From 360c58a5df49fb4b631396d0ede689ba12179e2d Mon Sep 17 00:00:00 2001 From: aws-sdk-go-automation <43143561+aws-sdk-go-automation@users.noreply.github.com> Date: Wed, 30 Mar 2022 13:08:18 -0700 Subject: [PATCH] Release v1.43.29 (2022-03-30) (#4342) Release v1.43.29 (2022-03-30) === ### Service Client Updates * `service/ec2`: Updates service API and documentation * This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default * `service/fms`: Updates service API, documentation, and paginators * `service/fsx`: Updates service API and documentation * `service/iot`: Updates service documentation * Doc only update for IoT that fixes customer-reported issues. * `service/iot-data`: Updates service API and documentation --- CHANGELOG.md | 12 + aws/version.go | 2 +- models/apis/ec2/2016-11-15/api-2.json | 89 +- models/apis/ec2/2016-11-15/docs-2.json | 60 +- models/apis/fms/2018-01-01/api-2.json | 229 ++- models/apis/fms/2018-01-01/docs-2.json | 162 +- models/apis/fms/2018-01-01/paginators-1.json | 6 + models/apis/fsx/2018-03-01/api-2.json | 3 +- models/apis/fsx/2018-03-01/docs-2.json | 23 +- models/apis/iot-data/2015-05-28/api-2.json | 2 +- models/apis/iot-data/2015-05-28/docs-2.json | 8 +- models/apis/iot-data/2015-05-28/smoke.json | 14 + models/apis/iot/2015-05-28/docs-2.json | 26 +- service/ec2/api.go | 389 ++++- service/ec2/ec2iface/interface.go | 4 + service/fms/api.go | 1538 ++++++++++++++++-- service/fms/fmsiface/interface.go | 19 + service/fsx/api.go | 119 +- service/iot/api.go | 58 +- service/iotdataplane/api.go | 14 +- service/iotdataplane/service.go | 2 +- 21 files changed, 2545 insertions(+), 234 deletions(-) create mode 100644 models/apis/iot-data/2015-05-28/smoke.json diff --git a/CHANGELOG.md b/CHANGELOG.md index bcf45aaf620..7e56481b814 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +Release v1.43.29 (2022-03-30) +=== + +### Service Client Updates +* `service/ec2`: Updates service API and documentation + * This release simplifies the auto-recovery configuration process enabling customers to set the recovery behavior to disabled or default +* `service/fms`: Updates service API, documentation, and paginators +* `service/fsx`: Updates service API and documentation +* `service/iot`: Updates service documentation + * Doc only update for IoT that fixes customer-reported issues. +* `service/iot-data`: Updates service API and documentation + Release v1.43.28 (2022-03-29) === diff --git a/aws/version.go b/aws/version.go index 196c88493e5..3add42273d7 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.43.28" +const SDKVersion = "1.43.29" diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 066614d7a8d..29ff8e14627 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -3752,6 +3752,15 @@ "input":{"shape":"ModifyInstanceEventWindowRequest"}, "output":{"shape":"ModifyInstanceEventWindowResult"} }, + "ModifyInstanceMaintenanceOptions":{ + "name":"ModifyInstanceMaintenanceOptions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyInstanceMaintenanceOptionsRequest"}, + "output":{"shape":"ModifyInstanceMaintenanceOptionsResult"} + }, "ModifyInstanceMetadataOptions":{ "name":"ModifyInstanceMetadataOptions", "http":{ @@ -22355,6 +22364,10 @@ "Ipv6Address":{ "shape":"String", "locationName":"ipv6Address" + }, + "MaintenanceOptions":{ + "shape":"InstanceMaintenanceOptions", + "locationName":"maintenanceOptions" } } }, @@ -22447,6 +22460,13 @@ "enclaveOptions" ] }, + "InstanceAutoRecoveryState":{ + "type":"string", + "enum":[ + "disabled", + "default" + ] + }, "InstanceBlockDeviceMapping":{ "type":"structure", "members":{ @@ -22896,6 +22916,21 @@ "locationName":"item" } }, + "InstanceMaintenanceOptions":{ + "type":"structure", + "members":{ + "AutoRecovery":{ + "shape":"InstanceAutoRecoveryState", + "locationName":"autoRecovery" + } + } + }, + "InstanceMaintenanceOptionsRequest":{ + "type":"structure", + "members":{ + "AutoRecovery":{"shape":"InstanceAutoRecoveryState"} + } + }, "InstanceMarketOptionsRequest":{ "type":"structure", "members":{ @@ -25518,6 +25553,13 @@ } } }, + "LaunchTemplateAutoRecoveryState":{ + "type":"string", + "enum":[ + "default", + "disabled" + ] + }, "LaunchTemplateBlockDeviceMapping":{ "type":"structure", "members":{ @@ -25787,6 +25829,21 @@ "locationName":"item" } }, + "LaunchTemplateInstanceMaintenanceOptions":{ + "type":"structure", + "members":{ + "AutoRecovery":{ + "shape":"LaunchTemplateAutoRecoveryState", + "locationName":"autoRecovery" + } + } + }, + "LaunchTemplateInstanceMaintenanceOptionsRequest":{ + "type":"structure", + "members":{ + "AutoRecovery":{"shape":"LaunchTemplateAutoRecoveryState"} + } + }, "LaunchTemplateInstanceMarketOptions":{ "type":"structure", "members":{ @@ -27453,6 +27510,28 @@ } } }, + "ModifyInstanceMaintenanceOptionsRequest":{ + "type":"structure", + "required":["InstanceId"], + "members":{ + "InstanceId":{"shape":"InstanceId"}, + "AutoRecovery":{"shape":"InstanceAutoRecoveryState"}, + "DryRun":{"shape":"Boolean"} + } + }, + "ModifyInstanceMaintenanceOptionsResult":{ + "type":"structure", + "members":{ + "InstanceId":{ + "shape":"String", + "locationName":"instanceId" + }, + "AutoRecovery":{ + "shape":"InstanceAutoRecoveryState", + "locationName":"autoRecovery" + } + } + }, "ModifyInstanceMetadataOptionsRequest":{ "type":"structure", "required":["InstanceId"], @@ -31847,7 +31926,8 @@ "MetadataOptions":{"shape":"LaunchTemplateInstanceMetadataOptionsRequest"}, "EnclaveOptions":{"shape":"LaunchTemplateEnclaveOptionsRequest"}, "InstanceRequirements":{"shape":"InstanceRequirementsRequest"}, - "PrivateDnsNameOptions":{"shape":"LaunchTemplatePrivateDnsNameOptionsRequest"} + "PrivateDnsNameOptions":{"shape":"LaunchTemplatePrivateDnsNameOptionsRequest"}, + "MaintenanceOptions":{"shape":"LaunchTemplateInstanceMaintenanceOptionsRequest"} } }, "RequestSpotFleetRequest":{ @@ -32878,6 +32958,10 @@ "PrivateDnsNameOptions":{ "shape":"LaunchTemplatePrivateDnsNameOptions", "locationName":"privateDnsNameOptions" + }, + "MaintenanceOptions":{ + "shape":"LaunchTemplateInstanceMaintenanceOptions", + "locationName":"maintenanceOptions" } } }, @@ -33483,7 +33567,8 @@ }, "MetadataOptions":{"shape":"InstanceMetadataOptionsRequest"}, "EnclaveOptions":{"shape":"EnclaveOptionsRequest"}, - "PrivateDnsNameOptions":{"shape":"PrivateDnsNameOptionsRequest"} + "PrivateDnsNameOptions":{"shape":"PrivateDnsNameOptionsRequest"}, + "MaintenanceOptions":{"shape":"InstanceMaintenanceOptionsRequest"} } }, "RunScheduledInstancesRequest":{ diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 15c7715cd9c..c24c54a02c8 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -422,6 +422,7 @@ "ModifyInstanceCreditSpecification": "

Modifies the credit option for CPU usage on a running or stopped burstable performance instance. The credit options are standard and unlimited.

For more information, see Burstable performance instances in the Amazon EC2 User Guide.

", "ModifyInstanceEventStartTime": "

Modifies the start time for a scheduled Amazon EC2 instance event.

", "ModifyInstanceEventWindow": "

Modifies the specified event window.

You can define either a set of time ranges or a cron expression when modifying the event window, but not both.

To modify the targets associated with the event window, use the AssociateInstanceEventWindow and DisassociateInstanceEventWindow API.

If Amazon Web Services has already scheduled an event, modifying an event window won't change the time of the scheduled event.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide.

", + "ModifyInstanceMaintenanceOptions": "

Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see Simplified automatic recovery.

", "ModifyInstanceMetadataOptions": "

Modify the instance metadata parameters on a running or stopped instance. When you modify the parameters on a stopped instance, they are applied when the instance is started. When you modify the parameters on a running instance, the API responds with a state of “pending”. After the parameter modifications are successfully applied to the instance, the state of the modifications changes from “pending” to “applied” in subsequent describe-instances API calls. For more information, see Instance metadata and user data in the Amazon EC2 User Guide.

", "ModifyInstancePlacement": "

Modifies the placement attributes for a specified instance. You can do the following:

At least one attribute for affinity, host ID, tenancy, or placement group name must be specified in the request. Affinity and tenancy can be modified in the same request.

To modify the host ID, tenancy, placement group, or partition for an instance, the instance must be in the stopped state.

", "ModifyIpam": "

Modify the configurations of an IPAM.

", @@ -2172,7 +2173,7 @@ "ModifyDefaultCreditSpecificationRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyEbsDefaultKmsKeyIdRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyFleetRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", - "ModifyFleetResult$Return": "

Is true if the request succeeds, and an error otherwise.

", + "ModifyFleetResult$Return": "

If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.

", "ModifyFpgaImageAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyIdFormatRequest$UseLongIds": "

Indicate whether the resource should use longer IDs (17-character IDs).

", "ModifyIdentityIdFormatRequest$UseLongIds": "

Indicates whether the resource should use longer IDs (17-character IDs)

", @@ -2183,6 +2184,7 @@ "ModifyInstanceCreditSpecificationRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceEventStartTimeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceEventWindowRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "ModifyInstanceMaintenanceOptionsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstanceMetadataOptionsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyInstancePlacementResult$Return": "

Is true if the request succeeds, and an error otherwise.

", "ModifyIpamPoolRequest$DryRun": "

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -2203,7 +2205,7 @@ "ModifySecurityGroupRulesResult$Return": "

Returns true if the request succeeds; otherwise, returns an error.

", "ModifySnapshotAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifySnapshotTierRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", - "ModifySpotFleetRequestResponse$Return": "

Is true if the request succeeds, and an error otherwise.

", + "ModifySpotFleetRequestResponse$Return": "

If the request succeeds, the response returns true. If the request fails, no response is returned, and instead an error message is returned.

", "ModifyTrafficMirrorFilterNetworkServicesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyTrafficMirrorFilterRuleRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyTrafficMirrorSessionRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -9474,7 +9476,16 @@ "refs": { "DescribeInstanceAttributeRequest$Attribute": "

The instance attribute.

Note: The enaSupport attribute is not supported at this time.

", "ModifyInstanceAttributeRequest$Attribute": "

The name of the attribute.

", - "ResetInstanceAttributeRequest$Attribute": "

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck. To change an instance attribute, use ModifyInstanceAttribute.

" + "ResetInstanceAttributeRequest$Attribute": "

The attribute to reset.

You can only reset the following attributes: kernel | ramdisk | sourceDestCheck.

" + } + }, + "InstanceAutoRecoveryState": { + "base": null, + "refs": { + "InstanceMaintenanceOptions$AutoRecovery": "

Provides information on the current automatic recovery behavior of your instance.

", + "InstanceMaintenanceOptionsRequest$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.

", + "ModifyInstanceMaintenanceOptionsRequest$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default.

", + "ModifyInstanceMaintenanceOptionsResult$AutoRecovery": "

Provides information on the current automatic recovery behavior of your instance.

" } }, "InstanceBlockDeviceMapping": { @@ -9710,6 +9721,7 @@ "ModifyInstanceAttributeRequest$InstanceId": "

The ID of the instance.

", "ModifyInstanceCapacityReservationAttributesRequest$InstanceId": "

The ID of the instance to be modified.

", "ModifyInstanceEventStartTimeRequest$InstanceId": "

The ID of the instance with the scheduled event.

", + "ModifyInstanceMaintenanceOptionsRequest$InstanceId": "

The ID of the instance.

", "ModifyInstanceMetadataOptionsRequest$InstanceId": "

The ID of the instance.

", "ModifyInstancePlacementRequest$InstanceId": "

The ID of the instance that you are modifying.

", "ModifyPrivateDnsNameOptionsRequest$InstanceId": "

The ID of the instance.

", @@ -9840,6 +9852,18 @@ "Reservation$Instances": "

The instances.

" } }, + "InstanceMaintenanceOptions": { + "base": "

The maintenance options for the instance.

", + "refs": { + "Instance$MaintenanceOptions": "

Provides information on the recovery and maintenance options of your instance.

" + } + }, + "InstanceMaintenanceOptionsRequest": { + "base": "

The maintenance options for the instance.

", + "refs": { + "RunInstancesRequest$MaintenanceOptions": "

The maintenance and recovery options for the instance.

" + } + }, "InstanceMarketOptionsRequest": { "base": "

Describes the market (purchasing) option for the instances.

", "refs": { @@ -11313,6 +11337,13 @@ "DescribeFleetsInstances$LaunchTemplateAndOverrides": "

The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template.

" } }, + "LaunchTemplateAutoRecoveryState": { + "base": null, + "refs": { + "LaunchTemplateInstanceMaintenanceOptions$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default.

", + "LaunchTemplateInstanceMaintenanceOptionsRequest$AutoRecovery": "

Disables the automatic recovery behavior of your instance or sets it to default. For more information, see Simplified automatic recovery.

" + } + }, "LaunchTemplateBlockDeviceMapping": { "base": "

Describes a block device mapping.

", "refs": { @@ -11486,6 +11517,18 @@ "DescribeLaunchTemplatesRequest$LaunchTemplateIds": "

One or more launch template IDs.

" } }, + "LaunchTemplateInstanceMaintenanceOptions": { + "base": "

The maintenance options of your instance.

", + "refs": { + "ResponseLaunchTemplateData$MaintenanceOptions": "

The maintenance options for your instance.

" + } + }, + "LaunchTemplateInstanceMaintenanceOptionsRequest": { + "base": "

The maintenance options of your instance.

", + "refs": { + "RequestLaunchTemplateData$MaintenanceOptions": "

The maintenance options for the instance.

" + } + }, "LaunchTemplateInstanceMarketOptions": { "base": "

The market (purchasing) option for the instances.

", "refs": { @@ -12455,6 +12498,16 @@ "refs": { } }, + "ModifyInstanceMaintenanceOptionsRequest": { + "base": null, + "refs": { + } + }, + "ModifyInstanceMaintenanceOptionsResult": { + "base": null, + "refs": { + } + }, "ModifyInstanceMetadataOptionsRequest": { "base": null, "refs": { @@ -17403,6 +17456,7 @@ "ModifyInstanceCreditSpecificationRequest$ClientToken": "

A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring Idempotency.

", "ModifyInstanceEventStartTimeRequest$InstanceEventId": "

The ID of the event whose date and time you are modifying.

", "ModifyInstanceEventWindowRequest$Name": "

The name of the event window.

", + "ModifyInstanceMaintenanceOptionsResult$InstanceId": "

The ID of the instance.

", "ModifyInstanceMetadataOptionsResult$InstanceId": "

The ID of the instance.

", "ModifyInstancePlacementRequest$HostResourceGroupArn": "

The ARN of the host resource group in which to place the instance.

", "ModifyIpamPoolRequest$Description": "

The description of the IPAM pool you want to modify.

", diff --git a/models/apis/fms/2018-01-01/api-2.json b/models/apis/fms/2018-01-01/api-2.json index 775b0a4cc47..17ddd367425 100644 --- a/models/apis/fms/2018-01-01/api-2.json +++ b/models/apis/fms/2018-01-01/api-2.json @@ -28,6 +28,21 @@ {"shape":"LimitExceededException"} ] }, + "AssociateThirdPartyFirewall":{ + "name":"AssociateThirdPartyFirewall", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateThirdPartyFirewallRequest"}, + "output":{"shape":"AssociateThirdPartyFirewallResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "DeleteAppsList":{ "name":"DeleteAppsList", "http":{ @@ -95,6 +110,21 @@ {"shape":"InternalErrorException"} ] }, + "DisassociateThirdPartyFirewall":{ + "name":"DisassociateThirdPartyFirewall", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateThirdPartyFirewallRequest"}, + "output":{"shape":"DisassociateThirdPartyFirewallResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "GetAdminAccount":{ "name":"GetAdminAccount", "http":{ @@ -195,6 +225,21 @@ {"shape":"InternalErrorException"} ] }, + "GetThirdPartyFirewallAssociationStatus":{ + "name":"GetThirdPartyFirewallAssociationStatus", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetThirdPartyFirewallAssociationStatusRequest"}, + "output":{"shape":"GetThirdPartyFirewallAssociationStatusResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "GetViolationDetails":{ "name":"GetViolationDetails", "http":{ @@ -294,6 +339,21 @@ {"shape":"InvalidInputException"} ] }, + "ListThirdPartyFirewallFirewallPolicies":{ + "name":"ListThirdPartyFirewallFirewallPolicies", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListThirdPartyFirewallFirewallPoliciesRequest"}, + "output":{"shape":"ListThirdPartyFirewallFirewallPoliciesResponse"}, + "errors":[ + {"shape":"InvalidOperationException"}, + {"shape":"InvalidInputException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalErrorException"} + ] + }, "PutAppsList":{ "name":"PutAppsList", "http":{ @@ -465,6 +525,19 @@ "AdminAccount":{"shape":"AWSAccountId"} } }, + "AssociateThirdPartyFirewallRequest":{ + "type":"structure", + "required":["ThirdPartyFirewall"], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"} + } + }, + "AssociateThirdPartyFirewallResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallStatus":{"shape":"ThirdPartyFirewallAssociationStatus"} + } + }, "AwsEc2InstanceViolation":{ "type":"structure", "members":{ @@ -599,6 +672,19 @@ "members":{ } }, + "DisassociateThirdPartyFirewallRequest":{ + "type":"structure", + "required":["ThirdPartyFirewall"], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"} + } + }, + "DisassociateThirdPartyFirewallResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallStatus":{"shape":"ThirdPartyFirewallAssociationStatus"} + } + }, "DnsDuplicateRuleGroupViolation":{ "type":"structure", "members":{ @@ -748,7 +834,22 @@ }, "FirewallDeploymentModel":{ "type":"string", - "enum":["CENTRALIZED"] + "enum":[ + "CENTRALIZED", + "DISTRIBUTED" + ] + }, + "FirewallPolicyId":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + }, + "FirewallPolicyName":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" }, "FirewallSubnetIsOutOfScopeViolation":{ "type":"structure", @@ -760,6 +861,15 @@ "VpcEndpointId":{"shape":"ResourceId"} } }, + "FirewallSubnetMissingVPCEndpointViolation":{ + "type":"structure", + "members":{ + "FirewallSubnetId":{"shape":"ResourceId"}, + "VpcId":{"shape":"ResourceId"}, + "SubnetAvailabilityZone":{"shape":"LengthBoundedString"}, + "SubnetAvailabilityZoneId":{"shape":"LengthBoundedString"} + } + }, "GetAdminAccountRequest":{ "type":"structure", "members":{ @@ -866,6 +976,20 @@ "ProtocolsListArn":{"shape":"ResourceArn"} } }, + "GetThirdPartyFirewallAssociationStatusRequest":{ + "type":"structure", + "required":["ThirdPartyFirewall"], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"} + } + }, + "GetThirdPartyFirewallAssociationStatusResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallStatus":{"shape":"ThirdPartyFirewallAssociationStatus"}, + "MarketplaceOnboardingStatus":{"shape":"MarketplaceSubscriptionOnboardingStatus"} + } + }, "GetViolationDetailsRequest":{ "type":"structure", "required":[ @@ -1036,12 +1160,39 @@ "TagList":{"shape":"TagList"} } }, + "ListThirdPartyFirewallFirewallPoliciesRequest":{ + "type":"structure", + "required":[ + "ThirdPartyFirewall", + "MaxResults" + ], + "members":{ + "ThirdPartyFirewall":{"shape":"ThirdPartyFirewall"}, + "NextToken":{"shape":"PaginationToken"}, + "MaxResults":{"shape":"PaginationMaxResults"} + } + }, + "ListThirdPartyFirewallFirewallPoliciesResponse":{ + "type":"structure", + "members":{ + "ThirdPartyFirewallFirewallPolicies":{"shape":"ThirdPartyFirewallFirewallPolicies"}, + "NextToken":{"shape":"PaginationToken"} + } + }, "ManagedServiceData":{ "type":"string", "max":8192, "min":1, "pattern":"^((?!\\\\[nr]).)+" }, + "MarketplaceSubscriptionOnboardingStatus":{ + "type":"string", + "enum":[ + "NO_SUBSCRIPTION", + "NOT_COMPLETE", + "COMPLETE" + ] + }, "MemberAccounts":{ "type":"list", "member":{"shape":"AWSAccountId"} @@ -1285,7 +1436,8 @@ "PolicyOption":{ "type":"structure", "members":{ - "NetworkFirewallPolicy":{"shape":"NetworkFirewallPolicy"} + "NetworkFirewallPolicy":{"shape":"NetworkFirewallPolicy"}, + "ThirdPartyFirewallPolicy":{"shape":"ThirdPartyFirewallPolicy"} } }, "PolicySummary":{ @@ -1566,7 +1718,11 @@ "DnsRuleGroupLimitExceededViolation":{"shape":"DnsRuleGroupLimitExceededViolation"}, "PossibleRemediationActions":{"shape":"PossibleRemediationActions"}, "FirewallSubnetIsOutOfScopeViolation":{"shape":"FirewallSubnetIsOutOfScopeViolation"}, - "RouteHasOutOfScopeEndpointViolation":{"shape":"RouteHasOutOfScopeEndpointViolation"} + "RouteHasOutOfScopeEndpointViolation":{"shape":"RouteHasOutOfScopeEndpointViolation"}, + "ThirdPartyFirewallMissingFirewallViolation":{"shape":"ThirdPartyFirewallMissingFirewallViolation"}, + "ThirdPartyFirewallMissingSubnetViolation":{"shape":"ThirdPartyFirewallMissingSubnetViolation"}, + "ThirdPartyFirewallMissingExpectedRouteTableViolation":{"shape":"ThirdPartyFirewallMissingExpectedRouteTableViolation"}, + "FirewallSubnetMissingVPCEndpointViolation":{"shape":"FirewallSubnetMissingVPCEndpointViolation"} } }, "ResourceViolations":{ @@ -1646,7 +1802,8 @@ "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", "NETWORK_FIREWALL", - "DNS_FIREWALL" + "DNS_FIREWALL", + "THIRD_PARTY_FIREWALL" ] }, "StatefulRuleGroup":{ @@ -1753,6 +1910,65 @@ "type":"list", "member":{"shape":"TargetViolationReason"} }, + "ThirdPartyFirewall":{ + "type":"string", + "enum":["PALO_ALTO_NETWORKS_CLOUD_NGFW"] + }, + "ThirdPartyFirewallAssociationStatus":{ + "type":"string", + "enum":[ + "ONBOARDING", + "ONBOARD_COMPLETE", + "OFFBOARDING", + "OFFBOARD_COMPLETE", + "NOT_EXIST" + ] + }, + "ThirdPartyFirewallFirewallPolicies":{ + "type":"list", + "member":{"shape":"ThirdPartyFirewallFirewallPolicy"} + }, + "ThirdPartyFirewallFirewallPolicy":{ + "type":"structure", + "members":{ + "FirewallPolicyId":{"shape":"FirewallPolicyId"}, + "FirewallPolicyName":{"shape":"FirewallPolicyName"} + } + }, + "ThirdPartyFirewallMissingExpectedRouteTableViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{"shape":"ViolationTarget"}, + "VPC":{"shape":"ResourceId"}, + "AvailabilityZone":{"shape":"LengthBoundedString"}, + "CurrentRouteTable":{"shape":"ResourceId"}, + "ExpectedRouteTable":{"shape":"ResourceId"} + } + }, + "ThirdPartyFirewallMissingFirewallViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{"shape":"ViolationTarget"}, + "VPC":{"shape":"ResourceId"}, + "AvailabilityZone":{"shape":"LengthBoundedString"}, + "TargetViolationReason":{"shape":"TargetViolationReason"} + } + }, + "ThirdPartyFirewallMissingSubnetViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{"shape":"ViolationTarget"}, + "VPC":{"shape":"ResourceId"}, + "AvailabilityZone":{"shape":"LengthBoundedString"}, + "TargetViolationReason":{"shape":"TargetViolationReason"} + } + }, + "ThirdPartyFirewallPolicy":{ + "type":"structure", + "members":{ + "FirewallDeploymentModel":{"shape":"FirewallDeploymentModel"} + } + }, "TimeStamp":{"type":"timestamp"}, "UntagResourceRequest":{ "type":"structure", @@ -1812,6 +2028,7 @@ "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", "NETWORK_FIREWALL_POLICY_MODIFIED", + "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE", "FIREWALL_SUBNET_MISSING_EXPECTED_ROUTE", "UNEXPECTED_FIREWALL_ROUTES", @@ -1823,8 +2040,8 @@ "BLACK_HOLE_ROUTE_DETECTED", "BLACK_HOLE_ROUTE_DETECTED_IN_FIREWALL_SUBNET", "RESOURCE_MISSING_DNS_FIREWALL", - "FIREWALL_SUBNET_IS_OUT_OF_SCOPE", - "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" + "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT", + "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" ] }, "ViolationTarget":{ diff --git a/models/apis/fms/2018-01-01/docs-2.json b/models/apis/fms/2018-01-01/docs-2.json index 410057e9db0..d3907945e9a 100644 --- a/models/apis/fms/2018-01-01/docs-2.json +++ b/models/apis/fms/2018-01-01/docs-2.json @@ -3,11 +3,13 @@ "service": "

