diff --git a/CHANGELOG.md b/CHANGELOG.md index b8f4108d61a..888f5826067 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,20 @@ +Release v1.50.35 (2024-03-08) +=== + +### Service Client Updates +* `service/batch`: Updates service API and documentation + * This release adds JobStateTimeLimitActions setting to the Job Queue API. It allows you to configure an action Batch can take for a blocking job in front of the queue after the defined period of time. The new parameter applies for ECS, EKS, and FARGATE Job Queues. +* `service/bedrock-agent-runtime`: Updates service API and documentation +* `service/cloudtrail`: Updates service API and documentation + * Added exceptions to CreateTrail, DescribeTrails, and ListImportFailures APIs. +* `service/codebuild`: Updates service documentation + * This release adds support for a new webhook event: PULL_REQUEST_CLOSED. +* `service/cognito-idp`: Updates service API and documentation +* `service/guardduty`: Updates service API and documentation + * Add RDS Provisioned and Serverless Usage types +* `service/transfer`: Updates service API and documentation + * Added DES_EDE3_CBC to the list of supported encryption algorithms for messages sent with an AS2 connector. + Release v1.50.34 (2024-03-07) === diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go index 25055d6b818..ad0d14b868f 100644 --- a/aws/endpoints/defaults.go +++ b/aws/endpoints/defaults.go @@ -14989,6 +14989,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -18286,6 +18289,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -25487,6 +25493,9 @@ var awsPartition = partition{ endpointKey{ Region: "ca-central-1", }: endpoint{}, + endpointKey{ + Region: "ca-west-1", + }: endpoint{}, endpointKey{ Region: "eu-central-1", }: endpoint{}, @@ -36200,6 +36209,16 @@ var awscnPartition = partition{ }, }, }, + "network-firewall": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "cn-north-1", + }: endpoint{}, + endpointKey{ + Region: "cn-northwest-1", + }: endpoint{}, + }, + }, "oam": service{ Endpoints: serviceEndpoints{ endpointKey{ @@ -43780,6 +43799,9 @@ var awsisoPartition = partition{ endpointKey{ Region: "us-iso-east-1", }: endpoint{}, + endpointKey{ + Region: "us-iso-west-1", + }: endpoint{}, }, }, "athena": service{ diff --git a/aws/version.go b/aws/version.go index f2ab1cd7431..e3c577e1f3b 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.50.34" +const SDKVersion = "1.50.35" diff --git a/models/apis/batch/2016-08-10/api-2.json b/models/apis/batch/2016-08-10/api-2.json index 9cd5bbb736c..49e572cf0e1 100644 --- a/models/apis/batch/2016-08-10/api-2.json +++ b/models/apis/batch/2016-08-10/api-2.json @@ -695,7 +695,8 @@ "schedulingPolicyArn":{"shape":"String"}, "priority":{"shape":"Integer"}, "computeEnvironmentOrder":{"shape":"ComputeEnvironmentOrders"}, - "tags":{"shape":"TagrisTagsMap"} + "tags":{"shape":"TagrisTagsMap"}, + "jobStateTimeLimitActions":{"shape":"JobStateTimeLimitActions"} } }, "CreateJobQueueResponse":{ @@ -1409,13 +1410,41 @@ "statusReason":{"shape":"String"}, "priority":{"shape":"Integer"}, "computeEnvironmentOrder":{"shape":"ComputeEnvironmentOrders"}, - "tags":{"shape":"TagrisTagsMap"} + "tags":{"shape":"TagrisTagsMap"}, + "jobStateTimeLimitActions":{"shape":"JobStateTimeLimitActions"} } }, "JobQueueDetailList":{ "type":"list", "member":{"shape":"JobQueueDetail"} }, + "JobStateTimeLimitAction":{ + "type":"structure", + "required":[ + "reason", + "state", + "maxTimeSeconds", + "action" + ], + "members":{ + "reason":{"shape":"String"}, + "state":{"shape":"JobStateTimeLimitActionsState"}, + "maxTimeSeconds":{"shape":"Integer"}, + "action":{"shape":"JobStateTimeLimitActionsAction"} + } + }, + "JobStateTimeLimitActions":{ + "type":"list", + "member":{"shape":"JobStateTimeLimitAction"} + }, + "JobStateTimeLimitActionsAction":{ + "type":"string", + "enum":["CANCEL"] + }, + "JobStateTimeLimitActionsState":{ + "type":"string", + "enum":["RUNNABLE"] + }, "JobStatus":{ "type":"string", "enum":[ @@ -2137,7 +2166,8 @@ "state":{"shape":"JQState"}, "schedulingPolicyArn":{"shape":"String"}, "priority":{"shape":"Integer"}, - "computeEnvironmentOrder":{"shape":"ComputeEnvironmentOrders"} + "computeEnvironmentOrder":{"shape":"ComputeEnvironmentOrders"}, + "jobStateTimeLimitActions":{"shape":"JobStateTimeLimitActions"} } }, "UpdateJobQueueResponse":{ diff --git a/models/apis/batch/2016-08-10/docs-2.json b/models/apis/batch/2016-08-10/docs-2.json index d3c0c2cb541..ef6b2d03fd0 100644 --- a/models/apis/batch/2016-08-10/docs-2.json +++ b/models/apis/batch/2016-08-10/docs-2.json @@ -109,10 +109,10 @@ "NodePropertiesSummary$isMainNode": "
Specifies whether the current node is the main node for a multi-node parallel job.
", "RegisterJobDefinitionRequest$propagateTags": "Specifies whether to propagate the tags from the job or job definition to the corresponding Amazon ECS task. If no value is specified, the tags are not propagated. Tags can only be propagated to the tasks during task creation. For tags with the same name, job tags are given priority over job definitions tags. If the total number of combined tags from the job and job definition is over 50, the job is moved to the FAILED
state.
If the job runs on Amazon EKS resources, then you must not specify propagateTags
.
Specifies whether to propagate the tags from the job or job definition to the corresponding Amazon ECS task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the tasks during task creation. For tags with the same name, job tags are given priority over job definitions tags. If the total number of combined tags from the job and job definition is over 50, the job is moved to the FAILED
state. When specified, this overrides the tag propagation setting in the job definition.
If the essential parameter of a container is marked as true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential
parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.
", + "TaskContainerDetails$essential": "If the essential parameter of a container is marked as true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential
parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All jobs must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.
", "TaskContainerDetails$privileged": "When this parameter is true
, the container is given elevated privileges on the host container instance (similar to the root
user). This parameter maps to Privileged
in the Create a container section of the Docker Remote API and the --privileged
option to docker run.
This parameter is not supported for Windows containers or tasks run on Fargate.
When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs
in the Create a container section of the Docker Remote API and the --read-only
option to docker run.
This parameter is not supported for Windows containers.
If the essential parameter of a container is marked as true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential
parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.
", + "TaskContainerProperties$essential": "If the essential parameter of a container is marked as true
, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential
parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All jobs must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.
", "TaskContainerProperties$privileged": "When this parameter is true
, the container is given elevated privileges on the host container instance (similar to the root
user). This parameter maps to Privileged
in the Create a container section of the Docker Remote API and the --privileged
option to docker run.
This parameter is not supported for Windows containers or tasks run on Fargate.
When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs
in the Create a container section of the Docker Remote API and the --read-only
option to docker run.
This parameter is not supported for Windows containers.
Specifies whether jobs are automatically terminated when the computer environment infrastructure is updated. The default value is false
.
The scheduling priority of the job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.
", "JobDetail$schedulingPriority": "The scheduling policy of the job definition. This only affects jobs in job queues with a fair share policy. Jobs with a higher scheduling priority are scheduled before jobs with a lower scheduling priority.
", "JobQueueDetail$priority": "The priority of the job queue. Job queues with a higher priority (or a higher integer value for the priority
parameter) are evaluated first when associated with the same compute environment. Priority is determined in descending order. For example, a job queue with a priority value of 10
is given scheduling preference over a job queue with a priority value of 1
. All of the compute environments must be either Amazon EC2 (EC2
or SPOT
) or Fargate (FARGATE
or FARGATE_SPOT
). Amazon EC2 and Fargate compute environments can't be mixed.
The approximate amount of time, in seconds, that must pass with the job in the specified state before the action is taken. The minimum value is 600 (10 minutes) and the maximum value is 86,400 (24 hours).
", "JobTimeout$attemptDurationSeconds": "The job timeout time (in seconds) that's measured from the job attempt's startedAt
timestamp. After this time passes, Batch terminates your jobs if they aren't finished. The minimum value for the timeout is 60 seconds.
For array jobs, the timeout applies to the child jobs, not to the parent array job.
For multi-node parallel (MNP) jobs, the timeout applies to the whole job, not to the individual nodes.
", "LinuxParameters$sharedMemorySize": "The value for the size (in MiB) of the /dev/shm
volume. This parameter maps to the --shm-size
option to docker run.
This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.
The total amount of swap memory (in MiB) a container can use. This parameter is translated to the --memory-swap
option to docker run where the value is the sum of the container memory plus the maxSwap
value. For more information, see --memory-swap
details in the Docker documentation.
If a maxSwap
value of 0
is specified, the container doesn't use swap. Accepted values are 0
or any positive integer. If the maxSwap
parameter is omitted, the container doesn't use the swap configuration for the container instance that it's running on. A maxSwap
value must be set for the swappiness
parameter to be used.
This parameter isn't applicable to jobs that are running on Fargate resources. Don't provide it for these jobs.
The list of job queues.
" } }, + "JobStateTimeLimitAction": { + "base": "Specifies an action that Batch will take after the job has remained at the head of the queue in the specified state for longer than the specified time.
", + "refs": { + "JobStateTimeLimitActions$member": null + } + }, + "JobStateTimeLimitActions": { + "base": null, + "refs": { + "CreateJobQueueRequest$jobStateTimeLimitActions": "The set of actions that Batch performs on jobs that remain at the head of the job queue in the specified state longer than specified times. Batch will perform each action after maxTimeSeconds
has passed.
The set of actions that Batch perform on jobs that remain at the head of the job queue in the specified state longer than specified times. Batch will perform each action after maxTimeSeconds
has passed.
The set of actions that Batch perform on jobs that remain at the head of the job queue in the specified state longer than specified times. Batch will perform each action after maxTimeSeconds
has passed.
The action to take when a job is at the head of the job queue in the specified state for the specified period of time. The only supported value is \"CANCEL
\", which will cancel the job.
The state of the job needed to trigger the action. The only supported value is \"RUNNABLE
\".
The job ID.
", "JobDetail$jobQueue": "The Amazon Resource Name (ARN) of the job queue that the job is associated with.
", "JobDetail$shareIdentifier": "The share identifier for the job.
", - "JobDetail$statusReason": "A short, human-readable string to provide more details for the current status of the job.
", + "JobDetail$statusReason": "A short, human-readable string to provide more details for the current status of the job.
CAPACITY:INSUFFICIENT_INSTANCE_CAPACITY
- All compute environments have insufficient capacity to service the job.
MISCONFIGURATION:COMPUTE_ENVIRONMENT_MAX_RESOURCE
- All compute environments have a maxVcpu
setting that is smaller than the job requirements.
MISCONFIGURATION:JOB_RESOURCE_REQUIREMENT
- All compute environments have no connected instances that meet the job requirements.
MISCONFIGURATION:SERVICE_ROLE_PERMISSIONS
- All compute environments have problems with the service role permissions.
The Amazon Resource Name (ARN) of the job definition that this job uses.
", "JobQueueDetail$jobQueueName": "The job queue name.
", "JobQueueDetail$jobQueueArn": "The Amazon Resource Name (ARN) of the job queue.
", "JobQueueDetail$schedulingPolicyArn": "The Amazon Resource Name (ARN) of the scheduling policy. The format is aws:Partition:batch:Region:Account:scheduling-policy/Name
. For example, aws:aws:batch:us-west-2:123456789012:scheduling-policy/MySchedulingPolicy
.
A short, human-readable string to provide additional details for the current status of the job queue.
", + "JobStateTimeLimitAction$reason": "The reason to log for the action being taken.
", "JobSummary$jobArn": "The Amazon Resource Name (ARN) of the job.
", "JobSummary$jobId": "The job ID.
", "JobSummary$jobName": "The job name.
