by same Amazon Web Services account that owns the\n source object.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe ARN of the access point.
" + "smithy.api#documentation": "A container that provides information about encryption. If\n SourceSelectionCriteria is specified, you must specify this element.
This is not supported by Amazon S3 on Outposts buckets.
\nThe VPC endpoint for the access point.
" + "smithy.api#documentation": "A container that specifies replication metrics-related settings.
" } }, - "BucketAccountId": { - "target": "com.amazonaws.s3control#AccountId", + "StorageClass": { + "target": "com.amazonaws.s3control#ReplicationStorageClass", "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
" + "smithy.api#documentation": " The storage class to use when replicating objects. All objects stored on S3 on Outposts\n are stored in the OUTPOSTS storage class. S3 on Outposts uses the\n OUTPOSTS storage class to create the object replicas.
Values other than OUTPOSTS aren't supported by Amazon S3 on Outposts.
Specifies information about the replication destination bucket and its settings for an\n S3 on Outposts replication configuration.
" } }, - "com.amazonaws.s3control#GetBucket": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#GetBucketRequest" - }, - "output": { - "target": "com.amazonaws.s3control#GetBucketResult" - }, - "traits": { - "smithy.api#documentation": "Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the\n Amazon S3 User Guide.
\nIf you are using an identity other than the root user of the Amazon Web Services account that owns the\n Outposts bucket, the calling identity must have the s3-outposts:GetBucket\n permissions on the specified Outposts bucket and belong to the Outposts bucket owner's\n account in order to use this action. Only users from Outposts bucket owner account with\n the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket permissions or you're not using an\n identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access\n Denied error.
The following actions are related to GetBucket for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
\n PutObject\n
\n\n CreateBucket\n
\n\n DeleteBucket\n
\nA container that indicates whether detailed status code metrics are enabled.
" } } + }, + "traits": { + "smithy.api#documentation": "The container element for Amazon S3 Storage Lens detailed status code metrics. Detailed status\n code metrics generate metrics for HTTP status codes, such as 200 OK, 403\n Forbidden, 503 Service Unavailable and others.
For more information about S3 Storage Lens, see Assessing your storage activity and usage with S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
" } }, - "com.amazonaws.s3control#GetBucketLifecycleConfiguration": { + "com.amazonaws.s3control#DissociateAccessGrantsIdentityCenter": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetBucketLifecycleConfigurationRequest" + "target": "com.amazonaws.s3control#DissociateAccessGrantsIdentityCenterRequest" }, "output": { - "target": "com.amazonaws.s3control#GetBucketLifecycleConfigurationResult" + "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "This action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3\n bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.\n
\nReturns the lifecycle configuration information set on the Outposts bucket. For more\n information, see Using Amazon S3 on Outposts and for\n information about lifecycle configuration, see Object Lifecycle\n Management in Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner\n has this permission, by default. The bucket owner can grant this permission to others. For\n more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing\n Access Permissions to Your Amazon S3 Resources.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
\n GetBucketLifecycleConfiguration has the following special error:
Error code: NoSuchLifecycleConfiguration\n
Description: The lifecycle configuration does not exist.
\nHTTP Status Code: 404 Not Found
\nSOAP Fault Code Prefix: Client
\nThe following actions are related to\n GetBucketLifecycleConfiguration:
Dissociates the Amazon Web Services IAM Identity Center instance from the S3 Access Grants instance.
\nYou must have the s3:DissociateAccessGrantsIdentityCenter permission to use this operation.
You must have the sso:DeleteApplication permission to use this operation.
The Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9060,253 +9252,224 @@ "name": "AccountId" } } - }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", - "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Container for the lifecycle rule of the Outposts bucket.
" + "smithy.api#documentation": "Specifies the ID of the customer managed KMS key that's stored in Key Management Service (KMS)\n for the destination bucket. This ID is either the Amazon Resource Name (ARN) for the\n KMS key or the alias ARN for the KMS key. Amazon S3 uses this KMS key to encrypt\n replica objects. Amazon S3 supports only symmetric encryption KMS keys. For more information,\n see Symmetric encryption\n KMS keys in the Amazon Web Services Key Management Service Developer\n Guide.
" } } }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "Specifies encryption-related information for an Amazon S3 bucket that is a destination for\n replicated objects.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThis action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for\n an S3 bucket, see GetBucketPolicy in the\n Amazon S3 API Reference.
\nReturns the policy of a specified Outposts bucket. For more information, see Using\n Amazon S3 on Outposts in the Amazon S3 User Guide.
\nIf you are using an identity other than the root user of the Amazon Web Services account that owns the\n bucket, the calling identity must have the GetBucketPolicy permissions on the\n specified bucket and belong to the bucket owner's account in order to use this\n action.
Only users from Outposts bucket owner account with the right permissions can perform\n actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy\n permissions or you're not using an identity that belongs to the bucket owner's account,\n Amazon S3 returns a 403 Access Denied error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can\n always use this action, even if the policy explicitly denies the root user the ability\n to perform this action.
\nFor more information about bucket policies, see Using Bucket Policies and User\n Policies.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy:
\n GetObject\n
\n\n PutBucketPolicy\n
\n\n DeleteBucketPolicy\n
\nThe Amazon Web Services account ID of the Outposts bucket.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } - } - }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "Policy": { + "target": "com.amazonaws.s3control#Policy", "traits": { - "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The details of the last established policy.
" } } }, "traits": { - "smithy.api#input": {} + "smithy.api#documentation": "The last established access control policy for a Multi-Region Access Point.
\nWhen you update the policy, the update is first listed as the proposed policy. After the\n update is finished and all Regions have been updated, the proposed policy is listed as the\n established policy. If both policies have the same version number, the proposed policy is\n the established policy.
" } }, - "com.amazonaws.s3control#GetBucketPolicyResult": { - "type": "structure", - "members": { - "Policy": { - "target": "com.amazonaws.s3control#Policy", - "traits": { - "smithy.api#documentation": "The policy of the Outposts bucket.
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.s3control#GetBucketReplication": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#GetBucketReplicationRequest" - }, - "output": { - "target": "com.amazonaws.s3control#GetBucketReplicationResult" - }, + "com.amazonaws.s3control#ExceptionMessage": { + "type": "string", "traits": { - "smithy.api#documentation": "This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an\n S3 bucket's replication configuration, see GetBucketReplication\n in the Amazon S3 API Reference.
\nReturns the replication configuration of an S3 on Outposts bucket. For more information\n about S3 on Outposts, see Using Amazon S3 on Outposts in the\n Amazon S3 User Guide. For information about S3 replication on Outposts\n configuration, see Replicating objects for S3 on Outposts in the Amazon S3 User Guide.
\nIt can take a while to propagate PUT or DELETE requests for\n a replication configuration to all S3 on Outposts systems. Therefore, the replication\n configuration that's returned by a GET request soon after a\n PUT or DELETE request might return a more recent result\n than what's on the Outpost. If an Outpost is offline, the delay in updating the\n replication configuration on that Outpost can be significant.
This action requires permissions for the\n s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner\n has this permission by default and can grant it to others. For more information about\n permissions, see Setting up IAM with\n S3 on Outposts and Managing access to\n S3 on Outposts bucket in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
If you include the Filter element in a replication configuration, you must\n also include the DeleteMarkerReplication, Status, and\n Priority elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
\nThe following operations are related to GetBucketReplication:
\n PutBucketReplication\n
\nThe Amazon Web Services account ID of the Outposts bucket.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#documentation": "A container for the S3 Storage Lens bucket excludes.
" } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "Regions": { + "target": "com.amazonaws.s3control#Regions", "traits": { - "smithy.api#documentation": "Specifies the bucket to get the replication information for.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
A container for the S3 Storage Lens Region excludes.
" } } }, "traits": { - "smithy.api#input": {} + "smithy.api#documentation": "A container for what Amazon S3 Storage Lens will exclude.
" } }, - "com.amazonaws.s3control#GetBucketReplicationResult": { + "com.amazonaws.s3control#ExistingObjectReplication": { "type": "structure", "members": { - "ReplicationConfiguration": { - "target": "com.amazonaws.s3control#ReplicationConfiguration", + "Status": { + "target": "com.amazonaws.s3control#ExistingObjectReplicationStatus", "traits": { - "smithy.api#documentation": "A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a\n replication configuration is 128 KB.
" + "smithy.api#documentation": "Specifies whether Amazon S3 replicates existing source bucket objects.
", + "smithy.api#required": {} } } }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "An optional configuration to replicate existing source bucket objects.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe Amazon Web Services account ID of the Outposts bucket.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#enumValue": "Enabled" } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "Disabled": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Outposts bucket requested.
" + "smithy.api#enumValue": "CSV" } }, - "PublicAccessBlockEnabled": { - "target": "com.amazonaws.s3control#PublicAccessBlockEnabled", + "Parquet": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#default": false, - "smithy.api#documentation": "" + "smithy.api#enumValue": "Parquet" } + } + } + }, + "com.amazonaws.s3control#FunctionArnString": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 1024 }, - "CreationDate": { - "target": "com.amazonaws.s3control#CreationDate", + "smithy.api#pattern": "^(arn:(aws[a-zA-Z-]*)?:lambda:)?([a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:)?(\\d{12}:)?(function:)?([a-zA-Z0-9-_]+)(:(\\$LATEST|[a-zA-Z0-9-_]+))?$" + } + }, + "com.amazonaws.s3control#GeneratedManifestEncryption": { + "type": "structure", + "members": { + "SSES3": { + "target": "com.amazonaws.s3control#SSES3Encryption", "traits": { - "smithy.api#documentation": "The creation date of the Outposts bucket.
" + "smithy.api#documentation": "Specifies the use of SSE-S3 to encrypt generated manifest objects.
", + "smithy.api#xmlName": "SSE-S3" + } + }, + "SSEKMS": { + "target": "com.amazonaws.s3control#SSEKMSEncryption", + "traits": { + "smithy.api#documentation": "Configuration details on how SSE-KMS is used to encrypt generated manifest\n objects.
", + "smithy.api#xmlName": "SSE-KMS" } } }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "The encryption configuration to use when storing the generated manifest.
" } }, - "com.amazonaws.s3control#GetBucketTagging": { + "com.amazonaws.s3control#GeneratedManifestFormat": { + "type": "enum", + "members": { + "S3InventoryReport_CSV_20211130": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "S3InventoryReport_CSV_20211130" + } + } + } + }, + "com.amazonaws.s3control#GetAccessGrant": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetBucketTaggingRequest" + "target": "com.amazonaws.s3control#GetAccessGrantRequest" }, "output": { - "target": "com.amazonaws.s3control#GetBucketTaggingResult" + "target": "com.amazonaws.s3control#GetAccessGrantResult" }, "traits": { - "smithy.api#documentation": "This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see\n GetBucketTagging in the Amazon S3 API Reference.
\nReturns the tag set associated with the Outposts bucket. For more information, see\n Using\n Amazon S3 on Outposts in the Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n GetBucketTagging action. By default, the bucket owner has this permission\n and can grant this permission to others.
\n GetBucketTagging has the following special error:
Error code: NoSuchTagSetError\n
Description: There is no tag set associated with the bucket.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging:
\n PutBucketTagging\n
\n\n DeleteBucketTagging\n
\nGet the details of an access grant from your S3 Access Grants instance.
\nYou must have the s3:GetAccessGrant permission to use this operation.
The Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9329,15 +9492,12 @@ } } }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", + "AccessGrantId": { + "target": "com.amazonaws.s3control#AccessGrantId", "traits": { - "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
", "smithy.api#httpLabel": {}, - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "Bucket" - } + "smithy.api#required": {} } } }, @@ -9345,14 +9505,61 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetBucketTaggingResult": { + "com.amazonaws.s3control#GetAccessGrantResult": { "type": "structure", "members": { - "TagSet": { - "target": "com.amazonaws.s3control#S3TagSet", + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", "traits": { - "smithy.api#documentation": "The tags set of the Outposts bucket.
", - "smithy.api#required": {} + "smithy.api#documentation": "The date and time when you created the access grant.
" + } + }, + "AccessGrantId": { + "target": "com.amazonaws.s3control#AccessGrantId", + "traits": { + "smithy.api#documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
" + } + }, + "AccessGrantArn": { + "target": "com.amazonaws.s3control#AccessGrantArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the access grant.
" + } + }, + "Grantee": { + "target": "com.amazonaws.s3control#Grantee", + "traits": { + "smithy.api#documentation": "The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added a corporate directory to Amazon Web Services IAM Identity Center and associated this Identity Center instance with the S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" + } + }, + "Permission": { + "target": "com.amazonaws.s3control#Permission", + "traits": { + "smithy.api#documentation": "The type of permission that was granted in the access grant. Can be one of the following values:
\n\n READ – Grant read-only access to the S3 data.
\n WRITE – Grant write-only access to the S3 data.
\n READWRITE – Grant both read and write access to the S3 data.
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
" + } + }, + "GrantScope": { + "target": "com.amazonaws.s3control#S3Prefix", + "traits": { + "smithy.api#documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" } } }, @@ -9360,24 +9567,25 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetBucketVersioning": { + "com.amazonaws.s3control#GetAccessGrantsInstance": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetBucketVersioningRequest" + "target": "com.amazonaws.s3control#GetAccessGrantsInstanceRequest" }, "output": { - "target": "com.amazonaws.s3control#GetBucketVersioningResult" + "target": "com.amazonaws.s3control#GetAccessGrantsInstanceResult" }, "traits": { - "smithy.api#documentation": "This operation returns the versioning state\n for\n S3 on Outposts\n buckets\n only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.
\nReturns the versioning state for an S3 on Outposts bucket. With\n S3\n Versioning,\n you can save multiple distinct copies of your\n objects\n and recover from unintended user actions and application failures.
\nIf you've never set versioning on your bucket, it has no versioning state. In that case,\n the GetBucketVersioning request does not return a versioning state\n value.
For more information about versioning, see Versioning in the Amazon S3\n User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to GetBucketVersioning for\n S3 on Outposts.
\n PutBucketVersioning\n
\nRetrieves the S3 Access Grants instance for a Region in your account.
\nYou must have the s3:GetAccessGrantsInstance permission to use this operation.
The Amazon Web Services account ID of the S3 on Outposts bucket.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } - } - }, - "Bucket": { - "target": "com.amazonaws.s3control#BucketName", - "traits": { - "smithy.api#documentation": "The S3 on Outposts bucket to return the versioning state for.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "Bucket" - } - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.s3control#GetBucketVersioningResult": { - "type": "structure", - "members": { - "Status": { - "target": "com.amazonaws.s3control#BucketVersioningStatus", - "traits": { - "smithy.api#documentation": "The versioning state of the S3 on Outposts bucket.
" - } - }, - "MFADelete": { - "target": "com.amazonaws.s3control#MFADeleteStatus", - "traits": { - "smithy.api#documentation": "Specifies whether MFA delete is enabled in the bucket versioning configuration. This\n element is returned only if the bucket has been configured with MFA delete. If MFA delete\n has never been configured for the bucket, this element is not returned.
", - "smithy.api#xmlName": "MfaDelete" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.s3control#GetJobTagging": { + "com.amazonaws.s3control#GetAccessGrantsInstanceForPrefix": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetJobTaggingRequest" + "target": "com.amazonaws.s3control#GetAccessGrantsInstanceForPrefixRequest" }, "output": { - "target": "com.amazonaws.s3control#GetJobTaggingResult" + "target": "com.amazonaws.s3control#GetAccessGrantsInstanceForPrefixResult" }, - "errors": [ - { - "target": "com.amazonaws.s3control#InternalServiceException" - }, - { - "target": "com.amazonaws.s3control#NotFoundException" - }, - { - "target": "com.amazonaws.s3control#TooManyRequestsException" - } - ], "traits": { - "smithy.api#documentation": "Returns the tags on an S3 Batch Operations job. To use\n the\n GetJobTagging operation, you must have permission to\n perform the s3:GetJobTagging action. For more information, see Controlling\n access and labeling jobs using tags in the\n Amazon S3 User Guide.
Related actions include:
\n\n CreateJob\n
\n\n PutJobTagging\n
\n\n DeleteJobTagging\n
\nRetrieve the S3 Access Grants instance that contains a particular prefix.
\nYou must have the s3:GetAccessGrantsInstanceForPrefix permission for the caller account to use this operation.
The prefix owner account must grant you the following permissions to their S3 Access Grants instance: s3:GetAccessGrantsInstanceForPrefix.
The Amazon Web Services account ID associated with the S3 Batch Operations job.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9488,11 +9634,11 @@ } } }, - "JobId": { - "target": "com.amazonaws.s3control#JobId", + "S3Prefix": { + "target": "com.amazonaws.s3control#S3Prefix", "traits": { - "smithy.api#documentation": "The ID for the S3 Batch Operations job whose tags you want to retrieve.
", - "smithy.api#httpLabel": {}, + "smithy.api#documentation": "The S3 prefix of the access grants that you would like to retrieve.
", + "smithy.api#httpQuery": "s3prefix", "smithy.api#required": {} } } @@ -9501,13 +9647,19 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetJobTaggingResult": { + "com.amazonaws.s3control#GetAccessGrantsInstanceForPrefixResult": { "type": "structure", "members": { - "Tags": { - "target": "com.amazonaws.s3control#S3TagSet", + "AccessGrantsInstanceArn": { + "target": "com.amazonaws.s3control#AccessGrantsInstanceArn", "traits": { - "smithy.api#documentation": "The set of tags associated with the S3 Batch Operations job.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" + } + }, + "AccessGrantsInstanceId": { + "target": "com.amazonaws.s3control#AccessGrantsInstanceId", + "traits": { + "smithy.api#documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
Returns configuration information about the specified Multi-Region Access Point.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to GetMultiRegionAccessPoint:
The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } } + }, + "traits": { + "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointPolicy": { + "com.amazonaws.s3control#GetAccessGrantsInstanceResourcePolicy": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyRequest" + "target": "com.amazonaws.s3control#GetAccessGrantsInstanceResourcePolicyRequest" }, "output": { - "target": "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyResult" + "target": "com.amazonaws.s3control#GetAccessGrantsInstanceResourcePolicyResult" }, "traits": { - "smithy.api#documentation": "Returns the access control policy of the specified Multi-Region Access Point.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n GetMultiRegionAccessPointPolicy:
Returns the resource policy of the S3 Access Grants instance.
\nYou must have the s3:GetAccessGrantsInstanceResourcePolicy permission to use this operation.
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9581,27 +9727,63 @@ "name": "AccountId" } } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetAccessGrantsInstanceResourcePolicyResult": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.s3control#PolicyDocument", + "traits": { + "smithy.api#documentation": "The resource policy of the S3 Access Grants instance.
" + } }, - "Name": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointName", + "Organization": { + "target": "com.amazonaws.s3control#Organization", "traits": { - "smithy.api#documentation": "Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more\n information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the\n Amazon S3 User Guide.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} + "smithy.api#documentation": "The Organization of the resource policy of the S3 Access Grants instance.
" + } + }, + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", + "traits": { + "smithy.api#documentation": "The date and time when you created the S3 Access Grants instance resource policy.
" } } }, "traits": { - "smithy.api#input": {} + "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyResult": { + "com.amazonaws.s3control#GetAccessGrantsInstanceResult": { "type": "structure", "members": { - "Policy": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointPolicyDocument", + "AccessGrantsInstanceArn": { + "target": "com.amazonaws.s3control#AccessGrantsInstanceArn", "traits": { - "smithy.api#documentation": "The policy associated with the specified Multi-Region Access Point.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" + } + }, + "AccessGrantsInstanceId": { + "target": "com.amazonaws.s3control#AccessGrantsInstanceId", + "traits": { + "smithy.api#documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the Amazon Web Services IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
" + } + }, + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", + "traits": { + "smithy.api#documentation": "The date and time when you created the S3 Access Grants instance.
" } } }, @@ -9609,22 +9791,22 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatus": { + "com.amazonaws.s3control#GetAccessGrantsLocation": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatusRequest" + "target": "com.amazonaws.s3control#GetAccessGrantsLocationRequest" }, "output": { - "target": "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatusResult" + "target": "com.amazonaws.s3control#GetAccessGrantsLocationResult" }, "traits": { - "smithy.api#documentation": "Indicates whether the specified Multi-Region Access Point has an access control policy that allows public\n access.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n GetMultiRegionAccessPointPolicyStatus:
Retrieves the details of a particular location registered in your S3 Access Grants instance.
\nYou must have the s3:GetAccessGrantsLocation permission to use this operation.
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9650,10 +9832,10 @@ } } }, - "Name": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointName", + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", "traits": { - "smithy.api#documentation": "Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more\n information about the distinction between the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the\n Amazon S3 User Guide.
", + "smithy.api#documentation": "The ID of the registered location that you are retrieving. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The date and time when you registered the location.
" + } + }, + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", + "traits": { + "smithy.api#documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) of the registered location.
" + } + }, + "LocationScope": { + "target": "com.amazonaws.s3control#S3Prefix", + "traits": { + "smithy.api#documentation": "The S3 URI path to the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket, or the S3 path to a bucket and prefix. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" + } } }, "traits": { "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointRequest": { + "com.amazonaws.s3control#GetAccessPoint": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetAccessPointRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetAccessPointResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nReturns configuration information about the specified access point.
\n \nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetAccessPoint:
\n CreateAccessPoint\n
\n\n DeleteAccessPoint\n
\n\n ListAccessPoints\n
\nThis operation is not supported by directory buckets.
\nReturns configuration for an Object Lambda Access Point.
\nThe following actions are related to\n GetAccessPointConfigurationForObjectLambda:
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9690,9 +9949,9 @@ } }, "Name": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointName", + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", "traits": { - "smithy.api#documentation": "The name of the Multi-Region Access Point whose configuration information you want to receive. The name of\n the Multi-Region Access Point is different from the alias. For more information about the distinction between\n the name and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points in the\n Amazon S3 User Guide.
", + "smithy.api#documentation": "The name of the Object Lambda Access Point you want to return the configuration for.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9702,13 +9961,13 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointResult": { + "com.amazonaws.s3control#GetAccessPointConfigurationForObjectLambdaResult": { "type": "structure", "members": { - "AccessPoint": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointReport", + "Configuration": { + "target": "com.amazonaws.s3control#ObjectLambdaConfiguration", "traits": { - "smithy.api#documentation": "A container element containing the details of the requested Multi-Region Access Point.
" + "smithy.api#documentation": "Object Lambda Access Point configuration document.
" } } }, @@ -9716,25 +9975,24 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointRoutes": { + "com.amazonaws.s3control#GetAccessPointForObjectLambda": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetMultiRegionAccessPointRoutesRequest" + "target": "com.amazonaws.s3control#GetAccessPointForObjectLambdaRequest" }, "output": { - "target": "com.amazonaws.s3control#GetMultiRegionAccessPointRoutesResult" + "target": "com.amazonaws.s3control#GetAccessPointForObjectLambdaResult" }, "traits": { - "smithy.api#documentation": "Returns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or\n passive.
\nTo obtain routing control changes and failover requests, use the Amazon S3 failover control\n infrastructure endpoints in these five Amazon Web Services Regions:
\n\n us-east-1\n
\n us-west-2\n
\n ap-southeast-2\n
\n ap-northeast-1\n
\n eu-west-1\n
Your Amazon S3 bucket does not need to be in these five Regions.
\nThis operation is not supported by directory buckets.
\nReturns configuration information about the specified Object Lambda Access Point
\nThe following actions are related to GetAccessPointForObjectLambda:
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9757,10 +10015,10 @@ } } }, - "Mrap": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointId", + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", "traits": { - "smithy.api#documentation": "The Multi-Region Access Point ARN.
", + "smithy.api#documentation": "The name of the Object Lambda Access Point.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } @@ -9770,19 +10028,31 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetMultiRegionAccessPointRoutesResult": { + "com.amazonaws.s3control#GetAccessPointForObjectLambdaResult": { "type": "structure", "members": { - "Mrap": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointId", - "traits": { - "smithy.api#documentation": "The Multi-Region Access Point ARN.
" + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "traits": { + "smithy.api#documentation": "The name of the Object Lambda Access Point.
" } }, - "Routes": { - "target": "com.amazonaws.s3control#RouteList", + "PublicAccessBlockConfiguration": { + "target": "com.amazonaws.s3control#PublicAccessBlockConfiguration", "traits": { - "smithy.api#documentation": "The different routes that make up the route configuration. Active routes return a value\n of 100, and passive routes return a value of 0.
Configuration to block all public access. This setting is turned on and can not be\n edited.
" + } + }, + "CreationDate": { + "target": "com.amazonaws.s3control#CreationDate", + "traits": { + "smithy.api#documentation": "The date and time when the specified Object Lambda Access Point was created.
" + } + }, + "Alias": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointAlias", + "traits": { + "smithy.api#documentation": "The alias of the Object Lambda Access Point.
" } } }, @@ -9790,27 +10060,47 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetPublicAccessBlock": { + "com.amazonaws.s3control#GetAccessPointPolicy": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetPublicAccessBlockRequest" + "target": "com.amazonaws.s3control#GetAccessPointPolicyRequest" }, "output": { - "target": "com.amazonaws.s3control#GetPublicAccessBlockOutput" + "target": "com.amazonaws.s3control#GetAccessPointPolicyResult" }, - "errors": [ - { - "target": "com.amazonaws.s3control#NoSuchPublicAccessBlockConfiguration" + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nReturns the access point policy associated with the specified access point.
\nThe following actions are related to GetAccessPointPolicy:
\n PutAccessPointPolicy\n
\nRetrieves the PublicAccessBlock configuration for an Amazon Web Services account. For\n more information, see Using Amazon S3 block\n public access.
Related actions include:
\n\n PutPublicAccessBlock\n
\nThis operation is not supported by directory buckets.
\nReturns the resource policy for an Object Lambda Access Point.
\nThe following actions are related to\n GetAccessPointPolicyForObjectLambda:
The PublicAccessBlock configuration currently in effect for this\n Amazon Web Services account.
The account ID for the account that owns the specified Object Lambda Access Point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "traits": { + "smithy.api#documentation": "The name of the Object Lambda Access Point.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetAccessPointPolicyForObjectLambdaResult": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.s3control#ObjectLambdaPolicy", + "traits": { + "smithy.api#documentation": "Object Lambda Access Point resource policy document.
" } } }, @@ -9835,13 +10152,13 @@ "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetPublicAccessBlockRequest": { + "com.amazonaws.s3control#GetAccessPointPolicyRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID for the Amazon Web Services account whose PublicAccessBlock configuration\n you want to retrieve.
The account ID for the account that owns the specified access point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9849,28 +10166,53 @@ "name": "AccountId" } } + }, + "Name": { + "target": "com.amazonaws.s3control#AccessPointName", + "traits": { + "smithy.api#documentation": "The name of the access point whose policy you want to retrieve.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The access point policy associated with the specified access point.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetAccessPointPolicyStatus": { "type": "operation", "input": { - "target": "com.amazonaws.s3control#GetStorageLensConfigurationRequest" + "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusRequest" }, "output": { - "target": "com.amazonaws.s3control#GetStorageLensConfigurationResult" + "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusResult" }, "traits": { - "smithy.api#documentation": "Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage\n activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
This operation is not supported by directory buckets.
\nIndicates whether the specified access point currently has a policy that allows public access.\n For more information about public access through access points, see Managing Data Access with Amazon S3\n access points in the Amazon S3 User Guide.
", "smithy.api#endpoint": { "hostPrefix": "{AccountId}." }, "smithy.api#http": { "method": "GET", - "uri": "/v20180820/storagelens/{ConfigId}", + "uri": "/v20180820/accesspoint/{Name}/policyStatus", "code": 200 }, "smithy.rules#staticContextParams": { @@ -9880,21 +10222,38 @@ } } }, - "com.amazonaws.s3control#GetStorageLensConfigurationRequest": { + "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambda": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nReturns the status of the resource policy associated with an Object Lambda Access Point.
", + "smithy.api#endpoint": { + "hostPrefix": "{AccountId}." + }, + "smithy.api#http": { + "method": "GET", + "uri": "/v20180820/accesspointforobjectlambda/{Name}/policyStatus", + "code": 200 + }, + "smithy.rules#staticContextParams": { + "RequiresAccountId": { + "value": true + } + } + } + }, + "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaRequest": { "type": "structure", "members": { - "ConfigId": { - "target": "com.amazonaws.s3control#ConfigId", - "traits": { - "smithy.api#documentation": "The ID of the Amazon S3 Storage Lens configuration.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - }, "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID of the requester.
", + "smithy.api#documentation": "The account ID for the account that owns the specified Object Lambda Access Point.
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -9902,1159 +10261,2964 @@ "name": "AccountId" } } + }, + "Name": { + "target": "com.amazonaws.s3control#ObjectLambdaAccessPointName", + "traits": { + "smithy.api#documentation": "The name of the Object Lambda Access Point.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } } }, "traits": { "smithy.api#input": {} } }, - "com.amazonaws.s3control#GetStorageLensConfigurationResult": { + "com.amazonaws.s3control#GetAccessPointPolicyStatusForObjectLambdaResult": { "type": "structure", "members": { - "StorageLensConfiguration": { - "target": "com.amazonaws.s3control#StorageLensConfiguration", - "traits": { - "smithy.api#documentation": "The S3 Storage Lens configuration requested.
", - "smithy.api#httpPayload": {} - } + "PolicyStatus": { + "target": "com.amazonaws.s3control#PolicyStatus" } }, "traits": { "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetStorageLensConfigurationTagging": { - "type": "operation", - "input": { - "target": "com.amazonaws.s3control#GetStorageLensConfigurationTaggingRequest" - }, - "output": { - "target": "com.amazonaws.s3control#GetStorageLensConfigurationTaggingResult" + "com.amazonaws.s3control#GetAccessPointPolicyStatusRequest": { + "type": "structure", + "members": { + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The account ID for the account that owns the specified access point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#AccessPointName", + "traits": { + "smithy.api#documentation": "The name of the access point whose policy status you want to retrieve.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccessPointName" + } + } + } }, "traits": { - "smithy.api#documentation": "Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see\n Assessing your\n storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:GetStorageLensConfigurationTagging action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
Indicates the current policy status of the specified access point.
" } } + }, + "traits": { + "smithy.api#output": {} } }, - "com.amazonaws.s3control#GetStorageLensConfigurationTaggingRequest": { + "com.amazonaws.s3control#GetAccessPointRequest": { "type": "structure", "members": { - "ConfigId": { - "target": "com.amazonaws.s3control#ConfigId", + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The Amazon Web Services account ID for the account that owns the specified access point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#AccessPointName", + "traits": { + "smithy.api#documentation": "The name of the access point whose configuration information you want to retrieve.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the access point accessed in the format arn:aws:s3-outposts:. For example, to access the access point reports-ap through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/accesspoint/reports-ap. The value must be URL encoded.
The name of the specified access point.
" + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "The name of the bucket associated with the specified access point.
" + } + }, + "NetworkOrigin": { + "target": "com.amazonaws.s3control#NetworkOrigin", + "traits": { + "smithy.api#documentation": "Indicates whether this access point allows access from the public internet. If\n VpcConfiguration is specified for this access point, then\n NetworkOrigin is VPC, and the access point doesn't allow access from\n the public internet. Otherwise, NetworkOrigin is Internet, and\n the access point allows access from the public internet, subject to the access point and bucket access\n policies.
This will always be true for an Amazon S3 on Outposts access point
" + } + }, + "VpcConfiguration": { + "target": "com.amazonaws.s3control#VpcConfiguration", + "traits": { + "smithy.api#documentation": "Contains the virtual private cloud (VPC) configuration for the specified access point.
\nThis element is empty if this access point is an Amazon S3 on Outposts access point that is used by other\n Amazon Web Services.
\nThe date and time when the specified access point was created.
" + } + }, + "Alias": { + "target": "com.amazonaws.s3control#Alias", + "traits": { + "smithy.api#documentation": "The name or alias of the access point.
" + } + }, + "AccessPointArn": { + "target": "com.amazonaws.s3control#S3AccessPointArn", + "traits": { + "smithy.api#documentation": "The ARN of the access point.
" + } + }, + "Endpoints": { + "target": "com.amazonaws.s3control#Endpoints", + "traits": { + "smithy.api#documentation": "The VPC endpoint for the access point.
" + } + }, + "BucketAccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetBucket": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetBucketRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetBucketResult" + }, + "traits": { + "smithy.api#documentation": "Gets an Amazon S3 on Outposts bucket. For more information, see Using Amazon S3 on Outposts in the\n Amazon S3 User Guide.
\nIf you are using an identity other than the root user of the Amazon Web Services account that owns the\n Outposts bucket, the calling identity must have the s3-outposts:GetBucket\n permissions on the specified Outposts bucket and belong to the Outposts bucket owner's\n account in order to use this action. Only users from Outposts bucket owner account with\n the right permissions can perform actions on an Outposts bucket.
If you don't have s3-outposts:GetBucket permissions or you're not using an\n identity that belongs to the bucket owner's account, Amazon S3 returns a 403 Access\n Denied error.
The following actions are related to GetBucket for Amazon S3 on Outposts:
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
\n PutObject\n
\n\n CreateBucket\n
\n\n DeleteBucket\n
\nThis action gets an Amazon S3 on Outposts bucket's lifecycle configuration. To get an S3\n bucket's lifecycle configuration, see GetBucketLifecycleConfiguration in the Amazon S3 API Reference.\n
\nReturns the lifecycle configuration information set on the Outposts bucket. For more\n information, see Using Amazon S3 on Outposts and for\n information about lifecycle configuration, see Object Lifecycle\n Management in Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3-outposts:GetLifecycleConfiguration action. The Outposts bucket owner\n has this permission, by default. The bucket owner can grant this permission to others. For\n more information about permissions, see Permissions Related to Bucket Subresource Operations and Managing\n Access Permissions to Your Amazon S3 Resources.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
\n GetBucketLifecycleConfiguration has the following special error:
Error code: NoSuchLifecycleConfiguration\n
Description: The lifecycle configuration does not exist.
\nHTTP Status Code: 404 Not Found
\nSOAP Fault Code Prefix: Client
\nThe following actions are related to\n GetBucketLifecycleConfiguration:
The Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
Container for the lifecycle rule of the Outposts bucket.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetBucketPolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetBucketPolicyRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetBucketPolicyResult" + }, + "traits": { + "smithy.api#documentation": "This action gets a bucket policy for an Amazon S3 on Outposts bucket. To get a policy for\n an S3 bucket, see GetBucketPolicy in the\n Amazon S3 API Reference.
\nReturns the policy of a specified Outposts bucket. For more information, see Using\n Amazon S3 on Outposts in the Amazon S3 User Guide.
