diff --git a/.changes/next-release/service.codebuild-feature-1618434065941089000.json b/.changes/next-release/service.codebuild-feature-1618434065941089000.json new file mode 100644 index 00000000000..7e85c979ad5 --- /dev/null +++ b/.changes/next-release/service.codebuild-feature-1618434065941089000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.codebuild-feature-1618434065941089000", + "SchemaVersion": 1, + "Module": "service/codebuild", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.codestarconnections-feature-1618434065955012000.json b/.changes/next-release/service.codestarconnections-feature-1618434065955012000.json new file mode 100644 index 00000000000..419fe4d24ca --- /dev/null +++ b/.changes/next-release/service.codestarconnections-feature-1618434065955012000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.codestarconnections-feature-1618434065955012000", + "SchemaVersion": 1, + "Module": "service/codestarconnections", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.comprehendmedical-feature-1618434065970280000.json b/.changes/next-release/service.comprehendmedical-feature-1618434065970280000.json new file mode 100644 index 00000000000..e6f738e3f9c --- /dev/null +++ b/.changes/next-release/service.comprehendmedical-feature-1618434065970280000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.comprehendmedical-feature-1618434065970280000", + "SchemaVersion": 1, + "Module": "service/comprehendmedical", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.configservice-feature-1618434065986453000.json b/.changes/next-release/service.configservice-feature-1618434065986453000.json new file mode 100644 index 00000000000..fe40d404aa5 --- /dev/null +++ b/.changes/next-release/service.configservice-feature-1618434065986453000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.configservice-feature-1618434065986453000", + "SchemaVersion": 1, + "Module": "service/configservice", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.ec2-feature-1618434066002616000.json b/.changes/next-release/service.ec2-feature-1618434066002616000.json new file mode 100644 index 00000000000..702e0398540 --- /dev/null +++ b/.changes/next-release/service.ec2-feature-1618434066002616000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.ec2-feature-1618434066002616000", + "SchemaVersion": 1, + "Module": "service/ec2", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.fsx-feature-1618434066018929000.json b/.changes/next-release/service.fsx-feature-1618434066018929000.json new file mode 100644 index 00000000000..0ac364fed95 --- /dev/null +++ b/.changes/next-release/service.fsx-feature-1618434066018929000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.fsx-feature-1618434066018929000", + "SchemaVersion": 1, + "Module": "service/fsx", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.lightsail-feature-1618434066034745000.json b/.changes/next-release/service.lightsail-feature-1618434066034745000.json new file mode 100644 index 00000000000..1c3f8901389 --- /dev/null +++ b/.changes/next-release/service.lightsail-feature-1618434066034745000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.lightsail-feature-1618434066034745000", + "SchemaVersion": 1, + "Module": "service/lightsail", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.mediaconnect-feature-1618434066050311000.json b/.changes/next-release/service.mediaconnect-feature-1618434066050311000.json new file mode 100644 index 00000000000..b34dbc1a77b --- /dev/null +++ b/.changes/next-release/service.mediaconnect-feature-1618434066050311000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.mediaconnect-feature-1618434066050311000", + "SchemaVersion": 1, + "Module": "service/mediaconnect", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.rds-feature-1618434066068818000.json b/.changes/next-release/service.rds-feature-1618434066068818000.json new file mode 100644 index 00000000000..830eac7c996 --- /dev/null +++ b/.changes/next-release/service.rds-feature-1618434066068818000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.rds-feature-1618434066068818000", + "SchemaVersion": 1, + "Module": "service/rds", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.redshift-feature-1618434066084956000.json b/.changes/next-release/service.redshift-feature-1618434066084956000.json new file mode 100644 index 00000000000..8f697eb69b3 --- /dev/null +++ b/.changes/next-release/service.redshift-feature-1618434066084956000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.redshift-feature-1618434066084956000", + "SchemaVersion": 1, + "Module": "service/redshift", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.shield-feature-1618434066102878000.json b/.changes/next-release/service.shield-feature-1618434066102878000.json new file mode 100644 index 00000000000..3cacc023fba --- /dev/null +++ b/.changes/next-release/service.shield-feature-1618434066102878000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.shield-feature-1618434066102878000", + "SchemaVersion": 1, + "Module": "service/shield", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/.changes/next-release/service.sts-feature-1618434066119716000.json b/.changes/next-release/service.sts-feature-1618434066119716000.json new file mode 100644 index 00000000000..186de3d8678 --- /dev/null +++ b/.changes/next-release/service.sts-feature-1618434066119716000.json @@ -0,0 +1,9 @@ +{ + "ID": "service.sts-feature-1618434066119716000", + "SchemaVersion": 1, + "Module": "service/sts", + "Type": "feature", + "Description": "API client updated", + "MinVersion": "", + "AffectedModules": null +} \ No newline at end of file diff --git a/codegen/sdk-codegen/aws-models/codebuild.2016-10-06.json b/codegen/sdk-codegen/aws-models/codebuild.2016-10-06.json index ecc0b667b75..83c4a1bea83 100644 --- a/codegen/sdk-codegen/aws-models/codebuild.2016-10-06.json +++ b/codegen/sdk-codegen/aws-models/codebuild.2016-10-06.json @@ -408,6 +408,26 @@ "com.amazonaws.codebuild#Boolean": { "type": "boolean" }, + "com.amazonaws.codebuild#BucketOwnerAccess": { + "type": "string", + "traits": { + "smithy.api#documentation": "

Specifies the access for objects that are uploaded to an Amazon S3 bucket that is owned by\n another account.

\n

By default, only the account that uploads the objects to the bucket has access to\n these objects. This property allows you to give the bucket owner access to these\n objects.

\n
\n
NONE
\n
\n

The bucket owner does not have access to the objects. This is the\n default.

\n
\n
READ_ONLY
\n
\n

The bucket owner has read only access to the objects. The uploading account\n retains ownership of the objects.

\n
\n
FULL
\n
\n

The bucket owner has full access to the objects. Object ownership is determined\n by the following criteria:

\n \n

For more information about Amazon S3 object ownership, see Controlling ownership of uploaded objects using S3\n Object Ownership in the Amazon Simple Storage Service User\n Guide.

\n
\n
", + "smithy.api#enum": [ + { + "value": "NONE", + "name": "NONE" + }, + { + "value": "READ_ONLY", + "name": "READ_ONLY" + }, + { + "value": "FULL", + "name": "FULL" + } + ] + } + }, "com.amazonaws.codebuild#Build": { "type": "structure", "members": { @@ -576,7 +596,7 @@ "exportedEnvironmentVariables": { "target": "com.amazonaws.codebuild#ExportedEnvironmentVariables", "traits": { - "smithy.api#documentation": "

A list of exported environment variables for this build.

" + "smithy.api#documentation": "

A list of exported environment variables for this build.

\n

Exported environment variables are used in conjunction with AWS CodePipeline to export\n environment variables from the current build stage to subsequent stages in the pipeline.\n For more information, see Working with variables in the AWS CodePipeline User Guide.

" } }, "reportArns": { @@ -646,6 +666,9 @@ "traits": { "smithy.api#documentation": "

An identifier for this artifact definition.

" } + }, + "bucketOwnerAccess": { + "target": "com.amazonaws.codebuild#BucketOwnerAccess" } }, "traits": { @@ -826,7 +849,7 @@ "debugSessionEnabled": { "target": "com.amazonaws.codebuild#WrapperBoolean", "traits": { - "smithy.api#documentation": "

\n

Specifies if session debugging is enabled for this batch build. For more information, see\n Viewing a running build in Session Manager. Batch session debugging is not supported for matrix batch builds.

" + "smithy.api#documentation": "

Specifies if session debugging is enabled for this batch build. For more information, see\n Viewing a running build in Session Manager. Batch session debugging is not supported for matrix batch builds.

" } } }, @@ -2518,18 +2541,18 @@ "name": { "target": "com.amazonaws.codebuild#NonEmptyString", "traits": { - "smithy.api#documentation": "

The name of this exported environment variable.

" + "smithy.api#documentation": "

The name of the exported environment variable.

" } }, "value": { "target": "com.amazonaws.codebuild#String", "traits": { - "smithy.api#documentation": "

The value assigned to this exported environment variable.

\n \n

During a build, the value of a variable is available starting with the\n install phase. It can be updated between the start of the\n install phase and the end of the post_build phase.\n After the post_build phase ends, the value of exported variables cannot\n change.

\n
" + "smithy.api#documentation": "

The value assigned to the exported environment variable.

" } } }, "traits": { - "smithy.api#documentation": "

Information about an exported environment variable.

" + "smithy.api#documentation": "

Contains information about an exported environment variable.

\n

Exported environment variables are used in conjunction with AWS CodePipeline to export\n environment variables from the current build stage to subsequent stages in the pipeline.\n For more information, see Working with variables in the AWS CodePipeline User Guide.

\n \n

During a build, the value of a variable is available starting with the\n install phase. It can be updated between the start of the\n install phase and the end of the post_build phase.\n After the post_build phase ends, the value of exported variables cannot\n change.

\n
" } }, "com.amazonaws.codebuild#ExportedEnvironmentVariables": { @@ -4075,6 +4098,9 @@ "traits": { "smithy.api#documentation": "

An identifier for this artifact definition.

" } + }, + "bucketOwnerAccess": { + "target": "com.amazonaws.codebuild#BucketOwnerAccess" } }, "traits": { @@ -5167,6 +5193,9 @@ "traits": { "smithy.api#documentation": "

Set to true if you do not want your S3 build log output encrypted. By default S3\n build logs are encrypted.

" } + }, + "bucketOwnerAccess": { + "target": "com.amazonaws.codebuild#BucketOwnerAccess" } }, "traits": { diff --git a/codegen/sdk-codegen/aws-models/codestarconnections.2019-12-01.json b/codegen/sdk-codegen/aws-models/codestarconnections.2019-12-01.json index 8c52bae2962..2f3f22e6dad 100644 --- a/codegen/sdk-codegen/aws-models/codestarconnections.2019-12-01.json +++ b/codegen/sdk-codegen/aws-models/codestarconnections.2019-12-01.json @@ -325,6 +325,9 @@ "traits": { "smithy.api#documentation": "

The VPC configuration to be provisioned for the host. A VPC must be configured and the\n infrastructure to be represented by the host must already be connected to the VPC.

" } + }, + "Tags": { + "target": "com.amazonaws.codestarconnections#TagList" } } }, @@ -336,6 +339,9 @@ "traits": { "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the host to be created.

" } + }, + "Tags": { + "target": "com.amazonaws.codestarconnections#TagList" } } }, @@ -604,7 +610,14 @@ } }, "com.amazonaws.codestarconnections#HostStatus": { - "type": "string" + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 64 + }, + "smithy.api#pattern": ".*" + } }, "com.amazonaws.codestarconnections#HostStatusMessage": { "type": "string" diff --git a/codegen/sdk-codegen/aws-models/comprehendmedical.2018-10-30.json b/codegen/sdk-codegen/aws-models/comprehendmedical.2018-10-30.json index b700e8973bb..b954de2780b 100644 --- a/codegen/sdk-codegen/aws-models/comprehendmedical.2018-10-30.json +++ b/codegen/sdk-codegen/aws-models/comprehendmedical.2018-10-30.json @@ -56,7 +56,7 @@ "RelationshipType": { "target": "com.amazonaws.comprehendmedical#RelationshipType", "traits": { - "smithy.api#documentation": "

The type of relationship between the entity and attribute. Type for the relationship is OVERLAP, indicating that the entity occurred at the same time as the Date_Expression.\n

" + "smithy.api#documentation": "

The type of relationship between the entity and attribute. Type for the relationship is\n OVERLAP, indicating that the entity occurred at the same time as the\n Date_Expression.

" } }, "Id": { @@ -434,7 +434,7 @@ } ], "traits": { - "smithy.api#documentation": "

Gets the properties associated with an InferICD10CM job.\n Use this operation to get the status of an inference job.

" + "smithy.api#documentation": "

Gets the properties associated with an InferICD10CM job. Use this operation to get the\n status of an inference job.

" } }, "com.amazonaws.comprehendmedical#DescribeICD10CMInferenceJobRequest": { @@ -443,7 +443,7 @@ "JobId": { "target": "com.amazonaws.comprehendmedical#JobId", "traits": { - "smithy.api#documentation": "

The identifier that Amazon Comprehend Medical generated for the job. The StartICD10CMInferenceJob operation returns this identifier in its response.

", + "smithy.api#documentation": "

The identifier that Amazon Comprehend Medical generated for the job. The\n StartICD10CMInferenceJob operation returns this identifier in its response.

", "smithy.api#required": {} } } @@ -532,7 +532,7 @@ } ], "traits": { - "smithy.api#documentation": "

Gets the properties associated with an InferRxNorm job.\n Use this operation to get the status of an inference job.

" + "smithy.api#documentation": "

Gets the properties associated with an InferRxNorm job. Use this operation to get the\n status of an inference job.

" } }, "com.amazonaws.comprehendmedical#DescribeRxNormInferenceJobRequest": { @@ -541,7 +541,7 @@ "JobId": { "target": "com.amazonaws.comprehendmedical#JobId", "traits": { - "smithy.api#documentation": "

The identifier that Amazon Comprehend Medical generated for the job. The StartRxNormInferenceJob operation returns this identifier in its response.

", + "smithy.api#documentation": "

The identifier that Amazon Comprehend Medical generated for the job. The\n StartRxNormInferenceJob operation returns this identifier in its response.

", "smithy.api#required": {} } } @@ -1078,6 +1078,18 @@ "traits": { "smithy.api#documentation": "

The contextual information for the attribute. The traits recognized by InferICD10CM are\n DIAGNOSIS, SIGN, SYMPTOM, and\n NEGATION.

" } + }, + "Category": { + "target": "com.amazonaws.comprehendmedical#ICD10CMEntityType", + "traits": { + "smithy.api#documentation": "

The category of attribute. Can be either of DX_NAME or TIME_EXPRESSION.

" + } + }, + "RelationshipType": { + "target": "com.amazonaws.comprehendmedical#ICD10CMRelationshipType", + "traits": { + "smithy.api#documentation": "

The type of relationship between the entity and attribute. Type for the relationship can\n be either of OVERLAP or SYSTEM_ORGAN_SITE.

" + } } }, "traits": { @@ -1113,6 +1125,14 @@ { "value": "QUANTITY", "name": "QUANTITY" + }, + { + "value": "TIME_TO_DX_NAME", + "name": "TIME_TO_DX_NAME" + }, + { + "value": "TIME_EXPRESSION", + "name": "TIME_EXPRESSION" } ] } @@ -1173,7 +1193,7 @@ "Type": { "target": "com.amazonaws.comprehendmedical#ICD10CMEntityType", "traits": { - "smithy.api#documentation": "

Describes the specific type of entity with category of entities. InferICD10CM detects\n entities of the type DX_NAME.

" + "smithy.api#documentation": "

Describes the specific type of entity with category of entities. InferICD10CM detects\n entities of the type DX_NAME and TIME_EXPRESSION.

" } }, "Score": { @@ -1241,6 +1261,25 @@ { "value": "DX_NAME", "name": "DX_NAME" + }, + { + "value": "TIME_EXPRESSION", + "name": "TIME_EXPRESSION" + } + ] + } + }, + "com.amazonaws.comprehendmedical#ICD10CMRelationshipType": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "OVERLAP", + "name": "OVERLAP" + }, + { + "value": "SYSTEM_ORGAN_SITE", + "name": "SYSTEM_ORGAN_SITE" } ] } @@ -1333,7 +1372,7 @@ } ], "traits": { - "smithy.api#documentation": "

InferICD10CM detects medical conditions as entities listed in a patient record and links\n those entities to normalized concept identifiers in the ICD-10-CM knowledge base from the\n Centers for Disease Control. Amazon Comprehend Medical only detects medical entities in\n English language texts.

" + "smithy.api#documentation": "

InferICD10CM detects medical conditions as entities listed in a patient record and links\n those entities to normalized concept identifiers in the ICD-10-CM knowledge base from the\n Centers for Disease Control. Amazon Comprehend Medical only detects medical entities in\n English language texts.

" } }, "com.amazonaws.comprehendmedical#InferICD10CMRequest": { @@ -1401,7 +1440,7 @@ } ], "traits": { - "smithy.api#documentation": "

InferRxNorm detects medications as entities listed in a patient record and links to the\n normalized concept identifiers in the RxNorm database from the National Library of Medicine.\n Amazon Comprehend Medical only detects medical entities in English language texts.

" + "smithy.api#documentation": "

InferRxNorm detects medications as entities listed in a patient record and links to the\n normalized concept identifiers in the RxNorm database from the National Library of Medicine.\n Amazon Comprehend Medical only detects medical entities in English language texts.

" } }, "com.amazonaws.comprehendmedical#InferRxNormRequest": { @@ -1458,7 +1497,7 @@ } }, "traits": { - "smithy.api#documentation": "

The input properties for an entities detection job. This includes the name of the S3 bucket and the path to the files to be analyzed. See batch-manifest for more information.

" + "smithy.api#documentation": "

The input properties for an entities detection job. This includes the name of the S3\n bucket and the path to the files to be analyzed.

" } }, "com.amazonaws.comprehendmedical#Integer": { @@ -1671,7 +1710,7 @@ } ], "traits": { - "smithy.api#documentation": "

Gets a list of InferICD10CM jobs that you have\n submitted.

" + "smithy.api#documentation": "

Gets a list of InferICD10CM jobs that you have submitted.

" } }, "com.amazonaws.comprehendmedical#ListICD10CMInferenceJobsRequest": { @@ -1680,7 +1719,7 @@ "Filter": { "target": "com.amazonaws.comprehendmedical#ComprehendMedicalAsyncJobFilter", "traits": { - "smithy.api#documentation": "

Filters the jobs that are returned. You can filter jobs based on their names, status, or the date and time that they were submitted. You can only set one filter at a time.

" + "smithy.api#documentation": "

Filters the jobs that are returned. You can filter jobs based on their names, status, or\n the date and time that they were submitted. You can only set one filter at a time.

" } }, "NextToken": { @@ -1803,7 +1842,7 @@ } ], "traits": { - "smithy.api#documentation": "

Gets a list of InferRxNorm jobs that you have\n submitted.

" + "smithy.api#documentation": "

Gets a list of InferRxNorm jobs that you have submitted.

" } }, "com.amazonaws.comprehendmedical#ListRxNormInferenceJobsRequest": { @@ -1812,7 +1851,7 @@ "Filter": { "target": "com.amazonaws.comprehendmedical#ComprehendMedicalAsyncJobFilter", "traits": { - "smithy.api#documentation": "

Filters the jobs that are returned. You can filter jobs based on their names, status, or the date and time that they were submitted. You can only set one filter at a time.

" + "smithy.api#documentation": "

Filters the jobs that are returned. You can filter jobs based on their names, status, or\n the date and time that they were submitted. You can only set one filter at a time.

" } }, "NextToken": { @@ -2401,7 +2440,7 @@ } ], "traits": { - "smithy.api#documentation": "

Starts an asynchronous job to detect medical conditions and link them to the ICD-10-CM ontology. Use the\n DescribeICD10CMInferenceJob operation to track the status of a job.

" + "smithy.api#documentation": "

Starts an asynchronous job to detect medical conditions and link them to the ICD-10-CM\n ontology. Use the DescribeICD10CMInferenceJob operation to track the status of a\n job.

" } }, "com.amazonaws.comprehendmedical#StartICD10CMInferenceJobRequest": { @@ -2579,7 +2618,7 @@ } ], "traits": { - "smithy.api#documentation": "

Starts an asynchronous job to detect medication entities and link them to the RxNorm ontology. Use the\n DescribeRxNormInferenceJob operation to track the status of a job.

" + "smithy.api#documentation": "

Starts an asynchronous job to detect medication entities and link them to the RxNorm\n ontology. Use the DescribeRxNormInferenceJob operation to track the status of a\n job.

" } }, "com.amazonaws.comprehendmedical#StartRxNormInferenceJobRequest": { @@ -2732,7 +2771,7 @@ "JobId": { "target": "com.amazonaws.comprehendmedical#JobId", "traits": { - "smithy.api#documentation": "

The identifier generated for the job. To get the status of job, use this identifier with the DescribeICD10CMInferenceJob operation.

" + "smithy.api#documentation": "

The identifier generated for the job. To get the status of job, use this identifier with\n the DescribeICD10CMInferenceJob operation.

" } } } @@ -2824,7 +2863,7 @@ "JobId": { "target": "com.amazonaws.comprehendmedical#JobId", "traits": { - "smithy.api#documentation": "

The identifier generated for the job. To get the status of job, use this identifier with the DescribeRxNormInferenceJob operation.

" + "smithy.api#documentation": "

The identifier generated for the job. To get the status of job, use this identifier with\n the DescribeRxNormInferenceJob operation.

" } } } diff --git a/codegen/sdk-codegen/aws-models/configservice.2014-11-12.json b/codegen/sdk-codegen/aws-models/configservice.2014-11-12.json index 07d7cc5870a..3827b4a04bd 100644 --- a/codegen/sdk-codegen/aws-models/configservice.2014-11-12.json +++ b/codegen/sdk-codegen/aws-models/configservice.2014-11-12.json @@ -155,7 +155,7 @@ } }, "traits": { - "smithy.api#documentation": "

Provides aggregate compliance of the conformance pack. Indicates whether a conformance pack is compliant based on the name of the conformance pack, account ID, and region.

\n\t\t

A conformance pack is compliant if all of the rules in that conformance packs are compliant. It is noncompliant if any of the rules are not compliant.

\n\t\t \n

If a conformance pack has rules that return INSUFFICIENT_DATA, the conformance pack returns INSUFFICIENT_DATA only if all the rules within that conformance pack return INSUFFICIENT_DATA.\n\t\t\tIf some of the rules in a conformance pack are compliant and others return INSUFFICIENT_DATA, the conformance pack shows compliant.

\n
" + "smithy.api#documentation": "

Provides aggregate compliance of the conformance pack. Indicates whether a conformance pack is compliant based on the name of the conformance pack, account ID, and region.

\n\t\t

A conformance pack is compliant if all of the rules in a conformance packs are compliant. It is noncompliant if any of the rules are not compliant.\n\t\t\tThe compliance status of a conformance pack is INSUFFICIENT_DATA only if all rules within a conformance pack cannot be evaluated due to insufficient data.\n\t\t\tIf some of the rules in a conformance pack are compliant but the compliance status of other rules in that same conformance pack is INSUFFICIENT_DATA, the conformance pack shows compliant.

" } }, "com.amazonaws.configservice#AggregateComplianceByConformancePackList": { @@ -219,7 +219,7 @@ } }, "traits": { - "smithy.api#documentation": "

Provides the number of compliant and noncompliant rules within a conformance pack. \n\t\t\tAlso provides the total count of compliant rules, noncompliant rules, and the rules that do not have any applicable resources to evaluate upon resulting in insufficient data. \n\t\t\t

" + "smithy.api#documentation": "

Provides the number of compliant and noncompliant rules within a conformance pack.\n\t\t\tAlso provides the compliance status of the conformance pack and the total rule count which includes compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data.

\n\t\t\n\t\t

A conformance pack is compliant if all of the rules in a conformance packs are compliant. It is noncompliant if any of the rules are not compliant.\n\t\t\tThe compliance status of a conformance pack is INSUFFICIENT_DATA only if all rules within a conformance pack cannot be evaluated due to insufficient data.\n\t\t\tIf some of the rules in a conformance pack are compliant but the compliance status of other rules in that same conformance pack is INSUFFICIENT_DATA, the conformance pack shows compliant.

" } }, "com.amazonaws.configservice#AggregateConformancePackComplianceCount": { @@ -2638,6 +2638,9 @@ { "target": "com.amazonaws.configservice#InsufficientPermissionsException" }, + { + "target": "com.amazonaws.configservice#InvalidParameterValueException" + }, { "target": "com.amazonaws.configservice#NoSuchRemediationConfigurationException" }, @@ -3098,7 +3101,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns a list of the conformance packs and their associated compliance status with the count of compliant and noncompliant AWS Config rules within each conformance pack.

\n\t\t \n

The results can return an empty result page, but if you have a nextToken, the results are displayed on the next page.

\n
" + "smithy.api#documentation": "

Returns a list of the conformance packs and their associated compliance status with the count of compliant and noncompliant AWS Config rules within each conformance pack.\n\t\t\tAlso returns the total rule count which includes compliant rules, noncompliant rules, and rules that cannot be evaluated due to insufficient data.

\n\t\t \n

The results can return an empty result page, but if you have a nextToken, the results are displayed on the next page.

\n
" } }, "com.amazonaws.configservice#DescribeAggregateComplianceByConformancePacksRequest": { @@ -3120,7 +3123,7 @@ "Limit": { "target": "com.amazonaws.configservice#Limit", "traits": { - "smithy.api#documentation": "

The maximum number of conformance packs details returned on each page. The default is maximum. If you specify 0, AWS Config uses the default.

" + "smithy.api#documentation": "

The maximum number of conformance packs compliance details returned on each page. The default is maximum. If you specify 0, AWS Config uses the default.

" } }, "NextToken": { @@ -4471,6 +4474,9 @@ { "target": "com.amazonaws.configservice#InvalidNextTokenException" }, + { + "target": "com.amazonaws.configservice#InvalidParameterValueException" + }, { "target": "com.amazonaws.configservice#NoSuchRemediationConfigurationException" } @@ -5151,7 +5157,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns the count of compliant and noncompliant conformance packs across all AWS Accounts and AWS Regions. You can filter based on AWS Account ID or AWS Region.

\n\t\t \n

The results can return an empty result page, but if you have a nextToken, the results are displayed on the next page.

\n
" + "smithy.api#documentation": "

Returns the count of compliant and noncompliant conformance packs across all AWS Accounts and AWS Regions in an aggregator. You can filter based on AWS Account ID or AWS Region.

\n\t\t \n

The results can return an empty result page, but if you have a nextToken, the results are displayed on the next page.

\n
" } }, "com.amazonaws.configservice#GetAggregateConformancePackComplianceSummaryRequest": { diff --git a/codegen/sdk-codegen/aws-models/ec2.2016-11-15.json b/codegen/sdk-codegen/aws-models/ec2.2016-11-15.json index e1eafb4924b..f4ff1fb0445 100644 --- a/codegen/sdk-codegen/aws-models/ec2.2016-11-15.json +++ b/codegen/sdk-codegen/aws-models/ec2.2016-11-15.json @@ -3545,15 +3545,6 @@ "com.amazonaws.ec2#AssociateSubnetCidrBlockRequest": { "type": "structure", "members": { - "Ipv6CidrBlock": { - "target": "com.amazonaws.ec2#String", - "traits": { - "aws.protocols#ec2QueryName": "Ipv6CidrBlock", - "smithy.api#documentation": "

The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix\n length.

", - "smithy.api#required": {}, - "smithy.api#xmlName": "ipv6CidrBlock" - } - }, "SubnetId": { "target": "com.amazonaws.ec2#SubnetId", "traits": { @@ -3562,6 +3553,15 @@ "smithy.api#required": {}, "smithy.api#xmlName": "subnetId" } + }, + "Ipv6CidrBlock": { + "target": "com.amazonaws.ec2#String", + "traits": { + "aws.protocols#ec2QueryName": "Ipv6CidrBlock", + "smithy.api#documentation": "

The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix\n length.

", + "smithy.api#required": {}, + "smithy.api#xmlName": "ipv6CidrBlock" + } } } }, @@ -9587,7 +9587,7 @@ "target": "com.amazonaws.ec2#CreateInstanceExportTaskResult" }, "traits": { - "smithy.api#documentation": "

Exports a running or stopped instance to an Amazon S3 bucket.

\n

For information about the supported operating systems, image formats, and known limitations for the types of\n instances you can export, see Exporting an Instance as\n a VM Using VM Import/Export in the VM Import/Export User Guide.

" + "smithy.api#documentation": "

Exports a running or stopped instance to an Amazon S3 bucket.

\n

For information about the supported operating systems, image formats, and known limitations\n for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export\n in the VM Import/Export User Guide.

" } }, "com.amazonaws.ec2#CreateInstanceExportTaskRequest": { @@ -11391,13 +11391,6 @@ "smithy.api#documentation": "

The AZ ID or the Local Zone ID of the subnet.

" } }, - "CidrBlock": { - "target": "com.amazonaws.ec2#String", - "traits": { - "smithy.api#documentation": "

The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.

", - "smithy.api#required": {} - } - }, "Ipv6CidrBlock": { "target": "com.amazonaws.ec2#String", "traits": { @@ -11424,6 +11417,13 @@ "smithy.api#documentation": "

Checks whether you have the required permissions for the action, without actually making the request, \n and provides an error response. If you have the required permissions, the error response is DryRunOperation. \n Otherwise, it is UnauthorizedOperation.

", "smithy.api#xmlName": "dryRun" } + }, + "CidrBlock": { + "target": "com.amazonaws.ec2#String", + "traits": { + "smithy.api#documentation": "

The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.

", + "smithy.api#required": {} + } } } }, @@ -16720,7 +16720,7 @@ "Filters": { "target": "com.amazonaws.ec2#FilterList", "traits": { - "smithy.api#documentation": "

One or more filters.

\n\t \t ", + "smithy.api#documentation": "

One or more filters.

\n\t \t ", "smithy.api#xmlName": "Filter" } }, @@ -19887,7 +19887,7 @@ "Filters": { "target": "com.amazonaws.ec2#FilterList", "traits": { - "smithy.api#documentation": "

One or more filters. Filter names and values are case-sensitive.

\n ", + "smithy.api#documentation": "

One or more filters. Filter names and values are case-sensitive.

\n ", "smithy.api#xmlName": "Filter" } }, @@ -23556,7 +23556,7 @@ "target": "com.amazonaws.ec2#DescribeSpotPriceHistoryResult" }, "traits": { - "smithy.api#documentation": "

Describes the Spot price history. For more information, see\n\t\tSpot Instance pricing history \n in the Amazon EC2 User Guide for Linux Instances.

\n\t

When you specify a start and end time, this operation returns the prices of the instance types within the time range that you specified and the time when the price changed. \n\t The price is valid within the time period that you specified; the response merely indicates the last time that the price changed.

", + "smithy.api#documentation": "

Describes the Spot price history. For more information, see\n\t\tSpot Instance pricing history \n in the Amazon EC2 User Guide for Linux Instances.

\n

When you specify a start and end time, the operation returns the prices of the\n instance types within that time range. It also returns the last price change before the\n start time, which is the effective price as of the start time.

", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -23762,7 +23762,13 @@ "target": "com.amazonaws.ec2#DescribeStoreImageTasksResult" }, "traits": { - "smithy.api#documentation": "

Describes the progress of the AMI store tasks. You can describe the store tasks for\n specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from\n the last 31 days.

\n

For each AMI task, the response indicates if the task is InProgress,\n Completed, or Failed. For tasks InProgress, the\n response shows the estimated progress as a percentage.

\n

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31\n days can be viewed.

\n

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using S3 in the\n Amazon Elastic Compute Cloud User Guide.

\n

For more information, see Store and restore an AMI using\n S3 in the Amazon Elastic Compute Cloud User Guide.

" + "smithy.api#documentation": "

Describes the progress of the AMI store tasks. You can describe the store tasks for\n specified AMIs. If you don't specify the AMIs, you get a paginated list of store tasks from\n the last 31 days.

\n

For each AMI task, the response indicates if the task is InProgress,\n Completed, or Failed. For tasks InProgress, the\n response shows the estimated progress as a percentage.

\n

Tasks are listed in reverse chronological order. Currently, only tasks from the past 31\n days can be viewed.

\n

To use this API, you must have the required permissions. For more information, see Permissions for storing and restoring AMIs using S3 in the\n Amazon Elastic Compute Cloud User Guide.

\n

For more information, see Store and restore an AMI using\n S3 in the Amazon Elastic Compute Cloud User Guide.

", + "smithy.api#paginated": { + "inputToken": "NextToken", + "outputToken": "NextToken", + "items": "StoreImageTaskResults", + "pageSize": "MaxResults" + } } }, "com.amazonaws.ec2#DescribeStoreImageTasksRequest": { @@ -29767,7 +29773,7 @@ "target": "com.amazonaws.ec2#ExportImageResult" }, "traits": { - "smithy.api#documentation": "

Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM Directory from an Amazon Machine Image\n (AMI) in the VM Import/Export User Guide.

" + "smithy.api#documentation": "

Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM\n directly from an Amazon Machine Image (AMI) in the\n VM Import/Export User Guide.

" } }, "com.amazonaws.ec2#ExportImageRequest": { @@ -30793,7 +30799,7 @@ "target": "com.amazonaws.ec2#Double", "traits": { "aws.protocols#ec2QueryName": "Priority", - "smithy.api#documentation": "

The priority for the launch template override. The highest priority is launched\n first.

\n

If the On-Demand AllocationStrategy is set to prioritized,\n EC2 Fleet uses priority to determine which launch template override to use first in fulfilling\n On-Demand capacity.

\n

If the Spot AllocationStrategy is set to\n capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis\n to determine which launch template override to use first in fulfilling Spot capacity, but\n optimizes for capacity first.

\n

Valid values are whole numbers starting at 0. The lower the number, the\n higher the priority. If no number is set, the override has the lowest priority. You can set\n the same priority for different launch template overrides.

", + "smithy.api#documentation": "

The priority for the launch template override. The highest priority is launched\n first.

\n

If the On-Demand AllocationStrategy is set to prioritized,\n EC2 Fleet uses priority to determine which launch template override to use first in fulfilling\n On-Demand capacity.

\n

If the Spot AllocationStrategy is set to\n capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis\n to determine which launch template override to use in fulfilling Spot capacity, but\n optimizes for capacity first.

\n

Valid values are whole numbers starting at 0. The lower the number, the\n higher the priority. If no number is set, the override has the lowest priority. You can set\n the same priority for different launch template overrides.

", "smithy.api#xmlName": "priority" } }, @@ -30870,7 +30876,7 @@ "Priority": { "target": "com.amazonaws.ec2#Double", "traits": { - "smithy.api#documentation": "

The priority for the launch template override. The highest priority is launched\n first.

\n

If the On-Demand AllocationStrategy is set to prioritized,\n EC2 Fleet uses priority to determine which launch template override to use first in fulfilling\n On-Demand capacity.

\n

If the Spot AllocationStrategy is set to\n capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis\n to determine which launch template override to use first in fulfilling Spot capacity, but\n optimizes for capacity first.

\n

Valid values are whole numbers starting at 0. The lower the number, the\n higher the priority. If no number is set, the launch template override has the lowest\n priority. You can set the same priority for different launch template overrides.

" + "smithy.api#documentation": "

The priority for the launch template override. The highest priority is launched\n first.

\n

If the On-Demand AllocationStrategy is set to prioritized,\n EC2 Fleet uses priority to determine which launch template override to use first in fulfilling\n On-Demand capacity.

\n

If the Spot AllocationStrategy is set to\n capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis\n to determine which launch template override to use in fulfilling Spot capacity, but\n optimizes for capacity first.

\n

Valid values are whole numbers starting at 0. The lower the number, the\n higher the priority. If no number is set, the launch template override has the lowest\n priority. You can set the same priority for different launch template overrides.

" } }, "Placement": { @@ -34815,7 +34821,7 @@ "target": "com.amazonaws.ec2#ImportImageResult" }, "traits": { - "smithy.api#documentation": "

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI). For more\n information, see Importing a VM as an\n Image Using VM Import/Export in the VM Import/Export User Guide.

" + "smithy.api#documentation": "

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

\n

For more information, see Importing a \n VM as an image using VM Import/Export in the VM Import/Export User Guide.

" } }, "com.amazonaws.ec2#ImportImageLicenseConfigurationRequest": { @@ -35231,7 +35237,7 @@ "target": "com.amazonaws.ec2#ImportInstanceResult" }, "traits": { - "smithy.api#documentation": "

Creates an import instance task using metadata from the specified disk image. ImportInstance only\n supports single-volume VMs. To import multi-volume VMs, use ImportImage. For more information, see\n Importing a\n Virtual Machine Using the Amazon EC2 CLI.

\n

For information about the import manifest referenced by this API action, see VM Import Manifest.

" + "smithy.api#documentation": "

Creates an import instance task using metadata from the specified disk image.

\n

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage\n instead.

\n

This API action is not supported by the AWS Command Line Interface (AWS CLI). For \n information about using the Amazon EC2 CLI, which is deprecated, see\n Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

\n

For information about the import manifest referenced by this API action, see VM Import Manifest.

" } }, "com.amazonaws.ec2#ImportInstanceLaunchSpecification": { @@ -35596,7 +35602,7 @@ "target": "com.amazonaws.ec2#ImportSnapshotResult" }, "traits": { - "smithy.api#documentation": "

Imports a disk into an EBS snapshot.

" + "smithy.api#documentation": "

Imports a disk into an EBS snapshot.

\n

For more information, see Importing a disk as a snapshot using VM Import/Export in the \n VM Import/Export User Guide.

" } }, "com.amazonaws.ec2#ImportSnapshotRequest": { @@ -35778,7 +35784,7 @@ "target": "com.amazonaws.ec2#ImportVolumeResult" }, "traits": { - "smithy.api#documentation": "

Creates an import volume task using metadata from the specified disk image.For more information, see Importing\n Disks to Amazon EBS.

\n

For information about the import manifest referenced by this API action, see VM Import Manifest.

" + "smithy.api#documentation": "

Creates an import volume task using metadata from the specified disk image.

\n

This API action supports only single-volume VMs. To import multi-volume VMs, use \n ImportImage instead. To import a disk to a snapshot, use\n ImportSnapshot instead.

\n

This API action is not supported by the AWS Command Line Interface (AWS CLI). For \n information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

\n

For information about the import manifest referenced by this API action, see VM Import Manifest.

" } }, "com.amazonaws.ec2#ImportVolumeRequest": { @@ -37238,7 +37244,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "SourceDestCheck", - "smithy.api#documentation": "

Indicates whether to validate network traffic to or from this network interface.

", + "smithy.api#documentation": "

Indicates whether source/destination checking is enabled.

", "smithy.api#xmlName": "sourceDestCheck" } }, @@ -41813,7 +41819,7 @@ "target": "com.amazonaws.ec2#Double", "traits": { "aws.protocols#ec2QueryName": "Priority", - "smithy.api#documentation": "

The priority for the launch template override. The highest priority is launched\n first.

\n

If OnDemandAllocationStrategy is set to prioritized, Spot Fleet\n uses priority to determine which launch template override to use first in fulfilling\n On-Demand capacity.

\n

If the Spot AllocationStrategy is set to\n capacityOptimizedPrioritized, Spot Fleet uses priority on a best-effort basis\n to determine which launch template override to use first in fulfilling Spot capacity,\n but optimizes for capacity first.

\n

Valid values are whole numbers starting at 0. The lower the number, the\n higher the priority. If no number is set, the launch template override has the lowest\n priority. You can set the same priority for different launch template overrides.

", + "smithy.api#documentation": "

The priority for the launch template override. The highest priority is launched\n first.

\n

If OnDemandAllocationStrategy is set to prioritized, Spot Fleet\n uses priority to determine which launch template override to use first in fulfilling\n On-Demand capacity.