", diff --git a/models/apis/bedrock-agent-runtime/2023-07-26/api-2.json b/models/apis/bedrock-agent-runtime/2023-07-26/api-2.json index 4c74ef7046d..83b6ee2cc86 100644 --- a/models/apis/bedrock-agent-runtime/2023-07-26/api-2.json +++ b/models/apis/bedrock-agent-runtime/2023-07-26/api-2.json @@ -92,10 +92,10 @@ "type":"structure", "members":{ "actionGroupName":{"shape":"ActionGroupName"}, - "verb":{"shape":"Verb"}, "apiPath":{"shape":"ApiPath"}, "parameters":{"shape":"Parameters"}, - "requestBody":{"shape":"RequestBody"} + "requestBody":{"shape":"RequestBody"}, + "verb":{"shape":"Verb"} } }, "ActionGroupInvocationOutput":{ @@ -116,13 +116,13 @@ "type":"string", "max":10, "min":0, - "pattern":"[0-9a-zA-Z]+" + "pattern":"^[0-9a-zA-Z]+$" }, "AgentId":{ "type":"string", "max":10, "min":0, - "pattern":"[0-9a-zA-Z]+" + "pattern":"^[0-9a-zA-Z]+$" }, "ApiPath":{ "type":"string", @@ -148,7 +148,7 @@ "type":"string", "max":1011, "min":20, - "pattern":"arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))" + "pattern":"^arn:aws(-[^:]+)?:bedrock:[a-z0-9-]{1,20}:(([0-9]{12}:custom-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}/[a-z0-9]{12})|(:foundation-model/[a-z0-9-]{1,63}[.]{1}[a-z0-9-]{1,63}))$" }, "Boolean":{ "type":"boolean", @@ -211,8 +211,8 @@ "FailureTrace":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "failureReason":{"shape":"FailureReasonString"} + "failureReason":{"shape":"FailureReasonString"}, + "traceId":{"shape":"TraceId"} }, "sensitive":true }, @@ -235,11 +235,11 @@ "InferenceConfiguration":{ "type":"structure", "members":{ + "maximumLength":{"shape":"MaximumLength"}, + "stopSequences":{"shape":"StopSequences"}, "temperature":{"shape":"Temperature"}, - "topP":{"shape":"TopP"}, "topK":{"shape":"TopK"}, - "maximumLength":{"shape":"MaximumLength"}, - "stopSequences":{"shape":"StopSequences"} + "topP":{"shape":"TopP"} } }, "InputText":{ @@ -260,10 +260,10 @@ "InvocationInput":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "invocationType":{"shape":"InvocationType"}, "actionGroupInvocationInput":{"shape":"ActionGroupInvocationInput"}, - "knowledgeBaseLookupInput":{"shape":"KnowledgeBaseLookupInput"} + "invocationType":{"shape":"InvocationType"}, + "knowledgeBaseLookupInput":{"shape":"KnowledgeBaseLookupInput"}, + "traceId":{"shape":"TraceId"} }, "sensitive":true }, @@ -278,31 +278,31 @@ "InvokeAgentRequest":{ "type":"structure", "required":[ - "agentId", "agentAliasId", - "sessionId", - "inputText" + "agentId", + "inputText", + "sessionId" ], "members":{ - "sessionState":{"shape":"SessionState"}, - "agentId":{ - "shape":"AgentId", - "location":"uri", - "locationName":"agentId" - }, "agentAliasId":{ "shape":"AgentAliasId", "location":"uri", "locationName":"agentAliasId" }, + "agentId":{ + "shape":"AgentId", + "location":"uri", + "locationName":"agentId" + }, + "enableTrace":{"shape":"Boolean"}, + "endSession":{"shape":"Boolean"}, + "inputText":{"shape":"InputText"}, "sessionId":{ "shape":"SessionId", "location":"uri", "locationName":"sessionId" }, - "endSession":{"shape":"Boolean"}, - "enableTrace":{"shape":"Boolean"}, - "inputText":{"shape":"InputText"} + "sessionState":{"shape":"SessionState"} } }, "InvokeAgentResponse":{ @@ -331,19 +331,19 @@ "type":"string", "max":2048, "min":1, - "pattern":"arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}" + "pattern":"^arn:aws(|-cn|-us-gov):kms:[a-zA-Z0-9-]*:[0-9]{12}:key/[a-zA-Z0-9-]{36}$" }, "KnowledgeBaseId":{ "type":"string", "max":10, "min":0, - "pattern":"[0-9a-zA-Z]+" + "pattern":"^[0-9a-zA-Z]+$" }, "KnowledgeBaseLookupInput":{ "type":"structure", "members":{ - "text":{"shape":"KnowledgeBaseLookupInputString"}, - "knowledgeBaseId":{"shape":"TraceKnowledgeBaseId"} + "knowledgeBaseId":{"shape":"TraceKnowledgeBaseId"}, + "text":{"shape":"KnowledgeBaseLookupInputString"} } }, "KnowledgeBaseLookupInputString":{ @@ -429,13 +429,13 @@ "ModelInvocationInput":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "text":{"shape":"PromptText"}, - "type":{"shape":"PromptType"}, "inferenceConfiguration":{"shape":"InferenceConfiguration"}, "overrideLambda":{"shape":"LambdaArn"}, + "parserMode":{"shape":"CreationMode"}, "promptCreationMode":{"shape":"CreationMode"}, - "parserMode":{"shape":"CreationMode"} + "text":{"shape":"PromptText"}, + "traceId":{"shape":"TraceId"}, + "type":{"shape":"PromptType"} }, "sensitive":true }, @@ -443,31 +443,31 @@ "type":"string", "max":2048, "min":1, - "pattern":"\\S*" + "pattern":"^\\S*$" }, "NonBlankString":{ "type":"string", - "pattern":"[\\s\\S]*" + "pattern":"^[\\s\\S]*$" }, "Observation":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "type":{"shape":"Type"}, "actionGroupInvocationOutput":{"shape":"ActionGroupInvocationOutput"}, - "knowledgeBaseLookupOutput":{"shape":"KnowledgeBaseLookupOutput"}, "finalResponse":{"shape":"FinalResponse"}, - "repromptResponse":{"shape":"RepromptResponse"} + "knowledgeBaseLookupOutput":{"shape":"KnowledgeBaseLookupOutput"}, + "repromptResponse":{"shape":"RepromptResponse"}, + "traceId":{"shape":"TraceId"}, + "type":{"shape":"Type"} }, "sensitive":true }, "OrchestrationTrace":{ "type":"structure", "members":{ - "rationale":{"shape":"Rationale"}, "invocationInput":{"shape":"InvocationInput"}, + "modelInvocationInput":{"shape":"ModelInvocationInput"}, "observation":{"shape":"Observation"}, - "modelInvocationInput":{"shape":"ModelInvocationInput"} + "rationale":{"shape":"Rationale"} }, "sensitive":true, "union":true @@ -497,8 +497,8 @@ "PayloadPart":{ "type":"structure", "members":{ - "bytes":{"shape":"PartBody"}, - "attribution":{"shape":"Attribution"} + "attribution":{"shape":"Attribution"}, + "bytes":{"shape":"PartBody"} }, "event":true, "sensitive":true @@ -506,8 +506,8 @@ "PostProcessingModelInvocationOutput":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "parsedResponse":{"shape":"PostProcessingParsedResponse"} + "parsedResponse":{"shape":"PostProcessingParsedResponse"}, + "traceId":{"shape":"TraceId"} }, "sensitive":true }, @@ -530,16 +530,16 @@ "PreProcessingModelInvocationOutput":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "parsedResponse":{"shape":"PreProcessingParsedResponse"} + "parsedResponse":{"shape":"PreProcessingParsedResponse"}, + "traceId":{"shape":"TraceId"} }, "sensitive":true }, "PreProcessingParsedResponse":{ "type":"structure", "members":{ - "rationale":{"shape":"RationaleString"}, - "isValid":{"shape":"Boolean"} + "isValid":{"shape":"Boolean"}, + "rationale":{"shape":"RationaleString"} }, "sensitive":true }, @@ -573,8 +573,8 @@ "Rationale":{ "type":"structure", "members":{ - "traceId":{"shape":"TraceId"}, - "text":{"shape":"RationaleString"} + "text":{"shape":"RationaleString"}, + "traceId":{"shape":"TraceId"} }, "sensitive":true }, @@ -585,8 +585,8 @@ "RepromptResponse":{ "type":"structure", "members":{ - "text":{"shape":"String"}, - "source":{"shape":"Source"} + "source":{"shape":"Source"}, + "text":{"shape":"String"} }, "sensitive":true }, @@ -610,17 +610,17 @@ "ResponseStream":{ "type":"structure", "members":{ + "accessDeniedException":{"shape":"AccessDeniedException"}, + "badGatewayException":{"shape":"BadGatewayException"}, "chunk":{"shape":"PayloadPart"}, - "trace":{"shape":"TracePart"}, + "conflictException":{"shape":"ConflictException"}, + "dependencyFailedException":{"shape":"DependencyFailedException"}, "internalServerException":{"shape":"InternalServerException"}, - "validationException":{"shape":"ValidationException"}, "resourceNotFoundException":{"shape":"ResourceNotFoundException"}, "serviceQuotaExceededException":{"shape":"ServiceQuotaExceededException"}, "throttlingException":{"shape":"ThrottlingException"}, - "accessDeniedException":{"shape":"AccessDeniedException"}, - "conflictException":{"shape":"ConflictException"}, - "dependencyFailedException":{"shape":"DependencyFailedException"}, - "badGatewayException":{"shape":"BadGatewayException"} + "trace":{"shape":"TracePart"}, + "validationException":{"shape":"ValidationException"} }, "eventstream":true }, @@ -636,8 +636,8 @@ "type":"structure", "required":["type"], "members":{ - "type":{"shape":"RetrievalResultLocationType"}, - "s3Location":{"shape":"RetrievalResultS3Location"} + "s3Location":{"shape":"RetrievalResultS3Location"}, + "type":{"shape":"RetrievalResultLocationType"} }, "sensitive":true }, @@ -655,8 +655,8 @@ "type":"structure", "required":["type"], "members":{ - "type":{"shape":"RetrieveAndGenerateType"}, - "knowledgeBaseConfiguration":{"shape":"KnowledgeBaseRetrieveAndGenerateConfiguration"} + "knowledgeBaseConfiguration":{"shape":"KnowledgeBaseRetrieveAndGenerateConfiguration"}, + "type":{"shape":"RetrieveAndGenerateType"} } }, "RetrieveAndGenerateInput":{ @@ -684,22 +684,22 @@ "type":"structure", "required":["input"], "members":{ - "sessionId":{"shape":"SessionId"}, "input":{"shape":"RetrieveAndGenerateInput"}, "retrieveAndGenerateConfiguration":{"shape":"RetrieveAndGenerateConfiguration"}, - "sessionConfiguration":{"shape":"RetrieveAndGenerateSessionConfiguration"} + "sessionConfiguration":{"shape":"RetrieveAndGenerateSessionConfiguration"}, + "sessionId":{"shape":"SessionId"} } }, "RetrieveAndGenerateResponse":{ "type":"structure", "required":[ - "sessionId", - "output" + "output", + "sessionId" ], "members":{ - "sessionId":{"shape":"SessionId"}, + "citations":{"shape":"Citations"}, "output":{"shape":"RetrieveAndGenerateOutput"}, - "citations":{"shape":"Citations"} + "sessionId":{"shape":"SessionId"} } }, "RetrieveAndGenerateSessionConfiguration":{ @@ -725,17 +725,17 @@ "location":"uri", "locationName":"knowledgeBaseId" }, - "retrievalQuery":{"shape":"KnowledgeBaseQuery"}, + "nextToken":{"shape":"NextToken"}, "retrievalConfiguration":{"shape":"KnowledgeBaseRetrievalConfiguration"}, - "nextToken":{"shape":"NextToken"} + "retrievalQuery":{"shape":"KnowledgeBaseQuery"} } }, "RetrieveResponse":{ "type":"structure", "required":["retrievalResults"], "members":{ - "retrievalResults":{"shape":"KnowledgeBaseRetrievalResults"}, - "nextToken":{"shape":"NextToken"} + "nextToken":{"shape":"NextToken"}, + "retrievalResults":{"shape":"KnowledgeBaseRetrievalResults"} } }, "RetrievedReference":{ @@ -776,13 +776,13 @@ "type":"string", "max":100, "min":2, - "pattern":"[0-9a-zA-Z._:-]+" + "pattern":"^[0-9a-zA-Z._:-]+$" }, "SessionState":{ "type":"structure", "members":{ - "sessionAttributes":{"shape":"SessionAttributesMap"}, - "promptSessionAttributes":{"shape":"PromptSessionAttributesMap"} + "promptSessionAttributes":{"shape":"PromptSessionAttributesMap"}, + "sessionAttributes":{"shape":"SessionAttributesMap"} } }, "Source":{ @@ -797,8 +797,8 @@ "Span":{ "type":"structure", "members":{ - "start":{"shape":"SpanStartInteger"}, - "end":{"shape":"SpanEndInteger"} + "end":{"shape":"SpanEndInteger"}, + "start":{"shape":"SpanStartInteger"} } }, "SpanEndInteger":{ @@ -827,8 +827,8 @@ "TextResponsePart":{ "type":"structure", "members":{ - "text":{"shape":"String"}, - "span":{"shape":"Span"} + "span":{"shape":"Span"}, + "text":{"shape":"String"} }, "sensitive":true }, @@ -858,10 +858,10 @@ "Trace":{ "type":"structure", "members":{ - "preProcessingTrace":{"shape":"PreProcessingTrace"}, + "failureTrace":{"shape":"FailureTrace"}, "orchestrationTrace":{"shape":"OrchestrationTrace"}, "postProcessingTrace":{"shape":"PostProcessingTrace"}, - "failureTrace":{"shape":"FailureTrace"} + "preProcessingTrace":{"shape":"PreProcessingTrace"} }, "sensitive":true, "union":true @@ -878,8 +878,8 @@ "TracePart":{ "type":"structure", "members":{ - "agentId":{"shape":"AgentId"}, "agentAliasId":{"shape":"AgentAliasId"}, + "agentId":{"shape":"AgentId"}, "sessionId":{"shape":"SessionId"}, "trace":{"shape":"Trace"} }, diff --git a/models/apis/bedrock-agent-runtime/2023-07-26/docs-2.json b/models/apis/bedrock-agent-runtime/2023-07-26/docs-2.json index 43080d0b18f..5a89eb186ca 100644 --- a/models/apis/bedrock-agent-runtime/2023-07-26/docs-2.json +++ b/models/apis/bedrock-agent-runtime/2023-07-26/docs-2.json @@ -1,324 +1,324 @@ { "version": "2.0", - "service": "Amazon Bedrock Agent
", + "service": "Contains APIs related to model invocation and querying of knowledge bases.
", "operations": { - "InvokeAgent": "Invokes the specified Bedrock model to run inference using the input provided in the request body.
", - "Retrieve": "Retrieve from knowledge base.
", - "RetrieveAndGenerate": "RetrieveAndGenerate API
" + "InvokeAgent": "Sends a prompt for the agent to process and respond to.
The CLI doesn't support InvokeAgent
.
To continue the same conversation with an agent, use the same sessionId
value in the request.
To activate trace enablement, turn enableTrace
to true
. Trace enablement helps you follow the agent's reasoning process that led it to the information it processed, the actions it took, and the final result it yielded. For more information, see Trace enablement.
End a conversation by setting endSession
to true
.
Include attributes for the session or prompt in the sessionState
object.
The response is returned in the bytes
field of the chunk
object.
The attribution
object contains citations for parts of the response.