\nIf you are using an identity other than the root user of the Amazon Web Services account that owns the\n bucket, the calling identity must have the GetBucketPolicy permissions on the\n specified bucket and belong to the bucket owner's account in order to use this\n action.
Only users from Outposts bucket owner account with the right permissions can perform\n actions on an Outposts bucket. If you don't have s3-outposts:GetBucketPolicy\n permissions or you're not using an identity that belongs to the bucket owner's account,\n Amazon S3 returns a 403 Access Denied error.
As a security precaution, the root user of the Amazon Web Services account that owns a bucket can\n always use this action, even if the policy explicitly denies the root user the ability\n to perform this action.
\nFor more information about bucket policies, see Using Bucket Policies and User\n Policies.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketPolicy:
\n GetObject\n
\n\n PutBucketPolicy\n
\n\n DeleteBucketPolicy\n
\nThe Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The policy of the Outposts bucket.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetBucketReplication": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetBucketReplicationRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetBucketReplicationResult" + }, + "traits": { + "smithy.api#documentation": "This operation gets an Amazon S3 on Outposts bucket's replication configuration. To get an\n S3 bucket's replication configuration, see GetBucketReplication\n in the Amazon S3 API Reference.
\nReturns the replication configuration of an S3 on Outposts bucket. For more information\n about S3 on Outposts, see Using Amazon S3 on Outposts in the\n Amazon S3 User Guide. For information about S3 replication on Outposts\n configuration, see Replicating objects for\n S3 on Outposts in the Amazon S3 User Guide.
\nIt can take a while to propagate PUT or DELETE requests for\n a replication configuration to all S3 on Outposts systems. Therefore, the replication\n configuration that's returned by a GET request soon after a\n PUT or DELETE request might return a more recent result\n than what's on the Outpost. If an Outpost is offline, the delay in updating the\n replication configuration on that Outpost can be significant.
This action requires permissions for the\n s3-outposts:GetReplicationConfiguration action. The Outposts bucket owner\n has this permission by default and can grant it to others. For more information about\n permissions, see Setting up IAM with\n S3 on Outposts and Managing access to\n S3 on Outposts bucket in the Amazon S3 User Guide.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
If you include the Filter element in a replication configuration, you must\n also include the DeleteMarkerReplication, Status, and\n Priority elements. The response also returns those elements.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
\nThe following operations are related to GetBucketReplication:
\n PutBucketReplication\n
\nThe Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "Specifies the bucket to get the replication information for.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
A container for one or more replication rules. A replication configuration must have at\n least one rule and you can add up to 100 rules. The maximum size of a replication\n configuration is 128 KB.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetBucketRequest": { + "type": "structure", + "members": { + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The Outposts bucket requested.
" + } + }, + "PublicAccessBlockEnabled": { + "target": "com.amazonaws.s3control#PublicAccessBlockEnabled", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "" + } + }, + "CreationDate": { + "target": "com.amazonaws.s3control#CreationDate", + "traits": { + "smithy.api#documentation": "The creation date of the Outposts bucket.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetBucketTagging": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetBucketTaggingRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetBucketTaggingResult" + }, + "traits": { + "smithy.api#documentation": "This action gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see\n GetBucketTagging in the Amazon S3 API Reference.
\nReturns the tag set associated with the Outposts bucket. For more information, see\n Using\n Amazon S3 on Outposts in the Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n GetBucketTagging action. By default, the bucket owner has this permission\n and can grant this permission to others.
\n GetBucketTagging has the following special error:
Error code: NoSuchTagSetError\n
Description: There is no tag set associated with the bucket.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to GetBucketTagging:
\n PutBucketTagging\n
\n\n DeleteBucketTagging\n
\nThe Amazon Web Services account ID of the Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "Specifies the bucket.
\nFor using this parameter with Amazon S3 on Outposts with the REST API, you must specify the name and the x-amz-outpost-id as well.
\nFor using this parameter with S3 on Outposts with the Amazon Web Services SDK and CLI, you must specify the ARN of the bucket accessed in the format arn:aws:s3-outposts:. For example, to access the bucket reports through Outpost my-outpost owned by account 123456789012 in Region us-west-2, use the URL encoding of arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/bucket/reports. The value must be URL encoded.
The tags set of the Outposts bucket.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetBucketVersioning": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetBucketVersioningRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetBucketVersioningResult" + }, + "traits": { + "smithy.api#documentation": "This operation returns the versioning state\n for\n S3 on Outposts\n buckets\n only. To return the versioning state for an S3 bucket, see GetBucketVersioning in the Amazon S3 API Reference.
\nReturns the versioning state for an S3 on Outposts bucket. With\n S3\n Versioning,\n you can save multiple distinct copies of your\n objects\n and recover from unintended user actions and application failures.
\nIf you've never set versioning on your bucket, it has no versioning state. In that case,\n the GetBucketVersioning request does not return a versioning state\n value.
For more information about versioning, see Versioning in the Amazon S3\n User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to GetBucketVersioning for\n S3 on Outposts.
\n PutBucketVersioning\n
\nThe Amazon Web Services account ID of the S3 on Outposts bucket.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Bucket": { + "target": "com.amazonaws.s3control#BucketName", + "traits": { + "smithy.api#documentation": "The S3 on Outposts bucket to return the versioning state for.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "Bucket" + } + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetBucketVersioningResult": { + "type": "structure", + "members": { + "Status": { + "target": "com.amazonaws.s3control#BucketVersioningStatus", + "traits": { + "smithy.api#documentation": "The versioning state of the S3 on Outposts bucket.
" + } + }, + "MFADelete": { + "target": "com.amazonaws.s3control#MFADeleteStatus", + "traits": { + "smithy.api#documentation": "Specifies whether MFA delete is enabled in the bucket versioning configuration. This\n element is returned only if the bucket has been configured with MFA delete. If MFA delete\n has never been configured for the bucket, this element is not returned.
", + "smithy.api#xmlName": "MfaDelete" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetDataAccess": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetDataAccessRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetDataAccessResult" + }, + "traits": { + "smithy.api#documentation": "Returns a temporary access credential from S3 Access Grants to the grantee or client application. The temporary credential is an Amazon Web Services STS token that grants them access to the S3 data.
\nYou must have the s3:GetDataAccess permission to use this operation.
The IAM role that S3 Access Grants assumes must have the following permissions specified in the trust policy when registering the location: sts:AssumeRole, for directory users or groups sts:SetContext, and for IAM users or roles sts:SetSourceIdentity.
The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Target": { + "target": "com.amazonaws.s3control#S3Prefix", + "traits": { + "smithy.api#documentation": "The S3 URI path of the data to which you are requesting temporary access credentials. If the requesting account has an access grant for this data, S3 Access Grants vends temporary access credentials in the response.
", + "smithy.api#httpQuery": "target", + "smithy.api#required": {} + } + }, + "Permission": { + "target": "com.amazonaws.s3control#Permission", + "traits": { + "smithy.api#documentation": "The type of permission granted to your S3 data, which can be set to one of the following values:
\n\n READ – Grant read-only access to the S3 data.
\n WRITE – Grant write-only access to the S3 data.
\n READWRITE – Grant both read and write access to the S3 data.
The session duration, in seconds, of the temporary access credential that S3 Access Grants vends to the grantee or client application. The default value is 1 hour, but the grantee can specify a range from 900 seconds (15 minutes) up to 43200 seconds (12 hours). If the grantee requests a value higher than this maximum, the operation fails.
", + "smithy.api#httpQuery": "durationSeconds" + } + }, + "Privilege": { + "target": "com.amazonaws.s3control#Privilege", + "traits": { + "smithy.api#documentation": "The scope of the temporary access credential that S3 Access Grants vends to the grantee or client application.
\n\n Default – The scope of the returned temporary access token is the scope of the grant that is closest to the target scope.
\n Minimal – The scope of the returned temporary access token is the same as the requested target scope as long as the requested scope is the same as or a subset of the grant scope.
The type of Target. The only possible value is Object. Pass this value if the target data that you would like to access is a path to an object. Do not pass this value if the target data is a bucket or a bucket and a prefix.
The temporary credential token that S3 Access Grants vends.
" + } + }, + "MatchedGrantTarget": { + "target": "com.amazonaws.s3control#S3Prefix", + "traits": { + "smithy.api#documentation": "The S3 URI path of the data to which you are being granted temporary access credentials.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetJobTagging": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetJobTaggingRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetJobTaggingResult" + }, + "errors": [ + { + "target": "com.amazonaws.s3control#InternalServiceException" + }, + { + "target": "com.amazonaws.s3control#NotFoundException" + }, + { + "target": "com.amazonaws.s3control#TooManyRequestsException" + } + ], + "traits": { + "smithy.api#documentation": "Returns the tags on an S3 Batch Operations job.
\nTo use the\n GetJobTagging operation, you must have permission to\n perform the s3:GetJobTagging action. For more information, see Controlling\n access and labeling jobs using tags in the\n Amazon S3 User Guide.
Related actions include:
\n\n CreateJob\n
\n\n PutJobTagging\n
\n\n DeleteJobTagging\n
\nThe Amazon Web Services account ID associated with the S3 Batch Operations job.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "JobId": { + "target": "com.amazonaws.s3control#JobId", + "traits": { + "smithy.api#documentation": "The ID for the S3 Batch Operations job whose tags you want to retrieve.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetJobTaggingResult": { + "type": "structure", + "members": { + "Tags": { + "target": "com.amazonaws.s3control#S3TagSet", + "traits": { + "smithy.api#documentation": "The set of tags associated with the S3 Batch Operations job.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPoint": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetMultiRegionAccessPointRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetMultiRegionAccessPointResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nReturns configuration information about the specified Multi-Region Access Point.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThe following actions are related to GetMultiRegionAccessPoint:
This operation is not supported by directory buckets.
\nReturns the access control policy of the specified Multi-Region Access Point.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThe following actions are related to\n GetMultiRegionAccessPointPolicy:
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointName", + "traits": { + "smithy.api#documentation": "Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more\n information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the\n Amazon S3 User Guide.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyResult": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointPolicyDocument", + "traits": { + "smithy.api#documentation": "The policy associated with the specified Multi-Region Access Point.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatus": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatusRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatusResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nIndicates whether the specified Multi-Region Access Point has an access control policy that allows public\n access.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThe following actions are related to\n GetMultiRegionAccessPointPolicyStatus:
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointName", + "traits": { + "smithy.api#documentation": "Specifies the Multi-Region Access Point. The name of the Multi-Region Access Point is different from the alias. For more\n information about the distinction between the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the\n Amazon S3 User Guide.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointPolicyStatusResult": { + "type": "structure", + "members": { + "Established": { + "target": "com.amazonaws.s3control#PolicyStatus" + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointRequest": { + "type": "structure", + "members": { + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Name": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointName", + "traits": { + "smithy.api#documentation": "The name of the Multi-Region Access Point whose configuration information you want to receive. The name of\n the Multi-Region Access Point is different from the alias. For more information about the distinction between\n the name and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points in the\n Amazon S3 User Guide.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointResult": { + "type": "structure", + "members": { + "AccessPoint": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointReport", + "traits": { + "smithy.api#documentation": "A container element containing the details of the requested Multi-Region Access Point.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointRoutes": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetMultiRegionAccessPointRoutesRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetMultiRegionAccessPointRoutesResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nReturns the routing configuration for a Multi-Region Access Point, indicating which Regions are active or\n passive.
\nTo obtain routing control changes and failover requests, use the Amazon S3 failover control\n infrastructure endpoints in these five Amazon Web Services Regions:
\n\n us-east-1\n
\n us-west-2\n
\n ap-southeast-2\n
\n ap-northeast-1\n
\n eu-west-1\n
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Mrap": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointId", + "traits": { + "smithy.api#documentation": "The Multi-Region Access Point ARN.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetMultiRegionAccessPointRoutesResult": { + "type": "structure", + "members": { + "Mrap": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointId", + "traits": { + "smithy.api#documentation": "The Multi-Region Access Point ARN.
" + } + }, + "Routes": { + "target": "com.amazonaws.s3control#RouteList", + "traits": { + "smithy.api#documentation": "The different routes that make up the route configuration. Active routes return a value\n of 100, and passive routes return a value of 0.
This operation is not supported by directory buckets.
\nRetrieves the PublicAccessBlock configuration for an Amazon Web Services account. For\n more information, see Using Amazon S3 block\n public access.
Related actions include:
\n\n PutPublicAccessBlock\n
\nThe PublicAccessBlock configuration currently in effect for this\n Amazon Web Services account.
The account ID for the Amazon Web Services account whose PublicAccessBlock configuration\n you want to retrieve.
This operation is not supported by directory buckets.
\nGets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage\n activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
The ID of the Amazon S3 Storage Lens configuration.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The account ID of the requester.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetStorageLensConfigurationResult": { + "type": "structure", + "members": { + "StorageLensConfiguration": { + "target": "com.amazonaws.s3control#StorageLensConfiguration", + "traits": { + "smithy.api#documentation": "The S3 Storage Lens configuration requested.
", + "smithy.api#httpPayload": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetStorageLensConfigurationTagging": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetStorageLensConfigurationTaggingRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetStorageLensConfigurationTaggingResult" + }, + "traits": { + "smithy.api#documentation": "This operation is not supported by directory buckets.
\nGets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see\n Assessing your\n storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:GetStorageLensConfigurationTagging action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
The ID of the Amazon S3 Storage Lens configuration.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "The account ID of the requester.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetStorageLensConfigurationTaggingResult": { + "type": "structure", + "members": { + "Tags": { + "target": "com.amazonaws.s3control#StorageLensTags", + "traits": { + "smithy.api#documentation": "The tags of S3 Storage Lens configuration requested.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GetStorageLensGroup": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#GetStorageLensGroupRequest" + }, + "output": { + "target": "com.amazonaws.s3control#GetStorageLensGroupResult" + }, + "traits": { + "smithy.api#documentation": "\nRetrieves the Storage Lens group configuration details.
\nTo use this operation, you must have the permission to perform the\n s3:GetStorageLensGroup action. For more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage\n Lens error codes.
", + "smithy.api#endpoint": { + "hostPrefix": "{AccountId}." + }, + "smithy.api#http": { + "method": "GET", + "uri": "/v20180820/storagelensgroup/{Name}", + "code": 200 + }, + "smithy.rules#staticContextParams": { + "RequiresAccountId": { + "value": true + } + } + } + }, + "com.amazonaws.s3control#GetStorageLensGroupRequest": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.s3control#StorageLensGroupName", + "traits": { + "smithy.api#documentation": "\nThe name of the Storage Lens group that you're trying to retrieve the configuration details for.\n
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "\nThe Amazon Web Services account ID associated with the Storage Lens group that you're trying to retrieve the details for.\n
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#GetStorageLensGroupResult": { + "type": "structure", + "members": { + "StorageLensGroup": { + "target": "com.amazonaws.s3control#StorageLensGroup", + "traits": { + "smithy.api#documentation": "\nThe name of the Storage Lens group that you're trying to retrieve the configuration details for.\n
", + "smithy.api#httpPayload": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#GrantFullControl": { + "type": "string" + }, + "com.amazonaws.s3control#GrantRead": { + "type": "string" + }, + "com.amazonaws.s3control#GrantReadACP": { + "type": "string" + }, + "com.amazonaws.s3control#GrantWrite": { + "type": "string" + }, + "com.amazonaws.s3control#GrantWriteACP": { + "type": "string" + }, + "com.amazonaws.s3control#Grantee": { + "type": "structure", + "members": { + "GranteeType": { + "target": "com.amazonaws.s3control#GranteeType", + "traits": { + "smithy.api#documentation": "The type of the grantee to which access has been granted. It can be one of the following values:
\n\n IAM - An IAM user or role.
\n DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
\n DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
The unique identifier of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.
The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" + } + }, + "com.amazonaws.s3control#GranteeIdentifier": { + "type": "string" + }, + "com.amazonaws.s3control#GranteeType": { + "type": "enum", + "members": { + "DIRECTORY_USER": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DIRECTORY_USER" + } + }, + "DIRECTORY_GROUP": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DIRECTORY_GROUP" + } + }, + "IAM": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "IAM" + } + } + } + }, + "com.amazonaws.s3control#IAMRoleArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 2048 + }, + "smithy.api#pattern": "^arn:[^:]+:iam::\\d{12}:role/" + } + }, + "com.amazonaws.s3control#ID": { + "type": "string" + }, + "com.amazonaws.s3control#IdempotencyException": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.s3control#ExceptionMessage" + } + }, + "traits": { + "smithy.api#documentation": "", + "smithy.api#error": "client" + } + }, + "com.amazonaws.s3control#IdentityCenterApplicationArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 10, + "max": 1224 + }, + "smithy.api#pattern": "^arn:[^:]+:sso:.*$" + } + }, + "com.amazonaws.s3control#IdentityCenterArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 10, + "max": 1224 + }, + "smithy.api#pattern": "^arn:[^:]+:sso::(\\d{12}){0,1}:instance/.*$" + } + }, + "com.amazonaws.s3control#Include": { + "type": "structure", + "members": { + "Buckets": { + "target": "com.amazonaws.s3control#Buckets", + "traits": { + "smithy.api#documentation": "A container for the S3 Storage Lens bucket includes.
" + } + }, + "Regions": { + "target": "com.amazonaws.s3control#Regions", + "traits": { + "smithy.api#documentation": "A container for the S3 Storage Lens Region includes.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A container for what Amazon S3 Storage Lens configuration includes.
" + } + }, + "com.amazonaws.s3control#InternalServiceException": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.s3control#ExceptionMessage" + } + }, + "traits": { + "smithy.api#documentation": "", + "smithy.api#error": "server" + } + }, + "com.amazonaws.s3control#InvalidNextTokenException": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.s3control#ExceptionMessage" + } + }, + "traits": { + "smithy.api#documentation": "", + "smithy.api#error": "client" + } + }, + "com.amazonaws.s3control#InvalidRequestException": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.s3control#ExceptionMessage" + } + }, + "traits": { + "smithy.api#documentation": "", + "smithy.api#error": "client" + } + }, + "com.amazonaws.s3control#IsEnabled": { + "type": "boolean", + "traits": { + "smithy.api#default": false + } + }, + "com.amazonaws.s3control#IsPublic": { + "type": "boolean", + "traits": { + "smithy.api#default": false + } + }, + "com.amazonaws.s3control#JobArn": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 1024 + }, + "smithy.api#pattern": "^arn:[^:]+:s3:[a-zA-Z0-9\\-]+:\\d{12}:job\\/" + } + }, + "com.amazonaws.s3control#JobCreationTime": { + "type": "timestamp" + }, + "com.amazonaws.s3control#JobDescriptor": { + "type": "structure", + "members": { + "JobId": { + "target": "com.amazonaws.s3control#JobId", + "traits": { + "smithy.api#documentation": "The ID for the specified job.
" + } + }, + "ConfirmationRequired": { + "target": "com.amazonaws.s3control#ConfirmationRequired", + "traits": { + "smithy.api#default": null, + "smithy.api#documentation": "Indicates whether confirmation is required before Amazon S3 begins running the specified job.\n Confirmation is required only for jobs created through the Amazon S3 console.
" + } + }, + "Description": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength256String", + "traits": { + "smithy.api#documentation": "The description for this job, if one was provided in this job's Create Job\n request.
The Amazon Resource Name (ARN) for this job.
" + } + }, + "Status": { + "target": "com.amazonaws.s3control#JobStatus", + "traits": { + "smithy.api#documentation": "The current status of the specified job.
" + } + }, + "Manifest": { + "target": "com.amazonaws.s3control#JobManifest", + "traits": { + "smithy.api#documentation": "The configuration information for the specified job's manifest object.
" + } + }, + "Operation": { + "target": "com.amazonaws.s3control#JobOperation", + "traits": { + "smithy.api#documentation": "The operation that the specified job is configured to run on the objects listed in the\n manifest.
" + } + }, + "Priority": { + "target": "com.amazonaws.s3control#JobPriority", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The priority of the specified job.
" + } + }, + "ProgressSummary": { + "target": "com.amazonaws.s3control#JobProgressSummary", + "traits": { + "smithy.api#documentation": "Describes the total number of tasks that the specified job has run, the number of tasks\n that succeeded, and the number of tasks that failed.
" + } + }, + "StatusUpdateReason": { + "target": "com.amazonaws.s3control#JobStatusUpdateReason", + "traits": { + "smithy.api#documentation": "The reason for updating the job.
" + } + }, + "FailureReasons": { + "target": "com.amazonaws.s3control#JobFailureList", + "traits": { + "smithy.api#documentation": "If the specified job failed, this field contains information describing the\n failure.
" + } + }, + "Report": { + "target": "com.amazonaws.s3control#JobReport", + "traits": { + "smithy.api#documentation": "Contains the configuration information for the job-completion report if you requested\n one in the Create Job request.
A timestamp indicating when this job was created.
" + } + }, + "TerminationDate": { + "target": "com.amazonaws.s3control#JobTerminationDate", + "traits": { + "smithy.api#documentation": "A timestamp indicating when this job terminated. A job's termination date is the date\n and time when it succeeded, failed, or was canceled.
" + } + }, + "RoleArn": { + "target": "com.amazonaws.s3control#IAMRoleArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks\n for this job.
" + } + }, + "SuspendedDate": { + "target": "com.amazonaws.s3control#SuspendedDate", + "traits": { + "smithy.api#documentation": "The timestamp when this job was suspended, if it has been suspended.
" + } + }, + "SuspendedCause": { + "target": "com.amazonaws.s3control#SuspendedCause", "traits": { - "smithy.api#documentation": "The ID of the Amazon S3 Storage Lens configuration.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} + "smithy.api#documentation": "The reason why the specified job was suspended. A job is only suspended if you create it\n through the Amazon S3 console. When you create the job, it enters the Suspended\n state to await confirmation before running. After you confirm the job, it automatically\n exits the Suspended state.
The account ID of the requester.
", - "smithy.api#hostLabel": {}, - "smithy.api#httpHeader": "x-amz-account-id", - "smithy.api#required": {}, - "smithy.rules#contextParam": { - "name": "AccountId" - } + "smithy.api#documentation": "The manifest generator that was used to generate a job manifest for this job.
" + } + }, + "GeneratedManifestDescriptor": { + "target": "com.amazonaws.s3control#S3GeneratedManifestDescriptor", + "traits": { + "smithy.api#documentation": "The attribute of the JobDescriptor containing details about the job's generated\n manifest.
" } } }, "traits": { - "smithy.api#input": {} + "smithy.api#documentation": "A container element for the job configuration and status information returned by a\n Describe Job request.
The tags of S3 Storage Lens configuration requested.
" + "smithy.api#documentation": "The failure code, if any, for the specified job.
" + } + }, + "FailureReason": { + "target": "com.amazonaws.s3control#JobFailureReason", + "traits": { + "smithy.api#documentation": "The failure reason, if any, for the specified job.
" } } }, "traits": { - "smithy.api#output": {} + "smithy.api#documentation": "If this job failed, this element indicates why the job failed.
" } }, - "com.amazonaws.s3control#GrantFullControl": { - "type": "string" - }, - "com.amazonaws.s3control#GrantRead": { - "type": "string" - }, - "com.amazonaws.s3control#GrantReadACP": { - "type": "string" - }, - "com.amazonaws.s3control#GrantWrite": { - "type": "string" - }, - "com.amazonaws.s3control#GrantWriteACP": { - "type": "string" - }, - "com.amazonaws.s3control#IAMRoleArn": { + "com.amazonaws.s3control#JobFailureCode": { "type": "string", "traits": { "smithy.api#length": { "min": 1, - "max": 2048 - }, - "smithy.api#pattern": "^arn:[^:]+:iam::\\d{12}:role/" + "max": 64 + } } }, - "com.amazonaws.s3control#ID": { - "type": "string" + "com.amazonaws.s3control#JobFailureList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#JobFailure" + } }, - "com.amazonaws.s3control#IdempotencyException": { - "type": "structure", - "members": { - "Message": { - "target": "com.amazonaws.s3control#ExceptionMessage" + "com.amazonaws.s3control#JobFailureReason": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 256 } - }, + } + }, + "com.amazonaws.s3control#JobId": { + "type": "string", "traits": { - "smithy.api#documentation": "", - "smithy.api#error": "client" + "smithy.api#length": { + "min": 5, + "max": 36 + }, + "smithy.api#pattern": "^[a-zA-Z0-9\\-\\_]+$" } }, - "com.amazonaws.s3control#Include": { + "com.amazonaws.s3control#JobListDescriptor": { "type": "structure", "members": { - "Buckets": { - "target": "com.amazonaws.s3control#Buckets", + "JobId": { + "target": "com.amazonaws.s3control#JobId", "traits": { - "smithy.api#documentation": "A container for the S3 Storage Lens bucket includes.
" + "smithy.api#documentation": "The ID for the specified job.
" } }, - "Regions": { - "target": "com.amazonaws.s3control#Regions", + "Description": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength256String", "traits": { - "smithy.api#documentation": "A container for the S3 Storage Lens Region includes.
" + "smithy.api#documentation": "The user-specified description that was included in the specified job's Create\n Job request.
The operation that the specified job is configured to run on every object listed in the\n manifest.
" + } + }, + "Priority": { + "target": "com.amazonaws.s3control#JobPriority", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "The current priority for the specified job.
" + } + }, + "Status": { + "target": "com.amazonaws.s3control#JobStatus", + "traits": { + "smithy.api#documentation": "The specified job's current status.
" + } + }, + "CreationTime": { + "target": "com.amazonaws.s3control#JobCreationTime", + "traits": { + "smithy.api#documentation": "A timestamp indicating when the specified job was created.
" + } + }, + "TerminationDate": { + "target": "com.amazonaws.s3control#JobTerminationDate", + "traits": { + "smithy.api#documentation": "A timestamp indicating when the specified job terminated. A job's termination date is\n the date and time when it succeeded, failed, or was canceled.
" + } + }, + "ProgressSummary": { + "target": "com.amazonaws.s3control#JobProgressSummary", + "traits": { + "smithy.api#documentation": "Describes the total number of tasks that the specified job has run, the number of tasks\n that succeeded, and the number of tasks that failed.
" } } }, "traits": { - "smithy.api#documentation": "A container for what Amazon S3 Storage Lens configuration includes.
" - } - }, - "com.amazonaws.s3control#InternalServiceException": { - "type": "structure", - "members": { - "Message": { - "target": "com.amazonaws.s3control#ExceptionMessage" - } - }, - "traits": { - "smithy.api#documentation": "", - "smithy.api#error": "server" + "smithy.api#documentation": "Contains the configuration and status information for a single job retrieved as part of\n a job list.
" } }, - "com.amazonaws.s3control#InvalidNextTokenException": { - "type": "structure", - "members": { - "Message": { - "target": "com.amazonaws.s3control#ExceptionMessage" - } - }, - "traits": { - "smithy.api#documentation": "", - "smithy.api#error": "client" + "com.amazonaws.s3control#JobListDescriptorList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#JobListDescriptor" } }, - "com.amazonaws.s3control#InvalidRequestException": { + "com.amazonaws.s3control#JobManifest": { "type": "structure", "members": { - "Message": { - "target": "com.amazonaws.s3control#ExceptionMessage" + "Spec": { + "target": "com.amazonaws.s3control#JobManifestSpec", + "traits": { + "smithy.api#documentation": "Describes the format of the specified job's manifest. If the manifest is in CSV format,\n also describes the columns contained within the manifest.
", + "smithy.api#required": {} + } + }, + "Location": { + "target": "com.amazonaws.s3control#JobManifestLocation", + "traits": { + "smithy.api#documentation": "Contains the information required to locate the specified job's manifest. Manifests\n can't be imported from directory buckets. For more information, see Directory buckets.
", + "smithy.api#required": {} + } } }, "traits": { - "smithy.api#documentation": "", - "smithy.api#error": "client" - } - }, - "com.amazonaws.s3control#IsEnabled": { - "type": "boolean", - "traits": { - "smithy.api#default": false - } - }, - "com.amazonaws.s3control#IsPublic": { - "type": "boolean", - "traits": { - "smithy.api#default": false + "smithy.api#documentation": "Contains the configuration information for a job's manifest.
" } }, - "com.amazonaws.s3control#JobArn": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 1, - "max": 1024 - }, - "smithy.api#pattern": "^arn:[^:]+:s3:[a-zA-Z0-9\\-]+:\\d{12}:job\\/" + "com.amazonaws.s3control#JobManifestFieldList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#JobManifestFieldName" } }, - "com.amazonaws.s3control#JobCreationTime": { - "type": "timestamp" - }, - "com.amazonaws.s3control#JobDescriptor": { - "type": "structure", + "com.amazonaws.s3control#JobManifestFieldName": { + "type": "enum", "members": { - "JobId": { - "target": "com.amazonaws.s3control#JobId", - "traits": { - "smithy.api#documentation": "The ID for the specified job.
" - } - }, - "ConfirmationRequired": { - "target": "com.amazonaws.s3control#ConfirmationRequired", + "Ignore": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#default": null, - "smithy.api#documentation": "Indicates whether confirmation is required before Amazon S3 begins running the specified job.\n Confirmation is required only for jobs created through the Amazon S3 console.
" + "smithy.api#enumValue": "Ignore" } }, - "Description": { - "target": "com.amazonaws.s3control#NonEmptyMaxLength256String", + "Bucket": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "The description for this job, if one was provided in this job's Create Job\n request.
The Amazon Resource Name (ARN) for this job.
" + "smithy.api#enumValue": "Key" } }, - "Status": { - "target": "com.amazonaws.s3control#JobStatus", + "VersionId": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "The current status of the specified job.
" + "smithy.api#enumValue": "VersionId" } - }, - "Manifest": { - "target": "com.amazonaws.s3control#JobManifest", + } + } + }, + "com.amazonaws.s3control#JobManifestFormat": { + "type": "enum", + "members": { + "S3BatchOperations_CSV_20180820": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "The configuration information for the specified job's manifest object.
" + "smithy.api#enumValue": "S3BatchOperations_CSV_20180820" } }, - "Operation": { - "target": "com.amazonaws.s3control#JobOperation", + "S3InventoryReport_CSV_20161130": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "The operation that the specified job is configured to run on the objects listed in the\n manifest.
" + "smithy.api#enumValue": "S3InventoryReport_CSV_20161130" } - }, - "Priority": { - "target": "com.amazonaws.s3control#JobPriority", + } + } + }, + "com.amazonaws.s3control#JobManifestGenerator": { + "type": "union", + "members": { + "S3JobManifestGenerator": { + "target": "com.amazonaws.s3control#S3JobManifestGenerator", "traits": { - "smithy.api#default": 0, - "smithy.api#documentation": "The priority of the specified job.
" + "smithy.api#documentation": "The S3 job ManifestGenerator's configuration details.
" } - }, - "ProgressSummary": { - "target": "com.amazonaws.s3control#JobProgressSummary", + } + }, + "traits": { + "smithy.api#documentation": "Configures the type of the job's ManifestGenerator.
" + } + }, + "com.amazonaws.s3control#JobManifestGeneratorFilter": { + "type": "structure", + "members": { + "EligibleForReplication": { + "target": "com.amazonaws.s3control#Boolean", "traits": { - "smithy.api#documentation": "Describes the total number of tasks that the specified job has run, the number of tasks\n that succeeded, and the number of tasks that failed.
" + "smithy.api#default": null, + "smithy.api#documentation": "Include objects in the generated manifest only if they are eligible for replication\n according to the Replication configuration on the source bucket.
" } }, - "StatusUpdateReason": { - "target": "com.amazonaws.s3control#JobStatusUpdateReason", + "CreatedAfter": { + "target": "com.amazonaws.s3control#ObjectCreationTime", "traits": { - "smithy.api#documentation": "The reason for updating the job.
" + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects that were\n created after this time.
" } }, - "FailureReasons": { - "target": "com.amazonaws.s3control#JobFailureList", + "CreatedBefore": { + "target": "com.amazonaws.s3control#ObjectCreationTime", "traits": { - "smithy.api#documentation": "If the specified job failed, this field contains information describing the\n failure.
" + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects that were\n created before this time.
" } }, - "Report": { - "target": "com.amazonaws.s3control#JobReport", + "ObjectReplicationStatuses": { + "target": "com.amazonaws.s3control#ReplicationStatusFilterList", "traits": { - "smithy.api#documentation": "Contains the configuration information for the job-completion report if you requested\n one in the Create Job request.
If provided, the generated manifest includes only source bucket objects that have one of\n the specified Replication statuses.
" } }, - "CreationTime": { - "target": "com.amazonaws.s3control#JobCreationTime", + "KeyNameConstraint": { + "target": "com.amazonaws.s3control#KeyNameConstraint", "traits": { - "smithy.api#documentation": "A timestamp indicating when this job was created.
" + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects whose object\n keys match the string constraints specified for MatchAnyPrefix,\n MatchAnySuffix, and MatchAnySubstring.
A timestamp indicating when this job terminated. A job's termination date is the date\n and time when it succeeded, failed, or was canceled.
" + "smithy.api#default": null, + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects whose file size\n is greater than the specified number of bytes.
" } }, - "RoleArn": { - "target": "com.amazonaws.s3control#IAMRoleArn", + "ObjectSizeLessThanBytes": { + "target": "com.amazonaws.s3control#ObjectSizeLessThanBytes", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) for the Identity and Access Management (IAM) role assigned to run the tasks\n for this job.
" + "smithy.api#default": null, + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects whose file size\n is less than the specified number of bytes.
" } }, - "SuspendedDate": { - "target": "com.amazonaws.s3control#SuspendedDate", + "MatchAnyStorageClass": { + "target": "com.amazonaws.s3control#StorageClassList", "traits": { - "smithy.api#documentation": "The timestamp when this job was suspended, if it has been suspended.
" + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects that are stored\n with the specified storage class.
" } - }, - "SuspendedCause": { - "target": "com.amazonaws.s3control#SuspendedCause", + } + }, + "traits": { + "smithy.api#documentation": "The filter used to describe a set of objects for the job's manifest.
" + } + }, + "com.amazonaws.s3control#JobManifestLocation": { + "type": "structure", + "members": { + "ObjectArn": { + "target": "com.amazonaws.s3control#S3KeyArnString", "traits": { - "smithy.api#documentation": "The reason why the specified job was suspended. A job is only suspended if you create it\n through the Amazon S3 console. When you create the job, it enters the Suspended\n state to await confirmation before running. After you confirm the job, it automatically\n exits the Suspended state.
The Amazon Resource Name (ARN) for a manifest object.
\nWhen you're using XML requests, you must \nreplace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. \nFor more information, see \n XML-related object key constraints in the Amazon S3 User Guide.