\n

If the Spot AllocationStrategy is set to\n capacityOptimizedPrioritized, Spot Fleet uses priority on a best-effort basis\n to determine which launch template override to use in fulfilling Spot capacity,\n but optimizes for capacity first.

\n

Valid values are whole numbers starting at 0. The lower the number, the\n higher the priority. If no number is set, the launch template override has the lowest\n priority. You can set the same priority for different launch template overrides.

", "smithy.api#xmlName": "priority" } } @@ -44158,7 +44164,7 @@ "Groups": { "target": "com.amazonaws.ec2#GroupIdStringList", "traits": { - "smithy.api#documentation": "

[EC2-VPC] Changes the security groups of the instance. You must specify at least one\n security group, even if it's just the default security group for the VPC. You must\n specify the security group ID, not the security group name.

", + "smithy.api#documentation": "

[EC2-VPC] Replaces the security groups of the instance with the specified security groups. \n You must specify at least one security group, even if it's just the default security group for the VPC. You must\n specify the security group ID, not the security group name.

", "smithy.api#xmlName": "GroupId" } }, @@ -44729,7 +44735,7 @@ "target": "com.amazonaws.ec2#AttributeBooleanValue", "traits": { "aws.protocols#ec2QueryName": "SourceDestCheck", - "smithy.api#documentation": "

Indicates whether source/destination checking is enabled.\n A value of true means checking\n is enabled, and false means checking is disabled. This value\n must be false for a NAT instance to perform NAT. For more\n information, see NAT\n Instances in the Amazon Virtual Private Cloud User Guide.

", + "smithy.api#documentation": "

Enable or disable source/destination checks, which ensure that the instance\n is either the source or the destination of any traffic that it receives.\n If the value is true, source/destination checks are enabled;\n otherwise, they are disabled. The default value is true. \n You must disable source/destination checks if the instance runs services \n such as network address translation, routing, or firewalls.

", "smithy.api#xmlName": "sourceDestCheck" } } @@ -47542,7 +47548,7 @@ "target": "com.amazonaws.ec2#Boolean", "traits": { "aws.protocols#ec2QueryName": "SourceDestCheck", - "smithy.api#documentation": "

Indicates whether traffic to or from the instance is validated.

", + "smithy.api#documentation": "

Indicates whether source/destination checking is enabled.

", "smithy.api#xmlName": "sourceDestCheck" } }, @@ -52581,7 +52587,7 @@ "target": "com.amazonaws.ec2#SubnetId", "traits": { "aws.protocols#ec2QueryName": "SubnetId", - "smithy.api#documentation": "

The IDs of the subnets in which to launch the instance. To specify multiple subnets, separate\n them using commas; for example, \"subnet-1234abcdeexample1, subnet-0987cdef6example2\".

", + "smithy.api#documentation": "

The ID of the subnet in which to launch the instance.

", "smithy.api#xmlName": "subnetId" } }, @@ -52610,7 +52616,7 @@ "com.amazonaws.ec2#RequestSpotLaunchSpecificationSecurityGroupList": { "type": "list", "member": { - "target": "com.amazonaws.ec2#SecurityGroupName", + "target": "com.amazonaws.ec2#String", "traits": { "smithy.api#xmlName": "item" } diff --git a/codegen/sdk-codegen/aws-models/fsx.2018-03-01.json b/codegen/sdk-codegen/aws-models/fsx.2018-03-01.json index 3095438f75a..75c8379f6a3 100644 --- a/codegen/sdk-codegen/aws-models/fsx.2018-03-01.json +++ b/codegen/sdk-codegen/aws-models/fsx.2018-03-01.json @@ -50,6 +50,9 @@ { "target": "com.amazonaws.fsx#CancelDataRepositoryTask" }, + { + "target": "com.amazonaws.fsx#CopyBackup" + }, { "target": "com.amazonaws.fsx#CreateBackup" }, @@ -126,6 +129,9 @@ "traits": { "smithy.api#documentation": "

The ID of the AWS Managed Microsoft Active Directory instance to which the file system is joined.

" } + }, + "ResourceARN": { + "target": "com.amazonaws.fsx#ResourceARN" } }, "traits": { @@ -285,7 +291,7 @@ "Name": { "target": "com.amazonaws.fsx#AlternateDNSName", "traits": { - "smithy.api#documentation": "

The name of the DNS alias. The alias name has to meet the following requirements:

\n \n

For DNS names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), regardless of how you specify them: \n as uppercase letters, lowercase letters, or the corresponding letters in escape codes.

" + "smithy.api#documentation": "

The name of the DNS alias. The alias name has to meet the following requirements:

\n \n

For DNS names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), regardless of how you specify them: \n as uppercase letters, lowercase letters, or the corresponding letters in escape codes.

" } }, "Lifecycle": { @@ -296,7 +302,7 @@ } }, "traits": { - "smithy.api#documentation": "

A DNS alias that is associated with the file system. You can use a DNS alias to access a file system using \n user-defined DNS names, in addition to the default DNS name\n that Amazon FSx assigns to the file system. For more information, see \n DNS aliases in the FSx for Windows File Server User Guide.

" + "smithy.api#documentation": "

A DNS alias that is associated with the file system. You can use a DNS alias to access a file system using \n user-defined DNS names, in addition to the default DNS name\n that Amazon FSx assigns to the file system. For more information, see \n DNS aliases \n in the FSx for Windows File Server User Guide.

" } }, "com.amazonaws.fsx#AliasLifecycle": { @@ -479,7 +485,7 @@ "Lifecycle": { "target": "com.amazonaws.fsx#BackupLifecycle", "traits": { - "smithy.api#documentation": "

The lifecycle status of the backup.

\n ", + "smithy.api#documentation": "

The lifecycle status of the backup.

\n ", "smithy.api#required": {} } }, @@ -536,10 +542,37 @@ "traits": { "smithy.api#documentation": "

The configuration of the self-managed Microsoft Active Directory (AD) to which the Windows File Server instance is joined.

" } + }, + "OwnerId": { + "target": "com.amazonaws.fsx#AWSAccountId" + }, + "SourceBackupId": { + "target": "com.amazonaws.fsx#BackupId" + }, + "SourceBackupRegion": { + "target": "com.amazonaws.fsx#Region", + "traits": { + "smithy.api#documentation": "

The source Region of the backup. Specifies the Region from where this backup\n is copied.

" + } + } + }, + "traits": { + "smithy.api#documentation": "

A backup of an Amazon FSx file system.

" + } + }, + "com.amazonaws.fsx#BackupBeingCopied": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.fsx#ErrorMessage" + }, + "BackupId": { + "target": "com.amazonaws.fsx#BackupId" } }, "traits": { - "smithy.api#documentation": "

A backup of an Amazon FSx file system. For more information see:

\n " + "smithy.api#documentation": "

You can't delete a backup while it's being copied.

", + "smithy.api#error": "client" } }, "com.amazonaws.fsx#BackupFailureDetails": { @@ -559,7 +592,7 @@ "com.amazonaws.fsx#BackupId": { "type": "string", "traits": { - "smithy.api#documentation": "

The ID of the backup. Specifies the backup to use if you're creating a file system from an existing backup.

", + "smithy.api#documentation": "

The ID of the source backup. Specifies the backup you are copying.

", "smithy.api#length": { "min": 12, "max": 128 @@ -595,7 +628,7 @@ "com.amazonaws.fsx#BackupLifecycle": { "type": "string", "traits": { - "smithy.api#documentation": "

The lifecycle status of the backup.

\n ", + "smithy.api#documentation": "

The lifecycle status of the backup.

\n ", "smithy.api#enum": [ { "value": "AVAILABLE", @@ -620,6 +653,10 @@ { "value": "PENDING", "name": "PENDING" + }, + { + "value": "COPYING", + "name": "COPYING" } ] } @@ -805,6 +842,98 @@ "smithy.api#documentation": "

Provides a report detailing the data repository task results of the files processed that match the criteria specified in the report Scope parameter. \n FSx delivers the report to the file system's linked data repository in Amazon S3, \n using the path specified in the report Path parameter. \n You can specify whether or not a report gets generated for a task using the Enabled parameter.

" } }, + "com.amazonaws.fsx#CopyBackup": { + "type": "operation", + "input": { + "target": "com.amazonaws.fsx#CopyBackupRequest" + }, + "output": { + "target": "com.amazonaws.fsx#CopyBackupResponse" + }, + "errors": [ + { + "target": "com.amazonaws.fsx#BackupNotFound" + }, + { + "target": "com.amazonaws.fsx#BadRequest" + }, + { + "target": "com.amazonaws.fsx#IncompatibleParameterError" + }, + { + "target": "com.amazonaws.fsx#IncompatibleRegionForMultiAZ" + }, + { + "target": "com.amazonaws.fsx#InternalServerError" + }, + { + "target": "com.amazonaws.fsx#InvalidDestinationKmsKey" + }, + { + "target": "com.amazonaws.fsx#InvalidRegion" + }, + { + "target": "com.amazonaws.fsx#InvalidSourceKmsKey" + }, + { + "target": "com.amazonaws.fsx#ServiceLimitExceeded" + }, + { + "target": "com.amazonaws.fsx#SourceBackupUnavailable" + }, + { + "target": "com.amazonaws.fsx#UnsupportedOperation" + } + ], + "traits": { + "smithy.api#documentation": "

Copies an existing backup within the same AWS account to another Region\n (cross-Region copy) or within the same Region (in-Region copy). You can have up to five\n backup copy requests in progress to a single destination Region per account.

\n

You can use cross-Region backup copies for cross-region disaster recovery.\n You periodically take backups and copy them to another Region so that in the\n event of a disaster in the primary Region, you can restore from backup and recover\n availability quickly in the other Region. You can make cross-Region copies\n only within your AWS partition.

\n

You can also use backup copies to clone your file data set to another Region\n or within the same Region.

\n

You can use the SourceRegion parameter to specify the AWS Region\n from which the backup will be copied. For example, if you make the call from the\n us-west-1 Region and want to copy a backup from the us-east-2\n Region, you specify us-east-2 in the SourceRegion parameter\n to make a cross-Region copy. If you don't specify a Region, the backup copy is\n created in the same Region where the request is sent from (in-Region copy).

\n

For more information on creating backup copies, see \n \n Copying backups in the Amazon FSx for Windows User Guide and \n Copying backups \n in the Amazon FSx for Lustre User Guide.

", + "smithy.api#idempotent": {} + } + }, + "com.amazonaws.fsx#CopyBackupRequest": { + "type": "structure", + "members": { + "ClientRequestToken": { + "target": "com.amazonaws.fsx#ClientRequestToken", + "traits": { + "smithy.api#idempotencyToken": {} + } + }, + "SourceBackupId": { + "target": "com.amazonaws.fsx#SourceBackupId", + "traits": { + "smithy.api#documentation": "

The ID of the source backup. Specifies the ID of the backup that is\n being copied.

", + "smithy.api#required": {} + } + }, + "SourceRegion": { + "target": "com.amazonaws.fsx#Region", + "traits": { + "smithy.api#documentation": "

The source AWS Region of the backup. Specifies the AWS Region from which\n the backup is being copied. The source and destination Regions must be in\n the same AWS partition. If you don't specify a Region, it defaults to\n the Region where the request is sent from (in-Region copy).

" + } + }, + "KmsKeyId": { + "target": "com.amazonaws.fsx#KmsKeyId" + }, + "CopyTags": { + "target": "com.amazonaws.fsx#Flag", + "traits": { + "smithy.api#documentation": "

A boolean flag indicating whether tags from the source backup\n should be copied to the backup copy. This value defaults to false.

\n

If you set CopyTags to true and the source backup has\n existing tags, you can use the Tags parameter to create new\n tags, provided that the sum of the source backup tags and the new tags\n doesn't exceed 50. Both sets of tags are merged. If there are tag\n conflicts (for example, two tags with the same key but different values),\n the tags created with the Tags parameter take precedence.

" + } + }, + "Tags": { + "target": "com.amazonaws.fsx#Tags" + } + } + }, + "com.amazonaws.fsx#CopyBackupResponse": { + "type": "structure", + "members": { + "Backup": { + "target": "com.amazonaws.fsx#Backup" + } + } + }, "com.amazonaws.fsx#CreateBackup": { "type": "operation", "input": { @@ -1104,6 +1233,9 @@ "traits": { "smithy.api#documentation": "

Sets the storage type for the Windows file system you're creating from a backup. \n Valid values are SSD and HDD.

\n \n

\n Default value is SSD. \n

\n \n

HDD and SSD storage types have different minimum storage capacity requirements. \n A restored file system's storage capacity is tied to the file system that was backed up. \n You can create a file system that uses HDD storage from a backup of a file system that \n used SSD storage only if the original SSD file system had a storage capacity of at least 2000 GiB. \n

\n
" } + }, + "KmsKeyId": { + "target": "com.amazonaws.fsx#KmsKeyId" } }, "traits": { @@ -1225,7 +1357,7 @@ "SubnetIds": { "target": "com.amazonaws.fsx#SubnetIds", "traits": { - "smithy.api#documentation": "

Specifies the IDs of the subnets that the file system will be accessible from. For Windows MULTI_AZ_1 \n file system deployment types, provide exactly two subnet IDs, one for the preferred file server \n and one for the standby file server. You specify one of these subnets as the preferred subnet \n using the WindowsConfiguration > PreferredSubnetID property.

\n

For Windows SINGLE_AZ_1 and SINGLE_AZ_2 file system deployment types and Lustre file systems, provide exactly one subnet ID.\n The file server is launched in that subnet's Availability Zone.

", + "smithy.api#documentation": "

Specifies the IDs of the subnets that the file system will be accessible from. For Windows MULTI_AZ_1 \n file system deployment types, provide exactly two subnet IDs, one for the preferred file server \n and one for the standby file server. You specify one of these subnets as the preferred subnet \n using the WindowsConfiguration > PreferredSubnetID property. For more information, \n see \n Availability and durability: Single-AZ and Multi-AZ file systems.

\n

For Windows SINGLE_AZ_1 and SINGLE_AZ_2 file system deployment types and Lustre file systems, provide exactly one subnet ID.\n The file server is launched in that subnet's Availability Zone.

", "smithy.api#required": {} } }, @@ -1330,7 +1462,7 @@ "Aliases": { "target": "com.amazonaws.fsx#AlternateDNSNames", "traits": { - "smithy.api#documentation": "

An array of one or more DNS alias names that you want to associate with the Amazon FSx file system. \n Aliases allow you to use existing DNS names to access the data in your Amazon FSx file system. \n You can associate up to 50 aliases with a file system at any time. \n You can associate additional DNS aliases after you create the file system using the AssociateFileSystemAliases operation. \n You can remove DNS aliases from the file system after it is created using the DisassociateFileSystemAliases operation.\n You only need to specify the alias name in the request payload.

\n

For more information, see Working with DNS Aliases and \n Walkthrough 5: Using DNS aliases to access your file system, including\n additional steps you must take to be able to access your file system using a DNS alias.

\n

An alias name has to meet the following requirements:

\n \n

For DNS alias names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), regardless of how you specify them: \n as uppercase letters, lowercase letters, or the corresponding letters in escape codes.

" + "smithy.api#documentation": "

An array of one or more DNS alias names that you want to associate with the Amazon FSx file system. \n Aliases allow you to use existing DNS names to access the data in your Amazon FSx file system. \n You can associate up to 50 aliases with a file system at any time. \n You can associate additional DNS aliases after you create the file system using the AssociateFileSystemAliases operation. \n You can remove DNS aliases from the file system after it is created using the DisassociateFileSystemAliases operation.\n You only need to specify the alias name in the request payload.

\n

For more information, see Working with DNS Aliases and \n Walkthrough 5: Using DNS aliases to access your file system, including\n additional steps you must take to be able to access your file system using a DNS alias.

\n

An alias name has to meet the following requirements:

\n \n

For DNS alias names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), regardless of how you specify them: \n as uppercase letters, lowercase letters, or the corresponding letters in escape codes.

" } } }, @@ -1758,6 +1890,9 @@ "target": "com.amazonaws.fsx#DeleteBackupResponse" }, "errors": [ + { + "target": "com.amazonaws.fsx#BackupBeingCopied" + }, { "target": "com.amazonaws.fsx#BackupInProgress" }, @@ -2057,7 +2192,7 @@ "Backups": { "target": "com.amazonaws.fsx#Backups", "traits": { - "smithy.api#documentation": "

Any array of backups.

" + "smithy.api#documentation": "

An array of backups.

" } }, "NextToken": { @@ -2798,6 +2933,18 @@ "smithy.api#error": "client" } }, + "com.amazonaws.fsx#IncompatibleRegionForMultiAZ": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.fsx#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

Amazon FSx doesn't support Multi-AZ Windows File Server\n copy backup in the destination Region, so the copied backup\n can't be restored.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.fsx#InternalServerError": { "type": "structure", "members": { @@ -2810,6 +2957,18 @@ "smithy.api#error": "server" } }, + "com.amazonaws.fsx#InvalidDestinationKmsKey": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.fsx#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

The AWS Key Management Service (AWS KMS) key of the destination\n backup is invalid.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.fsx#InvalidExportPath": { "type": "structure", "members": { @@ -2864,6 +3023,30 @@ "smithy.api#error": "client" } }, + "com.amazonaws.fsx#InvalidRegion": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.fsx#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

The Region provided for Source Region is invalid or\n is in a different AWS partition.

", + "smithy.api#error": "client" + } + }, + "com.amazonaws.fsx#InvalidSourceKmsKey": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.fsx#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

The AWS Key Management Service (AWS KMS) key of the source backup\n is invalid.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.fsx#IpAddress": { "type": "string", "traits": { @@ -3184,6 +3367,16 @@ } } }, + "com.amazonaws.fsx#Region": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 20 + }, + "smithy.api#pattern": "^[a-z0-9-]{1,20}$" + } + }, "com.amazonaws.fsx#ReportFormat": { "type": "string", "traits": { @@ -3359,13 +3552,13 @@ "DnsIps": { "target": "com.amazonaws.fsx#DnsIps", "traits": { - "smithy.api#documentation": "

A list of up to two IP addresses of DNS servers or domain controllers in the\n self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range\n as the one in which your Amazon FSx file system is being created, or in the private IP version 4\n (IPv4) address ranges, as specified in RFC 1918:

\n ", + "smithy.api#documentation": "

A list of up to two IP addresses of DNS servers or domain controllers in the\n self-managed AD directory.

", "smithy.api#required": {} } } }, "traits": { - "smithy.api#documentation": "

The configuration that Amazon FSx uses to join the Windows File Server instance to\n your self-managed (including on-premises) Microsoft Active Directory (AD)\n directory.

" + "smithy.api#documentation": "

The configuration that Amazon FSx uses to join the Windows File Server instance to\n your self-managed (including on-premises) Microsoft Active Directory (AD)\n directory. For more information, see \n \n Using Amazon FSx with your self-managed Microsoft Active Directory.

" } }, "com.amazonaws.fsx#SelfManagedActiveDirectoryConfigurationUpdates": { @@ -3414,6 +3607,14 @@ { "value": "TOTAL_USER_INITIATED_BACKUPS", "name": "TOTAL_USER_INITIATED_BACKUPS" + }, + { + "value": "TOTAL_USER_TAGS", + "name": "TOTAL_USER_TAGS" + }, + { + "value": "TOTAL_IN_PROGRESS_COPY_BACKUPS", + "name": "TOTAL_IN_PROGRESS_COPY_BACKUPS" } ] } @@ -3437,6 +3638,31 @@ "smithy.api#error": "client" } }, + "com.amazonaws.fsx#SourceBackupId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 12, + "max": 128 + }, + "smithy.api#pattern": "^(backup-[0-9a-f]{8,})$" + } + }, + "com.amazonaws.fsx#SourceBackupUnavailable": { + "type": "structure", + "members": { + "Message": { + "target": "com.amazonaws.fsx#ErrorMessage" + }, + "BackupId": { + "target": "com.amazonaws.fsx#BackupId" + } + }, + "traits": { + "smithy.api#documentation": "

The request was rejected because the lifecycle status of the \n source backup is not AVAILABLE.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.fsx#StartTime": { "type": "timestamp" }, @@ -3949,7 +4175,7 @@ "ActiveDirectoryId": { "target": "com.amazonaws.fsx#DirectoryId", "traits": { - "smithy.api#documentation": "

The ID for an existing Microsoft Active Directory instance that the file system should join when\n it's created.

" + "smithy.api#documentation": "

The ID for an existing AWS Managed Microsoft Active Directory instance that the file system is joined to.

" } }, "SelfManagedActiveDirectoryConfiguration": { @@ -3970,7 +4196,7 @@ "PreferredSubnetId": { "target": "com.amazonaws.fsx#SubnetId", "traits": { - "smithy.api#documentation": "

For MULTI_AZ_1 deployment types, it specifies the ID of the subnet where the preferred file server is located. \n Must be one of the two subnet IDs specified in SubnetIds property.\n Amazon FSx serves traffic from this subnet except in the event of a failover to the secondary file server.

\n

For SINGLE_AZ_1 and SINGLE_AZ_2 deployment types, this value is the same as that for SubnetIDs.\n For more information, see \n Availability and Durability: Single-AZ and Multi-AZ File Systems\n

" + "smithy.api#documentation": "

For MULTI_AZ_1 deployment types, it specifies the ID of the subnet where the preferred file server is located. \n Must be one of the two subnet IDs specified in SubnetIds property.\n Amazon FSx serves traffic from this subnet except in the event of a failover to the secondary file server.

\n

For SINGLE_AZ_1 and SINGLE_AZ_2 deployment types, this value is the same as that for SubnetIDs.\n For more information, see \n Availability and durability: Single-AZ and Multi-AZ file systems.

" } }, "PreferredFileServerIp": { @@ -3982,7 +4208,7 @@ "ThroughputCapacity": { "target": "com.amazonaws.fsx#MegabytesPerSecond", "traits": { - "smithy.api#documentation": "

The throughput of an Amazon FSx file system, measured in megabytes per\n second.

" + "smithy.api#documentation": "

The throughput of the Amazon FSx file system, measured in megabytes per\n second.

" } }, "MaintenanceOperationsInProgress": { diff --git a/codegen/sdk-codegen/aws-models/lightsail.2016-11-28.json b/codegen/sdk-codegen/aws-models/lightsail.2016-11-28.json index dbc385f66f3..74ca4b21d88 100644 --- a/codegen/sdk-codegen/aws-models/lightsail.2016-11-28.json +++ b/codegen/sdk-codegen/aws-models/lightsail.2016-11-28.json @@ -4184,7 +4184,7 @@ "relationalDatabaseName": { "target": "com.amazonaws.lightsail#ResourceName", "traits": { - "smithy.api#documentation": "

The name to use for your new database.

\n

Constraints:

\n ", + "smithy.api#documentation": "

The name to use for your new Lightsail database resource.

\n

Constraints:

\n ", "smithy.api#required": {} } }, @@ -4282,21 +4282,21 @@ "masterDatabaseName": { "target": "com.amazonaws.lightsail#string", "traits": { - "smithy.api#documentation": "

The name of the master database created when the Lightsail database resource is\n created.

\n

Constraints:

\n ", + "smithy.api#documentation": "

The meaning of this parameter differs according to the database engine you use.

\n

\n MySQL\n

\n

The name of the database to create when the Lightsail database resource is created. If\n this parameter isn't specified, no database is created in the database resource.

\n

Constraints:

\n \n

\n PostgreSQL\n

\n

The name of the database to create when the Lightsail database resource is created. If\n this parameter isn't specified, a database named postgres is created in the\n database resource.

\n

Constraints:

\n ", "smithy.api#required": {} } }, "masterUsername": { "target": "com.amazonaws.lightsail#string", "traits": { - "smithy.api#documentation": "

The master user name for your new database.

\n

Constraints:

\n ", + "smithy.api#documentation": "

The name for the master user.

\n

\n MySQL\n

\n

Constraints:

\n \n

\n PostgreSQL\n

\n

Constraints:

\n ", "smithy.api#required": {} } }, "masterUserPassword": { "target": "com.amazonaws.lightsail#SensitiveString", "traits": { - "smithy.api#documentation": "

The password for the master user of your new database. The password can include any\n printable ASCII character except \"/\", \"\"\", or \"@\".

\n

Constraints: Must contain 8 to 41 characters.

" + "smithy.api#documentation": "

The password for the master user. The password can include any printable ASCII character\n except \"/\", \"\"\", or \"@\". It cannot contain spaces.

\n

\n MySQL\n

\n

Constraints: Must contain from 8 to 41 characters.

\n

\n PostgreSQL\n

\n

Constraints: Must contain from 8 to 128 characters.

" } }, "preferredBackupWindow": { @@ -17641,14 +17641,14 @@ "relationalDatabaseName": { "target": "com.amazonaws.lightsail#ResourceName", "traits": { - "smithy.api#documentation": "

The name of your database to update.

", + "smithy.api#documentation": "

The name of your Lightsail database resource to update.

", "smithy.api#required": {} } }, "masterUserPassword": { "target": "com.amazonaws.lightsail#SensitiveString", "traits": { - "smithy.api#documentation": "

The password for the master user of your database. The password can include any printable\n ASCII character except \"/\", \"\"\", or \"@\".

\n

Constraints: Must contain 8 to 41 characters.

" + "smithy.api#documentation": "

The password for the master user. The password can include any printable ASCII character\n except \"/\", \"\"\", or \"@\".

\n

MySQL\n

\n

Constraints: Must contain from 8 to 41 characters.

\n

\n PostgreSQL\n

\n

Constraints: Must contain from 8 to 128 characters.

" } }, "rotateMasterUserPassword": { diff --git a/codegen/sdk-codegen/aws-models/mediaconnect.2018-11-14.json b/codegen/sdk-codegen/aws-models/mediaconnect.2018-11-14.json index e78c8d0b08e..2d05708d3b2 100644 --- a/codegen/sdk-codegen/aws-models/mediaconnect.2018-11-14.json +++ b/codegen/sdk-codegen/aws-models/mediaconnect.2018-11-14.json @@ -661,6 +661,158 @@ "method": "GET", "uri": "/v1/flows/{FlowArn}", "code": 200 + }, + "smithy.waiters#waitable": { + "FlowActive": { + "documentation": "Wait until a flow is active", + "acceptors": [ + { + "state": "success", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "ACTIVE", + "comparator": "stringEquals" + } + } + }, + { + "state": "retry", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "STARTING", + "comparator": "stringEquals" + } + } + }, + { + "state": "retry", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "UPDATING", + "comparator": "stringEquals" + } + } + }, + { + "state": "retry", + "matcher": { + "errorType": "InternalServerErrorException" + } + }, + { + "state": "retry", + "matcher": { + "errorType": "ServiceUnavailableException" + } + }, + { + "state": "failure", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "ERROR", + "comparator": "stringEquals" + } + } + } + ], + "minDelay": 3 + }, + "FlowDeleted": { + "documentation": "Wait until a flow is deleted", + "acceptors": [ + { + "state": "success", + "matcher": { + "errorType": "NotFoundException" + } + }, + { + "state": "retry", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "DELETING", + "comparator": "stringEquals" + } + } + }, + { + "state": "retry", + "matcher": { + "errorType": "InternalServerErrorException" + } + }, + { + "state": "retry", + "matcher": { + "errorType": "ServiceUnavailableException" + } + }, + { + "state": "failure", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "ERROR", + "comparator": "stringEquals" + } + } + } + ], + "minDelay": 3 + }, + "FlowStandby": { + "documentation": "Wait until a flow is in standby mode", + "acceptors": [ + { + "state": "success", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "STANDBY", + "comparator": "stringEquals" + } + } + }, + { + "state": "retry", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "STOPPING", + "comparator": "stringEquals" + } + } + }, + { + "state": "retry", + "matcher": { + "errorType": "InternalServerErrorException" + } + }, + { + "state": "retry", + "matcher": { + "errorType": "ServiceUnavailableException" + } + }, + { + "state": "failure", + "matcher": { + "output": { + "path": "Flow.Status", + "expected": "ERROR", + "comparator": "stringEquals" + } + } + } + ], + "minDelay": 3 + } } } }, @@ -1988,6 +2140,13 @@ "smithy.api#jsonName": "entitlementArn" } }, + "ListenerAddress": { + "target": "com.amazonaws.mediaconnect#__string", + "traits": { + "smithy.api#documentation": "The IP address that the receiver requires in order to establish a connection with the flow. For public networking, the ListenerAddress is represented by the elastic IP address of the flow. For private networking, the ListenerAddress is represented by the elastic network interface IP address of the VPC. This field applies only to outputs that use the Zixi pull or SRT listener protocol.", + "smithy.api#jsonName": "listenerAddress" + } + }, "MediaLiveInputArn": { "target": "com.amazonaws.mediaconnect#__string", "traits": { diff --git a/codegen/sdk-codegen/aws-models/rds.2014-10-31.json b/codegen/sdk-codegen/aws-models/rds.2014-10-31.json index e1699e58200..1064297be12 100644 --- a/codegen/sdk-codegen/aws-models/rds.2014-10-31.json +++ b/codegen/sdk-codegen/aws-models/rds.2014-10-31.json @@ -2053,7 +2053,7 @@ "PreferredBackupWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

The daily time range during which automated backups are created\n if automated backups are enabled\n using the BackupRetentionPeriod parameter.\n

\n

The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To see the time blocks available, see \n \n Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.\n

\n

Constraints:

\n " + "smithy.api#documentation": "

The daily time range during which automated backups are created\n if automated backups are enabled\n using the BackupRetentionPeriod parameter.\n

\n

The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To view the time blocks available, see \n \n Backup window in the Amazon Aurora User Guide.\n

\n

Constraints:

\n " } }, "PreferredMaintenanceWindow": { @@ -2469,7 +2469,7 @@ "PreferredBackupWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

\n The daily time range during which automated backups are created\n if automated backups are enabled,\n using the BackupRetentionPeriod parameter.\n For more information, see The Backup Window in the Amazon RDS User Guide.\n

\n \n

\n Amazon Aurora\n

\n

Not applicable. The daily time range for creating automated backups is managed by\n the DB cluster.

\n \n

\n The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To see the time blocks available, see \n \n Adjusting the Preferred DB Instance Maintenance Window in the Amazon RDS User Guide.\n

\n \n

Constraints:

\n " + "smithy.api#documentation": "

\n The daily time range during which automated backups are created\n if automated backups are enabled,\n using the BackupRetentionPeriod parameter.\n The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. For more information, see Backup window in the Amazon RDS User Guide.\n

\n \n

\n Amazon Aurora\n

\n

Not applicable. The daily time range for creating automated backups is managed by\n the DB cluster.

\n \n

Constraints:

\n " } }, "Port": { @@ -3463,7 +3463,7 @@ "SourceIds": { "target": "com.amazonaws.rds#SourceIdsList", "traits": { - "smithy.api#documentation": "

The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. \n An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.

\n

Constraints:

\n " + "smithy.api#documentation": "

The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. \n An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.

\n

Constraints:

\n " } }, "Enabled": { @@ -11464,7 +11464,7 @@ } ], "traits": { - "smithy.api#documentation": "

Initiates the failover process for an Aurora global database (GlobalCluster).

\n

A failover for an Aurora global database promotes one of secondary read-only DB clusters to be\n the primary DB cluster and demotes the primary DB cluster to being a secondary (read-only) DB cluster. In other words,\n the role of the current primary DB cluster and the selected (target) DB cluster are switched. The selected\n secondary DB cluster assumes full read/write capabilities for the Aurora global database.

\n

For more information about failing over an Amazon Aurora global database, see\n Managed planned failover for Amazon Aurora global\n databases in the Amazon Aurora User Guide.\n

\n \n

This action applies to GlobalCluster (Aurora global databases) only. Use this action only on\n healthy Aurora global databases with running Aurora DB clusters and no Region-wide outages, to test disaster recovery scenarios or to\n reconfigure your Aurora global database topology.\n

\n
" + "smithy.api#documentation": "

Initiates the failover process for an Aurora global database (GlobalCluster).

\n

A failover for an Aurora global database promotes one of secondary read-only DB clusters to be\n the primary DB cluster and demotes the primary DB cluster to being a secondary (read-only) DB cluster. In other words,\n the role of the current primary DB cluster and the selected (target) DB cluster are switched. The selected\n secondary DB cluster assumes full read/write capabilities for the Aurora global database.

\n

For more information about failing over an Amazon Aurora global database, see\n Managed planned failover for Amazon Aurora global\n databases in the Amazon Aurora User Guide.\n

\n \n

This action applies to GlobalCluster (Aurora global databases) only. Use this action only on\n healthy Aurora global databases with running Aurora DB clusters and no Region-wide outages, to test disaster recovery scenarios or to\n reconfigure your Aurora global database topology.\n

\n
" } }, "com.amazonaws.rds#FailoverGlobalClusterMessage": { @@ -12801,7 +12801,7 @@ "PreferredBackupWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

The daily time range during which automated backups are created\n if automated backups are enabled,\n using the BackupRetentionPeriod parameter.\n

\n

The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To see the time blocks available, see \n \n Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.\n

\n

Constraints:

\n " + "smithy.api#documentation": "

The daily time range during which automated backups are created\n if automated backups are enabled,\n using the BackupRetentionPeriod parameter.\n

\n

The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To view the time blocks available, see \n \n Backup window in the Amazon Aurora User Guide.\n

\n

Constraints:

\n " } }, "PreferredMaintenanceWindow": { @@ -13140,19 +13140,19 @@ "BackupRetentionPeriod": { "target": "com.amazonaws.rds#IntegerOptional", "traits": { - "smithy.api#documentation": "

The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

\n

Changing this parameter can result in an outage if you change from 0 to a non-zero value or from a non-zero value to 0. \n These changes are applied during the next maintenance window\n unless the ApplyImmediately parameter is enabled for this request. If you change the parameter from one non-zero value to another \n non-zero value, the change is asynchronously applied as soon as possible.

\n

\n Amazon Aurora\n

\n

Not applicable. The retention period for automated backups is managed by the DB\n cluster. For more information, see ModifyDBCluster.

\n

Default: Uses existing setting

\n

Constraints:

\n " + "smithy.api#documentation": "

The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

\n \n

Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.

\n
\n

These changes are applied during the next maintenance window unless the ApplyImmediately parameter is enabled\n for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously\n applied as soon as possible.

\n

\n Amazon Aurora\n

\n

Not applicable. The retention period for automated backups is managed by the DB\n cluster. For more information, see ModifyDBCluster.

\n

Default: Uses existing setting

\n

Constraints:

\n " } }, "PreferredBackupWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

\n The daily time range during which automated backups are created\n if automated backups are enabled,\n as determined by the BackupRetentionPeriod parameter. \n Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible.\n

\n \n

\n Amazon Aurora\n

\n

Not applicable. The daily time range for creating automated backups is managed by\n the DB cluster. For more information, see ModifyDBCluster.

\n \n

Constraints:

\n " + "smithy.api#documentation": "

\n The daily time range during which automated backups are created\n if automated backups are enabled,\n as determined by the BackupRetentionPeriod parameter. \n Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. \n The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. For more information, see Backup window in the Amazon RDS User Guide.\n

\n \n

\n Amazon Aurora\n

\n

Not applicable. The daily time range for creating automated backups is managed by\n the DB cluster. For more information, see ModifyDBCluster.

\n \n

Constraints:

\n " } }, "PreferredMaintenanceWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

The weekly time range (in UTC) during which system maintenance can occur, which\n might result in an outage. Changing this parameter doesn't result in an outage, except\n in the following situation, and the change is asynchronously applied as soon as\n possible. If there are pending actions that cause a reboot, and the maintenance window\n is changed to include the current time, then changing this parameter will cause a reboot\n of the DB instance. If moving this window to the current time, there must be at least 30\n minutes between the current time and end of the window to ensure pending changes are\n applied.

\n

Default: Uses existing setting

\n

Format: ddd:hh24:mi-ddd:hh24:mi

\n

Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun

\n

Constraints: Must be at least 30 minutes

" + "smithy.api#documentation": "

The weekly time range (in UTC) during which system maintenance can occur, which\n might result in an outage. Changing this parameter doesn't result in an outage, except\n in the following situation, and the change is asynchronously applied as soon as\n possible. If there are pending actions that cause a reboot, and the maintenance window\n is changed to include the current time, then changing this parameter will cause a reboot\n of the DB instance. If moving this window to the current time, there must be at least 30\n minutes between the current time and end of the window to ensure pending changes are\n applied.

\n

For more information, see Amazon RDS Maintenance Window in the Amazon RDS User Guide.\n

\n

Default: Uses existing setting

\n

Format: ddd:hh24:mi-ddd:hh24:mi

\n

Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun

\n

Constraints: Must be at least 30 minutes

" } }, "MultiAZ": { @@ -16371,7 +16371,7 @@ "PreferredBackupWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

The daily time range during which automated backups are created\n if automated backups are enabled\n using the BackupRetentionPeriod parameter.\n

\n

The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To see the time blocks available, see \n \n Adjusting the Preferred Maintenance Window in the Amazon Aurora User Guide.\n

\n

Constraints:

\n " + "smithy.api#documentation": "

The daily time range during which automated backups are created\n if automated backups are enabled\n using the BackupRetentionPeriod parameter.\n

\n

The default is a 30-minute window selected at random from an\n 8-hour block of time for each AWS Region. \n To view the time blocks available, see \n \n Backup window in the Amazon Aurora User Guide.\n

\n

Constraints:

\n " } }, "PreferredMaintenanceWindow": { @@ -17315,7 +17315,7 @@ "PreferredBackupWindow": { "target": "com.amazonaws.rds#String", "traits": { - "smithy.api#documentation": "

The time range each day \n during which automated backups are created \n if automated backups are enabled. \n For more information, see The Backup Window in the Amazon RDS User Guide.\n

\n \n

Constraints:

\n " + "smithy.api#documentation": "

The time range each day \n during which automated backups are created \n if automated backups are enabled. \n For more information, see Backup window in the Amazon RDS User Guide.\n

\n \n

Constraints:

\n " } }, "Port": { @@ -17844,7 +17844,7 @@ } ], "traits": { - "smithy.api#documentation": "

Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Security Groups. Required parameters for this API are one of CIDRIP, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId).

" + "smithy.api#documentation": "

Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC security groups. Required parameters for this API are one of CIDRIP, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId).

" } }, "com.amazonaws.rds#RevokeDBSecurityGroupIngressMessage": { @@ -17957,7 +17957,7 @@ "SecondsUntilAutoPause": { "target": "com.amazonaws.rds#IntegerOptional", "traits": { - "smithy.api#documentation": "

The time, in seconds, before an Aurora DB cluster in serverless mode is paused.

" + "smithy.api#documentation": "

The time, in seconds, before an Aurora DB cluster in serverless mode is paused.

\n

Specify a value between 300 and 86,400 seconds.

" } }, "TimeoutAction": { diff --git a/codegen/sdk-codegen/aws-models/redshift.2012-12-01.json b/codegen/sdk-codegen/aws-models/redshift.2012-12-01.json index 06898cdb45c..f53f59524f2 100644 --- a/codegen/sdk-codegen/aws-models/redshift.2012-12-01.json +++ b/codegen/sdk-codegen/aws-models/redshift.2012-12-01.json @@ -199,6 +199,64 @@ ] } }, + "com.amazonaws.redshift#AquaConfiguration": { + "type": "structure", + "members": { + "AquaStatus": { + "target": "com.amazonaws.redshift#AquaStatus", + "traits": { + "smithy.api#documentation": "

The value indicates the status of AQUA on the cluster. Possible values include the following.