If you set enableTrace
to true
in the request, you can trace the agent's steps and reasoning process that led it to the response.
Errors are also surfaced in the response.
Queries a knowledge base and retrieves information from it.
", + "RetrieveAndGenerate": "Queries a knowledge base and generates responses based on the retrieved results. The response cites up to five sources but only selects the ones that are relevant to the query.
The numberOfResults
field is currently unsupported for RetrieveAndGenerate
. Don't include it in the vectorSearchConfiguration object.
This exception is thrown when a request is denied per access permissions
", + "base": "The request is denied because of missing access permissions. Check your permissions and retry your request.
", "refs": { - "ResponseStream$accessDeniedException": null + "ResponseStream$accessDeniedException": "The request is denied because of missing access permissions. Check your permissions and retry your request.
" } }, "ActionGroupInvocationInput": { - "base": "input to lambda used in action group
", + "base": "Contains information about the action group being invoked.
", "refs": { - "InvocationInput$actionGroupInvocationInput": null + "InvocationInput$actionGroupInvocationInput": "Contains information about the action group to be invoked.
" } }, "ActionGroupInvocationOutput": { - "base": "output from lambda used in action group
", + "base": "Contains the JSON-formatted string returned by the API invoked by the action group.
", "refs": { - "Observation$actionGroupInvocationOutput": null + "Observation$actionGroupInvocationOutput": "Contains the JSON-formatted string returned by the API invoked by the action group.
" } }, "ActionGroupName": { - "base": "Agent Trace Action Group Name
", + "base": null, "refs": { - "ActionGroupInvocationInput$actionGroupName": null + "ActionGroupInvocationInput$actionGroupName": "The name of the action group.
" } }, "ActionGroupOutputString": { - "base": "Agent Trace Action Group Lambda Invocation Output String
", + "base": null, "refs": { - "ActionGroupInvocationOutput$text": null + "ActionGroupInvocationOutput$text": "The JSON-formatted string returned by the API invoked by the action group.
" } }, "AgentAliasId": { - "base": "Identifier of the agent alias.
", + "base": null, "refs": { - "InvokeAgentRequest$agentAliasId": "Identifier for Agent Alias
", - "TracePart$agentAliasId": null + "InvokeAgentRequest$agentAliasId": "The alias of the agent to use.
", + "TracePart$agentAliasId": "The unique identifier of the alias of the agent.
" } }, "AgentId": { - "base": "Identifier of the agent.
", + "base": null, "refs": { - "InvokeAgentRequest$agentId": "Identifier for Agent
", - "TracePart$agentId": null + "InvokeAgentRequest$agentId": "The unique identifier of the agent to use.
", + "TracePart$agentId": "The unique identifier of the agent.
" } }, "ApiPath": { - "base": "Agent Trace Action Group API path
", + "base": null, "refs": { - "ActionGroupInvocationInput$apiPath": null + "ActionGroupInvocationInput$apiPath": "The path to the API to call, based off the action group.
" } }, "Attribution": { - "base": "Citations associated with final agent response
", + "base": "Contains citations for a part of an agent response.
", "refs": { - "PayloadPart$attribution": null + "PayloadPart$attribution": "Contains citations for a part of an agent response.
" } }, "BadGatewayException": { - "base": "This exception is thrown when a request fails due to dependency like Lambda, Bedrock, STS resource
", + "base": "There was an issue with a dependency due to a server issue. Retry your request.
", "refs": { - "ResponseStream$badGatewayException": null + "ResponseStream$badGatewayException": "There was an issue with a dependency due to a server issue. Retry your request.
" } }, "BedrockModelArn": { - "base": "Arn of a Bedrock model.
", + "base": null, "refs": { - "KnowledgeBaseRetrieveAndGenerateConfiguration$modelArn": null + "KnowledgeBaseRetrieveAndGenerateConfiguration$modelArn": "The ARN of the foundation model used to generate a response.
" } }, "Boolean": { "base": null, "refs": { - "InvokeAgentRequest$endSession": "End current session
", - "InvokeAgentRequest$enableTrace": "Enable agent trace events for improved debugging
", - "PreProcessingParsedResponse$isValid": "Boolean value
" + "InvokeAgentRequest$enableTrace": "Specifies whether to turn on the trace or not to track the agent's reasoning process. For more information, see Trace enablement.
", + "InvokeAgentRequest$endSession": "Specifies whether to end the session with the agent or not.
", + "PreProcessingParsedResponse$isValid": "Whether the user input is valid or not. If false
, the agent doesn't proceed to orchestration.
Citation associated with the agent response
", + "base": "An object containing a segment of the generated response that is based on a source in the knowledge base, alongside information about the source.
", "refs": { "Citations$member": null } }, "Citations": { - "base": "List of citations
", + "base": null, "refs": { - "Attribution$citations": null, - "RetrieveAndGenerateResponse$citations": null + "Attribution$citations": "A list of citations and related information for a part of an agent response.
", + "RetrieveAndGenerateResponse$citations": "A list of segments of the generated response that are based on sources in the knowledge base, alongside information about the sources.
" } }, "ConflictException": { - "base": "This exception is thrown when there is a conflict performing an operation
", + "base": "There was a conflict performing an operation. Resolve the conflict and retry your request.
", "refs": { - "ResponseStream$conflictException": null + "ResponseStream$conflictException": "There was a conflict performing an operation. Resolve the conflict and retry your request.
" } }, "ContentMap": { - "base": "Content type paramter map
", + "base": null, "refs": { - "RequestBody$content": null + "RequestBody$content": "The content in the request body.
" } }, "CreationMode": { - "base": "indicates if agent uses default prompt or overriden prompt
", + "base": null, "refs": { - "ModelInvocationInput$promptCreationMode": null, - "ModelInvocationInput$parserMode": null + "ModelInvocationInput$parserMode": "Specifies whether to override the default parser Lambda function when parsing the raw foundation model output in the part of the agent sequence defined by the promptType
.
Specifies whether the default prompt template was OVERRIDDEN
. If it was, the basePromptTemplate
that was set in the PromptOverrideConfiguration object when the agent was created or updated is used instead.
This exception is thrown when a request fails due to dependency like Lambda, Bedrock, STS resource due to a customer fault (i.e. bad configuration)
", + "base": "There was an issue with a dependency. Check the resource configurations and retry the request.
", "refs": { - "ResponseStream$dependencyFailedException": null + "ResponseStream$dependencyFailedException": "There was an issue with a dependency. Check the resource configurations and retry the request.
" } }, "Double": { "base": null, "refs": { - "KnowledgeBaseRetrievalResult$score": "The relevance score of a result.
" + "KnowledgeBaseRetrievalResult$score": "The level of relevance of the result to the query.
" } }, "FailureReasonString": { - "base": "Agent Trace Failed Reason String
", + "base": null, "refs": { - "FailureTrace$failureReason": null + "FailureTrace$failureReason": "The reason the interaction failed.
" } }, "FailureTrace": { - "base": "Trace Part which is emitted when agent trace could not be generated
", + "base": "Contains information about the failure of the interaction.
", "refs": { - "Trace$failureTrace": null + "Trace$failureTrace": "Contains information about the failure of the interaction.
" } }, "FinalResponse": { - "base": "Agent finish output
", + "base": "Contains details about the response to the user.
", "refs": { - "Observation$finalResponse": null + "Observation$finalResponse": "Contains details about the response to the user.
" } }, "FinalResponseString": { - "base": "Agent Trace Action Group Lambda Invocation Output String
", + "base": null, "refs": { - "FinalResponse$text": null + "FinalResponse$text": "The text in the response to the user.
" } }, "GeneratedResponsePart": { - "base": "Generate response part
", + "base": "Contains metadata about a part of the generated response that is accompanied by a citation.
", "refs": { - "Citation$generatedResponsePart": null + "Citation$generatedResponsePart": "Contains the generated response and metadata
" } }, "InferenceConfiguration": { - "base": "Configurations for controlling the inference response of an InvokeAgent API call
", + "base": "Specifications about the inference parameters that were provided alongside the prompt. These are specified in the PromptOverrideConfiguration object that was set when the agent was created or updated. For more information, see Inference parameters for foundation models.
", "refs": { - "ModelInvocationInput$inferenceConfiguration": null + "ModelInvocationInput$inferenceConfiguration": "Specifications about the inference parameters that were provided alongside the prompt. These are specified in the PromptOverrideConfiguration object that was set when the agent was created or updated. For more information, see Inference parameters for foundation models.
" } }, "InputText": { - "base": "Model text input
", + "base": null, "refs": { - "InvokeAgentRequest$inputText": "Input data in the format specified in the Content-Type request header.
" + "InvokeAgentRequest$inputText": "The prompt text to send the agent.
" } }, "InternalServerException": { - "base": "This exception is thrown if there was an unexpected error during processing of request
", + "base": "An internal server error occurred. Retry your request.
", "refs": { - "ResponseStream$internalServerException": null + "ResponseStream$internalServerException": "An internal server error occurred. Retry your request.
" } }, "InvocationInput": { - "base": "Trace Part which contains input details for action group or knowledge base
", + "base": "Contains information pertaining to the action group or knowledge base that is being invoked.
", "refs": { - "OrchestrationTrace$invocationInput": null + "OrchestrationTrace$invocationInput": "Contains information pertaining to the action group or knowledge base that is being invoked.
" } }, "InvocationType": { - "base": "types of invocations
", + "base": null, "refs": { - "InvocationInput$invocationType": null + "InvocationInput$invocationType": "Specifies whether the agent is invoking an action group or a knowledge base.
" } }, "InvokeAgentRequest": { - "base": "InvokeAgent Request
", + "base": null, "refs": { } }, "InvokeAgentResponse": { - "base": "InvokeAgent Response
", + "base": null, "refs": { } }, "KmsKeyArn": { - "base": "A KMS key ARN
", + "base": null, "refs": { - "RetrieveAndGenerateSessionConfiguration$kmsKeyArn": "The KMS key arn to encrypt the customer data of the session.
" + "RetrieveAndGenerateSessionConfiguration$kmsKeyArn": "The ARN of the KMS key encrypting the session.
" } }, "KnowledgeBaseId": { - "base": "Identifier of the KnowledgeBase
", + "base": null, "refs": { - "KnowledgeBaseRetrieveAndGenerateConfiguration$knowledgeBaseId": null, - "RetrieveRequest$knowledgeBaseId": null + "KnowledgeBaseRetrieveAndGenerateConfiguration$knowledgeBaseId": "The unique identifier of the knowledge base that is queried and the foundation model used for generation.
", + "RetrieveRequest$knowledgeBaseId": "The unique identifier of the knowledge base to query.
" } }, "KnowledgeBaseLookupInput": { - "base": "Input to lambda used in action group
", + "base": "Contains details about the knowledge base to look up and the query to be made.
", "refs": { - "InvocationInput$knowledgeBaseLookupInput": null + "InvocationInput$knowledgeBaseLookupInput": "Contains details about the knowledge base to look up and the query to be made.
" } }, "KnowledgeBaseLookupInputString": { - "base": "Agent Trace Action Group Lambda Invocation Output String
", + "base": null, "refs": { - "KnowledgeBaseLookupInput$text": null + "KnowledgeBaseLookupInput$text": "The query made to the knowledge base.
" } }, "KnowledgeBaseLookupOutput": { - "base": "Input to lambda used in action group
", + "base": "Contains details about the results from looking up the knowledge base.
", "refs": { - "Observation$knowledgeBaseLookupOutput": null + "Observation$knowledgeBaseLookupOutput": "Contains details about the results from looking up the knowledge base.
" } }, "KnowledgeBaseQuery": { - "base": "Knowledge base input query.
", + "base": "Contains the query made to the knowledge base.
", "refs": { - "RetrieveRequest$retrievalQuery": null + "RetrieveRequest$retrievalQuery": "The query to send the knowledge base.
" } }, "KnowledgeBaseQueryTextString": { "base": null, "refs": { - "KnowledgeBaseQuery$text": "Knowledge base input query in text
" + "KnowledgeBaseQuery$text": "The text of the query made to the knowledge base.
" } }, "KnowledgeBaseRetrievalConfiguration": { - "base": "Search parameters for retrieving from knowledge base.
", + "base": "Contains details about how the results should be returned.
This data type is used in the following API operations:
", "refs": { - "KnowledgeBaseRetrieveAndGenerateConfiguration$retrievalConfiguration": null, - "RetrieveRequest$retrievalConfiguration": null + "KnowledgeBaseRetrieveAndGenerateConfiguration$retrievalConfiguration": "Contains configurations for how to retrieve and return the knowledge base query.
", + "RetrieveRequest$retrievalConfiguration": "Contains details about how the results should be returned.
" } }, "KnowledgeBaseRetrievalResult": { - "base": "Result item returned from a knowledge base retrieval.
", + "base": "Details about a result from querying the knowledge base.
", "refs": { "KnowledgeBaseRetrievalResults$member": null } }, "KnowledgeBaseRetrievalResults": { - "base": "List of knowledge base retrieval results
", + "base": null, "refs": { - "RetrieveResponse$retrievalResults": null + "RetrieveResponse$retrievalResults": "A list of results from querying the knowledge base.
" } }, "KnowledgeBaseRetrieveAndGenerateConfiguration": { - "base": "Configurations for retrieval and generation for knowledge base.
", + "base": "Contains details about the resource being queried.
", "refs": { - "RetrieveAndGenerateConfiguration$knowledgeBaseConfiguration": null + "RetrieveAndGenerateConfiguration$knowledgeBaseConfiguration": "Contains details about the resource being queried.
" } }, "KnowledgeBaseVectorSearchConfiguration": { - "base": "Knowledge base vector search configuration
", + "base": "Configurations for how to carry out the search.
", "refs": { - "KnowledgeBaseRetrievalConfiguration$vectorSearchConfiguration": null + "KnowledgeBaseRetrievalConfiguration$vectorSearchConfiguration": "Contains details about how the results from the vector search should be returned.