This is the Firewall Manager API Reference. This guide is for developers who need detailed information about the Firewall Manager API actions, data types, and errors. For detailed information about Firewall Manager features, see the Firewall Manager Developer Guide.

Some API actions require explicit resource permissions. For information, see the developer guide topic Firewall Manager required permissions for API actions.

", "operations": { "AssociateAdminAccount": "

Sets the Firewall Manager administrator account. The account must be a member of the organization in Organizations whose resources you want to protect. Firewall Manager sets the permissions that allow the account to administer your Firewall Manager policies.

The account that you associate with Firewall Manager is called the Firewall Manager administrator account.

", + "AssociateThirdPartyFirewall": "

Sets the Firewall Manager policy administrator as a tenant administrator of a third-party firewall service. A tenant is an instance of the third-party firewall service that's associated with your Amazon Web Services customer account.

", "DeleteAppsList": "

Permanently deletes an Firewall Manager applications list.

", "DeleteNotificationChannel": "

Deletes an Firewall Manager association with the IAM role and the Amazon Simple Notification Service (SNS) topic that is used to record Firewall Manager SNS logs.

", "DeletePolicy": "

Permanently deletes an Firewall Manager policy.

", "DeleteProtocolsList": "

Permanently deletes an Firewall Manager protocols list.

", "DisassociateAdminAccount": "

Disassociates the account that has been set as the Firewall Manager administrator account. To set a different account as the administrator account, you must submit an AssociateAdminAccount request.

", + "DisassociateThirdPartyFirewall": "

Disassociates a Firewall Manager policy administrator from a third-party firewall tenant. When you call DisassociateThirdPartyFirewall, the third-party firewall vendor deletes all of the firewalls that are associated with the account.

", "GetAdminAccount": "

Returns the Organizations account that is associated with Firewall Manager as the Firewall Manager administrator.

", "GetAppsList": "

Returns information about the specified Firewall Manager applications list.

", "GetComplianceDetail": "

Returns detailed compliance information about the specified member account. Details include resources that are in and out of compliance with the specified policy.

", @@ -15,6 +17,7 @@ "GetPolicy": "

Returns information about the specified Firewall Manager policy.

", "GetProtectionStatus": "

If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack. Other policy types are currently unsupported.

", "GetProtocolsList": "

Returns information about the specified Firewall Manager protocols list.

", + "GetThirdPartyFirewallAssociationStatus": "

The onboarding status of a Firewall Manager admin account to third-party firewall vendor tenant.

", "GetViolationDetails": "

Retrieves violations for a resource based on the specified Firewall Manager policy and Amazon Web Services account.

", "ListAppsLists": "

Returns an array of AppsListDataSummary objects.

", "ListComplianceStatus": "

Returns an array of PolicyComplianceStatus objects. Use PolicyComplianceStatus to get a summary of which member accounts are protected by the specified policy.

", @@ -22,6 +25,7 @@ "ListPolicies": "

Returns an array of PolicySummary objects.

", "ListProtocolsLists": "

Returns an array of ProtocolsListDataSummary objects.

", "ListTagsForResource": "

Retrieves the list of tags for the specified Amazon Web Services resource.

", + "ListThirdPartyFirewallFirewallPolicies": "

Retrieves a list of all of the third-party firewall policies that are associated with the third-party firewall administrator's account.

", "PutAppsList": "

Creates an Firewall Manager applications list.

", "PutNotificationChannel": "

Designates the IAM role and Amazon Simple Notification Service (SNS) topic that Firewall Manager uses to record SNS logs.

To perform this action outside of the console, you must configure the SNS topic to allow the Firewall Manager role AWSServiceRoleForFMS to publish SNS logs. For more information, see Firewall Manager required permissions for API actions in the Firewall Manager Developer Guide.

", "PutPolicy": "

Creates an Firewall Manager policy.

Firewall Manager provides the following types of policies:

Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.

You must be subscribed to Shield Advanced to create a Shield Advanced policy. For more information about subscribing to Shield Advanced, see CreateSubscription.

", @@ -111,6 +115,16 @@ "refs": { } }, + "AssociateThirdPartyFirewallRequest": { + "base": null, + "refs": { + } + }, + "AssociateThirdPartyFirewallResponse": { + "base": null, + "refs": { + } + }, "AwsEc2InstanceViolation": { "base": "

Violation detail for an EC2 instance resource.

", "refs": { @@ -154,7 +168,7 @@ "ListProtocolsListsRequest$DefaultLists": "

Specifies whether the lists to retrieve are default lists owned by Firewall Manager.

", "NetworkFirewallInternetTrafficNotInspectedViolation$IsRouteTableUsedInDifferentAZ": "

Information about whether the route table is used in another Availability Zone.

", "NetworkFirewallInvalidRouteConfigurationViolation$IsRouteTableUsedInDifferentAZ": "

Information about whether the route table is used in another Availability Zone.

", - "Policy$ExcludeResourceTags": "

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

", + "Policy$ExcludeResourceTags": "

If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.

", "Policy$RemediationEnabled": "

Indicates if the policy should be automatically applied to new resources.

", "Policy$DeleteUnusedFMManagedResources": "

Indicates whether Firewall Manager should automatically remove protections from resources that leave the policy scope and clean up resources that Firewall Manager is managing for accounts when those accounts leave policy scope. For example, Firewall Manager will disassociate a Firewall Manager managed web ACL from a protected customer resource when the customer resource leaves policy scope.

By default, Firewall Manager doesn't remove protections or delete Firewall Manager managed resources.

This option is not available for Shield Advanced or WAF Classic policies.

", "PolicyComplianceDetail$EvaluationLimitExceeded": "

Indicates if over 100 resources are noncompliant with the Firewall Manager policy.

", @@ -219,8 +233,8 @@ "CustomerPolicyScopeMap": { "base": null, "refs": { - "Policy$IncludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

", - "Policy$ExcludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

" + "Policy$IncludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

", + "Policy$ExcludeMap": "

Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to exclude from the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.

You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.

You can specify account IDs, OUs, or a combination:

" } }, "DeleteAppsListRequest": { @@ -266,6 +280,16 @@ "refs": { } }, + "DisassociateThirdPartyFirewallRequest": { + "base": null, + "refs": { + } + }, + "DisassociateThirdPartyFirewallResponse": { + "base": null, + "refs": { + } + }, "DnsDuplicateRuleGroupViolation": { "base": "

A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.

", "refs": { @@ -387,7 +411,20 @@ "FirewallDeploymentModel": { "base": null, "refs": { - "NetworkFirewallPolicy$FirewallDeploymentModel": "

Defines the deployment model to use for the firewall policy. To use a distributed model, set PolicyOption to NULL.

" + "NetworkFirewallPolicy$FirewallDeploymentModel": "

Defines the deployment model to use for the firewall policy. To use a distributed model, set PolicyOption to NULL.

", + "ThirdPartyFirewallPolicy$FirewallDeploymentModel": "

Defines the deployment model to use for the third-party firewall.

" + } + }, + "FirewallPolicyId": { + "base": null, + "refs": { + "ThirdPartyFirewallFirewallPolicy$FirewallPolicyId": "

The ID of the specified firewall policy.

" + } + }, + "FirewallPolicyName": { + "base": null, + "refs": { + "ThirdPartyFirewallFirewallPolicy$FirewallPolicyName": "

The name of the specified firewall policy.

" } }, "FirewallSubnetIsOutOfScopeViolation": { @@ -396,6 +433,12 @@ "ResourceViolation$FirewallSubnetIsOutOfScopeViolation": "

Contains details about the firewall subnet that violates the policy scope.

" } }, + "FirewallSubnetMissingVPCEndpointViolation": { + "base": "

The violation details for a firewall subnet's VPC endpoint that's deleted or missing.

", + "refs": { + "ResourceViolation$FirewallSubnetMissingVPCEndpointViolation": "

The violation details for a third-party firewall's VPC endpoint subnet that was deleted.

" + } + }, "GetAdminAccountRequest": { "base": null, "refs": { @@ -466,6 +509,16 @@ "refs": { } }, + "GetThirdPartyFirewallAssociationStatusRequest": { + "base": null, + "refs": { + } + }, + "GetThirdPartyFirewallAssociationStatusResponse": { + "base": null, + "refs": { + } + }, "GetViolationDetailsRequest": { "base": null, "refs": { @@ -531,6 +584,8 @@ "FMSPolicyUpdateFirewallCreationConfigAction$Description": "

Describes the remedial action.

", "FirewallSubnetIsOutOfScopeViolation$SubnetAvailabilityZone": "

The Availability Zone of the firewall subnet that violates the policy scope.

", "FirewallSubnetIsOutOfScopeViolation$SubnetAvailabilityZoneId": "

The Availability Zone ID of the firewall subnet that violates the policy scope.

", + "FirewallSubnetMissingVPCEndpointViolation$SubnetAvailabilityZone": "

The name of the Availability Zone of the deleted VPC subnet.

", + "FirewallSubnetMissingVPCEndpointViolation$SubnetAvailabilityZoneId": "

The ID of the Availability Zone of the deleted VPC subnet.

", "LengthBoundedStringList$member": null, "NetworkFirewallInternetTrafficNotInspectedViolation$SubnetAvailabilityZone": "

The subnet Availability Zone.

", "NetworkFirewallMissingExpectedRTViolation$AvailabilityZone": "

The Availability Zone of a violating subnet.

", @@ -544,6 +599,9 @@ "RouteHasOutOfScopeEndpointViolation$SubnetAvailabilityZone": "

The subnet's Availability Zone.

", "RouteHasOutOfScopeEndpointViolation$SubnetAvailabilityZoneId": "

The ID of the subnet's Availability Zone.

", "SecurityGroupRuleDescription$Protocol": "

The IP protocol name (tcp, udp, icmp, icmpv6) or number.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$AvailabilityZone": "

The Availability Zone of the firewall subnet that's causing the violation.

", + "ThirdPartyFirewallMissingFirewallViolation$AvailabilityZone": "

The Availability Zone of the third-party firewall that's causing the violation.

", + "ThirdPartyFirewallMissingSubnetViolation$AvailabilityZone": "

The Availability Zone of a subnet that's causing the violation.

", "ViolationDetail$ResourceDescription": "

Brief description for the requested resource.

" } }, @@ -631,11 +689,27 @@ "refs": { } }, + "ListThirdPartyFirewallFirewallPoliciesRequest": { + "base": null, + "refs": { + } + }, + "ListThirdPartyFirewallFirewallPoliciesResponse": { + "base": null, + "refs": { + } + }, "ManagedServiceData": { "base": null, "refs": { "FMSPolicyUpdateFirewallCreationConfigAction$FirewallCreationConfig": "

A FirewallCreationConfig that you can copy into your current policy's SecurityServiceData in order to remedy scope violations.

", - "SecurityServicePolicyData$ManagedServiceData": "

Details about the service that are specific to the service type, in JSON format.

" + "SecurityServicePolicyData$ManagedServiceData": "

Details about the service that are specific to the service type, in JSON format.

" + } + }, + "MarketplaceSubscriptionOnboardingStatus": { + "base": null, + "refs": { + "GetThirdPartyFirewallAssociationStatusResponse$MarketplaceOnboardingStatus": "

The status for subscribing to the third-party firewall vendor in the AWS Marketplace.

" } }, "MemberAccounts": { @@ -752,7 +826,8 @@ "ListComplianceStatusRequest$MaxResults": "

Specifies the number of PolicyComplianceStatus objects that you want Firewall Manager to return for this request. If you have more PolicyComplianceStatus objects than the number that you specify for MaxResults, the response includes a NextToken value that you can use to get another batch of PolicyComplianceStatus objects.

", "ListMemberAccountsRequest$MaxResults": "

Specifies the number of member account IDs that you want Firewall Manager to return for this request. If you have more IDs than the number that you specify for MaxResults, the response includes a NextToken value that you can use to get another batch of member account IDs.

", "ListPoliciesRequest$MaxResults": "

Specifies the number of PolicySummary objects that you want Firewall Manager to return for this request. If you have more PolicySummary objects than the number that you specify for MaxResults, the response includes a NextToken value that you can use to get another batch of PolicySummary objects.

", - "ListProtocolsListsRequest$MaxResults": "

The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

If you don't specify this, Firewall Manager returns all available objects.

" + "ListProtocolsListsRequest$MaxResults": "

The maximum number of objects that you want Firewall Manager to return for this request. If more objects are available, in the response, Firewall Manager provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

If you don't specify this, Firewall Manager returns all available objects.

", + "ListThirdPartyFirewallFirewallPoliciesRequest$MaxResults": "

The maximum number of third-party firewall policies that you want Firewall Manager to return. If the specified third-party firewall vendor is associated with more than MaxResults firewall policies, the response includes a NextToken element. NextToken contains an encrypted token that identifies the first third-party firewall policies that Firewall Manager will return if you submit another request.

" } }, "PaginationToken": { @@ -769,7 +844,9 @@ "ListPoliciesRequest$NextToken": "

If you specify a value for MaxResults and you have more PolicySummary objects than the number that you specify for MaxResults, Firewall Manager returns a NextToken value in the response that allows you to list another group of PolicySummary objects. For the second and subsequent ListPolicies requests, specify the value of NextToken from the previous response to get information about another batch of PolicySummary objects.

", "ListPoliciesResponse$NextToken": "

If you have more PolicySummary objects than the number that you specified for MaxResults in the request, the response includes a NextToken value. To list more PolicySummary objects, submit another ListPolicies request, and specify the NextToken value from the response in the NextToken value in the next request.

", "ListProtocolsListsRequest$NextToken": "

If you specify a value for MaxResults in your list request, and you have more objects than the maximum, Firewall Manager returns this token in the response. For all but the first request, you provide the token returned by the prior request in the request parameters, to retrieve the next batch of objects.

", - "ListProtocolsListsResponse$NextToken": "

If you specify a value for MaxResults in your list request, and you have more objects than the maximum, Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.

" + "ListProtocolsListsResponse$NextToken": "

If you specify a value for MaxResults in your list request, and you have more objects than the maximum, Firewall Manager returns this token in the response. You can use this token in subsequent requests to retrieve the next batch of objects.

", + "ListThirdPartyFirewallFirewallPoliciesRequest$NextToken": "

If the previous response included a NextToken element, the specified third-party firewall vendor is associated with more third-party firewall policies. To get more third-party firewall policies, submit another ListThirdPartyFirewallFirewallPoliciesRequest request.

For the value of NextToken, specify the value of NextToken from the previous response. If the previous response didn't include a NextToken element, there are no more third-party firewall policies to get.

", + "ListThirdPartyFirewallFirewallPoliciesResponse$NextToken": "

The value that you will use for NextToken in the next ListThirdPartyFirewallFirewallPolicies request.

" } }, "PartialMatch": { @@ -1039,6 +1116,8 @@ "FirewallSubnetIsOutOfScopeViolation$FirewallSubnetId": "

The ID of the firewall subnet that violates the policy scope.

", "FirewallSubnetIsOutOfScopeViolation$VpcId": "

The VPC ID of the firewall subnet that violates the policy scope.

", "FirewallSubnetIsOutOfScopeViolation$VpcEndpointId": "

The VPC endpoint ID of the firewall subnet that violates the policy scope.

", + "FirewallSubnetMissingVPCEndpointViolation$FirewallSubnetId": "

The ID of the firewall that this VPC endpoint is associated with.

", + "FirewallSubnetMissingVPCEndpointViolation$VpcId": "

The resource ID of the VPC associated with the deleted VPC subnet.

", "GetViolationDetailsRequest$ResourceId": "

The ID of the resource that has violations.

", "NetworkFirewallBlackHoleRouteDetectedViolation$RouteTableId": "

Information about the route table ID.

", "NetworkFirewallBlackHoleRouteDetectedViolation$VpcId": "

Information about the VPC ID.

", @@ -1083,6 +1162,11 @@ "SecurityGroupRuleDescription$PrefixListId": "

The ID of the prefix list for the security group rule.

", "StatefulRuleGroup$ResourceId": "

The resource ID of the rule group.

", "StatelessRuleGroup$ResourceId": "

The resource ID of the rule group.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$VPC": "

The resource ID of the VPC associated with a fireawll subnet that's causing the violation.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$CurrentRouteTable": "

The resource ID of the current route table that's associated with the subnet, if one is available.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$ExpectedRouteTable": "

The resource ID of the route table that should be associated with the subnet.

", + "ThirdPartyFirewallMissingFirewallViolation$VPC": "

The resource ID of the VPC associated with a third-party firewall.

", + "ThirdPartyFirewallMissingSubnetViolation$VPC": "

The resource ID of the VPC associated with a subnet that's causing the violation.

", "ViolationDetail$ResourceId": "

The resource ID that the violation details were requested for.

" } }, @@ -1283,7 +1367,7 @@ "PutPolicyRequest$TagList": "

The tags to add to the Amazon Web Services resource.

", "PutProtocolsListRequest$TagList": "

The tags associated with the resource.

", "TagResourceRequest$TagList": "

The tags to add to the resource.

", - "ViolationDetail$ResourceTags": "

The ResourceTag objects associated with the resource.

This option isn't available for the centralized deployment model when creating policies to configure Network Firewall.

" + "ViolationDetail$ResourceTags": "

The ResourceTag objects associated with the resource.

" } }, "TagResourceRequest": { @@ -1313,7 +1397,9 @@ "refs": { "NetworkFirewallMissingFirewallViolation$TargetViolationReason": "

The reason the resource has this violation, if one is available.

", "NetworkFirewallMissingSubnetViolation$TargetViolationReason": "

The reason the resource has this violation, if one is available.

", - "TargetViolationReasons$member": null + "TargetViolationReasons$member": null, + "ThirdPartyFirewallMissingFirewallViolation$TargetViolationReason": "

The reason the resource is causing this violation, if a reason is available.

", + "ThirdPartyFirewallMissingSubnetViolation$TargetViolationReason": "

The reason the resource is causing the violation, if a reason is available.

" } }, "TargetViolationReasons": { @@ -1322,6 +1408,59 @@ "PartialMatch$TargetViolationReasons": "

The violation reason.

" } }, + "ThirdPartyFirewall": { + "base": null, + "refs": { + "AssociateThirdPartyFirewallRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

", + "DisassociateThirdPartyFirewallRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

", + "GetThirdPartyFirewallAssociationStatusRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

", + "ListThirdPartyFirewallFirewallPoliciesRequest$ThirdPartyFirewall": "

The name of the third-party firewall vendor.

" + } + }, + "ThirdPartyFirewallAssociationStatus": { + "base": null, + "refs": { + "AssociateThirdPartyFirewallResponse$ThirdPartyFirewallStatus": "

The current status for setting a Firewall Manager policy administrator's account as an administrator of the third-party firewall tenant.

", + "DisassociateThirdPartyFirewallResponse$ThirdPartyFirewallStatus": "

The current status for the disassociation of a Firewall Manager administrators account with a third-party firewall.

", + "GetThirdPartyFirewallAssociationStatusResponse$ThirdPartyFirewallStatus": "

The current status for setting a Firewall Manager policy administrators account as an administrator of the third-party firewall tenant.

" + } + }, + "ThirdPartyFirewallFirewallPolicies": { + "base": null, + "refs": { + "ListThirdPartyFirewallFirewallPoliciesResponse$ThirdPartyFirewallFirewallPolicies": "

A list that contains one ThirdPartyFirewallFirewallPolicies element for each third-party firewall policies that the specified third-party firewall vendor is associated with. Each ThirdPartyFirewallFirewallPolicies element contains the firewall policy name and ID.