\n " + } + }, + "AquaConfigurationStatus": { + "target": "com.amazonaws.redshift#AquaConfigurationStatus", + "traits": { + "smithy.api#documentation": "

The value represents how the cluster is configured to use AQUA. Possible values include the following.

\n " + } + } + }, + "traits": { + "smithy.api#documentation": "

The AQUA (Advanced Query Accelerator) configuration of the cluster.

" + } + }, + "com.amazonaws.redshift#AquaConfigurationStatus": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "enabled", + "name": "ENABLED" + }, + { + "value": "disabled", + "name": "DISABLED" + }, + { + "value": "auto", + "name": "AUTO" + } + ] + } + }, + "com.amazonaws.redshift#AquaStatus": { + "type": "string", + "traits": { + "smithy.api#enum": [ + { + "value": "enabled", + "name": "ENABLED" + }, + { + "value": "disabled", + "name": "DISABLED" + }, + { + "value": "applying", + "name": "APPLYING" + } + ] + } + }, "com.amazonaws.redshift#AssociatedClusterList": { "type": "list", "member": { @@ -1030,6 +1088,12 @@ "traits": { "smithy.api#documentation": "

The total storage capacity of the cluster in megabytes.

" } + }, + "AquaConfiguration": { + "target": "com.amazonaws.redshift#AquaConfiguration", + "traits": { + "smithy.api#documentation": "

The AQUA (Advanced Query Accelerator) configuration of the cluster.

" + } } }, "traits": { @@ -2231,6 +2295,12 @@ "traits": { "smithy.api#documentation": "

The option to enable relocation for an Amazon Redshift cluster between Availability Zones after the cluster is created.

" } + }, + "AquaConfigurationStatus": { + "target": "com.amazonaws.redshift#AquaConfigurationStatus", + "traits": { + "smithy.api#documentation": "

The value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) when it is created. Possible values include the following.

\n " + } } }, "traits": { @@ -2751,7 +2821,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates an HSM client certificate that an Amazon Redshift cluster will use to connect to\n the client's HSM in order to store and retrieve the keys used to encrypt the cluster\n databases.

\n

The command returns a public key, which you must store in the HSM. In addition to\n creating the HSM certificate, you must create an Amazon Redshift HSM configuration that\n provides a cluster the information needed to store and use encryption keys in the HSM.\n For more information, go to Hardware Security Modules\n in the Amazon Redshift Cluster Management Guide.

" + "smithy.api#documentation": "

Creates an HSM client certificate that an Amazon Redshift cluster will use to connect to\n the client's HSM in order to store and retrieve the keys used to encrypt the cluster\n databases.

\n

The command returns a public key, which you must store in the HSM. In addition to\n creating the HSM certificate, you must create an Amazon Redshift HSM configuration that\n provides a cluster the information needed to store and use encryption keys in the HSM.\n For more information, go to Hardware Security Modules\n in the Amazon Redshift Cluster Management Guide.

" } }, "com.amazonaws.redshift#CreateHsmClientCertificateMessage": { @@ -7611,6 +7681,55 @@ ] } }, + "com.amazonaws.redshift#ModifyAquaConfiguration": { + "type": "operation", + "input": { + "target": "com.amazonaws.redshift#ModifyAquaInputMessage" + }, + "output": { + "target": "com.amazonaws.redshift#ModifyAquaOutputMessage" + }, + "errors": [ + { + "target": "com.amazonaws.redshift#ClusterNotFoundFault" + }, + { + "target": "com.amazonaws.redshift#UnsupportedOperationFault" + } + ], + "traits": { + "smithy.api#documentation": "

Modifies whether a cluster can use AQUA (Advanced Query Accelerator).

" + } + }, + "com.amazonaws.redshift#ModifyAquaInputMessage": { + "type": "structure", + "members": { + "ClusterIdentifier": { + "target": "com.amazonaws.redshift#String", + "traits": { + "smithy.api#documentation": "

The identifier of the cluster to be modified.

", + "smithy.api#required": {} + } + }, + "AquaConfigurationStatus": { + "target": "com.amazonaws.redshift#AquaConfigurationStatus", + "traits": { + "smithy.api#documentation": "

The new value of AQUA configuration status. Possible values include the following.

\n " + } + } + } + }, + "com.amazonaws.redshift#ModifyAquaOutputMessage": { + "type": "structure", + "members": { + "AquaConfiguration": { + "target": "com.amazonaws.redshift#AquaConfiguration", + "traits": { + "smithy.api#documentation": "

The updated AQUA configuration of the cluster.

" + } + } + } + }, "com.amazonaws.redshift#ModifyCluster": { "type": "operation", "input": { @@ -9468,6 +9587,9 @@ { "target": "com.amazonaws.redshift#GetReservedNodeExchangeOfferings" }, + { + "target": "com.amazonaws.redshift#ModifyAquaConfiguration" + }, { "target": "com.amazonaws.redshift#ModifyCluster" }, @@ -10401,6 +10523,12 @@ "traits": { "smithy.api#documentation": "

The option to enable relocation for an Amazon Redshift cluster between Availability Zones after the cluster is restored.

" } + }, + "AquaConfigurationStatus": { + "target": "com.amazonaws.redshift#AquaConfigurationStatus", + "traits": { + "smithy.api#documentation": "

The value represents how the cluster is configured to use AQUA (Advanced Query Accelerator) after the cluster is restored. Possible values include the following.

\n " + } } }, "traits": { @@ -10549,6 +10677,12 @@ "smithy.api#documentation": "

The name of the table to create as a result of the current request.

", "smithy.api#required": {} } + }, + "EnableCaseSensitiveIdentifier": { + "target": "com.amazonaws.redshift#BooleanOptional", + "traits": { + "smithy.api#documentation": "

Indicates whether name identifiers for database, schema, and table are case sensitive. \n If true, the names are case sensitive. \n If false (default), the names are not case sensitive.

" + } } }, "traits": { diff --git a/codegen/sdk-codegen/aws-models/shield.2016-06-02.json b/codegen/sdk-codegen/aws-models/shield.2016-06-02.json index 9fa780122c3..a432abb3707 100644 --- a/codegen/sdk-codegen/aws-models/shield.2016-06-02.json +++ b/codegen/sdk-codegen/aws-models/shield.2016-06-02.json @@ -735,6 +735,9 @@ { "target": "com.amazonaws.shield#InvalidOperationException" }, + { + "target": "com.amazonaws.shield#InvalidParameterException" + }, { "target": "com.amazonaws.shield#InvalidResourceException" }, @@ -1734,14 +1737,20 @@ "target": "com.amazonaws.shield#errorMessage" }, "Type": { - "target": "com.amazonaws.shield#LimitType" + "target": "com.amazonaws.shield#LimitType", + "traits": { + "smithy.api#documentation": "

The type of limit that would be exceeded.

" + } }, "Limit": { - "target": "com.amazonaws.shield#LimitNumber" + "target": "com.amazonaws.shield#LimitNumber", + "traits": { + "smithy.api#documentation": "

The threshold that would be exceeded.

" + } } }, "traits": { - "smithy.api#documentation": "

Exception that indicates that the operation would exceed a limit.

\n

\n Type is the type of limit that would be exceeded.

\n

\n Limit is the threshold that would be exceeded.

", + "smithy.api#documentation": "

Exception that indicates that the operation would exceed a limit.

", "smithy.api#error": "client" } }, diff --git a/codegen/sdk-codegen/aws-models/sts.2011-06-15.json b/codegen/sdk-codegen/aws-models/sts.2011-06-15.json index 1346efc4538..d8f31494636 100644 --- a/codegen/sdk-codegen/aws-models/sts.2011-06-15.json +++ b/codegen/sdk-codegen/aws-models/sts.2011-06-15.json @@ -100,7 +100,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns a set of temporary security credentials that you can use to access AWS\n resources that you might not normally have access to. These temporary credentials consist\n of an access key ID, a secret access key, and a security token. Typically, you use\n AssumeRole within your account or for cross-account access. For a\n comparison of AssumeRole with other API operations that produce temporary\n credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n \n

You cannot use AWS account root user credentials to call AssumeRole.\n You must use credentials for an IAM user or an IAM role to call\n AssumeRole.

\n
\n

For cross-account access, imagine that you own multiple accounts and need to access\n resources in each account. You could create long-term credentials in each account to access\n those resources. However, managing all those credentials and remembering which one can\n access which account can be time consuming. Instead, you can create one set of long-term\n credentials in one account. Then use temporary security credentials to access all the other\n accounts by assuming roles in those accounts. For more information about roles, see IAM Roles in the\n IAM User Guide.

\n

\n Session Duration\n

\n

By default, the temporary security credentials created by AssumeRole last\n for one hour. However, you can use the optional DurationSeconds parameter to\n specify the duration of your session. You can provide a value from 900 seconds (15 minutes)\n up to the maximum session duration setting for the role. This setting can have a value from\n 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide. The maximum session duration limit applies when\n you use the AssumeRole* API operations or the assume-role* CLI\n commands. However the limit does not apply when you use those operations to create a\n console URL. For more information, see Using IAM Roles in the\n IAM User Guide.

\n

\n Permissions\n

\n

The temporary security credentials created by AssumeRole can be used to\n make API calls to any AWS service with the following exception: You cannot call the\n AWS STS GetFederationToken or GetSessionToken API\n operations.

\n

(Optional) You can pass inline or managed session policies to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

To assume a role from a different account, your AWS account must be trusted by the\n role. The trust relationship is defined in the role's trust policy when the role is\n created. That trust policy states which accounts are allowed to delegate that access to\n users in the account.

\n

A user who wants to access a role in a different account must also have permissions that\n are delegated from the user account administrator. The administrator must attach a policy\n that allows the user to call AssumeRole for the ARN of the role in the other\n account. If the user is in the same account as the role, then you can do either of the\n following:

\n \n

In this case, the trust policy acts as an IAM resource-based policy. Users in the same\n account as the role do not need explicit permission to assume the role. For more\n information about trust policies and resource-based policies, see IAM Policies in\n the IAM User Guide.

\n

\n Tags\n

\n

(Optional) You can pass tag key-value pairs to your session. These tags are called\n session tags. For more information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

You can set the session tags as transitive. Transitive tags persist during role\n chaining. For more information, see Chaining Roles\n with Session Tags in the IAM User Guide.

\n

\n Using MFA with AssumeRole\n

\n

(Optional) You can include multi-factor authentication (MFA) information when you call\n AssumeRole. This is useful for cross-account scenarios to ensure that the\n user that assumes the role has been authenticated with an AWS MFA device. In that\n scenario, the trust policy of the role being assumed includes a condition that tests for\n MFA authentication. If the caller does not include valid MFA information, the request to\n assume the role is denied. The condition in a trust policy that tests for MFA\n authentication might look like the following example.

\n

\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}\n

\n

For more information, see Configuring MFA-Protected API Access\n in the IAM User Guide guide.

\n

To use MFA with AssumeRole, you pass values for the\n SerialNumber and TokenCode parameters. The\n SerialNumber value identifies the user's hardware or virtual MFA device.\n The TokenCode is the time-based one-time password (TOTP) that the MFA device\n produces.

" + "smithy.api#documentation": "

Returns a set of temporary security credentials that you can use to access AWS\n resources that you might not normally have access to. These temporary credentials\n consist of an access key ID, a secret access key, and a security token. Typically, you\n use AssumeRole within your account or for cross-account access. For a\n comparison of AssumeRole with other API operations that produce temporary\n credentials, see Requesting Temporary Security\n Credentials and Comparing\n the AWS STS API operations in the\n IAM User Guide.

\n

\n Permissions\n

\n

The temporary security credentials created by AssumeRole can be used to\n make API calls to any AWS service with the following exception: You cannot call the\n AWS STS GetFederationToken or GetSessionToken API\n operations.

\n

(Optional) You can pass inline or managed session policies to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

To assume a role from a different account, your AWS account must be trusted by the\n role. The trust relationship is defined in the role's trust policy when the role is\n created. That trust policy states which accounts are allowed to delegate that access to\n users in the account.

\n

A user who wants to access a role in a different account must also have permissions that\n are delegated from the user account administrator. The administrator must attach a policy\n that allows the user to call AssumeRole for the ARN of the role in the other\n account. If the user is in the same account as the role, then you can do either of the\n following:

\n \n

In this case, the trust policy acts as an IAM resource-based policy. Users in the same\n account as the role do not need explicit permission to assume the role. For more\n information about trust policies and resource-based policies, see IAM Policies in\n the IAM User Guide.

\n

\n Tags\n

\n

(Optional) You can pass tag key-value pairs to your session. These tags are called\n session tags. For more information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

You can set the session tags as transitive. Transitive tags persist during role\n chaining. For more information, see Chaining Roles\n with Session Tags in the IAM User Guide.

\n

\n Using MFA with AssumeRole\n

\n

(Optional) You can include multi-factor authentication (MFA) information when you call\n AssumeRole. This is useful for cross-account scenarios to ensure that the\n user that assumes the role has been authenticated with an AWS MFA device. In that\n scenario, the trust policy of the role being assumed includes a condition that tests for\n MFA authentication. If the caller does not include valid MFA information, the request to\n assume the role is denied. The condition in a trust policy that tests for MFA\n authentication might look like the following example.

\n

\n \"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}\n

\n

For more information, see Configuring MFA-Protected API Access\n in the IAM User Guide guide.

\n

To use MFA with AssumeRole, you pass values for the\n SerialNumber and TokenCode parameters. The\n SerialNumber value identifies the user's hardware or virtual MFA device.\n The TokenCode is the time-based one-time password (TOTP) that the MFA device\n produces.

" } }, "com.amazonaws.sts#AssumeRoleRequest": { @@ -123,25 +123,25 @@ "PolicyArns": { "target": "com.amazonaws.sts#policyDescriptorListType", "traits": { - "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as\n managed session policies. The policies must exist in the same account as the role.

\n

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the\n plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS\n Service Namespaces in the AWS General Reference.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

" + "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as\n managed session policies. The policies must exist in the same account as the role.

\n

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the\n plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS\n Service Namespaces in the AWS General Reference.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

" } }, "Policy": { "target": "com.amazonaws.sts#sessionPolicyDocumentType", "traits": { - "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

This parameter is optional. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

The plain text that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" + "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

This parameter is optional. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

The plaintext that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" } }, "DurationSeconds": { "target": "com.amazonaws.sts#roleDurationSecondsType", "traits": { - "smithy.api#documentation": "

The duration, in seconds, of the role session. The value can range from 900 seconds (15\n minutes) up to the maximum session duration setting for the role. This setting can have a\n value from 1 hour to 12 hours. If you specify a value higher than this setting, the\n operation fails. For example, if you specify a session duration of 12 hours, but your\n administrator set the maximum session duration to 6 hours, your operation fails. To learn\n how to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide.

\n

By default, the value is set to 3600 seconds.

\n \n

The DurationSeconds parameter is separate from the duration of a console\n session that you might request using the returned credentials. The request to the\n federation endpoint for a console sign-in token takes a SessionDuration\n parameter that specifies the maximum length of the console session. For more\n information, see Creating a URL\n that Enables Federated Users to Access the AWS Management Console in the\n IAM User Guide.

\n
" + "smithy.api#documentation": "

The duration, in seconds, of the role session. The value specified can can range from\n 900 seconds (15 minutes) up to the maximum session duration that is set for the role. The\n maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a\n value higher than this setting or the administrator setting (whichever is lower), the\n operation fails. For example, if you specify a session duration of 12 hours, but your\n administrator set the maximum session duration to 6 hours, your operation fails. To learn\n how to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide.

\n

By default, the value is set to 3600 seconds.

\n \n

The DurationSeconds parameter is separate from the duration of a console\n session that you might request using the returned credentials. The request to the\n federation endpoint for a console sign-in token takes a SessionDuration\n parameter that specifies the maximum length of the console session. For more\n information, see Creating a URL\n that Enables Federated Users to Access the AWS Management Console in the\n IAM User Guide.

\n
" } }, "Tags": { "target": "com.amazonaws.sts#tagListType", "traits": { - "smithy.api#documentation": "

A list of session tags that you want to pass. Each session tag consists of a key name\n and an associated value. For more information about session tags, see Tagging AWS STS\n Sessions in the IAM User Guide.

\n

This parameter is optional. You can pass up to 50 session tags. The plain text session\n tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these\n and additional limits, see IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

You can pass a session tag with the same key as a tag that is already attached to the\n role. When you do, session tags override a role tag with the same key.

\n

Tag key–value pairs are not case sensitive, but case is preserved. This means that you\n cannot have separate Department and department tag keys. Assume\n that the role has the Department=Marketing tag and you pass the\n department=engineering session tag. Department\n and department are not saved as separate tags, and the session tag passed in\n the request takes precedence over the role tag.

\n

Additionally, if you used temporary credentials to perform this operation, the new\n session inherits any transitive session tags from the calling session. If you pass a\n session tag with the same key as an inherited tag, the operation fails. To view the\n inherited tags for a session, see the AWS CloudTrail logs. For more information, see Viewing Session Tags in CloudTrail in the\n IAM User Guide.

" + "smithy.api#documentation": "

A list of session tags that you want to pass. Each session tag consists of a key name\n and an associated value. For more information about session tags, see Tagging AWS STS\n Sessions in the IAM User Guide.

\n

This parameter is optional. You can pass up to 50 session tags. The plaintext session\n tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these\n and additional limits, see IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n

You can pass a session tag with the same key as a tag that is already\n attached to the role. When you do, session tags override a role tag with the same key.

\n

Tag key–value pairs are not case sensitive, but case is preserved. This means that you\n cannot have separate Department and department tag keys. Assume\n that the role has the Department=Marketing tag and you pass the\n department=engineering session tag. Department\n and department are not saved as separate tags, and the session tag passed in\n the request takes precedence over the role tag.

\n

Additionally, if you used temporary credentials to perform this operation, the new\n session inherits any transitive session tags from the calling session. If you pass a\n session tag with the same key as an inherited tag, the operation fails. To view the\n inherited tags for a session, see the AWS CloudTrail logs. For more information, see Viewing Session Tags in CloudTrail in the\n IAM User Guide.

" } }, "TransitiveTagKeys": { @@ -165,7 +165,13 @@ "TokenCode": { "target": "com.amazonaws.sts#tokenCodeType", "traits": { - "smithy.api#documentation": "

The value provided by the MFA device, if the trust policy of the role being assumed\n requires MFA (that is, if the policy includes a condition that tests for MFA). If the role\n being assumed requires MFA and if the TokenCode value is missing or expired,\n the AssumeRole call returns an \"access denied\" error.

\n

The format for this parameter, as described by its regex pattern, is a sequence of six\n numeric digits.

" + "smithy.api#documentation": "

The value provided by the MFA device, if the trust policy of the role being assumed\n requires MFA. (In other words, if the policy includes a condition that tests for MFA). If\n the role being assumed requires MFA and if the TokenCode value is missing or\n expired, the AssumeRole call returns an \"access denied\" error.

\n

The format for this parameter, as described by its regex pattern, is a sequence of six\n numeric digits.

" + } + }, + "SourceIdentity": { + "target": "com.amazonaws.sts#sourceIdentityType", + "traits": { + "smithy.api#documentation": "

The source identity specified by the principal that is calling the\n AssumeRole operation.

\n

You can require users to specify a source identity when they assume a role. You do this\n by using the sts:SourceIdentity condition key in a role trust policy. You can\n use source identity information in AWS CloudTrail logs to determine who took actions with a role.\n You can use the aws:SourceIdentity condition key to further control access to\n AWS resources based on the value of source identity. For more information about using\n source identity, see Monitor and control\n actions taken with assumed roles in the\n IAM User Guide.

\n

The regex used to validate this parameter is a string of characters consisting of upper-\n and lower-case alphanumeric characters with no spaces. You can also include underscores or\n any of the following characters: =,.@-. You cannot use a value that begins with the text\n aws:. This prefix is reserved for AWS internal\n use.

" } } } @@ -190,6 +196,12 @@ "traits": { "smithy.api#documentation": "

A percentage value that indicates the packed size of the session policies and session \n tags combined passed in the request. The request fails if the packed size is greater than 100 percent, \n which means the policies and tags exceeded the allowed space.

" } + }, + "SourceIdentity": { + "target": "com.amazonaws.sts#sourceIdentityType", + "traits": { + "smithy.api#documentation": "

The source identity specified by the principal that is calling the\n AssumeRole operation.

\n

You can require users to specify a source identity when they assume a role. You do this\n by using the sts:SourceIdentity condition key in a role trust policy. You can\n use source identity information in AWS CloudTrail logs to determine who took actions with a role.\n You can use the aws:SourceIdentity condition key to further control access to\n AWS resources based on the value of source identity. For more information about using\n source identity, see Monitor and control\n actions taken with assumed roles in the\n IAM User Guide.

\n

The regex used to validate this parameter is a string of characters consisting of upper-\n and lower-case alphanumeric characters with no spaces. You can also include underscores or\n any of the following characters: =,.@-

" + } } }, "traits": { @@ -225,7 +237,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns a set of temporary security credentials for users who have been authenticated\n via a SAML authentication response. This operation provides a mechanism for tying an\n enterprise identity store or directory to role-based AWS access without user-specific\n credentials or configuration. For a comparison of AssumeRoleWithSAML with the\n other API operations that produce temporary credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n

The temporary security credentials returned by this operation consist of an access key\n ID, a secret access key, and a security token. Applications can use these temporary\n security credentials to sign calls to AWS services.

\n

\n Session Duration\n

\n

By default, the temporary security credentials created by\n AssumeRoleWithSAML last for one hour. However, you can use the optional\n DurationSeconds parameter to specify the duration of your session. Your\n role session lasts for the duration that you specify, or until the time specified in the\n SAML authentication response's SessionNotOnOrAfter value, whichever is\n shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes)\n up to the maximum session duration setting for the role. This setting can have a value from\n 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide. The maximum session duration limit applies when\n you use the AssumeRole* API operations or the assume-role* CLI\n commands. However the limit does not apply when you use those operations to create a\n console URL. For more information, see Using IAM Roles in the\n IAM User Guide.

\n

\n Permissions\n

\n

The temporary security credentials created by AssumeRoleWithSAML can be\n used to make API calls to any AWS service with the following exception: you cannot call\n the STS GetFederationToken or GetSessionToken API\n operations.

\n

(Optional) You can pass inline or managed session policies to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

Calling AssumeRoleWithSAML does not require the use of AWS security\n credentials. The identity of the caller is validated by using keys in the metadata document\n that is uploaded for the SAML provider entity for your identity provider.

\n \n

Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail logs.\n The entry includes the value in the NameID element of the SAML assertion.\n We recommend that you use a NameIDType that is not associated with any\n personally identifiable information (PII). For example, you could instead use the\n persistent identifier\n (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).

\n
\n

\n Tags\n

\n

(Optional) You can configure your IdP to pass attributes into your SAML assertion as\n session tags. Each session tag consists of a key name and an associated value. For more\n information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128\n characters and the values can’t exceed 256 characters. For these and additional limits, see\n IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

You can pass a session tag with the same key as a tag that is attached to the role. When\n you do, session tags override the role's tags with the same key.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

You can set the session tags as transitive. Transitive tags persist during role\n chaining. For more information, see Chaining Roles\n with Session Tags in the IAM User Guide.

\n

\n SAML Configuration\n

\n

Before your application can call AssumeRoleWithSAML, you must configure\n your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you\n must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that\n represents your identity provider. You must also create an IAM role that specifies this\n SAML provider in its trust policy.

\n

For more information, see the following resources:

\n " + "smithy.api#documentation": "

Returns a set of temporary security credentials for users who have been authenticated\n via a SAML authentication response. This operation provides a mechanism for tying an\n enterprise identity store or directory to role-based AWS access without user-specific\n credentials or configuration. For a comparison of AssumeRoleWithSAML with the\n other API operations that produce temporary credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n

The temporary security credentials returned by this operation consist of an access key\n ID, a secret access key, and a security token. Applications can use these temporary\n security credentials to sign calls to AWS services.

\n

\n Session Duration\n

\n

By default, the temporary security credentials created by\n AssumeRoleWithSAML last for one hour. However, you can use the optional\n DurationSeconds parameter to specify the duration of your session. Your\n role session lasts for the duration that you specify, or until the time specified in the\n SAML authentication response's SessionNotOnOrAfter value, whichever is\n shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes)\n up to the maximum session duration setting for the role. This setting can have a value from\n 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide. The maximum session duration limit applies when\n you use the AssumeRole* API operations or the assume-role* CLI\n commands. However the limit does not apply when you use those operations to create a\n console URL. For more information, see Using IAM Roles in the\n IAM User Guide.

\n \n

\n Role chaining limits your AWS CLI or AWS API\n role session to a maximum of one hour. When you use the AssumeRole API\n operation to assume a role, you can specify the duration of your role session with\n the DurationSeconds parameter. You can specify a parameter value of up\n to 43200 seconds (12 hours), depending on the maximum session duration setting for\n your role. However, if you assume a role using role chaining and provide a\n DurationSeconds parameter value greater than one hour, the\n operation fails.

\n
\n

\n Permissions\n

\n

The temporary security credentials created by AssumeRoleWithSAML can be\n used to make API calls to any AWS service with the following exception: you cannot call\n the STS GetFederationToken or GetSessionToken API\n operations.

\n

(Optional) You can pass inline or managed session policies to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

Calling AssumeRoleWithSAML does not require the use of AWS security\n credentials. The identity of the caller is validated by using keys in the metadata document\n that is uploaded for the SAML provider entity for your identity provider.

\n \n

Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail logs.\n The entry includes the value in the NameID element of the SAML assertion.\n We recommend that you use a NameIDType that is not associated with any\n personally identifiable information (PII). For example, you could instead use the\n persistent identifier\n (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).

\n
\n

\n Tags\n

\n

(Optional) You can configure your IdP to pass attributes into your SAML assertion as\n session tags. Each session tag consists of a key name and an associated value. For more\n information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128\n characters and the values can’t exceed 256 characters. For these and additional limits, see\n IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n

You can pass a session tag with the same key as a tag that is\n attached to the role. When you do, session tags override the role's tags with the same\n key.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

You can set the session tags as transitive. Transitive tags persist during role\n chaining. For more information, see Chaining Roles\n with Session Tags in the IAM User Guide.

\n

\n SAML Configuration\n

\n

Before your application can call AssumeRoleWithSAML, you must configure\n your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you\n must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that\n represents your identity provider. You must also create an IAM role that specifies this\n SAML provider in its trust policy.

\n

For more information, see the following resources:

\n " } }, "com.amazonaws.sts#AssumeRoleWithSAMLRequest": { @@ -248,20 +260,20 @@ "SAMLAssertion": { "target": "com.amazonaws.sts#SAMLAssertionType", "traits": { - "smithy.api#documentation": "

The base-64 encoded SAML authentication response provided by the IdP.

\n

For more information, see Configuring a Relying Party and\n Adding Claims in the IAM User Guide.

", + "smithy.api#documentation": "

The base64 encoded SAML authentication response provided by the IdP.

\n

For more information, see Configuring a Relying Party and\n Adding Claims in the IAM User Guide.

", "smithy.api#required": {} } }, "PolicyArns": { "target": "com.amazonaws.sts#policyDescriptorListType", "traits": { - "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as\n managed session policies. The policies must exist in the same account as the role.

\n

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the\n plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS\n Service Namespaces in the AWS General Reference.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

" + "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as\n managed session policies. The policies must exist in the same account as the role.

\n

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the\n plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS\n Service Namespaces in the AWS General Reference.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

" } }, "Policy": { "target": "com.amazonaws.sts#sessionPolicyDocumentType", "traits": { - "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

This parameter is optional. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

The plain text that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" + "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

This parameter is optional. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

The plaintext that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" } }, "DurationSeconds": { @@ -320,7 +332,13 @@ "NameQualifier": { "target": "com.amazonaws.sts#NameQualifier", "traits": { - "smithy.api#documentation": "

A hash value based on the concatenation of the Issuer response value, the\n AWS account ID, and the friendly name (the last part of the ARN) of the SAML provider in\n IAM. The combination of NameQualifier and Subject can be used\n to uniquely identify a federated user.

\n

The following pseudocode shows how the hash value is calculated:

\n

\n BASE64 ( SHA1 ( \"https://example.com/saml\" + \"123456789012\" + \"/MySAMLIdP\" ) )\n

" + "smithy.api#documentation": "

A hash value based on the concatenation of the following:

\n \n

The combination of NameQualifier and Subject can be used to\n uniquely identify a federated user.

\n

The following pseudocode shows how the hash value is calculated:

\n

\n BASE64 ( SHA1 ( \"https://example.com/saml\" + \"123456789012\" + \"/MySAMLIdP\" ) )\n

" + } + }, + "SourceIdentity": { + "target": "com.amazonaws.sts#sourceIdentityType", + "traits": { + "smithy.api#documentation": "

The value in the SourceIdentity attribute in the SAML assertion.

\n

You can require users to set a source identity value when they assume a role. You do\n this by using the sts:SourceIdentity condition key in a role trust policy.\n That way, actions that are taken with the role are associated with that user. After the\n source identity is set, the value cannot be changed. It is present in the request for all\n actions that are taken by the role and persists across chained\n role sessions. You can configure your SAML identity provider to use an attribute\n associated with your users, like user name or email, as the source identity when calling\n AssumeRoleWithSAML. You do this by adding an attribute to the SAML\n assertion. For more information about using source identity, see Monitor and control\n actions taken with assumed roles in the\n IAM User Guide.

\n

The regex used to validate this parameter is a string of characters \n consisting of upper- and lower-case alphanumeric characters with no spaces. You can \n also include underscores or any of the following characters: =,.@-

" } } }, @@ -360,7 +378,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns a set of temporary security credentials for users who have been authenticated in\n a mobile or web application with a web identity provider. Example providers include Amazon Cognito,\n Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity\n provider.

\n \n

For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the\n AWS SDK for iOS Developer Guide and the AWS SDK for Android Developer Guide to uniquely\n identify a user. You can also supply the user with a consistent identity throughout the\n lifetime of an application.

\n

To learn more about Amazon Cognito, see Amazon Cognito Overview in\n AWS SDK for Android Developer Guide and Amazon Cognito Overview in the\n AWS SDK for iOS Developer Guide.

\n
\n

Calling AssumeRoleWithWebIdentity does not require the use of AWS\n security credentials. Therefore, you can distribute an application (for example, on mobile\n devices) that requests temporary security credentials without including long-term AWS\n credentials in the application. You also don't need to deploy server-based proxy services\n that use long-term AWS credentials. Instead, the identity of the caller is validated by\n using a token from the web identity provider. For a comparison of\n AssumeRoleWithWebIdentity with the other API operations that produce\n temporary credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n

The temporary security credentials returned by this API consist of an access key ID, a\n secret access key, and a security token. Applications can use these temporary security\n credentials to sign calls to AWS service API operations.

\n

\n Session Duration\n

\n

By default, the temporary security credentials created by\n AssumeRoleWithWebIdentity last for one hour. However, you can use the\n optional DurationSeconds parameter to specify the duration of your session.\n You can provide a value from 900 seconds (15 minutes) up to the maximum session duration\n setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how\n to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide. The maximum session duration limit applies when\n you use the AssumeRole* API operations or the assume-role* CLI\n commands. However the limit does not apply when you use those operations to create a\n console URL. For more information, see Using IAM Roles in the\n IAM User Guide.

\n

\n Permissions\n

\n

The temporary security credentials created by AssumeRoleWithWebIdentity can\n be used to make API calls to any AWS service with the following exception: you cannot\n call the STS GetFederationToken or GetSessionToken API\n operations.

\n

(Optional) You can pass inline or managed session policies to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

\n Tags\n

\n

(Optional) You can configure your IdP to pass attributes into your web identity token as\n session tags. Each session tag consists of a key name and an associated value. For more\n information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

You can pass up to 50 session tags. The plain text session tag keys can’t exceed 128\n characters and the values can’t exceed 256 characters. For these and additional limits, see\n IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

You can pass a session tag with the same key as a tag that is attached to the role. When\n you do, the session tag overrides the role tag with the same key.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

You can set the session tags as transitive. Transitive tags persist during role\n chaining. For more information, see Chaining Roles\n with Session Tags in the IAM User Guide.

\n

\n Identities\n

\n

Before your application can call AssumeRoleWithWebIdentity, you must have\n an identity token from a supported identity provider and create a role that the application\n can assume. The role that your application assumes must trust the identity provider that is\n associated with the identity token. In other words, the identity provider must be specified\n in the role's trust policy.

\n \n

Calling AssumeRoleWithWebIdentity can result in an entry in your\n AWS CloudTrail logs. The entry includes the Subject of\n the provided Web Identity Token. We recommend that you avoid using any personally\n identifiable information (PII) in this field. For example, you could instead use a GUID\n or a pairwise identifier, as suggested\n in the OIDC specification.

\n
\n

For more information about how to use web identity federation and the\n AssumeRoleWithWebIdentity API, see the following resources:

\n " + "smithy.api#documentation": "

Returns a set of temporary security credentials for users who have been authenticated in\n a mobile or web application with a web identity provider. Example providers include Amazon Cognito,\n Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity\n provider.

\n \n

For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the\n AWS SDK for iOS Developer Guide and the AWS SDK for Android Developer Guide to uniquely\n identify a user. You can also supply the user with a consistent identity throughout the\n lifetime of an application.

\n

To learn more about Amazon Cognito, see Amazon Cognito Overview in\n AWS SDK for Android Developer Guide and Amazon Cognito Overview in the\n AWS SDK for iOS Developer Guide.

\n
\n

Calling AssumeRoleWithWebIdentity does not require the use of AWS\n security credentials. Therefore, you can distribute an application (for example, on mobile\n devices) that requests temporary security credentials without including long-term AWS\n credentials in the application. You also don't need to deploy server-based proxy services\n that use long-term AWS credentials. Instead, the identity of the caller is validated by\n using a token from the web identity provider. For a comparison of\n AssumeRoleWithWebIdentity with the other API operations that produce\n temporary credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n

The temporary security credentials returned by this API consist of an access key ID, a\n secret access key, and a security token. Applications can use these temporary security\n credentials to sign calls to AWS service API operations.

\n

\n Session Duration\n

\n

By default, the temporary security credentials created by\n AssumeRoleWithWebIdentity last for one hour. However, you can use the\n optional DurationSeconds parameter to specify the duration of your session.\n You can provide a value from 900 seconds (15 minutes) up to the maximum session duration\n setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how\n to view the maximum value for your role, see View the\n Maximum Session Duration Setting for a Role in the\n IAM User Guide. The maximum session duration limit applies when\n you use the AssumeRole* API operations or the assume-role* CLI\n commands. However the limit does not apply when you use those operations to create a\n console URL. For more information, see Using IAM Roles in the\n IAM User Guide.

\n

\n Permissions\n

\n

The temporary security credentials created by AssumeRoleWithWebIdentity can\n be used to make API calls to any AWS service with the following exception: you cannot\n call the STS GetFederationToken or GetSessionToken API\n operations.

\n

(Optional) You can pass inline or managed session policies to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

\n Tags\n

\n

(Optional) You can configure your IdP to pass attributes into your web identity token as\n session tags. Each session tag consists of a key name and an associated value. For more\n information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128\n characters and the values can’t exceed 256 characters. For these and additional limits, see\n IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n

You can pass a session tag with the same key as a tag that is\n attached to the role. When you do, the session tag overrides the role tag with the same\n key.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

You can set the session tags as transitive. Transitive tags persist during role\n chaining. For more information, see Chaining Roles\n with Session Tags in the IAM User Guide.

\n

\n Identities\n

\n

Before your application can call AssumeRoleWithWebIdentity, you must have\n an identity token from a supported identity provider and create a role that the application\n can assume. The role that your application assumes must trust the identity provider that is\n associated with the identity token. In other words, the identity provider must be specified\n in the role's trust policy.

\n \n

Calling AssumeRoleWithWebIdentity can result in an entry in your\n AWS CloudTrail logs. The entry includes the Subject of\n the provided web identity token. We recommend that you avoid using any personally\n identifiable information (PII) in this field. For example, you could instead use a GUID\n or a pairwise identifier, as suggested\n in the OIDC specification.

\n
\n

For more information about how to use web identity federation and the\n AssumeRoleWithWebIdentity API, see the following resources:

\n " } }, "com.amazonaws.sts#AssumeRoleWithWebIdentityRequest": { @@ -396,13 +414,13 @@ "PolicyArns": { "target": "com.amazonaws.sts#policyDescriptorListType", "traits": { - "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as\n managed session policies. The policies must exist in the same account as the role.

\n

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the\n plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS\n Service Namespaces in the AWS General Reference.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

" + "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as\n managed session policies. The policies must exist in the same account as the role.

\n

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the\n plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS\n Service Namespaces in the AWS General Reference.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

" } }, "Policy": { "target": "com.amazonaws.sts#sessionPolicyDocumentType", "traits": { - "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

This parameter is optional. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

The plain text that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" + "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

This parameter is optional. Passing policies to this operation returns new \n temporary credentials. The resulting session's permissions are the intersection of the \n role's identity-based policy and the session policies. You can use the role's temporary \n credentials in subsequent AWS API calls to access resources in the account that owns \n the role. You cannot use session policies to grant more permissions than those allowed \n by the identity-based policy of the role that is being assumed. For more information, see\n Session\n Policies in the IAM User Guide.

\n

The plaintext that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" } }, "DurationSeconds": { @@ -451,6 +469,12 @@ "traits": { "smithy.api#documentation": "

The intended audience (also known as client ID) of the web identity token. This is\n traditionally the client identifier issued to the application that requested the web\n identity token.

" } + }, + "SourceIdentity": { + "target": "com.amazonaws.sts#sourceIdentityType", + "traits": { + "smithy.api#documentation": "

The value of the source identity that is returned in the JSON web token (JWT) from the\n identity provider.

\n

You can require users to set a source identity value when they assume a role. You do\n this by using the sts:SourceIdentity condition key in a role trust policy.\n That way, actions that are taken with the role are associated with that user. After the\n source identity is set, the value cannot be changed. It is present in the request for all\n actions that are taken by the role and persists across chained\n role sessions. You can configure your identity provider to use an attribute\n associated with your users, like user name or email, as the source identity when calling\n AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web\n token. To learn more about OIDC tokens and claims, see Using Tokens with User Pools in the Amazon Cognito Developer Guide.\n For more information about using source identity, see Monitor and control\n actions taken with assumed roles in the\n IAM User Guide.

\n

The regex used to validate this parameter is a string of characters \n consisting of upper- and lower-case alphanumeric characters with no spaces. You can \n also include underscores or any of the following characters: =,.@-

" + } } }, "traits": { @@ -605,7 +629,7 @@ "target": "com.amazonaws.sts#GetAccessKeyInfoResponse" }, "traits": { - "smithy.api#documentation": "

Returns the account identifier for the specified access key ID.

\n

Access keys consist of two parts: an access key ID (for example,\n AKIAIOSFODNN7EXAMPLE) and a secret access key (for example,\n wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For more information about\n access keys, see Managing Access Keys for IAM\n Users in the IAM User Guide.