" } }, "KnowledgeBaseVectorSearchConfigurationNumberOfResultsInteger": { "base": null, "refs": { - "KnowledgeBaseVectorSearchConfiguration$numberOfResults": "Top-K results to retrieve from knowledge base.
" + "KnowledgeBaseVectorSearchConfiguration$numberOfResults": "The number of results to return.
The numberOfResults
field is currently unsupported for RetrieveAndGenerate
. Don't include it in this field if you are sending a RetrieveAndGenerate
request.
ARN of a Lambda.
", + "base": null, "refs": { - "ModelInvocationInput$overrideLambda": null + "ModelInvocationInput$overrideLambda": "The ARN of the Lambda function to use when parsing the raw foundation model output in parts of the agent sequence.
" } }, "MaximumLength": { - "base": "Maximum length of output
", + "base": null, "refs": { - "InferenceConfiguration$maximumLength": null + "InferenceConfiguration$maximumLength": "The maximum number of tokens allowed in the generated response.
" } }, "MimeType": { - "base": "Content type of the request
", + "base": null, "refs": { - "InvokeAgentResponse$contentType": "streaming response mimetype of the model
" + "InvokeAgentResponse$contentType": "The MIME type of the input data in the request. The default value is application/json
.
Trace Part which contains information used to call Invoke Model
", + "base": "The input for the pre-processing step.
The type
matches the agent step.
The text
contains the prompt.
The inferenceConfiguration
, parserMode
, and overrideLambda
values are set in the PromptOverrideConfiguration object that was set when the agent was created or updated.
The input for the orchestration step.
The type
is ORCHESTRATION
.
The text
contains the prompt.
The inferenceConfiguration
, parserMode
, and overrideLambda
values are set in the PromptOverrideConfiguration object that was set when the agent was created or updated.
The input for the post-processing step.
The type
is POST_PROCESSING
.
The text
contains the prompt.
The inferenceConfiguration
, parserMode
, and overrideLambda
values are set in the PromptOverrideConfiguration object that was set when the agent was created or updated.
The input for the pre-processing step.
The type
is PRE_PROCESSING
.
The text
contains the prompt.
The inferenceConfiguration
, parserMode
, and overrideLambda
values are set in the PromptOverrideConfiguration object that was set when the agent was created or updated.
Opaque continuation token of previous paginated response.
", + "base": null, "refs": { - "RetrieveRequest$nextToken": null, - "RetrieveResponse$nextToken": null + "RetrieveRequest$nextToken": "If there are more results than can fit in the response, the response returns a nextToken
. Use this token in the nextToken
field of another request to retrieve the next batch of results.
If there are more results than can fit in the response, the response returns a nextToken
. Use this token in the nextToken
field of another request to retrieve the next batch of results.
Non Blank String
", + "base": null, "refs": { "AccessDeniedException$message": null, "BadGatewayException$message": null, - "BadGatewayException$resourceName": null, + "BadGatewayException$resourceName": "The name of the dependency that caused the issue, such as Amazon Bedrock, Lambda, or STS.
", "ConflictException$message": null, "DependencyFailedException$message": null, - "DependencyFailedException$resourceName": null, + "DependencyFailedException$resourceName": "The name of the dependency that caused the issue, such as Amazon Bedrock, Lambda, or STS.
", "InternalServerException$message": null, "ResourceNotFoundException$message": null, "ServiceQuotaExceededException$message": null, @@ -327,187 +327,187 @@ } }, "Observation": { - "base": "Trace Part which contains output details for action group or knowledge base or final response
", + "base": "Contains the result or output of an action group or knowledge base, or the response to the user.
", "refs": { - "OrchestrationTrace$observation": null + "OrchestrationTrace$observation": "Details about the observation (the output of the action group Lambda or knowledge base) made by the agent.
" } }, "OrchestrationTrace": { - "base": "Trace contains intermidate response during orchestration
", + "base": "Details about the orchestration step, in which the agent determines the order in which actions are executed and which knowledge bases are retrieved.
", "refs": { - "Trace$orchestrationTrace": null + "Trace$orchestrationTrace": "Details about the orchestration step, in which the agent determines the order in which actions are executed and which knowledge bases are retrieved.
" } }, "OutputString": { - "base": "Agent Trace Output String
", + "base": null, "refs": { - "PostProcessingParsedResponse$text": null + "PostProcessingParsedResponse$text": "The text returned by the parser.
" } }, "Parameter": { - "base": "parameters included in action group invocation
", + "base": "A parameter in the Lambda input event.
", "refs": { "Parameters$member": null } }, "Parameters": { - "base": "list of parameters included in action group invocation
", + "base": null, "refs": { - "ActionGroupInvocationInput$parameters": null, + "ActionGroupInvocationInput$parameters": "The parameters in the Lambda input event.
", "ContentMap$value": null } }, "PartBody": { - "base": "PartBody of the payload in bytes
", + "base": null, "refs": { - "PayloadPart$bytes": null + "PayloadPart$bytes": "A part of the agent response in bytes.
" } }, "PayloadPart": { - "base": "Base 64 endoded byte response
", + "base": "Contains a part of an agent response and citations for it.
", "refs": { - "ResponseStream$chunk": null + "ResponseStream$chunk": "Contains a part of an agent response and citations for it.
" } }, "PostProcessingModelInvocationOutput": { - "base": "Trace Part which contains information related to postprocessing
", + "base": "The foundation model output from the post-processing step.
", "refs": { - "PostProcessingTrace$modelInvocationOutput": null + "PostProcessingTrace$modelInvocationOutput": "The foundation model output from the post-processing step.
" } }, "PostProcessingParsedResponse": { - "base": "Trace Part which contains information if preprocessing was successful
", + "base": "Details about the response from the Lambda parsing of the output from the post-processing step.
", "refs": { - "PostProcessingModelInvocationOutput$parsedResponse": null + "PostProcessingModelInvocationOutput$parsedResponse": "Details about the response from the Lambda parsing of the output of the post-processing step.
" } }, "PostProcessingTrace": { - "base": "Trace Part which contains information related to post processing step
", + "base": "Details about the post-processing step, in which the agent shapes the response.
", "refs": { - "Trace$postProcessingTrace": null + "Trace$postProcessingTrace": "Details about the post-processing step, in which the agent shapes the response..
" } }, "PreProcessingModelInvocationOutput": { - "base": "Trace Part which contains information related to preprocessing
", + "base": "The foundation model output from the pre-processing step.
", "refs": { - "PreProcessingTrace$modelInvocationOutput": null + "PreProcessingTrace$modelInvocationOutput": "The foundation model output from the pre-processing step.
" } }, "PreProcessingParsedResponse": { - "base": "Trace Part which contains information if preprocessing was successful
", + "base": "Details about the response from the Lambda parsing of the output from the pre-processing step.
", "refs": { - "PreProcessingModelInvocationOutput$parsedResponse": null + "PreProcessingModelInvocationOutput$parsedResponse": "Details about the response from the Lambda parsing of the output of the pre-processing step.
" } }, "PreProcessingTrace": { - "base": "Trace Part which contains information related to preprocessing step
", + "base": "Details about the pre-processing step, in which the agent contextualizes and categorizes user inputs.
", "refs": { - "Trace$preProcessingTrace": null + "Trace$preProcessingTrace": "Details about the pre-processing step, in which the agent contextualizes and categorizes user inputs.
" } }, "PromptSessionAttributesMap": { - "base": "Session attributes that go to the prompt
", + "base": null, "refs": { - "SessionState$promptSessionAttributes": "Prompt Session Attributes
" + "SessionState$promptSessionAttributes": "Contains attributes that persist across a prompt and the values of those attributes. These attributes replace the $prompt_session_attributes$ placeholder variable in the orchestration prompt template. For more information, see Prompt template placeholder variables.
" } }, "PromptText": { - "base": "Prompt Message
", + "base": null, "refs": { - "ModelInvocationInput$text": null + "ModelInvocationInput$text": "The text that prompted the agent at this step.
" } }, "PromptType": { - "base": "types of prompts
", + "base": null, "refs": { - "ModelInvocationInput$type": null + "ModelInvocationInput$type": "The step in the agent sequence.
" } }, "Rationale": { - "base": "Trace Part which contains information related to reasoning
", + "base": "Contains the reasoning, based on the input, that the agent uses to justify carrying out an action group or getting information from a knowledge base.
", "refs": { - "OrchestrationTrace$rationale": null + "OrchestrationTrace$rationale": "Details about the reasoning, based on the input, that the agent uses to justify carrying out an action group or getting information from a knowledge base.
" } }, "RationaleString": { - "base": "Agent Trace Rationale String
", + "base": null, "refs": { - "PreProcessingParsedResponse$rationale": null, - "Rationale$text": null + "PreProcessingParsedResponse$rationale": "The text returned by the parsing of the pre-processing step, explaining the steps that the agent plans to take in orchestration, if the user input is valid.
", + "Rationale$text": "The reasoning or thought process of the agent, based on the input.
" } }, "RepromptResponse": { - "base": "Observation information if there were reprompts
", + "base": "Contains details about the agent's response to reprompt the input.
", "refs": { - "Observation$repromptResponse": null + "Observation$repromptResponse": "Contains details about the response to reprompt the input.
" } }, "RequestBody": { - "base": "Request Body Content Map
", + "base": "The parameters in the request body for the Lambda input event.
", "refs": { - "ActionGroupInvocationInput$requestBody": null + "ActionGroupInvocationInput$requestBody": "The parameters in the request body for the Lambda input event.
" } }, "ResourceNotFoundException": { - "base": "This exception is thrown when a resource referenced by the operation does not exist
", + "base": "The specified resource ARN was not found. Check the ARN and try your request again.
", "refs": { - "ResponseStream$resourceNotFoundException": null + "ResponseStream$resourceNotFoundException": "The specified resource ARN was not found. Check the ARN and try your request again.
" } }, "ResponseStream": { - "base": "Response body of is a stream
", + "base": "The response from invoking the agent and associated citations and trace information.
", "refs": { - "InvokeAgentResponse$completion": "Inference response from the model in the format specified in the Content-Type response header.
" + "InvokeAgentResponse$completion": "The agent's response to the user prompt.
" } }, "RetrievalResultContent": { - "base": "Content of a retrieval result.
", + "base": "Contains the cited text from the data source.
", "refs": { - "KnowledgeBaseRetrievalResult$content": null, - "RetrievedReference$content": null + "KnowledgeBaseRetrievalResult$content": "Contains a chunk of text from a data source in the knowledge base.
", + "RetrievedReference$content": "Contains the cited text from the data source.
" } }, "RetrievalResultLocation": { - "base": "The source location of a retrieval result.
", + "base": "Contains information about the location of the data source.
", "refs": { - "KnowledgeBaseRetrievalResult$location": null, - "RetrievedReference$location": null + "KnowledgeBaseRetrievalResult$location": "Contains information about the location of the data source.
", + "RetrievedReference$location": "Contains information about the location of the data source.
" } }, "RetrievalResultLocationType": { - "base": "The location type of a retrieval result.
", + "base": null, "refs": { - "RetrievalResultLocation$type": null + "RetrievalResultLocation$type": "The type of the location of the data source.
" } }, "RetrievalResultS3Location": { - "base": "The S3 location of a retrieval result.
", + "base": "Contains the S3 location of the data source.
", "refs": { - "RetrievalResultLocation$s3Location": null + "RetrievalResultLocation$s3Location": "Contains the S3 location of the data source.
" } }, "RetrieveAndGenerateConfiguration": { - "base": "Configures the retrieval and generation for the session.
", + "base": "Contains details about the resource being queried.
", "refs": { - "RetrieveAndGenerateRequest$retrieveAndGenerateConfiguration": null + "RetrieveAndGenerateRequest$retrieveAndGenerateConfiguration": "Contains details about the resource being queried and the foundation model used for generation.
" } }, "RetrieveAndGenerateInput": { - "base": "Customer input of the turn
", + "base": "Contains the query made to the knowledge base.
", "refs": { - "RetrieveAndGenerateRequest$input": null + "RetrieveAndGenerateRequest$input": "Contains the query made to the knowledge base.
" } }, "RetrieveAndGenerateInputTextString": { "base": null, "refs": { - "RetrieveAndGenerateInput$text": "Customer input of the turn in text
" + "RetrieveAndGenerateInput$text": "The query made to the knowledge base.
" } }, "RetrieveAndGenerateOutput": { - "base": "Service response of the turn
", + "base": "Contains the response generated from querying the knowledge base.
", "refs": { - "RetrieveAndGenerateResponse$output": null + "RetrieveAndGenerateResponse$output": "Contains the response generated from querying the knowledge base.
" } }, "RetrieveAndGenerateRequest": { @@ -521,15 +521,15 @@ } }, "RetrieveAndGenerateSessionConfiguration": { - "base": "Configures common parameters of the session.
", + "base": "Contains configuration about the session with the knowledge base.
", "refs": { - "RetrieveAndGenerateRequest$sessionConfiguration": null + "RetrieveAndGenerateRequest$sessionConfiguration": "Contains details about the session with the knowledge base.
" } }, "RetrieveAndGenerateType": { - "base": "The type of RetrieveAndGenerate.
", + "base": null, "refs": { - "RetrieveAndGenerateConfiguration$type": null + "RetrieveAndGenerateConfiguration$type": "The type of resource that is queried by the request.
" } }, "RetrieveRequest": { @@ -543,177 +543,177 @@ } }, "RetrievedReference": { - "base": "Retrieved reference
", + "base": "Contains metadata about a sources cited for the generated response.
", "refs": { "RetrievedReferences$member": null } }, "RetrievedReferences": { - "base": "list of retrieved references
", + "base": null, "refs": { - "Citation$retrievedReferences": null, - "KnowledgeBaseLookupOutput$retrievedReferences": null + "Citation$retrievedReferences": "Contains metadata about the sources cited for the generated response.
", + "KnowledgeBaseLookupOutput$retrievedReferences": "Contains metadata about the sources cited for the generated response.
" } }, "SearchType": { - "base": "Query type to be performed on data store.