" + } + }, + "ThirdPartyFirewallFirewallPolicy": { + "base": "

Configures the firewall policy deployment model for a third-party firewall. The deployment model can either be distributed or centralized.

", + "refs": { + "ThirdPartyFirewallFirewallPolicies$member": null + } + }, + "ThirdPartyFirewallMissingExpectedRouteTableViolation": { + "base": "

The violation details for a third-party firewall that's not associated with an Firewall Manager managed route table.

", + "refs": { + "ResourceViolation$ThirdPartyFirewallMissingExpectedRouteTableViolation": "

The violation details for a third-party firewall that has the Firewall Manager managed route table that was associated with the third-party firewall has been deleted.

" + } + }, + "ThirdPartyFirewallMissingFirewallViolation": { + "base": "

The violation details about a third-party firewall's subnet that doesn't have a Firewall Manager managed firewall in its VPC.

", + "refs": { + "ResourceViolation$ThirdPartyFirewallMissingFirewallViolation": "

The violation details for a third-party firewall that's been deleted.

" + } + }, + "ThirdPartyFirewallMissingSubnetViolation": { + "base": "

The violation details for a third-party firewall for an Availability Zone that's missing the Firewall Manager managed subnet.

", + "refs": { + "ResourceViolation$ThirdPartyFirewallMissingSubnetViolation": "

The violation details for a third-party firewall's subnet that's been deleted.

" + } + }, + "ThirdPartyFirewallPolicy": { + "base": "

Configures the policy for the third-party firewall.

", + "refs": { + "PolicyOption$ThirdPartyFirewallPolicy": "

Defines the policy options for a third-party firewall policy.

" + } + }, "TimeStamp": { "base": null, "refs": { @@ -1378,7 +1517,10 @@ "NetworkFirewallMissingExpectedRoutesViolation$ViolationTarget": "

The target of the violation.

", "NetworkFirewallMissingFirewallViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

", "NetworkFirewallMissingSubnetViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

", - "NetworkFirewallPolicyModifiedViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

" + "NetworkFirewallPolicyModifiedViolation$ViolationTarget": "

The ID of the Network Firewall or VPC resource that's in violation.

", + "ThirdPartyFirewallMissingExpectedRouteTableViolation$ViolationTarget": "

The ID of the third-party firewall or VPC resource that's causing the violation.

", + "ThirdPartyFirewallMissingFirewallViolation$ViolationTarget": "

The ID of the third-party firewall that's causing the violation.

", + "ThirdPartyFirewallMissingSubnetViolation$ViolationTarget": "

The ID of the third-party firewall or VPC resource that's causing the violation.

" } } } diff --git a/models/apis/fms/2018-01-01/paginators-1.json b/models/apis/fms/2018-01-01/paginators-1.json index 681520cbad1..b6fef983691 100644 --- a/models/apis/fms/2018-01-01/paginators-1.json +++ b/models/apis/fms/2018-01-01/paginators-1.json @@ -29,6 +29,12 @@ "limit_key": "MaxResults", "output_token": "NextToken", "result_key": "ProtocolsLists" + }, + "ListThirdPartyFirewallFirewallPolicies": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "ThirdPartyFirewallFirewallPolicies" } } } \ No newline at end of file diff --git a/models/apis/fsx/2018-03-01/api-2.json b/models/apis/fsx/2018-03-01/api-2.json index 582965ce708..2f57552dca9 100644 --- a/models/apis/fsx/2018-03-01/api-2.json +++ b/models/apis/fsx/2018-03-01/api-2.json @@ -3189,7 +3189,8 @@ "DailyAutomaticBackupStartTime":{"shape":"DailyTime"}, "FsxAdminPassword":{"shape":"AdminPassword"}, "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}, - "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"} + "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"}, + "ThroughputCapacity":{"shape":"MegabytesPerSecond"} } }, "UpdateFileSystemOpenZFSConfiguration":{ diff --git a/models/apis/fsx/2018-03-01/docs-2.json b/models/apis/fsx/2018-03-01/docs-2.json index 70b0cfa80f4..06884bb3750 100644 --- a/models/apis/fsx/2018-03-01/docs-2.json +++ b/models/apis/fsx/2018-03-01/docs-2.json @@ -8,7 +8,7 @@ "CreateBackup": "

Creates a backup of an existing Amazon FSx for Windows File Server file system, Amazon FSx for Lustre file system, Amazon FSx for NetApp ONTAP volume, or Amazon FSx for OpenZFS file system. We recommend creating regular backups so that you can restore a file system or volume from a backup if an issue arises with the original file system or volume.

For Amazon FSx for Lustre file systems, you can create a backup only for file systems that have the following configuration:

For more information about backups, see the following:

If a backup with the specified client request token exists and the parameters match, this operation returns the description of the existing backup. If a backup with the specified client request token exists and the parameters don't match, this operation returns IncompatibleParameterError. If a backup with the specified client request token doesn't exist, CreateBackup does the following:

By using the idempotent operation, you can retry a CreateBackup operation without the risk of creating an extra backup. This approach can be useful when an initial call fails in a way that makes it unclear whether a backup was created. If you use the same client request token and the initial call created a backup, the operation returns a successful result because all the parameters are the same.

The CreateBackup operation returns while the backup's lifecycle state is still CREATING. You can check the backup creation status by calling the DescribeBackups operation, which returns the backup state along with other information.

", "CreateDataRepositoryAssociation": "

Creates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported only for file systems with the Persistent_2 deployment type.

Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

", "CreateDataRepositoryTask": "

Creates an Amazon FSx for Lustre data repository task. You use data repository tasks to perform bulk operations between your Amazon FSx file system and its linked data repositories. An example of a data repository task is exporting any data and metadata changes, including POSIX metadata, to files, directories, and symbolic links (symlinks) from your FSx file system to a linked data repository. A CreateDataRepositoryTask operation will fail if a data repository is not linked to the FSx file system. To learn more about data repository tasks, see Data Repository Tasks. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

", - "CreateFileSystem": "

Creates a new, empty Amazon FSx file system. You can create the following supported Amazon FSx file systems using the CreateFileSystem API operation:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.

If a file system with the specified client request token exists and the parameters match, CreateFileSystem returns the description of the existing file system. If a file system with the specified client request token exists and the parameters don't match, this call returns IncompatibleParameterError. If a file system with the specified client request token doesn't exist, CreateFileSystem does the following:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport-level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.

The CreateFileSystem call returns while the file system's lifecycle state is still CREATING. You can check the file-system creation status by calling the DescribeFileSystems operation, which returns the file system state along with other information.

", + "CreateFileSystem": "

Creates a new, empty Amazon FSx file system. You can create the following supported Amazon FSx file systems using the CreateFileSystem API operation:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives success as long as the parameters are the same.

If a file system with the specified client request token exists and the parameters match, CreateFileSystem returns the description of the existing file system. If a file system with the specified client request token exists and the parameters don't match, this call returns IncompatibleParameterError. If a file system with the specified client request token doesn't exist, CreateFileSystem does the following:

This operation requires a client request token in the request that Amazon FSx uses to ensure idempotent creation. This means that calling the operation multiple times with the same client request token has no effect. By using the idempotent operation, you can retry a CreateFileSystem operation without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport-level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.

The CreateFileSystem call returns while the file system's lifecycle state is still CREATING. You can check the file-system creation status by calling the DescribeFileSystems operation, which returns the file system state along with other information.

", "CreateFileSystemFromBackup": "

Creates a new Amazon FSx for Lustre, Amazon FSx for Windows File Server, or Amazon FSx for OpenZFS file system from an existing Amazon FSx backup.

If a file system with the specified client request token exists and the parameters match, this operation returns the description of the file system. If a file system with the specified client request token exists but the parameters don't match, this call returns IncompatibleParameterError. If a file system with the specified client request token doesn't exist, this operation does the following:

Parameters like the Active Directory, default share name, automatic backup, and backup settings default to the parameters of the file system that was backed up, unless overridden. You can explicitly supply other settings.

By using the idempotent operation, you can retry a CreateFileSystemFromBackup call without the risk of creating an extra file system. This approach can be useful when an initial call fails in a way that makes it unclear whether a file system was created. Examples are if a transport level timeout occurred, or your connection was reset. If you use the same client request token and the initial call created a file system, the client receives a success message as long as the parameters are the same.

The CreateFileSystemFromBackup call returns while the file system's lifecycle state is still CREATING. You can check the file-system creation status by calling the DescribeFileSystems operation, which returns the file system state along with other information.

", "CreateSnapshot": "

Creates a snapshot of an existing Amazon FSx for OpenZFS volume. With snapshots, you can easily undo file changes and compare file versions by restoring the volume to a previous version.

If a snapshot with the specified client request token exists, and the parameters match, this operation returns the description of the existing snapshot. If a snapshot with the specified client request token exists, and the parameters don't match, this operation returns IncompatibleParameterError. If a snapshot with the specified client request token doesn't exist, CreateSnapshot does the following:

By using the idempotent operation, you can retry a CreateSnapshot operation without the risk of creating an extra snapshot. This approach can be useful when an initial call fails in a way that makes it unclear whether a snapshot was created. If you use the same client request token and the initial call created a snapshot, the operation returns a successful result because all the parameters are the same.

The CreateSnapshot operation returns while the snapshot's lifecycle state is still CREATING. You can check the snapshot creation status by calling the DescribeSnapshots operation, which returns the snapshot state along with other information.

", "CreateStorageVirtualMachine": "

Creates a storage virtual machine (SVM) for an Amazon FSx for ONTAP file system.

", @@ -35,7 +35,7 @@ "TagResource": "

Tags an Amazon FSx resource.

", "UntagResource": "

This action removes a tag from an Amazon FSx resource.

", "UpdateDataRepositoryAssociation": "

Updates the configuration of an existing data repository association on an Amazon FSx for Lustre file system. Data repository associations are supported only for file systems with the Persistent_2 deployment type.

", - "UpdateFileSystem": "

Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

For Amazon FSx for Windows File Server file systems, you can update the following properties:

For Amazon FSx for Lustre file systems, you can update the following properties:

For Amazon FSx for NetApp ONTAP file systems, you can update the following properties:

For the Amazon FSx for OpenZFS file systems, you can update the following properties:

", + "UpdateFileSystem": "

Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

For Amazon FSx for Windows File Server file systems, you can update the following properties:

For Amazon FSx for Lustre file systems, you can update the following properties:

For Amazon FSx for NetApp ONTAP file systems, you can update the following properties:

For the Amazon FSx for OpenZFS file systems, you can update the following properties:

", "UpdateSnapshot": "

Updates the name of an Amazon FSx for OpenZFS snapshot.

", "UpdateStorageVirtualMachine": "

Updates an Amazon FSx for ONTAP storage virtual machine (SVM).

", "UpdateVolume": "

Updates the configuration of an Amazon FSx for NetApp ONTAP or Amazon FSx for OpenZFS volume.

" @@ -1164,7 +1164,7 @@ } }, "FileSystems": { - "base": "

A list of file systems.

", + "base": "

A list of file system resource descriptions.

", "refs": { "DescribeFileSystemsResponse$FileSystems": "

An array of file system descriptions.

" } @@ -1355,13 +1355,13 @@ } }, "KmsKeyId": { - "base": "

The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 file systems at rest. If this ID isn't specified, the key managed by Amazon FSx is used. The Amazon FSx for Lustre SCRATCH_1 and SCRATCH_2 file systems are always encrypted at rest using Amazon FSx-managed keys. For more information, see Encrypt in the Key Management Service API Reference.

", + "base": "

Specifies the ID of the Key Management Service (KMS) key to use for encrypting data on Amazon FSx file systems, as follows:

If a KmsKeyId isn't specified, the Amazon FSx-managed KMS key for your account is used. For more information, see Encrypt in the Key Management Service API Reference.

", "refs": { "Backup$KmsKeyId": "

The ID of the Key Management Service (KMS) key used to encrypt the backup of the Amazon FSx file system's data at rest.

", "CopyBackupRequest$KmsKeyId": null, "CreateFileSystemFromBackupRequest$KmsKeyId": null, "CreateFileSystemRequest$KmsKeyId": null, - "FileSystem$KmsKeyId": "

The ID of the Key Management Service (KMS) key used to encrypt the file system's data for Amazon FSx for Windows File Server file systems, Amazon FSx for NetApp ONTAP file systems, and PERSISTENT Amazon FSx for Lustre file systems at rest. If this ID isn't specified, the Amazon FSx-managed key for your account is used. The scratch Amazon FSx for Lustre file systems are always encrypted at rest using the Amazon FSx-managed key for your account. For more information, see Encrypt in the Key Management Service API Reference.

" + "FileSystem$KmsKeyId": "

The ID of the Key Management Service (KMS) key used to encrypt Amazon FSx file system data. Used as follows with Amazon FSx file system types:

" } }, "LastUpdatedTime": { @@ -1457,13 +1457,14 @@ } }, "MegabytesPerSecond": { - "base": "

The sustained throughput of an Amazon FSx file system in MBps.

", + "base": "

The sustained throughput of an Amazon FSx file system in Megabytes per second (MBps).

", "refs": { "CreateFileSystemOntapConfiguration$ThroughputCapacity": "

Sets the throughput capacity for the file system that you're creating. Valid values are 128, 256, 512, 1024, and 2048 MBps.

", "CreateFileSystemOpenZFSConfiguration$ThroughputCapacity": "

Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MB/s). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s. You pay for additional throughput capacity that you provision.

", "CreateFileSystemWindowsConfiguration$ThroughputCapacity": "

Sets the throughput capacity of an Amazon FSx file system, measured in megabytes per second (MB/s), in 2 to the nth increments, between 2^3 (8) and 2^11 (2048).

", "OntapFileSystemConfiguration$ThroughputCapacity": null, "OpenZFSFileSystemConfiguration$ThroughputCapacity": "

The throughput of an Amazon FSx file system, measured in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

", + "UpdateFileSystemOntapConfiguration$ThroughputCapacity": "

Specifies the throughput of an FSx for NetApp ONTAP file system, measured in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

", "UpdateFileSystemOpenZFSConfiguration$ThroughputCapacity": "

The throughput of an Amazon FSx file system, measured in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

", "UpdateFileSystemWindowsConfiguration$ThroughputCapacity": "

Sets the target value for a file system's throughput capacity, in MB/s, that you are updating the file system to. Valid values are 8, 16, 32, 64, 128, 256, 512, 1024, 2048. You cannot make a throughput capacity update request if there is an existing throughput capacity update request in progress. For more information, see Managing Throughput Capacity.

", "WindowsFileSystemConfiguration$ThroughputCapacity": "

The throughput of the Amazon FSx file system, measured in megabytes per second.

" @@ -1550,7 +1551,7 @@ "OntapFileSystemConfiguration": { "base": "

Configuration for the FSx for NetApp ONTAP file system.

", "refs": { - "FileSystem$OntapConfiguration": "

The configuration for this FSx for ONTAP file system.

" + "FileSystem$OntapConfiguration": "

The configuration for this Amazon FSx for NetApp ONTAP file system.

" } }, "OntapVolumeConfiguration": { @@ -1566,7 +1567,7 @@ } }, "OpenZFSClientConfiguration": { - "base": "

Specifies who can mount the file system and the options that can be used while mounting the file system.

", + "base": "

Specifies who can mount an OpenZFS file system and the options available while mounting the file system.

", "refs": { "OpenZFSClientConfigurations$member": null } @@ -1757,7 +1758,7 @@ "CreateOpenZFSOriginSnapshotConfiguration$SnapshotARN": null, "DataRepositoryAssociation$ResourceARN": null, "DataRepositoryTask$ResourceARN": null, - "FileSystem$ResourceARN": "

The Amazon Resource Name (ARN) for the file system resource.

", + "FileSystem$ResourceARN": "

The Amazon Resource Name (ARN) of the file system resource.

", "ListTagsForResourceRequest$ResourceARN": "

The ARN of the Amazon FSx resource that will have its tags listed.

", "NotServiceResourceError$ResourceARN": "

The Amazon Resource Name (ARN) of the non-Amazon FSx resource.

", "OpenZFSOriginSnapshotConfiguration$SnapshotARN": null, @@ -2006,7 +2007,7 @@ } }, "StorageVirtualMachine": { - "base": "

Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuraton.

", + "base": "

Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuration.

", "refs": { "CreateStorageVirtualMachineResponse$StorageVirtualMachine": "

Returned after a successful CreateStorageVirtualMachine operation; describes the SVM just created.

", "StorageVirtualMachines$member": null, @@ -2530,7 +2531,7 @@ "WindowsFileSystemConfiguration": { "base": "

The configuration for this Microsoft Windows file system.

", "refs": { - "FileSystem$WindowsConfiguration": "

The configuration for this FSx for Windows File Server file system.

" + "FileSystem$WindowsConfiguration": "

The configuration for this Amazon FSx for Windows File Server file system.

" } } } diff --git a/models/apis/iot-data/2015-05-28/api-2.json b/models/apis/iot-data/2015-05-28/api-2.json index ea2dc17e199..4015290bd93 100644 --- a/models/apis/iot-data/2015-05-28/api-2.json +++ b/models/apis/iot-data/2015-05-28/api-2.json @@ -2,7 +2,7 @@ "version":"2.0", "metadata":{ "apiVersion":"2015-05-28", - "endpointPrefix":"data.iot", + "endpointPrefix":"data-ats.iot", "protocol":"rest-json", "serviceFullName":"AWS IoT Data Plane", "serviceId":"IoT Data Plane", diff --git a/models/apis/iot-data/2015-05-28/docs-2.json b/models/apis/iot-data/2015-05-28/docs-2.json index f9777d819d7..d1e16ddeb92 100644 --- a/models/apis/iot-data/2015-05-28/docs-2.json +++ b/models/apis/iot-data/2015-05-28/docs-2.json @@ -3,11 +3,11 @@ "service": "IoT data

IoT data enables secure, bi-directional communication between Internet-connected things (such as sensors, actuators, embedded devices, or smart appliances) and the Amazon Web Services cloud. It implements a broker for applications and things to publish messages over HTTP (Publish) and retrieve, update, and delete shadows. A shadow is a persistent representation of your things and their state in the Amazon Web Services cloud.

Find the endpoint address for actions in IoT data by running this CLI command:

aws iot describe-endpoint --endpoint-type iot:Data-ATS

The service name used by Amazon Web ServicesSignature Version 4 to sign requests is: iotdevicegateway.

", "operations": { "DeleteThingShadow": "

Deletes the shadow for the specified thing.

Requires permission to access the DeleteThingShadow action.

For more information, see DeleteThingShadow in the IoT Developer Guide.

", - "GetRetainedMessage": "

Gets the details of a single retained message for the specified topic.

This action returns the message payload of the retained message, which can incur messaging costs. To list only the topic names of the retained messages, call ListRetainedMessages.

Requires permission to access the GetRetainedMessage action.

For more information about messaging costs, see IoT Core pricing - Messaging.

", + "GetRetainedMessage": "

Gets the details of a single retained message for the specified topic.

This action returns the message payload of the retained message, which can incur messaging costs. To list only the topic names of the retained messages, call ListRetainedMessages.

Requires permission to access the GetRetainedMessage action.

For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

", "GetThingShadow": "

Gets the shadow for the specified thing.

Requires permission to access the GetThingShadow action.

For more information, see GetThingShadow in the IoT Developer Guide.

", "ListNamedShadowsForThing": "

Lists the shadows for the specified thing.

Requires permission to access the ListNamedShadowsForThing action.

", - "ListRetainedMessages": "

Lists summary information about the retained messages stored for the account.

This action returns only the topic names of the retained messages. It doesn't return any message payloads. Although this action doesn't return a message payload, it can still incur messaging costs.

To get the message payload of a retained message, call GetRetainedMessage with the topic name of the retained message.

Requires permission to access the ListRetainedMessages action.

For more information about messaging costs, see IoT Core pricing - Messaging.

", - "Publish": "

Publishes an MQTT message.

Requires permission to access the Publish action.

For more information about MQTT messages, see MQTT Protocol in the IoT Developer Guide.

For more information about messaging costs, see IoT Core pricing - Messaging.

", + "ListRetainedMessages": "

Lists summary information about the retained messages stored for the account.

This action returns only the topic names of the retained messages. It doesn't return any message payloads. Although this action doesn't return a message payload, it can still incur messaging costs.

To get the message payload of a retained message, call GetRetainedMessage with the topic name of the retained message.

Requires permission to access the ListRetainedMessages action.

For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

", + "Publish": "

Publishes an MQTT message.

Requires permission to access the Publish action.

For more information about MQTT messages, see MQTT Protocol in the IoT Developer Guide.

For more information about messaging costs, see Amazon Web Services IoT Core pricing - Messaging.

", "UpdateThingShadow": "

Updates the shadow for the specified thing.

Requires permission to access the UpdateThingShadow action.

For more information, see UpdateThingShadow in the IoT Developer Guide.

" }, "shapes": { @@ -121,7 +121,7 @@ "base": null, "refs": { "GetRetainedMessageResponse$payload": "

The Base64-encoded message payload of the retained message body.

", - "PublishRequest$payload": "

The message body. MQTT accepts text, binary, and empty (null) message payloads.

Publishing an empty (null) payload with retain = true deletes the retained message identified by topic from IoT Core.

" + "PublishRequest$payload": "

The message body. MQTT accepts text, binary, and empty (null) message payloads.

Publishing an empty (null) payload with retain = true deletes the retained message identified by topic from Amazon Web Services IoT Core.

" } }, "PayloadSize": { diff --git a/models/apis/iot-data/2015-05-28/smoke.json b/models/apis/iot-data/2015-05-28/smoke.json new file mode 100644 index 00000000000..c65a70fb75b --- /dev/null +++ b/models/apis/iot-data/2015-05-28/smoke.json @@ -0,0 +1,14 @@ +{ + "version": 1, + "defaultRegion": "us-west-2", + "defaultEndpoint": "https://data.iot.us-west-2.amazonaws.com", + "testCases": [ + { + "operationName": "GetThingShadow", + "input": { + "thingName": "fake-thing" + }, + "errorExpectedFromService": true + } + ] +} diff --git a/models/apis/iot/2015-05-28/docs-2.json b/models/apis/iot/2015-05-28/docs-2.json index 34bd962f5b4..71937210fac 100644 --- a/models/apis/iot/2015-05-28/docs-2.json +++ b/models/apis/iot/2015-05-28/docs-2.json @@ -1560,7 +1560,7 @@ "refs": { "Certificate$status": "

The status of the certificate.

The status value REGISTER_INACTIVE is deprecated and should not be used.

", "CertificateDescription$status": "

The status of the certificate.

", - "RegisterCertificateRequest$status": "

The status of the register certificate request.

", + "RegisterCertificateRequest$status": "

The status of the register certificate request. Valid values that you can use include ACTIVE, INACTIVE, and REVOKED.