\n

When you pass an access key ID to this operation, it returns the ID of the AWS account\n to which the keys belong. Access key IDs beginning with AKIA are long-term\n credentials for an IAM user or the AWS account root user. Access key IDs beginning with\n ASIA are temporary credentials that are created using STS operations. If\n the account in the response belongs to you, you can sign in as the root user and review\n your root user access keys. Then, you can pull a credentials report to\n learn which IAM user owns the keys. To learn who requested the temporary credentials for\n an ASIA access key, view the STS events in your CloudTrail logs in the\n IAM User Guide.

\n

This operation does not indicate the state of the access key. The key might be active,\n inactive, or deleted. Active keys might not have permissions to perform an operation.\n Providing a deleted access key might return an error that the key doesn't exist.

" + "smithy.api#documentation": "

Returns the account identifier for the specified access key ID.

\n

Access keys consist of two parts: an access key ID (for example,\n AKIAIOSFODNN7EXAMPLE) and a secret access key (for example,\n wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For more information about\n access keys, see Managing Access Keys for IAM\n Users in the IAM User Guide.

\n

When you pass an access key ID to this operation, it returns the ID of the AWS\n account to which the keys belong. Access key IDs beginning with AKIA are\n long-term credentials for an IAM user or the AWS account root user. Access key IDs\n beginning with ASIA are temporary credentials that are created using STS\n operations. If the account in the response belongs to you, you can sign in as the root\n user and review your root user access keys. Then, you can pull a credentials report to learn which IAM user owns the keys. To learn who\n requested the temporary credentials for an ASIA access key, view the STS\n events in your CloudTrail logs in the\n IAM User Guide.

\n

This operation does not indicate the state of the access key. The key might be active,\n inactive, or deleted. Active keys might not have permissions to perform an operation.\n Providing a deleted access key might return an error that the key doesn't exist.

" } }, "com.amazonaws.sts#GetAccessKeyInfoRequest": { @@ -614,7 +638,7 @@ "AccessKeyId": { "target": "com.amazonaws.sts#accessKeyIdType", "traits": { - "smithy.api#documentation": "

The identifier of an access key.

\n

This parameter allows (through its regex pattern) a string of characters that can\n consist of any upper- or lowercase letter or digit.

", + "smithy.api#documentation": "

The identifier of an access key.

\n

This parameter allows (through its regex pattern) a string of characters that can\n consist of any upper- or lowercase letter or digit.

", "smithy.api#required": {} } } @@ -640,7 +664,7 @@ "target": "com.amazonaws.sts#GetCallerIdentityResponse" }, "traits": { - "smithy.api#documentation": "

Returns details about the IAM user or role whose credentials are used to call the\n operation.

\n \n

No permissions are required to perform this operation. If an administrator adds a\n policy to your IAM user or role that explicitly denies access to the\n sts:GetCallerIdentity action, you can still perform this operation.\n Permissions are not required because the same information is returned when an IAM user\n or role is denied access. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice in the\n IAM User Guide.

\n
" + "smithy.api#documentation": "

Returns details about the IAM user or role whose credentials are used to call the\n operation.

\n \n

No permissions are required to perform this operation. If an administrator adds a\n policy to your IAM user or role that explicitly denies access to the\n sts:GetCallerIdentity action, you can still perform this operation.\n Permissions are not required because the same information is returned when an IAM\n user or role is denied access. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice in the\n IAM User Guide.

\n
" } }, "com.amazonaws.sts#GetCallerIdentityRequest": { @@ -693,7 +717,7 @@ } ], "traits": { - "smithy.api#documentation": "

Returns a set of temporary security credentials (consisting of an access key ID, a\n secret access key, and a security token) for a federated user. A typical use is in a proxy\n application that gets temporary security credentials on behalf of distributed applications\n inside a corporate network. You must call the GetFederationToken operation\n using the long-term security credentials of an IAM user. As a result, this call is\n appropriate in contexts where those credentials can be safely stored, usually in a\n server-based application. For a comparison of GetFederationToken with the\n other API operations that produce temporary credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n \n

You can create a mobile-based or browser-based app that can authenticate users using\n a web identity provider like Login with Amazon, Facebook, Google, or an OpenID\n Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or\n AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the\n IAM User Guide.

\n
\n

You can also call GetFederationToken using the security credentials of an\n AWS account root user, but we do not recommend it. Instead, we recommend that you create\n an IAM user for the purpose of the proxy application. Then attach a policy to the IAM\n user that limits federated users to only the actions and resources that they need to\n access. For more information, see IAM Best Practices in the\n IAM User Guide.

\n

\n Session duration\n

\n

The temporary credentials are valid for the specified duration, from 900 seconds (15\n minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is\n 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account\n root user credentials have a maximum duration of 3,600 seconds (1 hour).

\n

\n Permissions\n

\n

You can use the temporary credentials created by GetFederationToken in any\n AWS service except the following:

\n \n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plain text that you use for both inline and managed session policies can't exceed 2,048\n characters.

\n

Though the session policy parameters are optional, if you do not pass a policy, then the\n resulting federated user session has no permissions. When you pass session policies, the\n session permissions are the intersection of the IAM user policies and the session\n policies that you pass. This gives you a way to further restrict the permissions for a\n federated user. You cannot use session policies to grant more permissions than those that\n are defined in the permissions policy of the IAM user. For more information, see Session\n Policies in the IAM User Guide. For information about\n using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

\n

You can use the credentials to access a resource that has a resource-based policy. If\n that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions allowed by\n the policy. These permissions are granted in addition to the permissions granted by the\n session policies.

\n

\n Tags\n

\n

(Optional) You can pass tag key-value pairs to your session. These are called session\n tags. For more information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using Tags\n for Attribute-Based Access Control in the\n IAM User Guide.

\n

Tag key–value pairs are not case sensitive, but case is preserved. This means that you\n cannot have separate Department and department tag keys. Assume\n that the user that you are federating has the\n Department=Marketing tag and you pass the\n department=engineering session tag. Department\n and department are not saved as separate tags, and the session tag passed in\n the request takes precedence over the user tag.

" + "smithy.api#documentation": "

Returns a set of temporary security credentials (consisting of an access key ID, a\n secret access key, and a security token) for a federated user. A typical use is in a proxy\n application that gets temporary security credentials on behalf of distributed applications\n inside a corporate network. You must call the GetFederationToken operation\n using the long-term security credentials of an IAM user. As a result, this call is\n appropriate in contexts where those credentials can be safely stored, usually in a\n server-based application. For a comparison of GetFederationToken with the\n other API operations that produce temporary credentials, see Requesting Temporary Security\n Credentials and Comparing the\n AWS STS API operations in the IAM User Guide.

\n \n

You can create a mobile-based or browser-based app that can authenticate users using\n a web identity provider like Login with Amazon, Facebook, Google, or an OpenID\n Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or\n AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the\n IAM User Guide.

\n
\n

You can also call GetFederationToken using the security credentials of an\n AWS account root user, but we do not recommend it. Instead, we recommend that you create\n an IAM user for the purpose of the proxy application. Then attach a policy to the IAM\n user that limits federated users to only the actions and resources that they need to\n access. For more information, see IAM Best Practices in the\n IAM User Guide.

\n

\n Session duration\n

\n

The temporary credentials are valid for the specified duration, from 900 seconds (15\n minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is\n 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account\n root user credentials have a maximum duration of 3,600 seconds (1 hour).

\n

\n Permissions\n

\n

You can use the temporary credentials created by GetFederationToken in any\n AWS service except the following:

\n \n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters.

\n

Though the session policy parameters are optional, if you do not pass a policy, then the\n resulting federated user session has no permissions. When you pass session policies, the\n session permissions are the intersection of the IAM user policies and the session\n policies that you pass. This gives you a way to further restrict the permissions for a\n federated user. You cannot use session policies to grant more permissions than those that\n are defined in the permissions policy of the IAM user. For more information, see Session\n Policies in the IAM User Guide. For information about\n using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

\n

You can use the credentials to access a resource that has a resource-based policy. If\n that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions allowed by\n the policy. These permissions are granted in addition to the permissions granted by the\n session policies.

\n

\n Tags\n

\n

(Optional) You can pass tag key-value pairs to your session. These are called session\n tags. For more information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n \n

You can create a mobile-based or browser-based app that can authenticate users\n using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID\n Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or\n AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the\n IAM User Guide.

\n
\n

You can also call GetFederationToken using the security credentials of an\n AWS account root user, but we do not recommend it. Instead, we recommend that you\n create an IAM user for the purpose of the proxy application. Then attach a policy to\n the IAM user that limits federated users to only the actions and resources that they\n need to access. For more information, see IAM Best Practices in the\n IAM User Guide.

\n

\n Session duration\n

\n

The temporary credentials are valid for the specified duration, from 900 seconds (15\n minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is\n 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS\n account root user credentials have a maximum duration of 3,600 seconds (1 hour).

\n

\n Permissions\n

\n

You can use the temporary credentials created by GetFederationToken in\n any AWS service except the following:

\n \n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session\n policies. The plain text that you use for both inline and managed session policies can't\n exceed 2,048 characters.

\n

Though the session policy parameters are optional, if you do not pass a policy, then\n the resulting federated user session has no permissions. When you pass session policies,\n the session permissions are the intersection of the IAM user policies and the session\n policies that you pass. This gives you a way to further restrict the permissions for a\n federated user. You cannot use session policies to grant more permissions than those\n that are defined in the permissions policy of the IAM user. For more information, see\n Session Policies\n in the IAM User Guide. For information about using\n GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

\n

You can use the credentials to access a resource that has a resource-based policy. If\n that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions\n allowed by the policy. These permissions are granted in addition to the permissions\n granted by the session policies.

\n

\n Tags\n

\n

(Optional) You can pass tag key-value pairs to your session. These are called session\n tags. For more information about session tags, see Passing Session Tags in STS in\n the IAM User Guide.

\n

An administrator must grant you the permissions necessary to pass session tags. The\n administrator can also create granular permissions to allow you to pass only specific\n session tags. For more information, see Tutorial: Using\n Tags for Attribute-Based Access Control in the\n IAM User Guide.

\n

Tag key–value pairs are not case sensitive, but case is preserved. This means that you\n cannot have separate Department and department tag keys.\n Assume that the user that you are federating has the\n Department=Marketing tag and you pass the\n department=engineering session tag.\n Department and department are not saved as separate tags,\n and the session tag passed in the request takes precedence over the user tag.

" } }, "com.amazonaws.sts#GetFederationTokenRequest": { @@ -709,13 +733,13 @@ "Policy": { "target": "com.amazonaws.sts#sessionPolicyDocumentType", "traits": { - "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session\n policies.

\n

This parameter is optional. However, if you do not pass any session policies, then the\n resulting federated user session has no permissions.

\n

When you pass session policies, the session permissions are the intersection of the\n IAM user policies and the session policies that you pass. This gives you a way to further\n restrict the permissions for a federated user. You cannot use session policies to grant\n more permissions than those that are defined in the permissions policy of the IAM user.\n For more information, see Session Policies in\n the IAM User Guide.

\n

The resulting credentials can be used to access a resource that has a resource-based\n policy. If that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions allowed by\n the policy. These permissions are granted in addition to the permissions that are granted\n by the session policies.

\n

The plain text that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" + "smithy.api#documentation": "

An IAM policy in JSON format that you want to use as an inline session policy.

\n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session\n policies.

\n

This parameter is optional. However, if you do not pass any session policies, then the\n resulting federated user session has no permissions.

\n

When you pass session policies, the session permissions are the intersection of the\n IAM user policies and the session policies that you pass. This gives you a way to further\n restrict the permissions for a federated user. You cannot use session policies to grant\n more permissions than those that are defined in the permissions policy of the IAM user.\n For more information, see Session Policies in\n the IAM User Guide.

\n

The resulting credentials can be used to access a resource that has a resource-based\n policy. If that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions allowed by\n the policy. These permissions are granted in addition to the permissions that are granted\n by the session policies.

\n

The plaintext that you use for both inline and managed session policies can't exceed\n 2,048 characters. The JSON policy characters can be any ASCII character from the space\n character to the end of the valid character list (\\u0020 through \\u00FF). It can also\n include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D)\n characters.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" } }, "PolicyArns": { "target": "com.amazonaws.sts#policyDescriptorListType", "traits": { - "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a\n managed session policy. The policies must exist in the same account as the IAM user that\n is requesting federated access.

\n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plain text that you use for both inline and managed session policies can't exceed 2,048\n characters. You can provide up to 10 managed policy ARNs. For more information about ARNs,\n see Amazon\n Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

\n

This parameter is optional. However, if you do not pass any session policies, then the\n resulting federated user session has no permissions.

\n

When you pass session policies, the session permissions are the intersection of the\n IAM user policies and the session policies that you pass. This gives you a way to further\n restrict the permissions for a federated user. You cannot use session policies to grant\n more permissions than those that are defined in the permissions policy of the IAM user.\n For more information, see Session Policies in\n the IAM User Guide.

\n

The resulting credentials can be used to access a resource that has a resource-based\n policy. If that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions allowed by\n the policy. These permissions are granted in addition to the permissions that are granted\n by the session policies.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" + "smithy.api#documentation": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a\n managed session policy. The policies must exist in the same account as the IAM user that\n is requesting federated access.

\n

You must pass an inline or managed session policy to\n this operation. You can pass a single JSON policy document to use as an inline session\n policy. You can also specify up to 10 managed policies to use as managed session policies.\n The plaintext that you use for both inline and managed session policies can't exceed 2,048\n characters. You can provide up to 10 managed policy ARNs. For more information about ARNs,\n see Amazon\n Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

\n

This parameter is optional. However, if you do not pass any session policies, then the\n resulting federated user session has no permissions.

\n

When you pass session policies, the session permissions are the intersection of the\n IAM user policies and the session policies that you pass. This gives you a way to further\n restrict the permissions for a federated user. You cannot use session policies to grant\n more permissions than those that are defined in the permissions policy of the IAM user.\n For more information, see Session Policies in\n the IAM User Guide.

\n

The resulting credentials can be used to access a resource that has a resource-based\n policy. If that policy specifically references the federated user session in the\n Principal element of the policy, the session has the permissions allowed by\n the policy. These permissions are granted in addition to the permissions that are granted\n by the session policies.

\n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
" } }, "DurationSeconds": { @@ -727,7 +751,7 @@ "Tags": { "target": "com.amazonaws.sts#tagListType", "traits": { - "smithy.api#documentation": "

A list of session tags. Each session tag consists of a key name and an associated value.\n For more information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

This parameter is optional. You can pass up to 50 session tags. The plain text session\n tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these\n and additional limits, see IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plain text meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n \n

You can pass a session tag with the same key as a tag that is already attached to the\n user you are federating. When you do, session tags override a user tag with the same key.

\n

Tag key–value pairs are not case sensitive, but case is preserved. This means that you\n cannot have separate Department and department tag keys. Assume\n that the role has the Department=Marketing tag and you pass the\n department=engineering session tag. Department\n and department are not saved as separate tags, and the session tag passed in\n the request takes precedence over the role tag.

" + "smithy.api#documentation": "

A list of session tags. Each session tag consists of a key name and an associated value.\n For more information about session tags, see Passing Session Tags in STS in the\n IAM User Guide.

\n

This parameter is optional. You can pass up to 50 session tags. The plaintext session\n tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these\n and additional limits, see IAM\n and STS Character Limits in the IAM User Guide.

\n \n \n

An AWS conversion compresses the passed session policies and session tags into a\n packed binary format that has a separate limit. Your request can fail for this limit\n even if your plaintext meets the other requirements. The PackedPolicySize\n response element indicates by percentage how close the policies and tags for your\n request are to the upper size limit.\n

\n
\n

You can pass a session tag with the same key as a tag that is already\n attached to the user you are federating. When you do, session tags override a user tag with\n the same key.

\n

Tag key–value pairs are not case sensitive, but case is preserved. This means that you\n cannot have separate Department and department tag keys. Assume\n that the role has the Department=Marketing tag and you pass the\n department=engineering session tag. Department\n and department are not saved as separate tags, and the session tag passed in\n the request takes precedence over the role tag.

" } } } @@ -781,19 +805,19 @@ "DurationSeconds": { "target": "com.amazonaws.sts#durationSecondsType", "traits": { - "smithy.api#documentation": "

The duration, in seconds, that the credentials should remain valid. Acceptable durations\n for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours),\n with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are\n restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one\n hour, the session for AWS account owners defaults to one hour.

" + "smithy.api#documentation": "

The duration, in seconds, that the credentials should remain valid. Acceptable\n durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds\n (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account\n owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is\n longer than one hour, the session for AWS account owners defaults to one hour.

" } }, "SerialNumber": { "target": "com.amazonaws.sts#serialNumberType", "traits": { - "smithy.api#documentation": "

The identification number of the MFA device that is associated with the IAM user who\n is making the GetSessionToken call. Specify this value if the IAM user has a\n policy that requires MFA authentication. The value is either the serial number for a\n hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a\n virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the\n device for an IAM user by going to the AWS Management Console and viewing the user's security\n credentials.

\n

The regex used to validate this parameter is a string of \n characters consisting of upper- and lower-case alphanumeric characters with no spaces. \n You can also include underscores or any of the following characters: =,.@:/-

" + "smithy.api#documentation": "

The identification number of the MFA device that is associated with the IAM user who\n is making the GetSessionToken call. Specify this value if the IAM user\n has a policy that requires MFA authentication. The value is either the serial number for\n a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN)\n for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can\n find the device for an IAM user by going to the AWS Management Console and viewing the user's\n security credentials.

\n

The regex used to validate this parameter is a string of \n characters consisting of upper- and lower-case alphanumeric characters with no spaces. \n You can also include underscores or any of the following characters: =,.@:/-

" } }, "TokenCode": { "target": "com.amazonaws.sts#tokenCodeType", "traits": { - "smithy.api#documentation": "

The value provided by the MFA device, if MFA is required. If any policy requires the\n IAM user to submit an MFA code, specify this value. If MFA authentication is required,\n the user must provide a code when requesting a set of temporary security credentials. A\n user who fails to provide the code receives an \"access denied\" response when requesting\n resources that require MFA authentication.

\n

The format for this parameter, as described by its regex pattern, is a sequence of six\n numeric digits.

" + "smithy.api#documentation": "

The value provided by the MFA device, if MFA is required. If any policy requires the\n IAM user to submit an MFA code, specify this value. If MFA authentication is required,\n the user must provide a code when requesting a set of temporary security credentials. A\n user who fails to provide the code receives an \"access denied\" response when requesting\n resources that require MFA authentication.

\n

The format for this parameter, as described by its regex pattern, is a sequence of six\n numeric digits.

" } } } @@ -804,7 +828,7 @@ "Credentials": { "target": "com.amazonaws.sts#Credentials", "traits": { - "smithy.api#documentation": "

The temporary security credentials, which include an access key ID, a secret access key,\n and a security (or session) token.

\n \n

The size of the security token that STS API operations return is not fixed. We\n strongly recommend that you make no assumptions about the maximum size.

\n
" + "smithy.api#documentation": "

The temporary security credentials, which include an access key ID, a secret access\n key, and a security (or session) token.

\n \n \n

The size of the security token that STS API operations return is not fixed. We\n strongly recommend that you make no assumptions about the maximum size.