", + "base": null, "refs": { - "KnowledgeBaseVectorSearchConfiguration$overrideSearchType": "Override the type of query to be performed on data store
" + "KnowledgeBaseVectorSearchConfiguration$overrideSearchType": "By default, Amazon Bedrock decides a search strategy for you. If you're using an Amazon OpenSearch Serverless vector store that contains a filterable text field, you can specify whether to query the knowledge base with a HYBRID
search using both vector embeddings and raw text, or SEMANTIC
search using only vector embeddings. For other vector store configurations, only SEMANTIC
search is available. For more information, see Test a knowledge base.
This exception is thrown when a request is made beyond the service quota
", + "base": "The number of requests exceeds the service quota. Resubmit your request later.
", "refs": { - "ResponseStream$serviceQuotaExceededException": null + "ResponseStream$serviceQuotaExceededException": "The number of requests exceeds the service quota. Resubmit your request later.
" } }, "SessionAttributesMap": { - "base": "Session attributes are pass through attributes passed to the action group
", + "base": null, "refs": { - "SessionState$sessionAttributes": "Session Attributes
" + "SessionState$sessionAttributes": "Contains attributes that persist across a session and the values of those attributes.
" } }, "SessionId": { - "base": "Identifier of the session.
", + "base": null, "refs": { - "InvokeAgentRequest$sessionId": "Identifier used for the current session
", - "InvokeAgentResponse$sessionId": "streaming response mimetype of the model
", - "RetrieveAndGenerateRequest$sessionId": null, - "RetrieveAndGenerateResponse$sessionId": null, - "TracePart$sessionId": null + "InvokeAgentRequest$sessionId": "The unique identifier of the session. Use the same value across requests to continue the same conversation.
", + "InvokeAgentResponse$sessionId": "The unique identifier of the session with the agent.
", + "RetrieveAndGenerateRequest$sessionId": "The unique identifier of the session. Reuse the same value to continue the same session with the knowledge base.
", + "RetrieveAndGenerateResponse$sessionId": "The unique identifier of the session. Reuse the same value to continue the same session with the knowledge base.
", + "TracePart$sessionId": "The unique identifier of the session with the agent.
" } }, "SessionState": { - "base": "Session state provided
", + "base": "Contains parameters that specify various attributes that persist across a session or prompt. You can define session state attributes as key-value pairs when writing a Lambda function for an action group or pass them when making an InvokeAgent request. Use session state attributes to control and provide conversational context for your agent and to help customize your agent's behavior. For more information, see Session context.
", "refs": { - "InvokeAgentRequest$sessionState": "Session state passed by customer. Base64 encoded json string representation of SessionState.
" + "InvokeAgentRequest$sessionState": "Contains parameters that specify various attributes of the session.
" } }, "Source": { - "base": "Parsing error source
", + "base": null, "refs": { - "RepromptResponse$source": null + "RepromptResponse$source": "Specifies what output is prompting the agent to reprompt the input.
" } }, "Span": { - "base": "Span of text
", + "base": "Contains information about where the text with a citation begins and ends in the generated output.
", "refs": { - "TextResponsePart$span": null + "TextResponsePart$span": "Contains information about where the text with a citation begins and ends in the generated output.
" } }, "SpanEndInteger": { "base": null, "refs": { - "Span$end": "End of span
" + "Span$end": "Where the text with a citation ends in the generated output.
" } }, "SpanStartInteger": { "base": null, "refs": { - "Span$start": "Start of span
" + "Span$start": "Where the text with a citation starts in the generated output.
" } }, "StopSequences": { - "base": "List of stop sequences
", + "base": null, "refs": { - "InferenceConfiguration$stopSequences": null + "InferenceConfiguration$stopSequences": "A list of stop sequences. A stop sequence is a sequence of characters that causes the model to stop generating the response.
" } }, "String": { "base": null, "refs": { "ContentMap$key": null, - "Parameter$name": "Name of parameter
", - "Parameter$type": "Type of parameter
", - "Parameter$value": "Value of parameter
", + "Parameter$name": "The name of the parameter.
", + "Parameter$type": "The type of the parameter.
", + "Parameter$value": "The value of the parameter.
", "PromptSessionAttributesMap$key": null, "PromptSessionAttributesMap$value": null, - "RepromptResponse$text": "Reprompt response text
", - "RetrievalResultContent$text": "Content of a retrieval result in text
", - "RetrievalResultS3Location$uri": "URI of S3 location
", - "RetrieveAndGenerateOutput$text": "Service response of the turn in text
", + "RepromptResponse$text": "The text reprompting the input.
", + "RetrievalResultContent$text": "The cited text from the data source.
", + "RetrievalResultS3Location$uri": "The S3 URI of the data source.
", + "RetrieveAndGenerateOutput$text": "The response generated from querying the knowledge base.
", "SessionAttributesMap$key": null, "SessionAttributesMap$value": null, "StopSequences$member": null, - "TextResponsePart$text": "Response part in text
" + "TextResponsePart$text": "The part of the generated text that contains a citation.
" } }, "Temperature": { - "base": "Controls randomness, higher values increase diversity
", + "base": null, "refs": { - "InferenceConfiguration$temperature": null + "InferenceConfiguration$temperature": "The likelihood of the model selecting higher-probability options while generating a response. A lower value makes the model more likely to choose higher-probability options, while a higher value makes the model more likely to choose lower-probability options.
" } }, "TextResponsePart": { - "base": "Text response part
", + "base": "Contains the part of the generated text that contains a citation, alongside where it begins and ends.
", "refs": { - "GeneratedResponsePart$textResponsePart": null + "GeneratedResponsePart$textResponsePart": "Contains metadata about a textual part of the generated response that is accompanied by a citation.
" } }, "ThrottlingException": { - "base": "This exception is thrown when the number of requests exceeds the limit
", + "base": "The number of requests exceeds the limit. Resubmit your request later.
", "refs": { - "ResponseStream$throttlingException": null + "ResponseStream$throttlingException": "The number of requests exceeds the limit. Resubmit your request later.
" } }, "TopK": { - "base": "Sample from the k most likely next tokens
", + "base": null, "refs": { - "InferenceConfiguration$topK": null + "InferenceConfiguration$topK": "While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for topK
is the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topK
to 50, the model selects the next token from among the top 50 most likely choices.
Cumulative probability cutoff for token selection
", + "base": null, "refs": { - "InferenceConfiguration$topP": null + "InferenceConfiguration$topP": "While generating a response, the model determines the probability of the following token at each point of generation. The value that you set for Top P
determines the number of most-likely candidates from which the model chooses the next token in the sequence. For example, if you set topP
to 80, the model only selects the next token from the top 80% of the probability distribution of next tokens.
Trace contains intermidate response for customer
", + "base": "Contains one part of the agent's reasoning process and results from calling API actions and querying knowledge bases. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.
", "refs": { - "TracePart$trace": null + "TracePart$trace": "Contains one part of the agent's reasoning process and results from calling API actions and querying knowledge bases. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.
" } }, "TraceId": { - "base": "Identifier for trace
", + "base": null, "refs": { - "FailureTrace$traceId": null, - "InvocationInput$traceId": null, - "ModelInvocationInput$traceId": null, - "Observation$traceId": null, - "PostProcessingModelInvocationOutput$traceId": null, - "PreProcessingModelInvocationOutput$traceId": null, - "Rationale$traceId": null + "FailureTrace$traceId": "The unique identifier of the trace.
", + "InvocationInput$traceId": "The unique identifier of the trace.
", + "ModelInvocationInput$traceId": "The unique identifier of the trace.
", + "Observation$traceId": "The unique identifier of the trace.
", + "PostProcessingModelInvocationOutput$traceId": "The unique identifier of the trace.
", + "PreProcessingModelInvocationOutput$traceId": "The unique identifier of the trace.
", + "Rationale$traceId": "The unique identifier of the trace step.
" } }, "TraceKnowledgeBaseId": { - "base": "Agent Trace Action Group Knowledge Base Id
", + "base": null, "refs": { - "KnowledgeBaseLookupInput$knowledgeBaseId": null + "KnowledgeBaseLookupInput$knowledgeBaseId": "The unique identifier of the knowledge base to look up.
" } }, "TracePart": { - "base": "Trace Part which contains intermidate response for customer
", + "base": "Contains information about the agent and session, alongside the agent's reasoning process and results from calling API actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace enablement.
", "refs": { - "ResponseStream$trace": null + "ResponseStream$trace": "Contains information about the agent and session, alongside the agent's reasoning process and results from calling API actions and querying knowledge bases and metadata about the trace. You can use the trace to understand how the agent arrived at the response it provided the customer. For more information, see Trace events.
" } }, "Type": { - "base": "types of observations
", + "base": null, "refs": { - "Observation$type": null + "Observation$type": "Specifies what kind of information the agent returns in the observation. The following values are possible.
ACTION_GROUP
– The agent returns the result of an action group.
KNOWLEDGE_BASE
– The agent returns information from a knowledge base.
FINISH
– The agent returns a final response to the user with no follow-up.
ASK_USER
– The agent asks the user a question.
REPROMPT
– The agent prompts the user again for the same information.
This exception is thrown when the request's input validation fails
", + "base": "Input validation failed. Check your request parameters and retry the request.
", "refs": { - "ResponseStream$validationException": null + "ResponseStream$validationException": "Input validation failed. Check your request parameters and retry the request.
" } }, "Verb": { - "base": "Agent Trace Action Group Action verb
", + "base": null, "refs": { - "ActionGroupInvocationInput$verb": null + "ActionGroupInvocationInput$verb": "The API method being used, based off the action group.
" } } } diff --git a/models/apis/cloudtrail/2013-11-01/api-2.json b/models/apis/cloudtrail/2013-11-01/api-2.json index 447ad8fbd2e..4a0ad3831eb 100644 --- a/models/apis/cloudtrail/2013-11-01/api-2.json +++ b/models/apis/cloudtrail/2013-11-01/api-2.json @@ -138,6 +138,7 @@ {"shape":"TrailNotProvidedException"}, {"shape":"TagsLimitExceededException"}, {"shape":"InvalidParameterCombinationException"}, + {"shape":"InvalidParameterException"}, {"shape":"KmsKeyNotFoundException"}, {"shape":"KmsKeyDisabledException"}, {"shape":"KmsException"}, @@ -295,6 +296,7 @@ {"shape":"UnsupportedOperationException"}, {"shape":"OperationNotPermittedException"}, {"shape":"InvalidTrailNameException"}, + {"shape":"CloudTrailARNInvalidException"}, {"shape":"NoManagementAccountSLRExistsException"} ], "idempotent":true @@ -556,7 +558,8 @@ "errors":[ {"shape":"InvalidNextTokenException"}, {"shape":"OperationNotPermittedException"}, - {"shape":"UnsupportedOperationException"} + {"shape":"UnsupportedOperationException"}, + {"shape":"InvalidParameterException"} ], "idempotent":true }, diff --git a/models/apis/cloudtrail/2013-11-01/docs-2.json b/models/apis/cloudtrail/2013-11-01/docs-2.json index f5bcd90fa0a..1baeac06722 100644 --- a/models/apis/cloudtrail/2013-11-01/docs-2.json +++ b/models/apis/cloudtrail/2013-11-01/docs-2.json @@ -96,7 +96,7 @@ } }, "AdvancedEventSelector": { - "base": "Advanced event selectors let you create fine-grained selectors for the following CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see Logging data events in the CloudTrail User Guide.
readOnly
eventSource
eventName
eventCategory
resources.type
resources.ARN
You cannot apply both event selectors and advanced event selectors to a trail.
", + "base": "Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see Logging management events and Logging data events in the CloudTrail User Guide.
You cannot apply both event selectors and advanced event selectors to a trail.
Supported CloudTrail event record fields for management events
eventCategory
(required)
eventSource
readOnly
Supported CloudTrail event record fields for data events
eventCategory
(required)
resources.type
(required)
readOnly
eventName
resources.ARN
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory
.
Specifies a value for the specified AttributeKey.
" + "LookupAttribute$AttributeValue": "Specifies a value for the specified AttributeKey
.
The maximum length for the AttributeValue
is 2000 characters. The following characters ('_
', '
', ',
', '\\\\n
') count as two characters towards the 2000 character limit.
A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for selecting events as filtering is not supported.
For CloudTrail management events, supported fields include readOnly
, eventCategory
, and eventSource
.
For CloudTrail data events, supported fields include readOnly
, eventCategory
, eventName
, resources.type
, and resources.ARN
.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory
.
readOnly
- Optional. Can be set to Equals
a value of true
or false
. If you do not add this field, CloudTrail logs both read
and write
events. A value of true
logs only read
events. A value of false
logs only write
events.
eventSource
- For filtering management events only. This can be set to NotEquals
kms.amazonaws.com
or NotEquals
rdsdata.amazonaws.com
.
eventName
- Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket
or GetSnapshotBlock
. You can have multiple values for this field, separated by commas.
eventCategory
- This is required and must be set to Equals
.
For CloudTrail management events, the value must be Management
.
For CloudTrail data events, the value must be Data
.
The following are used only for event data stores:
For CloudTrail Insights events, the value must be Insight
.
For Config configuration items, the value must be ConfigurationItem
.
For Audit Manager evidence, the value must be Evidence
.