\nThe manifest generator that was used to generate a job manifest for this job.
" + "smithy.api#documentation": "The optional version ID to identify a specific version of the manifest object.
" } }, - "GeneratedManifestDescriptor": { - "target": "com.amazonaws.s3control#S3GeneratedManifestDescriptor", + "ETag": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength1024String", "traits": { - "smithy.api#documentation": "The attribute of the JobDescriptor containing details about the job's generated\n manifest.
" + "smithy.api#documentation": "The ETag for the specified manifest object.
", + "smithy.api#required": {} } } }, "traits": { - "smithy.api#documentation": "A container element for the job configuration and status information returned by a\n Describe Job request.
Contains the information required to locate a manifest object. Manifests can't be\n imported from directory buckets. For more information, see Directory\n buckets.
" } }, - "com.amazonaws.s3control#JobFailure": { + "com.amazonaws.s3control#JobManifestSpec": { "type": "structure", "members": { - "FailureCode": { - "target": "com.amazonaws.s3control#JobFailureCode", + "Format": { + "target": "com.amazonaws.s3control#JobManifestFormat", "traits": { - "smithy.api#documentation": "The failure code, if any, for the specified job.
" + "smithy.api#documentation": "Indicates which of the available formats the specified manifest uses.
", + "smithy.api#required": {} } }, - "FailureReason": { - "target": "com.amazonaws.s3control#JobFailureReason", + "Fields": { + "target": "com.amazonaws.s3control#JobManifestFieldList", "traits": { - "smithy.api#documentation": "The failure reason, if any, for the specified job.
" + "smithy.api#documentation": "If the specified manifest object is in the S3BatchOperations_CSV_20180820\n format, this element describes which columns contain the required data.
If this job failed, this element indicates why the job failed.
" + "smithy.api#documentation": "Describes the format of a manifest. If the manifest is in CSV format, also describes the\n columns contained within the manifest.
" } }, - "com.amazonaws.s3control#JobFailureCode": { - "type": "string", + "com.amazonaws.s3control#JobNumberOfTasksFailed": { + "type": "long", "traits": { - "smithy.api#length": { - "min": 1, - "max": 64 + "smithy.api#default": 0, + "smithy.api#range": { + "min": 0 } } }, - "com.amazonaws.s3control#JobFailureList": { - "type": "list", - "member": { - "target": "com.amazonaws.s3control#JobFailure" + "com.amazonaws.s3control#JobNumberOfTasksSucceeded": { + "type": "long", + "traits": { + "smithy.api#default": 0, + "smithy.api#range": { + "min": 0 + } } }, - "com.amazonaws.s3control#JobFailureReason": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 1, - "max": 256 + "com.amazonaws.s3control#JobOperation": { + "type": "structure", + "members": { + "LambdaInvoke": { + "target": "com.amazonaws.s3control#LambdaInvokeOperation", + "traits": { + "smithy.api#documentation": "Directs the specified job to invoke an Lambda function on every object in the\n manifest.
" + } + }, + "S3PutObjectCopy": { + "target": "com.amazonaws.s3control#S3CopyObjectOperation", + "traits": { + "smithy.api#documentation": "Directs the specified job to run a PUT Copy object call on every object in the\n manifest.
" + } + }, + "S3PutObjectAcl": { + "target": "com.amazonaws.s3control#S3SetObjectAclOperation", + "traits": { + "smithy.api#documentation": "Directs the specified job to run a PutObjectAcl call on every object in the\n manifest.
This functionality is not supported by directory buckets.
\nDirects the specified job to run a PUT Object tagging call on every object in the\n manifest.
\nThis functionality is not supported by directory buckets.
\nDirects the specified job to execute a DELETE Object tagging call on every object in the\n manifest.
\nThis functionality is not supported by directory buckets.
\nDirects the specified job to initiate restore requests for every archived object in the\n manifest.
\nThis functionality is not supported by directory buckets.
\nDirects the specified job to invoke ReplicateObject on every object in the\n job's manifest.
This functionality is not supported by directory buckets.
\nThe operation that you want this job to perform on every object listed in the manifest.\n For more information about the available operations, see Operations in the\n Amazon S3 User Guide.
" } }, - "com.amazonaws.s3control#JobId": { - "type": "string", + "com.amazonaws.s3control#JobPriority": { + "type": "integer", "traits": { - "smithy.api#length": { - "min": 5, - "max": 36 - }, - "smithy.api#pattern": "^[a-zA-Z0-9\\-\\_]+$" + "smithy.api#default": 0, + "smithy.api#range": { + "min": 0, + "max": 2147483647 + } } }, - "com.amazonaws.s3control#JobListDescriptor": { + "com.amazonaws.s3control#JobProgressSummary": { "type": "structure", "members": { - "JobId": { - "target": "com.amazonaws.s3control#JobId", + "TotalNumberOfTasks": { + "target": "com.amazonaws.s3control#JobTotalNumberOfTasks", "traits": { - "smithy.api#documentation": "The ID for the specified job.
" + "smithy.api#default": null, + "smithy.api#documentation": "" } }, - "Description": { - "target": "com.amazonaws.s3control#NonEmptyMaxLength256String", + "NumberOfTasksSucceeded": { + "target": "com.amazonaws.s3control#JobNumberOfTasksSucceeded", "traits": { - "smithy.api#documentation": "The user-specified description that was included in the specified job's Create\n Job request.
The operation that the specified job is configured to run on every object listed in the\n manifest.
" + "smithy.api#default": null, + "smithy.api#documentation": "" } }, - "Priority": { - "target": "com.amazonaws.s3control#JobPriority", + "Timers": { + "target": "com.amazonaws.s3control#JobTimers", "traits": { - "smithy.api#default": 0, - "smithy.api#documentation": "The current priority for the specified job.
" + "smithy.api#documentation": "The JobTimers attribute of a job's progress summary.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Describes the total number of tasks that the specified job has started, the number of\n tasks that succeeded, and the number of tasks that failed.
" + } + }, + "com.amazonaws.s3control#JobReport": { + "type": "structure", + "members": { + "Bucket": { + "target": "com.amazonaws.s3control#S3BucketArnString", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) for the bucket where specified job-completion report will\n be stored.
\n\n Directory buckets - Directory buckets aren't supported \n as a location for Batch Operations to store job completion reports.
\nThe specified job's current status.
" + "smithy.api#documentation": "The format of the specified job-completion report.
" } }, - "CreationTime": { - "target": "com.amazonaws.s3control#JobCreationTime", + "Enabled": { + "target": "com.amazonaws.s3control#Boolean", "traits": { - "smithy.api#documentation": "A timestamp indicating when the specified job was created.
" + "smithy.api#default": false, + "smithy.api#documentation": "Indicates whether the specified job will generate a job-completion report.
", + "smithy.api#required": {} } }, - "TerminationDate": { - "target": "com.amazonaws.s3control#JobTerminationDate", + "Prefix": { + "target": "com.amazonaws.s3control#ReportPrefixString", "traits": { - "smithy.api#documentation": "A timestamp indicating when the specified job terminated. A job's termination date is\n the date and time when it succeeded, failed, or was canceled.
" + "smithy.api#documentation": "An optional prefix to describe where in the specified bucket the job-completion report\n will be stored. Amazon S3 stores the job-completion report at\n
Describes the total number of tasks that the specified job has run, the number of tasks\n that succeeded, and the number of tasks that failed.
" + "smithy.api#documentation": "Indicates whether the job-completion report will include details of all tasks or only\n failed tasks.
" } } }, "traits": { - "smithy.api#documentation": "Contains the configuration and status information for a single job retrieved as part of\n a job list.
" + "smithy.api#documentation": "Contains the configuration parameters for a job-completion report.
" } }, - "com.amazonaws.s3control#JobListDescriptorList": { - "type": "list", - "member": { - "target": "com.amazonaws.s3control#JobListDescriptor" + "com.amazonaws.s3control#JobReportFormat": { + "type": "enum", + "members": { + "Report_CSV_20180820": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Report_CSV_20180820" + } + } } }, - "com.amazonaws.s3control#JobManifest": { - "type": "structure", + "com.amazonaws.s3control#JobReportScope": { + "type": "enum", "members": { - "Spec": { - "target": "com.amazonaws.s3control#JobManifestSpec", + "AllTasks": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "Describes the format of the specified job's manifest. If the manifest is in CSV format,\n also describes the columns contained within the manifest.
", - "smithy.api#required": {} + "smithy.api#enumValue": "AllTasks" } }, - "Location": { - "target": "com.amazonaws.s3control#JobManifestLocation", + "FailedTasksOnly": { + "target": "smithy.api#Unit", "traits": { - "smithy.api#documentation": "Contains the information required to locate the specified job's manifest.
", - "smithy.api#required": {} + "smithy.api#enumValue": "FailedTasksOnly" } } - }, - "traits": { - "smithy.api#documentation": "Contains the configuration information for a job's manifest.
" - } - }, - "com.amazonaws.s3control#JobManifestFieldList": { - "type": "list", - "member": { - "target": "com.amazonaws.s3control#JobManifestFieldName" } }, - "com.amazonaws.s3control#JobManifestFieldName": { + "com.amazonaws.s3control#JobStatus": { "type": "enum", "members": { - "Ignore": { + "Active": { "target": "smithy.api#Unit", "traits": { - "smithy.api#enumValue": "Ignore" + "smithy.api#enumValue": "Active" } }, - "Bucket": { + "Cancelled": { "target": "smithy.api#Unit", "traits": { - "smithy.api#enumValue": "Bucket" + "smithy.api#enumValue": "Cancelled" } }, - "Key": { + "Cancelling": { "target": "smithy.api#Unit", "traits": { - "smithy.api#enumValue": "Key" + "smithy.api#enumValue": "Cancelling" } }, - "VersionId": { + "Complete": { "target": "smithy.api#Unit", "traits": { - "smithy.api#enumValue": "VersionId" + "smithy.api#enumValue": "Complete" } - } - } - }, - "com.amazonaws.s3control#JobManifestFormat": { - "type": "enum", - "members": { - "S3BatchOperations_CSV_20180820": { + }, + "Completing": { "target": "smithy.api#Unit", "traits": { - "smithy.api#enumValue": "S3BatchOperations_CSV_20180820" + "smithy.api#enumValue": "Completing" } }, - "S3InventoryReport_CSV_20161130": { + "Failed": { "target": "smithy.api#Unit", "traits": { - "smithy.api#enumValue": "S3InventoryReport_CSV_20161130" + "smithy.api#enumValue": "Failed" + } + }, + "Failing": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Failing" + } + }, + "New": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "New" + } + }, + "Paused": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Paused" + } + }, + "Pausing": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Pausing" + } + }, + "Preparing": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Preparing" + } + }, + "Ready": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Ready" + } + }, + "Suspended": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Suspended" } } } }, - "com.amazonaws.s3control#JobManifestGenerator": { - "type": "union", + "com.amazonaws.s3control#JobStatusException": { + "type": "structure", "members": { - "S3JobManifestGenerator": { - "target": "com.amazonaws.s3control#S3JobManifestGenerator", - "traits": { - "smithy.api#documentation": "The S3 job ManifestGenerator's configuration details.
" - } + "Message": { + "target": "com.amazonaws.s3control#ExceptionMessage" } }, "traits": { - "smithy.api#documentation": "Configures the type of the job's ManifestGenerator.
" + "smithy.api#documentation": "", + "smithy.api#error": "client" } }, - "com.amazonaws.s3control#JobManifestGeneratorFilter": { + "com.amazonaws.s3control#JobStatusList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#JobStatus" + } + }, + "com.amazonaws.s3control#JobStatusUpdateReason": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 256 + } + } + }, + "com.amazonaws.s3control#JobTerminationDate": { + "type": "timestamp" + }, + "com.amazonaws.s3control#JobTimeInStateSeconds": { + "type": "long", + "traits": { + "smithy.api#default": 0, + "smithy.api#range": { + "min": 0 + } + } + }, + "com.amazonaws.s3control#JobTimers": { "type": "structure", "members": { - "EligibleForReplication": { - "target": "com.amazonaws.s3control#Boolean", + "ElapsedTimeInActiveSeconds": { + "target": "com.amazonaws.s3control#JobTimeInStateSeconds", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "Include objects in the generated manifest only if they are eligible for replication\n according to the Replication configuration on the source bucket.
" + "smithy.api#documentation": "Indicates the elapsed time in seconds the job has been in the Active job state.
" } - }, - "CreatedAfter": { - "target": "com.amazonaws.s3control#ObjectCreationTime", + } + }, + "traits": { + "smithy.api#documentation": "Provides timing details for the job.
" + } + }, + "com.amazonaws.s3control#JobTotalNumberOfTasks": { + "type": "long", + "traits": { + "smithy.api#default": 0, + "smithy.api#range": { + "min": 0 + } + } + }, + "com.amazonaws.s3control#KeyNameConstraint": { + "type": "structure", + "members": { + "MatchAnyPrefix": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength1024StringList", "traits": { - "smithy.api#documentation": "If provided, the generated manifest should include only source bucket objects that were\n created after this time.
" + "smithy.api#documentation": "If provided, the generated manifest includes objects where the specified string appears\n at the start of the object key string.
" } }, - "CreatedBefore": { - "target": "com.amazonaws.s3control#ObjectCreationTime", + "MatchAnySuffix": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength1024StringList", "traits": { - "smithy.api#documentation": "If provided, the generated manifest should include only source bucket objects that were\n created before this time.
" + "smithy.api#documentation": "If provided, the generated manifest includes objects where the specified string appears\n at the end of the object key string.
" } }, - "ObjectReplicationStatuses": { - "target": "com.amazonaws.s3control#ReplicationStatusFilterList", + "MatchAnySubstring": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength1024StringList", "traits": { - "smithy.api#documentation": "If provided, the generated manifest should include only source bucket objects that have\n one of the specified Replication statuses.
" + "smithy.api#documentation": "If provided, the generated manifest includes objects where the specified string appears\n anywhere within the object key string.
" } } }, "traits": { - "smithy.api#documentation": "The filter used to describe a set of objects for the job's manifest.
" + "smithy.api#documentation": "If provided, the generated manifest includes only source bucket objects whose object\n keys match the string constraints specified for MatchAnyPrefix,\n MatchAnySuffix, and MatchAnySubstring.
The Amazon Resource Name (ARN) for a manifest object.
\nWhen you're using XML requests, you must \nreplace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. \nFor more information, see \n XML-related object key constraints in the Amazon S3 User Guide.
\nThe Amazon Resource Name (ARN) for the Lambda function that the specified job will\n invoke on every object in the manifest.
" } }, - "ObjectVersionId": { - "target": "com.amazonaws.s3control#S3ObjectVersionId", + "InvocationSchemaVersion": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength64String", "traits": { - "smithy.api#documentation": "The optional version ID to identify a specific version of the manifest object.
" + "smithy.api#documentation": "Specifies the schema version for the payload that Batch Operations sends when invoking\n an Lambda function. Version 1.0 is the default. Version\n 2.0 is required when you use Batch Operations to invoke Lambda functions that act on directory buckets, or if you need to specify\n UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and\n Lambda in the Amazon Web Services Storage Blog.
Ensure that your Lambda function code expects\n InvocationSchemaVersion\n 2.0 and uses bucket name rather than bucket ARN. If the\n InvocationSchemaVersion does not match what your Lambda\n function expects, your function might not work as expected.
\n Directory buckets - To initiate Amazon Web Services Lambda function to perform custom actions on objects in directory buckets, you must specify 2.0.
The ETag for the specified manifest object.
", - "smithy.api#required": {} + "smithy.api#documentation": "Key-value pairs that are passed in the payload that Batch Operations sends when invoking\n an Lambda function. You must specify InvocationSchemaVersion\n 2.0 for LambdaInvoke operations that include\n UserArguments. For more information, see Automate object processing in Amazon S3 directory buckets with S3 Batch Operations and\n Lambda in the Amazon Web Services Storage Blog.
Contains the configuration parameters for a Lambda Invoke operation.
A lifecycle rule for individual objects in an Outposts bucket.
" } } }, "traits": { - "smithy.api#documentation": "Contains the information required to locate a manifest object.
" + "smithy.api#documentation": "The container for the Outposts bucket lifecycle configuration.
" } }, - "com.amazonaws.s3control#JobManifestSpec": { + "com.amazonaws.s3control#LifecycleExpiration": { "type": "structure", "members": { - "Format": { - "target": "com.amazonaws.s3control#JobManifestFormat", + "Date": { + "target": "com.amazonaws.s3control#Date", "traits": { - "smithy.api#documentation": "Indicates which of the available formats the specified manifest uses.
", - "smithy.api#required": {} + "smithy.api#documentation": "Indicates at what date the object is to be deleted. Should be in GMT ISO 8601\n format.
" } }, - "Fields": { - "target": "com.amazonaws.s3control#JobManifestFieldList", + "Days": { + "target": "com.amazonaws.s3control#Days", "traits": { - "smithy.api#documentation": "If the specified manifest object is in the S3BatchOperations_CSV_20180820\n format, this element describes which columns contain the required data.
Indicates the lifetime, in days, of the objects that are subject to the rule. The value\n must be a non-zero positive integer.
" + } + }, + "ExpiredObjectDeleteMarker": { + "target": "com.amazonaws.s3control#ExpiredObjectDeleteMarker", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set\n to true, the delete marker will be expired. If set to false, the policy takes no action.\n This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
" } } }, "traits": { - "smithy.api#documentation": "Describes the format of a manifest. If the manifest is in CSV format, also describes the\n columns contained within the manifest.
" - } - }, - "com.amazonaws.s3control#JobNumberOfTasksFailed": { - "type": "long", - "traits": { - "smithy.api#default": 0, - "smithy.api#range": { - "min": 0 - } - } - }, - "com.amazonaws.s3control#JobNumberOfTasksSucceeded": { - "type": "long", - "traits": { - "smithy.api#default": 0, - "smithy.api#range": { - "min": 0 - } + "smithy.api#documentation": "The container of the Outposts bucket lifecycle expiration.
" } }, - "com.amazonaws.s3control#JobOperation": { + "com.amazonaws.s3control#LifecycleRule": { "type": "structure", "members": { - "LambdaInvoke": { - "target": "com.amazonaws.s3control#LambdaInvokeOperation", + "Expiration": { + "target": "com.amazonaws.s3control#LifecycleExpiration", "traits": { - "smithy.api#documentation": "Directs the specified job to invoke an Lambda function on every object in the\n manifest.
" + "smithy.api#documentation": "Specifies the expiration for the lifecycle of the object in the form of date, days and,\n whether the object has a delete marker.
" } }, - "S3PutObjectCopy": { - "target": "com.amazonaws.s3control#S3CopyObjectOperation", + "ID": { + "target": "com.amazonaws.s3control#ID", "traits": { - "smithy.api#documentation": "Directs the specified job to run a PUT Copy object call on every object in the\n manifest.
" + "smithy.api#documentation": "Unique identifier for the rule. The value cannot be longer than 255 characters.
" } }, - "S3PutObjectAcl": { - "target": "com.amazonaws.s3control#S3SetObjectAclOperation", + "Filter": { + "target": "com.amazonaws.s3control#LifecycleRuleFilter", "traits": { - "smithy.api#documentation": "Directs the specified job to run a PutObjectAcl call on every object in the\n manifest.
The container for the filter of lifecycle rule.
" } }, - "S3PutObjectTagging": { - "target": "com.amazonaws.s3control#S3SetObjectTaggingOperation", + "Status": { + "target": "com.amazonaws.s3control#ExpirationStatus", "traits": { - "smithy.api#documentation": "Directs the specified job to run a PUT Object tagging call on every object in the\n manifest.
" + "smithy.api#documentation": "If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not\n currently being applied.
", + "smithy.api#required": {} } }, - "S3DeleteObjectTagging": { - "target": "com.amazonaws.s3control#S3DeleteObjectTaggingOperation", + "Transitions": { + "target": "com.amazonaws.s3control#TransitionList", "traits": { - "smithy.api#documentation": "Directs the specified job to execute a DELETE Object tagging call on every object in the\n manifest.
" + "smithy.api#documentation": "Specifies when an Amazon S3 object transitions to a specified storage class.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nDirects the specified job to initiate restore requests for every archived object in the\n manifest.
" + "smithy.api#documentation": "Specifies the transition rule for the lifecycle rule that describes when noncurrent\n objects transition to a specific storage class. If your bucket is versioning-enabled (or\n versioning is suspended), you can set this action to request that Amazon S3 transition\n noncurrent object versions to a specific storage class at a set period in the object's\n lifetime.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe noncurrent version expiration of the lifecycle rule.
" + } }, - "S3ReplicateObject": { - "target": "com.amazonaws.s3control#S3ReplicateObjectOperation", + "AbortIncompleteMultipartUpload": { + "target": "com.amazonaws.s3control#AbortIncompleteMultipartUpload", "traits": { - "smithy.api#documentation": "Directs the specified job to invoke ReplicateObject on every object in the\n job's manifest.
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3\n waits before permanently removing all parts of the upload. For more information, see \n Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in\n the Amazon S3 User Guide.
" } } }, "traits": { - "smithy.api#documentation": "The operation that you want this job to perform on every object listed in the manifest.\n For more information about the available operations, see Operations in the\n Amazon S3 User Guide.
" - } - }, - "com.amazonaws.s3control#JobPriority": { - "type": "integer", - "traits": { - "smithy.api#default": 0, - "smithy.api#range": { - "min": 0, - "max": 2147483647 - } + "smithy.api#documentation": "The container for the Outposts bucket lifecycle rule.
" } }, - "com.amazonaws.s3control#JobProgressSummary": { + "com.amazonaws.s3control#LifecycleRuleAndOperator": { "type": "structure", "members": { - "TotalNumberOfTasks": { - "target": "com.amazonaws.s3control#JobTotalNumberOfTasks", + "Prefix": { + "target": "com.amazonaws.s3control#Prefix", "traits": { - "smithy.api#default": null, - "smithy.api#documentation": "" + "smithy.api#documentation": "Prefix identifying one or more objects to which the rule applies.
" } }, - "NumberOfTasksSucceeded": { - "target": "com.amazonaws.s3control#JobNumberOfTasksSucceeded", + "Tags": { + "target": "com.amazonaws.s3control#S3TagSet", "traits": { - "smithy.api#default": null, - "smithy.api#documentation": "" + "smithy.api#documentation": "All of these tags must exist in the object's tag set in order for the rule to\n apply.
" } }, - "NumberOfTasksFailed": { - "target": "com.amazonaws.s3control#JobNumberOfTasksFailed", + "ObjectSizeGreaterThan": { + "target": "com.amazonaws.s3control#ObjectSizeGreaterThanBytes", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "" + "smithy.api#documentation": "The non-inclusive minimum object size for the lifecycle rule. Setting this property to 7 means the rule applies to objects with a size that is greater than 7.
" } }, - "Timers": { - "target": "com.amazonaws.s3control#JobTimers", + "ObjectSizeLessThan": { + "target": "com.amazonaws.s3control#ObjectSizeLessThanBytes", "traits": { - "smithy.api#documentation": "The JobTimers attribute of a job's progress summary.
" + "smithy.api#default": null, + "smithy.api#documentation": "The non-inclusive maximum object size for the lifecycle rule. Setting this property to 77 means the rule applies to objects with a size that is less than 77.
" } } }, "traits": { - "smithy.api#documentation": "Describes the total number of tasks that the specified job has started, the number of\n tasks that succeeded, and the number of tasks that failed.
" + "smithy.api#documentation": "The container for the Outposts bucket lifecycle rule and operator.
" } }, - "com.amazonaws.s3control#JobReport": { + "com.amazonaws.s3control#LifecycleRuleFilter": { "type": "structure", "members": { - "Bucket": { - "target": "com.amazonaws.s3control#S3BucketArnString", + "Prefix": { + "target": "com.amazonaws.s3control#Prefix", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) for the bucket where specified job-completion report will\n be stored.
" + "smithy.api#documentation": "Prefix identifying one or more objects to which the rule applies.
\nWhen you're using XML requests, you must \nreplace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. \nFor more information, see \n XML-related object key constraints in the Amazon S3 User Guide.
\nThe format of the specified job-completion report.
" - } + "Tag": { + "target": "com.amazonaws.s3control#S3Tag" }, - "Enabled": { - "target": "com.amazonaws.s3control#Boolean", + "And": { + "target": "com.amazonaws.s3control#LifecycleRuleAndOperator", "traits": { - "smithy.api#default": false, - "smithy.api#documentation": "Indicates whether the specified job will generate a job-completion report.
", - "smithy.api#required": {} + "smithy.api#documentation": "The container for the AND condition for the lifecycle rule.
An optional prefix to describe where in the specified bucket the job-completion report\n will be stored. Amazon S3 stores the job-completion report at\n
Minimum object size to which the rule applies.
" } }, - "ReportScope": { - "target": "com.amazonaws.s3control#JobReportScope", + "ObjectSizeLessThan": { + "target": "com.amazonaws.s3control#ObjectSizeLessThanBytes", "traits": { - "smithy.api#documentation": "Indicates whether the job-completion report will include details of all tasks or only\n failed tasks.
" + "smithy.api#default": null, + "smithy.api#documentation": "Maximum object size to which the rule applies.
" } } }, "traits": { - "smithy.api#documentation": "Contains the configuration parameters for a job-completion report.
" - } - }, - "com.amazonaws.s3control#JobReportFormat": { - "type": "enum", - "members": { - "Report_CSV_20180820": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Report_CSV_20180820" - } - } + "smithy.api#documentation": "The container for the filter of the lifecycle rule.
" } }, - "com.amazonaws.s3control#JobReportScope": { - "type": "enum", - "members": { - "AllTasks": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "AllTasks" - } - }, - "FailedTasksOnly": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "FailedTasksOnly" - } + "com.amazonaws.s3control#LifecycleRules": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#LifecycleRule", + "traits": { + "smithy.api#xmlName": "Rule" } } }, - "com.amazonaws.s3control#JobStatus": { - "type": "enum", + "com.amazonaws.s3control#ListAccessGrantEntry": { + "type": "structure", "members": { - "Active": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Active" - } - }, - "Cancelled": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Cancelled" - } - }, - "Cancelling": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Cancelling" - } - }, - "Complete": { - "target": "smithy.api#Unit", - "traits": { - "smithy.api#enumValue": "Complete" - } - }, - "Completing": { - "target": "smithy.api#Unit", + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", "traits": { - "smithy.api#enumValue": "Completing" + "smithy.api#documentation": "The date and time when you created the S3 Access Grants instance.
" } }, - "Failed": { - "target": "smithy.api#Unit", + "AccessGrantId": { + "target": "com.amazonaws.s3control#AccessGrantId", "traits": { - "smithy.api#enumValue": "Failed" + "smithy.api#documentation": "The ID of the access grant. S3 Access Grants auto-generates this ID when you create the access grant.
" } }, - "Failing": { - "target": "smithy.api#Unit", + "AccessGrantArn": { + "target": "com.amazonaws.s3control#AccessGrantArn", "traits": { - "smithy.api#enumValue": "Failing" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the access grant.
" } }, - "New": { - "target": "smithy.api#Unit", + "Grantee": { + "target": "com.amazonaws.s3control#Grantee", "traits": { - "smithy.api#enumValue": "New" + "smithy.api#documentation": "The user, group, or role to which you are granting access. You can grant access to an IAM user or role. If you have added your corporate directory to Amazon Web Services IAM Identity Center and associated your Identity Center instance with your S3 Access Grants instance, the grantee can also be a corporate directory user or group.
" } }, - "Paused": { - "target": "smithy.api#Unit", + "Permission": { + "target": "com.amazonaws.s3control#Permission", "traits": { - "smithy.api#enumValue": "Paused" + "smithy.api#documentation": "The type of access granted to your S3 data, which can be set to one of the following values:
\n\n READ – Grant read-only access to the S3 data.
\n WRITE – Grant write-only access to the S3 data.
\n READWRITE – Grant both read and write access to the S3 data.
The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The configuration options of the grant location. The grant location is the S3 path to the data to which you are granting access.
" } }, - "Ready": { - "target": "smithy.api#Unit", + "GrantScope": { + "target": "com.amazonaws.s3control#S3Prefix", "traits": { - "smithy.api#enumValue": "Ready" + "smithy.api#documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
" } } - } - }, - "com.amazonaws.s3control#JobStatusException": { - "type": "structure", - "members": { - "Message": { - "target": "com.amazonaws.s3control#ExceptionMessage" - } }, "traits": { - "smithy.api#documentation": "", - "smithy.api#error": "client" - } - }, - "com.amazonaws.s3control#JobStatusList": { - "type": "list", - "member": { - "target": "com.amazonaws.s3control#JobStatus" - } - }, - "com.amazonaws.s3control#JobStatusUpdateReason": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 1, - "max": 256 - } + "smithy.api#documentation": "Information about the access grant.
" } }, - "com.amazonaws.s3control#JobTerminationDate": { - "type": "timestamp" - }, - "com.amazonaws.s3control#JobTimeInStateSeconds": { - "type": "long", + "com.amazonaws.s3control#ListAccessGrants": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#ListAccessGrantsRequest" + }, + "output": { + "target": "com.amazonaws.s3control#ListAccessGrantsResult" + }, "traits": { - "smithy.api#default": 0, - "smithy.api#range": { - "min": 0 + "smithy.api#documentation": "Returns the list of access grants in your S3 Access Grants instance.
\nYou must have the s3:ListAccessGrants permission to use this operation.
Indicates the elapsed time in seconds the job has been in the Active job state.
" + "smithy.api#documentation": "The ID of the S3 Access Grants instance. The ID is default. You can have one S3 Access Grants instance per Region per account.
The Amazon Resource Name (ARN) of the S3 Access Grants instance.
" + } + }, + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", + "traits": { + "smithy.api#documentation": "The date and time when you created the S3 Access Grants instance.
" + } + }, + "IdentityCenterArn": { + "target": "com.amazonaws.s3control#IdentityCenterArn", + "traits": { + "smithy.api#documentation": "If you associated your S3 Access Grants instance with an Amazon Web Services IAM Identity Center instance, this field returns the Amazon Resource Name (ARN) of the IAM Identity Center instance application; a subresource of the original Identity Center instance. S3 Access Grants creates this Identity Center application for the specific S3 Access Grants instance.
" } } }, "traits": { - "smithy.api#documentation": "Provides timing details for the job.
" - } - }, - "com.amazonaws.s3control#JobTotalNumberOfTasks": { - "type": "long", - "traits": { - "smithy.api#default": 0, - "smithy.api#range": { - "min": 0 - } + "smithy.api#documentation": "Information about the S3 Access Grants instance.
" } }, - "com.amazonaws.s3control#KmsKeyArnString": { - "type": "string", + "com.amazonaws.s3control#ListAccessGrantsInstances": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#ListAccessGrantsInstancesRequest" + }, + "output": { + "target": "com.amazonaws.s3control#ListAccessGrantsInstancesResult" + }, "traits": { - "smithy.api#length": { - "min": 1, - "max": 2000 + "smithy.api#documentation": "Returns a list of S3 Access Grants instances. An S3 Access Grants instance serves as a logical grouping for your individual access grants. You can only have one S3 Access Grants instance per Region per account.
\nYou must have the s3:ListAccessGrantsInstances permission to use this operation.
The Amazon Resource Name (ARN) for the Lambda function that the specified job will\n invoke on every object in the manifest.
" + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", + "traits": { + "smithy.api#documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.
The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
Contains the configuration parameters for a Lambda Invoke operation.
A lifecycle rule for individual objects in an Outposts bucket.
" + "smithy.api#documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Instances request in order to retrieve the next page of results.
A container for a list of S3 Access Grants instances.
" } } }, "traits": { - "smithy.api#documentation": "The container for the Outposts bucket lifecycle configuration.
" + "smithy.api#output": {} } }, - "com.amazonaws.s3control#LifecycleExpiration": { + "com.amazonaws.s3control#ListAccessGrantsLocations": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#ListAccessGrantsLocationsRequest" + }, + "output": { + "target": "com.amazonaws.s3control#ListAccessGrantsLocationsResult" + }, + "traits": { + "smithy.api#documentation": "Returns a list of the locations registered in your S3 Access Grants instance.
\nYou must have the s3:ListAccessGrantsLocations permission to use this operation.
Indicates at what date the object is to be deleted. Should be in GMT ISO 8601\n format.
" + "smithy.api#documentation": "The date and time when you registered the location.
" } }, - "Days": { - "target": "com.amazonaws.s3control#Days", + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", "traits": { - "smithy.api#default": 0, - "smithy.api#documentation": "Indicates the lifetime, in days, of the objects that are subject to the rule. The value\n must be a non-zero positive integer.
" + "smithy.api#documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
Indicates whether Amazon S3 will remove a delete marker with no noncurrent versions. If set\n to true, the delete marker will be expired. If set to false, the policy takes no action.\n This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the registered location.
" + } + }, + "LocationScope": { + "target": "com.amazonaws.s3control#S3Prefix", + "traits": { + "smithy.api#documentation": "The S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://, or the S3 path to a bucket and prefix s3://. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" } } }, "traits": { - "smithy.api#documentation": "The container of the Outposts bucket lifecycle expiration.
" + "smithy.api#documentation": "A container for information about the registered location.
" } }, - "com.amazonaws.s3control#LifecycleRule": { + "com.amazonaws.s3control#ListAccessGrantsLocationsRequest": { "type": "structure", "members": { - "Expiration": { - "target": "com.amazonaws.s3control#LifecycleExpiration", - "traits": { - "smithy.api#documentation": "Specifies the expiration for the lifecycle of the object in the form of date, days and,\n whether the object has a delete marker.
" - } - }, - "ID": { - "target": "com.amazonaws.s3control#ID", - "traits": { - "smithy.api#documentation": "Unique identifier for the rule. The value cannot be longer than 255 characters.
" - } - }, - "Filter": { - "target": "com.amazonaws.s3control#LifecycleRuleFilter", + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The container for the filter of lifecycle rule.
" + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } }, - "Status": { - "target": "com.amazonaws.s3control#ExpirationStatus", + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", "traits": { - "smithy.api#documentation": "If 'Enabled', the rule is currently being applied. If 'Disabled', the rule is not\n currently being applied.
", - "smithy.api#required": {} + "smithy.api#documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.
Specifies when an Amazon S3 object transitions to a specified storage class.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
Specifies the transition rule for the lifecycle rule that describes when noncurrent\n objects transition to a specific storage class. If your bucket is versioning-enabled (or\n versioning is suspended), you can set this action to request that Amazon S3 transition\n noncurrent object versions to a specific storage class at a set period in the object's\n lifetime.
\nThis is not supported by Amazon S3 on Outposts buckets.