\n
" } } }, @@ -1129,6 +1153,16 @@ "smithy.api#pattern": "[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+" } }, + "com.amazonaws.sts#sourceIdentityType": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 2, + "max": 64 + }, + "smithy.api#pattern": "[\\w+=,.@-]*" + } + }, "com.amazonaws.sts#tagKeyListType": { "type": "list", "member": { diff --git a/codegen/smithy-aws-go-codegen/src/main/resources/software/amazon/smithy/aws/go/codegen/endpoints.json b/codegen/smithy-aws-go-codegen/src/main/resources/software/amazon/smithy/aws/go/codegen/endpoints.json index 74f5f380536..ebeb7028cef 100644 --- a/codegen/smithy-aws-go-codegen/src/main/resources/software/amazon/smithy/aws/go/codegen/endpoints.json +++ b/codegen/smithy-aws-go-codegen/src/main/resources/software/amazon/smithy/aws/go/codegen/endpoints.json @@ -1649,6 +1649,7 @@ "endpoints" : { "ap-northeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-west-2" : { }, "us-east-1" : { }, @@ -3244,6 +3245,7 @@ "ap-east-1" : { }, "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, @@ -3918,6 +3920,13 @@ "us-west-2" : { } } }, + "lookoutequipment" : { + "endpoints" : { + "ap-northeast-2" : { }, + "eu-west-1" : { }, + "us-east-1" : { } + } + }, "lookoutvision" : { "endpoints" : { "ap-northeast-1" : { }, @@ -7569,6 +7578,12 @@ "cn-northwest-1" : { } } }, + "mq" : { + "endpoints" : { + "cn-north-1" : { }, + "cn-northwest-1" : { } + } + }, "neptune" : { "endpoints" : { "cn-northwest-1" : { @@ -8576,6 +8591,27 @@ "us-gov-west-1" : { } } }, + "fms" : { + "defaults" : { + "protocols" : [ "https" ] + }, + "endpoints" : { + "fips-us-gov-east-1" : { + "credentialScope" : { + "region" : "us-gov-east-1" + }, + "hostname" : "fms-fips.us-gov-east-1.amazonaws.com" + }, + "fips-us-gov-west-1" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "hostname" : "fms-fips.us-gov-west-1.amazonaws.com" + }, + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "fsx" : { "endpoints" : { "fips-prod-us-gov-east-1" : { diff --git a/service/codebuild/deserializers.go b/service/codebuild/deserializers.go index 3bdb1bb49a5..922170755c0 100644 --- a/service/codebuild/deserializers.go +++ b/service/codebuild/deserializers.go @@ -5570,6 +5570,15 @@ func awsAwsjson11_deserializeDocumentBuildArtifacts(v **types.BuildArtifacts, va sv.ArtifactIdentifier = ptr.String(jtv) } + case "bucketOwnerAccess": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BucketOwnerAccess to be of type string, got %T instead", value) + } + sv.BucketOwnerAccess = types.BucketOwnerAccess(jtv) + } + case "encryptionDisabled": if value != nil { jtv, ok := value.(bool) @@ -8362,6 +8371,15 @@ func awsAwsjson11_deserializeDocumentProjectArtifacts(v **types.ProjectArtifacts sv.ArtifactIdentifier = ptr.String(jtv) } + case "bucketOwnerAccess": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BucketOwnerAccess to be of type string, got %T instead", value) + } + sv.BucketOwnerAccess = types.BucketOwnerAccess(jtv) + } + case "encryptionDisabled": if value != nil { jtv, ok := value.(bool) @@ -10035,6 +10053,15 @@ func awsAwsjson11_deserializeDocumentS3LogsConfig(v **types.S3LogsConfig, value for key, value := range shape { switch key { + case "bucketOwnerAccess": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BucketOwnerAccess to be of type string, got %T instead", value) + } + sv.BucketOwnerAccess = types.BucketOwnerAccess(jtv) + } + case "encryptionDisabled": if value != nil { jtv, ok := value.(bool) diff --git a/service/codebuild/serializers.go b/service/codebuild/serializers.go index 1a022b1b54f..292a18e6a22 100644 --- a/service/codebuild/serializers.go +++ b/service/codebuild/serializers.go @@ -2290,6 +2290,11 @@ func awsAwsjson11_serializeDocumentProjectArtifacts(v *types.ProjectArtifacts, v ok.String(*v.ArtifactIdentifier) } + if len(v.BucketOwnerAccess) > 0 { + ok := object.Key("bucketOwnerAccess") + ok.String(string(v.BucketOwnerAccess)) + } + if v.EncryptionDisabled != nil { ok := object.Key("encryptionDisabled") ok.Boolean(*v.EncryptionDisabled) @@ -2697,6 +2702,11 @@ func awsAwsjson11_serializeDocumentS3LogsConfig(v *types.S3LogsConfig, value smi object := value.Object() defer object.Close() + if len(v.BucketOwnerAccess) > 0 { + ok := object.Key("bucketOwnerAccess") + ok.String(string(v.BucketOwnerAccess)) + } + if v.EncryptionDisabled != nil { ok := object.Key("encryptionDisabled") ok.Boolean(*v.EncryptionDisabled) diff --git a/service/codebuild/types/enums.go b/service/codebuild/types/enums.go index 16926bc1a19..0c7901e0202 100644 --- a/service/codebuild/types/enums.go +++ b/service/codebuild/types/enums.go @@ -78,6 +78,26 @@ func (AuthType) Values() []AuthType { } } +type BucketOwnerAccess string + +// Enum values for BucketOwnerAccess +const ( + BucketOwnerAccessNone BucketOwnerAccess = "NONE" + BucketOwnerAccessReadOnly BucketOwnerAccess = "READ_ONLY" + BucketOwnerAccessFull BucketOwnerAccess = "FULL" +) + +// Values returns all known values for BucketOwnerAccess. Note that this can be +// expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (BucketOwnerAccess) Values() []BucketOwnerAccess { + return []BucketOwnerAccess{ + "NONE", + "READ_ONLY", + "FULL", + } +} + type BuildBatchPhaseType string // Enum values for BuildBatchPhaseType diff --git a/service/codebuild/types/types.go b/service/codebuild/types/types.go index 68588f16cf6..b26ce910033 100644 --- a/service/codebuild/types/types.go +++ b/service/codebuild/types/types.go @@ -79,7 +79,12 @@ type Build struct { // Information about the build environment for this build. Environment *ProjectEnvironment - // A list of exported environment variables for this build. + // A list of exported environment variables for this build. Exported environment + // variables are used in conjunction with AWS CodePipeline to export environment + // variables from the current build stage to subsequent stages in the pipeline. For + // more information, see Working with variables + // (https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-variables.html) + // in the AWS CodePipeline User Guide. ExportedEnvironmentVariables []ExportedEnvironmentVariable // An array of ProjectFileSystemLocation objects for a CodeBuild build project. A @@ -198,6 +203,29 @@ type BuildArtifacts struct { // An identifier for this artifact definition. ArtifactIdentifier *string + // Specifies the access for objects that are uploaded to an Amazon S3 bucket that + // is owned by another account. By default, only the account that uploads the + // objects to the bucket has access to these objects. This property allows you to + // give the bucket owner access to these objects. NONE The bucket owner does not + // have access to the objects. This is the default. READ_ONLY The bucket owner has + // read only access to the objects. The uploading account retains ownership of the + // objects. FULL The bucket owner has full access to the objects. Object ownership + // is determined by the following criteria: + // + // * If the bucket is configured with the + // Bucket owner preferred setting, the bucket owner owns the objects. The uploading + // account will have object access as specified by the bucket's policy. + // + // * + // Otherwise, the uploading account retains ownership of the objects. + // + // For more + // information about Amazon S3 object ownership, see Controlling ownership of + // uploaded objects using S3 Object Ownership + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon Simple Storage Service User Guide. + BucketOwnerAccess BucketOwnerAccess + // Information that tells you if encryption for build artifacts is disabled. EncryptionDisabled *bool @@ -733,17 +761,21 @@ type EnvironmentVariable struct { Type EnvironmentVariableType } -// Information about an exported environment variable. +// Contains information about an exported environment variable. Exported +// environment variables are used in conjunction with AWS CodePipeline to export +// environment variables from the current build stage to subsequent stages in the +// pipeline. For more information, see Working with variables +// (https://docs.aws.amazon.com/codepipeline/latest/userguide/actions-variables.html) +// in the AWS CodePipeline User Guide. During a build, the value of a variable is +// available starting with the install phase. It can be updated between the start +// of the install phase and the end of the post_build phase. After the post_build +// phase ends, the value of exported variables cannot change. type ExportedEnvironmentVariable struct { - // The name of this exported environment variable. + // The name of the exported environment variable. Name *string - // The value assigned to this exported environment variable. During a build, the - // value of a variable is available starting with the install phase. It can be - // updated between the start of the install phase and the end of the post_build - // phase. After the post_build phase ends, the value of exported variables cannot - // change. + // The value assigned to the exported environment variable. Value *string } @@ -973,6 +1005,29 @@ type ProjectArtifacts struct { // An identifier for this artifact definition. ArtifactIdentifier *string + // Specifies the access for objects that are uploaded to an Amazon S3 bucket that + // is owned by another account. By default, only the account that uploads the + // objects to the bucket has access to these objects. This property allows you to + // give the bucket owner access to these objects. NONE The bucket owner does not + // have access to the objects. This is the default. READ_ONLY The bucket owner has + // read only access to the objects. The uploading account retains ownership of the + // objects. FULL The bucket owner has full access to the objects. Object ownership + // is determined by the following criteria: + // + // * If the bucket is configured with the + // Bucket owner preferred setting, the bucket owner owns the objects. The uploading + // account will have object access as specified by the bucket's policy. + // + // * + // Otherwise, the uploading account retains ownership of the objects. + // + // For more + // information about Amazon S3 object ownership, see Controlling ownership of + // uploaded objects using S3 Object Ownership + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon Simple Storage Service User Guide. + BucketOwnerAccess BucketOwnerAccess + // Set to true if you do not want your output artifacts encrypted. This option is // valid only if your artifacts type is Amazon S3. If this is set with another // artifacts type, an invalidInputException is thrown. @@ -1704,6 +1759,29 @@ type S3LogsConfig struct { // This member is required. Status LogsConfigStatusType + // Specifies the access for objects that are uploaded to an Amazon S3 bucket that + // is owned by another account. By default, only the account that uploads the + // objects to the bucket has access to these objects. This property allows you to + // give the bucket owner access to these objects. NONE The bucket owner does not + // have access to the objects. This is the default. READ_ONLY The bucket owner has + // read only access to the objects. The uploading account retains ownership of the + // objects. FULL The bucket owner has full access to the objects. Object ownership + // is determined by the following criteria: + // + // * If the bucket is configured with the + // Bucket owner preferred setting, the bucket owner owns the objects. The uploading + // account will have object access as specified by the bucket's policy. + // + // * + // Otherwise, the uploading account retains ownership of the objects. + // + // For more + // information about Amazon S3 object ownership, see Controlling ownership of + // uploaded objects using S3 Object Ownership + // (https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html) + // in the Amazon Simple Storage Service User Guide. + BucketOwnerAccess BucketOwnerAccess + // Set to true if you do not want your S3 build log output encrypted. By default S3 // build logs are encrypted. EncryptionDisabled *bool diff --git a/service/codestarconnections/api_op_CreateHost.go b/service/codestarconnections/api_op_CreateHost.go index e4f095a2f4e..fc5066127d6 100644 --- a/service/codestarconnections/api_op_CreateHost.go +++ b/service/codestarconnections/api_op_CreateHost.go @@ -53,6 +53,8 @@ type CreateHostInput struct { // This member is required. ProviderType types.ProviderType + Tags []types.Tag + // The VPC configuration to be provisioned for the host. A VPC must be configured // and the infrastructure to be represented by the host must already be connected // to the VPC. @@ -64,6 +66,8 @@ type CreateHostOutput struct { // The Amazon Resource Name (ARN) of the host to be created. HostArn *string + Tags []types.Tag + // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata } diff --git a/service/codestarconnections/deserializers.go b/service/codestarconnections/deserializers.go index 1b9dc99a5a5..62282d73a86 100644 --- a/service/codestarconnections/deserializers.go +++ b/service/codestarconnections/deserializers.go @@ -2279,6 +2279,11 @@ func awsAwsjson10_deserializeOpDocumentCreateHostOutput(v **CreateHostOutput, va sv.HostArn = ptr.String(jtv) } + case "Tags": + if err := awsAwsjson10_deserializeDocumentTagList(&sv.Tags, value); err != nil { + return err + } + default: _, _ = key, value diff --git a/service/codestarconnections/serializers.go b/service/codestarconnections/serializers.go index 74dd3495e54..308cf188863 100644 --- a/service/codestarconnections/serializers.go +++ b/service/codestarconnections/serializers.go @@ -719,6 +719,13 @@ func awsAwsjson10_serializeOpDocumentCreateHostInput(v *CreateHostInput, value s ok.String(string(v.ProviderType)) } + if v.Tags != nil { + ok := object.Key("Tags") + if err := awsAwsjson10_serializeDocumentTagList(v.Tags, ok); err != nil { + return err + } + } + if v.VpcConfiguration != nil { ok := object.Key("VpcConfiguration") if err := awsAwsjson10_serializeDocumentVpcConfiguration(v.VpcConfiguration, ok); err != nil { diff --git a/service/codestarconnections/validators.go b/service/codestarconnections/validators.go index a836c13599c..f291128b0eb 100644 --- a/service/codestarconnections/validators.go +++ b/service/codestarconnections/validators.go @@ -345,6 +345,11 @@ func validateOpCreateHostInput(v *CreateHostInput) error { invalidParams.AddNested("VpcConfiguration", err.(smithy.InvalidParamsError)) } } + if v.Tags != nil { + if err := validateTagList(v.Tags); err != nil { + invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError)) + } + } if invalidParams.Len() > 0 { return invalidParams } else { diff --git a/service/comprehendmedical/deserializers.go b/service/comprehendmedical/deserializers.go index 6a14990870a..98cd2673728 100644 --- a/service/comprehendmedical/deserializers.go +++ b/service/comprehendmedical/deserializers.go @@ -3392,6 +3392,15 @@ func awsAwsjson11_deserializeDocumentICD10CMAttribute(v **types.ICD10CMAttribute sv.BeginOffset = ptr.Int32(int32(i64)) } + case "Category": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ICD10CMEntityType to be of type string, got %T instead", value) + } + sv.Category = types.ICD10CMEntityType(jtv) + } + case "EndOffset": if value != nil { jtv, ok := value.(json.Number) @@ -3431,6 +3440,15 @@ func awsAwsjson11_deserializeDocumentICD10CMAttribute(v **types.ICD10CMAttribute sv.RelationshipScore = ptr.Float32(float32(f64)) } + case "RelationshipType": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ICD10CMRelationshipType to be of type string, got %T instead", value) + } + sv.RelationshipType = types.ICD10CMRelationshipType(jtv) + } + case "Score": if value != nil { jtv, ok := value.(json.Number) diff --git a/service/comprehendmedical/types/enums.go b/service/comprehendmedical/types/enums.go index 67c07f68cbf..5fa4ebab191 100644 --- a/service/comprehendmedical/types/enums.go +++ b/service/comprehendmedical/types/enums.go @@ -141,6 +141,8 @@ const ( ICD10CMAttributeTypeSystemOrganSite ICD10CMAttributeType = "SYSTEM_ORGAN_SITE" ICD10CMAttributeTypeQuality ICD10CMAttributeType = "QUALITY" ICD10CMAttributeTypeQuantity ICD10CMAttributeType = "QUANTITY" + ICD10CMAttributeTypeTimeToDxName ICD10CMAttributeType = "TIME_TO_DX_NAME" + ICD10CMAttributeTypeTimeExpression ICD10CMAttributeType = "TIME_EXPRESSION" ) // Values returns all known values for ICD10CMAttributeType. Note that this can be @@ -153,6 +155,8 @@ func (ICD10CMAttributeType) Values() []ICD10CMAttributeType { "SYSTEM_ORGAN_SITE", "QUALITY", "QUANTITY", + "TIME_TO_DX_NAME", + "TIME_EXPRESSION", } } @@ -176,7 +180,8 @@ type ICD10CMEntityType string // Enum values for ICD10CMEntityType const ( - ICD10CMEntityTypeDxName ICD10CMEntityType = "DX_NAME" + ICD10CMEntityTypeDxName ICD10CMEntityType = "DX_NAME" + ICD10CMEntityTypeTimeExpression ICD10CMEntityType = "TIME_EXPRESSION" ) // Values returns all known values for ICD10CMEntityType. Note that this can be @@ -185,6 +190,25 @@ const ( func (ICD10CMEntityType) Values() []ICD10CMEntityType { return []ICD10CMEntityType{ "DX_NAME", + "TIME_EXPRESSION", + } +} + +type ICD10CMRelationshipType string + +// Enum values for ICD10CMRelationshipType +const ( + ICD10CMRelationshipTypeOverlap ICD10CMRelationshipType = "OVERLAP" + ICD10CMRelationshipTypeSystemOrganSite ICD10CMRelationshipType = "SYSTEM_ORGAN_SITE" +) + +// Values returns all known values for ICD10CMRelationshipType. Note that this can +// be expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (ICD10CMRelationshipType) Values() []ICD10CMRelationshipType { + return []ICD10CMRelationshipType{ + "OVERLAP", + "SYSTEM_ORGAN_SITE", } } diff --git a/service/comprehendmedical/types/types.go b/service/comprehendmedical/types/types.go index e6a2f2cd0ee..fef289a2246 100644 --- a/service/comprehendmedical/types/types.go +++ b/service/comprehendmedical/types/types.go @@ -171,6 +171,9 @@ type ICD10CMAttribute struct { // begins. The offset returns the UTF-8 code point in the string. BeginOffset *int32 + // The category of attribute. Can be either of DX_NAME or TIME_EXPRESSION. + Category ICD10CMEntityType + // The 0-based character offset in the input text that shows where the attribute // ends. The offset returns the UTF-8 code point in the string. EndOffset *int32 @@ -183,6 +186,10 @@ type ICD10CMAttribute struct { // is correctly related to this entity. RelationshipScore *float32 + // The type of relationship between the entity and attribute. Type for the + // relationship can be either of OVERLAP or SYSTEM_ORGAN_SITE. + RelationshipType ICD10CMRelationshipType + // The level of confidence that Amazon Comprehend Medical has that the segment of // text is correctly recognized as an attribute. Score *float32 @@ -258,7 +265,7 @@ type ICD10CMEntity struct { Traits []ICD10CMTrait // Describes the specific type of entity with category of entities. InferICD10CM - // detects entities of the type DX_NAME. + // detects entities of the type DX_NAME and TIME_EXPRESSION. Type ICD10CMEntityType } @@ -275,8 +282,7 @@ type ICD10CMTrait struct { } // The input properties for an entities detection job. This includes the name of -// the S3 bucket and the path to the files to be analyzed. See batch-manifest for -// more information. +// the S3 bucket and the path to the files to be analyzed. type InputDataConfig struct { // The URI of the S3 bucket that contains the input data. The bucket must be in the diff --git a/service/configservice/api_op_DescribeAggregateComplianceByConformancePacks.go b/service/configservice/api_op_DescribeAggregateComplianceByConformancePacks.go index bf390e48697..ea96f33ba01 100644 --- a/service/configservice/api_op_DescribeAggregateComplianceByConformancePacks.go +++ b/service/configservice/api_op_DescribeAggregateComplianceByConformancePacks.go @@ -13,8 +13,10 @@ import ( // Returns a list of the conformance packs and their associated compliance status // with the count of compliant and noncompliant AWS Config rules within each -// conformance pack. The results can return an empty result page, but if you have a -// nextToken, the results are displayed on the next page. +// conformance pack. Also returns the total rule count which includes compliant +// rules, noncompliant rules, and rules that cannot be evaluated due to +// insufficient data. The results can return an empty result page, but if you have +// a nextToken, the results are displayed on the next page. func (c *Client) DescribeAggregateComplianceByConformancePacks(ctx context.Context, params *DescribeAggregateComplianceByConformancePacksInput, optFns ...func(*Options)) (*DescribeAggregateComplianceByConformancePacksOutput, error) { if params == nil { params = &DescribeAggregateComplianceByConformancePacksInput{} @@ -40,8 +42,8 @@ type DescribeAggregateComplianceByConformancePacksInput struct { // Filters the result by AggregateConformancePackComplianceFilters object. Filters *types.AggregateConformancePackComplianceFilters - // The maximum number of conformance packs details returned on each page. The - // default is maximum. If you specify 0, AWS Config uses the default. + // The maximum number of conformance packs compliance details returned on each + // page. The default is maximum. If you specify 0, AWS Config uses the default. Limit int32 // The nextToken string returned on a previous page that you use to get the next diff --git a/service/configservice/api_op_GetAggregateConformancePackComplianceSummary.go b/service/configservice/api_op_GetAggregateConformancePackComplianceSummary.go index eccc7b36b4c..d46dc03dc9e 100644 --- a/service/configservice/api_op_GetAggregateConformancePackComplianceSummary.go +++ b/service/configservice/api_op_GetAggregateConformancePackComplianceSummary.go @@ -12,9 +12,9 @@ import ( ) // Returns the count of compliant and noncompliant conformance packs across all AWS -// Accounts and AWS Regions. You can filter based on AWS Account ID or AWS Region. -// The results can return an empty result page, but if you have a nextToken, the -// results are displayed on the next page. +// Accounts and AWS Regions in an aggregator. You can filter based on AWS Account +// ID or AWS Region. The results can return an empty result page, but if you have a +// nextToken, the results are displayed on the next page. func (c *Client) GetAggregateConformancePackComplianceSummary(ctx context.Context, params *GetAggregateConformancePackComplianceSummaryInput, optFns ...func(*Options)) (*GetAggregateConformancePackComplianceSummaryOutput, error) { if params == nil { params = &GetAggregateConformancePackComplianceSummaryInput{} diff --git a/service/configservice/deserializers.go b/service/configservice/deserializers.go index 48fe4f343fd..8a60eb87e51 100644 --- a/service/configservice/deserializers.go +++ b/service/configservice/deserializers.go @@ -1285,6 +1285,9 @@ func awsAwsjson11_deserializeOpErrorDeleteRemediationConfiguration(response *smi case strings.EqualFold("InsufficientPermissionsException", errorCode): return awsAwsjson11_deserializeErrorInsufficientPermissionsException(response, errorBody) + case strings.EqualFold("InvalidParameterValueException", errorCode): + return awsAwsjson11_deserializeErrorInvalidParameterValueException(response, errorBody) + case strings.EqualFold("NoSuchRemediationConfigurationException", errorCode): return awsAwsjson11_deserializeErrorNoSuchRemediationConfigurationException(response, errorBody) @@ -4610,6 +4613,9 @@ func awsAwsjson11_deserializeOpErrorDescribeRemediationExecutionStatus(response case strings.EqualFold("InvalidNextTokenException", errorCode): return awsAwsjson11_deserializeErrorInvalidNextTokenException(response, errorBody) + case strings.EqualFold("InvalidParameterValueException", errorCode): + return awsAwsjson11_deserializeErrorInvalidParameterValueException(response, errorBody) + case strings.EqualFold("NoSuchRemediationConfigurationException", errorCode): return awsAwsjson11_deserializeErrorNoSuchRemediationConfigurationException(response, errorBody) diff --git a/service/configservice/types/types.go b/service/configservice/types/types.go index 9a323ada9f4..f5a45d13c02 100644 --- a/service/configservice/types/types.go +++ b/service/configservice/types/types.go @@ -43,13 +43,13 @@ type AggregateComplianceByConfigRule struct { // Provides aggregate compliance of the conformance pack. Indicates whether a // conformance pack is compliant based on the name of the conformance pack, account -// ID, and region. A conformance pack is compliant if all of the rules in that +// ID, and region. A conformance pack is compliant if all of the rules in a // conformance packs are compliant. It is noncompliant if any of the rules are not -// compliant. If a conformance pack has rules that return INSUFFICIENT_DATA, the -// conformance pack returns INSUFFICIENT_DATA only if all the rules within that -// conformance pack return INSUFFICIENT_DATA. If some of the rules in a conformance -// pack are compliant and others return INSUFFICIENT_DATA, the conformance pack -// shows compliant. +// compliant. The compliance status of a conformance pack is INSUFFICIENT_DATA only +// if all rules within a conformance pack cannot be evaluated due to insufficient +// data. If some of the rules in a conformance pack are compliant but the +// compliance status of other rules in that same conformance pack is +// INSUFFICIENT_DATA, the conformance pack shows compliant. type AggregateComplianceByConformancePack struct { // The 12-digit AWS account ID of the source account. @@ -77,9 +77,15 @@ type AggregateComplianceCount struct { } // Provides the number of compliant and noncompliant rules within a conformance -// pack. Also provides the total count of compliant rules, noncompliant rules, and -// the rules that do not have any applicable resources to evaluate upon resulting -// in insufficient data. +// pack. Also provides the compliance status of the conformance pack and the total +// rule count which includes compliant rules, noncompliant rules, and rules that +// cannot be evaluated due to insufficient data. A conformance pack is compliant if +// all of the rules in a conformance packs are compliant. It is noncompliant if any +// of the rules are not compliant. The compliance status of a conformance pack is +// INSUFFICIENT_DATA only if all rules within a conformance pack cannot be +// evaluated due to insufficient data. If some of the rules in a conformance pack +// are compliant but the compliance status of other rules in that same conformance +// pack is INSUFFICIENT_DATA, the conformance pack shows compliant. type AggregateConformancePackCompliance struct { // The compliance status of the conformance pack. diff --git a/service/connectcontactlens/internal/endpoints/endpoints.go b/service/connectcontactlens/internal/endpoints/endpoints.go index 84f2c8f9cf8..6c8f38438dc 100644 --- a/service/connectcontactlens/internal/endpoints/endpoints.go +++ b/service/connectcontactlens/internal/endpoints/endpoints.go @@ -65,6 +65,7 @@ var defaultPartitions = endpoints.Partitions{ Endpoints: endpoints.Endpoints{ "ap-northeast-1": endpoints.Endpoint{}, "ap-southeast-2": endpoints.Endpoint{}, + "ca-central-1": endpoints.Endpoint{}, "eu-central-1": endpoints.Endpoint{}, "eu-west-2": endpoints.Endpoint{}, "us-east-1": endpoints.Endpoint{}, diff --git a/service/ec2/api_op_CreateInstanceExportTask.go b/service/ec2/api_op_CreateInstanceExportTask.go index 8439aa4665e..2bfdb373c73 100644 --- a/service/ec2/api_op_CreateInstanceExportTask.go +++ b/service/ec2/api_op_CreateInstanceExportTask.go @@ -13,7 +13,7 @@ import ( // Exports a running or stopped instance to an Amazon S3 bucket. For information // about the supported operating systems, image formats, and known limitations for -// the types of instances you can export, see Exporting an Instance as a VM Using +// the types of instances you can export, see Exporting an instance as a VM Using // VM Import/Export // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport.html) in the VM // Import/Export User Guide. diff --git a/service/ec2/api_op_DescribeCapacityReservations.go b/service/ec2/api_op_DescribeCapacityReservations.go index bd97f0a54f9..d6b1f3a3b52 100644 --- a/service/ec2/api_op_DescribeCapacityReservations.go +++ b/service/ec2/api_op_DescribeCapacityReservations.go @@ -91,6 +91,9 @@ type DescribeCapacityReservationsInput struct { // capacity constraints, or instance limit constraints. Failed requests are // retained for 60 minutes. // + // * start-date - The date and time at which the Capacity + // Reservation was started. + // // * end-date - The date and time at which the Capacity // Reservation expires. When a Capacity Reservation expires, the reserved capacity // is released and you can no longer launch instances into it. The Capacity diff --git a/service/ec2/api_op_DescribeInstanceTypes.go b/service/ec2/api_op_DescribeInstanceTypes.go index ff4be549649..d6ff9cd7842 100644 --- a/service/ec2/api_op_DescribeInstanceTypes.go +++ b/service/ec2/api_op_DescribeInstanceTypes.go @@ -127,15 +127,14 @@ type DescribeInstanceTypesInput struct { // // * // network-info.efa-info.maximum-efa-interfaces - The maximum number of Elastic - // Fabric Adapters (EFAs) per instance. (true | false). + // Fabric Adapters (EFAs) per instance. // - // * - // network-info.efa-supported - Indicates whether the instance type supports - // Elastic Fabric Adapter (EFA) (true | false). + // * network-info.efa-supported - Indicates + // whether the instance type supports Elastic Fabric Adapter (EFA) (true | + // false). // - // * network-info.ena-support - - // Indicates whether Elastic Network Adapter (ENA) is supported or required - // (required | supported | unsupported). + // * network-info.ena-support - Indicates whether Elastic Network Adapter + // (ENA) is supported or required (required | supported | unsupported). // // * // network-info.ipv4-addresses-per-interface - The maximum number of private IPv4 diff --git a/service/ec2/api_op_DescribeSpotPriceHistory.go b/service/ec2/api_op_DescribeSpotPriceHistory.go index d850cbfc2cf..96596a812bd 100644 --- a/service/ec2/api_op_DescribeSpotPriceHistory.go +++ b/service/ec2/api_op_DescribeSpotPriceHistory.go @@ -17,10 +17,9 @@ import ( // pricing history // (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances-history.html) // in the Amazon EC2 User Guide for Linux Instances. When you specify a start and -// end time, this operation returns the prices of the instance types within the -// time range that you specified and the time when the price changed. The price is -// valid within the time period that you specified; the response merely indicates -// the last time that the price changed. +// end time, the operation returns the prices of the instance types within that +// time range. It also returns the last price change before the start time, which +// is the effective price as of the start time. func (c *Client) DescribeSpotPriceHistory(ctx context.Context, params *DescribeSpotPriceHistoryInput, optFns ...func(*Options)) (*DescribeSpotPriceHistoryOutput, error) { if params == nil { params = &DescribeSpotPriceHistoryInput{} diff --git a/service/ec2/api_op_DescribeStoreImageTasks.go b/service/ec2/api_op_DescribeStoreImageTasks.go index c40e5c8733c..291ee370bba 100644 --- a/service/ec2/api_op_DescribeStoreImageTasks.go +++ b/service/ec2/api_op_DescribeStoreImageTasks.go @@ -4,6 +4,7 @@ package ec2 import ( "context" + "fmt" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/aws/signer/v4" "github.com/aws/aws-sdk-go-v2/service/ec2/types" @@ -143,6 +144,93 @@ func addOperationDescribeStoreImageTasksMiddlewares(stack *middleware.Stack, opt return nil } +// DescribeStoreImageTasksAPIClient is a client that implements the +// DescribeStoreImageTasks operation. +type DescribeStoreImageTasksAPIClient interface { + DescribeStoreImageTasks(context.Context, *DescribeStoreImageTasksInput, ...func(*Options)) (*DescribeStoreImageTasksOutput, error) +} + +var _ DescribeStoreImageTasksAPIClient = (*Client)(nil) + +// DescribeStoreImageTasksPaginatorOptions is the paginator options for +// DescribeStoreImageTasks +type DescribeStoreImageTasksPaginatorOptions struct { + // The maximum number of results to return in a single call. To retrieve the + // remaining results, make another call with the returned NextToken value. This + // value can be between 1 and 200. You cannot specify this parameter and the + // ImageIDs parameter in the same call. + Limit int32 + + // Set to true if pagination should stop if the service returns a pagination token + // that matches the most recent token provided to the service. + StopOnDuplicateToken bool +} + +// DescribeStoreImageTasksPaginator is a paginator for DescribeStoreImageTasks +type DescribeStoreImageTasksPaginator struct { + options DescribeStoreImageTasksPaginatorOptions + client DescribeStoreImageTasksAPIClient + params *DescribeStoreImageTasksInput + nextToken *string + firstPage bool +} + +// NewDescribeStoreImageTasksPaginator returns a new +// DescribeStoreImageTasksPaginator +func NewDescribeStoreImageTasksPaginator(client DescribeStoreImageTasksAPIClient, params *DescribeStoreImageTasksInput, optFns ...func(*DescribeStoreImageTasksPaginatorOptions)) *DescribeStoreImageTasksPaginator { + if params == nil { + params = &DescribeStoreImageTasksInput{} + } + + options := DescribeStoreImageTasksPaginatorOptions{} + if params.MaxResults != 0 { + options.Limit = params.MaxResults + } + + for _, fn := range optFns { + fn(&options) + } + + return &DescribeStoreImageTasksPaginator{ + options: options, + client: client, + params: params, + firstPage: true, + } +} + +// HasMorePages returns a boolean indicating whether more pages are available +func (p *DescribeStoreImageTasksPaginator) HasMorePages() bool { + return p.firstPage || p.nextToken != nil +} + +// NextPage retrieves the next DescribeStoreImageTasks page. +func (p *DescribeStoreImageTasksPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*DescribeStoreImageTasksOutput, error) { + if !p.HasMorePages() { + return nil, fmt.Errorf("no more pages available") + } + + params := *p.params + params.NextToken = p.nextToken + + params.MaxResults = p.options.Limit + + result, err := p.client.DescribeStoreImageTasks(ctx, ¶ms, optFns...) + if err != nil { + return nil, err + } + p.firstPage = false + + prevToken := p.nextToken + p.nextToken = result.NextToken + + if p.options.StopOnDuplicateToken && prevToken != nil && p.nextToken != nil && *prevToken == *p.nextToken { + p.nextToken = nil + } + + return result, nil +} + func newServiceMetadataMiddleware_opDescribeStoreImageTasks(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, diff --git a/service/ec2/api_op_ExportImage.go b/service/ec2/api_op_ExportImage.go index b26aa6ac3e3..a3687f18129 100644 --- a/service/ec2/api_op_ExportImage.go +++ b/service/ec2/api_op_ExportImage.go @@ -13,7 +13,7 @@ import ( ) // Exports an Amazon Machine Image (AMI) to a VM file. For more information, see -// Exporting a VM Directory from an Amazon Machine Image (AMI) +// Exporting a VM directly from an Amazon Machine Image (AMI) // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmexport_image.html) in // the VM Import/Export User Guide. func (c *Client) ExportImage(ctx context.Context, params *ExportImageInput, optFns ...func(*Options)) (*ExportImageOutput, error) { diff --git a/service/ec2/api_op_ImportImage.go b/service/ec2/api_op_ImportImage.go index 4cd95445eee..0713e79612b 100644 --- a/service/ec2/api_op_ImportImage.go +++ b/service/ec2/api_op_ImportImage.go @@ -12,7 +12,7 @@ import ( ) // Import single or multi-volume disk images or EBS snapshots into an Amazon -// Machine Image (AMI). For more information, see Importing a VM as an Image Using +// Machine Image (AMI). For more information, see Importing a VM as an image using // VM Import/Export // (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-image-import.html) // in the VM Import/Export User Guide. diff --git a/service/ec2/api_op_ImportInstance.go b/service/ec2/api_op_ImportInstance.go index 3944027dbb0..8d954eb3629 100644 --- a/service/ec2/api_op_ImportInstance.go +++ b/service/ec2/api_op_ImportInstance.go @@ -12,12 +12,13 @@ import ( ) // Creates an import instance task using metadata from the specified disk image. -// ImportInstance only supports single-volume VMs. To import multi-volume VMs, use -// ImportImage. For more information, see Importing a Virtual Machine Using the -// Amazon EC2 CLI -// (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ec2-cli-vmimport-export.html). -// For information about the import manifest referenced by this API action, see VM -// Import Manifest +// This API action supports only single-volume VMs. To import multi-volume VMs, use +// ImportImage instead. This API action is not supported by the AWS Command Line +// Interface (AWS CLI). For information about using the Amazon EC2 CLI, which is +// deprecated, see Importing a VM to Amazon EC2 +// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#UsingVirtualMachinesinAmazonEC2) +// in the Amazon EC2 CLI Reference PDF file. For information about the import +// manifest referenced by this API action, see VM Import Manifest // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). func (c *Client) ImportInstance(ctx context.Context, params *ImportInstanceInput, optFns ...func(*Options)) (*ImportInstanceOutput, error) { if params == nil { diff --git a/service/ec2/api_op_ImportSnapshot.go b/service/ec2/api_op_ImportSnapshot.go index d80b08ba1f4..3c621d810d4 100644 --- a/service/ec2/api_op_ImportSnapshot.go +++ b/service/ec2/api_op_ImportSnapshot.go @@ -11,7 +11,10 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Imports a disk into an EBS snapshot. +// Imports a disk into an EBS snapshot. For more information, see Importing a disk +// as a snapshot using VM Import/Export +// (https://docs.aws.amazon.com/vm-import/latest/userguide/vmimport-import-snapshot.html) +// in the VM Import/Export User Guide. func (c *Client) ImportSnapshot(ctx context.Context, params *ImportSnapshotInput, optFns ...func(*Options)) (*ImportSnapshotOutput, error) { if params == nil { params = &ImportSnapshotInput{} diff --git a/service/ec2/api_op_ImportVolume.go b/service/ec2/api_op_ImportVolume.go index a80ec66734a..ae323e69997 100644 --- a/service/ec2/api_op_ImportVolume.go +++ b/service/ec2/api_op_ImportVolume.go @@ -11,11 +11,15 @@ import ( smithyhttp "github.com/aws/smithy-go/transport/http" ) -// Creates an import volume task using metadata from the specified disk image.For -// more information, see Importing Disks to Amazon EBS -// (https://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/importing-your-volumes-into-amazon-ebs.html). -// For information about the import manifest referenced by this API action, see VM -// Import Manifest +// Creates an import volume task using metadata from the specified disk image. This +// API action supports only single-volume VMs. To import multi-volume VMs, use +// ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead. +// This API action is not supported by the AWS Command Line Interface (AWS CLI). +// For information about using the Amazon EC2 CLI, which is deprecated, see +// Importing Disks to Amazon EBS +// (https://awsdocs.s3.amazonaws.com/EC2/ec2-clt.pdf#importing-your-volumes-into-amazon-ebs) +// in the Amazon EC2 CLI Reference PDF file. For information about the import +// manifest referenced by this API action, see VM Import Manifest // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/manifest.html). func (c *Client) ImportVolume(ctx context.Context, params *ImportVolumeInput, optFns ...func(*Options)) (*ImportVolumeOutput, error) { if params == nil { diff --git a/service/ec2/api_op_ModifyInstanceAttribute.go b/service/ec2/api_op_ModifyInstanceAttribute.go index 849b2df7ee3..cca794043c0 100644 --- a/service/ec2/api_op_ModifyInstanceAttribute.go +++ b/service/ec2/api_op_ModifyInstanceAttribute.go @@ -79,9 +79,10 @@ type ModifyInstanceAttributeInput struct { // can make it unreachable. EnaSupport *types.AttributeBooleanValue - // [EC2-VPC] Changes the security groups of the instance. You must specify at least - // one security group, even if it's just the default security group for the VPC. - // You must specify the security group ID, not the security group name. + // [EC2-VPC] Replaces the security groups of the instance with the specified + // security groups. You must specify at least one security group, even if it's just + // the default security group for the VPC. You must specify the security group ID, + // not the security group name. Groups []string // Specifies whether an instance stops or terminates when you initiate shutdown diff --git a/service/ec2/api_op_ModifyNetworkInterfaceAttribute.go b/service/ec2/api_op_ModifyNetworkInterfaceAttribute.go index a3e121e610c..904443ac45f 100644 --- a/service/ec2/api_op_ModifyNetworkInterfaceAttribute.go +++ b/service/ec2/api_op_ModifyNetworkInterfaceAttribute.go @@ -56,11 +56,12 @@ type ModifyNetworkInterfaceAttributeInput struct { // security group, not the name. Groups []string - // Indicates whether source/destination checking is enabled. A value of true means - // checking is enabled, and false means checking is disabled. This value must be - // false for a NAT instance to perform NAT. For more information, see NAT Instances - // (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_NAT_Instance.html) - // in the Amazon Virtual Private Cloud User Guide. + // Enable or disable source/destination checks, which ensure that the instance is + // either the source or the destination of any traffic that it receives. If the + // value is true, source/destination checks are enabled; otherwise, they are + // disabled. The default value is true. You must disable source/destination checks + // if the instance runs services such as network address translation, routing, or + // firewalls. SourceDestCheck *types.AttributeBooleanValue } diff --git a/service/ec2/types/types.go b/service/ec2/types/types.go index b959859b890..b1d67756ae8 100644 --- a/service/ec2/types/types.go +++ b/service/ec2/types/types.go @@ -2851,11 +2851,11 @@ type FleetLaunchTemplateOverrides struct { // priority to determine which launch template override to use first in fulfilling // On-Demand capacity. If the Spot AllocationStrategy is set to // capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis - // to determine which launch template override to use first in fulfilling Spot - // capacity, but optimizes for capacity first. Valid values are whole numbers - // starting at 0. The lower the number, the higher the priority. If no number is - // set, the override has the lowest priority. You can set the same priority for - // different launch template overrides. + // to determine which launch template override to use in fulfilling Spot capacity, + // but optimizes for capacity first. Valid values are whole numbers starting at 0. + // The lower the number, the higher the priority. If no number is set, the override + // has the lowest priority. You can set the same priority for different launch + // template overrides. Priority float64 // The ID of the subnet in which to launch the instances. @@ -2885,11 +2885,11 @@ type FleetLaunchTemplateOverridesRequest struct { // priority to determine which launch template override to use first in fulfilling // On-Demand capacity. If the Spot AllocationStrategy is set to // capacity-optimized-prioritized, EC2 Fleet uses priority on a best-effort basis - // to determine which launch template override to use first in fulfilling Spot - // capacity, but optimizes for capacity first. Valid values are whole numbers - // starting at 0. The lower the number, the higher the priority. If no number is - // set, the launch template override has the lowest priority. You can set the same - // priority for different launch template overrides. + // to determine which launch template override to use in fulfilling Spot capacity, + // but optimizes for capacity first. Valid values are whole numbers starting at 0. + // The lower the number, the higher the priority. If no number is set, the launch + // template override has the lowest priority. You can set the same priority for + // different launch template overrides. Priority float64 // The IDs of the subnets in which to launch the instances. Separate multiple @@ -4275,7 +4275,7 @@ type InstanceNetworkInterface struct { // One or more private IPv4 addresses associated with the network interface. PrivateIpAddresses []InstancePrivateIpAddress - // Indicates whether to validate network traffic to or from this network interface. + // Indicates whether source/destination checking is enabled. SourceDestCheck bool // The status of the network interface. @@ -5489,11 +5489,11 @@ type LaunchTemplateOverrides struct { // priority to determine which launch template override to use first in fulfilling // On-Demand capacity. If the Spot AllocationStrategy is set to // capacityOptimizedPrioritized, Spot Fleet uses priority on a best-effort basis to - // determine which launch template override to use first in fulfilling Spot - // capacity, but optimizes for capacity first. Valid values are whole numbers - // starting at 0. The lower the number, the higher the priority. If no number is - // set, the launch template override has the lowest priority. You can set the same - // priority for different launch template overrides. + // determine which launch template override to use in fulfilling Spot capacity, but + // optimizes for capacity first. Valid values are whole numbers starting at 0. The + // lower the number, the higher the priority. If no number is set, the launch + // template override has the lowest priority. You can set the same priority for + // different launch template overrides. Priority float64 // The maximum price per unit hour that you are willing to pay for a Spot Instance. @@ -6498,7 +6498,7 @@ type NetworkInterface struct { // Indicates whether the network interface is being managed by AWS. RequesterManaged bool - // Indicates whether traffic to or from the instance is validated. + // Indicates whether source/destination checking is enabled. SourceDestCheck bool // The status of the network interface. @@ -7610,9 +7610,7 @@ type RequestSpotLaunchSpecification struct { // EC2-Classic, you can specify the names or the IDs of the security groups. SecurityGroups []string - // The IDs of the subnets in which to launch the instance. To specify multiple - // subnets, separate them using commas; for example, "subnet-1234abcdeexample1, - // subnet-0987cdef6example2". + // The ID of the subnet in which to launch the instance. SubnetId *string // The Base64-encoded user data for the instance. User data is limited to 16 KB. diff --git a/service/ec2/validators.go b/service/ec2/validators.go index 55413f19d35..cb42ad6e1c5 100644 --- a/service/ec2/validators.go +++ b/service/ec2/validators.go @@ -7974,12 +7974,12 @@ func validateOpAssociateSubnetCidrBlockInput(v *AssociateSubnetCidrBlockInput) e return nil } invalidParams := smithy.InvalidParamsError{Context: "AssociateSubnetCidrBlockInput"} - if v.Ipv6CidrBlock == nil { - invalidParams.Add(smithy.NewErrParamRequired("Ipv6CidrBlock")) - } if v.SubnetId == nil { invalidParams.Add(smithy.NewErrParamRequired("SubnetId")) } + if v.Ipv6CidrBlock == nil { + invalidParams.Add(smithy.NewErrParamRequired("Ipv6CidrBlock")) + } if invalidParams.Len() > 0 { return invalidParams } else { @@ -8981,12 +8981,12 @@ func validateOpCreateSubnetInput(v *CreateSubnetInput) error { return nil } invalidParams := smithy.InvalidParamsError{Context: "CreateSubnetInput"} - if v.CidrBlock == nil { - invalidParams.Add(smithy.NewErrParamRequired("CidrBlock")) - } if v.VpcId == nil { invalidParams.Add(smithy.NewErrParamRequired("VpcId")) } + if v.CidrBlock == nil { + invalidParams.Add(smithy.NewErrParamRequired("CidrBlock")) + } if invalidParams.Len() > 0 { return invalidParams } else { diff --git a/service/fms/internal/endpoints/endpoints.go b/service/fms/internal/endpoints/endpoints.go index 15230a5d756..c0fc66fa791 100644 --- a/service/fms/internal/endpoints/endpoints.go +++ b/service/fms/internal/endpoints/endpoints.go @@ -238,5 +238,21 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsUsGov, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + "fips-us-gov-east-1": endpoints.Endpoint{ + Hostname: "fms-fips.us-gov-east-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "us-gov-east-1", + }, + }, + "fips-us-gov-west-1": endpoints.Endpoint{ + Hostname: "fms-fips.us-gov-west-1.amazonaws.com", + CredentialScope: endpoints.CredentialScope{ + Region: "us-gov-west-1", + }, + }, + "us-gov-east-1": endpoints.Endpoint{}, + "us-gov-west-1": endpoints.Endpoint{}, + }, }, } diff --git a/service/fsx/api_op_CopyBackup.go b/service/fsx/api_op_CopyBackup.go new file mode 100644 index 00000000000..06c088bfa97 --- /dev/null +++ b/service/fsx/api_op_CopyBackup.go @@ -0,0 +1,207 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package fsx + +import ( + "context" + "fmt" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/service/fsx/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Copies an existing backup within the same AWS account to another Region +// (cross-Region copy) or within the same Region (in-Region copy). You can have up +// to five backup copy requests in progress to a single destination Region per +// account. You can use cross-Region backup copies for cross-region disaster +// recovery. You periodically take backups and copy them to another Region so that +// in the event of a disaster in the primary Region, you can restore from backup +// and recover availability quickly in the other Region. You can make cross-Region +// copies only within your AWS partition. You can also use backup copies to clone +// your file data set to another Region or within the same Region. You can use the +// SourceRegion parameter to specify the AWS Region from which the backup will be +// copied. For example, if you make the call from the us-west-1 Region and want to +// copy a backup from the us-east-2 Region, you specify us-east-2 in the +// SourceRegion parameter to make a cross-Region copy. If you don't specify a +// Region, the backup copy is created in the same Region where the request is sent +// from (in-Region copy). For more information on creating backup copies, see +// Copying backups +// (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/copy-backups.html) in the +// Amazon FSx for Windows User Guide and Copying backups +// (https://docs.aws.amazon.com/fsx/latest/LustreGuide/copy-backups.html) in the +// Amazon FSx for Lustre User Guide. +func (c *Client) CopyBackup(ctx context.Context, params *CopyBackupInput, optFns ...func(*Options)) (*CopyBackupOutput, error) { + if params == nil { + params = &CopyBackupInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "CopyBackup", params, optFns, addOperationCopyBackupMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*CopyBackupOutput) + out.ResultMetadata = metadata + return out, nil +} + +type CopyBackupInput struct { + + // The ID of the source backup. Specifies the ID of the backup that is being + // copied. + // + // This member is required. + SourceBackupId *string + + // (Optional) An idempotency token for resource creation, in a string of up to 64 + // ASCII characters. This token is automatically filled on your behalf when you use + // the AWS Command Line Interface (AWS CLI) or an AWS SDK. + ClientRequestToken *string + + // A boolean flag indicating whether tags from the source backup should be copied + // to the backup copy. This value defaults to false. If you set CopyTags to true + // and the source backup has existing tags, you can use the Tags parameter to + // create new tags, provided that the sum of the source backup tags and the new + // tags doesn't exceed 50. Both sets of tags are merged. If there are tag conflicts + // (for example, two tags with the same key but different values), the tags created + // with the Tags parameter take precedence. + CopyTags *bool + + // The ID of the AWS Key Management Service (AWS KMS) key used to encrypt the file + // system's data for Amazon FSx for Windows File Server file systems and Amazon FSx + // for Lustre PERSISTENT_1 file systems at rest. In either case, if not specified, + // the Amazon FSx managed key is used. The Amazon FSx for Lustre SCRATCH_1 and + // SCRATCH_2 file systems are always encrypted at rest using Amazon FSx managed + // keys. For more information, see Encrypt + // (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) in the + // AWS Key Management Service API Reference. + KmsKeyId *string + + // The source AWS Region of the backup. Specifies the AWS Region from which the + // backup is being copied. The source and destination Regions must be in the same + // AWS partition. If you don't specify a Region, it defaults to the Region where + // the request is sent from (in-Region copy). + SourceRegion *string + + // A list of Tag values, with a maximum of 50 elements. + Tags []types.Tag +} + +type CopyBackupOutput struct { + + // A backup of an Amazon FSx file system. + Backup *types.Backup + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata +} + +func addOperationCopyBackupMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsAwsjson11_serializeOpCopyBackup{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCopyBackup{}, middleware.After) + if err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = addHTTPSignerV4Middleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addIdempotencyToken_opCopyBackupMiddleware(stack, options); err != nil { + return err + } + if err = addOpCopyBackupValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCopyBackup(options.Region), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + return nil +} + +type idempotencyToken_initializeOpCopyBackup struct { + tokenProvider IdempotencyTokenProvider +} + +func (*idempotencyToken_initializeOpCopyBackup) ID() string { + return "OperationIdempotencyTokenAutoFill" +} + +func (m *idempotencyToken_initializeOpCopyBackup) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + if m.tokenProvider == nil { + return next.HandleInitialize(ctx, in) + } + + input, ok := in.Parameters.