For non-Amazon Web Services events, the value must be ActivityAuditLog
.
resources.type
- This field is required for CloudTrail data events. resources.type
can only use the Equals
operator, and the value can be one of the following:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
AWS::B2BI::Transformer
AWS::Bedrock::AgentAlias
AWS::Bedrock::KnowledgeBase
AWS::Cassandra::Table
AWS::CloudFront::KeyValueStore
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Customization
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::IoTTwinMaker::Entity
AWS::IoTTwinMaker::Workspace
AWS::KendraRanking::ExecutionPlan
AWS::KinesisVideo::Stream
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::NeptuneGraph::Graph
AWS::PCAConnectorAD::Connector
AWS::QBusiness::Application
AWS::QBusiness::DataSource
AWS::QBusiness::Index
AWS::QBusiness::WebExperience
AWS::RDS::DBCluster
AWS::SageMaker::Endpoint
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::ServiceDiscovery::Namespace
AWS::ServiceDiscovery::Service
AWS::SCN::Instance
AWS::SNS::PlatformEndpoint
AWS::SNS::Topic
AWS::SQS::Queue
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SSMMessages::ControlChannel
AWS::ThinClient::Device
AWS::ThinClient::Environment
AWS::Timestream::Database
AWS::Timestream::Table
AWS::VerifiedPermissions::PolicyStore
You can have only one resources.type
field per selector. To log data events on more than one resource type, add another selector.
resources.ARN
- You can use any operator with resources.ARN
, but if you use Equals
or NotEquals
, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object
, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith
operator, and include only the bucket ARN as the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.
arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
When resources.type equals AWS::DynamoDB::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
When resources.type equals AWS::Lambda::Function
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
When resources.type equals AWS::B2BI::Transformer
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>
When resources.type equals AWS::Bedrock::AgentAlias
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>
When resources.type equals AWS::Bedrock::KnowledgeBase
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>
When resources.type equals AWS::Cassandra::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>
When resources.type equals AWS::CloudFront::KeyValueStore
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>
When resources.type equals AWS::CloudTrail::Channel
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>
When resources.type equals AWS::CodeWhisperer::Customization
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>
When resources.type equals AWS::CodeWhisperer::Profile
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>
When resources.type equals AWS::Cognito::IdentityPool
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>
When resources.type
equals AWS::DynamoDB::Stream
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
When resources.type
equals AWS::EC2::Snapshot
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
When resources.type
equals AWS::EMRWAL::Workspace
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>
When resources.type
equals AWS::FinSpace::Environment
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>
When resources.type
equals AWS::Glue::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
When resources.type
equals AWS::GuardDuty::Detector
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>
When resources.type
equals AWS::IoTTwinMaker::Entity
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>
When resources.type
equals AWS::IoTTwinMaker::Workspace
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>
When resources.type
equals AWS::KendraRanking::ExecutionPlan
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>
When resources.type
equals AWS::KinesisVideo::Stream
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>
When resources.type
equals AWS::ManagedBlockchain::Network
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:managedblockchain:::networks/<network_name>
When resources.type
equals AWS::ManagedBlockchain::Node
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
When resources.type
equals AWS::MedicalImaging::Datastore
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>
When resources.type
equals AWS::NeptuneGraph::Graph
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>
When resources.type
equals AWS::PCAConnectorAD::Connector
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>
When resources.type
equals AWS::QBusiness::Application
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>
When resources.type
equals AWS::QBusiness::DataSource
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>
When resources.type
equals AWS::QBusiness::Index
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>
When resources.type
equals AWS::QBusiness::WebExperience
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>
When resources.type
equals AWS::RDS::DBCluster
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>
When resources.type
equals AWS::SageMaker::Endpoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>
When resources.type
equals AWS::SageMaker::ExperimentTrialComponent
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>
When resources.type
equals AWS::SageMaker::FeatureGroup
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>
When resources.type
equals AWS::SCN::Instance
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>
When resources.type
equals AWS::ServiceDiscovery::Namespace
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>
When resources.type
equals AWS::ServiceDiscovery::Service
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>
When resources.type
equals AWS::SNS::PlatformEndpoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>
When resources.type
equals AWS::SNS::Topic
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sns:<region>:<account_ID>:<topic_name>
When resources.type
equals AWS::SQS::Queue
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sqs:<region>:<account_ID>:<queue_name>
When resources.type
equals AWS::S3::AccessPoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith
or NotStartsWith
operators.
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
When resources.type
equals AWS::S3ObjectLambda::AccessPoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
When resources.type
equals AWS::S3Outposts::Object
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
When resources.type
equals AWS::SSMMessages::ControlChannel
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>
When resources.type
equals AWS::ThinClient::Device
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>
When resources.type
equals AWS::ThinClient::Environment
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>
When resources.type
equals AWS::Timestream::Database
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>
When resources.type
equals AWS::Timestream::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>
When resources.type equals AWS::VerifiedPermissions::PolicyStore
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>
A field in a CloudTrail event record on which to filter events to be logged. For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the field is used only for selecting events as filtering is not supported.
For CloudTrail management events, supported fields include readOnly
, eventCategory
, and eventSource
.
For CloudTrail data events, supported fields include readOnly
, eventCategory
, eventName
, resources.type
, and resources.ARN
.
For event data stores for CloudTrail Insights events, Config configuration items, Audit Manager evidence, or events outside of Amazon Web Services, the only supported field is eventCategory
.
readOnly
- Optional. Can be set to Equals
a value of true
or false
. If you do not add this field, CloudTrail logs both read
and write
events. A value of true
logs only read
events. A value of false
logs only write
events.
eventSource
- For filtering management events only. This can be set to NotEquals
kms.amazonaws.com
or NotEquals
rdsdata.amazonaws.com
.
eventName
- Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket
or GetSnapshotBlock
. You can have multiple values for this field, separated by commas.
eventCategory
- This is required and must be set to Equals
.
For CloudTrail management events, the value must be Management
.
For CloudTrail data events, the value must be Data
.
The following are used only for event data stores:
For CloudTrail Insights events, the value must be Insight
.
For Config configuration items, the value must be ConfigurationItem
.
For Audit Manager evidence, the value must be Evidence
.
For non-Amazon Web Services events, the value must be ActivityAuditLog
.
resources.type
- This field is required for CloudTrail data events. resources.type
can only use the Equals
operator, and the value can be one of the following:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
AWS::AppConfig::Configuration
AWS::B2BI::Transformer
AWS::Bedrock::AgentAlias
AWS::Bedrock::KnowledgeBase
AWS::Cassandra::Table
AWS::CloudFront::KeyValueStore
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Customization
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GreengrassV2::ComponentVersion
AWS::GreengrassV2::Deployment
AWS::GuardDuty::Detector
AWS::IoT::Certificate
AWS::IoT::Thing
AWS::IoTSiteWise::Asset
AWS::IoTSiteWise::TimeSeries
AWS::IoTTwinMaker::Entity
AWS::IoTTwinMaker::Workspace
AWS::KendraRanking::ExecutionPlan
AWS::KinesisVideo::Stream
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::NeptuneGraph::Graph
AWS::PCAConnectorAD::Connector
AWS::QBusiness::Application
AWS::QBusiness::DataSource
AWS::QBusiness::Index
AWS::QBusiness::WebExperience
AWS::RDS::DBCluster
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SageMaker::Endpoint
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::ServiceDiscovery::Namespace
AWS::ServiceDiscovery::Service
AWS::SCN::Instance
AWS::SNS::PlatformEndpoint
AWS::SNS::Topic
AWS::SWF::Domain
AWS::SQS::Queue
AWS::SSMMessages::ControlChannel
AWS::ThinClient::Device
AWS::ThinClient::Environment
AWS::Timestream::Database
AWS::Timestream::Table
AWS::VerifiedPermissions::PolicyStore
You can have only one resources.type
field per selector. To log data events on more than one resource type, add another selector.
resources.ARN
- You can use any operator with resources.ARN
, but if you use Equals
or NotEquals
, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object
, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith
operator, and include only the bucket ARN as the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.
arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
When resources.type equals AWS::DynamoDB::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
When resources.type equals AWS::Lambda::Function
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
When resources.type equals AWS::AppConfig::Configuration
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:appconfig:<region>:<account_ID>:application/<application_ID>/environment/<environment_ID>/configuration/<configuration_profile_ID>
When resources.type equals AWS::B2BI::Transformer
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:b2bi:<region>:<account_ID>:transformer/<transformer_ID>
When resources.type equals AWS::Bedrock::AgentAlias
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:bedrock:<region>:<account_ID>:agent-alias/<agent_ID>/<alias_ID>
When resources.type equals AWS::Bedrock::KnowledgeBase
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:bedrock:<region>:<account_ID>:knowledge-base/<knowledge_base_ID>
When resources.type equals AWS::Cassandra::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cassandra:<region>:<account_ID>:/keyspace/<keyspace_name>/table/<table_name>
When resources.type equals AWS::CloudFront::KeyValueStore
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cloudfront:<region>:<account_ID>:key-value-store/<KVS_name>
When resources.type equals AWS::CloudTrail::Channel
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>
When resources.type equals AWS::CodeWhisperer::Customization
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:customization/<customization_ID>
When resources.type equals AWS::CodeWhisperer::Profile
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>
When resources.type equals AWS::Cognito::IdentityPool
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>
When resources.type
equals AWS::DynamoDB::Stream
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
When resources.type
equals AWS::EC2::Snapshot
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
When resources.type
equals AWS::EMRWAL::Workspace
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:emrwal:<region>:<account_ID>:workspace/<workspace_name>
When resources.type
equals AWS::FinSpace::Environment
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>
When resources.type
equals AWS::Glue::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
When resources.type
equals AWS::GreengrassV2::ComponentVersion
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:greengrass:<region>:<account_ID>:components/<component_name>
When resources.type
equals AWS::GreengrassV2::Deployment
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:greengrass:<region>:<account_ID>:deployments/<deployment_ID
When resources.type
equals AWS::GuardDuty::Detector
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>
When resources.type
equals AWS::IoT::Certificate
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iot:<region>:<account_ID>:cert/<certificate_ID>
When resources.type
equals AWS::IoT::Thing
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iot:<region>:<account_ID>:thing/<thing_ID>
When resources.type
equals AWS::IoTSiteWise::Asset
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iotsitewise:<region>:<account_ID>:asset/<asset_ID>
When resources.type
equals AWS::IoTSiteWise::TimeSeries
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iotsitewise:<region>:<account_ID>:timeseries/<timeseries_ID>
When resources.type
equals AWS::IoTTwinMaker::Entity
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>/entity/<entity_ID>
When resources.type
equals AWS::IoTTwinMaker::Workspace
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:iottwinmaker:<region>:<account_ID>:workspace/<workspace_ID>
When resources.type
equals AWS::KendraRanking::ExecutionPlan
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>
When resources.type
equals AWS::KinesisVideo::Stream
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:kinesisvideo:<region>:<account_ID>:stream/<stream_name>/<creation_time>
When resources.type
equals AWS::ManagedBlockchain::Network
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:managedblockchain:::networks/<network_name>
When resources.type
equals AWS::ManagedBlockchain::Node
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
When resources.type
equals AWS::MedicalImaging::Datastore
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>
When resources.type
equals AWS::NeptuneGraph::Graph
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:neptune-graph:<region>:<account_ID>:graph/<graph_ID>
When resources.type
equals AWS::PCAConnectorAD::Connector
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:pca-connector-ad:<region>:<account_ID>:connector/<connector_ID>
When resources.type
equals AWS::QBusiness::Application
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>
When resources.type
equals AWS::QBusiness::DataSource
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>/data-source/<datasource_ID>
When resources.type
equals AWS::QBusiness::Index
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/index/<index_ID>
When resources.type
equals AWS::QBusiness::WebExperience
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:qbusiness:<region>:<account_ID>:application/<application_ID>/web-experience/<web_experience_ID>
When resources.type
equals AWS::RDS::DBCluster
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:rds:<region>:<account_ID>:cluster/<cluster_name>
When resources.type
equals AWS::S3::AccessPoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith
or NotStartsWith
operators.
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
When resources.type
equals AWS::S3ObjectLambda::AccessPoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
When resources.type
equals AWS::S3Outposts::Object
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
When resources.type
equals AWS::SageMaker::Endpoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:endpoint/<endpoint_name>
When resources.type
equals AWS::SageMaker::ExperimentTrialComponent
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>
When resources.type
equals AWS::SageMaker::FeatureGroup
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>
When resources.type
equals AWS::SCN::Instance
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:scn:<region>:<account_ID>:instance/<instance_ID>
When resources.type
equals AWS::ServiceDiscovery::Namespace
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:servicediscovery:<region>:<account_ID>:namespace/<namespace_ID>
When resources.type
equals AWS::ServiceDiscovery::Service
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:servicediscovery:<region>:<account_ID>:service/<service_ID>
When resources.type
equals AWS::SNS::PlatformEndpoint
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sns:<region>:<account_ID>:endpoint/<endpoint_type>/<endpoint_name>/<endpoint_ID>
When resources.type
equals AWS::SNS::Topic
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sns:<region>:<account_ID>:<topic_name>
When resources.type
equals AWS::SWF::Domain
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:swf:<region>:<account_ID>:domain/<domain_name>
When resources.type
equals AWS::SQS::Queue
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:sqs:<region>:<account_ID>:<queue_name>
When resources.type
equals AWS::SSMMessages::ControlChannel
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>
When resources.type
equals AWS::ThinClient::Device
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:thinclient:<region>:<account_ID>:device/<device_ID>
When resources.type
equals AWS::ThinClient::Environment
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:thinclient:<region>:<account_ID>:environment/<environment_ID>
When resources.type
equals AWS::Timestream::Database
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>
When resources.type
equals AWS::Timestream::Table
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:timestream:<region>:<account_ID>:database/<database_name>/table/<table_name>
When resources.type equals AWS::VerifiedPermissions::PolicyStore
, and the operator is set to Equals
or NotEquals
, the ARN must be in the following format:
arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>
Stores a resource policy for the ARN of a Project
or ReportGroup
object.
Restarts a build.
", "RetryBuildBatch": "Restarts a failed batch build. Only batch builds that have failed can be retried.
", - "StartBuild": "Starts running a build.
", + "StartBuild": "Starts running a build with the settings defined in the project. These setting include: how to run a build, where to get the source code, which build environment to use, which build commands to run, and where to store the build output.
You can also start a build run by overriding some of the build settings in the project. The overrides only apply for that specific start build request. The settings in the project are unaltered.
", "StartBuildBatch": "Starts a batch build for a project.
", "StopBuild": "Attempts to stop running a build.
", "StopBuildBatch": "Stops a running batch build.