\nThe S3 path to the location that you are registering. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://, or the S3 path to a bucket and prefix s3://. A prefix in S3 is a string of characters at the beginning of an object key name used to organize the objects that you store in your S3 buckets. For example, object key names that start with the engineering/ prefix or object key names that start with the marketing/campaigns/ prefix.
The noncurrent version expiration of the lifecycle rule.
" + "smithy.api#documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants Locations request in order to retrieve the next page of results.
Specifies the days since the initiation of an incomplete multipart upload that Amazon S3\n waits before permanently removing all parts of the upload. For more information, see \n Aborting Incomplete Multipart Uploads Using a Bucket Lifecycle Configuration in the\n Amazon S3 User Guide.
" + "smithy.api#documentation": "A container for a list of registered locations in an S3 Access Grants instance.
" } } }, "traits": { - "smithy.api#documentation": "The container for the Outposts bucket lifecycle rule.
" + "smithy.api#output": {} } }, - "com.amazonaws.s3control#LifecycleRuleAndOperator": { + "com.amazonaws.s3control#ListAccessGrantsRequest": { "type": "structure", "members": { - "Prefix": { - "target": "com.amazonaws.s3control#Prefix", + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "Prefix identifying one or more objects to which the rule applies.
" + "smithy.api#documentation": "The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } }, - "Tags": { - "target": "com.amazonaws.s3control#S3TagSet", + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", "traits": { - "smithy.api#documentation": "All of these tags must exist in the object's tag set in order for the rule to\n apply.
" + "smithy.api#documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.
Minimum object size to which the rule applies.
" + "smithy.api#default": 0, + "smithy.api#documentation": "The maximum number of access grants that you would like returned in the List Access Grants response. If the results include the pagination token NextToken, make another call using the NextToken to determine if there are more results.
Maximum object size to which the rule applies.
" + "smithy.api#documentation": "The type of the grantee to which access has been granted. It can be one of the following values:
\n\n IAM - An IAM user or role.
\n DIRECTORY_USER - Your corporate directory user. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
\n DIRECTORY_GROUP - Your corporate directory group. You can use this option if you have added your corporate identity directory to IAM Identity Center and associated the IAM Identity Center instance with your S3 Access Grants instance.
The container for the Outposts bucket lifecycle rule and operator.
" - } - }, - "com.amazonaws.s3control#LifecycleRuleFilter": { - "type": "structure", - "members": { - "Prefix": { - "target": "com.amazonaws.s3control#Prefix", + }, + "GranteeIdentifier": { + "target": "com.amazonaws.s3control#GranteeIdentifier", "traits": { - "smithy.api#documentation": "Prefix identifying one or more objects to which the rule applies.
\nWhen you're using XML requests, you must \nreplace special characters (such as carriage returns) in object keys with their equivalent XML entity codes. \nFor more information, see \n XML-related object key constraints in the Amazon S3 User Guide.
\nThe unique identifer of the Grantee. If the grantee type is IAM, the identifier is the IAM Amazon Resource Name (ARN) of the user or role. If the grantee type is a directory user or group, the identifier is 128-bit universally unique identifier (UUID) in the format a1b2c3d4-5678-90ab-cdef-EXAMPLE11111. You can obtain this UUID from your Amazon Web Services IAM Identity Center instance.
The container for the AND condition for the lifecycle rule.
The type of permission granted to your S3 data, which can be set to one of the following values:
\n\n READ – Grant read-only access to the S3 data.
\n WRITE – Grant write-only access to the S3 data.
\n READWRITE – Grant both read and write access to the S3 data.
Minimum object size to which the rule applies.
" + "smithy.api#documentation": "The S3 path of the data to which you are granting access. It is the result of appending the Subprefix to the location scope.
Maximum object size to which the rule applies.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of an Amazon Web Services IAM Identity Center application associated with your Identity Center instance. If the grant includes an application ARN, the grantee can only access the S3 data through this application.
", + "smithy.api#httpQuery": "application_arn" } } }, "traits": { - "smithy.api#documentation": "The container for the filter of the lifecycle rule.
" + "smithy.api#input": {} } }, - "com.amazonaws.s3control#LifecycleRules": { - "type": "list", - "member": { - "target": "com.amazonaws.s3control#LifecycleRule", - "traits": { - "smithy.api#xmlName": "Rule" + "com.amazonaws.s3control#ListAccessGrantsResult": { + "type": "structure", + "members": { + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", + "traits": { + "smithy.api#documentation": "A pagination token to request the next page of results. Pass this value into a subsequent List Access Grants request in order to retrieve the next page of results.
A container for a list of grants in an S3 Access Grants instance.
" + } } + }, + "traits": { + "smithy.api#output": {} } }, "com.amazonaws.s3control#ListAccessPoints": { @@ -11066,7 +13230,7 @@ "target": "com.amazonaws.s3control#ListAccessPointsResult" }, "traits": { - "smithy.api#documentation": "Returns a list of the access points\n that are\n owned by the current account\n that's\n associated with the specified bucket. You can retrieve up to 1000 access points\n per call. If the specified bucket has more than 1,000 access points (or the number specified in\n maxResults, whichever is less), the response will include a continuation\n token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints:
\n CreateAccessPoint\n
\n\n DeleteAccessPoint\n
\n\n GetAccessPoint\n
\nThis operation is not supported by directory buckets.
\nReturns a list of the access points\n that are\n owned by the current account\n that's\n associated with the specified bucket. You can retrieve up to 1000 access points\n per call. If the specified bucket has more than 1,000 access points (or the number specified in\n maxResults, whichever is less), the response will include a continuation\n token that you can use to list the additional access points.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to ListAccessPoints:
\n CreateAccessPoint\n
\n\n DeleteAccessPoint\n
\n\n GetAccessPoint\n
\nReturns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there\n are more access points than what can be returned in one call, the response will include a\n continuation token that you can use to list the additional access points.
\nThe following actions are related to\n ListAccessPointsForObjectLambda:
This operation is not supported by directory buckets.
\nReturns some or all (up to 1,000) access points associated with the Object Lambda Access Point per call. If there\n are more access points than what can be returned in one call, the response will include a\n continuation token that you can use to list the additional access points.
\nThe following actions are related to\n ListAccessPointsForObjectLambda:
Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for\n the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the\n Amazon S3 User Guide.
\nRelated actions include:
\n \n\n CreateJob\n
\n\n DescribeJob\n
\n\n UpdateJobPriority\n
\n\n UpdateJobStatus\n
\nLists current S3 Batch Operations jobs as well as the jobs that have ended within the last 90\n days for the Amazon Web Services account making the request. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
\nTo use the\n ListJobs operation, you must have permission to\n perform the s3:ListJobs action.
Related actions include:
\n \n\n CreateJob\n
\n\n DescribeJob\n
\n\n UpdateJobPriority\n
\n\n UpdateJobStatus\n
\nReturns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account.\n Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be\n associated with a single account.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to ListMultiRegionAccessPoint:
This operation is not supported by directory buckets.
\nReturns a list of the Multi-Region Access Points currently associated with the specified Amazon Web Services account.\n Each call can return up to 100 Multi-Region Access Points, the maximum number of Multi-Region Access Points that can be\n associated with a single account.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThe following actions are related to ListMultiRegionAccessPoint:
Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated\n sender of the request. For more information, see Using Amazon S3 on Outposts in the\n Amazon S3 User Guide.
\nFor an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts\n endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.
This operation is not supported by directory buckets.
\nReturns a list of all Outposts buckets in an Outpost that are owned by the authenticated\n sender of the request. For more information, see Using Amazon S3 on Outposts in the\n Amazon S3 User Guide.
\nFor an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts\n endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.
\n NextToken is sent when isTruncated is true, which means there\n are more buckets that can be listed. The next list requests to Amazon S3 can be continued with\n this NextToken. NextToken is obfuscated and is not a real\n key.
A container for the S3 Storage Lens configuration ID.
", + "smithy.api#required": {} + } + }, + "StorageLensArn": { + "target": "com.amazonaws.s3control#StorageLensArn", + "traits": { + "smithy.api#documentation": "The ARN of the S3 Storage Lens configuration. This property is read-only.
", + "smithy.api#required": {} + } + }, + "HomeRegion": { + "target": "com.amazonaws.s3control#S3AWSRegion", + "traits": { + "smithy.api#documentation": "A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in\n your designated S3 Storage Lens home Region.
", + "smithy.api#required": {} + } + }, + "IsEnabled": { + "target": "com.amazonaws.s3control#IsEnabled", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "A container for whether the S3 Storage Lens configuration is enabled. This property is\n required.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Part of ListStorageLensConfigurationResult. Each entry includes the\n description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its\n Amazon Resource Name (ARN), and config ID.
This operation is not supported by directory buckets.
\nGets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see\n Assessing your\n storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:ListStorageLensConfigurations action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
The account ID of the requester.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", + "traits": { + "smithy.api#documentation": "A pagination token to request the next page of results.
", + "smithy.api#httpQuery": "nextToken" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#ListStorageLensConfigurationsResult": { + "type": "structure", + "members": { + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", + "traits": { + "smithy.api#documentation": "If the request produced more than the maximum number of S3 Storage Lens configuration results,\n you can pass this value into a subsequent request to retrieve the next page of\n results.
" + } + }, + "StorageLensConfigurationList": { + "target": "com.amazonaws.s3control#StorageLensConfigurationList", + "traits": { + "smithy.api#documentation": "A list of S3 Storage Lens configurations.
", + "smithy.api#xmlFlattened": {} + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#ListStorageLensGroupEntry": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.s3control#StorageLensGroupName", + "traits": { + "smithy.api#documentation": "\nContains the name of the Storage Lens group that exists in the specified home Region.\n
", + "smithy.api#required": {} + } + }, + "StorageLensGroupArn": { + "target": "com.amazonaws.s3control#StorageLensGroupArn", + "traits": { + "smithy.api#documentation": "\nContains the Amazon Resource Name (ARN) of the Storage Lens group. This property is read-only.\n
", + "smithy.api#required": {} + } + }, + "HomeRegion": { + "target": "com.amazonaws.s3control#S3AWSRegion", + "traits": { + "smithy.api#documentation": "\nContains the Amazon Web Services Region where the Storage Lens group was created.\n
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "\nEach entry contains a Storage Lens group that exists in the specified home Region.\n
" + } + }, + "com.amazonaws.s3control#ListStorageLensGroups": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#ListStorageLensGroupsRequest" + }, + "output": { + "target": "com.amazonaws.s3control#ListStorageLensGroupsResult" + }, + "traits": { + "smithy.api#documentation": "\nLists all the Storage Lens groups in the specified home Region.\n
\nTo use this operation, you must have the permission to perform the\n s3:ListStorageLensGroups action. For more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage\n Lens error codes.
", + "smithy.api#endpoint": { + "hostPrefix": "{AccountId}." + }, + "smithy.api#http": { + "method": "GET", + "uri": "/v20180820/storagelensgroup", + "code": 200 + }, + "smithy.api#paginated": { + "inputToken": "NextToken", + "outputToken": "NextToken" + }, + "smithy.rules#staticContextParams": { + "RequiresAccountId": { + "value": true + } + } + } + }, + "com.amazonaws.s3control#ListStorageLensGroupsRequest": { + "type": "structure", + "members": { + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "\n The Amazon Web Services account ID that owns the Storage Lens groups.\n
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } } }, "NextToken": { - "target": "com.amazonaws.s3control#NonEmptyMaxLength1024String", + "target": "com.amazonaws.s3control#ContinuationToken", "traits": { - "smithy.api#documentation": "\n NextToken is sent when isTruncated is true, which means there\n are more buckets that can be listed. The next list requests to Amazon S3 can be continued with\n this NextToken. NextToken is obfuscated and is not a real\n key.
The token for the next set of results, or null if there are no more results.\n
A container for the S3 Storage Lens configuration ID.
", - "smithy.api#required": {} - } - }, - "StorageLensArn": { - "target": "com.amazonaws.s3control#StorageLensArn", - "traits": { - "smithy.api#documentation": "The ARN of the S3 Storage Lens configuration. This property is read-only.
", - "smithy.api#required": {} - } - }, - "HomeRegion": { - "target": "com.amazonaws.s3control#S3AWSRegion", + "NextToken": { + "target": "com.amazonaws.s3control#ContinuationToken", "traits": { - "smithy.api#documentation": "A container for the S3 Storage Lens home Region. Your metrics data is stored and retained in\n your designated S3 Storage Lens home Region.
", - "smithy.api#required": {} + "smithy.api#documentation": "\n If NextToken is returned, there are more Storage Lens groups results available. The value of NextToken is a\n unique pagination token for each page. Make the call again using the returned token to\n retrieve the next page. Keep all other arguments unchanged. Each pagination token expires\n after 24 hours.\n
A container for whether the S3 Storage Lens configuration is enabled. This property is\n required.
" + "smithy.api#documentation": "\nThe list of Storage Lens groups that exist in the specified home Region.\n
", + "smithy.api#xmlFlattened": {} } } }, "traits": { - "smithy.api#documentation": "Part of ListStorageLensConfigurationResult. Each entry includes the\n description of the S3 Storage Lens configuration, its home Region, whether it is enabled, its\n Amazon Resource Name (ARN), and config ID.
Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see\n Assessing your\n storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:ListStorageLensConfigurations action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation allows you to list all the Amazon Web Services resource tags for a specified resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
\nYou must have the s3:ListTagsForResource permission to use this operation.
This operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
\nFor more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
\nFor information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
", "smithy.api#endpoint": { "hostPrefix": "{AccountId}." }, "smithy.api#http": { "method": "GET", - "uri": "/v20180820/storagelens", + "uri": "/v20180820/tags/{ResourceArn+}", "code": 200 }, - "smithy.api#paginated": { - "inputToken": "NextToken", - "outputToken": "NextToken" - }, "smithy.rules#staticContextParams": { "RequiresAccountId": { "value": true @@ -11587,13 +13930,13 @@ } } }, - "com.amazonaws.s3control#ListStorageLensConfigurationsRequest": { + "com.amazonaws.s3control#ListTagsForResourceRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The account ID of the requester.
", + "smithy.api#documentation": "\nThe Amazon Web Services account ID of the resource owner.\n
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -11602,11 +13945,12 @@ } } }, - "NextToken": { - "target": "com.amazonaws.s3control#ContinuationToken", + "ResourceArn": { + "target": "com.amazonaws.s3control#S3ResourceArn", "traits": { - "smithy.api#documentation": "A pagination token to request the next page of results.
", - "smithy.api#httpQuery": "nextToken" + "smithy.api#documentation": "\nThe Amazon Resource Name (ARN) of the S3 resource that you want to list the tags for. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.\n
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} } } }, @@ -11614,20 +13958,13 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#ListStorageLensConfigurationsResult": { + "com.amazonaws.s3control#ListTagsForResourceResult": { "type": "structure", "members": { - "NextToken": { - "target": "com.amazonaws.s3control#ContinuationToken", - "traits": { - "smithy.api#documentation": "If the request produced more than the maximum number of S3 Storage Lens configuration results,\n you can pass this value into a subsequent request to retrieve the next page of\n results.
" - } - }, - "StorageLensConfigurationList": { - "target": "com.amazonaws.s3control#StorageLensConfigurationList", + "Tags": { + "target": "com.amazonaws.s3control#TagList", "traits": { - "smithy.api#documentation": "A list of S3 Storage Lens configurations.
", - "smithy.api#xmlFlattened": {} + "smithy.api#documentation": "\nThe Amazon Web Services resource tags that are associated with the resource. \n
" } } }, @@ -11684,6 +14021,77 @@ } } }, + "com.amazonaws.s3control#MatchAnyPrefix": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#Prefix", + "traits": { + "smithy.api#xmlName": "Prefix" + } + } + }, + "com.amazonaws.s3control#MatchAnySuffix": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#Suffix", + "traits": { + "smithy.api#xmlName": "Suffix" + } + } + }, + "com.amazonaws.s3control#MatchAnyTag": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#S3Tag", + "traits": { + "smithy.api#xmlName": "Tag" + } + } + }, + "com.amazonaws.s3control#MatchObjectAge": { + "type": "structure", + "members": { + "DaysGreaterThan": { + "target": "com.amazonaws.s3control#ObjectAgeValue", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "\nSpecifies the maximum object age in days. Must be a positive whole number, greater than the minimum object age and less than or equal to 2,147,483,647. \n
" + } + }, + "DaysLessThan": { + "target": "com.amazonaws.s3control#ObjectAgeValue", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "\nSpecifies the minimum object age in days. The value must be a positive whole number, greater than 0 and less than or equal to 2,147,483,647.\n
" + } + } + }, + "traits": { + "smithy.api#documentation": "\n A filter condition that specifies the object age range of included objects in days. Only integers are supported.\n
" + } + }, + "com.amazonaws.s3control#MatchObjectSize": { + "type": "structure", + "members": { + "BytesGreaterThan": { + "target": "com.amazonaws.s3control#ObjectSizeValue", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "\nSpecifies the minimum object size in Bytes. The value must be a positive number, greater than 0 and less than 5 TB.\n
" + } + }, + "BytesLessThan": { + "target": "com.amazonaws.s3control#ObjectSizeValue", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "\nSpecifies the maximum object size in Bytes. The value must be a positive number, greater than the minimum object size and less than 5 TB.\n
" + } + } + }, + "traits": { + "smithy.api#documentation": "\nA filter condition that specifies the object size range of included objects in bytes. Only integers are supported.\n
" + } + }, "com.amazonaws.s3control#MaxLength1024String": { "type": "string", "traits": { @@ -11857,7 +14265,7 @@ "Alias": { "target": "com.amazonaws.s3control#MultiRegionAccessPointAlias", "traits": { - "smithy.api#documentation": "The alias for the Multi-Region Access Point. For more information about the distinction between the name\n and the alias of an Multi-Region Access Point, see Managing Multi-Region Access Points.
" + "smithy.api#documentation": "The alias for the Multi-Region Access Point. For more information about the distinction between the name\n and the alias of an Multi-Region Access Point, see Rules for naming Amazon S3 Multi-Region Access Points.
" } }, "CreatedAt": { @@ -12019,6 +14427,12 @@ } } }, + "com.amazonaws.s3control#NonEmptyMaxLength1024StringList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength1024String" + } + }, "com.amazonaws.s3control#NonEmptyMaxLength2048String": { "type": "string", "traits": { @@ -12116,6 +14530,12 @@ "smithy.api#error": "client" } }, + "com.amazonaws.s3control#ObjectAgeValue": { + "type": "integer", + "traits": { + "smithy.api#default": 0 + } + }, "com.amazonaws.s3control#ObjectCreationTime": { "type": "timestamp" }, @@ -12158,12 +14578,12 @@ "Status": { "target": "com.amazonaws.s3control#ObjectLambdaAccessPointAliasStatus", "traits": { - "smithy.api#documentation": "The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If \n the status is READY, the Object Lambda Access Point alias is successfully provisioned and ready for use.
The status of the Object Lambda Access Point alias. If the status is PROVISIONING, the Object Lambda Access Point\n is provisioning the alias and the alias is not ready for use yet. If the status is\n READY, the Object Lambda Access Point alias is successfully provisioned and ready for\n use.
The alias of an Object Lambda Access Point. For more information, see How to use a bucket-style alias for your S3 bucket\n Object Lambda Access Point.
" + "smithy.api#documentation": "The alias of an Object Lambda Access Point. For more information, see How to use a\n bucket-style alias for your S3 bucket Object Lambda Access Point.
" } }, "com.amazonaws.s3control#ObjectLambdaAccessPointAliasStatus": { @@ -12415,6 +14835,12 @@ "smithy.api#default": 0 } }, + "com.amazonaws.s3control#ObjectSizeValue": { + "type": "long", + "traits": { + "smithy.api#default": 0 + } + }, "com.amazonaws.s3control#OperationName": { "type": "enum", "members": { @@ -12474,6 +14900,16 @@ } } }, + "com.amazonaws.s3control#Organization": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 12, + "max": 34 + }, + "smithy.api#pattern": "^o-[a-z0-9]{10,32}$" + } + }, "com.amazonaws.s3control#OutputSchemaVersion": { "type": "enum", "members": { @@ -12496,9 +14932,41 @@ } } }, + "com.amazonaws.s3control#Permission": { + "type": "enum", + "members": { + "READ": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "READ" + } + }, + "WRITE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "WRITE" + } + }, + "READWRITE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "READWRITE" + } + } + } + }, "com.amazonaws.s3control#Policy": { "type": "string" }, + "com.amazonaws.s3control#PolicyDocument": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 350000 + } + } + }, "com.amazonaws.s3control#PolicyStatus": { "type": "structure", "members": { @@ -12557,6 +15025,23 @@ "smithy.api#default": 0 } }, + "com.amazonaws.s3control#Privilege": { + "type": "enum", + "members": { + "Minimal": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Minimal" + } + }, + "Default": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "Default" + } + } + } + }, "com.amazonaws.s3control#ProposedMultiRegionAccessPointPolicy": { "type": "structure", "members": { @@ -12585,36 +15070,121 @@ "IgnorePublicAcls": { "target": "com.amazonaws.s3control#Setting", "traits": { - "smithy.api#default": false, - "smithy.api#documentation": "Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting\n this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this\n account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't\n prevent new public ACLs from being set.
\nThis property is not supported for Amazon S3 on Outposts.
", - "smithy.api#xmlName": "IgnorePublicAcls" + "smithy.api#default": false, + "smithy.api#documentation": "Specifies whether Amazon S3 should ignore public ACLs for buckets in this account. Setting\n this element to TRUE causes Amazon S3 to ignore all public ACLs on buckets in this\n account and any objects that they contain.
Enabling this setting doesn't affect the persistence of any existing ACLs and doesn't\n prevent new public ACLs from being set.
\nThis property is not supported for Amazon S3 on Outposts.
", + "smithy.api#xmlName": "IgnorePublicAcls" + } + }, + "BlockPublicPolicy": { + "target": "com.amazonaws.s3control#Setting", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "Specifies whether Amazon S3 should block public bucket policies for buckets in this account.\n Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy\n if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
\nThis property is not supported for Amazon S3 on Outposts.
", + "smithy.api#xmlName": "BlockPublicPolicy" + } + }, + "RestrictPublicBuckets": { + "target": "com.amazonaws.s3control#Setting", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "Specifies whether Amazon S3 should restrict public bucket policies for buckets in this\n account. Setting this element to TRUE restricts access to buckets with public\n policies to only Amazon Web Service principals and authorized users within this\n account.
Enabling this setting doesn't affect previously stored bucket policies, except that\n public and cross-account access within any public bucket policy, including non-public\n delegation to specific accounts, is blocked.
\nThis property is not supported for Amazon S3 on Outposts.
", + "smithy.api#xmlName": "RestrictPublicBuckets" + } + } + }, + "traits": { + "smithy.api#documentation": "The PublicAccessBlock configuration that you want to apply to this Amazon S3\n account. You can enable the configuration options in any combination. For more information\n about when Amazon S3 considers a bucket or object public, see The Meaning of \"Public\" in the Amazon S3 User Guide.
This data type is not supported for Amazon S3 on Outposts.
" + } + }, + "com.amazonaws.s3control#PublicAccessBlockEnabled": { + "type": "boolean", + "traits": { + "smithy.api#default": false + } + }, + "com.amazonaws.s3control#PutAccessGrantsInstanceResourcePolicy": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#PutAccessGrantsInstanceResourcePolicyRequest" + }, + "output": { + "target": "com.amazonaws.s3control#PutAccessGrantsInstanceResourcePolicyResult" + }, + "traits": { + "smithy.api#documentation": "Updates the resource policy of the S3 Access Grants instance.
\nYou must have the s3:PutAccessGrantsInstanceResourcePolicy permission to use this operation.
The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Policy": { + "target": "com.amazonaws.s3control#PolicyDocument", + "traits": { + "smithy.api#documentation": "The resource policy of the S3 Access Grants instance that you are updating.
", + "smithy.api#required": {} + } + }, + "Organization": { + "target": "com.amazonaws.s3control#Organization", + "traits": { + "smithy.api#documentation": "The Organization of the resource policy of the S3 Access Grants instance.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#PutAccessGrantsInstanceResourcePolicyResult": { + "type": "structure", + "members": { + "Policy": { + "target": "com.amazonaws.s3control#PolicyDocument", + "traits": { + "smithy.api#documentation": "The updated resource policy of the S3 Access Grants instance.
" } }, - "BlockPublicPolicy": { - "target": "com.amazonaws.s3control#Setting", + "Organization": { + "target": "com.amazonaws.s3control#Organization", "traits": { - "smithy.api#default": false, - "smithy.api#documentation": "Specifies whether Amazon S3 should block public bucket policies for buckets in this account.\n Setting this element to TRUE causes Amazon S3 to reject calls to PUT Bucket policy\n if the specified bucket policy allows public access.
Enabling this setting doesn't affect existing bucket policies.
\nThis property is not supported for Amazon S3 on Outposts.
", - "smithy.api#xmlName": "BlockPublicPolicy" + "smithy.api#documentation": "The Organization of the resource policy of the S3 Access Grants instance.
" } }, - "RestrictPublicBuckets": { - "target": "com.amazonaws.s3control#Setting", + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", "traits": { - "smithy.api#default": false, - "smithy.api#documentation": "Specifies whether Amazon S3 should restrict public bucket policies for buckets in this\n account. Setting this element to TRUE restricts access to buckets with public\n policies to only Amazon Web Service principals and authorized users within this\n account.
Enabling this setting doesn't affect previously stored bucket policies, except that\n public and cross-account access within any public bucket policy, including non-public\n delegation to specific accounts, is blocked.
\nThis property is not supported for Amazon S3 on Outposts.
", - "smithy.api#xmlName": "RestrictPublicBuckets" + "smithy.api#documentation": "The date and time when you created the S3 Access Grants instance resource policy.
" } } }, "traits": { - "smithy.api#documentation": "The PublicAccessBlock configuration that you want to apply to this Amazon S3\n account. You can enable the configuration options in any combination. For more information\n about when Amazon S3 considers a bucket or object public, see The Meaning of \"Public\" in the Amazon S3 User Guide.
This data type is not supported for Amazon S3 on Outposts.
" - } - }, - "com.amazonaws.s3control#PublicAccessBlockEnabled": { - "type": "boolean", - "traits": { - "smithy.api#default": false + "smithy.api#output": {} } }, "com.amazonaws.s3control#PutAccessPointConfigurationForObjectLambda": { @@ -12626,7 +15196,7 @@ "target": "smithy.api#Unit" }, "traits": { - "smithy.api#documentation": "Replaces configuration for an Object Lambda Access Point.
\nThe following actions are related to\n PutAccessPointConfigurationForObjectLambda:
This operation is not supported by directory buckets.
\nReplaces configuration for an Object Lambda Access Point.
\nThe following actions are related to\n PutAccessPointConfigurationForObjectLambda:
Associates an access policy with the specified access point. Each access point can have only one policy,\n so a request made to this API replaces any existing policy associated with the specified\n access point.
\n \nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy:
\n GetAccessPointPolicy\n
\nThis operation is not supported by directory buckets.
\nAssociates an access policy with the specified access point. Each access point can have only one policy,\n so a request made to this API replaces any existing policy associated with the specified\n access point.
\n \nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following actions are related to PutAccessPointPolicy:
\n GetAccessPointPolicy\n
\nCreates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n PutAccessPointPolicyForObjectLambda:
This operation is not supported by directory buckets.
\nCreates or replaces resource policy for an Object Lambda Access Point. For an example policy, see Creating Object Lambda Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n PutAccessPointPolicyForObjectLambda:
This action creates an Amazon S3 on Outposts bucket's replication configuration. To create\n an S3 bucket's replication configuration, see PutBucketReplication\n in the Amazon S3 API Reference.
\nCreates a replication configuration or replaces an existing one. For information about\n S3 replication on Outposts configuration, see Replicating objects for S3 on Outposts in the\n Amazon S3 User Guide.
\nIt can take a while to propagate PUT or DELETE requests for\n a replication configuration to all S3 on Outposts systems. Therefore, the replication\n configuration that's returned by a GET request soon after a\n PUT or DELETE request might return a more recent result\n than what's on the Outpost. If an Outpost is offline, the delay in updating the\n replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication\n configuration, you provide the following information:
\nThe name of the destination bucket or buckets where you want S3 on Outposts to\n replicate objects
\nThe Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on\n your behalf
\nOther relevant information, such as replication rules
\nA replication configuration must include at least one rule and can contain a maximum of\n 100. Each rule identifies a subset of objects to replicate by filtering the objects in\n the source Outposts bucket. To choose additional subsets of objects to replicate, add a\n rule for each subset.
\nTo specify a subset of the objects in the source Outposts bucket to apply a replication\n rule to, add the Filter element as a child of the Rule element.\n You can filter objects based on an object key prefix, one or more object tags, or both.\n When you add the Filter element in the configuration, you must also add the\n following elements: DeleteMarkerReplication, Status, and\n Priority.
Using PutBucketReplication on Outposts requires that both the source and\n destination buckets must have versioning enabled. For information about enabling versioning\n on a bucket, see Managing S3 Versioning\n for your S3 on Outposts bucket.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
\n\n Handling Replication of Encrypted Objects\n
\nOutposts buckets are encrypted at all times. All the objects in the source Outposts\n bucket are encrypted and can be replicated. Also, all the replicas in the destination\n Outposts bucket are encrypted with the same encryption key as the objects in the source\n Outposts bucket.
\n\n Permissions\n
\nTo create a PutBucketReplication request, you must have\n s3-outposts:PutReplicationConfiguration permissions for the bucket. The\n Outposts bucket owner has this permission by default and can grant it to others. For more\n information about permissions, see Setting up IAM with\n S3 on Outposts and Managing access to\n S3 on Outposts buckets.
To perform this operation, the user or role must also have the iam:CreateRole and iam:PassRole permissions. \n For more information, see Granting a user\n permissions to pass a role to an Amazon Web Services service.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketReplication:
\n GetBucketReplication\n
\nThis action creates an Amazon S3 on Outposts bucket's replication configuration. To create\n an S3 bucket's replication configuration, see PutBucketReplication\n in the Amazon S3 API Reference.
\nCreates a replication configuration or replaces an existing one. For information about\n S3 replication on Outposts configuration, see Replicating objects for\n S3 on Outposts in the Amazon S3 User Guide.
\nIt can take a while to propagate PUT or DELETE requests for\n a replication configuration to all S3 on Outposts systems. Therefore, the replication\n configuration that's returned by a GET request soon after a\n PUT or DELETE request might return a more recent result\n than what's on the Outpost. If an Outpost is offline, the delay in updating the\n replication configuration on that Outpost can be significant.
Specify the replication configuration in the request body. In the replication\n configuration, you provide the following information:
\nThe name of the destination bucket or buckets where you want S3 on Outposts to\n replicate objects
\nThe Identity and Access Management (IAM) role that S3 on Outposts can assume to replicate objects on\n your behalf
\nOther relevant information, such as replication rules
\nA replication configuration must include at least one rule and can contain a maximum of\n 100. Each rule identifies a subset of objects to replicate by filtering the objects in the\n source Outposts bucket. To choose additional subsets of objects to replicate, add a rule\n for each subset.
\nTo specify a subset of the objects in the source Outposts bucket to apply a replication\n rule to, add the Filter element as a child of the Rule element.\n You can filter objects based on an object key prefix, one or more object tags, or both.\n When you add the Filter element in the configuration, you must also add the\n following elements: DeleteMarkerReplication, Status, and\n Priority.
Using PutBucketReplication on Outposts requires that both the source and\n destination buckets must have versioning enabled. For information about enabling versioning\n on a bucket, see Managing S3 Versioning\n for your S3 on Outposts bucket.
For information about S3 on Outposts replication failure reasons, see Replication failure reasons in the Amazon S3 User Guide.
\n\n Handling Replication of Encrypted Objects\n
\nOutposts buckets are encrypted at all times. All the objects in the source Outposts\n bucket are encrypted and can be replicated. Also, all the replicas in the destination\n Outposts bucket are encrypted with the same encryption key as the objects in the source\n Outposts bucket.
\n\n Permissions\n
\nTo create a PutBucketReplication request, you must have\n s3-outposts:PutReplicationConfiguration permissions for the bucket. The\n Outposts bucket owner has this permission by default and can grant it to others. For more\n information about permissions, see Setting up IAM with\n S3 on Outposts and Managing access to\n S3 on Outposts buckets.
To perform this operation, the user or role must also have the\n iam:CreateRole and iam:PassRole permissions. For more\n information, see Granting a user permissions to\n pass a role to an Amazon Web Services service.
All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketReplication:
\n GetBucketReplication\n
\nThis operation sets the versioning state\n for\n S3 on Outposts\n buckets\n only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.
\nSets the versioning state for an S3 on Outposts bucket. With\n S3\n Versioning,\n you can save multiple distinct copies of your\n objects\n and recover from unintended user actions and application failures.
\nYou can set the versioning state to one of the following:
\n\n Enabled - Enables versioning for the objects in\n the bucket. All objects added to the bucket receive a unique version ID.
\n\n Suspended - Suspends versioning for the objects\n in the bucket. All objects added to the bucket receive the version ID\n null.
If you've never set versioning on your bucket, it has no versioning state. In that case,\n a \n GetBucketVersioning request does not return a versioning state value.
\nWhen you enable S3 Versioning, for each object in your bucket, you have a current\n version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle\n rules to expire noncurrent versions after a specified time period. For more information,\n see Creating and managing\n a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3\n User Guide.
\nIf you have an object expiration lifecycle configuration in your non-versioned bucket and you\n want to maintain the same permanent delete behavior when you enable versioning, you must\n add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration will manage\n the deletes of the noncurrent object versions in the version-enabled bucket. For more\n information, see Versioning in the Amazon S3\n User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning for\n S3 on Outposts.
\n GetBucketVersioning\n
\nThis operation sets the versioning state\n for\n S3 on Outposts\n buckets\n only. To set the versioning state for an S3 bucket, see PutBucketVersioning in the Amazon S3 API Reference.
\nSets the versioning state for an S3 on Outposts bucket. With\n S3\n Versioning,\n you can save multiple distinct copies of your\n objects\n and recover from unintended user actions and application failures.
\nYou can set the versioning state to one of the following:
\n\n Enabled - Enables versioning for the objects in\n the bucket. All objects added to the bucket receive a unique version ID.
\n\n Suspended - Suspends versioning for the objects\n in the bucket. All objects added to the bucket receive the version ID\n null.
If you've never set versioning on your bucket, it has no versioning state. In that case,\n a \n GetBucketVersioning request does not return a versioning state value.