", "RegisterCertificateWithoutCARequest$status": "

The status of the register certificate request.

", "UpdateCertificateRequest$newStatus": "

The new status.

Note: Setting the status to PENDING_TRANSFER or PENDING_ACTIVATION will result in an exception being thrown. PENDING_TRANSFER and PENDING_ACTIVATION are statuses used internally by IoT. They are not intended for developer use.

Note: The status value REGISTER_INACTIVE is deprecated and should not be used.

" } @@ -2078,9 +2078,9 @@ "CredentialDurationSeconds": { "base": null, "refs": { - "CreateRoleAliasRequest$credentialDurationSeconds": "

How long (in seconds) the credentials will be valid. The default value is 3,600 seconds.

", + "CreateRoleAliasRequest$credentialDurationSeconds": "

How long (in seconds) the credentials will be valid. The default value is 3,600 seconds.

This value must be less than or equal to the maximum session duration of the IAM role that the role alias references.

", "RoleAliasDescription$credentialDurationSeconds": "

The number of seconds for which the credential is valid.

", - "UpdateRoleAliasRequest$credentialDurationSeconds": "

The number of seconds the credential will be valid.

" + "UpdateRoleAliasRequest$credentialDurationSeconds": "

The number of seconds the credential will be valid.

This value must be less than or equal to the maximum session duration of the IAM role that the role alias references.

" } }, "CustomCodeSigning": { @@ -2092,7 +2092,7 @@ "CustomMetricArn": { "base": null, "refs": { - "CreateCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric, e.g. arn:aws-partition:iot:region:accountId:custommetric/metricName

", + "CreateCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric. For example, arn:aws-partition:iot:region:accountId:custommetric/metricName

", "DescribeCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric.

", "UpdateCustomMetricResponse$metricArn": "

The Amazon Resource Number (ARN) of the custom metric.

" } @@ -2100,7 +2100,7 @@ "CustomMetricDisplayName": { "base": null, "refs": { - "CreateCustomMetricRequest$displayName": "

Field represents a friendly name in the console for the custom metric; it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated once defined.

", + "CreateCustomMetricRequest$displayName": "

The friendly name in the console for the custom metric. This name doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. You can update the friendly name after you define it.

", "DescribeCustomMetricResponse$displayName": "

Field represents a friendly name in the console for the custom metric; doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.

", "UpdateCustomMetricRequest$displayName": "

Field represents a friendly name in the console for the custom metric, it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.

", "UpdateCustomMetricResponse$displayName": "

A friendly name in the console for the custom metric

" @@ -2109,9 +2109,9 @@ "CustomMetricType": { "base": null, "refs": { - "CreateCustomMetricRequest$metricType": "

The type of the custom metric. Types include string-list, ip-address-list, number-list, and number.

", - "DescribeCustomMetricResponse$metricType": "

The type of the custom metric. Types include string-list, ip-address-list, number-list, and number.

", - "UpdateCustomMetricResponse$metricType": "

The type of the custom metric. Types include string-list, ip-address-list, number-list, and number.

" + "CreateCustomMetricRequest$metricType": "

The type of the custom metric.

The type number only takes a single metric value as an input, but when you submit the metrics value in the DeviceMetrics report, you must pass it as an array with a single value.

", + "DescribeCustomMetricResponse$metricType": "

The type of the custom metric.

The type number only takes a single metric value as an input, but while submitting the metrics value in the DeviceMetrics report, it must be passed as an array with a single value.

", + "UpdateCustomMetricResponse$metricType": "

The type of the custom metric.

The type number only takes a single metric value as an input, but while submitting the metrics value in the DeviceMetrics report, it must be passed as an array with a single value.

" } }, "CustomerVersion": { @@ -3755,7 +3755,7 @@ "HashAlgorithm": { "base": null, "refs": { - "CustomCodeSigning$hashAlgorithm": "

The hash algorithm used to code sign the file.

" + "CustomCodeSigning$hashAlgorithm": "

The hash algorithm used to code sign the file. You can use a string as the algorithm name if the target over-the-air (OTA) update devices are able to verify the signature that was generated using the same signature algorithm. For example, FreeRTOS uses SHA256 or SHA1, so you can pass either of them based on which was used for generating the signature.

" } }, "HashKeyField": { @@ -5105,7 +5105,7 @@ "MetricName": { "base": null, "refs": { - "CreateCustomMetricRequest$metricName": "

The name of the custom metric. This will be used in the metric report submitted from the device/thing. Shouldn't begin with aws:. Cannot be updated once defined.

", + "CreateCustomMetricRequest$metricName": "

The name of the custom metric. This will be used in the metric report submitted from the device/thing. The name can't begin with aws:. You can't change the name after you define it.

", "CreateCustomMetricResponse$metricName": "

The name of the custom metric to be used in the metric report.

", "DeleteCustomMetricRequest$metricName": "

The name of the custom metric.

", "DescribeCustomMetricRequest$metricName": "

The name of the custom metric.

", @@ -6803,13 +6803,13 @@ "AcceptCertificateTransferRequest$setAsActive": "

Specifies whether the certificate is active.

", "CreateCertificateFromCsrRequest$setAsActive": "

Specifies whether the certificate is active.

", "CreateKeysAndCertificateRequest$setAsActive": "

Specifies whether the certificate is active.

", - "RegisterCACertificateRequest$setAsActive": "

A boolean value that specifies if the CA certificate is set to active.

" + "RegisterCACertificateRequest$setAsActive": "

A boolean value that specifies if the CA certificate is set to active.

Valid values: ACTIVE | INACTIVE

" } }, "SetAsActiveFlag": { "base": null, "refs": { - "RegisterCertificateRequest$setAsActive": "

A boolean value that specifies if the certificate is set to active.

" + "RegisterCertificateRequest$setAsActive": "

A boolean value that specifies if the certificate is set to active.

Valid values: ACTIVE | INACTIVE

" } }, "SetAsDefault": { @@ -6864,7 +6864,7 @@ "SignatureAlgorithm": { "base": null, "refs": { - "CustomCodeSigning$signatureAlgorithm": "

The signature algorithm used to code sign the file.

" + "CustomCodeSigning$signatureAlgorithm": "

The signature algorithm used to code sign the file. You can use a string as the algorithm name if the target over-the-air (OTA) update devices are able to verify the signature that was generated using the same signature algorithm. For example, FreeRTOS uses ECDSA or RSA, so you can pass either of them based on which was used for generating the signature.