", @@ -1817,7 +1817,7 @@ "StartBuildBatchInput$idempotencyToken": "A unique, case sensitive identifier you provide to ensure the idempotency of the StartBuildBatch
request. The token is included in the StartBuildBatch
request and is valid for five minutes. If you repeat the StartBuildBatch
request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.
The version of the build input to be built, for this build only. If not specified, the latest version is used. If specified, the contents depends on the source provider:
The commit ID, branch, or Git tag to use.
The commit ID, pull request ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a pull request ID is specified, it must use the format pr/pull-request-ID
(for example pr/25
). If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
The commit ID, branch name, or tag name that corresponds to the version of the source code you want to build. If a branch name is specified, the branch's HEAD commit ID is used. If not specified, the default branch's HEAD commit ID is used.
The version ID of the object that represents the build input ZIP file to use.
If sourceVersion
is specified at the project level, then this sourceVersion
(at the build level) takes precedence.
For more information, see Source Version Sample with CodeBuild in the CodeBuild User Guide.
", "StartBuildInput$sourceLocationOverride": "A location that overrides, for this build, the source location for the one defined in the build project.
", - "StartBuildInput$buildspecOverride": "A buildspec file declaration that overrides, for this build only, the latest one already defined in the build project.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR
environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml
). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
A buildspec file declaration that overrides the latest one defined in the build project, for this build only. The buildspec defined on the project is not changed.
If this value is set, it can be either an inline buildspec definition, the path to an alternate buildspec file relative to the value of the built-in CODEBUILD_SRC_DIR
environment variable, or the path to an S3 bucket. The bucket must be in the same Amazon Web Services Region as the build project. Specify the buildspec file using its ARN (for example, arn:aws:s3:::my-codebuild-sample2/buildspec.yml
). If this value is not provided or is set to an empty string, the source code must contain a buildspec file in its root directory. For more information, see Buildspec File Name and Storage Location.
Since this property allows you to change the build commands that will run in the container, you should note that an IAM principal with the ability to call this API and set this parameter can override the default settings. Moreover, we encourage that you use a trustworthy buildspec location like a file in your source repository or a Amazon S3 bucket.
The name of a certificate for this build that overrides the one specified in the build project.
", "StartBuildInput$idempotencyToken": "A unique, case sensitive identifier you provide to ensure the idempotency of the StartBuild request. The token is included in the StartBuild request and is valid for 5 minutes. If you repeat the StartBuild request with the same token, but change a parameter, CodeBuild returns a parameter mismatch error.
", "TestCase$testRawDataPath": "The path to the raw data file that contains the test result.
", @@ -2027,7 +2027,7 @@ "WebhookFilterType": { "base": null, "refs": { - "WebhookFilter$type": " The type of webhook filter. There are six webhook filter types: EVENT
, ACTOR_ACCOUNT_ID
, HEAD_REF
, BASE_REF
, FILE_PATH
, and COMMIT_MESSAGE
.
A webhook event triggers a build when the provided pattern
matches one of five event types: PUSH
, PULL_REQUEST_CREATED
, PULL_REQUEST_UPDATED
, PULL_REQUEST_REOPENED
, and PULL_REQUEST_MERGED
. The EVENT
patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED
filters all push, pull request created, and pull request updated events.
The PULL_REQUEST_REOPENED
works with GitHub and GitHub Enterprise only.
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern
.
A webhook event triggers a build when the head reference matches the regular expression pattern
. For example, refs/heads/branch-name
and refs/tags/tag-name
.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
A webhook event triggers a build when the base reference matches the regular expression pattern
. For example, refs/heads/branch-name
.
Works with pull request events only.
A webhook triggers a build when the path of a changed file matches the regular expression pattern
.
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
A webhook triggers a build when the head commit message matches the regular expression pattern
.
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
The type of webhook filter. There are six webhook filter types: EVENT
, ACTOR_ACCOUNT_ID
, HEAD_REF
, BASE_REF
, FILE_PATH
, and COMMIT_MESSAGE
.
EVENT
A webhook event triggers a build when the provided pattern
matches one of six event types: PUSH
, PULL_REQUEST_CREATED
, PULL_REQUEST_UPDATED
, PULL_REQUEST_CLOSED
, PULL_REQUEST_REOPENED
, and PULL_REQUEST_MERGED
. The EVENT
patterns are specified as a comma-separated string. For example, PUSH, PULL_REQUEST_CREATED, PULL_REQUEST_UPDATED
filters all push, pull request created, and pull request updated events.
The PULL_REQUEST_REOPENED
works with GitHub and GitHub Enterprise only.
ACTOR_ACCOUNT_ID
A webhook event triggers a build when a GitHub, GitHub Enterprise, or Bitbucket account ID matches the regular expression pattern
.
HEAD_REF
A webhook event triggers a build when the head reference matches the regular expression pattern
. For example, refs/heads/branch-name
and refs/tags/tag-name
.
Works with GitHub and GitHub Enterprise push, GitHub and GitHub Enterprise pull request, Bitbucket push, and Bitbucket pull request events.
BASE_REF
A webhook event triggers a build when the base reference matches the regular expression pattern
. For example, refs/heads/branch-name
.
Works with pull request events only.
FILE_PATH
A webhook triggers a build when the path of a changed file matches the regular expression pattern
.
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
COMMIT_MESSAGE
A webhook triggers a build when the head commit message matches the regular expression pattern
.
Works with GitHub and Bitbucket events push and pull requests events. Also works with GitHub Enterprise push events, but does not work with GitHub Enterprise pull request events.
Lists the groups that a user belongs to.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
A history of user activity and any risks detected as part of Amazon Cognito advanced security.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Removes the specified user from the specified group.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Resets the specified user's password in a user pool as an administrator. Works on any user.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, Amazon Cognito responds with a PasswordResetRequiredException
error. Your app must then perform the actions that reset your user's password: the forgot-password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Resets the specified user's password in a user pool as an administrator. Works on any user.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Deactivates a user's password, requiring them to change it. If a user tries to sign in after the API is called, Amazon Cognito responds with a PasswordResetRequiredException
error. Your app must then perform the actions that reset your user's password: the forgot-password flow. In addition, if the user pool has phone verification selected and a verified phone number exists for the user, or if email verification is selected and a verified email exists for the user, calling this API will also result in sending a message to the end user with the code to change their password.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Some API operations in a user pool generate a challenge, like a prompt for an MFA code, for device authentication that bypasses MFA, or for a custom authentication challenge. An AdminRespondToAuthChallenge
API request provides the answer to that challenge, like a code or a secure remote password (SRP). The parameters of a response to an authentication challenge vary with the type of challenge.
For more information about custom authentication challenges, see Custom authentication challenge Lambda triggers.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
The user's multi-factor authentication (MFA) preference, including which MFA options are activated, and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Sets the specified user's password in a user pool as an administrator. Works on any user.
The password can be temporary or permanent. If it is temporary, the user status enters the FORCE_CHANGE_PASSWORD
state. When the user next tries to sign in, the InitiateAuth/AdminInitiateAuth response will contain the NEW_PASSWORD_REQUIRED
challenge. If the user doesn't sign in before it expires, the user won't be able to sign in, and an administrator must reset their password.
Once the user has set a new password, or the password is permanent, the user status is set to Confirmed
.
AdminSetUserPassword
can set a password for the user profile that Amazon Cognito creates for third-party federated users. When you set a password, the federated user's status changes from EXTERNAL_PROVIDER
to CONFIRMED
. A user in this state can sign in as a federated user, and initiate authentication flows in the API like a linked native user. They can also modify their password and attributes in token-authenticated API requests like ChangePassword
and UpdateUserAttributes
. As a best security practice and to keep users in sync with your external IdP, don't set passwords on federated user profiles. To set up a federated user for native sign-in with a linked native user, refer to Linking federated users to an existing user profile.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Client method for returning the configuration information and metadata of the specified user pool app client.
Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.
Learn more
Gets information about a domain.
", "ForgetDevice": "Forgets the specified device. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin
.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username
parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. To use the confirmation code for resetting the password, call ConfirmForgotPassword.
If neither a verified phone number nor a verified email exists, this API returns InvalidParameterException
. If your app client has a client secret and you don't provide a SECRET_HASH
parameter, this API returns NotAuthorizedException
.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username
parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. To use the confirmation code for resetting the password, call ConfirmForgotPassword.
If neither a verified phone number nor a verified email exists, this API returns InvalidParameterException
. If your app client has a client secret and you don't provide a SECRET_HASH
parameter, this API returns NotAuthorizedException
.
To use this API operation, your user pool must have self-service account recovery configured. Use AdminSetUserPassword if you manage passwords as an administrator.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.
If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.
Gets the header information for the comma-separated value (CSV) file to be used as input for the user import job.
", "GetDevice": "Gets the device. For more information about device authentication, see Working with user devices in your user pool.
Authorize this action with a signed-in user's access token. It must include the scope aws.cognito.signin.user.admin
.
Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito user pools API and user pool endpoints.
Gets a group.
Calling this action requires developer credentials.
", @@ -2733,7 +2733,7 @@ "NotifyConfigurationType$From": "The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES.
", "NotifyConfigurationType$ReplyTo": "The destination to which the receiver of an email should reply to.
", "NumberAttributeConstraintsType$MinValue": "The minimum value of an attribute that is of the number data type.
", - "NumberAttributeConstraintsType$MaxValue": "The maximum value of an attribute that is of the number data type.
", + "NumberAttributeConstraintsType$MaxValue": "The maximum length of a number attribute value. Must be a number less than or equal to 2^1023
, represented as a string with a length of 131072 characters or fewer.
The name of the provider attribute to link to, such as NameID
.
The external ID provides additional security for your IAM role. You can use an ExternalId
with the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide an ExternalId
, your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide the ExternalID
. If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of the ExternalId
.
For more information about the ExternalId
of a role, see How to use an external ID when granting access to your Amazon Web Services resources to a third party
The minimum length.
", - "StringAttributeConstraintsType$MaxLength": "The maximum length.
", + "StringAttributeConstraintsType$MaxLength": "The maximum length of a string attribute value. Must be a number less than or equal to 2^1023
, represented as a string with a length of 131072 characters or fewer.
The source IP address of your user's device.
", "UserContextDataType$EncodedData": "Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.
", "UserMFASettingListType$member": null, @@ -3001,7 +3001,7 @@ "UserFilterType": { "base": null, "refs": { - "ListUsersRequest$Filter": "A filter string of the form \"AttributeName Filter-Type \"AttributeValue\"\". Quotation marks within the filter string must be escaped using the backslash (\\) character. For example, \"family_name
= \\\"Reddy\\\"\".
AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.
Filter-Type: For an exact match, use =, for example, \"given_name
= \\\"Jon\\\"\". For a prefix (\"starts with\") match, use ^=, for example, \"given_name
^= \\\"Jon\\\"\".
AttributeValue: The attribute value that must be matched for each user.
If the filter string is empty, ListUsers
returns all users in the user pool.
You can only search for the following standard attributes:
username
(case-sensitive)
email
phone_number
name
given_name
family_name
preferred_username
cognito:user_status
(called Status in the Console) (case-insensitive)
status (called Enabled in the Console) (case-sensitive)
sub
Custom attributes aren't searchable.
You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the --query
parameter of the list-users
action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.
For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.
For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.
" + "ListUsersRequest$Filter": "A filter string of the form \"AttributeName Filter-Type \"AttributeValue\"\". Quotation marks within the filter string must be escaped using the backslash (\\
) character. For example, \"family_name = \\\"Reddy\\\"\"
.
AttributeName: The name of the attribute to search for. You can only search for one attribute at a time.
Filter-Type: For an exact match, use =
, for example, \"given_name = \\\"Jon\\\"
\". For a prefix (\"starts with\") match, use ^=
, for example, \"given_name ^= \\\"Jon\\\"
\".
AttributeValue: The attribute value that must be matched for each user.
If the filter string is empty, ListUsers
returns all users in the user pool.
You can only search for the following standard attributes:
username
(case-sensitive)
email
phone_number
name
given_name
family_name
preferred_username
cognito:user_status
(called Status in the Console) (case-insensitive)
status (called Enabled in the Console) (case-sensitive)
sub
Custom attributes aren't searchable.
You can also list users with a client-side filter. The server-side filter matches no more than one attribute. For an advanced search, use a client-side filter with the --query
parameter of the list-users
action in the CLI. When you use a client-side filter, ListUsers returns a paginated list of zero or more users. You can receive multiple pages in a row with zero results. Repeat the query with each pagination token that is returned until you receive a null pagination token value, and then review the combined result.
For more information about server-side and client-side filtering, see FilteringCLI output in the Command Line Interface User Guide.
For more information, see Searching for Users Using the ListUsers API and Examples of Using the ListUsers API in the Amazon Cognito Developer Guide.
" } }, "UserImportInProgressException": { @@ -3299,36 +3299,36 @@ "UsernameType": { "base": null, "refs": { - "AdminAddUserToGroupRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The value that you want to set as the username sign-in attribute. The following conditions apply to the username parameter.
The username can't be a duplicate of another username in the same user pool.
You can't change the value of a username after you create it.
You can only provide a value if usernames are a valid sign-in attribute for your user pool. If your user pool only supports phone numbers or email addresses as sign-in attributes, Amazon Cognito automatically generates a username value. For more information, see Customizing sign-in attributes.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you requested.
", - "AdminListDevicesRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you requested.
", - "ResendConfirmationCodeRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The username of the user that you want to sign up. The value of this parameter is typically a username, but can be any alias attribute in your user pool.
", - "UpdateAuthEventFeedbackRequest$Username": "The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, you can also use their sub
in this request.
The username of the user that you want to query or modify. The value of this parameter is typically your user's username, but it can be any of their alias attributes. If username
isn't an alias attribute in your user pool, this value must be the sub
of a local user or the username of a user from a third-party IdP.
The user name of the user you want to describe.