\nWhen you enable S3 Versioning, for each object in your bucket, you have a current\n version and zero or more noncurrent versions. You can configure your bucket S3 Lifecycle\n rules to expire noncurrent versions after a specified time period. For more information,\n see Creating and managing\n a lifecycle configuration for your S3 on Outposts bucket in the Amazon S3\n User Guide.
\nIf you have an object expiration lifecycle configuration in your non-versioned bucket\n and you want to maintain the same permanent delete behavior when you enable versioning, you\n must add a noncurrent expiration policy. The noncurrent expiration lifecycle configuration\n will manage the deletes of the noncurrent object versions in the version-enabled bucket.\n For more information, see Versioning in the Amazon S3\n User Guide.
\nAll Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request. In addition, you must use an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived by using the access point ARN, see the Examples section.
The following operations are related to PutBucketVersioning for\n S3 on Outposts.
\n GetBucketVersioning\n
\nSets the supplied tag-set on an S3 Batch Operations job.
\nA tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending\n a PUT request against the tagging subresource that is associated with the job. To modify\n the existing tag set, you can either replace the existing tag set entirely, or make changes\n within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this action to replace the tag set\n with the one you modified. For more information, see Controlling\n access and labeling jobs using tags in the Amazon S3 User Guide.
\n \nIf you send this request with an empty tag set, Amazon S3 deletes the existing\n tag set on the Batch Operations job. If you use this method, you are charged for a Tier\n 1 Request (PUT). For more information, see Amazon S3 pricing.
\nFor deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same\n result without incurring charges.
\nA few things to consider about using tags:
\nAmazon S3 limits the maximum number of tags to 50 tags per job.
\nYou can associate up to 50 tags with a job as long as they have unique\n tag keys.
\nA tag key can be up to 128 Unicode characters in length, and tag values\n can be up to 256 Unicode characters in length.
\nThe key and values are case sensitive.
\nFor tagging-related restrictions related to characters and encodings, see\n User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
\nTo use the\n PutJobTagging\n operation,\n you must have permission to perform the s3:PutJobTagging action.
Related actions include:
\n\n CreateJob\n
\n\n GetJobTagging\n
\n\n DeleteJobTagging\n
\nSets the supplied tag-set on an S3 Batch Operations job.
\nA tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending\n a PUT request against the tagging subresource that is associated with the job. To modify\n the existing tag set, you can either replace the existing tag set entirely, or make changes\n within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this operation to replace the tag set\n with the one you modified. For more information, see Controlling\n access and labeling jobs using tags in the Amazon S3 User Guide.
\nIf you send this request with an empty tag set, Amazon S3 deletes the existing\n tag set on the Batch Operations job. If you use this method, you are charged for a Tier\n 1 Request (PUT). For more information, see Amazon S3 pricing.
\nFor deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same\n result without incurring charges.
\nA few things to consider about using tags:
\nAmazon S3 limits the maximum number of tags to 50 tags per job.
\nYou can associate up to 50 tags with a job as long as they have unique\n tag keys.
\nA tag key can be up to 128 Unicode characters in length, and tag values\n can be up to 256 Unicode characters in length.
\nThe key and values are case sensitive.
\nFor tagging-related restrictions related to characters and encodings, see\n User-Defined Tag Restrictions in the Billing and Cost Management User Guide.
\nTo use the\n PutJobTagging operation, you must have permission to\n perform the s3:PutJobTagging action.
Related actions include:
\n\n CreateJob\n
\n\n GetJobTagging\n
\n\n DeleteJobTagging\n
\nAssociates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only\n one policy, so a request made to this action replaces any existing policy that is\n associated with the specified Multi-Region Access Point.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around managing Multi-Region Access Points, see Managing\n Multi-Region Access Points in the Amazon S3 User Guide.
\nThe following actions are related to\n PutMultiRegionAccessPointPolicy:
This operation is not supported by directory buckets.
\nAssociates an access control policy with the specified Multi-Region Access Point. Each Multi-Region Access Point can have only\n one policy, so a request made to this action replaces any existing policy that is\n associated with the specified Multi-Region Access Point.
\nThis action will always be routed to the US West (Oregon) Region. For more information\n about the restrictions around working with Multi-Region Access Points, see Multi-Region Access Point\n restrictions and limitations in the Amazon S3 User Guide.
\nThe following actions are related to\n PutMultiRegionAccessPointPolicy:
Creates or modifies the PublicAccessBlock configuration for an\n Amazon Web Services account. For this operation, users must have the\n s3:PutAccountPublicAccessBlock permission. For more information, see \n Using Amazon S3 block public access.
Related actions include:
\n\n GetPublicAccessBlock\n
\nThis operation is not supported by directory buckets.
\nCreates or modifies the PublicAccessBlock configuration for an\n Amazon Web Services account. For this operation, users must have the\n s3:PutAccountPublicAccessBlock permission. For more information, see \n Using Amazon S3 block public access.
Related actions include:
\n\n GetPublicAccessBlock\n
\nPuts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with\n Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
This operation is not supported by directory buckets.
\nPuts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with\n Amazon S3 Storage Lens in the Amazon S3 User Guide. For a complete list of S3 Storage Lens metrics, see S3 Storage Lens metrics glossary in the Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information\n about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:PutStorageLensConfigurationTagging action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
This operation is not supported by directory buckets.
\nPut or replace tags on an existing Amazon S3 Storage Lens configuration. For more information\n about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the\n Amazon S3 User Guide.
\nTo use this action, you must have permission to perform the\n s3:PutStorageLensConfigurationTagging action. For more information, see\n Setting permissions to\n use Amazon S3 Storage Lens in the Amazon S3 User Guide.
A container for one or more replication rules. A replication configuration must have at least one rule and you can add up to 100 rules. The maximum size of a\n replication configuration is 128 KB.
" + "smithy.api#documentation": "A container for one or more replication rules. A replication configuration must have at\n least one rule and you can add up to 100 rules. The maximum size of a replication\n configuration is 128 KB.
" } }, "com.amazonaws.s3control#ReplicationRule": { @@ -13711,7 +16281,7 @@ "target": "com.amazonaws.s3control#Priority", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "The priority indicates which rule has precedence whenever two or more replication rules\n conflict. S3 on Outposts attempts to replicate objects according to all replication rules.\n However, if there are two or more rules with the same destination Outposts bucket, then objects will\n be replicated according to the rule with the highest priority. The higher the number, the\n higher the priority.
\nFor more information, see Creating replication rules on Outposts in the\n Amazon S3 User Guide.
" + "smithy.api#documentation": "The priority indicates which rule has precedence whenever two or more replication rules\n conflict. S3 on Outposts attempts to replicate objects according to all replication rules.\n However, if there are two or more rules with the same destination Outposts bucket, then\n objects will be replicated according to the rule with the highest priority. The higher the\n number, the higher the priority.
\nFor more information, see Creating replication\n rules on Outposts in the Amazon S3 User Guide.
" } }, "Prefix": { @@ -13739,7 +16309,7 @@ "SourceSelectionCriteria": { "target": "com.amazonaws.s3control#SourceSelectionCriteria", "traits": { - "smithy.api#documentation": "A container that describes additional filters for identifying the source Outposts objects that\n you want to replicate. You can choose to enable or disable the replication of these\n objects.
" + "smithy.api#documentation": "A container that describes additional filters for identifying the source Outposts\n objects that you want to replicate. You can choose to enable or disable the replication of\n these objects.
" } }, "ExistingObjectReplication": { @@ -13751,14 +16321,14 @@ "Destination": { "target": "com.amazonaws.s3control#Destination", "traits": { - "smithy.api#documentation": "A container for information about the replication destination and its configurations.
", + "smithy.api#documentation": "A container for information about the replication destination and its\n configurations.
", "smithy.api#required": {} } }, "DeleteMarkerReplication": { "target": "com.amazonaws.s3control#DeleteMarkerReplication", "traits": { - "smithy.api#documentation": "Specifies whether S3 on Outposts replicates delete markers. If you specify a\n Filter element in your replication configuration, you must also include a\n DeleteMarkerReplication element. If your Filter includes a\n Tag element, the DeleteMarkerReplication element's\n Status child element must be set to Disabled, because\n S3 on Outposts doesn't support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the Amazon S3 User Guide.
" + "smithy.api#documentation": "Specifies whether S3 on Outposts replicates delete markers. If you specify a\n Filter element in your replication configuration, you must also include a\n DeleteMarkerReplication element. If your Filter includes a\n Tag element, the DeleteMarkerReplication element's\n Status child element must be set to Disabled, because\n S3 on Outposts doesn't support replicating delete markers for tag-based rules.
For more information about delete marker replication, see How delete operations affect replication in the\n Amazon S3 User Guide.
" } }, "Bucket": { @@ -13770,7 +16340,7 @@ } }, "traits": { - "smithy.api#documentation": "Specifies which S3 on Outposts objects to replicate and where to store the replicas.
" + "smithy.api#documentation": "Specifies which S3 on Outposts objects to replicate and where to store the\n replicas.
" } }, "com.amazonaws.s3control#ReplicationRuleAndOperator": { @@ -14235,21 +16805,21 @@ "type": "structure", "members": { "TargetResource": { - "target": "com.amazonaws.s3control#S3BucketArnString", + "target": "com.amazonaws.s3control#S3RegionalOrS3ExpressBucketArnString", "traits": { - "smithy.api#documentation": "Specifies the destination bucket\n Amazon Resource Name\n (ARN)\n for the batch copy operation. For example, to copy objects to a bucket named\n destinationBucket, set the TargetResource property to\n arn:aws:s3:::destinationBucket.
Specifies the destination bucket\n Amazon Resource Name\n (ARN)\n for the batch copy operation.
\n\n General purpose buckets - For example, to copy objects to a general purpose bucket named\n destinationBucket, set the TargetResource property to\n arn:aws:s3:::destinationBucket.
\n Directory buckets - For example, to copy objects to a directory bucket named\n destinationBucket in the Availability Zone; identified by the AZ ID usw2-az1, set the TargetResource property to\n arn:aws:s3express:region:account_id:/bucket/destination_bucket_base_name--usw2-az1--x-s3.
This functionality is not supported by directory buckets.
\nThis functionality is not supported by directory buckets.
\nSpecifies a list of tags to add to the destination objects after they are copied. \n If NewObjectTagging is not specified, the tags of the source objects are copied to destination objects by default.
\n Directory buckets - Tags aren't supported by directory buckets. \n If your source objects have tags and your destination bucket is a directory bucket, specify an empty tag set in the NewObjectTagging field \n to prevent copying the source object tags to the directory bucket.
Specifies an optional metadata property for website redirects,\n x-amz-website-redirect-location. Allows webpage redirects if the object is\n accessed through a website endpoint.
If the destination bucket is configured as a website, specifies an optional metadata property for website redirects,\n x-amz-website-redirect-location. Allows webpage redirects if the object copy is\n accessed through a website endpoint.
This functionality is not supported by directory buckets.
\nThis functionality is not supported by directory buckets.
\nSpecify the storage class for the destination objects in a Copy operation.
\n Directory buckets - This functionality is not supported by directory buckets.
\nThis functionality is not supported by directory buckets.
\nThe legal hold status to be applied to all objects in the Batch Operations job.
" + "smithy.api#documentation": "The legal hold status to be applied to all objects in the Batch Operations job.
\nThis functionality is not supported by directory buckets.
\nThe retention mode to be applied to all objects in the Batch Operations job.
" + "smithy.api#documentation": "The retention mode to be applied to all objects in the Batch Operations job.
\nThis functionality is not supported by directory buckets.
\nThe date when the applied object retention configuration expires on all objects in the\n Batch Operations job.
" + "smithy.api#documentation": "The date when the applied object retention configuration expires on all objects in the\n Batch Operations job.
\nThis functionality is not supported by directory buckets.
\nSpecifies whether Amazon S3 should use an S3 Bucket Key for object encryption with\n server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true\n causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect\n bucket-level settings for S3 Bucket Key.
" + "smithy.api#documentation": "Specifies whether Amazon S3 should use an S3 Bucket Key for object encryption with\n server-side encryption using Amazon Web Services KMS (SSE-KMS). Setting this header to true\n causes Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
Specifying this header with an object action doesn’t affect\n bucket-level settings for S3 Bucket Key.
\nThis functionality is not supported by directory buckets.
\nIndicates the algorithm\n that\n you want Amazon S3 to use to create the checksum. For more\n information,\n see Checking object integrity in the Amazon S3 User Guide.
" + "smithy.api#documentation": "Indicates the algorithm\n that\n you want Amazon S3 to use to create the checksum. For more\n information,\n see Checking object\n integrity in the Amazon S3 User Guide.
" } } }, @@ -14507,20 +17077,20 @@ "SourceBucket": { "target": "com.amazonaws.s3control#S3BucketArnString", "traits": { - "smithy.api#documentation": "The source bucket used by the ManifestGenerator.
", + "smithy.api#documentation": "The source bucket used by the ManifestGenerator.
\n\n Directory buckets - Directory buckets aren't supported \n as the source buckets used by S3JobManifestGenerator to generate the job manifest.
Specifies the location the generated manifest will be written to.
" + "smithy.api#documentation": "Specifies the location the generated manifest will be written to. Manifests can't be\n written to directory buckets. For more information, see Directory\n buckets.
" } }, "Filter": { "target": "com.amazonaws.s3control#JobManifestGeneratorFilter", "traits": { - "smithy.api#documentation": "Specifies rules the S3JobManifestGenerator should use to use to decide whether an object\n in the source bucket should or should not be included in the generated job manifest.
" + "smithy.api#documentation": "Specifies rules the S3JobManifestGenerator should use to decide whether an object\n in the source bucket should or should not be included in the generated job manifest.
" } }, "EnableManifestOutput": { @@ -14558,7 +17128,7 @@ "Bucket": { "target": "com.amazonaws.s3control#S3BucketArnString", "traits": { - "smithy.api#documentation": "The bucket ARN the generated manifest should be written to.
", + "smithy.api#documentation": "The bucket ARN the generated manifest should be written to.
\n\n Directory buckets - Directory buckets aren't supported \n as the buckets to store the generated manifest.
\n\n This member has been deprecated.\n
\n " } }, "ContentMD5": { "target": "com.amazonaws.s3control#NonEmptyMaxLength1024String", "traits": { - "smithy.api#documentation": "" + "smithy.api#documentation": "\n This member has been deprecated.\n
\n " } }, "ContentType": { @@ -14731,13 +17301,13 @@ "target": "com.amazonaws.s3control#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "" + "smithy.api#documentation": "\n This member has been deprecated.\n
\n " } }, "SSEAlgorithm": { "target": "com.amazonaws.s3control#S3SSEAlgorithm", "traits": { - "smithy.api#documentation": "" + "smithy.api#documentation": "\nFor directory buckets, only the server-side encryption with Amazon S3 managed keys (SSE-S3) (AES256) is supported.
Directs the specified job to invoke ReplicateObject on every object in the\n job's manifest.
Contains the configuration for an S3 Object Lock legal hold operation that an\n S3 Batch Operations job passes\n to\n every object to the underlying\n PutObjectLegalHold\n API\n operation. For more information, see Using S3 Object Lock legal hold\n with S3 Batch Operations in the Amazon S3 User Guide.
Contains the configuration for an S3 Object Lock legal hold operation that an\n S3 Batch Operations job passes\n to\n every object to the underlying\n PutObjectLegalHold\n API\n operation. For more information, see Using S3 Object Lock legal hold\n with S3 Batch Operations in the Amazon S3 User Guide.
This functionality is not supported by directory buckets.
\nContains the configuration parameters for the Object Lock retention action for an\n S3 Batch Operations job. Batch Operations passes every object to the underlying\n PutObjectRetention\n API\n operation. For more information, see Using S3 Object Lock retention\n with S3 Batch Operations in the Amazon S3 User Guide.
Contains the configuration parameters for the Object Lock retention action for an\n S3 Batch Operations job. Batch Operations passes every object to the underlying\n PutObjectRetention\n API\n operation. For more information, see Using S3 Object Lock retention\n with S3 Batch Operations in the Amazon S3 User Guide.
This functionality is not supported by directory buckets.
\nA container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property\n is read-only and follows the following format: \n arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck\n \n
The Amazon Web Services organization for your S3 Storage Lens.
" + } + }, + "com.amazonaws.s3control#StorageLensConfiguration": { + "type": "structure", + "members": { + "Id": { + "target": "com.amazonaws.s3control#ConfigId", + "traits": { + "smithy.api#documentation": "A container for the Amazon S3 Storage Lens configuration ID.
", + "smithy.api#required": {} + } + }, + "AccountLevel": { + "target": "com.amazonaws.s3control#AccountLevel", + "traits": { + "smithy.api#documentation": "A container for all the account-level configurations of your S3 Storage Lens\n configuration.
", + "smithy.api#required": {} + } + }, + "Include": { + "target": "com.amazonaws.s3control#Include", + "traits": { + "smithy.api#documentation": "A container for what is included in this configuration. This container can only be valid\n if there is no Exclude container submitted, and it's not empty.
A container for what is excluded in this configuration. This container can only be valid\n if there is no Include container submitted, and it's not empty.
A container to specify the properties of your S3 Storage Lens metrics export including, the\n destination, schema and format.
" + } + }, + "IsEnabled": { + "target": "com.amazonaws.s3control#IsEnabled", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "A container for whether the S3 Storage Lens configuration is enabled.
", + "smithy.api#required": {} + } + }, + "AwsOrg": { + "target": "com.amazonaws.s3control#StorageLensAwsOrg", + "traits": { + "smithy.api#documentation": "A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
" + } + }, + "StorageLensArn": { + "target": "com.amazonaws.s3control#StorageLensArn", + "traits": { + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only\n and follows the following format: \n arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name\n \n
A container for the Amazon S3 Storage Lens configuration.
" + } + }, + "com.amazonaws.s3control#StorageLensConfigurationList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#ListStorageLensConfigurationEntry", + "traits": { + "smithy.api#xmlName": "StorageLensConfiguration" + } + } + }, + "com.amazonaws.s3control#StorageLensDataExport": { + "type": "structure", + "members": { + "S3BucketDestination": { + "target": "com.amazonaws.s3control#S3BucketDestination", + "traits": { + "smithy.api#documentation": "A container for the bucket where the S3 Storage Lens metrics export will be located.
\nThis bucket must be located in the same Region as the storage lens configuration.\n
\nA container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A container to specify the properties of your S3 Storage Lens metrics export, including the\n destination, schema, and format.
" + } + }, + "com.amazonaws.s3control#StorageLensDataExportEncryption": { + "type": "structure", + "members": { + "SSES3": { + "target": "com.amazonaws.s3control#SSES3", + "traits": { + "smithy.api#documentation": "", + "smithy.api#xmlName": "SSE-S3" + } + }, + "SSEKMS": { + "target": "com.amazonaws.s3control#SSEKMS", + "traits": { + "smithy.api#documentation": "", + "smithy.api#xmlName": "SSE-KMS" + } + } + }, + "traits": { + "smithy.api#documentation": "A container for the encryption of the S3 Storage Lens metrics exports.
" + } + }, + "com.amazonaws.s3control#StorageLensGroup": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.s3control#StorageLensGroupName", + "traits": { + "smithy.api#documentation": "Contains the name of the Storage Lens group.
", + "smithy.api#required": {} + } + }, + "Filter": { + "target": "com.amazonaws.s3control#StorageLensGroupFilter", + "traits": { + "smithy.api#documentation": "Sets the criteria for the Storage Lens group data that is displayed. For multiple filter\n conditions, the AND or OR logical operator is used.
Contains the Amazon Resource Name (ARN) of the Storage Lens group. This property is\n read-only.
" + } + } + }, + "traits": { + "smithy.api#documentation": "A custom grouping of objects that include filters for prefixes, suffixes, object tags,\n object size, or object age. You can create an S3 Storage Lens group that includes a single\n filter or multiple filter conditions. To specify multiple filter conditions, you use\n AND or OR logical operators.
Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes\n are allowed.
" + } + }, + "MatchAnySuffix": { + "target": "com.amazonaws.s3control#MatchAnySuffix", + "traits": { + "smithy.api#documentation": "Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes\n are allowed.
" + } + }, + "MatchAnyTag": { + "target": "com.amazonaws.s3control#MatchAnyTag", + "traits": { + "smithy.api#documentation": "Contains the list of object tags. At least one object tag must be specified. Up to 10\n object tags are allowed.
" } }, - "Disabled": { - "target": "smithy.api#Unit", + "MatchObjectAge": { + "target": "com.amazonaws.s3control#MatchObjectAge", "traits": { - "smithy.api#enumValue": "Disabled" + "smithy.api#documentation": " Contains DaysGreaterThan and DaysLessThan to define the\n object age range (minimum and maximum number of days).
Contains BytesGreaterThan and BytesLessThan to define the\n object size range (minimum and maximum number of Bytes).
A logical operator that allows multiple filter conditions to be joined for more complex\n comparisons of Storage Lens group data.
" } }, - "com.amazonaws.s3control#StorageLensArn": { + "com.amazonaws.s3control#StorageLensGroupArn": { "type": "string", "traits": { "smithy.api#length": { - "min": 1, + "min": 4, "max": 1024 }, - "smithy.api#pattern": "^arn:[a-z\\-]+:s3:[a-z0-9\\-]+:\\d{12}:storage\\-lens\\/" - } - }, - "com.amazonaws.s3control#StorageLensAwsOrg": { - "type": "structure", - "members": { - "Arn": { - "target": "com.amazonaws.s3control#AwsOrgArn", - "traits": { - "smithy.api#documentation": "A container for the Amazon Resource Name (ARN) of the Amazon Web Services organization. This property\n is read-only and follows the following format: \n arn:aws:organizations:us-east-1:example-account-id:organization/o-ex2l495dck\n \n
The Amazon Web Services organization for your S3 Storage Lens.
" + "smithy.api#pattern": "^arn:[a-z\\-]+:s3:[a-z0-9\\-]+:\\d{12}:storage\\-lens\\-group\\/" } }, - "com.amazonaws.s3control#StorageLensConfiguration": { + "com.amazonaws.s3control#StorageLensGroupFilter": { "type": "structure", "members": { - "Id": { - "target": "com.amazonaws.s3control#ConfigId", + "MatchAnyPrefix": { + "target": "com.amazonaws.s3control#MatchAnyPrefix", "traits": { - "smithy.api#documentation": "A container for the Amazon S3 Storage Lens configuration ID.
", - "smithy.api#required": {} + "smithy.api#documentation": "Contains a list of prefixes. At least one prefix must be specified. Up to 10 prefixes\n are allowed.
" } }, - "AccountLevel": { - "target": "com.amazonaws.s3control#AccountLevel", + "MatchAnySuffix": { + "target": "com.amazonaws.s3control#MatchAnySuffix", "traits": { - "smithy.api#documentation": "A container for all the account-level configurations of your S3 Storage Lens\n configuration.
", - "smithy.api#required": {} + "smithy.api#documentation": "Contains a list of suffixes. At least one suffix must be specified. Up to 10 suffixes\n are allowed.
" } }, - "Include": { - "target": "com.amazonaws.s3control#Include", + "MatchAnyTag": { + "target": "com.amazonaws.s3control#MatchAnyTag", "traits": { - "smithy.api#documentation": "A container for what is included in this configuration. This container can only be valid\n if there is no Exclude container submitted, and it's not empty.
Contains the list of S3 object tags. At least one object tag must be specified. Up to\n 10 object tags are allowed.
" } }, - "Exclude": { - "target": "com.amazonaws.s3control#Exclude", + "MatchObjectAge": { + "target": "com.amazonaws.s3control#MatchObjectAge", "traits": { - "smithy.api#documentation": "A container for what is excluded in this configuration. This container can only be valid\n if there is no Include container submitted, and it's not empty.
Contains DaysGreaterThan and DaysLessThan to define the\n object age range (minimum and maximum number of days).
A container to specify the properties of your S3 Storage Lens metrics export including, the\n destination, schema and format.
" + "smithy.api#documentation": " Contains BytesGreaterThan and BytesLessThan to define the\n object size range (minimum and maximum number of Bytes).
A container for whether the S3 Storage Lens configuration is enabled.
", - "smithy.api#required": {} + "smithy.api#documentation": "A logical operator that allows multiple filter conditions to be joined for more complex\n comparisons of Storage Lens group data. Objects must match all of the listed filter\n conditions that are joined by the And logical operator. Only one of each\n filter condition is allowed.
A container for the Amazon Web Services organization for this S3 Storage Lens configuration.
" + "smithy.api#documentation": "A single logical operator that allows multiple filter conditions to be joined. Objects\n can match any of the listed filter conditions, which are joined by the Or\n logical operator. Only one of each filter condition is allowed.
The filter element sets the criteria for the Storage Lens group data that is displayed.\n For multiple filter conditions, the AND or OR logical operator is\n used.
The Amazon Resource Name (ARN) of the S3 Storage Lens configuration. This property is read-only\n and follows the following format: \n arn:aws:s3:us-east-1:example-account-id:storage-lens/your-dashboard-name\n \n
Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group\n aggregation. If this value is left null, then all Storage Lens groups are selected.
" } } }, "traits": { - "smithy.api#documentation": "A container for the Amazon S3 Storage Lens configuration.
" + "smithy.api#documentation": "Specifies the Storage Lens groups to include in the Storage Lens group aggregation.\n
" } }, - "com.amazonaws.s3control#StorageLensConfigurationList": { + "com.amazonaws.s3control#StorageLensGroupLevelExclude": { "type": "list", "member": { - "target": "com.amazonaws.s3control#ListStorageLensConfigurationEntry", + "target": "com.amazonaws.s3control#StorageLensGroupArn", "traits": { - "smithy.api#xmlName": "StorageLensConfiguration" + "smithy.api#xmlName": "Arn" } } }, - "com.amazonaws.s3control#StorageLensDataExport": { + "com.amazonaws.s3control#StorageLensGroupLevelInclude": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#StorageLensGroupArn", + "traits": { + "smithy.api#xmlName": "Arn" + } + } + }, + "com.amazonaws.s3control#StorageLensGroupLevelSelectionCriteria": { "type": "structure", "members": { - "S3BucketDestination": { - "target": "com.amazonaws.s3control#S3BucketDestination", + "Include": { + "target": "com.amazonaws.s3control#StorageLensGroupLevelInclude", "traits": { - "smithy.api#documentation": "A container for the bucket where the S3 Storage Lens metrics export will be located.
\nThis bucket must be located in the same Region as the storage lens configuration.\n
\nIndicates which Storage Lens group ARNs to include in the Storage Lens group\n aggregation.
" } }, - "CloudWatchMetrics": { - "target": "com.amazonaws.s3control#CloudWatchMetrics", + "Exclude": { + "target": "com.amazonaws.s3control#StorageLensGroupLevelExclude", "traits": { - "smithy.api#documentation": "A container for enabling Amazon CloudWatch publishing for S3 Storage Lens metrics.
" + "smithy.api#documentation": "Indicates which Storage Lens group ARNs to exclude from the Storage Lens group\n aggregation.
" } } }, "traits": { - "smithy.api#documentation": "A container to specify the properties of your S3 Storage Lens metrics export, including the\n destination, schema, and format.
" + "smithy.api#documentation": "Indicates which Storage Lens group ARNs to include or exclude in the Storage Lens group\n aggregation. You can only attach Storage Lens groups to your Storage Lens dashboard if\n they're included in your Storage Lens group aggregation. If this value is left null, then\n all Storage Lens groups are selected.
" } }, - "com.amazonaws.s3control#StorageLensDataExportEncryption": { + "com.amazonaws.s3control#StorageLensGroupList": { + "type": "list", + "member": { + "target": "com.amazonaws.s3control#ListStorageLensGroupEntry", + "traits": { + "smithy.api#xmlName": "StorageLensGroup" + } + } + }, + "com.amazonaws.s3control#StorageLensGroupName": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 64 + }, + "smithy.api#pattern": "^[a-zA-Z0-9\\-\\_]+$" + } + }, + "com.amazonaws.s3control#StorageLensGroupOrOperator": { "type": "structure", "members": { - "SSES3": { - "target": "com.amazonaws.s3control#SSES3", + "MatchAnyPrefix": { + "target": "com.amazonaws.s3control#MatchAnyPrefix", "traits": { - "smithy.api#documentation": "", - "smithy.api#xmlName": "SSE-S3" + "smithy.api#documentation": "Filters objects that match any of the specified prefixes.
" } }, - "SSEKMS": { - "target": "com.amazonaws.s3control#SSEKMS", + "MatchAnySuffix": { + "target": "com.amazonaws.s3control#MatchAnySuffix", "traits": { - "smithy.api#documentation": "", - "smithy.api#xmlName": "SSE-KMS" + "smithy.api#documentation": "\nFilters objects that match any of the specified suffixes.\n
" + } + }, + "MatchAnyTag": { + "target": "com.amazonaws.s3control#MatchAnyTag", + "traits": { + "smithy.api#documentation": "\nFilters objects that match any of the specified S3 object tags.\n
" + } + }, + "MatchObjectAge": { + "target": "com.amazonaws.s3control#MatchObjectAge", + "traits": { + "smithy.api#documentation": "\nFilters objects that match the specified object age range.\n
" + } + }, + "MatchObjectSize": { + "target": "com.amazonaws.s3control#MatchObjectSize", + "traits": { + "smithy.api#documentation": "\nFilters objects that match the specified object size range.\n
" } } }, "traits": { - "smithy.api#documentation": "A container for the encryption of the S3 Storage Lens metrics exports.
" + "smithy.api#documentation": "A container element for specifying Or rule conditions. The rule conditions\n determine the subset of objects to which the Or rule applies. Objects can\n match any of the listed filter conditions, which are joined by the Or logical\n operator. Only one of each filter condition is allowed.
This operation is not supported by directory buckets.
\nSubmits an updated route configuration for a Multi-Region Access Point. This API operation updates the\n routing status for the specified Regions from active to passive, or from passive to active.\n A value of 0 indicates a passive status, which means that traffic won't be\n routed to the specified Region. A value of 100 indicates an active status,\n which means that traffic will be routed to the specified Region. At least one Region must\n be active at all times.
When the routing configuration is changed, any in-progress operations (uploads, copies,\n deletes, and so on) to formerly active Regions will continue to run to their final\n completion state (success or failure). The routing configurations of any Regions that\n aren’t specified remain unchanged.
\nUpdated routing configurations might not be immediately applied. It can take up to 2\n minutes for your changes to take effect.
\nTo submit routing control changes and failover requests, use the Amazon S3 failover control\n infrastructure endpoints in these five Amazon Web Services Regions:
\n\n us-east-1\n
\n us-west-2\n
\n ap-southeast-2\n
\n ap-northeast-1\n
\n eu-west-1\n
The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "Mrap": { + "target": "com.amazonaws.s3control#MultiRegionAccessPointId", + "traits": { + "smithy.api#documentation": "The Multi-Region Access Point ARN.
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "RouteUpdates": { + "target": "com.amazonaws.s3control#RouteList", + "traits": { + "smithy.api#documentation": "The different routes that make up the new route configuration. Active routes return a\n value of 100, and passive routes return a value of 0.
The key of the key-value pair of a tag added to your Amazon Web Services resource. A tag key can be up to 128 Unicode characters in length and is case-sensitive. System created tags that begin with aws: aren’t supported.\n
\n The value of the key-value pair of a tag added to your Amazon Web Services resource. A tag value can be up to 256 Unicode characters in length and is case-sensitive.\n
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "\n An Amazon Web Services resource tag that's associated with your S3 resource. You can add tags to new objects when you upload them, or you can add object tags to existing objects. \n
\nThis operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
\nSubmits an updated route configuration for a Multi-Region Access Point. This API operation updates the\n routing status for the specified Regions from active to passive, or from passive to active.\n A value of 0 indicates a passive status, which means that traffic won't be\n routed to the specified Region. A value of 100 indicates an active status,\n which means that traffic will be routed to the specified Region. At least one Region must be active at all times.
When the routing configuration is changed, any in-progress operations (uploads, copies,\n deletes, and so on) to formerly active Regions will continue to run to their final\n completion state (success or failure). The routing configurations of any Regions that\n aren’t specified remain unchanged.
\nUpdated routing configurations might not be immediately applied. It can take up to 2\n minutes for your changes to take effect.
\nTo submit routing control changes and failover requests, use the Amazon S3 failover control\n infrastructure endpoints in these five Amazon Web Services Regions:
\n\n us-east-1\n
\n us-west-2\n
\n ap-southeast-2\n
\n ap-northeast-1\n
\n eu-west-1\n
Your Amazon S3 bucket does not need to be in these five Regions.
\nCreates a new Amazon Web Services resource tag or updates an existing resource tag. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources. You can add up to 50 Amazon Web Services resource tags for each S3 resource.
\nThis operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
\nYou must have the s3:TagResource permission to use this operation.
For more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
\nFor information about S3 Tagging errors, see List of Amazon S3 Tagging error codes.
", "smithy.api#endpoint": { "hostPrefix": "{AccountId}." }, "smithy.api#http": { - "method": "PATCH", - "uri": "/v20180820/mrap/instances/{Mrap+}/routes", - "code": 200 + "method": "POST", + "uri": "/v20180820/tags/{ResourceArn+}", + "code": 204 }, - "smithy.api#httpChecksumRequired": {}, "smithy.rules#staticContextParams": { "RequiresAccountId": { "value": true @@ -15373,13 +18378,13 @@ } } }, - "com.amazonaws.s3control#SubmitMultiRegionAccessPointRoutesRequest": { + "com.amazonaws.s3control#TagResourceRequest": { "type": "structure", "members": { "AccountId": { "target": "com.amazonaws.s3control#AccountId", "traits": { - "smithy.api#documentation": "The Amazon Web Services account ID for the owner of the Multi-Region Access Point.
", + "smithy.api#documentation": "\nThe Amazon Web Services account ID that created the S3 resource that you're trying to add tags to or the requester's account ID. \n
", "smithy.api#hostLabel": {}, "smithy.api#httpHeader": "x-amz-account-id", "smithy.api#required": {}, @@ -15388,18 +18393,18 @@ } } }, - "Mrap": { - "target": "com.amazonaws.s3control#MultiRegionAccessPointId", + "ResourceArn": { + "target": "com.amazonaws.s3control#S3ResourceArn", "traits": { - "smithy.api#documentation": "The Multi-Region Access Point ARN.
", + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the S3 resource that you're trying to add tags to. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
", "smithy.api#httpLabel": {}, "smithy.api#required": {} } }, - "RouteUpdates": { - "target": "com.amazonaws.s3control#RouteList", + "Tags": { + "target": "com.amazonaws.s3control#TagList", "traits": { - "smithy.api#documentation": "The different routes that make up the new route configuration. Active routes return a\n value of 100, and passive routes return a value of 0.