" } }, "SigningJobId": { diff --git a/service/ec2/api.go b/service/ec2/api.go index f458cb39ab7..e2df8586434 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -40205,6 +40205,83 @@ func (c *EC2) ModifyInstanceEventWindowWithContext(ctx aws.Context, input *Modif return out, req.Send() } +const opModifyInstanceMaintenanceOptions = "ModifyInstanceMaintenanceOptions" + +// ModifyInstanceMaintenanceOptionsRequest generates a "aws/request.Request" representing the +// client's request for the ModifyInstanceMaintenanceOptions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifyInstanceMaintenanceOptions for more information on using the ModifyInstanceMaintenanceOptions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifyInstanceMaintenanceOptionsRequest method. +// req, resp := client.ModifyInstanceMaintenanceOptionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceMaintenanceOptions +func (c *EC2) ModifyInstanceMaintenanceOptionsRequest(input *ModifyInstanceMaintenanceOptionsInput) (req *request.Request, output *ModifyInstanceMaintenanceOptionsOutput) { + op := &request.Operation{ + Name: opModifyInstanceMaintenanceOptions, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifyInstanceMaintenanceOptionsInput{} + } + + output = &ModifyInstanceMaintenanceOptionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifyInstanceMaintenanceOptions API operation for Amazon Elastic Compute Cloud. +// +// Modifies the recovery behavior of your instance to disable simplified automatic +// recovery or set the recovery behavior to default. The default configuration +// will not enable simplified automatic recovery for an unsupported instance +// type. For more information, see Simplified automatic recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifyInstanceMaintenanceOptions for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyInstanceMaintenanceOptions +func (c *EC2) ModifyInstanceMaintenanceOptions(input *ModifyInstanceMaintenanceOptionsInput) (*ModifyInstanceMaintenanceOptionsOutput, error) { + req, out := c.ModifyInstanceMaintenanceOptionsRequest(input) + return out, req.Send() +} + +// ModifyInstanceMaintenanceOptionsWithContext is the same as ModifyInstanceMaintenanceOptions with the addition of +// the ability to pass a context and additional request options. +// +// See ModifyInstanceMaintenanceOptions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifyInstanceMaintenanceOptionsWithContext(ctx aws.Context, input *ModifyInstanceMaintenanceOptionsInput, opts ...request.Option) (*ModifyInstanceMaintenanceOptionsOutput, error) { + req, out := c.ModifyInstanceMaintenanceOptionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifyInstanceMetadataOptions = "ModifyInstanceMetadataOptions" // ModifyInstanceMetadataOptionsRequest generates a "aws/request.Request" representing the @@ -113375,6 +113452,9 @@ type Instance struct { // The license configurations for the instance. Licenses []*LicenseConfiguration `locationName:"licenseSet" locationNameList:"item" type:"list"` + // Provides information on the recovery and maintenance options of your instance. + MaintenanceOptions *InstanceMaintenanceOptions `locationName:"maintenanceOptions" type:"structure"` + // The metadata options for the instance. MetadataOptions *InstanceMetadataOptionsResponse `locationName:"metadataOptions" type:"structure"` @@ -113650,6 +113730,12 @@ func (s *Instance) SetLicenses(v []*LicenseConfiguration) *Instance { return s } +// SetMaintenanceOptions sets the MaintenanceOptions field's value. +func (s *Instance) SetMaintenanceOptions(v *InstanceMaintenanceOptions) *Instance { + s.MaintenanceOptions = v + return s +} + // SetMetadataOptions sets the MetadataOptions field's value. func (s *Instance) SetMetadataOptions(v *InstanceMetadataOptionsResponse) *Instance { s.MetadataOptions = v @@ -114720,6 +114806,71 @@ func (s *InstanceIpv6Prefix) SetIpv6Prefix(v string) *InstanceIpv6Prefix { return s } +// The maintenance options for the instance. +type InstanceMaintenanceOptions struct { + _ struct{} `type:"structure"` + + // Provides information on the current automatic recovery behavior of your instance. + AutoRecovery *string `locationName:"autoRecovery" type:"string" enum:"InstanceAutoRecoveryState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceMaintenanceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceMaintenanceOptions) GoString() string { + return s.String() +} + +// SetAutoRecovery sets the AutoRecovery field's value. +func (s *InstanceMaintenanceOptions) SetAutoRecovery(v string) *InstanceMaintenanceOptions { + s.AutoRecovery = &v + return s +} + +// The maintenance options for the instance. +type InstanceMaintenanceOptionsRequest struct { + _ struct{} `type:"structure"` + + // Disables the automatic recovery behavior of your instance or sets it to default. + // For more information, see Simplified automatic recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery). + AutoRecovery *string `type:"string" enum:"InstanceAutoRecoveryState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceMaintenanceOptionsRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceMaintenanceOptionsRequest) GoString() string { + return s.String() +} + +// SetAutoRecovery sets the AutoRecovery field's value. +func (s *InstanceMaintenanceOptionsRequest) SetAutoRecovery(v string) *InstanceMaintenanceOptionsRequest { + s.AutoRecovery = &v + return s +} + // Describes the market (purchasing) option for the instances. type InstanceMarketOptionsRequest struct { _ struct{} `type:"structure"` @@ -120656,6 +120807,71 @@ func (s *LaunchTemplateIamInstanceProfileSpecificationRequest) SetName(v string) return s } +// The maintenance options of your instance. +type LaunchTemplateInstanceMaintenanceOptions struct { + _ struct{} `type:"structure"` + + // Disables the automatic recovery behavior of your instance or sets it to default. + AutoRecovery *string `locationName:"autoRecovery" type:"string" enum:"LaunchTemplateAutoRecoveryState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateInstanceMaintenanceOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateInstanceMaintenanceOptions) GoString() string { + return s.String() +} + +// SetAutoRecovery sets the AutoRecovery field's value. +func (s *LaunchTemplateInstanceMaintenanceOptions) SetAutoRecovery(v string) *LaunchTemplateInstanceMaintenanceOptions { + s.AutoRecovery = &v + return s +} + +// The maintenance options of your instance. +type LaunchTemplateInstanceMaintenanceOptionsRequest struct { + _ struct{} `type:"structure"` + + // Disables the automatic recovery behavior of your instance or sets it to default. + // For more information, see Simplified automatic recovery (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery). + AutoRecovery *string `type:"string" enum:"LaunchTemplateAutoRecoveryState"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateInstanceMaintenanceOptionsRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LaunchTemplateInstanceMaintenanceOptionsRequest) GoString() string { + return s.String() +} + +// SetAutoRecovery sets the AutoRecovery field's value. +func (s *LaunchTemplateInstanceMaintenanceOptionsRequest) SetAutoRecovery(v string) *LaunchTemplateInstanceMaintenanceOptionsRequest { + s.AutoRecovery = &v + return s +} + // The market (purchasing) option for the instances. type LaunchTemplateInstanceMarketOptions struct { _ struct{} `type:"structure"` @@ -124752,7 +124968,8 @@ func (s *ModifyFleetInput) SetTargetCapacitySpecification(v *TargetCapacitySpeci type ModifyFleetOutput struct { _ struct{} `type:"structure"` - // Is true if the request succeeds, and an error otherwise. + // If the request succeeds, the response returns true. If the request fails, + // no response is returned, and instead an error message is returned. Return *bool `locationName:"return" type:"boolean"` } @@ -126175,6 +126392,113 @@ func (s *ModifyInstanceEventWindowOutput) SetInstanceEventWindow(v *InstanceEven return s } +type ModifyInstanceMaintenanceOptionsInput struct { + _ struct{} `type:"structure"` + + // Disables the automatic recovery behavior of your instance or sets it to default. + AutoRecovery *string `type:"string" enum:"InstanceAutoRecoveryState"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the instance. + // + // InstanceId is a required field + InstanceId *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyInstanceMaintenanceOptionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyInstanceMaintenanceOptionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifyInstanceMaintenanceOptionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifyInstanceMaintenanceOptionsInput"} + if s.InstanceId == nil { + invalidParams.Add(request.NewErrParamRequired("InstanceId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAutoRecovery sets the AutoRecovery field's value. +func (s *ModifyInstanceMaintenanceOptionsInput) SetAutoRecovery(v string) *ModifyInstanceMaintenanceOptionsInput { + s.AutoRecovery = &v + return s +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifyInstanceMaintenanceOptionsInput) SetDryRun(v bool) *ModifyInstanceMaintenanceOptionsInput { + s.DryRun = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *ModifyInstanceMaintenanceOptionsInput) SetInstanceId(v string) *ModifyInstanceMaintenanceOptionsInput { + s.InstanceId = &v + return s +} + +type ModifyInstanceMaintenanceOptionsOutput struct { + _ struct{} `type:"structure"` + + // Provides information on the current automatic recovery behavior of your instance. + AutoRecovery *string `locationName:"autoRecovery" type:"string" enum:"InstanceAutoRecoveryState"` + + // The ID of the instance. + InstanceId *string `locationName:"instanceId" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyInstanceMaintenanceOptionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ModifyInstanceMaintenanceOptionsOutput) GoString() string { + return s.String() +} + +// SetAutoRecovery sets the AutoRecovery field's value. +func (s *ModifyInstanceMaintenanceOptionsOutput) SetAutoRecovery(v string) *ModifyInstanceMaintenanceOptionsOutput { + s.AutoRecovery = &v + return s +} + +// SetInstanceId sets the InstanceId field's value. +func (s *ModifyInstanceMaintenanceOptionsOutput) SetInstanceId(v string) *ModifyInstanceMaintenanceOptionsOutput { + s.InstanceId = &v + return s +} + type ModifyInstanceMetadataOptionsInput struct { _ struct{} `type:"structure"` @@ -128103,7 +128427,8 @@ func (s *ModifySpotFleetRequestInput) SetTargetCapacity(v int64) *ModifySpotFlee type ModifySpotFleetRequestOutput struct { _ struct{} `type:"structure"` - // Is true if the request succeeds, and an error otherwise. + // If the request succeeds, the response returns true. If the request fails, + // no response is returned, and instead an error message is returned. Return *bool `locationName:"return" type:"boolean"` } @@ -140095,6 +140420,9 @@ type RequestLaunchTemplateData struct { // The license configurations. LicenseSpecifications []*LaunchTemplateLicenseConfigurationRequest `locationName:"LicenseSpecification" locationNameList:"item" type:"list"` + // The maintenance options for the instance. + MaintenanceOptions *LaunchTemplateInstanceMaintenanceOptionsRequest `type:"structure"` + // The metadata options for the instance. For more information, see Instance // metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -140323,6 +140651,12 @@ func (s *RequestLaunchTemplateData) SetLicenseSpecifications(v []*LaunchTemplate return s } +// SetMaintenanceOptions sets the MaintenanceOptions field's value. +func (s *RequestLaunchTemplateData) SetMaintenanceOptions(v *LaunchTemplateInstanceMaintenanceOptionsRequest) *RequestLaunchTemplateData { + s.MaintenanceOptions = v + return s +} + // SetMetadataOptions sets the MetadataOptions field's value. func (s *RequestLaunchTemplateData) SetMetadataOptions(v *LaunchTemplateInstanceMetadataOptionsRequest) *RequestLaunchTemplateData { s.MetadataOptions = v @@ -142328,7 +142662,6 @@ type ResetInstanceAttributeInput struct { // The attribute to reset. // // You can only reset the following attributes: kernel | ramdisk | sourceDestCheck. - // To change an instance attribute, use ModifyInstanceAttribute. // // Attribute is a required field Attribute *string `locationName:"attribute" type:"string" required:"true" enum:"InstanceAttributeName"` @@ -142798,6 +143131,9 @@ type ResponseLaunchTemplateData struct { // The license configurations. LicenseSpecifications []*LaunchTemplateLicenseConfiguration `locationName:"licenseSet" locationNameList:"item" type:"list"` + // The maintenance options for your instance. + MaintenanceOptions *LaunchTemplateInstanceMaintenanceOptions `locationName:"maintenanceOptions" type:"structure"` + // The metadata options for the instance. For more information, see Instance // metadata and user data (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -142963,6 +143299,12 @@ func (s *ResponseLaunchTemplateData) SetLicenseSpecifications(v []*LaunchTemplat return s } +// SetMaintenanceOptions sets the MaintenanceOptions field's value. +func (s *ResponseLaunchTemplateData) SetMaintenanceOptions(v *LaunchTemplateInstanceMaintenanceOptions) *ResponseLaunchTemplateData { + s.MaintenanceOptions = v + return s +} + // SetMetadataOptions sets the MetadataOptions field's value. func (s *ResponseLaunchTemplateData) SetMetadataOptions(v *LaunchTemplateInstanceMetadataOptions) *ResponseLaunchTemplateData { s.MetadataOptions = v @@ -144665,6 +145007,9 @@ type RunInstancesInput struct { // The license configurations. LicenseSpecifications []*LicenseConfigurationRequest `locationName:"LicenseSpecification" locationNameList:"item" type:"list"` + // The maintenance and recovery options for the instance. + MaintenanceOptions *InstanceMaintenanceOptionsRequest `type:"structure"` + // The maximum number of instances to launch. If you specify more instances // than Amazon EC2 can launch in the target Availability Zone, Amazon EC2 launches // the largest possible number of instances above MinCount. @@ -144975,6 +145320,12 @@ func (s *RunInstancesInput) SetLicenseSpecifications(v []*LicenseConfigurationRe return s } +// SetMaintenanceOptions sets the MaintenanceOptions field's value. +func (s *RunInstancesInput) SetMaintenanceOptions(v *InstanceMaintenanceOptionsRequest) *RunInstancesInput { + s.MaintenanceOptions = v + return s +} + // SetMaxCount sets the MaxCount field's value. func (s *RunInstancesInput) SetMaxCount(v int64) *RunInstancesInput { s.MaxCount = &v @@ -162472,6 +162823,22 @@ func InstanceAttributeName_Values() []string { } } +const ( + // InstanceAutoRecoveryStateDisabled is a InstanceAutoRecoveryState enum value + InstanceAutoRecoveryStateDisabled = "disabled" + + // InstanceAutoRecoveryStateDefault is a InstanceAutoRecoveryState enum value + InstanceAutoRecoveryStateDefault = "default" +) + +// InstanceAutoRecoveryState_Values returns all elements of the InstanceAutoRecoveryState enum +func InstanceAutoRecoveryState_Values() []string { + return []string{ + InstanceAutoRecoveryStateDisabled, + InstanceAutoRecoveryStateDefault, + } +} + const ( // InstanceEventWindowStateCreating is a InstanceEventWindowState enum value InstanceEventWindowStateCreating = "creating" @@ -165092,6 +165459,22 @@ func KeyType_Values() []string { } } +const ( + // LaunchTemplateAutoRecoveryStateDefault is a LaunchTemplateAutoRecoveryState enum value + LaunchTemplateAutoRecoveryStateDefault = "default" + + // LaunchTemplateAutoRecoveryStateDisabled is a LaunchTemplateAutoRecoveryState enum value + LaunchTemplateAutoRecoveryStateDisabled = "disabled" +) + +// LaunchTemplateAutoRecoveryState_Values returns all elements of the LaunchTemplateAutoRecoveryState enum +func LaunchTemplateAutoRecoveryState_Values() []string { + return []string{ + LaunchTemplateAutoRecoveryStateDefault, + LaunchTemplateAutoRecoveryStateDisabled, + } +} + const ( // LaunchTemplateErrorCodeLaunchTemplateIdDoesNotExist is a LaunchTemplateErrorCode enum value LaunchTemplateErrorCodeLaunchTemplateIdDoesNotExist = "launchTemplateIdDoesNotExist" diff --git a/service/ec2/ec2iface/interface.go b/service/ec2/ec2iface/interface.go index b877972ce20..b82ce5c0463 100644 --- a/service/ec2/ec2iface/interface.go +++ b/service/ec2/ec2iface/interface.go @@ -2088,6 +2088,10 @@ type EC2API interface { ModifyInstanceEventWindowWithContext(aws.Context, *ec2.ModifyInstanceEventWindowInput, ...request.Option) (*ec2.ModifyInstanceEventWindowOutput, error) ModifyInstanceEventWindowRequest(*ec2.ModifyInstanceEventWindowInput) (*request.Request, *ec2.ModifyInstanceEventWindowOutput) + ModifyInstanceMaintenanceOptions(*ec2.ModifyInstanceMaintenanceOptionsInput) (*ec2.ModifyInstanceMaintenanceOptionsOutput, error) + ModifyInstanceMaintenanceOptionsWithContext(aws.Context, *ec2.ModifyInstanceMaintenanceOptionsInput, ...request.Option) (*ec2.ModifyInstanceMaintenanceOptionsOutput, error) + ModifyInstanceMaintenanceOptionsRequest(*ec2.ModifyInstanceMaintenanceOptionsInput) (*request.Request, *ec2.ModifyInstanceMaintenanceOptionsOutput) + ModifyInstanceMetadataOptions(*ec2.ModifyInstanceMetadataOptionsInput) (*ec2.ModifyInstanceMetadataOptionsOutput, error) ModifyInstanceMetadataOptionsWithContext(aws.Context, *ec2.ModifyInstanceMetadataOptionsInput, ...request.Option) (*ec2.ModifyInstanceMetadataOptionsOutput, error) ModifyInstanceMetadataOptionsRequest(*ec2.ModifyInstanceMetadataOptionsInput) (*request.Request, *ec2.ModifyInstanceMetadataOptionsOutput) diff --git a/service/fms/api.go b/service/fms/api.go index e2b9f1c8475..1079356ab68 100644 --- a/service/fms/api.go +++ b/service/fms/api.go @@ -120,6 +120,103 @@ func (c *FMS) AssociateAdminAccountWithContext(ctx aws.Context, input *Associate return out, req.Send() } +const opAssociateThirdPartyFirewall = "AssociateThirdPartyFirewall" + +// AssociateThirdPartyFirewallRequest generates a "aws/request.Request" representing the +// client's request for the AssociateThirdPartyFirewall operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateThirdPartyFirewall for more information on using the AssociateThirdPartyFirewall +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AssociateThirdPartyFirewallRequest method. +// req, resp := client.AssociateThirdPartyFirewallRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewall +func (c *FMS) AssociateThirdPartyFirewallRequest(input *AssociateThirdPartyFirewallInput) (req *request.Request, output *AssociateThirdPartyFirewallOutput) { + op := &request.Operation{ + Name: opAssociateThirdPartyFirewall, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &AssociateThirdPartyFirewallInput{} + } + + output = &AssociateThirdPartyFirewallOutput{} + req = c.newRequest(op, input, output) + return +} + +// AssociateThirdPartyFirewall API operation for Firewall Management Service. +// +// Sets the Firewall Manager policy administrator as a tenant administrator +// of a third-party firewall service. A tenant is an instance of the third-party +// firewall service that's associated with your Amazon Web Services customer +// account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Firewall Management Service's +// API operation AssociateThirdPartyFirewall for usage and error information. +// +// Returned Error Types: +// * InvalidOperationException +// The operation failed because there was nothing to do or the operation wasn't +// possible. For example, you might have submitted an AssociateAdminAccount +// request for an account ID that was already set as the Firewall Manager administrator. +// Or you might have tried to access a Region that's disabled by default, and +// that you need to enable for the Firewall Manager administrator account and +// for Organizations before you can access it. +// +// * InvalidInputException +// The parameters of the request were invalid. +// +// * ResourceNotFoundException +// The specified resource was not found. +// +// * InternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/AssociateThirdPartyFirewall +func (c *FMS) AssociateThirdPartyFirewall(input *AssociateThirdPartyFirewallInput) (*AssociateThirdPartyFirewallOutput, error) { + req, out := c.AssociateThirdPartyFirewallRequest(input) + return out, req.Send() +} + +// AssociateThirdPartyFirewallWithContext is the same as AssociateThirdPartyFirewall with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateThirdPartyFirewall for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *FMS) AssociateThirdPartyFirewallWithContext(ctx aws.Context, input *AssociateThirdPartyFirewallInput, opts ...request.Option) (*AssociateThirdPartyFirewallOutput, error) { + req, out := c.AssociateThirdPartyFirewallRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteAppsList = "DeleteAppsList" // DeleteAppsListRequest generates a "aws/request.Request" representing the @@ -593,6 +690,103 @@ func (c *FMS) DisassociateAdminAccountWithContext(ctx aws.Context, input *Disass return out, req.Send() } +const opDisassociateThirdPartyFirewall = "DisassociateThirdPartyFirewall" + +// DisassociateThirdPartyFirewallRequest generates a "aws/request.Request" representing the +// client's request for the DisassociateThirdPartyFirewall operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisassociateThirdPartyFirewall for more information on using the DisassociateThirdPartyFirewall +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisassociateThirdPartyFirewallRequest method. +// req, resp := client.DisassociateThirdPartyFirewallRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewall +func (c *FMS) DisassociateThirdPartyFirewallRequest(input *DisassociateThirdPartyFirewallInput) (req *request.Request, output *DisassociateThirdPartyFirewallOutput) { + op := &request.Operation{ + Name: opDisassociateThirdPartyFirewall, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DisassociateThirdPartyFirewallInput{} + } + + output = &DisassociateThirdPartyFirewallOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisassociateThirdPartyFirewall API operation for Firewall Management Service. +// +// Disassociates a Firewall Manager policy administrator from a third-party +// firewall tenant. When you call DisassociateThirdPartyFirewall, the third-party +// firewall vendor deletes all of the firewalls that are associated with the +// account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Firewall Management Service's +// API operation DisassociateThirdPartyFirewall for usage and error information. +// +// Returned Error Types: +// * InvalidOperationException +// The operation failed because there was nothing to do or the operation wasn't +// possible. For example, you might have submitted an AssociateAdminAccount +// request for an account ID that was already set as the Firewall Manager administrator. +// Or you might have tried to access a Region that's disabled by default, and +// that you need to enable for the Firewall Manager administrator account and +// for Organizations before you can access it. +// +// * InvalidInputException +// The parameters of the request were invalid. +// +// * ResourceNotFoundException +// The specified resource was not found. +// +// * InternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/DisassociateThirdPartyFirewall +func (c *FMS) DisassociateThirdPartyFirewall(input *DisassociateThirdPartyFirewallInput) (*DisassociateThirdPartyFirewallOutput, error) { + req, out := c.DisassociateThirdPartyFirewallRequest(input) + return out, req.Send() +} + +// DisassociateThirdPartyFirewallWithContext is the same as DisassociateThirdPartyFirewall with the addition of +// the ability to pass a context and additional request options. +// +// See DisassociateThirdPartyFirewall for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *FMS) DisassociateThirdPartyFirewallWithContext(ctx aws.Context, input *DisassociateThirdPartyFirewallInput, opts ...request.Option) (*DisassociateThirdPartyFirewallOutput, error) { + req, out := c.DisassociateThirdPartyFirewallRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetAdminAccount = "GetAdminAccount" // GetAdminAccountRequest generates a "aws/request.Request" representing the @@ -1254,6 +1448,101 @@ func (c *FMS) GetProtocolsListWithContext(ctx aws.Context, input *GetProtocolsLi return out, req.Send() } +const opGetThirdPartyFirewallAssociationStatus = "GetThirdPartyFirewallAssociationStatus" + +// GetThirdPartyFirewallAssociationStatusRequest generates a "aws/request.Request" representing the +// client's request for the GetThirdPartyFirewallAssociationStatus operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetThirdPartyFirewallAssociationStatus for more information on using the GetThirdPartyFirewallAssociationStatus +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetThirdPartyFirewallAssociationStatusRequest method. +// req, resp := client.GetThirdPartyFirewallAssociationStatusRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus +func (c *FMS) GetThirdPartyFirewallAssociationStatusRequest(input *GetThirdPartyFirewallAssociationStatusInput) (req *request.Request, output *GetThirdPartyFirewallAssociationStatusOutput) { + op := &request.Operation{ + Name: opGetThirdPartyFirewallAssociationStatus, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &GetThirdPartyFirewallAssociationStatusInput{} + } + + output = &GetThirdPartyFirewallAssociationStatusOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetThirdPartyFirewallAssociationStatus API operation for Firewall Management Service. +// +// The onboarding status of a Firewall Manager admin account to third-party +// firewall vendor tenant. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Firewall Management Service's +// API operation GetThirdPartyFirewallAssociationStatus for usage and error information. +// +// Returned Error Types: +// * InvalidOperationException +// The operation failed because there was nothing to do or the operation wasn't +// possible. For example, you might have submitted an AssociateAdminAccount +// request for an account ID that was already set as the Firewall Manager administrator. +// Or you might have tried to access a Region that's disabled by default, and +// that you need to enable for the Firewall Manager administrator account and +// for Organizations before you can access it. +// +// * InvalidInputException +// The parameters of the request were invalid. +// +// * ResourceNotFoundException +// The specified resource was not found. +// +// * InternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/GetThirdPartyFirewallAssociationStatus +func (c *FMS) GetThirdPartyFirewallAssociationStatus(input *GetThirdPartyFirewallAssociationStatusInput) (*GetThirdPartyFirewallAssociationStatusOutput, error) { + req, out := c.GetThirdPartyFirewallAssociationStatusRequest(input) + return out, req.Send() +} + +// GetThirdPartyFirewallAssociationStatusWithContext is the same as GetThirdPartyFirewallAssociationStatus with the addition of +// the ability to pass a context and additional request options. +// +// See GetThirdPartyFirewallAssociationStatus for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *FMS) GetThirdPartyFirewallAssociationStatusWithContext(ctx aws.Context, input *GetThirdPartyFirewallAssociationStatusInput, opts ...request.Option) (*GetThirdPartyFirewallAssociationStatusOutput, error) { + req, out := c.GetThirdPartyFirewallAssociationStatusRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetViolationDetails = "GetViolationDetails" // GetViolationDetailsRequest generates a "aws/request.Request" representing the @@ -2182,63 +2471,67 @@ func (c *FMS) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsFor return out, req.Send() } -const opPutAppsList = "PutAppsList" +const opListThirdPartyFirewallFirewallPolicies = "ListThirdPartyFirewallFirewallPolicies" -// PutAppsListRequest generates a "aws/request.Request" representing the -// client's request for the PutAppsList operation. The "output" return +// ListThirdPartyFirewallFirewallPoliciesRequest generates a "aws/request.Request" representing the +// client's request for the ListThirdPartyFirewallFirewallPolicies operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See PutAppsList for more information on using the PutAppsList +// See ListThirdPartyFirewallFirewallPolicies for more information on using the ListThirdPartyFirewallFirewallPolicies // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // -// // Example sending a request using the PutAppsListRequest method. -// req, resp := client.PutAppsListRequest(params) +// // Example sending a request using the ListThirdPartyFirewallFirewallPoliciesRequest method. +// req, resp := client.ListThirdPartyFirewallFirewallPoliciesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsList -func (c *FMS) PutAppsListRequest(input *PutAppsListInput) (req *request.Request, output *PutAppsListOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies +func (c *FMS) ListThirdPartyFirewallFirewallPoliciesRequest(input *ListThirdPartyFirewallFirewallPoliciesInput) (req *request.Request, output *ListThirdPartyFirewallFirewallPoliciesOutput) { op := &request.Operation{ - Name: opPutAppsList, + Name: opListThirdPartyFirewallFirewallPolicies, HTTPMethod: "POST", HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, } if input == nil { - input = &PutAppsListInput{} + input = &ListThirdPartyFirewallFirewallPoliciesInput{} } - output = &PutAppsListOutput{} + output = &ListThirdPartyFirewallFirewallPoliciesOutput{} req = c.newRequest(op, input, output) return } -// PutAppsList API operation for Firewall Management Service. +// ListThirdPartyFirewallFirewallPolicies API operation for Firewall Management Service. // -// Creates an Firewall Manager applications list. +// Retrieves a list of all of the third-party firewall policies that are associated +// with the third-party firewall administrator's account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Firewall Management Service's -// API operation PutAppsList for usage and error information. +// API operation ListThirdPartyFirewallFirewallPolicies for usage and error information. // // Returned Error Types: -// * ResourceNotFoundException -// The specified resource was not found. -// // * InvalidOperationException // The operation failed because there was nothing to do or the operation wasn't // possible. For example, you might have submitted an AssociateAdminAccount @@ -2250,33 +2543,182 @@ func (c *FMS) PutAppsListRequest(input *PutAppsListInput) (req *request.Request, // * InvalidInputException // The parameters of the request were invalid. // -// * LimitExceededException -// The operation exceeds a resource limit, for example, the maximum number of -// policy objects that you can create for an Amazon Web Services account. For -// more information, see Firewall Manager Limits (https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) -// in the WAF Developer Guide. +// * ResourceNotFoundException +// The specified resource was not found. // // * InternalErrorException // The operation failed because of a system problem, even though the request // was valid. Retry your request. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsList -func (c *FMS) PutAppsList(input *PutAppsListInput) (*PutAppsListOutput, error) { - req, out := c.PutAppsListRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/ListThirdPartyFirewallFirewallPolicies +func (c *FMS) ListThirdPartyFirewallFirewallPolicies(input *ListThirdPartyFirewallFirewallPoliciesInput) (*ListThirdPartyFirewallFirewallPoliciesOutput, error) { + req, out := c.ListThirdPartyFirewallFirewallPoliciesRequest(input) return out, req.Send() } -// PutAppsListWithContext is the same as PutAppsList with the addition of +// ListThirdPartyFirewallFirewallPoliciesWithContext is the same as ListThirdPartyFirewallFirewallPolicies with the addition of // the ability to pass a context and additional request options. // -// See PutAppsList for details on how to use this API operation. +// See ListThirdPartyFirewallFirewallPolicies for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *FMS) PutAppsListWithContext(ctx aws.Context, input *PutAppsListInput, opts ...request.Option) (*PutAppsListOutput, error) { - req, out := c.PutAppsListRequest(input) +func (c *FMS) ListThirdPartyFirewallFirewallPoliciesWithContext(ctx aws.Context, input *ListThirdPartyFirewallFirewallPoliciesInput, opts ...request.Option) (*ListThirdPartyFirewallFirewallPoliciesOutput, error) { + req, out := c.ListThirdPartyFirewallFirewallPoliciesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListThirdPartyFirewallFirewallPoliciesPages iterates over the pages of a ListThirdPartyFirewallFirewallPolicies operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListThirdPartyFirewallFirewallPolicies method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListThirdPartyFirewallFirewallPolicies operation. +// pageNum := 0 +// err := client.ListThirdPartyFirewallFirewallPoliciesPages(params, +// func(page *fms.ListThirdPartyFirewallFirewallPoliciesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *FMS) ListThirdPartyFirewallFirewallPoliciesPages(input *ListThirdPartyFirewallFirewallPoliciesInput, fn func(*ListThirdPartyFirewallFirewallPoliciesOutput, bool) bool) error { + return c.ListThirdPartyFirewallFirewallPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListThirdPartyFirewallFirewallPoliciesPagesWithContext same as ListThirdPartyFirewallFirewallPoliciesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *FMS) ListThirdPartyFirewallFirewallPoliciesPagesWithContext(ctx aws.Context, input *ListThirdPartyFirewallFirewallPoliciesInput, fn func(*ListThirdPartyFirewallFirewallPoliciesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListThirdPartyFirewallFirewallPoliciesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListThirdPartyFirewallFirewallPoliciesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListThirdPartyFirewallFirewallPoliciesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opPutAppsList = "PutAppsList" + +// PutAppsListRequest generates a "aws/request.Request" representing the +// client's request for the PutAppsList operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutAppsList for more information on using the PutAppsList +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the PutAppsListRequest method. +// req, resp := client.PutAppsListRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsList +func (c *FMS) PutAppsListRequest(input *PutAppsListInput) (req *request.Request, output *PutAppsListOutput) { + op := &request.Operation{ + Name: opPutAppsList, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &PutAppsListInput{} + } + + output = &PutAppsListOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutAppsList API operation for Firewall Management Service. +// +// Creates an Firewall Manager applications list. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Firewall Management Service's +// API operation PutAppsList for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The specified resource was not found. +// +// * InvalidOperationException +// The operation failed because there was nothing to do or the operation wasn't +// possible. For example, you might have submitted an AssociateAdminAccount +// request for an account ID that was already set as the Firewall Manager administrator. +// Or you might have tried to access a Region that's disabled by default, and +// that you need to enable for the Firewall Manager administrator account and +// for Organizations before you can access it. +// +// * InvalidInputException +// The parameters of the request were invalid. +// +// * LimitExceededException +// The operation exceeds a resource limit, for example, the maximum number of +// policy objects that you can create for an Amazon Web Services account. For +// more information, see Firewall Manager Limits (https://docs.aws.amazon.com/waf/latest/developerguide/fms-limits.html) +// in the WAF Developer Guide. +// +// * InternalErrorException +// The operation failed because of a system problem, even though the request +// was valid. Retry your request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/fms-2018-01-01/PutAppsList +func (c *FMS) PutAppsList(input *PutAppsListInput) (*PutAppsListOutput, error) { + req, out := c.PutAppsListRequest(input) + return out, req.Send() +} + +// PutAppsListWithContext is the same as PutAppsList with the addition of +// the ability to pass a context and additional request options. +// +// See PutAppsList for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *FMS) PutAppsListWithContext(ctx aws.Context, input *PutAppsListInput, opts ...request.Option) (*PutAppsListOutput, error) { + req, out := c.PutAppsListRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() @@ -3190,6 +3632,99 @@ func (s AssociateAdminAccountOutput) GoString() string { return s.String() } +type AssociateThirdPartyFirewallInput struct { + _ struct{} `type:"structure"` + + // The name of the third-party firewall vendor. + // + // ThirdPartyFirewall is a required field + ThirdPartyFirewall *string `type:"string" required:"true" enum:"ThirdPartyFirewall"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateThirdPartyFirewallInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateThirdPartyFirewallInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateThirdPartyFirewallInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateThirdPartyFirewallInput"} + if s.ThirdPartyFirewall == nil { + invalidParams.Add(request.NewErrParamRequired("ThirdPartyFirewall")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetThirdPartyFirewall sets the ThirdPartyFirewall field's value. +func (s *AssociateThirdPartyFirewallInput) SetThirdPartyFirewall(v string) *AssociateThirdPartyFirewallInput { + s.ThirdPartyFirewall = &v + return s +} + +type AssociateThirdPartyFirewallOutput struct { + _ struct{} `type:"structure"` + + // The current status for setting a Firewall Manager policy administrator's + // account as an administrator of the third-party firewall tenant. + // + // * ONBOARDING - The Firewall Manager policy administrator is being designated + // as a tenant administrator. + // + // * ONBOARD_COMPLETE - The Firewall Manager policy administrator is designated + // as a tenant administrator. + // + // * OFFBOARDING - The Firewall Manager policy administrator is being removed + // as a tenant administrator. + // + // * OFFBOARD_COMPLETE - The Firewall Manager policy administrator has been + // removed as a tenant administrator. + // + // * NOT_EXIST - The Firewall Manager policy administrator doesn't exist + // as a tenant administrator. + ThirdPartyFirewallStatus *string `type:"string" enum:"ThirdPartyFirewallAssociationStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateThirdPartyFirewallOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateThirdPartyFirewallOutput) GoString() string { + return s.String() +} + +// SetThirdPartyFirewallStatus sets the ThirdPartyFirewallStatus field's value. +func (s *AssociateThirdPartyFirewallOutput) SetThirdPartyFirewallStatus(v string) *AssociateThirdPartyFirewallOutput { + s.ThirdPartyFirewallStatus = &v + return s +} + // Violation detail for an EC2 instance resource. type AwsEc2InstanceViolation struct { _ struct{} `type:"structure"` @@ -3733,16 +4268,13 @@ func (s DisassociateAdminAccountOutput) GoString() string { return s.String() } -// A DNS Firewall rule group that Firewall Manager tried to associate with a -// VPC is already associated with the VPC and can't be associated again. -type DnsDuplicateRuleGroupViolation struct { +type DisassociateThirdPartyFirewallInput struct { _ struct{} `type:"structure"` - // Information about the VPC ID. - ViolationTarget *string `type:"string"` - - // A description of the violation that specifies the rule group and VPC. - ViolationTargetDescription *string `type:"string"` + // The name of the third-party firewall vendor. + // + // ThirdPartyFirewall is a required field + ThirdPartyFirewall *string `type:"string" required:"true" enum:"ThirdPartyFirewall"` } // String returns the string representation. @@ -3750,7 +4282,7 @@ type DnsDuplicateRuleGroupViolation struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DnsDuplicateRuleGroupViolation) String() string { +func (s DisassociateThirdPartyFirewallInput) String() string { return awsutil.Prettify(s) } @@ -3759,36 +4291,35 @@ func (s DnsDuplicateRuleGroupViolation) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DnsDuplicateRuleGroupViolation) GoString() string { +func (s DisassociateThirdPartyFirewallInput) GoString() string { return s.String() } -// SetViolationTarget sets the ViolationTarget field's value. -func (s *DnsDuplicateRuleGroupViolation) SetViolationTarget(v string) *DnsDuplicateRuleGroupViolation { - s.ViolationTarget = &v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisassociateThirdPartyFirewallInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisassociateThirdPartyFirewallInput"} + if s.ThirdPartyFirewall == nil { + invalidParams.Add(request.NewErrParamRequired("ThirdPartyFirewall")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetViolationTargetDescription sets the ViolationTargetDescription field's value. -func (s *DnsDuplicateRuleGroupViolation) SetViolationTargetDescription(v string) *DnsDuplicateRuleGroupViolation { - s.ViolationTargetDescription = &v +// SetThirdPartyFirewall sets the ThirdPartyFirewall field's value. +func (s *DisassociateThirdPartyFirewallInput) SetThirdPartyFirewall(v string) *DisassociateThirdPartyFirewallInput { + s.ThirdPartyFirewall = &v return s } -// The VPC that Firewall Manager was applying a DNS Fireall policy to reached -// the limit for associated DNS Firewall rule groups. Firewall Manager tried -// to associate another rule group with the VPC and failed due to the limit. -type DnsRuleGroupLimitExceededViolation struct { +type DisassociateThirdPartyFirewallOutput struct { _ struct{} `type:"structure"` - // The number of rule groups currently associated with the VPC. - NumberOfRuleGroupsAlreadyAssociated *int64 `type:"integer"` - - // Information about the VPC ID. - ViolationTarget *string `type:"string"` - - // A description of the violation that specifies the rule group and VPC. - ViolationTargetDescription *string `type:"string"` + // The current status for the disassociation of a Firewall Manager administrators + // account with a third-party firewall. + ThirdPartyFirewallStatus *string `type:"string" enum:"ThirdPartyFirewallAssociationStatus"` } // String returns the string representation. @@ -3796,7 +4327,7 @@ type DnsRuleGroupLimitExceededViolation struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DnsRuleGroupLimitExceededViolation) String() string { +func (s DisassociateThirdPartyFirewallOutput) String() string { return awsutil.Prettify(s) } @@ -3805,26 +4336,108 @@ func (s DnsRuleGroupLimitExceededViolation) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DnsRuleGroupLimitExceededViolation) GoString() string { +func (s DisassociateThirdPartyFirewallOutput) GoString() string { return s.String() } -// SetNumberOfRuleGroupsAlreadyAssociated sets the NumberOfRuleGroupsAlreadyAssociated field's value. -func (s *DnsRuleGroupLimitExceededViolation) SetNumberOfRuleGroupsAlreadyAssociated(v int64) *DnsRuleGroupLimitExceededViolation { - s.NumberOfRuleGroupsAlreadyAssociated = &v +// SetThirdPartyFirewallStatus sets the ThirdPartyFirewallStatus field's value. +func (s *DisassociateThirdPartyFirewallOutput) SetThirdPartyFirewallStatus(v string) *DisassociateThirdPartyFirewallOutput { + s.ThirdPartyFirewallStatus = &v return s } -// SetViolationTarget sets the ViolationTarget field's value. -func (s *DnsRuleGroupLimitExceededViolation) SetViolationTarget(v string) *DnsRuleGroupLimitExceededViolation { - s.ViolationTarget = &v - return s -} +// A DNS Firewall rule group that Firewall Manager tried to associate with a +// VPC is already associated with the VPC and can't be associated again. +type DnsDuplicateRuleGroupViolation struct { + _ struct{} `type:"structure"` -// SetViolationTargetDescription sets the ViolationTargetDescription field's value. -func (s *DnsRuleGroupLimitExceededViolation) SetViolationTargetDescription(v string) *DnsRuleGroupLimitExceededViolation { - s.ViolationTargetDescription = &v - return s + // Information about the VPC ID. + ViolationTarget *string `type:"string"` + + // A description of the violation that specifies the rule group and VPC. + ViolationTargetDescription *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsDuplicateRuleGroupViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsDuplicateRuleGroupViolation) GoString() string { + return s.String() +} + +// SetViolationTarget sets the ViolationTarget field's value. +func (s *DnsDuplicateRuleGroupViolation) SetViolationTarget(v string) *DnsDuplicateRuleGroupViolation { + s.ViolationTarget = &v + return s +} + +// SetViolationTargetDescription sets the ViolationTargetDescription field's value. +func (s *DnsDuplicateRuleGroupViolation) SetViolationTargetDescription(v string) *DnsDuplicateRuleGroupViolation { + s.ViolationTargetDescription = &v + return s +} + +// The VPC that Firewall Manager was applying a DNS Fireall policy to reached +// the limit for associated DNS Firewall rule groups. Firewall Manager tried +// to associate another rule group with the VPC and failed due to the limit. +type DnsRuleGroupLimitExceededViolation struct { + _ struct{} `type:"structure"` + + // The number of rule groups currently associated with the VPC. + NumberOfRuleGroupsAlreadyAssociated *int64 `type:"integer"` + + // Information about the VPC ID. + ViolationTarget *string `type:"string"` + + // A description of the violation that specifies the rule group and VPC. + ViolationTargetDescription *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsRuleGroupLimitExceededViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DnsRuleGroupLimitExceededViolation) GoString() string { + return s.String() +} + +// SetNumberOfRuleGroupsAlreadyAssociated sets the NumberOfRuleGroupsAlreadyAssociated field's value. +func (s *DnsRuleGroupLimitExceededViolation) SetNumberOfRuleGroupsAlreadyAssociated(v int64) *DnsRuleGroupLimitExceededViolation { + s.NumberOfRuleGroupsAlreadyAssociated = &v + return s +} + +// SetViolationTarget sets the ViolationTarget field's value. +func (s *DnsRuleGroupLimitExceededViolation) SetViolationTarget(v string) *DnsRuleGroupLimitExceededViolation { + s.ViolationTarget = &v + return s +} + +// SetViolationTargetDescription sets the ViolationTargetDescription field's value. +func (s *DnsRuleGroupLimitExceededViolation) SetViolationTargetDescription(v string) *DnsRuleGroupLimitExceededViolation { + s.ViolationTargetDescription = &v + return s } // A rule group that Firewall Manager tried to associate with a VPC has the @@ -4615,6 +5228,66 @@ func (s *FirewallSubnetIsOutOfScopeViolation) SetVpcId(v string) *FirewallSubnet return s } +// The violation details for a firewall subnet's VPC endpoint that's deleted +// or missing. +type FirewallSubnetMissingVPCEndpointViolation struct { + _ struct{} `type:"structure"` + + // The ID of the firewall that this VPC endpoint is associated with. + FirewallSubnetId *string `min:"1" type:"string"` + + // The name of the Availability Zone of the deleted VPC subnet. + SubnetAvailabilityZone *string `type:"string"` + + // The ID of the Availability Zone of the deleted VPC subnet. + SubnetAvailabilityZoneId *string `type:"string"` + + // The resource ID of the VPC associated with the deleted VPC subnet. + VpcId *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallSubnetMissingVPCEndpointViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s FirewallSubnetMissingVPCEndpointViolation) GoString() string { + return s.String() +} + +// SetFirewallSubnetId sets the FirewallSubnetId field's value. +func (s *FirewallSubnetMissingVPCEndpointViolation) SetFirewallSubnetId(v string) *FirewallSubnetMissingVPCEndpointViolation { + s.FirewallSubnetId = &v + return s +} + +// SetSubnetAvailabilityZone sets the SubnetAvailabilityZone field's value. +func (s *FirewallSubnetMissingVPCEndpointViolation) SetSubnetAvailabilityZone(v string) *FirewallSubnetMissingVPCEndpointViolation { + s.SubnetAvailabilityZone = &v + return s +} + +// SetSubnetAvailabilityZoneId sets the SubnetAvailabilityZoneId field's value. +func (s *FirewallSubnetMissingVPCEndpointViolation) SetSubnetAvailabilityZoneId(v string) *FirewallSubnetMissingVPCEndpointViolation { + s.SubnetAvailabilityZoneId = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *FirewallSubnetMissingVPCEndpointViolation) SetVpcId(v string) *FirewallSubnetMissingVPCEndpointViolation { + s.VpcId = &v + return s +} + type GetAdminAccountInput struct { _ struct{} `type:"structure"` } @@ -5325,6 +5998,119 @@ func (s *GetProtocolsListOutput) SetProtocolsListArn(v string) *GetProtocolsList return s } +type GetThirdPartyFirewallAssociationStatusInput struct { + _ struct{} `type:"structure"` + + // The name of the third-party firewall vendor. + // + // ThirdPartyFirewall is a required field + ThirdPartyFirewall *string `type:"string" required:"true" enum:"ThirdPartyFirewall"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetThirdPartyFirewallAssociationStatusInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetThirdPartyFirewallAssociationStatusInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetThirdPartyFirewallAssociationStatusInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetThirdPartyFirewallAssociationStatusInput"} + if s.ThirdPartyFirewall == nil { + invalidParams.Add(request.NewErrParamRequired("ThirdPartyFirewall")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetThirdPartyFirewall sets the ThirdPartyFirewall field's value. +func (s *GetThirdPartyFirewallAssociationStatusInput) SetThirdPartyFirewall(v string) *GetThirdPartyFirewallAssociationStatusInput { + s.ThirdPartyFirewall = &v + return s +} + +type GetThirdPartyFirewallAssociationStatusOutput struct { + _ struct{} `type:"structure"` + + // The status for subscribing to the third-party firewall vendor in the AWS + // Marketplace. + // + // * NO_SUBSCRIPTION - The Firewall Manager policy administrator isn't subscribed + // to the third-party firewall service in the AWS Marketplace. + // + // * NOT_COMPLETE - The Firewall Manager policy administrator is in the process + // of subscribing to the third-party firewall service in the Amazon Web Services + // Marketplace, but doesn't yet have an active subscription. + // + // * COMPLETE - The Firewall Manager policy administrator has an active subscription + // to the third-party firewall service in the Amazon Web Services Marketplace. + MarketplaceOnboardingStatus *string `type:"string" enum:"MarketplaceSubscriptionOnboardingStatus"` + + // The current status for setting a Firewall Manager policy administrators account + // as an administrator of the third-party firewall tenant. + // + // * ONBOARDING - The Firewall Manager policy administrator is being designated + // as a tenant administrator. + // + // * ONBOARD_COMPLETE - The Firewall Manager policy administrator is designated + // as a tenant administrator. + // + // * OFFBOARDING - The Firewall Manager policy administrator is being removed + // as a tenant administrator. + // + // * OFFBOARD_COMPLETE - The Firewall Manager policy administrator has been + // removed as a tenant administrator. + // + // * NOT_EXIST - The Firewall Manager policy administrator doesn't exist + // as a tenant administrator. + ThirdPartyFirewallStatus *string `type:"string" enum:"ThirdPartyFirewallAssociationStatus"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetThirdPartyFirewallAssociationStatusOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetThirdPartyFirewallAssociationStatusOutput) GoString() string { + return s.String() +} + +// SetMarketplaceOnboardingStatus sets the MarketplaceOnboardingStatus field's value. +func (s *GetThirdPartyFirewallAssociationStatusOutput) SetMarketplaceOnboardingStatus(v string) *GetThirdPartyFirewallAssociationStatusOutput { + s.MarketplaceOnboardingStatus = &v + return s +} + +// SetThirdPartyFirewallStatus sets the ThirdPartyFirewallStatus field's value. +func (s *GetThirdPartyFirewallAssociationStatusOutput) SetThirdPartyFirewallStatus(v string) *GetThirdPartyFirewallAssociationStatusOutput { + s.ThirdPartyFirewallStatus = &v + return s +} + type GetViolationDetailsInput struct { _ struct{} `type:"structure"` @@ -6458,22 +7244,33 @@ func (s *ListTagsForResourceOutput) SetTagList(v []*Tag) *ListTagsForResourceOut return s } -// Violation detail for an internet gateway route with an inactive state in -// the customer subnet route table or Network Firewall subnet route table. -type NetworkFirewallBlackHoleRouteDetectedViolation struct { +type ListThirdPartyFirewallFirewallPoliciesInput struct { _ struct{} `type:"structure"` - // Information about the route table ID. - RouteTableId *string `min:"1" type:"string"` - - // Information about the route or routes that are in violation. - ViolatingRoutes []*Route `type:"list"` + // The maximum number of third-party firewall policies that you want Firewall + // Manager to return. If the specified third-party firewall vendor is associated + // with more than MaxResults firewall policies, the response includes a NextToken + // element. NextToken contains an encrypted token that identifies the first + // third-party firewall policies that Firewall Manager will return if you submit + // another request. + // + // MaxResults is a required field + MaxResults *int64 `min:"1" type:"integer" required:"true"` - // The subnet that has an inactive state. - ViolationTarget *string `type:"string"` + // If the previous response included a NextToken element, the specified third-party + // firewall vendor is associated with more third-party firewall policies. To + // get more third-party firewall policies, submit another ListThirdPartyFirewallFirewallPoliciesRequest + // request. + // + // For the value of NextToken, specify the value of NextToken from the previous + // response. If the previous response didn't include a NextToken element, there + // are no more third-party firewall policies to get. + NextToken *string `min:"1" type:"string"` - // Information about the VPC ID. - VpcId *string `min:"1" type:"string"` + // The name of the third-party firewall vendor. + // + // ThirdPartyFirewall is a required field + ThirdPartyFirewall *string `type:"string" required:"true" enum:"ThirdPartyFirewall"` } // String returns the string representation. @@ -6481,7 +7278,7 @@ type NetworkFirewallBlackHoleRouteDetectedViolation struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s NetworkFirewallBlackHoleRouteDetectedViolation) String() string { +func (s ListThirdPartyFirewallFirewallPoliciesInput) String() string { return awsutil.Prettify(s) } @@ -6490,35 +7287,155 @@ func (s NetworkFirewallBlackHoleRouteDetectedViolation) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s NetworkFirewallBlackHoleRouteDetectedViolation) GoString() string { +func (s ListThirdPartyFirewallFirewallPoliciesInput) GoString() string { return s.String() } -// SetRouteTableId sets the RouteTableId field's value. -func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetRouteTableId(v string) *NetworkFirewallBlackHoleRouteDetectedViolation { - s.RouteTableId = &v - return s +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListThirdPartyFirewallFirewallPoliciesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListThirdPartyFirewallFirewallPoliciesInput"} + if s.MaxResults == nil { + invalidParams.Add(request.NewErrParamRequired("MaxResults")) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + if s.ThirdPartyFirewall == nil { + invalidParams.Add(request.NewErrParamRequired("ThirdPartyFirewall")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil } -// SetViolatingRoutes sets the ViolatingRoutes field's value. -func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetViolatingRoutes(v []*Route) *NetworkFirewallBlackHoleRouteDetectedViolation { - s.ViolatingRoutes = v +// SetMaxResults sets the MaxResults field's value. +func (s *ListThirdPartyFirewallFirewallPoliciesInput) SetMaxResults(v int64) *ListThirdPartyFirewallFirewallPoliciesInput { + s.MaxResults = &v return s } -// SetViolationTarget sets the ViolationTarget field's value. -func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetViolationTarget(v string) *NetworkFirewallBlackHoleRouteDetectedViolation { - s.ViolationTarget = &v +// SetNextToken sets the NextToken field's value. +func (s *ListThirdPartyFirewallFirewallPoliciesInput) SetNextToken(v string) *ListThirdPartyFirewallFirewallPoliciesInput { + s.NextToken = &v return s } -// SetVpcId sets the VpcId field's value. -func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetVpcId(v string) *NetworkFirewallBlackHoleRouteDetectedViolation { - s.VpcId = &v +// SetThirdPartyFirewall sets the ThirdPartyFirewall field's value. +func (s *ListThirdPartyFirewallFirewallPoliciesInput) SetThirdPartyFirewall(v string) *ListThirdPartyFirewallFirewallPoliciesInput { + s.ThirdPartyFirewall = &v return s } -// Violation detail for the subnet for which internet traffic that hasn't been +type ListThirdPartyFirewallFirewallPoliciesOutput struct { + _ struct{} `type:"structure"` + + // The value that you will use for NextToken in the next ListThirdPartyFirewallFirewallPolicies + // request. + NextToken *string `min:"1" type:"string"` + + // A list that contains one ThirdPartyFirewallFirewallPolicies element for each + // third-party firewall policies that the specified third-party firewall vendor + // is associated with. Each ThirdPartyFirewallFirewallPolicies element contains + // the firewall policy name and ID. + ThirdPartyFirewallFirewallPolicies []*ThirdPartyFirewallFirewallPolicy `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListThirdPartyFirewallFirewallPoliciesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListThirdPartyFirewallFirewallPoliciesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListThirdPartyFirewallFirewallPoliciesOutput) SetNextToken(v string) *ListThirdPartyFirewallFirewallPoliciesOutput { + s.NextToken = &v + return s +} + +// SetThirdPartyFirewallFirewallPolicies sets the ThirdPartyFirewallFirewallPolicies field's value. +func (s *ListThirdPartyFirewallFirewallPoliciesOutput) SetThirdPartyFirewallFirewallPolicies(v []*ThirdPartyFirewallFirewallPolicy) *ListThirdPartyFirewallFirewallPoliciesOutput { + s.ThirdPartyFirewallFirewallPolicies = v + return s +} + +// Violation detail for an internet gateway route with an inactive state in +// the customer subnet route table or Network Firewall subnet route table. +type NetworkFirewallBlackHoleRouteDetectedViolation struct { + _ struct{} `type:"structure"` + + // Information about the route table ID. + RouteTableId *string `min:"1" type:"string"` + + // Information about the route or routes that are in violation. + ViolatingRoutes []*Route `type:"list"` + + // The subnet that has an inactive state. + ViolationTarget *string `type:"string"` + + // Information about the VPC ID. + VpcId *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NetworkFirewallBlackHoleRouteDetectedViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s NetworkFirewallBlackHoleRouteDetectedViolation) GoString() string { + return s.String() +} + +// SetRouteTableId sets the RouteTableId field's value. +func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetRouteTableId(v string) *NetworkFirewallBlackHoleRouteDetectedViolation { + s.RouteTableId = &v + return s +} + +// SetViolatingRoutes sets the ViolatingRoutes field's value. +func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetViolatingRoutes(v []*Route) *NetworkFirewallBlackHoleRouteDetectedViolation { + s.ViolatingRoutes = v + return s +} + +// SetViolationTarget sets the ViolationTarget field's value. +func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetViolationTarget(v string) *NetworkFirewallBlackHoleRouteDetectedViolation { + s.ViolationTarget = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *NetworkFirewallBlackHoleRouteDetectedViolation) SetVpcId(v string) *NetworkFirewallBlackHoleRouteDetectedViolation { + s.VpcId = &v + return s +} + +// Violation detail for the subnet for which internet traffic that hasn't been // inspected. type NetworkFirewallInternetTrafficNotInspectedViolation struct { _ struct{} `type:"structure"` @@ -7460,9 +8377,6 @@ type Policy struct { // * Specify accounts and OUs together in a single map, separated with a // comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, // “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}. - // - // This option isn't available for the centralized deployment model when creating - // policies to configure Network Firewall. ExcludeMap map[string][]*string `type:"map"` // If set to True, resources with the tags that are specified in the ResourceTag @@ -7470,9 +8384,6 @@ type Policy struct { // array is not null, only resources with the specified tags are in scope of // the policy. // - // This option isn't available for the centralized deployment model when creating - // policies to configure Network Firewall. - // // ExcludeResourceTags is a required field ExcludeResourceTags *bool `type:"boolean" required:"true"` @@ -7498,9 +8409,6 @@ type Policy struct { // * Specify accounts and OUs together in a single map, separated with a // comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, // “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}. - // - // This option isn't available for the centralized deployment model when creating - // policies to configure Network Firewall. IncludeMap map[string][]*string `type:"map"` // The ID of the Firewall Manager policy. @@ -7882,6 +8790,9 @@ type PolicyOption struct { // Defines the deployment model to use for the firewall policy. NetworkFirewallPolicy *NetworkFirewallPolicy `type:"structure"` + + // Defines the policy options for a third-party firewall policy. + ThirdPartyFirewallPolicy *ThirdPartyFirewallPolicy `type:"structure"` } // String returns the string representation. @@ -7908,6 +8819,12 @@ func (s *PolicyOption) SetNetworkFirewallPolicy(v *NetworkFirewallPolicy) *Polic return s } +// SetThirdPartyFirewallPolicy sets the ThirdPartyFirewallPolicy field's value. +func (s *PolicyOption) SetThirdPartyFirewallPolicy(v *ThirdPartyFirewallPolicy) *PolicyOption { + s.ThirdPartyFirewallPolicy = v + return s +} + // Details of the Firewall Manager policy. type PolicySummary struct { _ struct{} `type:"structure"` @@ -9011,6 +9928,10 @@ type ResourceViolation struct { // Contains details about the firewall subnet that violates the policy scope. FirewallSubnetIsOutOfScopeViolation *FirewallSubnetIsOutOfScopeViolation `type:"structure"` + // The violation details for a third-party firewall's VPC endpoint subnet that + // was deleted. + FirewallSubnetMissingVPCEndpointViolation *FirewallSubnetMissingVPCEndpointViolation `type:"structure"` + // Violation detail for an internet gateway route with an inactive state in // the customer subnet route table or Network Firewall subnet route table. NetworkFirewallBlackHoleRouteDetectedViolation *NetworkFirewallBlackHoleRouteDetectedViolation `type:"structure"` @@ -9055,6 +9976,17 @@ type ResourceViolation struct { // Contains details about the route endpoint that violates the policy scope. RouteHasOutOfScopeEndpointViolation *RouteHasOutOfScopeEndpointViolation `type:"structure"` + + // The violation details for a third-party firewall that has the Firewall Manager + // managed route table that was associated with the third-party firewall has + // been deleted. + ThirdPartyFirewallMissingExpectedRouteTableViolation *ThirdPartyFirewallMissingExpectedRouteTableViolation `type:"structure"` + + // The violation details for a third-party firewall that's been deleted. + ThirdPartyFirewallMissingFirewallViolation *ThirdPartyFirewallMissingFirewallViolation `type:"structure"` + + // The violation details for a third-party firewall's subnet that's been deleted. + ThirdPartyFirewallMissingSubnetViolation *ThirdPartyFirewallMissingSubnetViolation `type:"structure"` } // String returns the string representation. @@ -9117,6 +10049,12 @@ func (s *ResourceViolation) SetFirewallSubnetIsOutOfScopeViolation(v *FirewallSu return s } +// SetFirewallSubnetMissingVPCEndpointViolation sets the FirewallSubnetMissingVPCEndpointViolation field's value. +func (s *ResourceViolation) SetFirewallSubnetMissingVPCEndpointViolation(v *FirewallSubnetMissingVPCEndpointViolation) *ResourceViolation { + s.FirewallSubnetMissingVPCEndpointViolation = v + return s +} + // SetNetworkFirewallBlackHoleRouteDetectedViolation sets the NetworkFirewallBlackHoleRouteDetectedViolation field's value. func (s *ResourceViolation) SetNetworkFirewallBlackHoleRouteDetectedViolation(v *NetworkFirewallBlackHoleRouteDetectedViolation) *ResourceViolation { s.NetworkFirewallBlackHoleRouteDetectedViolation = v @@ -9189,6 +10127,24 @@ func (s *ResourceViolation) SetRouteHasOutOfScopeEndpointViolation(v *RouteHasOu return s } +// SetThirdPartyFirewallMissingExpectedRouteTableViolation sets the ThirdPartyFirewallMissingExpectedRouteTableViolation field's value. +func (s *ResourceViolation) SetThirdPartyFirewallMissingExpectedRouteTableViolation(v *ThirdPartyFirewallMissingExpectedRouteTableViolation) *ResourceViolation { + s.ThirdPartyFirewallMissingExpectedRouteTableViolation = v + return s +} + +// SetThirdPartyFirewallMissingFirewallViolation sets the ThirdPartyFirewallMissingFirewallViolation field's value. +func (s *ResourceViolation) SetThirdPartyFirewallMissingFirewallViolation(v *ThirdPartyFirewallMissingFirewallViolation) *ResourceViolation { + s.ThirdPartyFirewallMissingFirewallViolation = v + return s +} + +// SetThirdPartyFirewallMissingSubnetViolation sets the ThirdPartyFirewallMissingSubnetViolation field's value. +func (s *ResourceViolation) SetThirdPartyFirewallMissingSubnetViolation(v *ThirdPartyFirewallMissingSubnetViolation) *ResourceViolation { + s.ThirdPartyFirewallMissingSubnetViolation = v + return s +} + // Describes a route in a route table. type Route struct { _ struct{} `type:"structure"` @@ -9529,9 +10485,9 @@ type SecurityServicePolicyData struct { // Valid values for preProcessRuleGroups are between 1 and 99. Valid values // for postProcessRuleGroups are between 9901 and 10000. // - // * Example: NETWORK_FIREWALL - Centralized deployment model. "{\"type\":\"NETWORK_FIREWALL\",\"awsNetworkFirewallConfig\":{\"networkFirewallStatelessRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateless-rulegroup/test\",\"priority\":1}],\"networkFirewallStatelessDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessFragmentDefaultActions\":[\"aws:forward_to_sfe\",\"customActionName\"],\"networkFirewallStatelessCustomActions\":[{\"actionName\":\"customActionName\",\"actionDefinition\":{\"publishMetricAction\":{\"dimensions\":[{\"value\":\"metricdimensionvalue\"}]}}}],\"networkFirewallStatefulRuleGroupReferences\":[{\"resourceARN\":\"arn:aws:network-firewall:us-east-1:123456789011:stateful-rulegroup/test\"}],\"networkFirewallLoggingConfiguration\":{\"logDestinationConfigs\":[{\"logDestinationType\":\"S3\",\"logType\":\"ALERT\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}},{\"logDestinationType\":\"S3\",\"logType\":\"FLOW\",\"logDestination\":{\"bucketName\":\"s3-bucket-name\"}}],\"overrideExistingConfig\":true}},\"firewallDeploymentModel\":{\"centralizedFirewallDeploymentModel\":{\"centralizedFirewallOrchestrationConfig\":{\"inspectionVpcIds\":[{\"resourceId\":\"vpc-1234\",\"accountId\":\"123456789011\"}],\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.0.0/28\"]}]}},\"allowedIPV4CidrList\":[]}}}}" - // To use the centralized deployment model, you must set PolicyOption (https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PolicyOption.html) - // to CENTRALIZED. + // * Example: DNS_FIREWALL "{\"type\":\"DNS_FIREWALL\",\"preProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-1\",\"priority\":10}],\"postProcessRuleGroups\":[{\"ruleGroupId\":\"rslvr-frg-2\",\"priority\":9911}]}" + // Valid values for preProcessRuleGroups are between 1 and 99. Valid values + // for postProcessRuleGroups are between 9901 and 10000. // // * Example: NETWORK_FIREWALL - Distributed deployment model with automatic // Availability Zone configuration. With automatic Availbility Zone configuration, @@ -9619,6 +10575,8 @@ type SecurityServicePolicyData struct { // \"logType\":\"FLOW\", \"logDestination\":{ \"bucketName\":\"s3-bucket-name\" // } } ], \"overrideExistingConfig\":boolean } }" // + // * Example: PARTNER_FIREWALL for Firewall Manager "{\"type\":\"THIRD_PARTY_FIREWALL\",\"thirdPartyrFirewall\":\"PALO_ALTO_NETWORKS_CLOUD_NGFW\",\"thirdPartyFirewallConfig\":{\"thirdPartyFirewallPolicyList\":[\"global-123456789012-1\"],\"networkFirewallLoggingConfiguration\":null},\"firewallDeploymentModel\":{\"distributedFirewallDeploymentModel\":{\"distributedFirewallOrchestrationConfig\":{\"firewallCreationConfig\":{\"endpointLocation\":{\"availabilityZoneConfigList\":[{\"availabilityZoneId\":null,\"availabilityZoneName\":\"us-east-1a\",\"allowedIPV4CidrList\":[\"10.0.1.0/28\"]}]}},\"allowedIPV4CidrList\":null},\"distributedRouteManagementConfig\":null},\"centralizedFirewallDeploymentModel\":null}}"" + // // * Specification for SHIELD_ADVANCED for Amazon CloudFront distributions // "{\"type\":\"SHIELD_ADVANCED\",\"automaticResponseConfiguration\": {\"automaticResponseStatus\":\"ENABLED|IGNORED|DISABLED\", // \"automaticResponseAction\":\"BLOCK|COUNT\"}, \"overrideCustomerWebaclClassic\":true|false}" @@ -9639,6 +10597,14 @@ type SecurityServicePolicyData struct { // \"overrideAction\" : {\"type\": \"COUNT\"}}], \"defaultAction\": {\"type\": // \"BLOCK\"}}" // + // * Example: WAFV2 - Firewall Manager support for WAF managed rule group + // versioning "{\"type\":\"WAFV2\",\"preProcessRuleGroups\":[{\"ruleGroupArn\":null,\"overrideAction\":{\"type\":\"NONE\"},\"managedRuleGroupIdentifier\":{\"versionEnabled\":true,\"version\":\"Version_2.0\",\"vendorName\":\"AWS\",\"managedRuleGroupName\":\"AWSManagedRulesCommonRuleSet\"},\"ruleGroupType\":\"ManagedRuleGroup\",\"excludeRules\":[{\"name\":\"NoUserAgent_HEADER\"}]}],\"postProcessRuleGroups\":[],\"defaultAction\":{\"type\":\"ALLOW\"},\"overrideCustomerWebACLAssociation\":false,\"loggingConfiguration\":{\"logDestinationConfigs\":[\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\"],\"redactedFields\":[{\"redactedFieldType\":\"SingleHeader\",\"redactedFieldValue\":\"Cookies\"},{\"redactedFieldType\":\"Method\"}]}}" + // To use a specific version of a WAF managed rule group in your Firewall + // Manager policy, you must set versionEnabled to true, and set version to + // the version you'd like to use. If you don't set versionEnabled to true, + // or if you omit versionEnabled, then Firewall Manager uses the default + // version of the WAF managed rule group. + // // * Example: SECURITY_GROUPS_COMMON "{\"type\":\"SECURITY_GROUPS_COMMON\",\"revertManualSecurityGroupChanges\":false,\"exclusiveResourceSecurityGroupManagement\":false, // \"applyToAllEC2InstanceENIs\":false,\"securityGroups\":[{\"id\":\" sg-000e55995d61a06bd\"}]}" // @@ -9984,6 +10950,271 @@ func (s TagResourceOutput) GoString() string { return s.String() } +// Configures the firewall policy deployment model for a third-party firewall. +// The deployment model can either be distributed or centralized. +type ThirdPartyFirewallFirewallPolicy struct { + _ struct{} `type:"structure"` + + // The ID of the specified firewall policy. + FirewallPolicyId *string `min:"1" type:"string"` + + // The name of the specified firewall policy. + FirewallPolicyName *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallFirewallPolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallFirewallPolicy) GoString() string { + return s.String() +} + +// SetFirewallPolicyId sets the FirewallPolicyId field's value. +func (s *ThirdPartyFirewallFirewallPolicy) SetFirewallPolicyId(v string) *ThirdPartyFirewallFirewallPolicy { + s.FirewallPolicyId = &v + return s +} + +// SetFirewallPolicyName sets the FirewallPolicyName field's value. +func (s *ThirdPartyFirewallFirewallPolicy) SetFirewallPolicyName(v string) *ThirdPartyFirewallFirewallPolicy { + s.FirewallPolicyName = &v + return s +} + +// The violation details for a third-party firewall that's not associated with +// an Firewall Manager managed route table. +type ThirdPartyFirewallMissingExpectedRouteTableViolation struct { + _ struct{} `type:"structure"` + + // The Availability Zone of the firewall subnet that's causing the violation. + AvailabilityZone *string `type:"string"` + + // The resource ID of the current route table that's associated with the subnet, + // if one is available. + CurrentRouteTable *string `min:"1" type:"string"` + + // The resource ID of the route table that should be associated with the subnet. + ExpectedRouteTable *string `min:"1" type:"string"` + + // The resource ID of the VPC associated with a fireawll subnet that's causing + // the violation. + VPC *string `min:"1" type:"string"` + + // The ID of the third-party firewall or VPC resource that's causing the violation. + ViolationTarget *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallMissingExpectedRouteTableViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallMissingExpectedRouteTableViolation) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *ThirdPartyFirewallMissingExpectedRouteTableViolation) SetAvailabilityZone(v string) *ThirdPartyFirewallMissingExpectedRouteTableViolation { + s.AvailabilityZone = &v + return s +} + +// SetCurrentRouteTable sets the CurrentRouteTable field's value. +func (s *ThirdPartyFirewallMissingExpectedRouteTableViolation) SetCurrentRouteTable(v string) *ThirdPartyFirewallMissingExpectedRouteTableViolation { + s.CurrentRouteTable = &v + return s +} + +// SetExpectedRouteTable sets the ExpectedRouteTable field's value. +func (s *ThirdPartyFirewallMissingExpectedRouteTableViolation) SetExpectedRouteTable(v string) *ThirdPartyFirewallMissingExpectedRouteTableViolation { + s.ExpectedRouteTable = &v + return s +} + +// SetVPC sets the VPC field's value. +func (s *ThirdPartyFirewallMissingExpectedRouteTableViolation) SetVPC(v string) *ThirdPartyFirewallMissingExpectedRouteTableViolation { + s.VPC = &v + return s +} + +// SetViolationTarget sets the ViolationTarget field's value. +func (s *ThirdPartyFirewallMissingExpectedRouteTableViolation) SetViolationTarget(v string) *ThirdPartyFirewallMissingExpectedRouteTableViolation { + s.ViolationTarget = &v + return s +} + +// The violation details about a third-party firewall's subnet that doesn't +// have a Firewall Manager managed firewall in its VPC. +type ThirdPartyFirewallMissingFirewallViolation struct { + _ struct{} `type:"structure"` + + // The Availability Zone of the third-party firewall that's causing the violation. + AvailabilityZone *string `type:"string"` + + // The reason the resource is causing this violation, if a reason is available. + TargetViolationReason *string `type:"string"` + + // The resource ID of the VPC associated with a third-party firewall. + VPC *string `min:"1" type:"string"` + + // The ID of the third-party firewall that's causing the violation. + ViolationTarget *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallMissingFirewallViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallMissingFirewallViolation) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *ThirdPartyFirewallMissingFirewallViolation) SetAvailabilityZone(v string) *ThirdPartyFirewallMissingFirewallViolation { + s.AvailabilityZone = &v + return s +} + +// SetTargetViolationReason sets the TargetViolationReason field's value. +func (s *ThirdPartyFirewallMissingFirewallViolation) SetTargetViolationReason(v string) *ThirdPartyFirewallMissingFirewallViolation { + s.TargetViolationReason = &v + return s +} + +// SetVPC sets the VPC field's value. +func (s *ThirdPartyFirewallMissingFirewallViolation) SetVPC(v string) *ThirdPartyFirewallMissingFirewallViolation { + s.VPC = &v + return s +} + +// SetViolationTarget sets the ViolationTarget field's value. +func (s *ThirdPartyFirewallMissingFirewallViolation) SetViolationTarget(v string) *ThirdPartyFirewallMissingFirewallViolation { + s.ViolationTarget = &v + return s +} + +// The violation details for a third-party firewall for an Availability Zone +// that's missing the Firewall Manager managed subnet. +type ThirdPartyFirewallMissingSubnetViolation struct { + _ struct{} `type:"structure"` + + // The Availability Zone of a subnet that's causing the violation. + AvailabilityZone *string `type:"string"` + + // The reason the resource is causing the violation, if a reason is available. + TargetViolationReason *string `type:"string"` + + // The resource ID of the VPC associated with a subnet that's causing the violation. + VPC *string `min:"1" type:"string"` + + // The ID of the third-party firewall or VPC resource that's causing the violation. + ViolationTarget *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallMissingSubnetViolation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallMissingSubnetViolation) GoString() string { + return s.String() +} + +// SetAvailabilityZone sets the AvailabilityZone field's value. +func (s *ThirdPartyFirewallMissingSubnetViolation) SetAvailabilityZone(v string) *ThirdPartyFirewallMissingSubnetViolation { + s.AvailabilityZone = &v + return s +} + +// SetTargetViolationReason sets the TargetViolationReason field's value. +func (s *ThirdPartyFirewallMissingSubnetViolation) SetTargetViolationReason(v string) *ThirdPartyFirewallMissingSubnetViolation { + s.TargetViolationReason = &v + return s +} + +// SetVPC sets the VPC field's value. +func (s *ThirdPartyFirewallMissingSubnetViolation) SetVPC(v string) *ThirdPartyFirewallMissingSubnetViolation { + s.VPC = &v + return s +} + +// SetViolationTarget sets the ViolationTarget field's value. +func (s *ThirdPartyFirewallMissingSubnetViolation) SetViolationTarget(v string) *ThirdPartyFirewallMissingSubnetViolation { + s.ViolationTarget = &v + return s +} + +// Configures the policy for the third-party firewall. +type ThirdPartyFirewallPolicy struct { + _ struct{} `type:"structure"` + + // Defines the deployment model to use for the third-party firewall. + FirewallDeploymentModel *string `type:"string" enum:"FirewallDeploymentModel"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallPolicy) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ThirdPartyFirewallPolicy) GoString() string { + return s.String() +} + +// SetFirewallDeploymentModel sets the FirewallDeploymentModel field's value. +func (s *ThirdPartyFirewallPolicy) SetFirewallDeploymentModel(v string) *ThirdPartyFirewallPolicy { + s.FirewallDeploymentModel = &v + return s +} + type UntagResourceInput struct { _ struct{} `type:"structure"` @@ -10097,9 +11328,6 @@ type ViolationDetail struct { ResourceId *string `min:"1" type:"string" required:"true"` // The ResourceTag objects associated with the resource. - // - // This option isn't available for the centralized deployment model when creating - // policies to configure Network Firewall. ResourceTags []*Tag `type:"list"` // The resource type that the violation details were requested for. @@ -10264,12 +11492,36 @@ func DestinationType_Values() []string { const ( // FirewallDeploymentModelCentralized is a FirewallDeploymentModel enum value FirewallDeploymentModelCentralized = "CENTRALIZED" + + // FirewallDeploymentModelDistributed is a FirewallDeploymentModel enum value + FirewallDeploymentModelDistributed = "DISTRIBUTED" ) // FirewallDeploymentModel_Values returns all elements of the FirewallDeploymentModel enum func FirewallDeploymentModel_Values() []string { return []string{ FirewallDeploymentModelCentralized, + FirewallDeploymentModelDistributed, + } +} + +const ( + // MarketplaceSubscriptionOnboardingStatusNoSubscription is a MarketplaceSubscriptionOnboardingStatus enum value + MarketplaceSubscriptionOnboardingStatusNoSubscription = "NO_SUBSCRIPTION" + + // MarketplaceSubscriptionOnboardingStatusNotComplete is a MarketplaceSubscriptionOnboardingStatus enum value + MarketplaceSubscriptionOnboardingStatusNotComplete = "NOT_COMPLETE" + + // MarketplaceSubscriptionOnboardingStatusComplete is a MarketplaceSubscriptionOnboardingStatus enum value + MarketplaceSubscriptionOnboardingStatusComplete = "COMPLETE" +) + +// MarketplaceSubscriptionOnboardingStatus_Values returns all elements of the MarketplaceSubscriptionOnboardingStatus enum +func MarketplaceSubscriptionOnboardingStatus_Values() []string { + return []string{ + MarketplaceSubscriptionOnboardingStatusNoSubscription, + MarketplaceSubscriptionOnboardingStatusNotComplete, + MarketplaceSubscriptionOnboardingStatusComplete, } } @@ -10329,6 +11581,9 @@ const ( // SecurityServiceTypeDnsFirewall is a SecurityServiceType enum value SecurityServiceTypeDnsFirewall = "DNS_FIREWALL" + + // SecurityServiceTypeThirdPartyFirewall is a SecurityServiceType enum value + SecurityServiceTypeThirdPartyFirewall = "THIRD_PARTY_FIREWALL" ) // SecurityServiceType_Values returns all elements of the SecurityServiceType enum @@ -10342,6 +11597,7 @@ func SecurityServiceType_Values() []string { SecurityServiceTypeSecurityGroupsUsageAudit, SecurityServiceTypeNetworkFirewall, SecurityServiceTypeDnsFirewall, + SecurityServiceTypeThirdPartyFirewall, } } @@ -10393,6 +11649,46 @@ func TargetType_Values() []string { } } +const ( + // ThirdPartyFirewallPaloAltoNetworksCloudNgfw is a ThirdPartyFirewall enum value + ThirdPartyFirewallPaloAltoNetworksCloudNgfw = "PALO_ALTO_NETWORKS_CLOUD_NGFW" +) + +// ThirdPartyFirewall_Values returns all elements of the ThirdPartyFirewall enum +func ThirdPartyFirewall_Values() []string { + return []string{ + ThirdPartyFirewallPaloAltoNetworksCloudNgfw, + } +} + +const ( + // ThirdPartyFirewallAssociationStatusOnboarding is a ThirdPartyFirewallAssociationStatus enum value + ThirdPartyFirewallAssociationStatusOnboarding = "ONBOARDING" + + // ThirdPartyFirewallAssociationStatusOnboardComplete is a ThirdPartyFirewallAssociationStatus enum value + ThirdPartyFirewallAssociationStatusOnboardComplete = "ONBOARD_COMPLETE" + + // ThirdPartyFirewallAssociationStatusOffboarding is a ThirdPartyFirewallAssociationStatus enum value + ThirdPartyFirewallAssociationStatusOffboarding = "OFFBOARDING" + + // ThirdPartyFirewallAssociationStatusOffboardComplete is a ThirdPartyFirewallAssociationStatus enum value + ThirdPartyFirewallAssociationStatusOffboardComplete = "OFFBOARD_COMPLETE" + + // ThirdPartyFirewallAssociationStatusNotExist is a ThirdPartyFirewallAssociationStatus enum value + ThirdPartyFirewallAssociationStatusNotExist = "NOT_EXIST" +) + +// ThirdPartyFirewallAssociationStatus_Values returns all elements of the ThirdPartyFirewallAssociationStatus enum +func ThirdPartyFirewallAssociationStatus_Values() []string { + return []string{ + ThirdPartyFirewallAssociationStatusOnboarding, + ThirdPartyFirewallAssociationStatusOnboardComplete, + ThirdPartyFirewallAssociationStatusOffboarding, + ThirdPartyFirewallAssociationStatusOffboardComplete, + ThirdPartyFirewallAssociationStatusNotExist, + } +} + const ( // ViolationReasonWebAclMissingRuleGroup is a ViolationReason enum value ViolationReasonWebAclMissingRuleGroup = "WEB_ACL_MISSING_RULE_GROUP" @@ -10436,6 +11732,9 @@ const ( // ViolationReasonNetworkFirewallPolicyModified is a ViolationReason enum value ViolationReasonNetworkFirewallPolicyModified = "NETWORK_FIREWALL_POLICY_MODIFIED" + // ViolationReasonFirewallSubnetIsOutOfScope is a ViolationReason enum value + ViolationReasonFirewallSubnetIsOutOfScope = "FIREWALL_SUBNET_IS_OUT_OF_SCOPE" + // ViolationReasonInternetGatewayMissingExpectedRoute is a ViolationReason enum value ViolationReasonInternetGatewayMissingExpectedRoute = "INTERNET_GATEWAY_MISSING_EXPECTED_ROUTE" @@ -10469,11 +11768,11 @@ const ( // ViolationReasonResourceMissingDnsFirewall is a ViolationReason enum value ViolationReasonResourceMissingDnsFirewall = "RESOURCE_MISSING_DNS_FIREWALL" - // ViolationReasonFirewallSubnetIsOutOfScope is a ViolationReason enum value - ViolationReasonFirewallSubnetIsOutOfScope = "FIREWALL_SUBNET_IS_OUT_OF_SCOPE" - // ViolationReasonRouteHasOutOfScopeEndpoint is a ViolationReason enum value ViolationReasonRouteHasOutOfScopeEndpoint = "ROUTE_HAS_OUT_OF_SCOPE_ENDPOINT" + + // ViolationReasonFirewallSubnetMissingVpceEndpoint is a ViolationReason enum value + ViolationReasonFirewallSubnetMissingVpceEndpoint = "FIREWALL_SUBNET_MISSING_VPCE_ENDPOINT" ) // ViolationReason_Values returns all elements of the ViolationReason enum @@ -10493,6 +11792,7 @@ func ViolationReason_Values() []string { ViolationReasonMissingFirewallSubnetInAz, ViolationReasonMissingExpectedRouteTable, ViolationReasonNetworkFirewallPolicyModified, + ViolationReasonFirewallSubnetIsOutOfScope, ViolationReasonInternetGatewayMissingExpectedRoute, ViolationReasonFirewallSubnetMissingExpectedRoute, ViolationReasonUnexpectedFirewallRoutes, @@ -10504,7 +11804,7 @@ func ViolationReason_Values() []string { ViolationReasonBlackHoleRouteDetected, ViolationReasonBlackHoleRouteDetectedInFirewallSubnet, ViolationReasonResourceMissingDnsFirewall, - ViolationReasonFirewallSubnetIsOutOfScope, ViolationReasonRouteHasOutOfScopeEndpoint, + ViolationReasonFirewallSubnetMissingVpceEndpoint, } } diff --git a/service/fms/fmsiface/interface.go b/service/fms/fmsiface/interface.go index 89a3d8d3d66..724b13da7ac 100644 --- a/service/fms/fmsiface/interface.go +++ b/service/fms/fmsiface/interface.go @@ -64,6 +64,10 @@ type FMSAPI interface { AssociateAdminAccountWithContext(aws.Context, *fms.AssociateAdminAccountInput, ...request.Option) (*fms.AssociateAdminAccountOutput, error) AssociateAdminAccountRequest(*fms.AssociateAdminAccountInput) (*request.Request, *fms.AssociateAdminAccountOutput) + AssociateThirdPartyFirewall(*fms.AssociateThirdPartyFirewallInput) (*fms.AssociateThirdPartyFirewallOutput, error) + AssociateThirdPartyFirewallWithContext(aws.Context, *fms.AssociateThirdPartyFirewallInput, ...request.Option) (*fms.AssociateThirdPartyFirewallOutput, error) + AssociateThirdPartyFirewallRequest(*fms.AssociateThirdPartyFirewallInput) (*request.Request, *fms.AssociateThirdPartyFirewallOutput) + DeleteAppsList(*fms.DeleteAppsListInput) (*fms.DeleteAppsListOutput, error) DeleteAppsListWithContext(aws.Context, *fms.DeleteAppsListInput, ...request.Option) (*fms.DeleteAppsListOutput, error) DeleteAppsListRequest(*fms.DeleteAppsListInput) (*request.Request, *fms.DeleteAppsListOutput) @@ -84,6 +88,10 @@ type FMSAPI interface { DisassociateAdminAccountWithContext(aws.Context, *fms.DisassociateAdminAccountInput, ...request.Option) (*fms.DisassociateAdminAccountOutput, error) DisassociateAdminAccountRequest(*fms.DisassociateAdminAccountInput) (*request.Request, *fms.DisassociateAdminAccountOutput) + DisassociateThirdPartyFirewall(*fms.DisassociateThirdPartyFirewallInput) (*fms.DisassociateThirdPartyFirewallOutput, error) + DisassociateThirdPartyFirewallWithContext(aws.Context, *fms.DisassociateThirdPartyFirewallInput, ...request.Option) (*fms.DisassociateThirdPartyFirewallOutput, error) + DisassociateThirdPartyFirewallRequest(*fms.DisassociateThirdPartyFirewallInput) (*request.Request, *fms.DisassociateThirdPartyFirewallOutput) + GetAdminAccount(*fms.GetAdminAccountInput) (*fms.GetAdminAccountOutput, error) GetAdminAccountWithContext(aws.Context, *fms.GetAdminAccountInput, ...request.Option) (*fms.GetAdminAccountOutput, error) GetAdminAccountRequest(*fms.GetAdminAccountInput) (*request.Request, *fms.GetAdminAccountOutput) @@ -112,6 +120,10 @@ type FMSAPI interface { GetProtocolsListWithContext(aws.Context, *fms.GetProtocolsListInput, ...request.Option) (*fms.GetProtocolsListOutput, error) GetProtocolsListRequest(*fms.GetProtocolsListInput) (*request.Request, *fms.GetProtocolsListOutput) + GetThirdPartyFirewallAssociationStatus(*fms.GetThirdPartyFirewallAssociationStatusInput) (*fms.GetThirdPartyFirewallAssociationStatusOutput, error) + GetThirdPartyFirewallAssociationStatusWithContext(aws.Context, *fms.GetThirdPartyFirewallAssociationStatusInput, ...request.Option) (*fms.GetThirdPartyFirewallAssociationStatusOutput, error) + GetThirdPartyFirewallAssociationStatusRequest(*fms.GetThirdPartyFirewallAssociationStatusInput) (*request.Request, *fms.GetThirdPartyFirewallAssociationStatusOutput) + GetViolationDetails(*fms.GetViolationDetailsInput) (*fms.GetViolationDetailsOutput, error) GetViolationDetailsWithContext(aws.Context, *fms.GetViolationDetailsInput, ...request.Option) (*fms.GetViolationDetailsOutput, error) GetViolationDetailsRequest(*fms.GetViolationDetailsInput) (*request.Request, *fms.GetViolationDetailsOutput) @@ -155,6 +167,13 @@ type FMSAPI interface { ListTagsForResourceWithContext(aws.Context, *fms.ListTagsForResourceInput, ...request.Option) (*fms.ListTagsForResourceOutput, error) ListTagsForResourceRequest(*fms.ListTagsForResourceInput) (*request.Request, *fms.ListTagsForResourceOutput) + ListThirdPartyFirewallFirewallPolicies(*fms.ListThirdPartyFirewallFirewallPoliciesInput) (*fms.ListThirdPartyFirewallFirewallPoliciesOutput, error) + ListThirdPartyFirewallFirewallPoliciesWithContext(aws.Context, *fms.ListThirdPartyFirewallFirewallPoliciesInput, ...request.Option) (*fms.ListThirdPartyFirewallFirewallPoliciesOutput, error) + ListThirdPartyFirewallFirewallPoliciesRequest(*fms.ListThirdPartyFirewallFirewallPoliciesInput) (*request.Request, *fms.ListThirdPartyFirewallFirewallPoliciesOutput) + + ListThirdPartyFirewallFirewallPoliciesPages(*fms.ListThirdPartyFirewallFirewallPoliciesInput, func(*fms.ListThirdPartyFirewallFirewallPoliciesOutput, bool) bool) error + ListThirdPartyFirewallFirewallPoliciesPagesWithContext(aws.Context, *fms.ListThirdPartyFirewallFirewallPoliciesInput, func(*fms.ListThirdPartyFirewallFirewallPoliciesOutput, bool) bool, ...request.Option) error + PutAppsList(*fms.PutAppsListInput) (*fms.PutAppsListOutput, error) PutAppsListWithContext(aws.Context, *fms.PutAppsListInput, ...request.Option) (*fms.PutAppsListOutput, error) PutAppsListRequest(*fms.PutAppsListInput) (*request.Request, *fms.PutAppsListOutput) diff --git a/service/fsx/api.go b/service/fsx/api.go index 644e9b3d52b..a836e53853f 100644 --- a/service/fsx/api.go +++ b/service/fsx/api.go @@ -798,7 +798,7 @@ func (c *FSx) CreateFileSystemRequest(input *CreateFileSystemInput) (req *reques // * Creates a new, empty Amazon FSx file system with an assigned ID, and // an initial lifecycle state of CREATING. // -// * Returns the description of the file system. +// * Returns the description of the file system in JSON format. // // This operation requires a client request token in the request that Amazon // FSx uses to ensure idempotent creation. This means that calling the operation @@ -4118,6 +4118,8 @@ func (c *FSx) UpdateFileSystemRequest(input *UpdateFileSystemInput) (req *reques // // * StorageCapacity // +// * ThroughputCapacity +// // * WeeklyMaintenanceStartTime // // For the Amazon FSx for OpenZFS file systems, you can update the following @@ -5856,13 +5858,21 @@ type CopyBackupInput struct { // precedence. CopyTags *bool `type:"boolean"` - // The ID of the Key Management Service (KMS) key used to encrypt the file system's - // data for Amazon FSx for Windows File Server file systems, Amazon FSx for - // NetApp ONTAP file systems, and Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 - // file systems at rest. If this ID isn't specified, the key managed by Amazon - // FSx is used. The Amazon FSx for Lustre SCRATCH_1 and SCRATCH_2 file systems - // are always encrypted at rest using Amazon FSx-managed keys. For more information, - // see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) + // Specifies the ID of the Key Management Service (KMS) key to use for encrypting + // data on Amazon FSx file systems, as follows: + // + // * Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 deployment types + // only. SCRATCH_1 and SCRATCH_2 types are encrypted using the Amazon FSx + // service KMS key for your account. + // + // * Amazon FSx for NetApp ONTAP + // + // * Amazon FSx for OpenZFS + // + // * Amazon FSx for Windows File Server + // + // If a KmsKeyId isn't specified, the Amazon FSx-managed KMS key for your account + // is used. For more information, see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) // in the Key Management Service API Reference. KmsKeyId *string `min:"1" type:"string"` @@ -6535,13 +6545,21 @@ type CreateFileSystemFromBackupInput struct { // backup's FileSystemTypeVersion setting. FileSystemTypeVersion *string `min:"1" type:"string"` - // The ID of the Key Management Service (KMS) key used to encrypt the file system's - // data for Amazon FSx for Windows File Server file systems, Amazon FSx for - // NetApp ONTAP file systems, and Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 - // file systems at rest. If this ID isn't specified, the key managed by Amazon - // FSx is used. The Amazon FSx for Lustre SCRATCH_1 and SCRATCH_2 file systems - // are always encrypted at rest using Amazon FSx-managed keys. For more information, - // see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) + // Specifies the ID of the Key Management Service (KMS) key to use for encrypting + // data on Amazon FSx file systems, as follows: + // + // * Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 deployment types + // only. SCRATCH_1 and SCRATCH_2 types are encrypted using the Amazon FSx + // service KMS key for your account. + // + // * Amazon FSx for NetApp ONTAP + // + // * Amazon FSx for OpenZFS + // + // * Amazon FSx for Windows File Server + // + // If a KmsKeyId isn't specified, the Amazon FSx-managed KMS key for your account + // is used. For more information, see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) // in the Key Management Service API Reference. KmsKeyId *string `min:"1" type:"string"` @@ -6811,13 +6829,21 @@ type CreateFileSystemInput struct { // type, the CreateFileSystem operation fails. FileSystemTypeVersion *string `min:"1" type:"string"` - // The ID of the Key Management Service (KMS) key used to encrypt the file system's - // data for Amazon FSx for Windows File Server file systems, Amazon FSx for - // NetApp ONTAP file systems, and Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 - // file systems at rest. If this ID isn't specified, the key managed by Amazon - // FSx is used. The Amazon FSx for Lustre SCRATCH_1 and SCRATCH_2 file systems - // are always encrypted at rest using Amazon FSx-managed keys. For more information, - // see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) + // Specifies the ID of the Key Management Service (KMS) key to use for encrypting + // data on Amazon FSx file systems, as follows: + // + // * Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 deployment types + // only. SCRATCH_1 and SCRATCH_2 types are encrypted using the Amazon FSx + // service KMS key for your account. + // + // * Amazon FSx for NetApp ONTAP + // + // * Amazon FSx for OpenZFS + // + // * Amazon FSx for Windows File Server + // + // If a KmsKeyId isn't specified, the Amazon FSx-managed KMS key for your account + // is used. For more information, see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) // in the Key Management Service API Reference. KmsKeyId *string `min:"1" type:"string"` @@ -12554,14 +12580,18 @@ type FileSystem struct { // or 2.12. FileSystemTypeVersion *string `min:"1" type:"string"` - // The ID of the Key Management Service (KMS) key used to encrypt the file system's - // data for Amazon FSx for Windows File Server file systems, Amazon FSx for - // NetApp ONTAP file systems, and PERSISTENT Amazon FSx for Lustre file systems - // at rest. If this ID isn't specified, the Amazon FSx-managed key for your - // account is used. The scratch Amazon FSx for Lustre file systems are always - // encrypted at rest using the Amazon FSx-managed key for your account. For - // more information, see Encrypt (https://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html) - // in the Key Management Service API Reference. + // The ID of the Key Management Service (KMS) key used to encrypt Amazon FSx + // file system data. Used as follows with Amazon FSx file system types: + // + // * Amazon FSx for Lustre PERSISTENT_1 and PERSISTENT_2 deployment types + // only. SCRATCH_1 and SCRATCH_2 types are encrypted using the Amazon FSx + // service KMS key for your account. + // + // * Amazon FSx for NetApp ONTAP + // + // * Amazon FSx for OpenZFS + // + // * Amazon FSx for Windows File Server KmsKeyId *string `min:"1" type:"string"` // The lifecycle status of the file system. The following are the possible values @@ -12597,7 +12627,7 @@ type FileSystem struct { // than one. NetworkInterfaceIds []*string `type:"list"` - // The configuration for this FSx for ONTAP file system. + // The configuration for this Amazon FSx for NetApp ONTAP file system. OntapConfiguration *OntapFileSystemConfiguration `type:"structure"` // The configuration for this Amazon FSx for OpenZFS file system. @@ -12608,7 +12638,7 @@ type FileSystem struct { // Web Services account to which the IAM user belongs is the owner. OwnerId *string `min:"12" type:"string"` - // The Amazon Resource Name (ARN) for the file system resource. + // The Amazon Resource Name (ARN) of the file system resource. ResourceARN *string `min:"8" type:"string"` // The storage capacity of the file system in gibibytes (GiB). @@ -12639,7 +12669,7 @@ type FileSystem struct { // The ID of the primary virtual private cloud (VPC) for the file system. VpcId *string `min:"12" type:"string"` - // The configuration for this FSx for Windows File Server file system. + // The configuration for this Amazon FSx for Windows File Server file system. WindowsConfiguration *WindowsFileSystemConfiguration `type:"structure"` } @@ -14486,7 +14516,8 @@ type OntapFileSystemConfiguration struct { // The VPC route tables in which your file system's endpoints are created. RouteTableIds []*string `type:"list"` - // The sustained throughput of an Amazon FSx file system in MBps. + // The sustained throughput of an Amazon FSx file system in Megabytes per second + // (MBps). ThroughputCapacity *int64 `min:"8" type:"integer"` // A recurring weekly time, in the format D:HH:MM. @@ -14724,7 +14755,7 @@ func (s *OntapVolumeConfiguration) SetUUID(v string) *OntapVolumeConfiguration { return s } -// Specifies who can mount the file system and the options that can be used +// Specifies who can mount an OpenZFS file system and the options available // while mounting the file system. type OpenZFSClientConfiguration struct { _ struct{} `type:"structure"` @@ -16502,7 +16533,7 @@ func (s *SourceBackupUnavailable) RequestID() string { return s.RespMetadata.RequestID } -// Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuraton. +// Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuration. type StorageVirtualMachine struct { _ struct{} `type:"structure"` @@ -17797,6 +17828,11 @@ type UpdateFileSystemOntapConfiguration struct { // String and GoString methods. FsxAdminPassword *string `min:"8" type:"string" sensitive:"true"` + // Specifies the throughput of an FSx for NetApp ONTAP file system, measured + // in megabytes per second (MBps). Valid values are 64, 128, 256, 512, 1024, + // 2048, 3072, or 4096 MB/s. + ThroughputCapacity *int64 `min:"8" type:"integer"` + // A recurring weekly time, in the format D:HH:MM. // // D is the day of the week, for which 1 represents Monday and 7 represents @@ -17837,6 +17873,9 @@ func (s *UpdateFileSystemOntapConfiguration) Validate() error { if s.FsxAdminPassword != nil && len(*s.FsxAdminPassword) < 8 { invalidParams.Add(request.NewErrParamMinLen("FsxAdminPassword", 8)) } + if s.ThroughputCapacity != nil && *s.ThroughputCapacity < 8 { + invalidParams.Add(request.NewErrParamMinValue("ThroughputCapacity", 8)) + } if s.WeeklyMaintenanceStartTime != nil && len(*s.WeeklyMaintenanceStartTime) < 7 { invalidParams.Add(request.NewErrParamMinLen("WeeklyMaintenanceStartTime", 7)) } @@ -17871,6 +17910,12 @@ func (s *UpdateFileSystemOntapConfiguration) SetFsxAdminPassword(v string) *Upda return s } +// SetThroughputCapacity sets the ThroughputCapacity field's value. +func (s *UpdateFileSystemOntapConfiguration) SetThroughputCapacity(v int64) *UpdateFileSystemOntapConfiguration { + s.ThroughputCapacity = &v + return s +} + // SetWeeklyMaintenanceStartTime sets the WeeklyMaintenanceStartTime field's value. func (s *UpdateFileSystemOntapConfiguration) SetWeeklyMaintenanceStartTime(v string) *UpdateFileSystemOntapConfiguration { s.WeeklyMaintenanceStartTime = &v @@ -18612,7 +18657,7 @@ func (s *UpdateStorageVirtualMachineInput) SetSvmAdminPassword(v string) *Update type UpdateStorageVirtualMachineOutput struct { _ struct{} `type:"structure"` - // Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuraton. + // Describes the Amazon FSx for NetApp ONTAP storage virtual machine (SVM) configuration. StorageVirtualMachine *StorageVirtualMachine `type:"structure"` } diff --git a/service/iot/api.go b/service/iot/api.go index effdd288fce..7336f4a9119 100644 --- a/service/iot/api.go +++ b/service/iot/api.go @@ -31370,20 +31370,23 @@ type CreateCustomMetricInput struct { // generate a unique client request. ClientRequestToken *string `locationName:"clientRequestToken" min:"1" type:"string" idempotencyToken:"true"` - // Field represents a friendly name in the console for the custom metric; it - // doesn't have to be unique. Don't use this name as the metric identifier in - // the device metric report. Can be updated once defined. + // The friendly name in the console for the custom metric. This name doesn't + // have to be unique. Don't use this name as the metric identifier in the device + // metric report. You can update the friendly name after you define it. DisplayName *string `locationName:"displayName" type:"string"` // The name of the custom metric. This will be used in the metric report submitted - // from the device/thing. Shouldn't begin with aws:. Cannot be updated once - // defined. + // from the device/thing. The name can't begin with aws:. You can't change the + // name after you define it. // // MetricName is a required field MetricName *string `location:"uri" locationName:"metricName" min:"1" type:"string" required:"true"` - // The type of the custom metric. Types include string-list, ip-address-list, - // number-list, and number. + // The type of the custom metric. + // + // The type number only takes a single metric value as an input, but when you + // submit the metrics value in the DeviceMetrics report, you must pass it as + // an array with a single value. // // MetricType is a required field MetricType *string `locationName:"metricType" type:"string" required:"true" enum:"CustomMetricType"` @@ -31475,7 +31478,7 @@ func (s *CreateCustomMetricInput) SetTags(v []*Tag) *CreateCustomMetricInput { type CreateCustomMetricOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Number (ARN) of the custom metric, e.g. arn:aws-partition:iot:region:accountId:custommetric/metricName + // The Amazon Resource Number (ARN) of the custom metric. For example, arn:aws-partition:iot:region:accountId:custommetric/metricName MetricArn *string `locationName:"metricArn" type:"string"` // The name of the custom metric to be used in the metric report. @@ -34043,6 +34046,9 @@ type CreateRoleAliasInput struct { // How long (in seconds) the credentials will be valid. The default value is // 3,600 seconds. + // + // This value must be less than or equal to the maximum session duration of + // the IAM role that the role alias references. CredentialDurationSeconds *int64 `locationName:"credentialDurationSeconds" min:"900" type:"integer"` // The role alias that points to a role ARN. This allows you to change the role @@ -35314,13 +35320,21 @@ type CustomCodeSigning struct { // The certificate chain. CertificateChain *CodeSigningCertificateChain `locationName:"certificateChain" type:"structure"` - // The hash algorithm used to code sign the file. + // The hash algorithm used to code sign the file. You can use a string as the + // algorithm name if the target over-the-air (OTA) update devices are able to + // verify the signature that was generated using the same signature algorithm. + // For example, FreeRTOS uses SHA256 or SHA1, so you can pass either of them + // based on which was used for generating the signature. HashAlgorithm *string `locationName:"hashAlgorithm" type:"string"` // The signature for the file. Signature *CodeSigningSignature `locationName:"signature" type:"structure"` - // The signature algorithm used to code sign the file. + // The signature algorithm used to code sign the file. You can use a string + // as the algorithm name if the target over-the-air (OTA) update devices are + // able to verify the signature that was generated using the same signature + // algorithm. For example, FreeRTOS uses ECDSA or RSA, so you can pass either + // of them based on which was used for generating the signature. SignatureAlgorithm *string `locationName:"signatureAlgorithm" type:"string"` } @@ -38995,8 +39009,11 @@ type DescribeCustomMetricOutput struct { // The name of the custom metric. MetricName *string `locationName:"metricName" min:"1" type:"string"` - // The type of the custom metric. Types include string-list, ip-address-list, - // number-list, and number. + // The type of the custom metric. + // + // The type number only takes a single metric value as an input, but while submitting + // the metrics value in the DeviceMetrics report, it must be passed as an array + // with a single value. MetricType *string `locationName:"metricType" type:"string" enum:"CustomMetricType"` } @@ -56627,6 +56644,8 @@ type RegisterCACertificateInput struct { RegistrationConfig *RegistrationConfig `locationName:"registrationConfig" type:"structure"` // A boolean value that specifies if the CA certificate is set to active. + // + // Valid values: ACTIVE | INACTIVE SetAsActive *bool `location:"querystring" locationName:"setAsActive" type:"boolean"` // Metadata which can be used to manage the CA certificate. @@ -56790,10 +56809,13 @@ type RegisterCertificateInput struct { // A boolean value that specifies if the certificate is set to active. // + // Valid values: ACTIVE | INACTIVE + // // Deprecated: SetAsActive has been deprecated SetAsActive *bool `location:"querystring" locationName:"setAsActive" deprecated:"true" type:"boolean"` - // The status of the register certificate request. + // The status of the register certificate request. Valid values that you can + // use include ACTIVE, INACTIVE, and REVOKED. Status *string `locationName:"status" type:"string" enum:"CertificateStatus"` } @@ -64522,8 +64544,11 @@ type UpdateCustomMetricOutput struct { // The name of the custom metric. MetricName *string `locationName:"metricName" min:"1" type:"string"` - // The type of the custom metric. Types include string-list, ip-address-list, - // number-list, and number. + // The type of the custom metric. + // + // The type number only takes a single metric value as an input, but while submitting + // the metrics value in the DeviceMetrics report, it must be passed as an array + // with a single value. MetricType *string `locationName:"metricType" type:"string" enum:"CustomMetricType"` } @@ -65774,6 +65799,9 @@ type UpdateRoleAliasInput struct { _ struct{} `type:"structure"` // The number of seconds the credential will be valid. + // + // This value must be less than or equal to the maximum session duration of + // the IAM role that the role alias references. CredentialDurationSeconds *int64 `locationName:"credentialDurationSeconds" min:"900" type:"integer"` // The role alias to update. diff --git a/service/iotdataplane/api.go b/service/iotdataplane/api.go index 4f41d292bf2..ba3cc88a105 100644 --- a/service/iotdataplane/api.go +++ b/service/iotdataplane/api.go @@ -166,8 +166,8 @@ func (c *IoTDataPlane) GetRetainedMessageRequest(input *GetRetainedMessageInput) // Requires permission to access the GetRetainedMessage (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotfleethubfordevicemanagement.html#awsiotfleethubfordevicemanagement-actions-as-permissions) // action. // -// For more information about messaging costs, see IoT Core pricing - Messaging -// (http://aws.amazon.com/iot-core/pricing/#Messaging). +// For more information about messaging costs, see Amazon Web Services IoT Core +// pricing - Messaging (http://aws.amazon.com/iot-core/pricing/#Messaging). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -480,8 +480,8 @@ func (c *IoTDataPlane) ListRetainedMessagesRequest(input *ListRetainedMessagesIn // Requires permission to access the ListRetainedMessages (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiotfleethubfordevicemanagement.html#awsiotfleethubfordevicemanagement-actions-as-permissions) // action. // -// For more information about messaging costs, see IoT Core pricing - Messaging -// (http://aws.amazon.com/iot-core/pricing/#Messaging). +// For more information about messaging costs, see Amazon Web Services IoT Core +// pricing - Messaging (http://aws.amazon.com/iot-core/pricing/#Messaging). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -633,8 +633,8 @@ func (c *IoTDataPlane) PublishRequest(input *PublishInput) (req *request.Request // For more information about MQTT messages, see MQTT Protocol (http://docs.aws.amazon.com/iot/latest/developerguide/mqtt.html) // in the IoT Developer Guide. // -// For more information about messaging costs, see IoT Core pricing - Messaging -// (http://aws.amazon.com/iot-core/pricing/#Messaging). +// For more information about messaging costs, see Amazon Web Services IoT Core +// pricing - Messaging (http://aws.amazon.com/iot-core/pricing/#Messaging). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1567,7 +1567,7 @@ type PublishInput struct { // The message body. MQTT accepts text, binary, and empty (null) message payloads. // // Publishing an empty (null) payload with retain = true deletes the retained - // message identified by topic from IoT Core. + // message identified by topic from Amazon Web Services IoT Core. Payload []byte `locationName:"payload" type:"blob"` // The Quality of Service (QoS) level. diff --git a/service/iotdataplane/service.go b/service/iotdataplane/service.go index 6d32a070634..17dcbdc2d89 100644 --- a/service/iotdataplane/service.go +++ b/service/iotdataplane/service.go @@ -31,7 +31,7 @@ var initRequest func(*request.Request) // Service information constants const ( ServiceName = "data.iot" // Name of service. - EndpointsID = ServiceName // ID to lookup a service endpoint with. + EndpointsID = "data-ats.iot" // ID to lookup a service endpoint with. ServiceID = "IoT Data Plane" // ServiceID is a unique identifier of a specific service. )