(*CopyBackupInput) + if !ok { + return out, metadata, fmt.Errorf("expected middleware input to be of type *CopyBackupInput ") + } + + if input.ClientRequestToken == nil { + t, err := m.tokenProvider.GetIdempotencyToken() + if err != nil { + return out, metadata, err + } + input.ClientRequestToken = &t + } + return next.HandleInitialize(ctx, in) +} +func addIdempotencyToken_opCopyBackupMiddleware(stack *middleware.Stack, cfg Options) error { + return stack.Initialize.Add(&idempotencyToken_initializeOpCopyBackup{tokenProvider: cfg.IdempotencyTokenProvider}, middleware.Before) +} + +func newServiceMetadataMiddleware_opCopyBackup(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + SigningName: "fsx", + OperationName: "CopyBackup", + } +} diff --git a/service/fsx/api_op_CreateFileSystem.go b/service/fsx/api_op_CreateFileSystem.go index 6e90674ff20..40e341a73d0 100644 --- a/service/fsx/api_op_CreateFileSystem.go +++ b/service/fsx/api_op_CreateFileSystem.go @@ -90,10 +90,12 @@ type CreateFileSystemInput struct { // For Windows MULTI_AZ_1 file system deployment types, provide exactly two subnet // IDs, one for the preferred file server and one for the standby file server. You // specify one of these subnets as the preferred subnet using the - // WindowsConfiguration > PreferredSubnetID property. For Windows SINGLE_AZ_1 and - // SINGLE_AZ_2 file system deployment types and Lustre file systems, provide - // exactly one subnet ID. The file server is launched in that subnet's Availability - // Zone. + // WindowsConfiguration > PreferredSubnetID property. For more information, see + // Availability and durability: Single-AZ and Multi-AZ file systems + // (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/high-availability-multiAZ.html). + // For Windows SINGLE_AZ_1 and SINGLE_AZ_2 file system deployment types and Lustre + // file systems, provide exactly one subnet ID. The file server is launched in that + // subnet's Availability Zone. // // This member is required. SubnetIds []string diff --git a/service/fsx/api_op_CreateFileSystemFromBackup.go b/service/fsx/api_op_CreateFileSystemFromBackup.go index a99fdf1a823..28293c26952 100644 --- a/service/fsx/api_op_CreateFileSystemFromBackup.go +++ b/service/fsx/api_op_CreateFileSystemFromBackup.go @@ -57,8 +57,7 @@ func (c *Client) CreateFileSystemFromBackup(ctx context.Context, params *CreateF // The request object for the CreateFileSystemFromBackup operation. type CreateFileSystemFromBackupInput struct { - // The ID of the backup. Specifies the backup to use if you're creating a file - // system from an existing backup. + // The ID of the source backup. Specifies the backup you are copying. // // This member is required. BackupId *string @@ -79,6 +78,16 @@ type CreateFileSystemFromBackupInput struct { // AWS Command Line Interface (AWS CLI) or an AWS SDK. ClientRequestToken *string + // The ID of the AWS Key Management Service (AWS KMS) key used to encrypt the file + // system's data for Amazon FSx for Windows File Server file systems and Amazon FSx + // for Lustre PERSISTENT_1 file systems at rest. In either case, if not specified, + // the Amazon FSx managed key is used. The Amazon FSx for Lustre SCRATCH_1 and + // SCRATCH_2 file systems are always encrypted at rest using Amazon FSx managed + // keys. For more information, see Encrypt + // (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) in the + // AWS Key Management Service API Reference. + KmsKeyId *string + // The Lustre configuration for the file system being created. LustreConfiguration *types.CreateFileSystemLustreConfiguration diff --git a/service/fsx/api_op_DescribeBackups.go b/service/fsx/api_op_DescribeBackups.go index d363b46e3b3..93119df34d6 100644 --- a/service/fsx/api_op_DescribeBackups.go +++ b/service/fsx/api_op_DescribeBackups.go @@ -72,7 +72,7 @@ type DescribeBackupsInput struct { // Response object for DescribeBackups operation. type DescribeBackupsOutput struct { - // Any array of backups. + // An array of backups. Backups []types.Backup // This is present if there are more backups than returned in the response diff --git a/service/fsx/deserializers.go b/service/fsx/deserializers.go index 6e4c8648446..5707b81aa91 100644 --- a/service/fsx/deserializers.go +++ b/service/fsx/deserializers.go @@ -259,6 +259,147 @@ func awsAwsjson11_deserializeOpErrorCancelDataRepositoryTask(response *smithyhtt } } +type awsAwsjson11_deserializeOpCopyBackup struct { +} + +func (*awsAwsjson11_deserializeOpCopyBackup) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsjson11_deserializeOpCopyBackup) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsjson11_deserializeOpErrorCopyBackup(response, &metadata) + } + output := &CopyBackupOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(response.Body, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + err = awsAwsjson11_deserializeOpDocumentCopyBackupOutput(&output, shape) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsAwsjson11_deserializeOpErrorCopyBackup(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + code := response.Header.Get("X-Amzn-ErrorType") + if len(code) != 0 { + errorCode = restjson.SanitizeErrorCode(code) + } + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + code, message, err := restjson.GetErrorInfo(decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + if len(code) != 0 { + errorCode = restjson.SanitizeErrorCode(code) + } + if len(message) != 0 { + errorMessage = message + } + + switch { + case strings.EqualFold("BackupNotFound", errorCode): + return awsAwsjson11_deserializeErrorBackupNotFound(response, errorBody) + + case strings.EqualFold("BadRequest", errorCode): + return awsAwsjson11_deserializeErrorBadRequest(response, errorBody) + + case strings.EqualFold("IncompatibleParameterError", errorCode): + return awsAwsjson11_deserializeErrorIncompatibleParameterError(response, errorBody) + + case strings.EqualFold("IncompatibleRegionForMultiAZ", errorCode): + return awsAwsjson11_deserializeErrorIncompatibleRegionForMultiAZ(response, errorBody) + + case strings.EqualFold("InternalServerError", errorCode): + return awsAwsjson11_deserializeErrorInternalServerError(response, errorBody) + + case strings.EqualFold("InvalidDestinationKmsKey", errorCode): + return awsAwsjson11_deserializeErrorInvalidDestinationKmsKey(response, errorBody) + + case strings.EqualFold("InvalidRegion", errorCode): + return awsAwsjson11_deserializeErrorInvalidRegion(response, errorBody) + + case strings.EqualFold("InvalidSourceKmsKey", errorCode): + return awsAwsjson11_deserializeErrorInvalidSourceKmsKey(response, errorBody) + + case strings.EqualFold("ServiceLimitExceeded", errorCode): + return awsAwsjson11_deserializeErrorServiceLimitExceeded(response, errorBody) + + case strings.EqualFold("SourceBackupUnavailable", errorCode): + return awsAwsjson11_deserializeErrorSourceBackupUnavailable(response, errorBody) + + case strings.EqualFold("UnsupportedOperation", errorCode): + return awsAwsjson11_deserializeErrorUnsupportedOperation(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + type awsAwsjson11_deserializeOpCreateBackup struct { } @@ -888,6 +1029,9 @@ func awsAwsjson11_deserializeOpErrorDeleteBackup(response *smithyhttp.Response, } switch { + case strings.EqualFold("BackupBeingCopied", errorCode): + return awsAwsjson11_deserializeErrorBackupBeingCopied(response, errorBody) + case strings.EqualFold("BackupInProgress", errorCode): return awsAwsjson11_deserializeErrorBackupInProgress(response, errorBody) @@ -2163,6 +2307,41 @@ func awsAwsjson11_deserializeErrorActiveDirectoryError(response *smithyhttp.Resp return output } +func awsAwsjson11_deserializeErrorBackupBeingCopied(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.BackupBeingCopied{} + err := awsAwsjson11_deserializeDocumentBackupBeingCopied(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + func awsAwsjson11_deserializeErrorBackupInProgress(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2478,6 +2657,41 @@ func awsAwsjson11_deserializeErrorIncompatibleParameterError(response *smithyhtt return output } +func awsAwsjson11_deserializeErrorIncompatibleRegionForMultiAZ(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.IncompatibleRegionForMultiAZ{} + err := awsAwsjson11_deserializeDocumentIncompatibleRegionForMultiAZ(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + func awsAwsjson11_deserializeErrorInternalServerError(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2513,6 +2727,41 @@ func awsAwsjson11_deserializeErrorInternalServerError(response *smithyhttp.Respo return output } +func awsAwsjson11_deserializeErrorInvalidDestinationKmsKey(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.InvalidDestinationKmsKey{} + err := awsAwsjson11_deserializeDocumentInvalidDestinationKmsKey(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + func awsAwsjson11_deserializeErrorInvalidExportPath(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2653,7 +2902,7 @@ func awsAwsjson11_deserializeErrorInvalidPerUnitStorageThroughput(response *smit return output } -func awsAwsjson11_deserializeErrorMissingFileSystemConfiguration(response *smithyhttp.Response, errorBody *bytes.Reader) error { +func awsAwsjson11_deserializeErrorInvalidRegion(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2671,8 +2920,8 @@ func awsAwsjson11_deserializeErrorMissingFileSystemConfiguration(response *smith return err } - output := &types.MissingFileSystemConfiguration{} - err := awsAwsjson11_deserializeDocumentMissingFileSystemConfiguration(&output, shape) + output := &types.InvalidRegion{} + err := awsAwsjson11_deserializeDocumentInvalidRegion(&output, shape) if err != nil { var snapshot bytes.Buffer @@ -2688,7 +2937,7 @@ func awsAwsjson11_deserializeErrorMissingFileSystemConfiguration(response *smith return output } -func awsAwsjson11_deserializeErrorNotServiceResourceError(response *smithyhttp.Response, errorBody *bytes.Reader) error { +func awsAwsjson11_deserializeErrorInvalidSourceKmsKey(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2706,8 +2955,8 @@ func awsAwsjson11_deserializeErrorNotServiceResourceError(response *smithyhttp.R return err } - output := &types.NotServiceResourceError{} - err := awsAwsjson11_deserializeDocumentNotServiceResourceError(&output, shape) + output := &types.InvalidSourceKmsKey{} + err := awsAwsjson11_deserializeDocumentInvalidSourceKmsKey(&output, shape) if err != nil { var snapshot bytes.Buffer @@ -2723,7 +2972,7 @@ func awsAwsjson11_deserializeErrorNotServiceResourceError(response *smithyhttp.R return output } -func awsAwsjson11_deserializeErrorResourceDoesNotSupportTagging(response *smithyhttp.Response, errorBody *bytes.Reader) error { +func awsAwsjson11_deserializeErrorMissingFileSystemConfiguration(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2741,8 +2990,8 @@ func awsAwsjson11_deserializeErrorResourceDoesNotSupportTagging(response *smithy return err } - output := &types.ResourceDoesNotSupportTagging{} - err := awsAwsjson11_deserializeDocumentResourceDoesNotSupportTagging(&output, shape) + output := &types.MissingFileSystemConfiguration{} + err := awsAwsjson11_deserializeDocumentMissingFileSystemConfiguration(&output, shape) if err != nil { var snapshot bytes.Buffer @@ -2758,7 +3007,7 @@ func awsAwsjson11_deserializeErrorResourceDoesNotSupportTagging(response *smithy return output } -func awsAwsjson11_deserializeErrorResourceNotFound(response *smithyhttp.Response, errorBody *bytes.Reader) error { +func awsAwsjson11_deserializeErrorNotServiceResourceError(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2776,8 +3025,8 @@ func awsAwsjson11_deserializeErrorResourceNotFound(response *smithyhttp.Response return err } - output := &types.ResourceNotFound{} - err := awsAwsjson11_deserializeDocumentResourceNotFound(&output, shape) + output := &types.NotServiceResourceError{} + err := awsAwsjson11_deserializeDocumentNotServiceResourceError(&output, shape) if err != nil { var snapshot bytes.Buffer @@ -2793,7 +3042,7 @@ func awsAwsjson11_deserializeErrorResourceNotFound(response *smithyhttp.Response return output } -func awsAwsjson11_deserializeErrorServiceLimitExceeded(response *smithyhttp.Response, errorBody *bytes.Reader) error { +func awsAwsjson11_deserializeErrorResourceDoesNotSupportTagging(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2811,8 +3060,8 @@ func awsAwsjson11_deserializeErrorServiceLimitExceeded(response *smithyhttp.Resp return err } - output := &types.ServiceLimitExceeded{} - err := awsAwsjson11_deserializeDocumentServiceLimitExceeded(&output, shape) + output := &types.ResourceDoesNotSupportTagging{} + err := awsAwsjson11_deserializeDocumentResourceDoesNotSupportTagging(&output, shape) if err != nil { var snapshot bytes.Buffer @@ -2828,7 +3077,7 @@ func awsAwsjson11_deserializeErrorServiceLimitExceeded(response *smithyhttp.Resp return output } -func awsAwsjson11_deserializeErrorUnsupportedOperation(response *smithyhttp.Response, errorBody *bytes.Reader) error { +func awsAwsjson11_deserializeErrorResourceNotFound(response *smithyhttp.Response, errorBody *bytes.Reader) error { var buff [1024]byte ringBuffer := smithyio.NewRingBuffer(buff[:]) @@ -2846,8 +3095,8 @@ func awsAwsjson11_deserializeErrorUnsupportedOperation(response *smithyhttp.Resp return err } - output := &types.UnsupportedOperation{} - err := awsAwsjson11_deserializeDocumentUnsupportedOperation(&output, shape) + output := &types.ResourceNotFound{} + err := awsAwsjson11_deserializeDocumentResourceNotFound(&output, shape) if err != nil { var snapshot bytes.Buffer @@ -2863,11 +3112,116 @@ func awsAwsjson11_deserializeErrorUnsupportedOperation(response *smithyhttp.Resp return output } -func awsAwsjson11_deserializeDocumentActiveDirectoryBackupAttributes(v **types.ActiveDirectoryBackupAttributes, value interface{}) error { - if v == nil { - return fmt.Errorf("unexpected nil of type %T", v) - } - if value == nil { +func awsAwsjson11_deserializeErrorServiceLimitExceeded(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.ServiceLimitExceeded{} + err := awsAwsjson11_deserializeDocumentServiceLimitExceeded(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + +func awsAwsjson11_deserializeErrorSourceBackupUnavailable(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.SourceBackupUnavailable{} + err := awsAwsjson11_deserializeDocumentSourceBackupUnavailable(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + +func awsAwsjson11_deserializeErrorUnsupportedOperation(response *smithyhttp.Response, errorBody *bytes.Reader) error { + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + + body := io.TeeReader(errorBody, ringBuffer) + decoder := json.NewDecoder(body) + decoder.UseNumber() + var shape interface{} + if err := decoder.Decode(&shape); err != nil && err != io.EOF { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + output := &types.UnsupportedOperation{} + err := awsAwsjson11_deserializeDocumentUnsupportedOperation(&output, shape) + + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return err + } + + errorBody.Seek(0, io.SeekStart) + return output +} + +func awsAwsjson11_deserializeDocumentActiveDirectoryBackupAttributes(v **types.ActiveDirectoryBackupAttributes, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { return nil } @@ -2903,6 +3257,15 @@ func awsAwsjson11_deserializeDocumentActiveDirectoryBackupAttributes(v **types.A sv.DomainName = ptr.String(jtv) } + case "ResourceARN": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ResourceARN to be of type string, got %T instead", value) + } + sv.ResourceARN = ptr.String(jtv) + } + default: _, _ = key, value @@ -3289,6 +3652,15 @@ func awsAwsjson11_deserializeDocumentBackup(v **types.Backup, value interface{}) sv.Lifecycle = types.BackupLifecycle(jtv) } + case "OwnerId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected AWSAccountId to be of type string, got %T instead", value) + } + sv.OwnerId = ptr.String(jtv) + } + case "ProgressPercent": if value != nil { jtv, ok := value.(json.Number) @@ -3311,6 +3683,24 @@ func awsAwsjson11_deserializeDocumentBackup(v **types.Backup, value interface{}) sv.ResourceARN = ptr.String(jtv) } + case "SourceBackupId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BackupId to be of type string, got %T instead", value) + } + sv.SourceBackupId = ptr.String(jtv) + } + + case "SourceBackupRegion": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected Region to be of type string, got %T instead", value) + } + sv.SourceBackupRegion = ptr.String(jtv) + } + case "Tags": if err := awsAwsjson11_deserializeDocumentTags(&sv.Tags, value); err != nil { return err @@ -3334,6 +3724,55 @@ func awsAwsjson11_deserializeDocumentBackup(v **types.Backup, value interface{}) return nil } +func awsAwsjson11_deserializeDocumentBackupBeingCopied(v **types.BackupBeingCopied, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.BackupBeingCopied + if *v == nil { + sv = &types.BackupBeingCopied{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "BackupId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BackupId to be of type string, got %T instead", value) + } + sv.BackupId = ptr.String(jtv) + } + + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentBackupFailureDetails(v **types.BackupFailureDetails, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -4720,6 +5159,46 @@ func awsAwsjson11_deserializeDocumentIncompatibleParameterError(v **types.Incomp return nil } +func awsAwsjson11_deserializeDocumentIncompatibleRegionForMultiAZ(v **types.IncompatibleRegionForMultiAZ, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.IncompatibleRegionForMultiAZ + if *v == nil { + sv = &types.IncompatibleRegionForMultiAZ{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentInternalServerError(v **types.InternalServerError, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -4760,6 +5239,46 @@ func awsAwsjson11_deserializeDocumentInternalServerError(v **types.InternalServe return nil } +func awsAwsjson11_deserializeDocumentInvalidDestinationKmsKey(v **types.InvalidDestinationKmsKey, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidDestinationKmsKey + if *v == nil { + sv = &types.InvalidDestinationKmsKey{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentInvalidExportPath(v **types.InvalidExportPath, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -4938,6 +5457,86 @@ func awsAwsjson11_deserializeDocumentInvalidPerUnitStorageThroughput(v **types.I return nil } +func awsAwsjson11_deserializeDocumentInvalidRegion(v **types.InvalidRegion, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidRegion + if *v == nil { + sv = &types.InvalidRegion{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + +func awsAwsjson11_deserializeDocumentInvalidSourceKmsKey(v **types.InvalidSourceKmsKey, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.InvalidSourceKmsKey + if *v == nil { + sv = &types.InvalidSourceKmsKey{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentLustreFileSystemConfiguration(v **types.LustreFileSystemConfiguration, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -5398,6 +5997,55 @@ func awsAwsjson11_deserializeDocumentServiceLimitExceeded(v **types.ServiceLimit return nil } +func awsAwsjson11_deserializeDocumentSourceBackupUnavailable(v **types.SourceBackupUnavailable, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.SourceBackupUnavailable + if *v == nil { + sv = &types.SourceBackupUnavailable{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "BackupId": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected BackupId to be of type string, got %T instead", value) + } + sv.BackupId = ptr.String(jtv) + } + + case "Message": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected ErrorMessage to be of type string, got %T instead", value) + } + sv.Message = ptr.String(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentSubnetIds(v *[]string, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -5786,6 +6434,42 @@ func awsAwsjson11_deserializeOpDocumentCancelDataRepositoryTaskOutput(v **Cancel return nil } +func awsAwsjson11_deserializeOpDocumentCopyBackupOutput(v **CopyBackupOutput, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *CopyBackupOutput + if *v == nil { + sv = &CopyBackupOutput{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "Backup": + if err := awsAwsjson11_deserializeDocumentBackup(&sv.Backup, value); err != nil { + return err + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeOpDocumentCreateBackupOutput(v **CreateBackupOutput, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/service/fsx/serializers.go b/service/fsx/serializers.go index 479ab79e91b..8318a7c3b86 100644 --- a/service/fsx/serializers.go +++ b/service/fsx/serializers.go @@ -108,6 +108,53 @@ func (m *awsAwsjson11_serializeOpCancelDataRepositoryTask) HandleSerialize(ctx c return next.HandleSerialize(ctx, in) } +type awsAwsjson11_serializeOpCopyBackup struct { +} + +func (*awsAwsjson11_serializeOpCopyBackup) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsjson11_serializeOpCopyBackup) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*CopyBackupInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + request.Request.URL.Path = "/" + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-amz-json-1.1") + httpBindingEncoder.SetHeader("X-Amz-Target").String("AWSSimbaAPIService_v20180301.CopyBackup") + + jsonEncoder := smithyjson.NewEncoder() + if err := awsAwsjson11_serializeOpDocumentCopyBackupInput(input, jsonEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(jsonEncoder.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} + type awsAwsjson11_serializeOpCreateBackup struct { } @@ -1375,6 +1422,45 @@ func awsAwsjson11_serializeOpDocumentCancelDataRepositoryTaskInput(v *CancelData return nil } +func awsAwsjson11_serializeOpDocumentCopyBackupInput(v *CopyBackupInput, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.ClientRequestToken != nil { + ok := object.Key("ClientRequestToken") + ok.String(*v.ClientRequestToken) + } + + if v.CopyTags != nil { + ok := object.Key("CopyTags") + ok.Boolean(*v.CopyTags) + } + + if v.KmsKeyId != nil { + ok := object.Key("KmsKeyId") + ok.String(*v.KmsKeyId) + } + + if v.SourceBackupId != nil { + ok := object.Key("SourceBackupId") + ok.String(*v.SourceBackupId) + } + + if v.SourceRegion != nil { + ok := object.Key("SourceRegion") + ok.String(*v.SourceRegion) + } + + if v.Tags != nil { + ok := object.Key("Tags") + if err := awsAwsjson11_serializeDocumentTags(v.Tags, ok); err != nil { + return err + } + } + + return nil +} + func awsAwsjson11_serializeOpDocumentCreateBackupInput(v *CreateBackupInput, value smithyjson.Value) error { object := value.Object() defer object.Close() @@ -1456,6 +1542,11 @@ func awsAwsjson11_serializeOpDocumentCreateFileSystemFromBackupInput(v *CreateFi ok.String(*v.ClientRequestToken) } + if v.KmsKeyId != nil { + ok := object.Key("KmsKeyId") + ok.String(*v.KmsKeyId) + } + if v.LustreConfiguration != nil { ok := object.Key("LustreConfiguration") if err := awsAwsjson11_serializeDocumentCreateFileSystemLustreConfiguration(v.LustreConfiguration, ok); err != nil { diff --git a/service/fsx/types/enums.go b/service/fsx/types/enums.go index fd5de6fe08b..45782f2d540 100644 --- a/service/fsx/types/enums.go +++ b/service/fsx/types/enums.go @@ -100,6 +100,7 @@ const ( BackupLifecycleDeleted BackupLifecycle = "DELETED" BackupLifecycleFailed BackupLifecycle = "FAILED" BackupLifecyclePending BackupLifecycle = "PENDING" + BackupLifecycleCopying BackupLifecycle = "COPYING" ) // Values returns all known values for BackupLifecycle. Note that this can be @@ -113,6 +114,7 @@ func (BackupLifecycle) Values() []BackupLifecycle { "DELETED", "FAILED", "PENDING", + "COPYING", } } @@ -377,10 +379,12 @@ type ServiceLimit string // Enum values for ServiceLimit const ( - ServiceLimitFileSystemCount ServiceLimit = "FILE_SYSTEM_COUNT" - ServiceLimitTotalThroughputCapacity ServiceLimit = "TOTAL_THROUGHPUT_CAPACITY" - ServiceLimitTotalStorage ServiceLimit = "TOTAL_STORAGE" - ServiceLimitTotalUserInitiatedBackups ServiceLimit = "TOTAL_USER_INITIATED_BACKUPS" + ServiceLimitFileSystemCount ServiceLimit = "FILE_SYSTEM_COUNT" + ServiceLimitTotalThroughputCapacity ServiceLimit = "TOTAL_THROUGHPUT_CAPACITY" + ServiceLimitTotalStorage ServiceLimit = "TOTAL_STORAGE" + ServiceLimitTotalUserInitiatedBackups ServiceLimit = "TOTAL_USER_INITIATED_BACKUPS" + ServiceLimitTotalUserTags ServiceLimit = "TOTAL_USER_TAGS" + ServiceLimitTotalInProgressCopyBackups ServiceLimit = "TOTAL_IN_PROGRESS_COPY_BACKUPS" ) // Values returns all known values for ServiceLimit. Note that this can be expanded @@ -392,6 +396,8 @@ func (ServiceLimit) Values() []ServiceLimit { "TOTAL_THROUGHPUT_CAPACITY", "TOTAL_STORAGE", "TOTAL_USER_INITIATED_BACKUPS", + "TOTAL_USER_TAGS", + "TOTAL_IN_PROGRESS_COPY_BACKUPS", } } diff --git a/service/fsx/types/errors.go b/service/fsx/types/errors.go index 5fc6b680c04..b65122f1bd4 100644 --- a/service/fsx/types/errors.go +++ b/service/fsx/types/errors.go @@ -27,6 +27,25 @@ func (e *ActiveDirectoryError) ErrorMessage() string { func (e *ActiveDirectoryError) ErrorCode() string { return "ActiveDirectoryError" } func (e *ActiveDirectoryError) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// You can't delete a backup while it's being copied. +type BackupBeingCopied struct { + Message *string + + BackupId *string +} + +func (e *BackupBeingCopied) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *BackupBeingCopied) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *BackupBeingCopied) ErrorCode() string { return "BackupBeingCopied" } +func (e *BackupBeingCopied) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // Another backup is already under way. Wait for completion before initiating // additional backups of this file system. type BackupInProgress struct { @@ -189,6 +208,24 @@ func (e *IncompatibleParameterError) ErrorMessage() string { func (e *IncompatibleParameterError) ErrorCode() string { return "IncompatibleParameterError" } func (e *IncompatibleParameterError) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// Amazon FSx doesn't support Multi-AZ Windows File Server copy backup in the +// destination Region, so the copied backup can't be restored. +type IncompatibleRegionForMultiAZ struct { + Message *string +} + +func (e *IncompatibleRegionForMultiAZ) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *IncompatibleRegionForMultiAZ) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *IncompatibleRegionForMultiAZ) ErrorCode() string { return "IncompatibleRegionForMultiAZ" } +func (e *IncompatibleRegionForMultiAZ) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // A generic error indicating a server-side failure. type InternalServerError struct { Message *string @@ -206,6 +243,24 @@ func (e *InternalServerError) ErrorMessage() string { func (e *InternalServerError) ErrorCode() string { return "InternalServerError" } func (e *InternalServerError) ErrorFault() smithy.ErrorFault { return smithy.FaultServer } +// The AWS Key Management Service (AWS KMS) key of the destination backup is +// invalid. +type InvalidDestinationKmsKey struct { + Message *string +} + +func (e *InvalidDestinationKmsKey) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *InvalidDestinationKmsKey) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *InvalidDestinationKmsKey) ErrorCode() string { return "InvalidDestinationKmsKey" } +func (e *InvalidDestinationKmsKey) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // The path provided for data repository export isn't valid. type InvalidExportPath struct { Message *string @@ -284,6 +339,41 @@ func (e *InvalidPerUnitStorageThroughput) ErrorCode() string { } func (e *InvalidPerUnitStorageThroughput) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// The Region provided for Source Region is invalid or is in a different AWS +// partition. +type InvalidRegion struct { + Message *string +} + +func (e *InvalidRegion) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *InvalidRegion) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *InvalidRegion) ErrorCode() string { return "InvalidRegion" } +func (e *InvalidRegion) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + +// The AWS Key Management Service (AWS KMS) key of the source backup is invalid. +type InvalidSourceKmsKey struct { + Message *string +} + +func (e *InvalidSourceKmsKey) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *InvalidSourceKmsKey) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *InvalidSourceKmsKey) ErrorCode() string { return "InvalidSourceKmsKey" } +func (e *InvalidSourceKmsKey) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // A file system configuration is required for this operation. type MissingFileSystemConfiguration struct { Message *string @@ -379,6 +469,26 @@ func (e *ServiceLimitExceeded) ErrorMessage() string { func (e *ServiceLimitExceeded) ErrorCode() string { return "ServiceLimitExceeded" } func (e *ServiceLimitExceeded) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } +// The request was rejected because the lifecycle status of the source backup is +// not AVAILABLE. +type SourceBackupUnavailable struct { + Message *string + + BackupId *string +} + +func (e *SourceBackupUnavailable) Error() string { + return fmt.Sprintf("%s: %s", e.ErrorCode(), e.ErrorMessage()) +} +func (e *SourceBackupUnavailable) ErrorMessage() string { + if e.Message == nil { + return "" + } + return *e.Message +} +func (e *SourceBackupUnavailable) ErrorCode() string { return "SourceBackupUnavailable" } +func (e *SourceBackupUnavailable) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } + // The requested operation is not supported for this resource or API. type UnsupportedOperation struct { Message *string diff --git a/service/fsx/types/types.go b/service/fsx/types/types.go index 85d1e53b77d..ee7bc4e5d00 100644 --- a/service/fsx/types/types.go +++ b/service/fsx/types/types.go @@ -16,6 +16,14 @@ type ActiveDirectoryBackupAttributes struct { // The fully qualified domain name of the self-managed AD directory. DomainName *string + + // The Amazon Resource Name (ARN) for a given resource. ARNs uniquely identify AWS + // resources. We require an ARN when you need to specify a resource unambiguously + // across all of AWS. For more information, see Amazon Resource Names (ARNs) and + // AWS Service Namespaces + // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in + // the AWS General Reference. + ResourceARN *string } // Describes a specific Amazon FSx administrative action for the current Windows or @@ -141,29 +149,21 @@ type Alias struct { // hostname.domain, for example, accounting.example.com. // // * Can contain - // alphanumeric characters and the hyphen (-). + // alphanumeric characters, the underscore (_), and the hyphen (-). // - // * Cannot start or end with a - // hyphen. + // * Cannot start + // or end with a hyphen. // // * Can start with a numeric. // - // For DNS names, Amazon FSx stores - // alphabetic characters as lowercase letters (a-z), regardless of how you specify - // them: as uppercase letters, lowercase letters, or the corresponding letters in - // escape codes. + // For DNS names, Amazon FSx + // stores alphabetic characters as lowercase letters (a-z), regardless of how you + // specify them: as uppercase letters, lowercase letters, or the corresponding + // letters in escape codes. Name *string } -// A backup of an Amazon FSx file system. For more information see: -// -// * Working with -// backups for Windows file systems -// (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/using-backups.html) -// -// * -// Working with backups for Lustre file systems -// (https://docs.aws.amazon.com/fsx/latest/LustreGuide/using-backups-fsx.html) +// A backup of an Amazon FSx file system. type Backup struct { // The ID of the backup. @@ -196,11 +196,13 @@ type Backup struct { // * TRANSFERRING - For user-initiated backups on Lustre file // systems only; Amazon FSx is transferring the backup to S3. // - // * DELETED - Amazon - // FSx deleted the backup and it is no longer available. + // * COPYING - Amazon + // FSx is copying the backup. // - // * FAILED - Amazon FSx - // could not complete the backup. + // * DELETED - Amazon FSx deleted the backup and it is + // no longer available. + // + // * FAILED - Amazon FSx could not complete the backup. // // This member is required. Lifecycle BackupLifecycle @@ -221,12 +223,23 @@ type Backup struct { // backup of the Amazon FSx file system's data at rest. KmsKeyId *string + // An AWS account ID. This ID is a 12-digit number that you use to construct Amazon + // Resource Names (ARNs) for resources. + OwnerId *string + // The current percent of progress of an asynchronous task. ProgressPercent *int32 // The Amazon Resource Name (ARN) for the backup resource. ResourceARN *string + // The ID of the source backup. Specifies the backup you are copying. + SourceBackupId *string + + // The source Region of the backup. Specifies the Region from where this backup is + // copied. + SourceBackupRegion *string + // Tags associated with a particular file system. Tags []Tag } @@ -429,17 +442,17 @@ type CreateFileSystemWindowsConfiguration struct { // Formatted as a fully-qualified domain name (FQDN), hostname.domain, for example, // accounting.example.com. // - // * Can contain alphanumeric characters and the hyphen - // (-). + // * Can contain alphanumeric characters, the underscore + // (_), and the hyphen (-). // // * Cannot start or end with a hyphen. // - // * Can start with a numeric. + // * Can start with + // a numeric. // - // For DNS - // alias names, Amazon FSx stores alphabetic characters as lowercase letters (a-z), - // regardless of how you specify them: as uppercase letters, lowercase letters, or - // the corresponding letters in escape codes. + // For DNS alias names, Amazon FSx stores alphabetic characters as + // lowercase letters (a-z), regardless of how you specify them: as uppercase + // letters, lowercase letters, or the corresponding letters in escape codes. Aliases []string // The number of days to retain automatic backups. The default is to retain backups @@ -490,7 +503,9 @@ type CreateFileSystemWindowsConfiguration struct { // The configuration that Amazon FSx uses to join the Windows File Server instance // to your self-managed (including on-premises) Microsoft Active Directory (AD) - // directory. + // directory. For more information, see Using Amazon FSx with your self-managed + // Microsoft Active Directory + // (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html). SelfManagedActiveDirectoryConfiguration *SelfManagedActiveDirectoryConfiguration // The preferred start time to perform weekly maintenance, formatted d:HH:MM in the @@ -1001,22 +1016,13 @@ type SelfManagedActiveDirectoryAttributes struct { // The configuration that Amazon FSx uses to join the Windows File Server instance // to your self-managed (including on-premises) Microsoft Active Directory (AD) -// directory. +// directory. For more information, see Using Amazon FSx with your self-managed +// Microsoft Active Directory +// (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html). type SelfManagedActiveDirectoryConfiguration struct { // A list of up to two IP addresses of DNS servers or domain controllers in the - // self-managed AD directory. The IP addresses need to be either in the same VPC - // CIDR range as the one in which your Amazon FSx file system is being created, or - // in the private IP version 4 (IPv4) address ranges, as specified in RFC 1918 - // (http://www.faqs.org/rfcs/rfc1918.html): - // - // * 10.0.0.0 - 10.255.255.255 (10/8 - // prefix) - // - // * 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) - // - // * 192.168.0.0 - - // 192.168.255.255 (192.168/16 prefix) + // self-managed AD directory. // // This member is required. DnsIps []string @@ -1182,8 +1188,8 @@ type UpdateFileSystemWindowsConfiguration struct { // The configuration for this Microsoft Windows file system. type WindowsFileSystemConfiguration struct { - // The ID for an existing Microsoft Active Directory instance that the file system - // should join when it's created. + // The ID for an existing AWS Managed Microsoft Active Directory instance that the + // file system is joined to. ActiveDirectoryId *string // An array of one or more DNS aliases that are currently associated with the @@ -1251,9 +1257,9 @@ type WindowsFileSystemConfiguration struct { // SubnetIds property. Amazon FSx serves traffic from this subnet except in the // event of a failover to the secondary file server. For SINGLE_AZ_1 and // SINGLE_AZ_2 deployment types, this value is the same as that for SubnetIDs. For - // more information, see Availability and Durability: Single-AZ and Multi-AZ File - // Systems - // (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/high-availability-multiAZ.html#single-multi-az-resources) + // more information, see Availability and durability: Single-AZ and Multi-AZ file + // systems + // (https://docs.aws.amazon.com/fsx/latest/WindowsGuide/high-availability-multiAZ.html#single-multi-az-resources). PreferredSubnetId *string // For MULTI_AZ_1 deployment types, use this endpoint when performing @@ -1267,7 +1273,7 @@ type WindowsFileSystemConfiguration struct { // to which the Windows File Server instance is joined. SelfManagedActiveDirectoryConfiguration *SelfManagedActiveDirectoryAttributes - // The throughput of an Amazon FSx file system, measured in megabytes per second. + // The throughput of the Amazon FSx file system, measured in megabytes per second. ThroughputCapacity *int32 // The preferred start time to perform weekly maintenance, formatted d:HH:MM in the diff --git a/service/fsx/validators.go b/service/fsx/validators.go index ca47a2dc276..24591f32c7b 100644 --- a/service/fsx/validators.go +++ b/service/fsx/validators.go @@ -50,6 +50,26 @@ func (m *validateOpCancelDataRepositoryTask) HandleInitialize(ctx context.Contex return next.HandleInitialize(ctx, in) } +type validateOpCopyBackup struct { +} + +func (*validateOpCopyBackup) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpCopyBackup) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*CopyBackupInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpCopyBackupInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpCreateBackup struct { } @@ -298,6 +318,10 @@ func addOpCancelDataRepositoryTaskValidationMiddleware(stack *middleware.Stack) return stack.Initialize.Add(&validateOpCancelDataRepositoryTask{}, middleware.After) } +func addOpCopyBackupValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpCopyBackup{}, middleware.After) +} + func addOpCreateBackupValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpCreateBackup{}, middleware.After) } @@ -507,6 +531,26 @@ func validateOpCancelDataRepositoryTaskInput(v *CancelDataRepositoryTaskInput) e } } +func validateOpCopyBackupInput(v *CopyBackupInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CopyBackupInput"} + if v.SourceBackupId == nil { + invalidParams.Add(smithy.NewErrParamRequired("SourceBackupId")) + } + if v.Tags != nil { + if err := validateTags(v.Tags); err != nil { + invalidParams.AddNested("Tags", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpCreateBackupInput(v *CreateBackupInput) error { if v == nil { return nil diff --git a/service/guardduty/internal/endpoints/endpoints.go b/service/guardduty/internal/endpoints/endpoints.go index e6dccdade4d..cb108737298 100644 --- a/service/guardduty/internal/endpoints/endpoints.go +++ b/service/guardduty/internal/endpoints/endpoints.go @@ -67,6 +67,7 @@ var defaultPartitions = endpoints.Partitions{ "ap-east-1": endpoints.Endpoint{}, "ap-northeast-1": endpoints.Endpoint{}, "ap-northeast-2": endpoints.Endpoint{}, + "ap-northeast-3": endpoints.Endpoint{}, "ap-south-1": endpoints.Endpoint{}, "ap-southeast-1": endpoints.Endpoint{}, "ap-southeast-2": endpoints.Endpoint{}, diff --git a/service/internal/benchmark/go.mod b/service/internal/benchmark/go.mod index dd2f3a4d680..3934be185e1 100644 --- a/service/internal/benchmark/go.mod +++ b/service/internal/benchmark/go.mod @@ -8,7 +8,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/dynamodb v1.2.2 github.com/aws/aws-sdk-go-v2/service/lexruntimeservice v1.3.0 github.com/aws/smithy-go v1.3.1 - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.0.4 ) replace github.com/aws/aws-sdk-go-v2 => ../../../ diff --git a/service/internal/integrationtest/go.mod b/service/internal/integrationtest/go.mod index 8035b21d5e8..8c05166659c 100644 --- a/service/internal/integrationtest/go.mod +++ b/service/internal/integrationtest/go.mod @@ -86,12 +86,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/workspaces v1.2.2 github.com/aws/smithy-go v1.3.1 github.com/google/go-cmp v0.5.4 - github.com/aws/aws-sdk-go-v2/credentials v1.1.5 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.6 - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.0.4 - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.6 - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.2.2 - github.com/aws/aws-sdk-go-v2/service/sso v1.1.5 ) go 1.15 diff --git a/service/lightsail/api_op_CreateRelationalDatabase.go b/service/lightsail/api_op_CreateRelationalDatabase.go index c586a36e270..518d0dd9a42 100644 --- a/service/lightsail/api_op_CreateRelationalDatabase.go +++ b/service/lightsail/api_op_CreateRelationalDatabase.go @@ -32,32 +32,81 @@ func (c *Client) CreateRelationalDatabase(ctx context.Context, params *CreateRel type CreateRelationalDatabaseInput struct { - // The name of the master database created when the Lightsail database resource is - // created. Constraints: + // The meaning of this parameter differs according to the database engine you use. + // MySQL The name of the database to create when the Lightsail database resource is + // created. If this parameter isn't specified, no database is created in the + // database resource. Constraints: // - // * Must contain from 1 to 64 alphanumeric characters. + // * Must contain 1 to 64 letters or numbers. // // * - // Cannot be a word reserved by the specified database engine + // Must begin with a letter. Subsequent characters can be letters, underscores, or + // digits (0- 9). + // + // * Can't be a word reserved by the specified database engine. For + // more information about reserved words in MySQL, see the Keywords and Reserved + // Words articles for MySQL 5.6 + // (https://dev.mysql.com/doc/refman/5.6/en/keywords.html), MySQL 5.7 + // (https://dev.mysql.com/doc/refman/5.7/en/keywords.html), and MySQL 8.0 + // (https://dev.mysql.com/doc/refman/8.0/en/keywords.html). + // + // PostgreSQL The name of + // the database to create when the Lightsail database resource is created. If this + // parameter isn't specified, a database named postgres is created in the database + // resource. Constraints: + // + // * Must contain 1 to 63 letters or numbers. + // + // * Must begin + // with a letter. Subsequent characters can be letters, underscores, or digits (0- + // 9). + // + // * Can't be a word reserved by the specified database engine. For more + // information about reserved words in PostgreSQL, see the SQL Key Words articles + // for PostgreSQL 9.6 + // (https://www.postgresql.org/docs/9.6/sql-keywords-appendix.html), PostgreSQL 10 + // (https://www.postgresql.org/docs/10/sql-keywords-appendix.html), PostgreSQL 11 + // (https://www.postgresql.org/docs/11/sql-keywords-appendix.html), and PostgreSQL + // 12 (https://www.postgresql.org/docs/12/sql-keywords-appendix.html). // // This member is required. MasterDatabaseName *string - // The master user name for your new database. Constraints: + // The name for the master user. MySQL Constraints: + // + // * Required for MySQL. + // + // * Must + // be 1 to 16 letters or numbers. Can contain underscores. + // + // * First character must + // be a letter. + // + // * Can't be a reserved word for the chosen database engine. For + // more information about reserved words in MySQL 5.6 or 5.7, see the Keywords and + // Reserved Words articles for MySQL 5.6 + // (https://dev.mysql.com/doc/refman/5.6/en/keywords.html), MySQL 5.7 + // (https://dev.mysql.com/doc/refman/5.7/en/keywords.html), or MySQL 8.0 + // (https://dev.mysql.com/doc/refman/8.0/en/keywords.html). + // + // PostgreSQL + // Constraints: // - // * Master user name is - // required. + // * Required for PostgreSQL. // - // * Must contain from 1 to 16 alphanumeric characters. + // * Must be 1 to 63 letters or numbers. + // Can contain underscores. // - // * The first - // character must be a letter. + // * First character must be a letter. // - // * Cannot be a reserved word for the database engine - // you choose. For more information about reserved words in MySQL 5.6 or 5.7, see - // the Keywords and Reserved Words articles for MySQL 5.6 - // (https://dev.mysql.com/doc/refman/5.6/en/keywords.html) or MySQL 5.7 - // (https://dev.mysql.com/doc/refman/5.7/en/keywords.html) respectively. + // * Can't be a + // reserved word for the chosen database engine. For more information about + // reserved words in MySQL 5.6 or 5.7, see the Keywords and Reserved Words articles + // for PostgreSQL 9.6 + // (https://www.postgresql.org/docs/9.6/sql-keywords-appendix.html), PostgreSQL 10 + // (https://www.postgresql.org/docs/10/sql-keywords-appendix.html), PostgreSQL 11 + // (https://www.postgresql.org/docs/11/sql-keywords-appendix.html), and PostgreSQL + // 12 (https://www.postgresql.org/docs/12/sql-keywords-appendix.html). // // This member is required. MasterUsername *string @@ -93,9 +142,10 @@ type CreateRelationalDatabaseInput struct { // Zones parameter to your request. AvailabilityZone *string - // The password for the master user of your new database. The password can include - // any printable ASCII character except "/", """, or "@". Constraints: Must contain - // 8 to 41 characters. + // The password for the master user. The password can include any printable ASCII + // character except "/", """, or "@". It cannot contain spaces. MySQL Constraints: + // Must contain from 8 to 41 characters. PostgreSQL Constraints: Must contain from + // 8 to 128 characters. MasterUserPassword *string // The daily time range during which automated backups are created for your new diff --git a/service/lightsail/api_op_CreateRelationalDatabaseFromSnapshot.go b/service/lightsail/api_op_CreateRelationalDatabaseFromSnapshot.go index 84fb878474c..62d5aaf7108 100644 --- a/service/lightsail/api_op_CreateRelationalDatabaseFromSnapshot.go +++ b/service/lightsail/api_op_CreateRelationalDatabaseFromSnapshot.go @@ -37,13 +37,13 @@ func (c *Client) CreateRelationalDatabaseFromSnapshot(ctx context.Context, param type CreateRelationalDatabaseFromSnapshotInput struct { - // The name to use for your new database. Constraints: + // The name to use for your new Lightsail database resource. Constraints: // - // * Must contain from 2 to - // 255 alphanumeric characters, or hyphens. + // * Must + // contain from 2 to 255 alphanumeric characters, or hyphens. // - // * The first and last character must be - // a letter or number. + // * The first and last + // character must be a letter or number. // // This member is required. RelationalDatabaseName *string diff --git a/service/lightsail/api_op_UpdateRelationalDatabase.go b/service/lightsail/api_op_UpdateRelationalDatabase.go index 9a12535ad7e..7d1ae43b2f5 100644 --- a/service/lightsail/api_op_UpdateRelationalDatabase.go +++ b/service/lightsail/api_op_UpdateRelationalDatabase.go @@ -35,7 +35,7 @@ func (c *Client) UpdateRelationalDatabase(ctx context.Context, params *UpdateRel type UpdateRelationalDatabaseInput struct { - // The name of your database to update. + // The name of your Lightsail database resource to update. // // This member is required. RelationalDatabaseName *string @@ -58,9 +58,9 @@ type UpdateRelationalDatabaseInput struct { // applied during the next maintenance window because this can result in an outage. EnableBackupRetention *bool - // The password for the master user of your database. The password can include any - // printable ASCII character except "/", """, or "@". Constraints: Must contain 8 - // to 41 characters. + // The password for the master user. The password can include any printable ASCII + // character except "/", """, or "@". MySQL Constraints: Must contain from 8 to 41 + // characters. PostgreSQL Constraints: Must contain from 8 to 128 characters. MasterUserPassword *string // The daily time range during which automated backups are created for your diff --git a/service/lookoutequipment/internal/endpoints/endpoints.go b/service/lookoutequipment/internal/endpoints/endpoints.go index 6595ece909b..e0a2bc8771b 100644 --- a/service/lookoutequipment/internal/endpoints/endpoints.go +++ b/service/lookoutequipment/internal/endpoints/endpoints.go @@ -62,6 +62,11 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.Aws, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + "ap-northeast-2": endpoints.Endpoint{}, + "eu-west-1": endpoints.Endpoint{}, + "us-east-1": endpoints.Endpoint{}, + }, }, { ID: "aws-cn", diff --git a/service/mediaconnect/api_op_DescribeFlow.go b/service/mediaconnect/api_op_DescribeFlow.go index e16b9fb98c2..d9a2bbc6ac9 100644 --- a/service/mediaconnect/api_op_DescribeFlow.go +++ b/service/mediaconnect/api_op_DescribeFlow.go @@ -4,11 +4,17 @@ package mediaconnect import ( "context" + "errors" + "fmt" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" "github.com/aws/aws-sdk-go-v2/aws/signer/v4" "github.com/aws/aws-sdk-go-v2/service/mediaconnect/types" "github.com/aws/smithy-go/middleware" + smithytime "github.com/aws/smithy-go/time" smithyhttp "github.com/aws/smithy-go/transport/http" + smithywaiter "github.com/aws/smithy-go/waiter" + "github.com/jmespath/go-jmespath" + "time" ) // Displays the details of a flow. The response includes the flow ARN, name, and @@ -112,6 +118,617 @@ func addOperationDescribeFlowMiddlewares(stack *middleware.Stack, options Option return nil } +// DescribeFlowAPIClient is a client that implements the DescribeFlow operation. +type DescribeFlowAPIClient interface { + DescribeFlow(context.Context, *DescribeFlowInput, ...func(*Options)) (*DescribeFlowOutput, error) +} + +var _ DescribeFlowAPIClient = (*Client)(nil) + +// FlowActiveWaiterOptions are waiter options for FlowActiveWaiter +type FlowActiveWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + APIOptions []func(*middleware.Stack) error + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // FlowActiveWaiter will use default minimum delay of 3 seconds. Note that MinDelay + // must resolve to a value lesser than or equal to the MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or set + // to zero, FlowActiveWaiter will use default max delay of 120 seconds. Note that + // MaxDelay must resolve to value greater than or equal to the MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. By + // default service-modeled logic will populate this option. This option can thus be + // used to define a custom waiter state with fall-back to service-modeled waiter + // state mutators.The function returns an error in case of a failure state. In case + // of retry state, this function returns a bool value of true and nil error, while + // in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeFlowInput, *DescribeFlowOutput, error) (bool, error) +} + +// FlowActiveWaiter defines the waiters for FlowActive +type FlowActiveWaiter struct { + client DescribeFlowAPIClient + + options FlowActiveWaiterOptions +} + +// NewFlowActiveWaiter constructs a FlowActiveWaiter. +func NewFlowActiveWaiter(client DescribeFlowAPIClient, optFns ...func(*FlowActiveWaiterOptions)) *FlowActiveWaiter { + options := FlowActiveWaiterOptions{} + options.MinDelay = 3 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = flowActiveStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &FlowActiveWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for FlowActive waiter. The maxWaitDur is the +// maximum wait duration the waiter will wait. The maxWaitDur is required and must +// be greater than zero. +func (w *FlowActiveWaiter) Wait(ctx context.Context, params *DescribeFlowInput, maxWaitDur time.Duration, optFns ...func(*FlowActiveWaiterOptions)) error { + if maxWaitDur <= 0 { + return fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeFlow(ctx, params, func(o *Options) { + o.APIOptions = append(o.APIOptions, apiOptions...) + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return err + } + if !retryable { + return nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return fmt.Errorf("exceeded max wait time for FlowActive waiter") +} + +func flowActiveStateRetryable(ctx context.Context, input *DescribeFlowInput, output *DescribeFlowOutput, err error) (bool, error) { + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "ACTIVE" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return false, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "STARTING" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return true, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "UPDATING" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return true, nil + } + } + + if err != nil { + var errorType *types.InternalServerErrorException + if errors.As(err, &errorType) { + return true, nil + } + } + + if err != nil { + var errorType *types.ServiceUnavailableException + if errors.As(err, &errorType) { + return true, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "ERROR" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + return true, nil +} + +// FlowDeletedWaiterOptions are waiter options for FlowDeletedWaiter +type FlowDeletedWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + APIOptions []func(*middleware.Stack) error + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // FlowDeletedWaiter will use default minimum delay of 3 seconds. Note that + // MinDelay must resolve to a value lesser than or equal to the MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or set + // to zero, FlowDeletedWaiter will use default max delay of 120 seconds. Note that + // MaxDelay must resolve to value greater than or equal to the MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. By + // default service-modeled logic will populate this option. This option can thus be + // used to define a custom waiter state with fall-back to service-modeled waiter + // state mutators.The function returns an error in case of a failure state. In case + // of retry state, this function returns a bool value of true and nil error, while + // in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeFlowInput, *DescribeFlowOutput, error) (bool, error) +} + +// FlowDeletedWaiter defines the waiters for FlowDeleted +type FlowDeletedWaiter struct { + client DescribeFlowAPIClient + + options FlowDeletedWaiterOptions +} + +// NewFlowDeletedWaiter constructs a FlowDeletedWaiter. +func NewFlowDeletedWaiter(client DescribeFlowAPIClient, optFns ...func(*FlowDeletedWaiterOptions)) *FlowDeletedWaiter { + options := FlowDeletedWaiterOptions{} + options.MinDelay = 3 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = flowDeletedStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &FlowDeletedWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for FlowDeleted waiter. The maxWaitDur is the +// maximum wait duration the waiter will wait. The maxWaitDur is required and must +// be greater than zero. +func (w *FlowDeletedWaiter) Wait(ctx context.Context, params *DescribeFlowInput, maxWaitDur time.Duration, optFns ...func(*FlowDeletedWaiterOptions)) error { + if maxWaitDur <= 0 { + return fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeFlow(ctx, params, func(o *Options) { + o.APIOptions = append(o.APIOptions, apiOptions...) + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return err + } + if !retryable { + return nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return fmt.Errorf("exceeded max wait time for FlowDeleted waiter") +} + +func flowDeletedStateRetryable(ctx context.Context, input *DescribeFlowInput, output *DescribeFlowOutput, err error) (bool, error) { + + if err != nil { + var errorType *types.NotFoundException + if errors.As(err, &errorType) { + return false, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "DELETING" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return true, nil + } + } + + if err != nil { + var errorType *types.InternalServerErrorException + if errors.As(err, &errorType) { + return true, nil + } + } + + if err != nil { + var errorType *types.ServiceUnavailableException + if errors.As(err, &errorType) { + return true, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "ERROR" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + return true, nil +} + +// FlowStandbyWaiterOptions are waiter options for FlowStandbyWaiter +type FlowStandbyWaiterOptions struct { + + // Set of options to modify how an operation is invoked. These apply to all + // operations invoked for this client. Use functional options on operation call to + // modify this list for per operation behavior. + APIOptions []func(*middleware.Stack) error + + // MinDelay is the minimum amount of time to delay between retries. If unset, + // FlowStandbyWaiter will use default minimum delay of 3 seconds. Note that + // MinDelay must resolve to a value lesser than or equal to the MaxDelay. + MinDelay time.Duration + + // MaxDelay is the maximum amount of time to delay between retries. If unset or set + // to zero, FlowStandbyWaiter will use default max delay of 120 seconds. Note that + // MaxDelay must resolve to value greater than or equal to the MinDelay. + MaxDelay time.Duration + + // LogWaitAttempts is used to enable logging for waiter retry attempts + LogWaitAttempts bool + + // Retryable is function that can be used to override the service defined + // waiter-behavior based on operation output, or returned error. This function is + // used by the waiter to decide if a state is retryable or a terminal state. By + // default service-modeled logic will populate this option. This option can thus be + // used to define a custom waiter state with fall-back to service-modeled waiter + // state mutators.The function returns an error in case of a failure state. In case + // of retry state, this function returns a bool value of true and nil error, while + // in case of success it returns a bool value of false and nil error. + Retryable func(context.Context, *DescribeFlowInput, *DescribeFlowOutput, error) (bool, error) +} + +// FlowStandbyWaiter defines the waiters for FlowStandby +type FlowStandbyWaiter struct { + client DescribeFlowAPIClient + + options FlowStandbyWaiterOptions +} + +// NewFlowStandbyWaiter constructs a FlowStandbyWaiter. +func NewFlowStandbyWaiter(client DescribeFlowAPIClient, optFns ...func(*FlowStandbyWaiterOptions)) *FlowStandbyWaiter { + options := FlowStandbyWaiterOptions{} + options.MinDelay = 3 * time.Second + options.MaxDelay = 120 * time.Second + options.Retryable = flowStandbyStateRetryable + + for _, fn := range optFns { + fn(&options) + } + return &FlowStandbyWaiter{ + client: client, + options: options, + } +} + +// Wait calls the waiter function for FlowStandby waiter. The maxWaitDur is the +// maximum wait duration the waiter will wait. The maxWaitDur is required and must +// be greater than zero. +func (w *FlowStandbyWaiter) Wait(ctx context.Context, params *DescribeFlowInput, maxWaitDur time.Duration, optFns ...func(*FlowStandbyWaiterOptions)) error { + if maxWaitDur <= 0 { + return fmt.Errorf("maximum wait time for waiter must be greater than zero") + } + + options := w.options + for _, fn := range optFns { + fn(&options) + } + + if options.MaxDelay <= 0 { + options.MaxDelay = 120 * time.Second + } + + if options.MinDelay > options.MaxDelay { + return fmt.Errorf("minimum waiter delay %v must be lesser than or equal to maximum waiter delay of %v.", options.MinDelay, options.MaxDelay) + } + + ctx, cancelFn := context.WithTimeout(ctx, maxWaitDur) + defer cancelFn() + + logger := smithywaiter.Logger{} + remainingTime := maxWaitDur + + var attempt int64 + for { + + attempt++ + apiOptions := options.APIOptions + start := time.Now() + + if options.LogWaitAttempts { + logger.Attempt = attempt + apiOptions = append([]func(*middleware.Stack) error{}, options.APIOptions...) + apiOptions = append(apiOptions, logger.AddLogger) + } + + out, err := w.client.DescribeFlow(ctx, params, func(o *Options) { + o.APIOptions = append(o.APIOptions, apiOptions...) + }) + + retryable, err := options.Retryable(ctx, params, out, err) + if err != nil { + return err + } + if !retryable { + return nil + } + + remainingTime -= time.Since(start) + if remainingTime < options.MinDelay || remainingTime <= 0 { + break + } + + // compute exponential backoff between waiter retries + delay, err := smithywaiter.ComputeDelay( + attempt, options.MinDelay, options.MaxDelay, remainingTime, + ) + if err != nil { + return fmt.Errorf("error computing waiter delay, %w", err) + } + + remainingTime -= delay + // sleep for the delay amount before invoking a request + if err := smithytime.SleepWithContext(ctx, delay); err != nil { + return fmt.Errorf("request cancelled while waiting, %w", err) + } + } + return fmt.Errorf("exceeded max wait time for FlowStandby waiter") +} + +func flowStandbyStateRetryable(ctx context.Context, input *DescribeFlowInput, output *DescribeFlowOutput, err error) (bool, error) { + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "STANDBY" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return false, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "STOPPING" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return true, nil + } + } + + if err != nil { + var errorType *types.InternalServerErrorException + if errors.As(err, &errorType) { + return true, nil + } + } + + if err != nil { + var errorType *types.ServiceUnavailableException + if errors.As(err, &errorType) { + return true, nil + } + } + + if err == nil { + pathValue, err := jmespath.Search("Flow.Status", output) + if err != nil { + return false, fmt.Errorf("error evaluating waiter state: %w", err) + } + + expectedValue := "ERROR" + value, ok := pathValue.(types.Status) + if !ok { + return false, fmt.Errorf("waiter comparator expected types.Status value, got %T", pathValue) + } + + if string(value) == expectedValue { + return false, fmt.Errorf("waiter state transitioned to Failure") + } + } + + return true, nil +} + func newServiceMetadataMiddleware_opDescribeFlow(region string) *awsmiddleware.RegisterServiceMetadata { return &awsmiddleware.RegisterServiceMetadata{ Region: region, diff --git a/service/mediaconnect/deserializers.go b/service/mediaconnect/deserializers.go index b1f2546d2d6..59a666d6919 100644 --- a/service/mediaconnect/deserializers.go +++ b/service/mediaconnect/deserializers.go @@ -6097,6 +6097,15 @@ func awsRestjson1_deserializeDocumentOutput(v **types.Output, value interface{}) sv.EntitlementArn = ptr.String(jtv) } + case "listenerAddress": + if value != nil { + jtv, ok := value.(string) + if !ok { + return fmt.Errorf("expected __string to be of type string, got %T instead", value) + } + sv.ListenerAddress = ptr.String(jtv) + } + case "mediaLiveInputArn": if value != nil { jtv, ok := value.(string) diff --git a/service/mediaconnect/go.mod b/service/mediaconnect/go.mod index 3d2d9840810..d2d0603fd26 100644 --- a/service/mediaconnect/go.mod +++ b/service/mediaconnect/go.mod @@ -5,6 +5,7 @@ go 1.15 require ( github.com/aws/aws-sdk-go-v2 v1.3.2 github.com/aws/smithy-go v1.3.1 + github.com/jmespath/go-jmespath v0.4.0 ) replace github.com/aws/aws-sdk-go-v2 => ../../ diff --git a/service/mediaconnect/go.sum b/service/mediaconnect/go.sum index c903277970f..9539b2f19b9 100644 --- a/service/mediaconnect/go.sum +++ b/service/mediaconnect/go.sum @@ -1,13 +1,19 @@ github.com/aws/smithy-go v1.3.1 h1:xJFO4pK0y9J8fCl34uGsSJX5KNnGbdARDlA5BPhXnwE= github.com/aws/smithy-go v1.3.1/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= +github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/google/go-cmp v0.5.4 h1:L8R9j+yAqZuZjsqh/z+F1NCffTKKLShY6zXTItVIZ8M= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= +github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/service/mediaconnect/types/types.go b/service/mediaconnect/types/types.go index 93fe56d7abd..187bd927dca 100644 --- a/service/mediaconnect/types/types.go +++ b/service/mediaconnect/types/types.go @@ -377,6 +377,13 @@ type Output struct { // only on entitled flows. EntitlementArn *string + // The IP address that the receiver requires in order to establish a connection + // with the flow. For public networking, the ListenerAddress is represented by the + // elastic IP address of the flow. For private networking, the ListenerAddress is + // represented by the elastic network interface IP address of the VPC. This field + // applies only to outputs that use the Zixi pull or SRT listener protocol. + ListenerAddress *string + // The input ARN of the AWS Elemental MediaLive channel. This parameter is relevant // only for outputs that were added by creating a MediaLive input. MediaLiveInputArn *string diff --git a/service/mq/internal/endpoints/endpoints.go b/service/mq/internal/endpoints/endpoints.go index a1e0f7df4d7..273912eab5d 100644 --- a/service/mq/internal/endpoints/endpoints.go +++ b/service/mq/internal/endpoints/endpoints.go @@ -118,6 +118,10 @@ var defaultPartitions = endpoints.Partitions{ }, RegionRegex: partitionRegexp.AwsCn, IsRegionalized: true, + Endpoints: endpoints.Endpoints{ + "cn-north-1": endpoints.Endpoint{}, + "cn-northwest-1": endpoints.Endpoint{}, + }, }, { ID: "aws-iso", diff --git a/service/rds/api_op_CreateDBCluster.go b/service/rds/api_op_CreateDBCluster.go index 1e42eb6f442..0a95a2e052b 100644 --- a/service/rds/api_op_CreateDBCluster.go +++ b/service/rds/api_op_CreateDBCluster.go @@ -297,9 +297,8 @@ type CreateDBClusterInput struct { // The daily time range during which automated backups are created if automated // backups are enabled using the BackupRetentionPeriod parameter. The default is a // 30-minute window selected at random from an 8-hour block of time for each AWS - // Region. To see the time blocks available, see Adjusting the Preferred DB - // Cluster Maintenance Window - // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // Region. To view the time blocks available, see Backup window + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. Constraints: // // * Must be in the format diff --git a/service/rds/api_op_CreateDBInstance.go b/service/rds/api_op_CreateDBInstance.go index d43ebe4359d..4963205200e 100644 --- a/service/rds/api_op_CreateDBInstance.go +++ b/service/rds/api_op_CreateDBInstance.go @@ -551,26 +551,23 @@ type CreateDBInstanceInput struct { Port *int32 // The daily time range during which automated backups are created if automated - // backups are enabled, using the BackupRetentionPeriod parameter. For more - // information, see The Backup Window + // backups are enabled, using the BackupRetentionPeriod parameter. The default is a + // 30-minute window selected at random from an 8-hour block of time for each AWS + // Region. For more information, see Backup window // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) // in the Amazon RDS User Guide. Amazon Aurora Not applicable. The daily time range - // for creating automated backups is managed by the DB cluster. The default is a - // 30-minute window selected at random from an 8-hour block of time for each AWS - // Region. To see the time blocks available, see Adjusting the Preferred DB - // Instance Maintenance Window - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow) - // in the Amazon RDS User Guide. Constraints: + // for creating automated backups is managed by the DB cluster. Constraints: // - // * Must be in the format - // hh24:mi-hh24:mi. + // * + // Must be in the format hh24:mi-hh24:mi. // - // * Must be in Universal Coordinated Time (UTC). + // * Must be in Universal Coordinated Time + // (UTC). // - // * Must not - // conflict with the preferred maintenance window. + // * Must not conflict with the preferred maintenance window. // - // * Must be at least 30 minutes. + // * Must be at + // least 30 minutes. PreferredBackupWindow *string // The time range each week during which system maintenance can occur, in Universal diff --git a/service/rds/api_op_CreateEventSubscription.go b/service/rds/api_op_CreateEventSubscription.go index e1ec8aae02a..62302f59291 100644 --- a/service/rds/api_op_CreateEventSubscription.go +++ b/service/rds/api_op_CreateEventSubscription.go @@ -76,11 +76,11 @@ type CreateEventSubscriptionInput struct { // begin with a letter and must contain only ASCII letters, digits, and hyphens. It // can't end with a hyphen or contain two consecutive hyphens. Constraints: // - // * If a - // SourceIds value is supplied, SourceType must also be provided. + // * If + // SourceIds are supplied, SourceType must also be provided. // - // * If the source - // type is a DB instance, a DBInstanceIdentifier value must be supplied. + // * If the source type + // is a DB instance, a DBInstanceIdentifier value must be supplied. // // * If the // source type is a DB cluster, a DBClusterIdentifier value must be supplied. diff --git a/service/rds/api_op_FailoverGlobalCluster.go b/service/rds/api_op_FailoverGlobalCluster.go index 644ce86e992..fdc59001ca4 100644 --- a/service/rds/api_op_FailoverGlobalCluster.go +++ b/service/rds/api_op_FailoverGlobalCluster.go @@ -19,7 +19,7 @@ import ( // The selected secondary DB cluster assumes full read/write capabilities for the // Aurora global database. For more information about failing over an Amazon Aurora // global database, see Managed planned failover for Amazon Aurora global databases -// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.managed-failover) +// (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database-disaster-recovery.html#aurora-global-database-disaster-recovery.managed-failover) // in the Amazon Aurora User Guide. This action applies to GlobalCluster (Aurora // global databases) only. Use this action only on healthy Aurora global databases // with running Aurora DB clusters and no Region-wide outages, to test disaster diff --git a/service/rds/api_op_ModifyDBCluster.go b/service/rds/api_op_ModifyDBCluster.go index 43c2133b461..0bccf2f292f 100644 --- a/service/rds/api_op_ModifyDBCluster.go +++ b/service/rds/api_op_ModifyDBCluster.go @@ -196,9 +196,8 @@ type ModifyDBClusterInput struct { // The daily time range during which automated backups are created if automated // backups are enabled, using the BackupRetentionPeriod parameter. The default is a // 30-minute window selected at random from an 8-hour block of time for each AWS - // Region. To see the time blocks available, see Adjusting the Preferred DB - // Cluster Maintenance Window - // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // Region. To view the time blocks available, see Backup window + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. Constraints: // // * Must be in the format diff --git a/service/rds/api_op_ModifyDBInstance.go b/service/rds/api_op_ModifyDBInstance.go index 3f2cd2bf8b0..2e746b402d3 100644 --- a/service/rds/api_op_ModifyDBInstance.go +++ b/service/rds/api_op_ModifyDBInstance.go @@ -82,26 +82,26 @@ type ModifyDBInstanceInput struct { // The number of days to retain automated backups. Setting this parameter to a // positive number enables backups. Setting this parameter to 0 disables automated - // backups. Changing this parameter can result in an outage if you change from 0 to - // a non-zero value or from a non-zero value to 0. These changes are applied during - // the next maintenance window unless the ApplyImmediately parameter is enabled for - // this request. If you change the parameter from one non-zero value to another - // non-zero value, the change is asynchronously applied as soon as possible. Amazon - // Aurora Not applicable. The retention period for automated backups is managed by - // the DB cluster. For more information, see ModifyDBCluster. Default: Uses - // existing setting Constraints: + // backups. Enabling and disabling backups can result in a brief I/O suspension + // that lasts from a few seconds to a few minutes, depending on the size and class + // of your DB instance. These changes are applied during the next maintenance + // window unless the ApplyImmediately parameter is enabled for this request. If you + // change the parameter from one non-zero value to another non-zero value, the + // change is asynchronously applied as soon as possible. Amazon Aurora Not + // applicable. The retention period for automated backups is managed by the DB + // cluster. For more information, see ModifyDBCluster. Default: Uses existing + // setting Constraints: // // * Must be a value from 0 to 35 // - // * Can be - // specified for a MySQL read replica only if the source is running MySQL 5.6 or - // later + // * Can be specified for a + // MySQL read replica only if the source is running MySQL 5.6 or later // - // * Can be specified for a PostgreSQL read replica only if the source is - // running PostgreSQL 9.3.5 + // * Can be + // specified for a PostgreSQL read replica only if the source is running PostgreSQL + // 9.3.5 // - // * Can't be set to 0 if the DB instance is a source to - // read replicas + // * Can't be set to 0 if the DB instance is a source to read replicas BackupRetentionPeriod *int32 // Indicates the certificate that needs to be associated with the instance. @@ -370,9 +370,13 @@ type ModifyDBInstanceInput struct { // The daily time range during which automated backups are created if automated // backups are enabled, as determined by the BackupRetentionPeriod parameter. // Changing this parameter doesn't result in an outage and the change is - // asynchronously applied as soon as possible. Amazon Aurora Not applicable. The - // daily time range for creating automated backups is managed by the DB cluster. - // For more information, see ModifyDBCluster. Constraints: + // asynchronously applied as soon as possible. The default is a 30-minute window + // selected at random from an 8-hour block of time for each AWS Region. For more + // information, see Backup window + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) + // in the Amazon RDS User Guide. Amazon Aurora Not applicable. The daily time range + // for creating automated backups is managed by the DB cluster. For more + // information, see ModifyDBCluster. Constraints: // // * Must be in the format // hh24:mi-hh24:mi @@ -392,9 +396,12 @@ type ModifyDBInstanceInput struct { // maintenance window is changed to include the current time, then changing this // parameter will cause a reboot of the DB instance. If moving this window to the // current time, there must be at least 30 minutes between the current time and end - // of the window to ensure pending changes are applied. Default: Uses existing - // setting Format: ddd:hh24:mi-ddd:hh24:mi Valid Days: Mon | Tue | Wed | Thu | Fri - // | Sat | Sun Constraints: Must be at least 30 minutes + // of the window to ensure pending changes are applied. For more information, see + // Amazon RDS Maintenance Window + // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#Concepts.DBMaintenance) + // in the Amazon RDS User Guide. Default: Uses existing setting Format: + // ddd:hh24:mi-ddd:hh24:mi Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun + // Constraints: Must be at least 30 minutes PreferredMaintenanceWindow *string // The number of CPU cores and the number of threads per core for the DB instance diff --git a/service/rds/api_op_RestoreDBClusterFromS3.go b/service/rds/api_op_RestoreDBClusterFromS3.go index 0a88baad8dc..d8eab1429c8 100644 --- a/service/rds/api_op_RestoreDBClusterFromS3.go +++ b/service/rds/api_op_RestoreDBClusterFromS3.go @@ -220,9 +220,8 @@ type RestoreDBClusterFromS3Input struct { // The daily time range during which automated backups are created if automated // backups are enabled using the BackupRetentionPeriod parameter. The default is a // 30-minute window selected at random from an 8-hour block of time for each AWS - // Region. To see the time blocks available, see Adjusting the Preferred - // Maintenance Window - // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) + // Region. To view the time blocks available, see Backup window + // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) // in the Amazon Aurora User Guide. Constraints: // // * Must be in the format diff --git a/service/rds/api_op_RestoreDBInstanceFromS3.go b/service/rds/api_op_RestoreDBInstanceFromS3.go index 98f034141f5..38f46c914df 100644 --- a/service/rds/api_op_RestoreDBInstanceFromS3.go +++ b/service/rds/api_op_RestoreDBInstanceFromS3.go @@ -254,7 +254,7 @@ type RestoreDBInstanceFromS3Input struct { Port *int32 // The time range each day during which automated backups are created if automated - // backups are enabled. For more information, see The Backup Window + // backups are enabled. For more information, see Backup window // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html#USER_WorkingWithAutomatedBackups.BackupWindow) // in the Amazon RDS User Guide. Constraints: // diff --git a/service/rds/api_op_RevokeDBSecurityGroupIngress.go b/service/rds/api_op_RevokeDBSecurityGroupIngress.go index 274ae69c03c..cf00b6c0ce6 100644 --- a/service/rds/api_op_RevokeDBSecurityGroupIngress.go +++ b/service/rds/api_op_RevokeDBSecurityGroupIngress.go @@ -12,7 +12,7 @@ import ( ) // Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or -// EC2 or VPC Security Groups. Required parameters for this API are one of CIDRIP, +// EC2 or VPC security groups. Required parameters for this API are one of CIDRIP, // EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either // EC2SecurityGroupName or EC2SecurityGroupId). func (c *Client) RevokeDBSecurityGroupIngress(ctx context.Context, params *RevokeDBSecurityGroupIngressInput, optFns ...func(*Options)) (*RevokeDBSecurityGroupIngressOutput, error) { diff --git a/service/rds/types/types.go b/service/rds/types/types.go index dd4b96df0a0..e11752aad90 100644 --- a/service/rds/types/types.go +++ b/service/rds/types/types.go @@ -2970,6 +2970,7 @@ type ScalingConfiguration struct { MinCapacity *int32 // The time, in seconds, before an Aurora DB cluster in serverless mode is paused. + // Specify a value between 300 and 86,400 seconds. SecondsUntilAutoPause *int32 // The action to take when the timeout is reached, either ForceApplyCapacityChange diff --git a/service/redshift/api_op_CreateCluster.go b/service/redshift/api_op_CreateCluster.go index 7771a9b1016..30915d422bc 100644 --- a/service/redshift/api_op_CreateCluster.go +++ b/service/redshift/api_op_CreateCluster.go @@ -115,6 +115,19 @@ type CreateClusterInput struct { // Redshift engine that is running on your cluster. Default: true AllowVersionUpgrade *bool + // The value represents how the cluster is configured to use AQUA (Advanced Query + // Accelerator) when it is created. Possible values include the following. + // + // * + // enabled - Use AQUA if it is available for the current AWS Region and Amazon + // Redshift node type. + // + // * disabled - Don't use AQUA. + // + // * auto - Amazon Redshift + // determines whether to use AQUA. + AquaConfigurationStatus types.AquaConfigurationStatus + // The number of days that automated snapshots are retained. If the value is 0, // automated snapshots are disabled. Even if automated snapshots are disabled, you // can still create manual snapshots when you want with CreateClusterSnapshot. You diff --git a/service/redshift/api_op_CreateHsmClientCertificate.go b/service/redshift/api_op_CreateHsmClientCertificate.go index e09ae7739f1..582f4edb5d5 100644 --- a/service/redshift/api_op_CreateHsmClientCertificate.go +++ b/service/redshift/api_op_CreateHsmClientCertificate.go @@ -18,8 +18,8 @@ import ( // an Amazon Redshift HSM configuration that provides a cluster the information // needed to store and use encryption keys in the HSM. For more information, go to // Hardware Security Modules -// (https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-HSM.html) in the -// Amazon Redshift Cluster Management Guide. +// (https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html#working-with-HSM) +// in the Amazon Redshift Cluster Management Guide. func (c *Client) CreateHsmClientCertificate(ctx context.Context, params *CreateHsmClientCertificateInput, optFns ...func(*Options)) (*CreateHsmClientCertificateOutput, error) { if params == nil { params = &CreateHsmClientCertificateInput{} diff --git a/service/redshift/api_op_ModifyAquaConfiguration.go b/service/redshift/api_op_ModifyAquaConfiguration.go new file mode 100644 index 00000000000..ca9261cc03d --- /dev/null +++ b/service/redshift/api_op_ModifyAquaConfiguration.go @@ -0,0 +1,129 @@ +// Code generated by smithy-go-codegen DO NOT EDIT. + +package redshift + +import ( + "context" + awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" + "github.com/aws/aws-sdk-go-v2/aws/signer/v4" + "github.com/aws/aws-sdk-go-v2/service/redshift/types" + "github.com/aws/smithy-go/middleware" + smithyhttp "github.com/aws/smithy-go/transport/http" +) + +// Modifies whether a cluster can use AQUA (Advanced Query Accelerator). +func (c *Client) ModifyAquaConfiguration(ctx context.Context, params *ModifyAquaConfigurationInput, optFns ...func(*Options)) (*ModifyAquaConfigurationOutput, error) { + if params == nil { + params = &ModifyAquaConfigurationInput{} + } + + result, metadata, err := c.invokeOperation(ctx, "ModifyAquaConfiguration", params, optFns, addOperationModifyAquaConfigurationMiddlewares) + if err != nil { + return nil, err + } + + out := result.(*ModifyAquaConfigurationOutput) + out.ResultMetadata = metadata + return out, nil +} + +type ModifyAquaConfigurationInput struct { + + // The identifier of the cluster to be modified. + // + // This member is required. + ClusterIdentifier *string + + // The new value of AQUA configuration status. Possible values include the + // following. + // + // * enabled - Use AQUA if it is available for the current AWS Region + // and Amazon Redshift node type. + // + // * disabled - Don't use AQUA. + // + // * auto - Amazon + // Redshift determines whether to use AQUA. + AquaConfigurationStatus types.AquaConfigurationStatus +} + +type ModifyAquaConfigurationOutput struct { + + // The updated AQUA configuration of the cluster. + AquaConfiguration *types.AquaConfiguration + + // Metadata pertaining to the operation's result. + ResultMetadata middleware.Metadata +} + +func addOperationModifyAquaConfigurationMiddlewares(stack *middleware.Stack, options Options) (err error) { + err = stack.Serialize.Add(&awsAwsquery_serializeOpModifyAquaConfiguration{}, middleware.After) + if err != nil { + return err + } + err = stack.Deserialize.Add(&awsAwsquery_deserializeOpModifyAquaConfiguration{}, middleware.After) + if err != nil { + return err + } + if err = addSetLoggerMiddleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { + return err + } + if err = addResolveEndpointMiddleware(stack, options); err != nil { + return err + } + if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { + return err + } + if err = addRetryMiddlewares(stack, options); err != nil { + return err + } + if err = addHTTPSignerV4Middleware(stack, options); err != nil { + return err + } + if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { + return err + } + if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { + return err + } + if err = addClientUserAgent(stack); err != nil { + return err + } + if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { + return err + } + if err = addOpModifyAquaConfigurationValidationMiddleware(stack); err != nil { + return err + } + if err = stack.Initialize.Add(newServiceMetadataMiddleware_opModifyAquaConfiguration(options.Region), middleware.Before); err != nil { + return err + } + if err = addRequestIDRetrieverMiddleware(stack); err != nil { + return err + } + if err = addResponseErrorMiddleware(stack); err != nil { + return err + } + if err = addRequestResponseLogging(stack, options); err != nil { + return err + } + return nil +} + +func newServiceMetadataMiddleware_opModifyAquaConfiguration(region string) *awsmiddleware.RegisterServiceMetadata { + return &awsmiddleware.RegisterServiceMetadata{ + Region: region, + ServiceID: ServiceID, + SigningName: "redshift", + OperationName: "ModifyAquaConfiguration", + } +} diff --git a/service/redshift/api_op_RestoreFromClusterSnapshot.go b/service/redshift/api_op_RestoreFromClusterSnapshot.go index 5b1f7e99f4a..cf048ba15d0 100644 --- a/service/redshift/api_op_RestoreFromClusterSnapshot.go +++ b/service/redshift/api_op_RestoreFromClusterSnapshot.go @@ -73,6 +73,19 @@ type RestoreFromClusterSnapshotInput struct { // the Amazon Redshift engine that is running on the cluster. Default: true AllowVersionUpgrade *bool + // The value represents how the cluster is configured to use AQUA (Advanced Query + // Accelerator) after the cluster is restored. Possible values include the + // following. + // + // * enabled - Use AQUA if it is available for the current AWS Region + // and Amazon Redshift node type. + // + // * disabled - Don't use AQUA. + // + // * auto - Amazon + // Redshift determines whether to use AQUA. + AquaConfigurationStatus types.AquaConfigurationStatus + // The number of days that automated snapshots are retained. If the value is 0, // automated snapshots are disabled. Even if automated snapshots are disabled, you // can still create manual snapshots when you want with CreateClusterSnapshot. You diff --git a/service/redshift/api_op_RestoreTableFromClusterSnapshot.go b/service/redshift/api_op_RestoreTableFromClusterSnapshot.go index 8049aefd3c5..cdc00928478 100644 --- a/service/redshift/api_op_RestoreTableFromClusterSnapshot.go +++ b/service/redshift/api_op_RestoreTableFromClusterSnapshot.go @@ -67,6 +67,11 @@ type RestoreTableFromClusterSnapshotInput struct { // This member is required. SourceTableName *string + // Indicates whether name identifiers for database, schema, and table are case + // sensitive. If true, the names are case sensitive. If false (default), the names + // are not case sensitive. + EnableCaseSensitiveIdentifier *bool + // The name of the source schema that contains the table to restore from. If you do // not specify a SourceSchemaName value, the default is public. SourceSchemaName *string diff --git a/service/redshift/deserializers.go b/service/redshift/deserializers.go index e8ec65e0c4e..b0dc636cde2 100644 --- a/service/redshift/deserializers.go +++ b/service/redshift/deserializers.go @@ -8025,6 +8025,117 @@ func awsAwsquery_deserializeOpErrorGetReservedNodeExchangeOfferings(response *sm } } +type awsAwsquery_deserializeOpModifyAquaConfiguration struct { +} + +func (*awsAwsquery_deserializeOpModifyAquaConfiguration) ID() string { + return "OperationDeserializer" +} + +func (m *awsAwsquery_deserializeOpModifyAquaConfiguration) HandleDeserialize(ctx context.Context, in middleware.DeserializeInput, next middleware.DeserializeHandler) ( + out middleware.DeserializeOutput, metadata middleware.Metadata, err error, +) { + out, metadata, err = next.HandleDeserialize(ctx, in) + if err != nil { + return out, metadata, err + } + + response, ok := out.RawResponse.(*smithyhttp.Response) + if !ok { + return out, metadata, &smithy.DeserializationError{Err: fmt.Errorf("unknown transport type %T", out.RawResponse)} + } + + if response.StatusCode < 200 || response.StatusCode >= 300 { + return out, metadata, awsAwsquery_deserializeOpErrorModifyAquaConfiguration(response, &metadata) + } + output := &ModifyAquaConfigurationOutput{} + out.Result = output + + var buff [1024]byte + ringBuffer := smithyio.NewRingBuffer(buff[:]) + body := io.TeeReader(response.Body, ringBuffer) + rootDecoder := xml.NewDecoder(body) + t, err := smithyxml.FetchRootElement(rootDecoder) + if err == io.EOF { + return out, metadata, nil + } + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + return out, metadata, &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + } + + decoder := smithyxml.WrapNodeDecoder(rootDecoder, t) + t, err = decoder.GetElement("ModifyAquaConfigurationResult") + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + decoder = smithyxml.WrapNodeDecoder(decoder.Decoder, t) + err = awsAwsquery_deserializeOpDocumentModifyAquaConfigurationOutput(&output, decoder) + if err != nil { + var snapshot bytes.Buffer + io.Copy(&snapshot, ringBuffer) + err = &smithy.DeserializationError{ + Err: fmt.Errorf("failed to decode response body, %w", err), + Snapshot: snapshot.Bytes(), + } + return out, metadata, err + } + + return out, metadata, err +} + +func awsAwsquery_deserializeOpErrorModifyAquaConfiguration(response *smithyhttp.Response, metadata *middleware.Metadata) error { + var errorBuffer bytes.Buffer + if _, err := io.Copy(&errorBuffer, response.Body); err != nil { + return &smithy.DeserializationError{Err: fmt.Errorf("failed to copy error response body, %w", err)} + } + errorBody := bytes.NewReader(errorBuffer.Bytes()) + + errorCode := "UnknownError" + errorMessage := errorCode + + errorComponents, err := awsxml.GetErrorResponseComponents(errorBody, false) + if err != nil { + return err + } + if reqID := errorComponents.RequestID; len(reqID) != 0 { + awsmiddleware.SetRequestIDMetadata(metadata, reqID) + } + if len(errorComponents.Code) != 0 { + errorCode = errorComponents.Code + } + if len(errorComponents.Message) != 0 { + errorMessage = errorComponents.Message + } + errorBody.Seek(0, io.SeekStart) + switch { + case strings.EqualFold("ClusterNotFoundFault", errorCode): + return awsAwsquery_deserializeErrorClusterNotFoundFault(response, errorBody) + + case strings.EqualFold("UnsupportedOperationFault", errorCode): + return awsAwsquery_deserializeErrorUnsupportedOperationFault(response, errorBody) + + default: + genericError := &smithy.GenericAPIError{ + Code: errorCode, + Message: errorMessage, + } + return genericError + + } +} + type awsAwsquery_deserializeOpModifyCluster struct { } @@ -16574,6 +16685,68 @@ func awsAwsquery_deserializeDocumentAccountWithRestoreAccess(v **types.AccountWi return nil } +func awsAwsquery_deserializeDocumentAquaConfiguration(v **types.AquaConfiguration, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *types.AquaConfiguration + if *v == nil { + sv = &types.AquaConfiguration{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("AquaConfigurationStatus", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.AquaConfigurationStatus = types.AquaConfigurationStatus(xtv) + } + + case strings.EqualFold("AquaStatus", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.AquaStatus = types.AquaStatus(xtv) + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsAwsquery_deserializeDocumentAssociatedClusterList(v *[]types.ClusterAssociatedToSchedule, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) @@ -17418,6 +17591,12 @@ func awsAwsquery_deserializeDocumentCluster(v **types.Cluster, decoder smithyxml sv.AllowVersionUpgrade = xtv } + case strings.EqualFold("AquaConfiguration", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsAwsquery_deserializeDocumentAquaConfiguration(&sv.AquaConfiguration, nodeDecoder); err != nil { + return err + } + case strings.EqualFold("AutomatedSnapshotRetentionPeriod", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -37529,6 +37708,48 @@ func awsAwsquery_deserializeOpDocumentGetReservedNodeExchangeOfferingsOutput(v * return nil } +func awsAwsquery_deserializeOpDocumentModifyAquaConfigurationOutput(v **ModifyAquaConfigurationOutput, decoder smithyxml.NodeDecoder) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + var sv *ModifyAquaConfigurationOutput + if *v == nil { + sv = &ModifyAquaConfigurationOutput{} + } else { + sv = *v + } + + for { + t, done, err := decoder.Token() + if err != nil { + return err + } + if done { + break + } + originalDecoder := decoder + decoder = smithyxml.WrapNodeDecoder(originalDecoder.Decoder, t) + switch { + case strings.EqualFold("AquaConfiguration", t.Name.Local): + nodeDecoder := smithyxml.WrapNodeDecoder(decoder.Decoder, t) + if err := awsAwsquery_deserializeDocumentAquaConfiguration(&sv.AquaConfiguration, nodeDecoder); err != nil { + return err + } + + default: + // Do nothing and ignore the unexpected tag element + err = decoder.Decoder.Skip() + if err != nil { + return err + } + + } + decoder = originalDecoder + } + *v = sv + return nil +} + func awsAwsquery_deserializeOpDocumentModifyClusterDbRevisionOutput(v **ModifyClusterDbRevisionOutput, decoder smithyxml.NodeDecoder) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/service/redshift/serializers.go b/service/redshift/serializers.go index 3de7688a224..eed26dfdd76 100644 --- a/service/redshift/serializers.go +++ b/service/redshift/serializers.go @@ -4099,6 +4099,62 @@ func (m *awsAwsquery_serializeOpGetReservedNodeExchangeOfferings) HandleSerializ return next.HandleSerialize(ctx, in) } +type awsAwsquery_serializeOpModifyAquaConfiguration struct { +} + +func (*awsAwsquery_serializeOpModifyAquaConfiguration) ID() string { + return "OperationSerializer" +} + +func (m *awsAwsquery_serializeOpModifyAquaConfiguration) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( + out middleware.SerializeOutput, metadata middleware.Metadata, err error, +) { + request, ok := in.Request.