\nThe Amazon Web Services resource tags that you want to add to the specified S3 resource. \n
", "smithy.api#required": {} } } @@ -15408,41 +18413,19 @@ "smithy.api#input": {} } }, - "com.amazonaws.s3control#SubmitMultiRegionAccessPointRoutesResult": { + "com.amazonaws.s3control#TagResourceResult": { "type": "structure", "members": {}, "traits": { "smithy.api#output": {} } }, - "com.amazonaws.s3control#SuspendedCause": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 1, - "max": 1024 - } - } - }, - "com.amazonaws.s3control#SuspendedDate": { - "type": "timestamp" - }, - "com.amazonaws.s3control#TagKeyString": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 1, - "max": 1024 - }, - "smithy.api#pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" - } - }, "com.amazonaws.s3control#TagValueString": { "type": "string", "traits": { "smithy.api#length": { "min": 0, - "max": 1024 + "max": 256 }, "smithy.api#pattern": "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" } @@ -15569,6 +18552,173 @@ } } }, + "com.amazonaws.s3control#UntagResource": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#UntagResourceRequest" + }, + "output": { + "target": "com.amazonaws.s3control#UntagResourceResult" + }, + "traits": { + "smithy.api#documentation": "This operation removes the specified Amazon Web Services resource tags from an S3 resource. Each tag is a label consisting of a user-defined key and value. Tags can help you manage, identify, organize, search for, and filter resources.
\nThis operation is only supported for S3 Storage Lens groups and for S3 Access Grants. The tagged resource can be an S3 Storage Lens group or S3 Access Grants instance, registered location, or grant.
\nYou must have the s3:UntagResource permission to use this operation.
For more information about the required Storage\n Lens Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
\nFor information about S3 Tagging errors, see List of Amazon S3\n Tagging error codes.
", + "smithy.api#endpoint": { + "hostPrefix": "{AccountId}." + }, + "smithy.api#http": { + "method": "DELETE", + "uri": "/v20180820/tags/{ResourceArn+}", + "code": 204 + }, + "smithy.rules#staticContextParams": { + "RequiresAccountId": { + "value": true + } + } + } + }, + "com.amazonaws.s3control#UntagResourceRequest": { + "type": "structure", + "members": { + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "\n The Amazon Web Services account ID that owns the resource that you're trying to remove the tags from.\n
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "ResourceArn": { + "target": "com.amazonaws.s3control#S3ResourceArn", + "traits": { + "smithy.api#documentation": "\n The Amazon Resource Name (ARN) of the S3 resource that you're trying to remove the tags from.\n
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "TagKeys": { + "target": "com.amazonaws.s3control#TagKeyList", + "traits": { + "smithy.api#documentation": "\n The array of tag key-value pairs that you're trying to remove from of the S3 resource.\n
", + "smithy.api#httpQuery": "tagKeys", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#UntagResourceResult": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#output": {} + } + }, + "com.amazonaws.s3control#UpdateAccessGrantsLocation": { + "type": "operation", + "input": { + "target": "com.amazonaws.s3control#UpdateAccessGrantsLocationRequest" + }, + "output": { + "target": "com.amazonaws.s3control#UpdateAccessGrantsLocationResult" + }, + "traits": { + "smithy.api#documentation": "Updates the IAM role of a registered location in your S3 Access Grants instance.
\nYou must have the s3:UpdateAccessGrantsLocation permission to use this operation.
You must also have the following permission: iam:PassRole\n
The ID of the Amazon Web Services account that is making this request.
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", + "traits": { + "smithy.api#documentation": "The ID of the registered location that you are updating. S3 Access Grants assigns this ID when you register the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
If you are passing the default location, you cannot create an access grant for the entire default location. You must also specify a bucket or a bucket and prefix in the Subprefix field.
The Amazon Resource Name (ARN) of the IAM role for the registered location. S3 Access Grants assumes this role to manage access to the registered location.
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#UpdateAccessGrantsLocationResult": { + "type": "structure", + "members": { + "CreatedAt": { + "target": "com.amazonaws.s3control#CreationTimestamp", + "traits": { + "smithy.api#documentation": "The date and time when you registered the location.
" + } + }, + "AccessGrantsLocationId": { + "target": "com.amazonaws.s3control#AccessGrantsLocationId", + "traits": { + "smithy.api#documentation": "The ID of the registered location to which you are granting access. S3 Access Grants assigned this ID when you registered the location. S3 Access Grants assigns the ID default to the default location s3:// and assigns an auto-generated ID to other locations that you register.
The Amazon Resource Name (ARN) of the registered location that you are updating.
" + } + }, + "LocationScope": { + "target": "com.amazonaws.s3control#S3Prefix", + "traits": { + "smithy.api#documentation": "The S3 URI path of the location that you are updating. You cannot update the scope of the registered location. The location scope can be the default S3 location s3://, the S3 path to a bucket s3://, or the S3 path to a bucket and prefix s3://.
The Amazon Resource Name (ARN) of the IAM role of the registered location. S3 Access Grants assumes this role to manage access to the registered location.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.s3control#UpdateJobPriority": { "type": "operation", "input": { @@ -15592,7 +18742,7 @@ } ], "traits": { - "smithy.api#documentation": "Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
\n \nRelated actions include:
\n\n CreateJob\n
\n\n ListJobs\n
\n\n DescribeJob\n
\n\n UpdateJobStatus\n
\nUpdates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
\nTo use the\n UpdateJobPriority operation, you must have permission to\n perform the s3:UpdateJobPriority action.
Related actions include:
\n\n CreateJob\n
\n\n ListJobs\n
\n\n DescribeJob\n
\n\n UpdateJobStatus\n
\nUpdates the status for the specified job. Use this action to confirm that you want to\n run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
\n \nRelated actions include:
\n\n CreateJob\n
\n\n ListJobs\n
\n\n DescribeJob\n
\n\n UpdateJobStatus\n
\nUpdates the status for the specified job. Use this operation to confirm that you want to\n run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon S3 User Guide.
\nTo use the\n UpdateJobStatus operation, you must have permission to\n perform the s3:UpdateJobStatus action.
Related actions include:
\n\n CreateJob\n
\n\n ListJobs\n
\n\n DescribeJob\n
\n\n UpdateJobStatus\n
\n\nUpdates the existing Storage Lens group.
\nTo use this operation, you must have the permission to perform the\n s3:UpdateStorageLensGroup action. For more information about the required Storage Lens\n Groups permissions, see Setting account permissions to use S3 Storage Lens groups.
For information about Storage Lens groups errors, see List of Amazon S3 Storage\n Lens error codes.
", + "smithy.api#endpoint": { + "hostPrefix": "{AccountId}." + }, + "smithy.api#http": { + "method": "PUT", + "uri": "/v20180820/storagelensgroup/{Name}", + "code": 204 + }, + "smithy.rules#staticContextParams": { + "RequiresAccountId": { + "value": true + } + } + } + }, + "com.amazonaws.s3control#UpdateStorageLensGroupRequest": { + "type": "structure", + "members": { + "Name": { + "target": "com.amazonaws.s3control#StorageLensGroupName", + "traits": { + "smithy.api#documentation": "\nThe name of the Storage Lens group that you want to update.\n
", + "smithy.api#httpLabel": {}, + "smithy.api#required": {} + } + }, + "AccountId": { + "target": "com.amazonaws.s3control#AccountId", + "traits": { + "smithy.api#documentation": "\nThe Amazon Web Services account ID of the Storage Lens group owner.\n
", + "smithy.api#hostLabel": {}, + "smithy.api#httpHeader": "x-amz-account-id", + "smithy.api#required": {}, + "smithy.rules#contextParam": { + "name": "AccountId" + } + } + }, + "StorageLensGroup": { + "target": "com.amazonaws.s3control#StorageLensGroup", + "traits": { + "smithy.api#documentation": "\nThe JSON file that contains the Storage Lens group configuration.\n
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.s3control#UserArguments": { + "type": "map", + "key": { + "target": "com.amazonaws.s3control#NonEmptyMaxLength64String" + }, + "value": { + "target": "com.amazonaws.s3control#MaxLength1024String" + }, + "traits": { + "smithy.api#length": { + "min": 1, + "max": 10 + } + } + }, "com.amazonaws.s3control#VersioningConfiguration": { "type": "structure", "members": { diff --git a/aws/sdk/aws-models/sdk-endpoints.json b/aws/sdk/aws-models/sdk-endpoints.json index 1886a2f05c..ac677b380c 100644 --- a/aws/sdk/aws-models/sdk-endpoints.json +++ b/aws/sdk/aws-models/sdk-endpoints.json @@ -59,6 +59,9 @@ "ca-central-1" : { "description" : "Canada (Central)" }, + "ca-west-1" : { + "description" : "Canada West (Calgary)" + }, "eu-central-1" : { "description" : "Europe (Frankfurt)" }, @@ -109,11 +112,6 @@ } }, "services" : { - "a4b" : { - "endpoints" : { - "us-east-1" : { } - } - }, "access-analyzer" : { "endpoints" : { "af-south-1" : { }, @@ -133,6 +131,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "access-analyzer-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -148,6 +152,13 @@ "deprecated" : true, "hostname" : "access-analyzer-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "access-analyzer-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -244,6 +255,19 @@ "deprecated" : true, "hostname" : "acm-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "acm-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "acm-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -332,6 +356,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "acm-pca-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -347,6 +377,13 @@ "deprecated" : true, "hostname" : "acm-pca-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "acm-pca-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -412,6 +449,8 @@ }, "airflow" : { "endpoints" : { + "af-south-1" : { }, + "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-south-1" : { }, @@ -420,12 +459,15 @@ "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, + "eu-south-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, + "us-west-1" : { }, "us-west-2" : { } } }, @@ -434,6 +476,7 @@ "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -456,6 +499,7 @@ "endpoints" : { "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -478,6 +522,7 @@ "endpoints" : { "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -499,10 +544,13 @@ "aoss" : { "endpoints" : { "ap-northeast-1" : { }, + "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "eu-central-1" : { }, "eu-west-1" : { }, + "eu-west-2" : { }, + "eu-west-3" : { }, "us-east-1" : { }, "us-east-2" : { }, "us-west-2" : { } @@ -676,6 +724,12 @@ }, "hostname" : "api.ecr.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "hostname" : "api.ecr.ca-west-1.amazonaws.com" + }, "dkr-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -1070,6 +1124,7 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-4" : { }, @@ -1078,6 +1133,7 @@ "eu-north-1" : { }, "eu-west-1" : { }, "eu-west-3" : { }, + "me-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -1116,6 +1172,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -1290,6 +1347,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "apigateway-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -1305,6 +1368,13 @@ "deprecated" : true, "hostname" : "apigateway-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "apigateway-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -1391,6 +1461,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -1423,6 +1494,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -1526,6 +1598,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -1898,6 +1971,7 @@ "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, @@ -1907,6 +1981,7 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, @@ -1951,6 +2026,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -2043,6 +2119,12 @@ "tags" : [ "dualstack" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "athena.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "eu-central-1" : { "variants" : [ { "hostname" : "athena.eu-central-1.api.aws", @@ -2203,10 +2285,58 @@ "eu-central-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "auditmanager-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-1-fips" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "auditmanager-fips.us-east-1.amazonaws.com" + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "auditmanager-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2-fips" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "auditmanager-fips.us-east-2.amazonaws.com" + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "auditmanager-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1-fips" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "auditmanager-fips.us-west-1.amazonaws.com" + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "auditmanager-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2-fips" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "auditmanager-fips.us-west-2.amazonaws.com" + } } }, "autoscaling" : { @@ -2231,6 +2361,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "autoscaling-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -2246,6 +2382,13 @@ "deprecated" : true, "hostname" : "autoscaling-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "autoscaling-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2347,6 +2490,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -2441,6 +2585,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -2510,25 +2655,63 @@ "bedrock" : { "endpoints" : { "ap-northeast-1" : { }, + "ap-south-1" : { }, "ap-southeast-1" : { }, + "ap-southeast-2" : { }, "bedrock-ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" }, "hostname" : "bedrock.ap-northeast-1.amazonaws.com" }, + "bedrock-ap-south-1" : { + "credentialScope" : { + "region" : "ap-south-1" + }, + "hostname" : "bedrock.ap-south-1.amazonaws.com" + }, "bedrock-ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" }, "hostname" : "bedrock.ap-southeast-1.amazonaws.com" }, + "bedrock-ap-southeast-2" : { + "credentialScope" : { + "region" : "ap-southeast-2" + }, + "hostname" : "bedrock.ap-southeast-2.amazonaws.com" + }, + "bedrock-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "hostname" : "bedrock.ca-central-1.amazonaws.com" + }, "bedrock-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" }, "hostname" : "bedrock.eu-central-1.amazonaws.com" }, + "bedrock-eu-west-1" : { + "credentialScope" : { + "region" : "eu-west-1" + }, + "hostname" : "bedrock.eu-west-1.amazonaws.com" + }, + "bedrock-eu-west-2" : { + "credentialScope" : { + "region" : "eu-west-2" + }, + "hostname" : "bedrock.eu-west-2.amazonaws.com" + }, + "bedrock-eu-west-3" : { + "credentialScope" : { + "region" : "eu-west-3" + }, + "hostname" : "bedrock.eu-west-3.amazonaws.com" + }, "bedrock-fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2547,18 +2730,54 @@ }, "hostname" : "bedrock-runtime.ap-northeast-1.amazonaws.com" }, + "bedrock-runtime-ap-south-1" : { + "credentialScope" : { + "region" : "ap-south-1" + }, + "hostname" : "bedrock-runtime.ap-south-1.amazonaws.com" + }, "bedrock-runtime-ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" }, "hostname" : "bedrock-runtime.ap-southeast-1.amazonaws.com" }, + "bedrock-runtime-ap-southeast-2" : { + "credentialScope" : { + "region" : "ap-southeast-2" + }, + "hostname" : "bedrock-runtime.ap-southeast-2.amazonaws.com" + }, + "bedrock-runtime-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "hostname" : "bedrock-runtime.ca-central-1.amazonaws.com" + }, "bedrock-runtime-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" }, "hostname" : "bedrock-runtime.eu-central-1.amazonaws.com" }, + "bedrock-runtime-eu-west-1" : { + "credentialScope" : { + "region" : "eu-west-1" + }, + "hostname" : "bedrock-runtime.eu-west-1.amazonaws.com" + }, + "bedrock-runtime-eu-west-2" : { + "credentialScope" : { + "region" : "eu-west-2" + }, + "hostname" : "bedrock-runtime.eu-west-2.amazonaws.com" + }, + "bedrock-runtime-eu-west-3" : { + "credentialScope" : { + "region" : "eu-west-3" + }, + "hostname" : "bedrock-runtime.eu-west-3.amazonaws.com" + }, "bedrock-runtime-fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2571,6 +2790,12 @@ }, "hostname" : "bedrock-runtime-fips.us-west-2.amazonaws.com" }, + "bedrock-runtime-sa-east-1" : { + "credentialScope" : { + "region" : "sa-east-1" + }, + "hostname" : "bedrock-runtime.sa-east-1.amazonaws.com" + }, "bedrock-runtime-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2583,6 +2808,12 @@ }, "hostname" : "bedrock-runtime.us-west-2.amazonaws.com" }, + "bedrock-sa-east-1" : { + "credentialScope" : { + "region" : "sa-east-1" + }, + "hostname" : "bedrock.sa-east-1.amazonaws.com" + }, "bedrock-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -2595,7 +2826,12 @@ }, "hostname" : "bedrock.us-west-2.amazonaws.com" }, + "ca-central-1" : { }, "eu-central-1" : { }, + "eu-west-1" : { }, + "eu-west-2" : { }, + "eu-west-3" : { }, + "sa-east-1" : { }, "us-east-1" : { }, "us-west-2" : { } } @@ -2614,6 +2850,7 @@ }, "braket" : { "endpoints" : { + "eu-north-1" : { }, "eu-west-2" : { }, "us-east-1" : { }, "us-west-1" : { }, @@ -2634,6 +2871,8 @@ }, "cases" : { "endpoints" : { + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, @@ -2753,76 +2992,178 @@ }, "cloud9" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } - } - }, - "cloudcontrolapi" : { - "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ca-central-1" : { + "af-south-1" : { "variants" : [ { - "hostname" : "cloudcontrolapi-fips.ca-central-1.amazonaws.com", - "tags" : [ "fips" ] + "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "fips-ca-central-1" : { - "credentialScope" : { - "region" : "ca-central-1" - }, - "deprecated" : true, - "hostname" : "cloudcontrolapi-fips.ca-central-1.amazonaws.com" + "ap-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] }, - "fips-us-east-1" : { - "credentialScope" : { - "region" : "us-east-1" - }, - "deprecated" : true, - "hostname" : "cloudcontrolapi-fips.us-east-1.amazonaws.com" + "ap-northeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] }, - "fips-us-east-2" : { - "credentialScope" : { - "region" : "us-east-2" - }, - "deprecated" : true, - "hostname" : "cloudcontrolapi-fips.us-east-2.amazonaws.com" + "ap-northeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "us-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + } + } + }, + "cloudcontrolapi" : { + "endpoints" : { + "af-south-1" : { }, + "ap-east-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, + "ap-south-1" : { }, + "ap-south-2" : { }, + "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "cloudcontrolapi-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "cloudcontrolapi-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "eu-central-1" : { }, + "eu-central-2" : { }, + "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, + "eu-west-1" : { }, + "eu-west-2" : { }, + "eu-west-3" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "cloudcontrolapi-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "cloudcontrolapi-fips.ca-west-1.amazonaws.com" + }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "cloudcontrolapi-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "cloudcontrolapi-fips.us-east-2.amazonaws.com" }, "fips-us-west-1" : { "credentialScope" : { @@ -2895,6 +3236,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -2992,6 +3334,7 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, @@ -3041,6 +3384,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -3125,6 +3469,7 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, @@ -3349,6 +3694,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -3583,16 +3929,22 @@ }, "cognito-identity" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -3625,6 +3977,7 @@ "hostname" : "cognito-identity-fips.us-west-2.amazonaws.com" }, "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -3655,16 +4008,22 @@ }, "cognito-idp" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -3697,6 +4056,7 @@ "hostname" : "cognito-idp-fips.us-west-2.amazonaws.com" }, "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -3798,9 +4158,21 @@ "comprehendmedical" : { "endpoints" : { "ap-southeast-2" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "comprehendmedical-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-west-1" : { }, "eu-west-2" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "comprehendmedical-fips.ca-central-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -4028,6 +4400,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -4206,6 +4579,19 @@ "deprecated" : true, "hostname" : "controltower-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "controltower-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "controltower-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -4673,6 +5059,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "datasync-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -4688,6 +5080,13 @@ "deprecated" : true, "hostname" : "datasync-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "datasync-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -4796,6 +5195,9 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "hostname" : "datazone.ca-west-1.api.aws" + }, "eu-central-1" : { "hostname" : "datazone.eu-central-1.api.aws" }, @@ -4976,7 +5378,18 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "directconnect-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "directconnect-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -4985,6 +5398,20 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "directconnect-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "directconnect-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -5068,6 +5495,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5076,6 +5504,7 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, @@ -5099,6 +5528,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "dms" : { "credentialScope" : { "region" : "us-west-1" @@ -5292,24 +5722,72 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "drs-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "drs-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "drs-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "drs-fips.us-west-2.amazonaws.com" + }, "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } - } - }, - "ds" : { - "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, + "us-east-1" : { + "variants" : [ { + "hostname" : "drs-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "drs-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "drs-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "drs-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } + } + }, + "ds" : { + "endpoints" : { + "af-south-1" : { }, + "ap-east-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, + "ap-south-1" : { }, "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -5321,6 +5799,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "ds-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5336,6 +5820,13 @@ "deprecated" : true, "hostname" : "ds-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "ds-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -5423,6 +5914,19 @@ "deprecated" : true, "hostname" : "dynamodb-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "dynamodb-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "dynamodb-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5515,6 +6019,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "ebs-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5530,6 +6040,13 @@ "deprecated" : true, "hostname" : "ebs-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "ebs-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -5615,6 +6132,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "ec2-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5635,6 +6158,13 @@ "deprecated" : true, "hostname" : "ec2-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "ec2-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -5721,6 +6251,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5818,6 +6349,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -5884,6 +6416,105 @@ } } }, + "eks-auth" : { + "defaults" : { + "dnsSuffix" : "api.aws", + "variants" : [ { + "dnsSuffix" : "api.aws", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "endpoints" : { + "af-south-1" : { + "hostname" : "eks-auth.af-south-1.api.aws" + }, + "ap-east-1" : { + "hostname" : "eks-auth.ap-east-1.api.aws" + }, + "ap-northeast-1" : { + "hostname" : "eks-auth.ap-northeast-1.api.aws" + }, + "ap-northeast-2" : { + "hostname" : "eks-auth.ap-northeast-2.api.aws" + }, + "ap-northeast-3" : { + "hostname" : "eks-auth.ap-northeast-3.api.aws" + }, + "ap-south-1" : { + "hostname" : "eks-auth.ap-south-1.api.aws" + }, + "ap-south-2" : { + "hostname" : "eks-auth.ap-south-2.api.aws" + }, + "ap-southeast-1" : { + "hostname" : "eks-auth.ap-southeast-1.api.aws" + }, + "ap-southeast-2" : { + "hostname" : "eks-auth.ap-southeast-2.api.aws" + }, + "ap-southeast-3" : { + "hostname" : "eks-auth.ap-southeast-3.api.aws" + }, + "ap-southeast-4" : { + "hostname" : "eks-auth.ap-southeast-4.api.aws" + }, + "ca-central-1" : { + "hostname" : "eks-auth.ca-central-1.api.aws" + }, + "ca-west-1" : { + "hostname" : "eks-auth.ca-west-1.api.aws" + }, + "eu-central-1" : { + "hostname" : "eks-auth.eu-central-1.api.aws" + }, + "eu-central-2" : { + "hostname" : "eks-auth.eu-central-2.api.aws" + }, + "eu-north-1" : { + "hostname" : "eks-auth.eu-north-1.api.aws" + }, + "eu-south-1" : { + "hostname" : "eks-auth.eu-south-1.api.aws" + }, + "eu-south-2" : { + "hostname" : "eks-auth.eu-south-2.api.aws" + }, + "eu-west-1" : { + "hostname" : "eks-auth.eu-west-1.api.aws" + }, + "eu-west-2" : { + "hostname" : "eks-auth.eu-west-2.api.aws" + }, + "eu-west-3" : { + "hostname" : "eks-auth.eu-west-3.api.aws" + }, + "il-central-1" : { + "hostname" : "eks-auth.il-central-1.api.aws" + }, + "me-central-1" : { + "hostname" : "eks-auth.me-central-1.api.aws" + }, + "me-south-1" : { + "hostname" : "eks-auth.me-south-1.api.aws" + }, + "sa-east-1" : { + "hostname" : "eks-auth.sa-east-1.api.aws" + }, + "us-east-1" : { + "hostname" : "eks-auth.us-east-1.api.aws" + }, + "us-east-2" : { + "hostname" : "eks-auth.us-east-2.api.aws" + }, + "us-west-1" : { + "hostname" : "eks-auth.us-west-1.api.aws" + }, + "us-west-2" : { + "hostname" : "eks-auth.us-west-2.api.aws" + } + } + }, "elasticache" : { "endpoints" : { "af-south-1" : { }, @@ -5898,6 +6529,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -6120,6 +6752,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "elasticfilesystem-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { "variants" : [ { "hostname" : "elasticfilesystem-fips.eu-central-1.amazonaws.com", @@ -6252,6 +6890,13 @@ "deprecated" : true, "hostname" : "elasticfilesystem-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "elasticfilesystem-fips.ca-west-1.amazonaws.com" + }, "fips-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -6431,6 +7076,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -6520,6 +7166,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "elasticmapreduce-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { "sslCommonName" : "{service}.{region}.{dnsSuffix}" }, @@ -6537,6 +7189,13 @@ "deprecated" : true, "hostname" : "elasticmapreduce-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "elasticmapreduce-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -6717,6 +7376,7 @@ "eu-central-1" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -6804,6 +7464,7 @@ "eu-central-1" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -6842,6 +7503,7 @@ "deprecated" : true, "hostname" : "emr-serverless-fips.us-west-2.amazonaws.com" }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -6954,6 +7616,12 @@ "tags" : [ "dualstack" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "aos.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "eu-central-1" : { "variants" : [ { "hostname" : "aos.eu-central-1.api.aws", @@ -7113,6 +7781,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -7247,6 +7916,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -7370,6 +8040,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "fms-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { "variants" : [ { "hostname" : "fms-fips.eu-central-1.amazonaws.com", @@ -7459,6 +8135,13 @@ "deprecated" : true, "hostname" : "fms-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "fms-fips.ca-west-1.amazonaws.com" + }, "fips-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -7705,6 +8388,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "fsx-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -7720,6 +8409,13 @@ "deprecated" : true, "hostname" : "fsx-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "fsx-fips.ca-west-1.amazonaws.com" + }, "fips-prod-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -7727,6 +8423,13 @@ "deprecated" : true, "hostname" : "fsx-fips.ca-central-1.amazonaws.com" }, + "fips-prod-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "fsx-fips.ca-west-1.amazonaws.com" + }, "fips-prod-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -7796,6 +8499,16 @@ "tags" : [ "fips" ] } ] }, + "prod-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "variants" : [ { + "hostname" : "fsx-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "prod-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -8008,6 +8721,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -8275,6 +8989,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -8386,11 +9101,6 @@ "us-west-2" : { } } }, - "honeycode" : { - "endpoints" : { - "us-west-2" : { } - } - }, "iam" : { "endpoints" : { "aws-global" : { @@ -8457,18 +9167,23 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, @@ -8742,6 +9457,9 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "hostname" : "internetmonitor.ca-west-1.api.aws" + }, "eu-central-1" : { "hostname" : "internetmonitor.eu-central-1.api.aws" }, @@ -9078,12 +9796,6 @@ "us-east-1" : { } } }, - "iotroborunner" : { - "endpoints" : { - "eu-central-1" : { }, - "us-east-1" : { } - } - }, "iotsecuredtunneling" : { "defaults" : { "variants" : [ { @@ -9505,6 +10217,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "kafka-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -9520,6 +10238,13 @@ "deprecated" : true, "hostname" : "kafka-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "kafka-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -9604,9 +10329,21 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "kendra-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-west-1" : { }, "eu-west-2" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "kendra-fips.ca-central-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -9698,6 +10435,9 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "hostname" : "kendra-ranking.ca-west-1.api.aws" + }, "eu-central-2" : { "hostname" : "kendra-ranking.eu-central-2.api.aws" }, @@ -9768,6 +10508,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -9848,6 +10589,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -10051,6 +10793,19 @@ "deprecated" : true, "hostname" : "kms-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "kms-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "kms-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { "variants" : [ { "hostname" : "kms-fips.eu-central-1.amazonaws.com", @@ -10275,6 +11030,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -10415,6 +11171,12 @@ "tags" : [ "dualstack" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "lambda.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "eu-central-1" : { "variants" : [ { "hostname" : "lambda.eu-central-1.api.aws", @@ -10567,6 +11329,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -10647,6 +11410,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -10727,6 +11491,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -10813,35 +11578,161 @@ }, "logs" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, - "ca-central-1" : { }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "fips-us-east-1" : { - "credentialScope" : { - "region" : "us-east-1" - }, - "deprecated" : true, - "hostname" : "logs-fips.us-east-1.amazonaws.com" - }, - "fips-us-east-2" : { - "credentialScope" : { + "af-south-1" : { + "variants" : [ { + "hostname" : "logs.af-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "hostname" : "logs.ap-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "hostname" : "logs.ap-northeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "hostname" : "logs.ap-northeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "hostname" : "logs.ap-northeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "hostname" : "logs.ap-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "hostname" : "logs.ap-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "hostname" : "logs.ap-southeast-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "hostname" : "logs.ap-southeast-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "hostname" : "logs.ap-southeast-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "hostname" : "logs.ap-southeast-4.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "logs-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "logs.ca-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "logs-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "logs.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "logs.eu-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "hostname" : "logs.eu-central-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "hostname" : "logs.eu-north-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "hostname" : "logs.eu-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "hostname" : "logs.eu-south-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "hostname" : "logs.eu-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "hostname" : "logs.eu-west-2.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "hostname" : "logs.eu-west-3.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "logs-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "logs-fips.ca-west-1.amazonaws.com" + }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "logs-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { "region" : "us-east-2" }, "deprecated" : true, @@ -10861,32 +11752,64 @@ "deprecated" : true, "hostname" : "logs-fips.us-west-2.amazonaws.com" }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "hostname" : "logs.il-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "hostname" : "logs.me-central-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "hostname" : "logs.me-south-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "hostname" : "logs.sa-east-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { "hostname" : "logs-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "logs.us-east-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-east-2" : { "variants" : [ { "hostname" : "logs-fips.us-east-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "logs.us-east-2.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-1" : { "variants" : [ { "hostname" : "logs-fips.us-west-1.