" } }, diff --git a/models/apis/guardduty/2017-11-28/api-2.json b/models/apis/guardduty/2017-11-28/api-2.json index 3eee599b26e..efc4252b9d3 100644 --- a/models/apis/guardduty/2017-11-28/api-2.json +++ b/models/apis/guardduty/2017-11-28/api-2.json @@ -7377,7 +7377,9 @@ "LAMBDA_NETWORK_LOGS", "EKS_RUNTIME_MONITORING", "FARGATE_RUNTIME_MONITORING", - "EC2_RUNTIME_MONITORING" + "EC2_RUNTIME_MONITORING", + "RDS_DBI_PROTECTION_PROVISIONED", + "RDS_DBI_PROTECTION_SERVERLESS" ] }, "UsageFeatureList":{ diff --git a/models/apis/guardduty/2017-11-28/docs-2.json b/models/apis/guardduty/2017-11-28/docs-2.json index e0ff85f1712..66563ca2387 100644 --- a/models/apis/guardduty/2017-11-28/docs-2.json +++ b/models/apis/guardduty/2017-11-28/docs-2.json @@ -5,7 +5,7 @@ "AcceptAdministratorInvitation": "Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.
", "AcceptInvitation": "Accepts the invitation to be monitored by a GuardDuty administrator account.
", "ArchiveFindings": "Archives GuardDuty findings that are specified by the list of finding IDs.
Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "CreateDetector": "Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
When you don't specify any features
, with an exception to RUNTIME_MONITORING
, all the optional features are enabled by default.
When you specify some of the features
, any feature that is not specified in the API call gets enabled by default, with an exception to RUNTIME_MONITORING
.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "CreateFilter": "Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.
", "CreateIPSet": "Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
", "CreateMembers": "Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
As a delegated administrator, using CreateMembers
will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member.
When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration.
If you are adding accounts by invitation, before using InviteMembers, use CreateMembers
after GuardDuty has been enabled in potential member accounts.
If you disassociate a member from a GuardDuty delegated administrator, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
", @@ -40,7 +40,7 @@ "GetMasterAccount": "Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
", "GetMemberDetectors": "Describes which data sources are enabled for the member account's detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "GetMembers": "Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.
", - "GetOrganizationStatistics": "Retrieves how many active member accounts in your Amazon Web Services organization have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API.
When you create a new Amazon Web Services organization, it might take up to 24 hours to generate the statistics for the entire organization.
", + "GetOrganizationStatistics": "Retrieves how many active member accounts have each feature enabled within GuardDuty. Only a delegated GuardDuty administrator of an organization can run this API.
When you create a new organization, it might take up to 24 hours to generate the statistics for the entire organization.
", "GetRemainingFreeTrialDays": "Provides the number of days left for each data source used in the free trial period.
", "GetThreatIntelSet": "Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
", "GetUsageStatistics": "Lists Amazon GuardDuty usage statistics over the last 30 days for the specified detector ID. For newly enabled detectors or data sources, the cost returned will include only the usage so far under 30 days. This may differ from the cost metrics in the console, which project usage over 30 days to provide a monthly cost estimate. For more information, see Understanding How Usage Costs are Calculated.
", @@ -56,19 +56,19 @@ "ListPublishingDestinations": "Returns a list of publishing destinations associated with the specified detectorId
.
Lists tags for a resource. Tagging is currently supported for detectors, finding filters, IP sets, threat intel sets, and publishing destination, with a limit of 50 tags per resource. When invoked, this operation returns all assigned tags for a given resource.
", "ListThreatIntelSets": "Lists the ThreatIntelSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the ThreatIntelSets associated with the administrator account are returned.
", - "StartMalwareScan": "Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account.
", + "StartMalwareScan": "Initiates the malware scan. Invoking this API will automatically create the Service-linked role in the corresponding account.
When the malware scan starts, you can use the associated scan ID to track the status of the scan. For more information, see DescribeMalwareScans.
", "StartMonitoringMembers": "Turns on GuardDuty monitoring of the specified member accounts. Use this operation to restart monitoring of accounts that you stopped monitoring with the StopMonitoringMembers operation.
", "StopMonitoringMembers": "Stops GuardDuty monitoring for the specified member accounts. Use the StartMonitoringMembers
operation to restart monitoring for those accounts.
With autoEnableOrganizationMembers
configuration for your organization set to ALL
, you'll receive an error if you attempt to stop monitoring the member accounts in your organization.
Adds tags to a resource.
", "UnarchiveFindings": "Unarchives GuardDuty findings specified by the findingIds
.
Removes tags from a resource.
", - "UpdateDetector": "Updates the GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "UpdateDetector": "Updates the GuardDuty detector specified by the detector ID.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "UpdateFilter": "Updates the filter specified by the filter name.
", "UpdateFindingsFeedback": "Marks the specified GuardDuty findings as useful or not useful.
", "UpdateIPSet": "Updates the IPSet specified by the IPSet ID.
", "UpdateMalwareScanSettings": "Updates the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", - "UpdateMemberDetectors": "Contains information on member accounts to be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", - "UpdateOrganizationConfiguration": "Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers
or autoEnable
, but not both.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "UpdateMemberDetectors": "Contains information on member accounts to be updated.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "UpdateOrganizationConfiguration": "Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers
or autoEnable
, but not both.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "UpdatePublishingDestination": "Updates information about the publishing destination specified by the destinationId
.
Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
" }, @@ -278,8 +278,8 @@ "AutoEnableMembers": { "base": null, "refs": { - "DescribeOrganizationConfigurationResponse$AutoEnableOrganizationMembers": "Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization.
NEW
: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL
: Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes NEW
accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE
: Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. You must provide a value for either autoEnableOrganizationMembers
or autoEnable
.
Use one of the following configuration values for autoEnableOrganizationMembers
:
NEW
: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL
: Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes NEW
accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
It may take up to 24 hours to update the configuration for all the member accounts.
NONE
: Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.
Indicates the auto-enablement configuration of GuardDuty or any of the corresponding protection plans for the member accounts in the organization.
NEW
: Indicates that when a new account joins the organization, they will have GuardDuty or any of the corresponding protection plans enabled automatically.
ALL
: Indicates that all accounts in the organization have GuardDuty and any of the corresponding protection plans enabled automatically. This includes NEW
accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
NONE
: Indicates that GuardDuty or any of the corresponding protection plans will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.
When you update the auto-enable setting from ALL
or NEW
to NONE
, this action doesn't disable the corresponding option for your existing accounts. This configuration will apply to the new accounts that join the organization. After you update the auto-enable settings, no new account will have the corresponding option as enabled.
Indicates the auto-enablement configuration of GuardDuty for the member accounts in the organization. You must provide a value for either autoEnableOrganizationMembers
or autoEnable
.
Use one of the following configuration values for autoEnableOrganizationMembers
:
NEW
: Indicates that when a new account joins the organization, they will have GuardDuty enabled automatically.
ALL
: Indicates that all accounts in the organization have GuardDuty enabled automatically. This includes NEW
accounts that join the organization and accounts that may have been suspended or removed from the organization in GuardDuty.
It may take up to 24 hours to update the configuration for all the member accounts.
NONE
: Indicates that GuardDuty will not be automatically enabled for any account in the organization. The administrator must manage GuardDuty for each account in the organization individually.
When you update the auto-enable setting from ALL
or NEW
to NONE
, this action doesn't disable the corresponding option for your existing accounts. This configuration will apply to the new accounts that join the organization. After you update the auto-enable settings, no new account will have the corresponding option as enabled.
Contains information about a GuardDuty feature.
", + "base": "Contains information about a GuardDuty feature.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
Contains information about a GuardDuty feature.
", + "base": "Contains information about a GuardDuty feature.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING
) and Runtime Monitoring (RUNTIME_MONITORING
) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
Used by administrators to choose which groups in the directory should have access to upload and download files over the enabled protocols using Transfer Family. For example, a Microsoft Active Directory might contain 50,000 users, but only a small fraction might need the ability to transfer files to the server. An administrator can use CreateAccess
to limit the access to the correct set of users who need this ability.
Creates an agreement. An agreement is a bilateral trading partner agreement, or partnership, between an Transfer Family server and an AS2 process. The agreement defines the file and message transfer relationship between the server and the AS2 process. To define an agreement, Transfer Family combines a server, local profile, partner profile, certificate, and other attributes.
The partner is identified with the PartnerProfileId
, and the AS2 process is identified with the LocalProfileId
.
Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Create AS2 connectors and Create SFTP connectors.
You must specify exactly one configuration object: either for AS2 (As2Config
) or SFTP (SftpConfig
).
Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Configure AS2 connectors and Create SFTP connectors.
You must specify exactly one configuration object: either for AS2 (As2Config
) or SFTP (SftpConfig
).
Creates the local or partner profile to use for AS2 transfers.
", "CreateServer": "Instantiates an auto-scaling virtual server based on the selected file transfer protocol in Amazon Web Services. When you make updates to your file transfer protocol-enabled server or when you work with users, use the service-generated ServerId
property that is assigned to the newly created server.
Creates a user and associates them with an existing file transfer protocol-enabled server. You can only create and associate users with servers that have the IdentityProviderType
set to SERVICE_MANAGED
. Using parameters for CreateUser
, you can specify the user name, set the home directory, store the user's public key, and assign the user's Identity and Access Management (IAM) role. You can also optionally add a session policy, and assign metadata with tags that can be used to group and search for users.
Updates the description for the host key that's specified by the ServerId
and HostKeyId
parameters.
Updates some of the parameters for an existing profile. Provide the ProfileId
for the profile that you want to update, along with the new values for the parameters to update.
Updates the file transfer protocol-enabled server's properties after that server has been created.
The UpdateServer
call returns the ServerId
of the server you updated.
Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName
and ServerId
you specify.
The response returns the ServerId
and the UserName
for the updated user.
Assigns new properties to a user. Parameters you pass modify any or all of the following: the home directory, role, and policy for the UserName
and ServerId
you specify.
The response returns the ServerId
and the UserName
for the updated user.
In the console, you can select Restricted when you create or update a user. This ensures that the user can't access anything outside of their home directory. The programmatic way to configure this behavior is to update the user. Set their HomeDirectoryType
to LOGICAL
, and specify HomeDirectoryMappings
with Entry
as root (/
) and Target
as their home directory.
For example, if the user's home directory is /test/admin-user
, the following command updates the user so that their configuration in the console shows the Restricted flag as selected.
aws transfer update-user --server-id <server-id> --user-name admin-user --home-directory-type LOGICAL --home-directory-mappings \"[{\\\"Entry\\\":\\\"/\\\", \\\"Target\\\":\\\"/test/admin-user\\\"}]\"
A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.
This property can only be set when EndpointType
is set to VPC
and it is only valid in the UpdateServer
API.
A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.
An address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the allocationId
field from the Amazon EC2 Address data type. One way to retrieve this value is by calling the EC2 DescribeAddresses API.
This parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see Create an internet-facing endpoint for your server.
This property can only be set as follows:
EndpointType
must be set to VPC
The Transfer Family server must be offline.
You cannot set this parameter for Transfer Family servers that use the FTP protocol.
The server must already have SubnetIds
populated (SubnetIds
and AddressAllocationIds
cannot be updated simultaneously).
AddressAllocationIds
can't contain duplicates, and must be equal in length to SubnetIds
. For example, if you have three subnet IDs, you must also specify three address allocation IDs.
Call the UpdateServer
API to set or change this parameter.
The algorithm that is used to encrypt the file.
You can only specify NONE
if the URL for your connector uses HTTPS. This ensures that no traffic is sent in clear text.
The algorithm that is used to encrypt the file.
Note the following:
Do not use the DES_EDE3_CBC
algorithm unless you must support a legacy client that requires it, as it is a weak encryption algorithm.
You can only specify NONE
if the URL for your connector uses HTTPS. Using HTTPS ensures that no traffic is sent in clear text.
Contains the details for an SFTP connector object. The connector object is used for transferring files to and from a partner's SFTP server.
", + "base": "Contains the details for an SFTP connector object. The connector object is used for transferring files to and from a partner's SFTP server.
Because the SftpConnectorConfig
data type is used for both creating and updating SFTP connectors, its parameters, TrustedHostKeys
and UserSecretId
are marked as not required. This is a bit misleading, as they are not required when you are updating an existing SFTP connector, but are required when you are creating a new SFTP connector.
A structure that contains the parameters for an SFTP connector object.
", "DescribedConnector$SftpConfig": "A structure that contains the parameters for an SFTP connector object.
", @@ -1769,7 +1769,7 @@ "SftpConnectorTrustedHostKeyList": { "base": null, "refs": { - "SftpConnectorConfig$TrustedHostKeys": "The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan
command against the SFTP server to retrieve the necessary key.
The three standard SSH public key format elements are <key type>
, <body base64>
, and an optional <comment>
, with spaces between each element. Specify only the <key type>
and <body base64>
: do not enter the <comment>
portion of the key.
For the trusted host key, Transfer Family accepts RSA and ECDSA keys.
For RSA keys, the <key type>
string is ssh-rsa
.
For ECDSA keys, the <key type>
string is either ecdsa-sha2-nistp256
, ecdsa-sha2-nistp384
, or ecdsa-sha2-nistp521
, depending on the size of the key you generated.
The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the ssh-keyscan
command against the SFTP server to retrieve the necessary key.
The three standard SSH public key format elements are <key type>
, <body base64>
, and an optional <comment>
, with spaces between each element. Specify only the <key type>
and <body base64>
: do not enter the <comment>
portion of the key.
For the trusted host key, Transfer Family accepts RSA and ECDSA keys.
For RSA keys, the <key type>
string is ssh-rsa
.
For ECDSA keys, the <key type>
string is either ecdsa-sha2-nistp256
, ecdsa-sha2-nistp384
, or ecdsa-sha2-nistp521
, depending on the size of the key you generated.
Run this command to retrieve the SFTP server host key, where your SFTP server name is ftp.host.com
.
ssh-keyscan ftp.host.com
This prints the public host key to standard output.
ftp.host.com ssh-rsa AAAAB3Nza...<long-string-for-public-key
Copy and paste this string into the TrustedHostKeys
field for the create-connector
command or into the Trusted host keys field in the console.