(*smithyhttp.Request) + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown transport type %T", in.Request)} + } + + input, ok := in.Parameters.(*ModifyAquaConfigurationInput) + _ = input + if !ok { + return out, metadata, &smithy.SerializationError{Err: fmt.Errorf("unknown input parameters type %T", in.Parameters)} + } + + request.Request.URL.Path = "/" + request.Request.Method = "POST" + httpBindingEncoder, err := httpbinding.NewEncoder(request.URL.Path, request.URL.RawQuery, request.Header) + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + httpBindingEncoder.SetHeader("Content-Type").String("application/x-www-form-urlencoded") + + bodyWriter := bytes.NewBuffer(nil) + bodyEncoder := query.NewEncoder(bodyWriter) + body := bodyEncoder.Object() + body.Key("Action").String("ModifyAquaConfiguration") + body.Key("Version").String("2012-12-01") + + if err := awsAwsquery_serializeOpDocumentModifyAquaConfigurationInput(input, bodyEncoder.Value); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + err = bodyEncoder.Encode() + if err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request, err = request.SetStream(bytes.NewReader(bodyWriter.Bytes())); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + + if request.Request, err = httpBindingEncoder.Encode(request.Request); err != nil { + return out, metadata, &smithy.SerializationError{Err: err} + } + in.Request = request + + return next.HandleSerialize(ctx, in) +} + type awsAwsquery_serializeOpModifyCluster struct { } @@ -6237,6 +6293,11 @@ func awsAwsquery_serializeOpDocumentCreateClusterInput(v *CreateClusterInput, va objectKey.Boolean(*v.AllowVersionUpgrade) } + if len(v.AquaConfigurationStatus) > 0 { + objectKey := object.Key("AquaConfigurationStatus") + objectKey.String(string(v.AquaConfigurationStatus)) + } + if v.AutomatedSnapshotRetentionPeriod != nil { objectKey := object.Key("AutomatedSnapshotRetentionPeriod") objectKey.Integer(*v.AutomatedSnapshotRetentionPeriod) @@ -8128,6 +8189,23 @@ func awsAwsquery_serializeOpDocumentGetReservedNodeExchangeOfferingsInput(v *Get return nil } +func awsAwsquery_serializeOpDocumentModifyAquaConfigurationInput(v *ModifyAquaConfigurationInput, value query.Value) error { + object := value.Object() + _ = object + + if len(v.AquaConfigurationStatus) > 0 { + objectKey := object.Key("AquaConfigurationStatus") + objectKey.String(string(v.AquaConfigurationStatus)) + } + + if v.ClusterIdentifier != nil { + objectKey := object.Key("ClusterIdentifier") + objectKey.String(*v.ClusterIdentifier) + } + + return nil +} + func awsAwsquery_serializeOpDocumentModifyClusterDbRevisionInput(v *ModifyClusterDbRevisionInput, value query.Value) error { object := value.Object() _ = object @@ -8719,6 +8797,11 @@ func awsAwsquery_serializeOpDocumentRestoreFromClusterSnapshotInput(v *RestoreFr objectKey.Boolean(*v.AllowVersionUpgrade) } + if len(v.AquaConfigurationStatus) > 0 { + objectKey := object.Key("AquaConfigurationStatus") + objectKey.String(string(v.AquaConfigurationStatus)) + } + if v.AutomatedSnapshotRetentionPeriod != nil { objectKey := object.Key("AutomatedSnapshotRetentionPeriod") objectKey.Integer(*v.AutomatedSnapshotRetentionPeriod) @@ -8862,6 +8945,11 @@ func awsAwsquery_serializeOpDocumentRestoreTableFromClusterSnapshotInput(v *Rest objectKey.String(*v.ClusterIdentifier) } + if v.EnableCaseSensitiveIdentifier != nil { + objectKey := object.Key("EnableCaseSensitiveIdentifier") + objectKey.Boolean(*v.EnableCaseSensitiveIdentifier) + } + if v.NewTableName != nil { objectKey := object.Key("NewTableName") objectKey.String(*v.NewTableName) diff --git a/service/redshift/types/enums.go b/service/redshift/types/enums.go index 9b181491612..94663f25341 100644 --- a/service/redshift/types/enums.go +++ b/service/redshift/types/enums.go @@ -22,6 +22,46 @@ func (ActionType) Values() []ActionType { } } +type AquaConfigurationStatus string + +// Enum values for AquaConfigurationStatus +const ( + AquaConfigurationStatusEnabled AquaConfigurationStatus = "enabled" + AquaConfigurationStatusDisabled AquaConfigurationStatus = "disabled" + AquaConfigurationStatusAuto AquaConfigurationStatus = "auto" +) + +// Values returns all known values for AquaConfigurationStatus. Note that this can +// be expanded in the future, and so it is only as up to date as the client. The +// ordering of this slice is not guaranteed to be stable across updates. +func (AquaConfigurationStatus) Values() []AquaConfigurationStatus { + return []AquaConfigurationStatus{ + "enabled", + "disabled", + "auto", + } +} + +type AquaStatus string + +// Enum values for AquaStatus +const ( + AquaStatusEnabled AquaStatus = "enabled" + AquaStatusDisabled AquaStatus = "disabled" + AquaStatusApplying AquaStatus = "applying" +) + +// Values returns all known values for AquaStatus. Note that this can be expanded +// in the future, and so it is only as up to date as the client. The ordering of +// this slice is not guaranteed to be stable across updates. +func (AquaStatus) Values() []AquaStatus { + return []AquaStatus{ + "enabled", + "disabled", + "applying", + } +} + type AuthorizationStatus string // Enum values for AuthorizationStatus diff --git a/service/redshift/types/types.go b/service/redshift/types/types.go index 4a8c8607634..19e779cbdc6 100644 --- a/service/redshift/types/types.go +++ b/service/redshift/types/types.go @@ -27,6 +27,33 @@ type AccountWithRestoreAccess struct { AccountId *string } +// The AQUA (Advanced Query Accelerator) configuration of the cluster. +type AquaConfiguration struct { + + // The value represents how the cluster is configured to use AQUA. Possible values + // include the following. + // + // * enabled - Use AQUA if it is available for the current + // AWS Region and Amazon Redshift node type. + // + // * disabled - Don't use AQUA. + // + // * auto + // - Amazon Redshift determines whether to use AQUA. + AquaConfigurationStatus AquaConfigurationStatus + + // The value indicates the status of AQUA on the cluster. Possible values include + // the following. + // + // * enabled - AQUA is enabled. + // + // * disabled - AQUA is not + // enabled. + // + // * applying - AQUA status is being applied. + AquaStatus AquaStatus +} + // Describes an attribute value. type AttributeValueTarget struct { @@ -51,6 +78,9 @@ type Cluster struct { // applied automatically to the cluster during the maintenance window. AllowVersionUpgrade bool + // The AQUA (Advanced Query Accelerator) configuration of the cluster. + AquaConfiguration *AquaConfiguration + // The number of days that automatic cluster snapshots are retained. AutomatedSnapshotRetentionPeriod int32 diff --git a/service/redshift/validators.go b/service/redshift/validators.go index 3e6e295ba67..1a1fe061ca9 100644 --- a/service/redshift/validators.go +++ b/service/redshift/validators.go @@ -970,6 +970,26 @@ func (m *validateOpGetReservedNodeExchangeOfferings) HandleInitialize(ctx contex return next.HandleInitialize(ctx, in) } +type validateOpModifyAquaConfiguration struct { +} + +func (*validateOpModifyAquaConfiguration) ID() string { + return "OperationInputValidation" +} + +func (m *validateOpModifyAquaConfiguration) HandleInitialize(ctx context.Context, in middleware.InitializeInput, next middleware.InitializeHandler) ( + out middleware.InitializeOutput, metadata middleware.Metadata, err error, +) { + input, ok := in.Parameters.(*ModifyAquaConfigurationInput) + if !ok { + return out, metadata, fmt.Errorf("unknown input parameters type %T", in.Parameters) + } + if err := validateOpModifyAquaConfigurationInput(input); err != nil { + return out, metadata, err + } + return next.HandleInitialize(ctx, in) +} + type validateOpModifyClusterDbRevision struct { } @@ -1662,6 +1682,10 @@ func addOpGetReservedNodeExchangeOfferingsValidationMiddleware(stack *middleware return stack.Initialize.Add(&validateOpGetReservedNodeExchangeOfferings{}, middleware.After) } +func addOpModifyAquaConfigurationValidationMiddleware(stack *middleware.Stack) error { + return stack.Initialize.Add(&validateOpModifyAquaConfiguration{}, middleware.After) +} + func addOpModifyClusterDbRevisionValidationMiddleware(stack *middleware.Stack) error { return stack.Initialize.Add(&validateOpModifyClusterDbRevision{}, middleware.After) } @@ -2752,6 +2776,21 @@ func validateOpGetReservedNodeExchangeOfferingsInput(v *GetReservedNodeExchangeO } } +func validateOpModifyAquaConfigurationInput(v *ModifyAquaConfigurationInput) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "ModifyAquaConfigurationInput"} + if v.ClusterIdentifier == nil { + invalidParams.Add(smithy.NewErrParamRequired("ClusterIdentifier")) + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + func validateOpModifyClusterDbRevisionInput(v *ModifyClusterDbRevisionInput) error { if v == nil { return nil diff --git a/service/s3/internal/configtesting/go.mod b/service/s3/internal/configtesting/go.mod index c2cc78d8d22..153ee9183e5 100644 --- a/service/s3/internal/configtesting/go.mod +++ b/service/s3/internal/configtesting/go.mod @@ -5,12 +5,6 @@ go 1.15 require ( github.com/aws/aws-sdk-go-v2/config v1.1.5 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.2.2 - github.com/aws/aws-sdk-go-v2 v1.3.2 - github.com/aws/aws-sdk-go-v2/credentials v1.1.5 - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.0.6 - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.0.6 - github.com/aws/aws-sdk-go-v2/service/sso v1.1.5 - github.com/aws/aws-sdk-go-v2/service/sts v1.2.2 ) replace ( diff --git a/service/shield/deserializers.go b/service/shield/deserializers.go index 8ebc440bdfc..f338c0f6386 100644 --- a/service/shield/deserializers.go +++ b/service/shield/deserializers.go @@ -627,6 +627,9 @@ func awsAwsjson11_deserializeOpErrorCreateProtection(response *smithyhttp.Respon case strings.EqualFold("InvalidOperationException", errorCode): return awsAwsjson11_deserializeErrorInvalidOperationException(response, errorBody) + case strings.EqualFold("InvalidParameterException", errorCode): + return awsAwsjson11_deserializeErrorInvalidParameterException(response, errorBody) + case strings.EqualFold("InvalidResourceException", errorCode): return awsAwsjson11_deserializeErrorInvalidResourceException(response, errorBody) diff --git a/service/shield/types/errors.go b/service/shield/types/errors.go index cb35a650e6d..6877e250e4e 100644 --- a/service/shield/types/errors.go +++ b/service/shield/types/errors.go @@ -144,9 +144,7 @@ func (e *InvalidResourceException) ErrorMessage() string { func (e *InvalidResourceException) ErrorCode() string { return "InvalidResourceException" } func (e *InvalidResourceException) ErrorFault() smithy.ErrorFault { return smithy.FaultClient } -// Exception that indicates that the operation would exceed a limit. Type is the -// type of limit that would be exceeded. Limit is the threshold that would be -// exceeded. +// Exception that indicates that the operation would exceed a limit. type LimitsExceededException struct { Message *string diff --git a/service/sts/api_op_AssumeRole.go b/service/sts/api_op_AssumeRole.go index a37c514bc48..ccebe727bca 100644 --- a/service/sts/api_op_AssumeRole.go +++ b/service/sts/api_op_AssumeRole.go @@ -20,38 +20,15 @@ import ( // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) // and Comparing the AWS STS API operations // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) -// in the IAM User Guide. You cannot use AWS account root user credentials to call -// AssumeRole. You must use credentials for an IAM user or an IAM role to call -// AssumeRole. For cross-account access, imagine that you own multiple accounts and -// need to access resources in each account. You could create long-term credentials -// in each account to access those resources. However, managing all those -// credentials and remembering which one can access which account can be time -// consuming. Instead, you can create one set of long-term credentials in one -// account. Then use temporary security credentials to access all the other -// accounts by assuming roles in those accounts. For more information about roles, -// see IAM Roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) -// in the IAM User Guide. Session Duration By default, the temporary security -// credentials created by AssumeRole last for one hour. However, you can use the -// optional DurationSeconds parameter to specify the duration of your session. You -// can provide a value from 900 seconds (15 minutes) up to the maximum session -// duration setting for the role. This setting can have a value from 1 hour to 12 -// hours. To learn how to view the maximum value for your role, see View the -// Maximum Session Duration Setting for a Role -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session) -// in the IAM User Guide. The maximum session duration limit applies when you use -// the AssumeRole* API operations or the assume-role* CLI commands. However the -// limit does not apply when you use those operations to create a console URL. For -// more information, see Using IAM Roles -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM -// User Guide. Permissions The temporary security credentials created by AssumeRole -// can be used to make API calls to any AWS service with the following exception: -// You cannot call the AWS STS GetFederationToken or GetSessionToken API +// in the IAM User Guide. Permissions The temporary security credentials created by +// AssumeRole can be used to make API calls to any AWS service with the following +// exception: You cannot call the AWS STS GetFederationToken or GetSessionToken API // operations. (Optional) You can pass inline or managed session policies // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to use as -// managed session policies. The plain text that you use for both inline and -// managed session policies can't exceed 2,048 characters. Passing policies to this +// managed session policies. The plaintext that you use for both inline and managed +// session policies can't exceed 2,048 characters. Passing policies to this // operation returns new temporary credentials. The resulting session's permissions // are the intersection of the role's identity-based policy and the session // policies. You can use the role's temporary credentials in subsequent AWS API @@ -146,10 +123,11 @@ type AssumeRoleInput struct { // This member is required. RoleSessionName *string - // The duration, in seconds, of the role session. The value can range from 900 - // seconds (15 minutes) up to the maximum session duration setting for the role. - // This setting can have a value from 1 hour to 12 hours. If you specify a value - // higher than this setting, the operation fails. For example, if you specify a + // The duration, in seconds, of the role session. The value specified can can range + // from 900 seconds (15 minutes) up to the maximum session duration that is set for + // the role. The maximum session duration setting can have a value from 1 hour to + // 12 hours. If you specify a value higher than this setting or the administrator + // setting (whichever is lower), the operation fails. For example, if you specify a // session duration of 12 hours, but your administrator set the maximum session // duration to 6 hours, your operation fails. To learn how to view the maximum // value for your role, see View the Maximum Session Duration Setting for a Role @@ -191,14 +169,14 @@ type AssumeRoleInput struct { // permissions than those allowed by the identity-based policy of the role that is // being assumed. For more information, see Session Policies // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. The plain text that you use for both inline and managed + // in the IAM User Guide. The plaintext that you use for both inline and managed // session policies can't exceed 2,048 characters. The JSON policy characters can // be any ASCII character from the space character to the end of the valid // character list (\u0020 through \u00FF). It can also include the tab (\u0009), // linefeed (\u000A), and carriage return (\u000D) characters. An AWS conversion // compresses the passed session policies and session tags into a packed binary // format that has a separate limit. Your request can fail for this limit even if - // your plain text meets the other requirements. The PackedPolicySize response + // your plaintext meets the other requirements. The PackedPolicySize response // element indicates by percentage how close the policies and tags for your request // are to the upper size limit. Policy *string @@ -206,13 +184,13 @@ type AssumeRoleInput struct { // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to // use as managed session policies. The policies must exist in the same account as // the role. This parameter is optional. You can provide up to 10 managed policy - // ARNs. However, the plain text that you use for both inline and managed session + // ARNs. However, the plaintext that you use for both inline and managed session // policies can't exceed 2,048 characters. For more information about ARNs, see // Amazon Resource Names (ARNs) and AWS Service Namespaces // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in // the AWS General Reference. An AWS conversion compresses the passed session // policies and session tags into a packed binary format that has a separate limit. - // Your request can fail for this limit even if your plain text meets the other + // Your request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. // Passing policies to this operation returns new temporary credentials. The @@ -237,18 +215,34 @@ type AssumeRoleInput struct { // following characters: =,.@- SerialNumber *string + // The source identity specified by the principal that is calling the AssumeRole + // operation. You can require users to specify a source identity when they assume a + // role. You do this by using the sts:SourceIdentity condition key in a role trust + // policy. You can use source identity information in AWS CloudTrail logs to + // determine who took actions with a role. You can use the aws:SourceIdentity + // condition key to further control access to AWS resources based on the value of + // source identity. For more information about using source identity, see Monitor + // and control actions taken with assumed roles + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. The regex used to validate this parameter is a string of + // characters consisting of upper- and lower-case alphanumeric characters with no + // spaces. You can also include underscores or any of the following characters: + // =,.@-. You cannot use a value that begins with the text aws:. This prefix is + // reserved for AWS internal use. + SourceIdentity *string + // A list of session tags that you want to pass. Each session tag consists of a key // name and an associated value. For more information about session tags, see // Tagging AWS STS Sessions // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the // IAM User Guide. This parameter is optional. You can pass up to 50 session tags. - // The plain text session tag keys can’t exceed 128 characters, and the values - // can’t exceed 256 characters. For these and additional limits, see IAM and STS + // The plaintext session tag keys can’t exceed 128 characters, and the values can’t + // exceed 256 characters. For these and additional limits, see IAM and STS // Character Limits // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. An AWS conversion compresses the passed session policies // and session tags into a packed binary format that has a separate limit. Your - // request can fail for this limit even if your plain text meets the other + // request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. You // can pass a session tag with the same key as a tag that is already attached to @@ -268,11 +262,11 @@ type AssumeRoleInput struct { Tags []types.Tag // The value provided by the MFA device, if the trust policy of the role being - // assumed requires MFA (that is, if the policy includes a condition that tests for - // MFA). If the role being assumed requires MFA and if the TokenCode value is - // missing or expired, the AssumeRole call returns an "access denied" error. The - // format for this parameter, as described by its regex pattern, is a sequence of - // six numeric digits. + // assumed requires MFA. (In other words, if the policy includes a condition that + // tests for MFA). If the role being assumed requires MFA and if the TokenCode + // value is missing or expired, the AssumeRole call returns an "access denied" + // error. The format for this parameter, as described by its regex pattern, is a + // sequence of six numeric digits. TokenCode *string // A list of keys for session tags that you want to set as transitive. If you set a @@ -310,6 +304,21 @@ type AssumeRoleOutput struct { // allowed space. PackedPolicySize *int32 + // The source identity specified by the principal that is calling the AssumeRole + // operation. You can require users to specify a source identity when they assume a + // role. You do this by using the sts:SourceIdentity condition key in a role trust + // policy. You can use source identity information in AWS CloudTrail logs to + // determine who took actions with a role. You can use the aws:SourceIdentity + // condition key to further control access to AWS resources based on the value of + // source identity. For more information about using source identity, see Monitor + // and control actions taken with assumed roles + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. The regex used to validate this parameter is a string of + // characters consisting of upper- and lower-case alphanumeric characters with no + // spaces. You can also include underscores or any of the following characters: + // =,.@- + SourceIdentity *string + // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata } diff --git a/service/sts/api_op_AssumeRoleWithSAML.go b/service/sts/api_op_AssumeRoleWithSAML.go index 8e7690be952..fb8f6e687f2 100644 --- a/service/sts/api_op_AssumeRoleWithSAML.go +++ b/service/sts/api_op_AssumeRoleWithSAML.go @@ -38,7 +38,15 @@ import ( // limit does not apply when you use those operations to create a console URL. For // more information, see Using IAM Roles // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html) in the IAM -// User Guide. Permissions The temporary security credentials created by +// User Guide. Role chaining +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) +// limits your AWS CLI or AWS API role session to a maximum of one hour. When you +// use the AssumeRole API operation to assume a role, you can specify the duration +// of your role session with the DurationSeconds parameter. You can specify a +// parameter value of up to 43200 seconds (12 hours), depending on the maximum +// session duration setting for your role. However, if you assume a role using role +// chaining and provide a DurationSeconds parameter value greater than one hour, +// the operation fails. Permissions The temporary security credentials created by // AssumeRoleWithSAML can be used to make API calls to any AWS service with the // following exception: you cannot call the STS GetFederationToken or // GetSessionToken API operations. (Optional) You can pass inline or managed @@ -46,8 +54,8 @@ import ( // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to use as -// managed session policies. The plain text that you use for both inline and -// managed session policies can't exceed 2,048 characters. Passing policies to this +// managed session policies. The plaintext that you use for both inline and managed +// session policies can't exceed 2,048 characters. Passing policies to this // operation returns new temporary credentials. The resulting session's permissions // are the intersection of the role's identity-based policy and the session // policies. You can use the role's temporary credentials in subsequent AWS API @@ -69,13 +77,13 @@ import ( // Each session tag consists of a key name and an associated value. For more // information about session tags, see Passing Session Tags in STS // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the -// IAM User Guide. You can pass up to 50 session tags. The plain text session tag +// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag // keys can’t exceed 128 characters and the values can’t exceed 256 characters. For // these and additional limits, see IAM and STS Character Limits // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. An AWS conversion compresses the passed session policies // and session tags into a packed binary format that has a separate limit. Your -// request can fail for this limit even if your plain text meets the other +// request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. You // can pass a session tag with the same key as a tag that is attached to the role. @@ -140,7 +148,7 @@ type AssumeRoleWithSAMLInput struct { // This member is required. RoleArn *string - // The base-64 encoded SAML authentication response provided by the IdP. For more + // The base64 encoded SAML authentication response provided by the IdP. For more // information, see Configuring a Relying Party and Adding Claims // (https://docs.aws.amazon.com/IAM/latest/UserGuide/create-role-saml-IdP-tasks.html) // in the IAM User Guide. @@ -179,14 +187,14 @@ type AssumeRoleWithSAMLInput struct { // permissions than those allowed by the identity-based policy of the role that is // being assumed. For more information, see Session Policies // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. The plain text that you use for both inline and managed + // in the IAM User Guide. The plaintext that you use for both inline and managed // session policies can't exceed 2,048 characters. The JSON policy characters can // be any ASCII character from the space character to the end of the valid // character list (\u0020 through \u00FF). It can also include the tab (\u0009), // linefeed (\u000A), and carriage return (\u000D) characters. An AWS conversion // compresses the passed session policies and session tags into a packed binary // format that has a separate limit. Your request can fail for this limit even if - // your plain text meets the other requirements. The PackedPolicySize response + // your plaintext meets the other requirements. The PackedPolicySize response // element indicates by percentage how close the policies and tags for your request // are to the upper size limit. Policy *string @@ -194,13 +202,13 @@ type AssumeRoleWithSAMLInput struct { // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to // use as managed session policies. The policies must exist in the same account as // the role. This parameter is optional. You can provide up to 10 managed policy - // ARNs. However, the plain text that you use for both inline and managed session + // ARNs. However, the plaintext that you use for both inline and managed session // policies can't exceed 2,048 characters. For more information about ARNs, see // Amazon Resource Names (ARNs) and AWS Service Namespaces // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in // the AWS General Reference. An AWS conversion compresses the passed session // policies and session tags into a packed binary format that has a separate limit. - // Your request can fail for this limit even if your plain text meets the other + // Your request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. // Passing policies to this operation returns new temporary credentials. The @@ -236,12 +244,20 @@ type AssumeRoleWithSAMLOutput struct { // The value of the Issuer element of the SAML assertion. Issuer *string - // A hash value based on the concatenation of the Issuer response value, the AWS - // account ID, and the friendly name (the last part of the ARN) of the SAML - // provider in IAM. The combination of NameQualifier and Subject can be used to - // uniquely identify a federated user. The following pseudocode shows how the hash - // value is calculated: BASE64 ( SHA1 ( "https://example.com/saml" + "123456789012" - // + "/MySAMLIdP" ) ) + // A hash value based on the concatenation of the following: + // + // * The Issuer response + // value. + // + // * The AWS account ID. + // + // * The friendly name (the last part of the ARN) of + // the SAML provider in IAM. + // + // The combination of NameQualifier and Subject can be + // used to uniquely identify a federated user. The following pseudocode shows how + // the hash value is calculated: BASE64 ( SHA1 ( "https://example.com/saml" + + // "123456789012" + "/MySAMLIdP" ) ) NameQualifier *string // A percentage value that indicates the packed size of the session policies and @@ -250,6 +266,26 @@ type AssumeRoleWithSAMLOutput struct { // allowed space. PackedPolicySize *int32 + // The value in the SourceIdentity attribute in the SAML assertion. You can require + // users to set a source identity value when they assume a role. You do this by + // using the sts:SourceIdentity condition key in a role trust policy. That way, + // actions that are taken with the role are associated with that user. After the + // source identity is set, the value cannot be changed. It is present in the + // request for all actions that are taken by the role and persists across chained + // role + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) + // sessions. You can configure your SAML identity provider to use an attribute + // associated with your users, like user name or email, as the source identity when + // calling AssumeRoleWithSAML. You do this by adding an attribute to the SAML + // assertion. For more information about using source identity, see Monitor and + // control actions taken with assumed roles + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. The regex used to validate this parameter is a string of + // characters consisting of upper- and lower-case alphanumeric characters with no + // spaces. You can also include underscores or any of the following characters: + // =,.@- + SourceIdentity *string + // The value of the NameID element in the Subject element of the SAML assertion. Subject *string diff --git a/service/sts/api_op_AssumeRoleWithWebIdentity.go b/service/sts/api_op_AssumeRoleWithWebIdentity.go index aaaa8a04102..030667183f4 100644 --- a/service/sts/api_op_AssumeRoleWithWebIdentity.go +++ b/service/sts/api_op_AssumeRoleWithWebIdentity.go @@ -59,8 +59,8 @@ import ( // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to use as -// managed session policies. The plain text that you use for both inline and -// managed session policies can't exceed 2,048 characters. Passing policies to this +// managed session policies. The plaintext that you use for both inline and managed +// session policies can't exceed 2,048 characters. Passing policies to this // operation returns new temporary credentials. The resulting session's permissions // are the intersection of the role's identity-based policy and the session // policies. You can use the role's temporary credentials in subsequent AWS API @@ -74,13 +74,13 @@ import ( // consists of a key name and an associated value. For more information about // session tags, see Passing Session Tags in STS // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the -// IAM User Guide. You can pass up to 50 session tags. The plain text session tag +// IAM User Guide. You can pass up to 50 session tags. The plaintext session tag // keys can’t exceed 128 characters and the values can’t exceed 256 characters. For // these and additional limits, see IAM and STS Character Limits // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. An AWS conversion compresses the passed session policies // and session tags into a packed binary format that has a separate limit. Your -// request can fail for this limit even if your plain text meets the other +// request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. You // can pass a session tag with the same key as a tag that is attached to the role. @@ -102,7 +102,7 @@ import ( // be specified in the role's trust policy. Calling AssumeRoleWithWebIdentity can // result in an entry in your AWS CloudTrail logs. The entry includes the Subject // (http://openid.net/specs/openid-connect-core-1_0.html#Claims) of the provided -// Web Identity Token. We recommend that you avoid using any personally +// web identity token. We recommend that you avoid using any personally // identifiable information (PII) in this field. For example, you could instead use // a GUID or a pairwise identifier, as suggested in the OIDC specification // (http://openid.net/specs/openid-connect-core-1_0.html#SubjectIDTypes). For more @@ -203,14 +203,14 @@ type AssumeRoleWithWebIdentityInput struct { // permissions than those allowed by the identity-based policy of the role that is // being assumed. For more information, see Session Policies // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) - // in the IAM User Guide. The plain text that you use for both inline and managed + // in the IAM User Guide. The plaintext that you use for both inline and managed // session policies can't exceed 2,048 characters. The JSON policy characters can // be any ASCII character from the space character to the end of the valid // character list (\u0020 through \u00FF). It can also include the tab (\u0009), // linefeed (\u000A), and carriage return (\u000D) characters. An AWS conversion // compresses the passed session policies and session tags into a packed binary // format that has a separate limit. Your request can fail for this limit even if - // your plain text meets the other requirements. The PackedPolicySize response + // your plaintext meets the other requirements. The PackedPolicySize response // element indicates by percentage how close the policies and tags for your request // are to the upper size limit. Policy *string @@ -218,13 +218,13 @@ type AssumeRoleWithWebIdentityInput struct { // The Amazon Resource Names (ARNs) of the IAM managed policies that you want to // use as managed session policies. The policies must exist in the same account as // the role. This parameter is optional. You can provide up to 10 managed policy - // ARNs. However, the plain text that you use for both inline and managed session + // ARNs. However, the plaintext that you use for both inline and managed session // policies can't exceed 2,048 characters. For more information about ARNs, see // Amazon Resource Names (ARNs) and AWS Service Namespaces // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in // the AWS General Reference. An AWS conversion compresses the passed session // policies and session tags into a packed binary format that has a separate limit. - // Your request can fail for this limit even if your plain text meets the other + // Your request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. // Passing policies to this operation returns new temporary credentials. The @@ -280,6 +280,29 @@ type AssumeRoleWithWebIdentityOutput struct { // AssumeRoleWithWebIdentity request. Provider *string + // The value of the source identity that is returned in the JSON web token (JWT) + // from the identity provider. You can require users to set a source identity value + // when they assume a role. You do this by using the sts:SourceIdentity condition + // key in a role trust policy. That way, actions that are taken with the role are + // associated with that user. After the source identity is set, the value cannot be + // changed. It is present in the request for all actions that are taken by the role + // and persists across chained role + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts#iam-term-role-chaining) + // sessions. You can configure your identity provider to use an attribute + // associated with your users, like user name or email, as the source identity when + // calling AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web + // token. To learn more about OIDC tokens and claims, see Using Tokens with User + // Pools + // (https://docs.aws.amazon.com/cognito/latest/developerguide/amazon-cognito-user-pools-using-tokens-with-identity-providers.html) + // in the Amazon Cognito Developer Guide. For more information about using source + // identity, see Monitor and control actions taken with assumed roles + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // in the IAM User Guide. The regex used to validate this parameter is a string of + // characters consisting of upper- and lower-case alphanumeric characters with no + // spaces. You can also include underscores or any of the following characters: + // =,.@- + SourceIdentity *string + // The unique user identifier that is returned by the identity provider. This // identifier is associated with the WebIdentityToken that was submitted with the // AssumeRoleWithWebIdentity call. The identifier is typically unique to the user diff --git a/service/sts/api_op_GetFederationToken.go b/service/sts/api_op_GetFederationToken.go index 415352578e1..9f22fafd6b6 100644 --- a/service/sts/api_op_GetFederationToken.go +++ b/service/sts/api_op_GetFederationToken.go @@ -55,6 +55,60 @@ import ( // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to use as +// managed session policies. The plaintext that you use for both inline and managed +// session policies can't exceed 2,048 characters. Though the session policy +// parameters are optional, if you do not pass a policy, then the resulting +// federated user session has no permissions. When you pass session policies, the +// session permissions are the intersection of the IAM user policies and the +// session policies that you pass. This gives you a way to further restrict the +// permissions for a federated user. You cannot use session policies to grant more +// permissions than those that are defined in the permissions policy of the IAM +// user. For more information, see Session Policies +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// in the IAM User Guide. For information about using GetFederationToken to create +// temporary security credentials, see GetFederationToken—Federation Through a +// Custom Identity Broker +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getfederationtoken). +// You can use the credentials to access a resource that has a resource-based +// policy. If that policy specifically references the federated user session in the +// Principal element of the policy, the session has the permissions allowed by the +// policy. These permissions are granted in addition to the permissions granted by +// the session policies. Tags (Optional) You can pass tag key-value pairs to your +// session. These are called session tags. For more information about session tags, +// see Passing Session Tags in STS +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the +// IAM User Guide. You can create a mobile-based or browser-based app that can +// authenticate users using a web identity provider like Login with Amazon, +// Facebook, Google, or an OpenID Connect-compatible identity provider. In this +// case, we recommend that you use Amazon Cognito (http://aws.amazon.com/cognito/) +// or AssumeRoleWithWebIdentity. For more information, see Federation Through a +// Web-based Identity Provider +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity) +// in the IAM User Guide. You can also call GetFederationToken using the security +// credentials of an AWS account root user, but we do not recommend it. Instead, we +// recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only the +// actions and resources that they need to access. For more information, see IAM +// Best Practices +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) in the +// IAM User Guide. Session duration The temporary credentials are valid for the +// specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 +// seconds (36 hours). The default session duration is 43,200 seconds (12 hours). +// Temporary credentials that are obtained by using AWS account root user +// credentials have a maximum duration of 3,600 seconds (1 hour). Permissions You +// can use the temporary credentials created by GetFederationToken in any AWS +// service except the following: +// +// * You cannot call any IAM operations using the +// AWS CLI or the AWS API. +// +// * You cannot call any STS operations except +// GetCallerIdentity. +// +// You must pass an inline or managed session policy +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// to this operation. You can pass a single JSON policy document to use as an +// inline session policy. You can also specify up to 10 managed policies to use as // managed session policies. The plain text that you use for both inline and // managed session policies can't exceed 2,048 characters. Though the session // policy parameters are optional, if you do not pass a policy, then the resulting @@ -142,13 +196,13 @@ type GetFederationTokenInput struct { // references the federated user session in the Principal element of the policy, // the session has the permissions allowed by the policy. These permissions are // granted in addition to the permissions that are granted by the session policies. - // The plain text that you use for both inline and managed session policies can't + // The plaintext that you use for both inline and managed session policies can't // exceed 2,048 characters. The JSON policy characters can be any ASCII character // from the space character to the end of the valid character list (\u0020 through // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. An AWS conversion compresses the passed session // policies and session tags into a packed binary format that has a separate limit. - // Your request can fail for this limit even if your plain text meets the other + // Your request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. Policy *string @@ -160,10 +214,10 @@ type GetFederationTokenInput struct { // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an // inline session policy. You can also specify up to 10 managed policies to use as - // managed session policies. The plain text that you use for both inline and - // managed session policies can't exceed 2,048 characters. You can provide up to 10 - // managed policy ARNs. For more information about ARNs, see Amazon Resource Names - // (ARNs) and AWS Service Namespaces + // managed session policies. The plaintext that you use for both inline and managed + // session policies can't exceed 2,048 characters. You can provide up to 10 managed + // policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) + // and AWS Service Namespaces // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in // the AWS General Reference. This parameter is optional. However, if you do not // pass any session policies, then the resulting federated user session has no @@ -181,7 +235,7 @@ type GetFederationTokenInput struct { // granted in addition to the permissions that are granted by the session policies. // An AWS conversion compresses the passed session policies and session tags into a // packed binary format that has a separate limit. Your request can fail for this - // limit even if your plain text meets the other requirements. The PackedPolicySize + // limit even if your plaintext meets the other requirements. The PackedPolicySize // response element indicates by percentage how close the policies and tags for // your request are to the upper size limit. PolicyArns []types.PolicyDescriptorType @@ -191,13 +245,13 @@ type GetFederationTokenInput struct { // Tags in STS // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in the // IAM User Guide. This parameter is optional. You can pass up to 50 session tags. - // The plain text session tag keys can’t exceed 128 characters and the values can’t + // The plaintext session tag keys can’t exceed 128 characters and the values can’t // exceed 256 characters. For these and additional limits, see IAM and STS // Character Limits // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. An AWS conversion compresses the passed session policies // and session tags into a packed binary format that has a separate limit. Your - // request can fail for this limit even if your plain text meets the other + // request can fail for this limit even if your plaintext meets the other // requirements. The PackedPolicySize response element indicates by percentage how // close the policies and tags for your request are to the upper size limit. You // can pass a session tag with the same key as a tag that is already attached to diff --git a/service/sts/deserializers.go b/service/sts/deserializers.go index cfa3c38c6ae..acde57c024a 100644 --- a/service/sts/deserializers.go +++ b/service/sts/deserializers.go @@ -1939,6 +1939,19 @@ func awsAwsquery_deserializeOpDocumentAssumeRoleOutput(v **AssumeRoleOutput, dec sv.PackedPolicySize = ptr.Int32(int32(i64)) } + case strings.EqualFold("SourceIdentity", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.SourceIdentity = ptr.String(xtv) + } + default: // Do nothing and ignore the unexpected tag element err = decoder.Decoder.Skip() @@ -2043,6 +2056,19 @@ func awsAwsquery_deserializeOpDocumentAssumeRoleWithSAMLOutput(v **AssumeRoleWit sv.PackedPolicySize = ptr.Int32(int32(i64)) } + case strings.EqualFold("SourceIdentity", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.SourceIdentity = ptr.String(xtv) + } + case strings.EqualFold("Subject", t.Name.Local): val, err := decoder.Value() if err != nil { @@ -2160,6 +2186,19 @@ func awsAwsquery_deserializeOpDocumentAssumeRoleWithWebIdentityOutput(v **Assume sv.Provider = ptr.String(xtv) } + case strings.EqualFold("SourceIdentity", t.Name.Local): + val, err := decoder.Value() + if err != nil { + return err + } + if val == nil { + break + } + { + xtv := string(val) + sv.SourceIdentity = ptr.String(xtv) + } + case strings.EqualFold("SubjectFromWebIdentityToken", t.Name.Local): val, err := decoder.Value() if err != nil { diff --git a/service/sts/serializers.go b/service/sts/serializers.go index b224780f2ed..cc823c10562 100644 --- a/service/sts/serializers.go +++ b/service/sts/serializers.go @@ -570,6 +570,11 @@ func awsAwsquery_serializeOpDocumentAssumeRoleInput(v *AssumeRoleInput, value qu objectKey.String(*v.SerialNumber) } + if v.SourceIdentity != nil { + objectKey := object.Key("SourceIdentity") + objectKey.String(*v.SourceIdentity) + } + if v.Tags != nil { objectKey := object.Key("Tags") if err := awsAwsquery_serializeDocumentTagListType(v.Tags, objectKey); err != nil {