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "logs.us-west-1.api.aws", + "tags" : [ "dualstack" ] } ] }, "us-west-2" : { "variants" : [ { "hostname" : "logs-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] + }, { + "hostname" : "logs.us-west-2.api.aws", + "tags" : [ "dualstack" ] } ] } } @@ -10924,8 +11847,10 @@ }, "m2" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -10935,6 +11860,9 @@ } ] }, "eu-central-1" : { }, + "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -10953,6 +11881,7 @@ "fips-us-west-2" : { "deprecated" : true }, + "il-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -11078,8 +12007,14 @@ }, "media-pipelines-chime" : { "endpoints" : { + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-south-1" : { }, "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, + "eu-west-2" : { }, "us-east-1" : { "variants" : [ { "hostname" : "media-pipelines-chime-fips.us-east-1.amazonaws.com", @@ -11116,14 +12051,17 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "me-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, @@ -11187,6 +12125,7 @@ "deprecated" : true, "hostname" : "mediaconvert-fips.us-west-2.amazonaws.com" }, + "me-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -11218,9 +12157,13 @@ "endpoints" : { "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-4" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, "eu-west-1" : { }, @@ -11247,6 +12190,7 @@ "deprecated" : true, "hostname" : "medialive-fips.us-west-2.amazonaws.com" }, + "me-central-1" : { }, "sa-east-1" : { }, "us-east-1" : { "variants" : [ { @@ -11276,6 +12220,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -11297,6 +12242,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -11318,6 +12264,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -11480,6 +12427,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -11693,6 +12641,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -11809,6 +12758,7 @@ "deprecated" : true, "hostname" : "mq-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, @@ -12103,6 +13053,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -12159,6 +13110,12 @@ }, "hostname" : "oidc.ap-south-1.amazonaws.com" }, + "ap-south-2" : { + "credentialScope" : { + "region" : "ap-south-2" + }, + "hostname" : "oidc.ap-south-2.amazonaws.com" + }, "ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" @@ -12177,6 +13134,12 @@ }, "hostname" : "oidc.ap-southeast-3.amazonaws.com" }, + "ap-southeast-4" : { + "credentialScope" : { + "region" : "ap-southeast-4" + }, + "hostname" : "oidc.ap-southeast-4.amazonaws.com" + }, "ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -12207,6 +13170,12 @@ }, "hostname" : "oidc.eu-south-1.amazonaws.com" }, + "eu-south-2" : { + "credentialScope" : { + "region" : "eu-south-2" + }, + "hostname" : "oidc.eu-south-2.amazonaws.com" + }, "eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -12231,6 +13200,12 @@ }, "hostname" : "oidc.il-central-1.amazonaws.com" }, + "me-central-1" : { + "credentialScope" : { + "region" : "me-central-1" + }, + "hostname" : "oidc.me-central-1.amazonaws.com" + }, "me-south-1" : { "credentialScope" : { "region" : "me-south-1" @@ -12401,8 +13376,10 @@ "ap-southeast-2" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-north-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, "us-west-1" : { }, @@ -12564,6 +13541,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -12807,6 +13785,12 @@ }, "hostname" : "portal.sso.ap-south-1.amazonaws.com" }, + "ap-south-2" : { + "credentialScope" : { + "region" : "ap-south-2" + }, + "hostname" : "portal.sso.ap-south-2.amazonaws.com" + }, "ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" @@ -12825,6 +13809,12 @@ }, "hostname" : "portal.sso.ap-southeast-3.amazonaws.com" }, + "ap-southeast-4" : { + "credentialScope" : { + "region" : "ap-southeast-4" + }, + "hostname" : "portal.sso.ap-southeast-4.amazonaws.com" + }, "ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -12855,6 +13845,12 @@ }, "hostname" : "portal.sso.eu-south-1.amazonaws.com" }, + "eu-south-2" : { + "credentialScope" : { + "region" : "eu-south-2" + }, + "hostname" : "portal.sso.eu-south-2.amazonaws.com" + }, "eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -12879,6 +13875,12 @@ }, "hostname" : "portal.sso.il-central-1.amazonaws.com" }, + "me-central-1" : { + "credentialScope" : { + "region" : "me-central-1" + }, + "hostname" : "portal.sso.me-central-1.amazonaws.com" + }, "me-south-1" : { "credentialScope" : { "region" : "me-south-1" @@ -12917,6 +13919,13 @@ } } }, + "private-networks" : { + "endpoints" : { + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-2" : { } + } + }, "profile" : { "endpoints" : { "af-south-1" : { }, @@ -13039,6 +14048,9 @@ "ca-central-1" : { "hostname" : "qbusiness.ca-central-1.api.aws" }, + "ca-west-1" : { + "hostname" : "qbusiness.ca-west-1.api.aws" + }, "eu-central-1" : { "hostname" : "qbusiness.eu-central-1.api.aws" }, @@ -13154,14 +14166,19 @@ }, "quicksight" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "api" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, + "eu-south-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -13190,6 +14207,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "ram-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -13205,6 +14228,13 @@ "deprecated" : true, "hostname" : "ram-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "ram-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -13282,6 +14312,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "rbin-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -13297,6 +14333,13 @@ "deprecated" : true, "hostname" : "rbin-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "rbin-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -13381,8 +14424,21 @@ "deprecated" : true, "hostname" : "rds-fips.ca-central-1.amazonaws.com" }, - "eu-central-1" : { }, - "eu-central-2" : { }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "rds-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "rds-fips.ca-west-1.amazonaws.com" + }, + "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, "eu-south-2" : { }, @@ -13399,6 +14455,13 @@ "deprecated" : true, "hostname" : "rds-fips.ca-central-1.amazonaws.com" }, + "rds-fips.ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "rds-fips.ca-west-1.amazonaws.com" + }, "rds-fips.us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -13437,6 +14500,16 @@ "tags" : [ "fips" ] } ] }, + "rds.ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "variants" : [ { + "hostname" : "rds-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "rds.us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -13618,6 +14691,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "redshift-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -13633,6 +14712,13 @@ "deprecated" : true, "hostname" : "redshift-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "redshift-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -13698,16 +14784,80 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "redshift-serverless-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "redshift-serverless-fips.ca-central-1.amazonaws.com" + }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "redshift-serverless-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "redshift-serverless-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "redshift-serverless-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "redshift-serverless-fips.us-west-2.amazonaws.com" + }, + "me-central-1" : { }, + "sa-east-1" : { }, + "us-east-1" : { + "variants" : [ { + "hostname" : "redshift-serverless-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "redshift-serverless-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "redshift-serverless-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "redshift-serverless-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "rekognition" : { @@ -13898,96 +15048,36 @@ } }, "resource-explorer-2" : { - "defaults" : { - "dnsSuffix" : "api.aws", - "variants" : [ { - "dnsSuffix" : "api.aws", - "hostname" : "{service}-fips.{region}.{dnsSuffix}", - "tags" : [ "fips" ] - } ] - }, "endpoints" : { - "af-south-1" : { - "hostname" : "resource-explorer-2.af-south-1.api.aws" - }, - "ap-east-1" : { - "hostname" : "resource-explorer-2.ap-east-1.api.aws" - }, - "ap-northeast-1" : { - "hostname" : "resource-explorer-2.ap-northeast-1.api.aws" - }, - "ap-northeast-2" : { - "hostname" : "resource-explorer-2.ap-northeast-2.api.aws" - }, - "ap-northeast-3" : { - "hostname" : "resource-explorer-2.ap-northeast-3.api.aws" - }, - "ap-south-1" : { - "hostname" : "resource-explorer-2.ap-south-1.api.aws" - }, - "ap-south-2" : { - "hostname" : "resource-explorer-2.ap-south-2.api.aws" - }, - "ap-southeast-1" : { - "hostname" : "resource-explorer-2.ap-southeast-1.api.aws" - }, - "ap-southeast-2" : { - "hostname" : "resource-explorer-2.ap-southeast-2.api.aws" - }, - "ap-southeast-3" : { - "hostname" : "resource-explorer-2.ap-southeast-3.api.aws" - }, - "ap-southeast-4" : { - "hostname" : "resource-explorer-2.ap-southeast-4.api.aws" - }, - "ca-central-1" : { - "hostname" : "resource-explorer-2.ca-central-1.api.aws" - }, - "eu-central-1" : { - "hostname" : "resource-explorer-2.eu-central-1.api.aws" - }, - "eu-central-2" : { - "hostname" : "resource-explorer-2.eu-central-2.api.aws" - }, - "eu-north-1" : { - "hostname" : "resource-explorer-2.eu-north-1.api.aws" - }, - "eu-south-1" : { - "hostname" : "resource-explorer-2.eu-south-1.api.aws" - }, - "eu-west-1" : { - "hostname" : "resource-explorer-2.eu-west-1.api.aws" - }, - "eu-west-2" : { - "hostname" : "resource-explorer-2.eu-west-2.api.aws" - }, - "eu-west-3" : { - "hostname" : "resource-explorer-2.eu-west-3.api.aws" - }, - "il-central-1" : { - "hostname" : "resource-explorer-2.il-central-1.api.aws" - }, - "me-central-1" : { - "hostname" : "resource-explorer-2.me-central-1.api.aws" - }, - "me-south-1" : { - "hostname" : "resource-explorer-2.me-south-1.api.aws" - }, - "sa-east-1" : { - "hostname" : "resource-explorer-2.sa-east-1.api.aws" - }, - "us-east-1" : { - "hostname" : "resource-explorer-2.us-east-1.api.aws" - }, - "us-east-2" : { - "hostname" : "resource-explorer-2.us-east-2.api.aws" - }, - "us-west-1" : { - "hostname" : "resource-explorer-2.us-west-1.api.aws" - }, - "us-west-2" : { - "hostname" : "resource-explorer-2.us-west-2.api.aws" - } + "af-south-1" : { }, + "ap-east-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, + "ap-south-1" : { }, + "ap-south-2" : { }, + "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ca-central-1" : { }, + "ca-west-1" : { }, + "eu-central-1" : { }, + "eu-central-2" : { }, + "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, + "eu-west-1" : { }, + "eu-west-2" : { }, + "eu-west-3" : { }, + "il-central-1" : { }, + "me-central-1" : { }, + "me-south-1" : { }, + "sa-east-1" : { }, + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-1" : { }, + "us-west-2" : { } } }, "resource-groups" : { @@ -14004,6 +15094,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -14089,22 +15180,77 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "rolesanywhere-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "rolesanywhere-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "rolesanywhere-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "rolesanywhere-fips.us-west-2.amazonaws.com" + }, + "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "rolesanywhere-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "rolesanywhere-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "rolesanywhere-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "rolesanywhere-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "route53" : { @@ -14162,6 +15308,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -14182,15 +15329,31 @@ }, "rum" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, + "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "eu-west-3" : { }, + "me-central-1" : { }, + "me-south-1" : { }, + "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, + "us-west-1" : { }, "us-west-2" : { } } }, @@ -14274,6 +15437,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -14446,10 +15610,22 @@ "tags" : [ "dualstack" ] } ] }, - "eu-central-1" : { + "ca-west-1" : { "variants" : [ { - "hostname" : "s3.dualstack.eu-central-1.amazonaws.com", - "tags" : [ "dualstack" ] + "hostname" : "s3-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "s3-fips.dualstack.ca-west-1.amazonaws.com", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3.dualstack.ca-west-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-1" : { + "variants" : [ { + "hostname" : "s3.dualstack.eu-central-1.amazonaws.com", + "tags" : [ "dualstack" ] } ] }, "eu-central-2" : { @@ -14503,6 +15679,13 @@ "deprecated" : true, "hostname" : "s3-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "s3-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -14637,6 +15820,28 @@ } ] }, "endpoints" : { + "af-south-1" : { + "credentialScope" : { + "region" : "af-south-1" + }, + "hostname" : "s3-control.af-south-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.af-south-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "credentialScope" : { + "region" : "ap-east-1" + }, + "hostname" : "s3-control.ap-east-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.ap-east-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "ap-northeast-1" : { "credentialScope" : { "region" : "ap-northeast-1" @@ -14681,6 +15886,17 @@ "tags" : [ "dualstack" ] } ] }, + "ap-south-2" : { + "credentialScope" : { + "region" : "ap-south-2" + }, + "hostname" : "s3-control.ap-south-2.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.ap-south-2.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "ap-southeast-1" : { "credentialScope" : { "region" : "ap-southeast-1" @@ -14703,6 +15919,28 @@ "tags" : [ "dualstack" ] } ] }, + "ap-southeast-3" : { + "credentialScope" : { + "region" : "ap-southeast-3" + }, + "hostname" : "s3-control.ap-southeast-3.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.ap-southeast-3.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "credentialScope" : { + "region" : "ap-southeast-4" + }, + "hostname" : "s3-control.ap-southeast-4.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.ap-southeast-4.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -14728,6 +15966,31 @@ "hostname" : "s3-control-fips.ca-central-1.amazonaws.com", "signatureVersions" : [ "s3v4" ] }, + "ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "hostname" : "s3-control.ca-west-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "s3-control-fips.dualstack.ca-west-1.amazonaws.com", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-control.dualstack.ca-west-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "s3-control-fips.ca-west-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ] + }, "eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -14739,6 +16002,17 @@ "tags" : [ "dualstack" ] } ] }, + "eu-central-2" : { + "credentialScope" : { + "region" : "eu-central-2" + }, + "hostname" : "s3-control.eu-central-2.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.eu-central-2.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "eu-north-1" : { "credentialScope" : { "region" : "eu-north-1" @@ -14750,6 +16024,28 @@ "tags" : [ "dualstack" ] } ] }, + "eu-south-1" : { + "credentialScope" : { + "region" : "eu-south-1" + }, + "hostname" : "s3-control.eu-south-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.eu-south-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "credentialScope" : { + "region" : "eu-south-2" + }, + "hostname" : "s3-control.eu-south-2.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.eu-south-2.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "eu-west-1" : { "credentialScope" : { "region" : "eu-west-1" @@ -14783,6 +16079,39 @@ "tags" : [ "dualstack" ] } ] }, + "il-central-1" : { + "credentialScope" : { + "region" : "il-central-1" + }, + "hostname" : "s3-control.il-central-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.il-central-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "credentialScope" : { + "region" : "me-central-1" + }, + "hostname" : "s3-control.me-central-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.me-central-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "credentialScope" : { + "region" : "me-south-1" + }, + "hostname" : "s3-control.me-south-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control.dualstack.me-south-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, "sa-east-1" : { "credentialScope" : { "region" : "sa-east-1" @@ -14898,26 +16227,90 @@ }, "s3-outposts" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, + "af-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, - "eu-central-1" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, + "eu-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "fips-ca-central-1" : { "deprecated" : true }, @@ -14933,28 +16326,56 @@ "fips-us-west-2" : { "deprecated" : true }, - "il-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, + "il-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "us-east-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-east-2" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-west-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-west-2" : { "variants" : [ { - "tags" : [ "fips" ] - } ] + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { + "tags" : [ "fips" ] + } ] } } }, @@ -15055,93 +16476,192 @@ }, "secretsmanager" : { "endpoints" : { - "af-south-1" : { }, - "ap-east-1" : { }, - "ap-northeast-1" : { }, - "ap-northeast-2" : { }, - "ap-northeast-3" : { }, - "ap-south-1" : { }, - "ap-south-2" : { }, - "ap-southeast-1" : { }, - "ap-southeast-2" : { }, - "ap-southeast-3" : { }, - "ap-southeast-4" : { }, + "af-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-northeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-south-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "ap-southeast-4" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, "ca-central-1" : { "variants" : [ { - "hostname" : "secretsmanager-fips.ca-central-1.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "ca-central-1-fips" : { - "credentialScope" : { - "region" : "ca-central-1" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.ca-central-1.amazonaws.com" + "deprecated" : true + }, + "ca-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "deprecated" : true + }, + "eu-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-central-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-south-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-2" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "eu-west-3" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "il-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "me-central-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "me-south-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "sa-east-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] }, - "eu-central-1" : { }, - "eu-central-2" : { }, - "eu-north-1" : { }, - "eu-south-1" : { }, - "eu-south-2" : { }, - "eu-west-1" : { }, - "eu-west-2" : { }, - "eu-west-3" : { }, - "il-central-1" : { }, - "me-central-1" : { }, - "me-south-1" : { }, - "sa-east-1" : { }, "us-east-1" : { "variants" : [ { - "hostname" : "secretsmanager-fips.us-east-1.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-east-1-fips" : { - "credentialScope" : { - "region" : "us-east-1" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.us-east-1.amazonaws.com" + "deprecated" : true }, "us-east-2" : { "variants" : [ { - "hostname" : "secretsmanager-fips.us-east-2.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-east-2-fips" : { - "credentialScope" : { - "region" : "us-east-2" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.us-east-2.amazonaws.com" + "deprecated" : true }, "us-west-1" : { "variants" : [ { - "hostname" : "secretsmanager-fips.us-west-1.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-west-1-fips" : { - "credentialScope" : { - "region" : "us-west-1" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.us-west-1.amazonaws.com" + "deprecated" : true }, "us-west-2" : { "variants" : [ { - "hostname" : "secretsmanager-fips.us-west-2.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-west-2-fips" : { - "credentialScope" : { - "region" : "us-west-2" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.us-west-2.amazonaws.com" + "deprecated" : true } } }, @@ -15159,6 +16679,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -15239,11 +16760,59 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "securitylake-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "securitylake-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "securitylake-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "securitylake-fips.us-west-2.amazonaws.com" + }, "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "securitylake-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "securitylake-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "securitylake-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "securitylake-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "serverlessrepo" : { @@ -15294,16 +16863,60 @@ "protocols" : [ "https" ] }, "us-east-1" : { - "protocols" : [ "https" ] + "protocols" : [ "https" ], + "variants" : [ { + "hostname" : "serverlessrepo-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-1-fips" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "serverlessrepo-fips.us-east-1.amazonaws.com" }, "us-east-2" : { - "protocols" : [ "https" ] + "protocols" : [ "https" ], + "variants" : [ { + "hostname" : "serverlessrepo-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2-fips" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "serverlessrepo-fips.us-east-2.amazonaws.com" }, "us-west-1" : { - "protocols" : [ "https" ] + "protocols" : [ "https" ], + "variants" : [ { + "hostname" : "serverlessrepo-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1-fips" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "serverlessrepo-fips.us-west-1.amazonaws.com" }, "us-west-2" : { - "protocols" : [ "https" ] + "protocols" : [ "https" ], + "variants" : [ { + "hostname" : "serverlessrepo-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2-fips" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "serverlessrepo-fips.us-west-2.amazonaws.com" } } }, @@ -15406,6 +17019,7 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -15566,6 +17180,25 @@ "deprecated" : true, "hostname" : "servicediscovery-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "servicediscovery-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "servicediscovery-fips.ca-west-1.api.aws", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "servicediscovery.ca-west-1.api.aws", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "servicediscovery-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { "variants" : [ { "hostname" : "servicediscovery.eu-central-1.api.aws", @@ -15733,6 +17366,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -15873,6 +17507,30 @@ "deprecated" : true, "hostname" : "signer-fips.us-west-2.amazonaws.com" }, + "fips-verification-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "hostname" : "verification.signer-fips.us-east-1.amazonaws.com" + }, + "fips-verification-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "hostname" : "verification.signer-fips.us-east-2.amazonaws.com" + }, + "fips-verification-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "hostname" : "verification.signer-fips.us-west-1.amazonaws.com" + }, + "fips-verification-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "hostname" : "verification.signer-fips.us-west-2.amazonaws.com" + }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { @@ -15898,6 +17556,126 @@ "hostname" : "signer-fips.us-west-2.amazonaws.com", "tags" : [ "fips" ] } ] + }, + "verification-af-south-1" : { + "credentialScope" : { + "region" : "af-south-1" + }, + "hostname" : "verification.signer.af-south-1.amazonaws.com" + }, + "verification-ap-east-1" : { + "credentialScope" : { + "region" : "ap-east-1" + }, + "hostname" : "verification.signer.ap-east-1.amazonaws.com" + }, + "verification-ap-northeast-1" : { + "credentialScope" : { + "region" : "ap-northeast-1" + }, + "hostname" : "verification.signer.ap-northeast-1.amazonaws.com" + }, + "verification-ap-northeast-2" : { + "credentialScope" : { + "region" : "ap-northeast-2" + }, + "hostname" : "verification.signer.ap-northeast-2.amazonaws.com" + }, + "verification-ap-south-1" : { + "credentialScope" : { + "region" : "ap-south-1" + }, + "hostname" : "verification.signer.ap-south-1.amazonaws.com" + }, + "verification-ap-southeast-1" : { + "credentialScope" : { + "region" : "ap-southeast-1" + }, + "hostname" : "verification.signer.ap-southeast-1.amazonaws.com" + }, + "verification-ap-southeast-2" : { + "credentialScope" : { + "region" : "ap-southeast-2" + }, + "hostname" : "verification.signer.ap-southeast-2.amazonaws.com" + }, + "verification-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "hostname" : "verification.signer.ca-central-1.amazonaws.com" + }, + "verification-eu-central-1" : { + "credentialScope" : { + "region" : "eu-central-1" + }, + "hostname" : "verification.signer.eu-central-1.amazonaws.com" + }, + "verification-eu-north-1" : { + "credentialScope" : { + "region" : "eu-north-1" + }, + "hostname" : "verification.signer.eu-north-1.amazonaws.com" + }, + "verification-eu-south-1" : { + "credentialScope" : { + "region" : "eu-south-1" + }, + "hostname" : "verification.signer.eu-south-1.amazonaws.com" + }, + "verification-eu-west-1" : { + "credentialScope" : { + "region" : "eu-west-1" + }, + "hostname" : "verification.signer.eu-west-1.amazonaws.com" + }, + "verification-eu-west-2" : { + "credentialScope" : { + "region" : "eu-west-2" + }, + "hostname" : "verification.signer.eu-west-2.amazonaws.com" + }, + "verification-eu-west-3" : { + "credentialScope" : { + "region" : "eu-west-3" + }, + "hostname" : "verification.signer.eu-west-3.amazonaws.com" + }, + "verification-me-south-1" : { + "credentialScope" : { + "region" : "me-south-1" + }, + "hostname" : "verification.signer.me-south-1.amazonaws.com" + }, + "verification-sa-east-1" : { + "credentialScope" : { + "region" : "sa-east-1" + }, + "hostname" : "verification.signer.sa-east-1.amazonaws.com" + }, + "verification-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "hostname" : "verification.signer.us-east-1.amazonaws.com" + }, + "verification-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "hostname" : "verification.signer.us-east-2.amazonaws.com" + }, + "verification-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "hostname" : "verification.signer.us-west-1.amazonaws.com" + }, + "verification-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "hostname" : "verification.signer.us-west-2.amazonaws.com" } } }, @@ -15932,10 +17710,16 @@ }, "sms-voice" : { "endpoints" : { + "af-south-1" : { }, "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "sms-voice-fips.ca-central-1.amazonaws.com", @@ -15943,8 +17727,13 @@ } ] }, "eu-central-1" : { }, + "eu-central-2" : { }, + "eu-north-1" : { }, + "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "eu-west-3" : { }, "fips-ca-central-1" : { "credentialScope" : { "region" : "ca-central-1" @@ -15959,6 +17748,20 @@ "deprecated" : true, "hostname" : "sms-voice-fips.us-east-1.amazonaws.com" }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "sms-voice-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "sms-voice-fips.us-west-1.amazonaws.com" + }, "fips-us-west-2" : { "credentialScope" : { "region" : "us-west-2" @@ -15966,12 +17769,28 @@ "deprecated" : true, "hostname" : "sms-voice-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, + "me-central-1" : { }, + "me-south-1" : { }, + "sa-east-1" : { }, "us-east-1" : { "variants" : [ { "hostname" : "sms-voice-fips.us-east-1.amazonaws.com", "tags" : [ "fips" ] } ] }, + "us-east-2" : { + "variants" : [ { + "hostname" : "sms-voice-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "sms-voice-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "us-west-2" : { "variants" : [ { "hostname" : "sms-voice-fips.us-west-2.amazonaws.com", @@ -16165,6 +17984,7 @@ "deprecated" : true, "hostname" : "snowball-fips.us-west-2.amazonaws.com" }, + "il-central-1" : { }, "me-central-1" : { }, "sa-east-1" : { "variants" : [ { @@ -16215,6 +18035,12 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "sns-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -16223,6 +18049,13 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "sns-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -16299,6 +18132,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -16385,6 +18219,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "ssm-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -16400,6 +18240,13 @@ "deprecated" : true, "hostname" : "ssm-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "ssm-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -16700,18 +18547,22 @@ "ap-northeast-2" : { }, "ap-northeast-3" : { }, "ap-south-1" : { }, + "ap-south-2" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ap-southeast-3" : { }, + "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, "il-central-1" : { }, + "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, "us-east-1" : { }, @@ -16734,6 +18585,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -16826,6 +18678,19 @@ "deprecated" : true, "hostname" : "storagegateway-fips.ca-central-1.amazonaws.com" }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "storagegateway-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "storagegateway-fips.ca-west-1.amazonaws.com" + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -16912,6 +18777,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -16957,6 +18823,7 @@ "hostname" : "sts.amazonaws.com" }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -17056,6 +18923,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -17136,6 +19004,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -17216,6 +19085,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -17531,6 +19401,12 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "transfer-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -17546,6 +19422,13 @@ "deprecated" : true, "hostname" : "transfer-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "transfer-fips.ca-west-1.amazonaws.com" + }, "fips-us-east-1" : { "credentialScope" : { "region" : "us-east-1" @@ -17676,7 +19559,18 @@ "ap-southeast-2" : { }, "ap-southeast-3" : { }, "ap-southeast-4" : { }, - "ca-central-1" : { }, + "ca-central-1" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-west-1" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -17685,13 +19579,76 @@ "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, + "fips-ca-central-1" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.ca-central-1.amazonaws.com" + }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.ca-west-1.amazonaws.com" + }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.us-east-1.amazonaws.com" + }, + "fips-us-east-2" : { + "credentialScope" : { + "region" : "us-east-2" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.us-east-2.amazonaws.com" + }, + "fips-us-west-1" : { + "credentialScope" : { + "region" : "us-west-1" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.us-west-1.amazonaws.com" + }, + "fips-us-west-2" : { + "credentialScope" : { + "region" : "us-west-2" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.us-west-2.amazonaws.com" + }, + "il-central-1" : { }, "me-central-1" : { }, "me-south-1" : { }, "sa-east-1" : { }, - "us-east-1" : { }, - "us-east-2" : { }, - "us-west-1" : { }, - "us-west-2" : { } + "us-east-1" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.us-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-east-2" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.us-east-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-1" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.us-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-west-2" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.us-west-2.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "voice-chime" : { @@ -17795,6 +19752,8 @@ "vpc-lattice" : { "endpoints" : { "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, @@ -17802,8 +19761,11 @@ "eu-north-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "eu-west-3" : { }, + "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, + "us-west-1" : { }, "us-west-2" : { } } }, @@ -18449,6 +20411,16 @@ "tags" : [ "fips" ] } ] }, + "ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "hostname" : "wafv2.ca-west-1.amazonaws.com", + "variants" : [ { + "hostname" : "wafv2-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -18613,6 +20585,13 @@ "deprecated" : true, "hostname" : "wafv2-fips.ca-central-1.amazonaws.com" }, + "fips-ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "wafv2-fips.ca-west-1.amazonaws.com" + }, "fips-eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" @@ -18832,7 +20811,10 @@ "wisdom" : { "endpoints" : { "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-west-2" : { }, "fips-us-east-1" : { @@ -18842,7 +20824,10 @@ "deprecated" : true }, "ui-ap-northeast-1" : { }, + "ui-ap-northeast-2" : { }, + "ui-ap-southeast-1" : { }, "ui-ap-southeast-2" : { }, + "ui-ca-central-1" : { }, "ui-eu-central-1" : { }, "ui-eu-west-2" : { }, "ui-us-east-1" : { }, @@ -18973,6 +20958,7 @@ "ap-southeast-3" : { }, "ap-southeast-4" : { }, "ca-central-1" : { }, + "ca-west-1" : { }, "eu-central-1" : { }, "eu-central-2" : { }, "eu-north-1" : { }, @@ -19512,6 +21498,24 @@ "cn-northwest-1" : { } } }, + "eks-auth" : { + "defaults" : { + "dnsSuffix" : "api.amazonwebservices.com.cn", + "variants" : [ { + "dnsSuffix" : "api.amazonwebservices.com.cn", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "endpoints" : { + "cn-north-1" : { + "hostname" : "eks-auth.cn-north-1.api.amazonwebservices.com.cn" + }, + "cn-northwest-1" : { + "hostname" : "eks-auth.cn-northwest-1.api.amazonwebservices.com.cn" + } + } + }, "elasticache" : { "endpoints" : { "cn-north-1" : { }, @@ -19594,6 +21598,17 @@ "cn-northwest-1" : { } } }, + "entitlement.marketplace" : { + "endpoints" : { + "cn-northwest-1" : { + "credentialScope" : { + "region" : "cn-northwest-1" + }, + "hostname" : "entitlement-marketplace.cn-northwest-1.amazonaws.com.cn", + "protocols" : [ "https" ] + } + } + }, "es" : { "endpoints" : { "cn-north-1" : { @@ -19721,6 +21736,12 @@ "cn-northwest-1" : { } } }, + "inspector2" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "internetmonitor" : { "defaults" : { "dnsSuffix" : "api.amazonwebservices.com.cn", @@ -19776,6 +21797,23 @@ "cn-north-1" : { } } }, + "iottwinmaker" : { + "endpoints" : { + "api-cn-north-1" : { + "credentialScope" : { + "region" : "cn-north-1" + }, + "hostname" : "api.iottwinmaker.cn-north-1.amazonaws.com.cn" + }, + "cn-north-1" : { }, + "data-cn-north-1" : { + "credentialScope" : { + "region" : "cn-north-1" + }, + "hostname" : "data.iottwinmaker.cn-north-1.amazonaws.com.cn" + } + } + }, "kafka" : { "endpoints" : { "cn-north-1" : { }, @@ -19869,7 +21907,7 @@ "credentialScope" : { "region" : "cn-northwest-1" }, - "hostname" : "subscribe.mediaconvert.cn-northwest-1.amazonaws.com.cn" + "hostname" : "mediaconvert.cn-northwest-1.amazonaws.com.cn" } } }, @@ -19916,6 +21954,12 @@ } } }, + "network-firewall" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "oam" : { "endpoints" : { "cn-north-1" : { }, @@ -19961,6 +22005,12 @@ "cn-northwest-1" : { } } }, + "pipes" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "polly" : { "endpoints" : { "cn-northwest-1" : { } @@ -20000,6 +22050,11 @@ } } }, + "quicksight" : { + "endpoints" : { + "cn-north-1" : { } + } + }, "ram" : { "endpoints" : { "cn-north-1" : { }, @@ -20026,25 +22081,8 @@ }, "redshift-serverless" : { "endpoints" : { - "cn-north-1" : { } - } - }, - "resource-explorer-2" : { - "defaults" : { - "dnsSuffix" : "api.amazonwebservices.com.cn", - "variants" : [ { - "dnsSuffix" : "api.amazonwebservices.com.cn", - "hostname" : "{service}-fips.{region}.{dnsSuffix}", - "tags" : [ "fips" ] - } ] - }, - "endpoints" : { - "cn-north-1" : { - "hostname" : "resource-explorer-2.cn-north-1.api.amazonwebservices.com.cn" - }, - "cn-northwest-1" : { - "hostname" : "resource-explorer-2.cn-northwest-1.api.amazonwebservices.com.cn" - } + "cn-north-1" : { }, + "cn-northwest-1" : { } } }, "resource-groups" : { @@ -20171,8 +22209,16 @@ }, "secretsmanager" : { "endpoints" : { - "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-north-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + }, + "cn-northwest-1" : { + "variants" : [ { + "tags" : [ "dualstack" ] + } ] + } } }, "securityhub" : { @@ -20228,7 +22274,19 @@ "signer" : { "endpoints" : { "cn-north-1" : { }, - "cn-northwest-1" : { } + "cn-northwest-1" : { }, + "verification-cn-north-1" : { + "credentialScope" : { + "region" : "cn-north-1" + }, + "hostname" : "verification.signer.cn-north-1.amazonaws.com.cn" + }, + "verification-cn-northwest-1" : { + "credentialScope" : { + "region" : "cn-northwest-1" + }, + "hostname" : "verification.signer.cn-northwest-1.amazonaws.com.cn" + } } }, "sms" : { @@ -21030,9 +23088,29 @@ }, "endpoints" : { "us-gov-east-1" : { + "hostname" : "autoscaling-plans.us-gov-east-1.amazonaws.com", + "protocols" : [ "http", "https" ], + "variants" : [ { + "hostname" : "autoscaling-plans.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "deprecated" : true, + "hostname" : "autoscaling-plans.us-gov-east-1.amazonaws.com", "protocols" : [ "http", "https" ] }, "us-gov-west-1" : { + "hostname" : "autoscaling-plans.us-gov-west-1.amazonaws.com", + "protocols" : [ "http", "https" ], + "variants" : [ { + "hostname" : "autoscaling-plans.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1-fips" : { + "deprecated" : true, + "hostname" : "autoscaling-plans.us-gov-west-1.amazonaws.com", "protocols" : [ "http", "https" ] } } @@ -21091,6 +23169,23 @@ } } }, + "bedrock" : { + "endpoints" : { + "bedrock-runtime-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "hostname" : "bedrock-runtime.us-gov-west-1.amazonaws.com" + }, + "bedrock-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "hostname" : "bedrock.us-gov-west-1.amazonaws.com" + }, + "us-gov-west-1" : { } + } + }, "cassandra" : { "endpoints" : { "us-gov-east-1" : { @@ -21540,8 +23635,32 @@ }, "controltower" : { "endpoints" : { - "us-gov-east-1" : { }, - "us-gov-west-1" : { } + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "controltower-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-east-1-fips" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "controltower-fips.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "controltower-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1-fips" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "controltower-fips.us-gov-west-1.amazonaws.com" + } } }, "data-ats.iot" : { @@ -22019,6 +24138,24 @@ } } }, + "eks-auth" : { + "defaults" : { + "dnsSuffix" : "api.aws", + "variants" : [ { + "dnsSuffix" : "api.aws", + "hostname" : "{service}-fips.{region}.{dnsSuffix}", + "tags" : [ "fips" ] + } ] + }, + "endpoints" : { + "us-gov-east-1" : { + "hostname" : "eks-auth.us-gov-east-1.api.aws" + }, + "us-gov-west-1" : { + "hostname" : "eks-auth.us-gov-west-1.api.aws" + } + } + }, "elasticache" : { "defaults" : { "variants" : [ { @@ -22200,6 +24337,13 @@ }, "email" : { "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "email-fips.us-gov-east-1.amazonaws.com" + }, "fips-us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" @@ -22207,20 +24351,80 @@ "deprecated" : true, "hostname" : "email-fips.us-gov-west-1.amazonaws.com" }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "email-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "email-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + } + } + }, + "emr-containers" : { + "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "emr-containers.us-gov-east-1.amazonaws.com" + }, + "fips-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "emr-containers.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "emr-containers.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "emr-containers.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + } + } + }, + "emr-serverless" : { + "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "emr-serverless.us-gov-east-1.amazonaws.com" + }, + "fips-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "emr-serverless.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "emr-serverless.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "us-gov-west-1" : { "variants" : [ { - "hostname" : "email-fips.us-gov-west-1.amazonaws.com", + "hostname" : "emr-serverless.us-gov-west-1.amazonaws.com", "tags" : [ "fips" ] } ] } } }, - "emr-containers" : { - "endpoints" : { - "us-gov-east-1" : { }, - "us-gov-west-1" : { } - } - }, "es" : { "endpoints" : { "fips" : { @@ -22596,7 +24800,17 @@ "isRegionalized" : true }, "health" : { + "defaults" : { + "protocols" : [ "https" ], + "sslCommonName" : "health.us-gov-west-1.amazonaws.com" + }, "endpoints" : { + "aws-us-gov-global" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "hostname" : "global.health.us-gov.amazonaws.com" + }, "fips-us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" @@ -23211,6 +25425,12 @@ "us-gov-west-1" : { } } }, + "license-manager-user-subscriptions" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "logs" : { "endpoints" : { "fips-us-gov-east-1" : { @@ -23360,6 +25580,11 @@ } } }, + "models-v2-lex" : { + "endpoints" : { + "us-gov-west-1" : { } + } + }, "models.lex" : { "defaults" : { "credentialScope" : { @@ -23894,24 +26119,6 @@ } } }, - "resource-explorer-2" : { - "defaults" : { - "dnsSuffix" : "api.aws", - "variants" : [ { - "dnsSuffix" : "api.aws", - "hostname" : "{service}-fips.{region}.{dnsSuffix}", - "tags" : [ "fips" ] - } ] - }, - "endpoints" : { - "us-gov-east-1" : { - "hostname" : "resource-explorer-2.us-gov-east-1.api.aws" - }, - "us-gov-west-1" : { - "hostname" : "resource-explorer-2.us-gov-west-1.api.aws" - } - } - }, "resource-groups" : { "defaults" : { "variants" : [ { @@ -23955,8 +26162,32 @@ }, "rolesanywhere" : { "endpoints" : { - "us-gov-east-1" : { }, - "us-gov-west-1" : { } + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "rolesanywhere-fips.us-gov-east-1.amazonaws.com" + }, + "fips-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "rolesanywhere-fips.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "rolesanywhere-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "rolesanywhere-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + } } }, "route53" : { @@ -24006,6 +26237,11 @@ } } }, + "runtime-v2-lex" : { + "endpoints" : { + "us-gov-west-1" : { } + } + }, "runtime.lex" : { "defaults" : { "credentialScope" : { @@ -24185,11 +26421,19 @@ }, "us-gov-east-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-gov-west-1" : { "variants" : [ { + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] } @@ -24199,29 +26443,27 @@ "endpoints" : { "us-gov-east-1" : { "variants" : [ { - "hostname" : "secretsmanager-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-gov-east-1-fips" : { - "credentialScope" : { - "region" : "us-gov-east-1" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.us-gov-east-1.amazonaws.com" + "deprecated" : true }, "us-gov-west-1" : { "variants" : [ { - "hostname" : "secretsmanager-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "dualstack" ] + }, { + "tags" : [ "dualstack", "fips" ] + }, { "tags" : [ "fips" ] } ] }, "us-gov-west-1-fips" : { - "credentialScope" : { - "region" : "us-gov-west-1" - }, - "deprecated" : true, - "hostname" : "secretsmanager-fips.us-gov-west-1.amazonaws.com" + "deprecated" : true } } }, @@ -24428,6 +26670,60 @@ } } }, + "signer" : { + "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "signer-fips.us-gov-east-1.amazonaws.com" + }, + "fips-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "signer-fips.us-gov-west-1.amazonaws.com" + }, + "fips-verification-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "hostname" : "verification.signer-fips.us-gov-east-1.amazonaws.com" + }, + "fips-verification-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "hostname" : "verification.signer-fips.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "signer-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "signer-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "verification-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "hostname" : "verification.signer.us-gov-east-1.amazonaws.com" + }, + "verification-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "hostname" : "verification.signer.us-gov-west-1.amazonaws.com" + } + } + }, "simspaceweaver" : { "endpoints" : { "fips-us-gov-east-1" : { @@ -24477,6 +26773,13 @@ }, "sms-voice" : { "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "sms-voice-fips.us-gov-east-1.amazonaws.com" + }, "fips-us-gov-west-1" : { "credentialScope" : { "region" : "us-gov-west-1" @@ -24484,6 +26787,12 @@ "deprecated" : true, "hostname" : "sms-voice-fips.us-gov-west-1.amazonaws.com" }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "sms-voice-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, "us-gov-west-1" : { "variants" : [ { "hostname" : "sms-voice-fips.us-gov-west-1.amazonaws.com", @@ -25018,6 +27327,36 @@ } } }, + "verifiedpermissions" : { + "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.us-gov-east-1.amazonaws.com" + }, + "fips-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "verifiedpermissions-fips.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.us-gov-east-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "verifiedpermissions-fips.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + } + } + }, "waf-regional" : { "endpoints" : { "fips-us-gov-east-1" : { @@ -25201,6 +27540,16 @@ } } }, + "api.pricing" : { + "defaults" : { + "credentialScope" : { + "service" : "pricing" + } + }, + "endpoints" : { + "us-iso-east-1" : { } + } + }, "api.sagemaker" : { "endpoints" : { "us-iso-east-1" : { } @@ -25232,6 +27581,12 @@ "us-iso-west-1" : { } } }, + "arc-zonal-shift" : { + "endpoints" : { + "us-iso-east-1" : { }, + "us-iso-west-1" : { } + } + }, "athena" : { "endpoints" : { "us-iso-east-1" : { } @@ -25290,6 +27645,13 @@ }, "datasync" : { "endpoints" : { + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "datasync-fips.us-iso-east-1.c2s.ic.gov" + }, "fips-us-iso-west-1" : { "credentialScope" : { "region" : "us-iso-west-1" @@ -25297,6 +27659,12 @@ "deprecated" : true, "hostname" : "datasync-fips.us-iso-west-1.c2s.ic.gov" }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "datasync-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, "us-iso-west-1" : { "variants" : [ { "hostname" : "datasync-fips.us-iso-west-1.c2s.ic.gov", @@ -25504,6 +27872,40 @@ "us-iso-west-1" : { } } }, + "fsx" : { + "endpoints" : { + "fips-prod-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "fsx-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "fsx-fips.us-iso-east-1.c2s.ic.gov" + }, + "prod-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "variants" : [ { + "hostname" : "fsx-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "fsx-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } + } + }, "glacier" : { "endpoints" : { "us-iso-east-1" : { @@ -25517,6 +27919,15 @@ "us-iso-east-1" : { } } }, + "guardduty" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "us-iso-east-1" : { } + }, + "isRegionalized" : true + }, "health" : { "endpoints" : { "us-iso-east-1" : { } @@ -25655,47 +28066,27 @@ "tags" : [ "fips" ] } ] } - } - }, - "rds" : { - "endpoints" : { - "rds-fips.us-iso-east-1" : { - "credentialScope" : { - "region" : "us-iso-east-1" - }, - "deprecated" : true, - "hostname" : "rds-fips.us-iso-east-1.c2s.ic.gov" - }, - "rds-fips.us-iso-west-1" : { - "credentialScope" : { - "region" : "us-iso-west-1" - }, - "deprecated" : true, - "hostname" : "rds-fips.us-iso-west-1.c2s.ic.gov" - }, + } + }, + "rds" : { + "endpoints" : { "rds.us-iso-east-1" : { "credentialScope" : { "region" : "us-iso-east-1" }, "deprecated" : true, - "variants" : [ { - "hostname" : "rds-fips.us-iso-east-1.c2s.ic.gov", - "tags" : [ "fips" ] - } ] + "hostname" : "rds.us-iso-east-1.c2s.ic.gov" }, "rds.us-iso-west-1" : { "credentialScope" : { "region" : "us-iso-west-1" }, "deprecated" : true, - "variants" : [ { - "hostname" : "rds-fips.us-iso-west-1.c2s.ic.gov", - "tags" : [ "fips" ] - } ] + "hostname" : "rds.us-iso-west-1.c2s.ic.gov" }, "us-iso-east-1" : { "variants" : [ { - "hostname" : "rds-fips.us-iso-east-1.c2s.ic.gov", + "hostname" : "rds.us-iso-east-1.c2s.ic.gov", "tags" : [ "fips" ] } ] }, @@ -25704,11 +28095,11 @@ "region" : "us-iso-east-1" }, "deprecated" : true, - "hostname" : "rds-fips.us-iso-east-1.c2s.ic.gov" + "hostname" : "rds.us-iso-east-1.c2s.ic.gov" }, "us-iso-west-1" : { "variants" : [ { - "hostname" : "rds-fips.us-iso-west-1.c2s.ic.gov", + "hostname" : "rds.us-iso-west-1.c2s.ic.gov", "tags" : [ "fips" ] } ] }, @@ -25717,14 +28108,38 @@ "region" : "us-iso-west-1" }, "deprecated" : true, - "hostname" : "rds-fips.us-iso-west-1.c2s.ic.gov" + "hostname" : "rds.us-iso-west-1.c2s.ic.gov" } } }, "redshift" : { "endpoints" : { - "us-iso-east-1" : { }, - "us-iso-west-1" : { } + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "redshift-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "redshift-fips.us-iso-west-1.c2s.ic.gov" + }, + "us-iso-east-1" : { + "variants" : [ { + "hostname" : "redshift-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "redshift-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } } }, "resource-groups" : { @@ -25761,11 +28176,110 @@ "signatureVersions" : [ "s3v4" ] }, "endpoints" : { + "fips-us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "s3-fips.us-iso-east-1.c2s.ic.gov" + }, + "fips-us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "s3-fips.us-iso-west-1.c2s.ic.gov" + }, "us-iso-east-1" : { "protocols" : [ "http", "https" ], + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-fips.dualstack.us-iso-east-1.c2s.ic.gov", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + }, + "us-iso-west-1" : { + "variants" : [ { + "hostname" : "s3-fips.dualstack.us-iso-west-1.c2s.ic.gov", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "s3-control" : { + "defaults" : { + "protocols" : [ "https" ], + "signatureVersions" : [ "s3v4" ] + }, + "endpoints" : { + "us-iso-east-1" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "hostname" : "s3-control.us-iso-east-1.c2s.ic.gov", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control-fips.dualstack.us-iso-east-1.c2s.ic.gov", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-control-fips.us-iso-east-1.c2s.ic.gov", + "tags" : [ "fips" ] + }, { + "hostname" : "s3-control.dualstack.us-iso-east-1.c2s.ic.gov", + "tags" : [ "dualstack" ] + } ] + }, + "us-iso-east-1-fips" : { + "credentialScope" : { + "region" : "us-iso-east-1" + }, + "deprecated" : true, + "hostname" : "s3-control-fips.us-iso-east-1.c2s.ic.gov", "signatureVersions" : [ "s3v4" ] }, - "us-iso-west-1" : { } + "us-iso-west-1" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "hostname" : "s3-control.us-iso-west-1.c2s.ic.gov", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control-fips.dualstack.us-iso-west-1.c2s.ic.gov", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-control-fips.us-iso-west-1.c2s.ic.gov", + "tags" : [ "fips" ] + }, { + "hostname" : "s3-control.dualstack.us-iso-west-1.c2s.ic.gov", + "tags" : [ "dualstack" ] + } ] + }, + "us-iso-west-1-fips" : { + "credentialScope" : { + "region" : "us-iso-west-1" + }, + "deprecated" : true, + "hostname" : "s3-control-fips.us-iso-west-1.c2s.ic.gov", + "signatureVersions" : [ "s3v4" ] + } + } + }, + "s3-outposts" : { + "endpoints" : { + "fips-us-iso-east-1" : { + "deprecated" : true + }, + "us-iso-east-1" : { + "variants" : [ { + "tags" : [ "fips" ] + } ] + } } }, "secretsmanager" : { @@ -25776,7 +28290,8 @@ }, "snowball" : { "endpoints" : { - "us-iso-east-1" : { } + "us-iso-east-1" : { }, + "us-iso-west-1" : { } } }, "sns" : { @@ -25853,6 +28368,11 @@ "us-iso-west-1" : { } } }, + "textract" : { + "endpoints" : { + "us-iso-east-1" : { } + } + }, "transcribe" : { "defaults" : { "protocols" : [ "https" ] @@ -25912,6 +28432,16 @@ } } }, + "api.pricing" : { + "defaults" : { + "credentialScope" : { + "service" : "pricing" + } + }, + "endpoints" : { + "us-isob-east-1" : { } + } + }, "api.sagemaker" : { "endpoints" : { "us-isob-east-1" : { } @@ -25935,6 +28465,11 @@ "us-isob-east-1" : { } } }, + "arc-zonal-shift" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "autoscaling" : { "defaults" : { "protocols" : [ "http", "https" ] @@ -26113,6 +28648,11 @@ "us-isob-east-1" : { } } }, + "firehose" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "glacier" : { "endpoints" : { "us-isob-east-1" : { } @@ -26179,6 +28719,16 @@ "us-isob-east-1" : { } } }, + "medialive" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, + "mediapackage" : { + "endpoints" : { + "us-isob-east-1" : { } + } + }, "metering.marketplace" : { "defaults" : { "credentialScope" : { @@ -26228,26 +28778,16 @@ }, "rds" : { "endpoints" : { - "rds-fips.us-isob-east-1" : { - "credentialScope" : { - "region" : "us-isob-east-1" - }, - "deprecated" : true, - "hostname" : "rds-fips.us-isob-east-1.sc2s.sgov.gov" - }, "rds.us-isob-east-1" : { "credentialScope" : { "region" : "us-isob-east-1" }, "deprecated" : true, - "variants" : [ { - "hostname" : "rds-fips.us-isob-east-1.sc2s.sgov.gov", - "tags" : [ "fips" ] - } ] + "hostname" : "rds.us-isob-east-1.sc2s.sgov.gov" }, "us-isob-east-1" : { "variants" : [ { - "hostname" : "rds-fips.us-isob-east-1.sc2s.sgov.gov", + "hostname" : "rds.us-isob-east-1.sc2s.sgov.gov", "tags" : [ "fips" ] } ] }, @@ -26256,13 +28796,25 @@ "region" : "us-isob-east-1" }, "deprecated" : true, - "hostname" : "rds-fips.us-isob-east-1.sc2s.sgov.gov" + "hostname" : "rds.us-isob-east-1.sc2s.sgov.gov" } } }, "redshift" : { "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "redshift-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "redshift-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } } }, "resource-groups" : { @@ -26298,7 +28850,67 @@ "signatureVersions" : [ "s3v4" ] }, "endpoints" : { - "us-isob-east-1" : { } + "fips-us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "s3-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "s3-fips.dualstack.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + } + } + }, + "s3-control" : { + "defaults" : { + "protocols" : [ "https" ], + "signatureVersions" : [ "s3v4" ] + }, + "endpoints" : { + "us-isob-east-1" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "hostname" : "s3-control.us-isob-east-1.sc2s.sgov.gov", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control-fips.dualstack.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-control-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + }, { + "hostname" : "s3-control.dualstack.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "dualstack" ] + } ] + }, + "us-isob-east-1-fips" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "s3-control-fips.us-isob-east-1.sc2s.sgov.gov", + "signatureVersions" : [ "s3v4" ] + } + } + }, + "s3-outposts" : { + "endpoints" : { + "fips-us-isob-east-1" : { + "deprecated" : true + }, + "us-isob-east-1" : { + "variants" : [ { + "tags" : [ "fips" ] + } ] + } } }, "secretsmanager" : { @@ -26338,6 +28950,30 @@ "us-isob-east-1" : { } } }, + "storagegateway" : { + "endpoints" : { + "fips" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "storagegateway-fips.us-isob-east-1.sc2s.sgov.gov" + }, + "us-isob-east-1" : { + "variants" : [ { + "hostname" : "storagegateway-fips.us-isob-east-1.sc2s.sgov.gov", + "tags" : [ "fips" ] + } ] + }, + "us-isob-east-1-fips" : { + "credentialScope" : { + "region" : "us-isob-east-1" + }, + "deprecated" : true, + "hostname" : "storagegateway-fips.us-isob-east-1.sc2s.sgov.gov" + } + } + }, "streams.dynamodb" : { "defaults" : { "credentialScope" : { @@ -26401,7 +29037,11 @@ "partition" : "aws-iso-e", "partitionName" : "AWS ISOE (Europe)", "regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$", - "regions" : { }, + "regions" : { + "eu-isoe-west-1" : { + "description" : "EU ISOE West" + } + }, "services" : { } }, { "defaults" : { diff --git a/aws/sdk/aws-models/sdk-partitions.json b/aws/sdk/aws-models/sdk-partitions.json index b3e964aac2..a7657ab07a 100644 --- a/aws/sdk/aws-models/sdk-partitions.json +++ b/aws/sdk/aws-models/sdk-partitions.json @@ -50,6 +50,9 @@ "ca-central-1" : { "description" : "Canada (Central)" }, + "ca-west-1" : { + "description" : "Canada West (Calgary)" + }, "eu-central-1" : { "description" : "Europe (Frankfurt)" }, @@ -195,7 +198,11 @@ "supportsFIPS" : true }, "regionRegex" : "^eu\\-isoe\\-\\w+\\-\\d+$", - "regions" : { } + "regions" : { + "eu-isoe-west-1" : { + "description" : "EU ISOE West" + } + } }, { "id" : "aws-iso-f", "outputs" : { diff --git a/aws/sdk/aws-models/sso-oidc.json b/aws/sdk/aws-models/sso-oidc.json index 2974461fc0..ad40043c8d 100644 --- a/aws/sdk/aws-models/sso-oidc.json +++ b/aws/sdk/aws-models/sso-oidc.json @@ -990,6 +990,9 @@ "smithy.api#sensitive": {} } }, + "com.amazonaws.ssooidc#ArnType": { + "type": "string" + }, "com.amazonaws.ssooidc#Assertion": { "type": "string", "traits": { @@ -1036,6 +1039,12 @@ "com.amazonaws.ssooidc#ClientType": { "type": "string" }, + "com.amazonaws.ssooidc#CodeVerifier": { + "type": "string", + "traits": { + "smithy.api#sensitive": {} + } + }, "com.amazonaws.ssooidc#CreateToken": { "type": "operation", "input": { @@ -1098,6 +1107,25 @@ "expiresIn": 1579729529, "refreshToken": "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN" } + }, + { + "title": "Call OAuth/OIDC /token endpoint for Refresh Token grant with Secret authentication", + "documentation": "", + "input": { + "clientId": "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID", + "clientSecret": "VERYLONGSECRETeyJraWQiOiJrZXktMTU2NDAyODA5OSIsImFsZyI6IkhTMzg0In0", + "grantType": "refresh_token", + "refreshToken": "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN", + "scope": [ + "codewhisperer:completions" + ] + }, + "output": { + "accessToken": "aoal-YigITUDiNX1xZwOMXM5MxOWDL0E0jg9P6_C_jKQPxS_SKCP6f0kh1Up4g7TtvQqkMnD-GJiU_S1gvug6SrggAkc0:MGYCMQD3IatVjV7jAJU91kK3PkS/SfA2wtgWzOgZWDOR7sDGN9t0phCZz5It/aes/3C1Zj0CMQCKWOgRaiz6AIhza3DSXQNMLjRKXC8F8ceCsHlgYLMZ7hZidEXAMPLEACCESSTOKEN", + "tokenType": "Bearer", + "expiresIn": 1579729529, + "refreshToken": "aorvJYubGpU6i91YnH7Mfo-AT2fIVa1zCfA_Rvq9yjVKIP3onFmmykuQ7E93y2I-9Nyj-A_sVvMufaLNL0bqnDRtgAkc0:MGUCMFrRsktMRVlWaOR70XGMFGLL0SlcCw4DiYveIiOVx1uK9BbD0gvAddsW3UTLozXKMgIxAJ3qxUvjpnlLIOaaKOoa/FuNgqJVvr9GMwDtnAtlh9iZzAkEXAMPLEREFRESHTOKEN" + } } ], "smithy.api#http": { @@ -1161,6 +1189,12 @@ "traits": { "smithy.api#documentation": "Used only when calling this API for the Authorization Code grant type. This value specifies\n the location of the client or application that has registered to receive the authorization\n code.
" } + }, + "codeVerifier": { + "target": "com.amazonaws.ssooidc#CodeVerifier", + "traits": { + "smithy.api#documentation": "Used only when calling this API for the Authorization Code grant type. This value is generated\n by the client and presented to validate the original code challenge value the client passed at\n authorization time.
" + } } }, "traits": { @@ -1173,7 +1207,7 @@ "accessToken": { "target": "com.amazonaws.ssooidc#AccessToken", "traits": { - "smithy.api#documentation": "A bearer token to access AWS accounts and applications assigned to a user.
" + "smithy.api#documentation": "A bearer token to access Amazon Web Services accounts and applications assigned to a user.
" } }, "tokenType": { @@ -1253,7 +1287,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates and returns access and refresh tokens for clients and applications that are\n authenticated using IAM entities. The access token can be used to fetch short-term credentials\n for the assigned AWS accounts or to access application APIs using bearer\n authentication.
Creates and returns access and refresh tokens for clients and applications that are\n authenticated using IAM entities. The access token can be used to fetch short-term credentials\n for the assigned Amazon Web Services accounts or to access application APIs using bearer\n authentication.
Used only when calling this API for the Token Exchange grant type. This value specifies\n the type of token that the requester can receive. The following values are supported:
\n* Access Token - urn:ietf:params:oauth:token-type:access_token\n
* Refresh Token - urn:ietf:params:oauth:token-type:refresh_token\n
Used only when calling this API for the Authorization Code grant type. This value is generated\n by the client and presented to validate the original code challenge value the client passed at\n authorization time.
" + } } }, "traits": { @@ -1367,7 +1473,7 @@ "accessToken": { "target": "com.amazonaws.ssooidc#AccessToken", "traits": { - "smithy.api#documentation": "A bearer token to access AWS accounts and applications assigned to a user.
" + "smithy.api#documentation": "A bearer token to access Amazon Web Services accounts and applications assigned to a user.
" } }, "tokenType": { @@ -1452,6 +1558,12 @@ "com.amazonaws.ssooidc#GrantType": { "type": "string" }, + "com.amazonaws.ssooidc#GrantTypes": { + "type": "list", + "member": { + "target": "com.amazonaws.ssooidc#GrantType" + } + }, "com.amazonaws.ssooidc#IdToken": { "type": "string", "traits": { @@ -1552,6 +1664,28 @@ "smithy.api#httpError": 400 } }, + "com.amazonaws.ssooidc#InvalidRedirectUriException": { + "type": "structure", + "members": { + "error": { + "target": "com.amazonaws.ssooidc#Error", + "traits": { + "smithy.api#documentation": "Single error code.\n For this exception the value will be invalid_redirect_uri.
Human-readable text providing additional information, used to assist the\n client developer in understanding the error that occurred.
" + } + } + }, + "traits": { + "smithy.api#documentation": "Indicates that one or more redirect URI in the request is not supported for this operation.
", + "smithy.api#error": "client", + "smithy.api#httpError": 400 + } + }, "com.amazonaws.ssooidc#InvalidRequestException": { "type": "structure", "members": { @@ -1639,6 +1773,12 @@ "smithy.api#default": 0 } }, + "com.amazonaws.ssooidc#RedirectUris": { + "type": "list", + "member": { + "target": "com.amazonaws.ssooidc#URI" + } + }, "com.amazonaws.ssooidc#RefreshToken": { "type": "string", "traits": { @@ -1663,11 +1803,17 @@ { "target": "com.amazonaws.ssooidc#InvalidClientMetadataException" }, + { + "target": "com.amazonaws.ssooidc#InvalidRedirectUriException" + }, { "target": "com.amazonaws.ssooidc#InvalidRequestException" }, { "target": "com.amazonaws.ssooidc#InvalidScopeException" + }, + { + "target": "com.amazonaws.ssooidc#UnsupportedGrantTypeException" } ], "traits": { @@ -1683,7 +1829,16 @@ "scopes": [ "sso:account:access", "codewhisperer:completions" - ] + ], + "redirectUris": [ + "127.0.0.1:PORT/oauth/callback" + ], + "grantTypes": [ + "authorization_code", + "refresh_token" + ], + "issuerUrl": "https://identitycenter.amazonaws.com/ssoins-1111111111111111", + "entitledApplicationArn": "arn:aws:sso::ACCOUNTID:application/ssoins-1111111111111111/apl-1111111111111111" }, "output": { "clientId": "_yzkThXVzLWVhc3QtMQEXAMPLECLIENTID", @@ -1723,6 +1878,30 @@ "traits": { "smithy.api#documentation": "The list of scopes that are defined by the client. Upon authorization, this list is used\n to restrict permissions when granting an access token.
" } + }, + "redirectUris": { + "target": "com.amazonaws.ssooidc#RedirectUris", + "traits": { + "smithy.api#documentation": "The list of redirect URI that are defined by the client. At completion of authorization,\n this list is used to restrict what locations the user agent can be redirected back to.
" + } + }, + "grantTypes": { + "target": "com.amazonaws.ssooidc#GrantTypes", + "traits": { + "smithy.api#documentation": "The list of OAuth 2.0 grant types that are defined by the client. This list is used to\n restrict the token granting flows available to the client.
" + } + }, + "issuerUrl": { + "target": "com.amazonaws.ssooidc#URI", + "traits": { + "smithy.api#documentation": "The IAM Identity Center Issuer URL associated with an instance of IAM Identity Center. This value is needed for user access to resources through the client.
" + } + }, + "entitledApplicationArn": { + "target": "com.amazonaws.ssooidc#ArnType", + "traits": { + "smithy.api#documentation": "This IAM Identity Center application ARN is used to define administrator-managed configuration for public client access to resources. At\n authorization, the scopes, grants, and redirect URI available to this client will be restricted by this application resource.
" + } } }, "traits": { diff --git a/aws/sdk/aws-models/sts.json b/aws/sdk/aws-models/sts.json index eabc44ceb7..746178d4f8 100644 --- a/aws/sdk/aws-models/sts.json +++ b/aws/sdk/aws-models/sts.json @@ -2990,6 +2990,24 @@ "Account": "123456789012", "Arn": "arn:aws:iam::123456789012:user/Alice" } + }, + { + "title": "To get details about a calling user federated with AssumeRole", + "documentation": "This example shows a request and response made with temporary credentials created by AssumeRole. The name of the assumed role is my-role-name, and the RoleSessionName is set to my-role-session-name.", + "output": { + "UserId": "AKIAI44QH8DHBEXAMPLE:my-role-session-name", + "Account": "123456789012", + "Arn": "arn:aws:sts::123456789012:assumed-role/my-role-name/my-role-session-name" + } + }, + { + "title": "To get details about a calling user federated with GetFederationToken", + "documentation": "This example shows a request and response made with temporary credentials created by using GetFederationToken. The Name parameter is set to my-federated-user-name.", + "output": { + "UserId": "123456789012:my-federated-user-name", + "Account": "123456789012", + "Arn": "arn:aws:sts::123456789012:federated-user/my-federated-user-name" + } } ] } diff --git a/aws/sdk/aws-models/timestream-query.json b/aws/sdk/aws-models/timestream-query.json index b7ed953550..720ffb3560 100644 --- a/aws/sdk/aws-models/timestream-query.json +++ b/aws/sdk/aws-models/timestream-query.json @@ -229,7 +229,7 @@ "QueryString": { "target": "com.amazonaws.timestreamquery#QueryString", "traits": { - "smithy.api#documentation": "The query string to run. Parameter\n names can be specified in the query string @ character followed by an\n identifier. The named Parameter @scheduled_runtime is reserved and can be used in the query to get the time at which the query is scheduled to run.
The timestamp calculated according to the ScheduleConfiguration parameter, will be the value of @scheduled_runtime paramater for each query run. \n For example, consider an instance of a scheduled query executing on 2021-12-01 00:00:00. For this instance, the @scheduled_runtime parameter is \n initialized to the timestamp 2021-12-01 00:00:00 when invoking the query.
The query string to run. Parameter names can be specified in the query string\n @ character followed by an identifier. The named Parameter\n @scheduled_runtime is reserved and can be used in the query to get the\n time at which the query is scheduled to run.
The timestamp calculated according to the ScheduleConfiguration parameter, will be the\n value of @scheduled_runtime paramater for each query run. For example,\n consider an instance of a scheduled query executing on 2021-12-01 00:00:00. For this\n instance, the @scheduled_runtime parameter is initialized to the timestamp\n 2021-12-01 00:00:00 when invoking the query.
Notification configuration for the scheduled query. A notification is sent by\n Timestream when a query run finishes, when the state is updated or when you delete it.
", + "smithy.api#documentation": "Notification configuration for the scheduled query. A notification is sent by\n Timestream when a query run finishes, when the state is updated or when you delete it.\n
", "smithy.api#required": {} } }, @@ -256,14 +256,14 @@ "ClientToken": { "target": "com.amazonaws.timestreamquery#ClientToken", "traits": { - "smithy.api#documentation": "Using a ClientToken makes the call to CreateScheduledQuery idempotent, in other words, making the same request repeatedly will produce the same result. Making \n multiple identical CreateScheduledQuery requests has the same effect as making a single request.\n\n
\n If CreateScheduledQuery is called without a ClientToken, the\n Query SDK generates a ClientToken on your behalf.
After 8 hours, any request with the same ClientToken is treated\n as a new request.
Using a ClientToken makes the call to CreateScheduledQuery idempotent, in other words,\n making the same request repeatedly will produce the same result. Making multiple\n identical CreateScheduledQuery requests has the same effect as making a single request.
\n If CreateScheduledQuery is called without a ClientToken, the\n Query SDK generates a ClientToken on your behalf.
After 8 hours, any request with the same ClientToken is treated\n as a new request.
The ARN for the IAM role that Timestream will assume when running the scheduled query.
", + "smithy.api#documentation": "The ARN for the IAM role that Timestream will assume when running the scheduled query.\n
", "smithy.api#required": {} } }, @@ -276,13 +276,13 @@ "KmsKeyId": { "target": "com.amazonaws.timestreamquery#StringValue2048", "traits": { - "smithy.api#documentation": "The Amazon KMS key used to encrypt the scheduled query resource, at-rest. If the Amazon KMS\n key is not specified, the scheduled query resource will be encrypted with a Timestream\n owned Amazon KMS key. To specify a KMS key, use the key ID, key ARN, alias name, or alias\n ARN. When using an alias name, prefix the name with alias/\n
\nIf ErrorReportConfiguration uses SSE_KMS as encryption type, the same KmsKeyId is used to encrypt the error report at rest.
The Amazon KMS key used to encrypt the scheduled query resource, at-rest. If the\n Amazon KMS key is not specified, the scheduled query resource will be encrypted with a\n Timestream owned Amazon KMS key. To specify a KMS key, use the key ID, key ARN, alias\n name, or alias ARN. When using an alias name, prefix the name with\n alias/\n
\nIf ErrorReportConfiguration uses SSE_KMS as encryption type, the same\n KmsKeyId is used to encrypt the error report at rest.
Configuration for error reporting. Error reports will be generated when a problem is encountered when writing the query results.
", + "smithy.api#documentation": "Configuration for error reporting. Error reports will be generated when a problem is\n encountered when writing the query results.
", "smithy.api#required": {} } } @@ -401,6 +401,62 @@ "smithy.api#input": {} } }, + "com.amazonaws.timestreamquery#DescribeAccountSettings": { + "type": "operation", + "input": { + "target": "com.amazonaws.timestreamquery#DescribeAccountSettingsRequest" + }, + "output": { + "target": "com.amazonaws.timestreamquery#DescribeAccountSettingsResponse" + }, + "errors": [ + { + "target": "com.amazonaws.timestreamquery#AccessDeniedException" + }, + { + "target": "com.amazonaws.timestreamquery#InternalServerException" + }, + { + "target": "com.amazonaws.timestreamquery#InvalidEndpointException" + }, + { + "target": "com.amazonaws.timestreamquery#ThrottlingException" + } + ], + "traits": { + "aws.api#clientDiscoveredEndpoint": { + "required": true + }, + "smithy.api#documentation": "Describes the settings for your account that include the query pricing model and the configured maximum TCUs the service can use for your query workload.
\nYou're charged only for the duration of compute units used for your workloads.
" + } + }, + "com.amazonaws.timestreamquery#DescribeAccountSettingsRequest": { + "type": "structure", + "members": {}, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.timestreamquery#DescribeAccountSettingsResponse": { + "type": "structure", + "members": { + "MaxQueryTCU": { + "target": "com.amazonaws.timestreamquery#MaxQueryCapacity", + "traits": { + "smithy.api#documentation": "The maximum number of Timestream compute units (TCUs) the service will use at any point in time to serve your queries.
" + } + }, + "QueryPricingModel": { + "target": "com.amazonaws.timestreamquery#QueryPricingModel", + "traits": { + "smithy.api#documentation": "The pricing model for queries in your account.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.timestreamquery#DescribeEndpoints": { "type": "operation", "input": { @@ -666,7 +722,7 @@ "InvocationTime": { "target": "com.amazonaws.timestreamquery#Time", "traits": { - "smithy.api#documentation": "The timestamp in UTC. Query will be run as if it was invoked at this timestamp.
", + "smithy.api#documentation": "The timestamp in UTC. Query will be run as if it was invoked at this timestamp.\n
", "smithy.api#required": {} } }, @@ -689,7 +745,7 @@ "target": "com.amazonaws.timestreamquery#Long", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "Total time, measured in milliseconds, that was needed for the scheduled query run to complete.
" + "smithy.api#documentation": "Total time, measured in milliseconds, that was needed for the scheduled query run to\n complete.
" } }, "DataWrites": { @@ -706,6 +762,13 @@ "smithy.api#documentation": "Bytes metered for a single scheduled query run.
" } }, + "CumulativeBytesScanned": { + "target": "com.amazonaws.timestreamquery#Long", + "traits": { + "smithy.api#default": 0, + "smithy.api#documentation": "Bytes scanned for a single scheduled query run.
" + } + }, "RecordsIngested": { "target": "com.amazonaws.timestreamquery#Long", "traits": { @@ -733,7 +796,7 @@ } }, "traits": { - "smithy.api#documentation": "\n Timestream was unable to fully process this request because of an internal\n server error.
", + "smithy.api#documentation": "\n The service was unable to fully process this request because of an internal\n server error.
", "smithy.api#error": "server", "smithy.api#httpError": 500 } @@ -780,7 +843,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": true }, - "smithy.api#documentation": "Gets a list of all scheduled queries in the caller's Amazon account and Region. ListScheduledQueries is eventually consistent.
Gets a list of all scheduled queries in the caller's Amazon account and Region.\n ListScheduledQueries is eventually consistent.
Notification configuration for a scheduled query. A notification is sent by\n Timestream when a scheduled query is created, its state is updated or when it is deleted.
" + "smithy.api#documentation": "Notification configuration for a scheduled query. A notification is sent by Timestream\n when a scheduled query is created, its state is updated or when it is deleted.
" } }, "com.amazonaws.timestreamquery#NullableBoolean": { @@ -1180,7 +1246,7 @@ "aws.api#clientDiscoveredEndpoint": { "required": true }, - "smithy.api#documentation": "A synchronous operation that allows you to submit a query with parameters to be stored\n by Timestream for later running. Timestream only supports using this operation with the\n PrepareQueryRequest$ValidateOnly set to true.
A synchronous operation that allows you to submit a query with parameters to be stored\n by Timestream for later running. Timestream only supports using this operation with\n ValidateOnly set to true.
InvocationTime for this run. This is the time at which the query is scheduled to run.\n Parameter @scheduled_runtime can be used in the query to get the value.
InvocationTime for this run. This is the time at which the query is scheduled to run.\n Parameter @scheduled_runtime can be used in the query to get the value.\n
Name of Timestream table that the query result will be written to. The table should\n be within the same database that is provided in Timestream configuration.
", + "smithy.api#documentation": "Name of Timestream table that the query result will be written to. The table should be\n within the same database that is provided in Timestream configuration.
", "smithy.api#required": {} } }, @@ -2335,6 +2418,9 @@ { "target": "com.amazonaws.timestreamquery#DeleteScheduledQuery" }, + { + "target": "com.amazonaws.timestreamquery#DescribeAccountSettings" + }, { "target": "com.amazonaws.timestreamquery#DescribeEndpoints" }, @@ -2362,6 +2448,9 @@ { "target": "com.amazonaws.timestreamquery#UntagResource" }, + { + "target": "com.amazonaws.timestreamquery#UpdateAccountSettings" + }, { "target": "com.amazonaws.timestreamquery#UpdateScheduledQuery" } @@ -3020,7 +3109,7 @@ "ScalarType": { "target": "com.amazonaws.timestreamquery#ScalarType", "traits": { - "smithy.api#documentation": "Indicates if the column is of type string, integer, Boolean, double, timestamp, date,\n time.
" + "smithy.api#documentation": "Indicates if the column is of type string, integer, Boolean, double, timestamp, date,\n time. For more information, see Supported data\n types.
" } }, "ArrayColumnInfo": { @@ -3104,6 +3193,79 @@ "smithy.api#output": {} } }, + "com.amazonaws.timestreamquery#UpdateAccountSettings": { + "type": "operation", + "input": { + "target": "com.amazonaws.timestreamquery#UpdateAccountSettingsRequest" + }, + "output": { + "target": "com.amazonaws.timestreamquery#UpdateAccountSettingsResponse" + }, + "errors": [ + { + "target": "com.amazonaws.timestreamquery#AccessDeniedException" + }, + { + "target": "com.amazonaws.timestreamquery#InternalServerException" + }, + { + "target": "com.amazonaws.timestreamquery#InvalidEndpointException" + }, + { + "target": "com.amazonaws.timestreamquery#ThrottlingException" + }, + { + "target": "com.amazonaws.timestreamquery#ValidationException" + } + ], + "traits": { + "aws.api#clientDiscoveredEndpoint": { + "required": true + }, + "smithy.api#documentation": "Transitions your account to use TCUs for query pricing and modifies the maximum query compute units that you've configured. If you reduce the value of MaxQueryTCU to a desired configuration, the new value can take up to 24 hours to be effective.
After you've transitioned your account to use TCUs for query pricing, you can't transition to using bytes scanned for query pricing.
\nThe maximum number of compute units the service will use at any point in time to serve your queries. To run queries, you must set a minimum capacity of 4 TCU. You can set the maximum number of TCU in multiples of 4, for example, 4, 8, 16, 32, and so on.
\nThe maximum value supported for MaxQueryTCU is 1000. To request an increase to this soft limit, contact Amazon Web Services Support. For information about the default quota for maxQueryTCU, see Default quotas.
The pricing model for queries in an account.
" + } + } + }, + "traits": { + "smithy.api#input": {} + } + }, + "com.amazonaws.timestreamquery#UpdateAccountSettingsResponse": { + "type": "structure", + "members": { + "MaxQueryTCU": { + "target": "com.amazonaws.timestreamquery#MaxQueryCapacity", + "traits": { + "smithy.api#documentation": "The configured maximum number of compute units the service will use at any point in time to serve your queries.
" + } + }, + "QueryPricingModel": { + "target": "com.amazonaws.timestreamquery#QueryPricingModel", + "traits": { + "smithy.api#documentation": "The pricing model for an account.
" + } + } + }, + "traits": { + "smithy.api#output": {} + } + }, "com.amazonaws.timestreamquery#UpdateScheduledQuery": { "type": "operation", "input": {