From d97b620587fbd4892dfa23dd95dc1de44fe84a5b Mon Sep 17 00:00:00 2001 From: awssdkgo Date: Wed, 7 Jul 2021 18:11:17 +0000 Subject: [PATCH] Release v1.39.2 (2021-07-07) === ### Service Client Updates * `service/chime`: Updates service API, documentation, and paginators * Releasing new APIs for AWS Chime MediaCapturePipeline * `service/cloudfront`: Updates service API and documentation * Amazon CloudFront now provides two new APIs, ListConflictingAliases and AssociateAlias, that help locate and move Alternate Domain Names (CNAMEs) if you encounter the CNAMEAlreadyExists error code. * `service/ec2`: Updates service API, documentation, and paginators * This release adds resource ids and tagging support for VPC security group rules. * `service/iam`: Updates service documentation * Documentation updates for AWS Identity and Access Management (IAM). * `service/iotsitewise`: Updates service API and documentation * `service/mq`: Updates service API and documentation * adds support for modifying the maintenance window for brokers. * `service/storagegateway`: Updates service API and documentation * Adding support for oplocks for SMB file shares, S3 Access Point and S3 Private Link for all file shares and IP address support for file system associations * `service/sts`: Updates service documentation * Documentation updates for AWS Security Token Service. --- CHANGELOG.md | 20 + aws/version.go | 2 +- models/apis/chime/2018-05-01/api-2.json | 184 ++ models/apis/chime/2018-05-01/docs-2.json | 86 + .../apis/chime/2018-05-01/paginators-1.json | 5 + models/apis/cloudfront/2020-05-31/api-2.json | 145 +- models/apis/cloudfront/2020-05-31/docs-2.json | 206 +- models/apis/ec2/2016-11-15/api-2.json | 277 ++- models/apis/ec2/2016-11-15/docs-2.json | 194 +- models/apis/ec2/2016-11-15/paginators-1.json | 6 + models/apis/iam/2010-05-08/docs-2.json | 428 ++-- models/apis/iotsitewise/2019-12-02/api-2.json | 98 + .../apis/iotsitewise/2019-12-02/docs-2.json | 375 ++-- models/apis/mq/2017-11-27/api-2.json | 101 +- models/apis/mq/2017-11-27/docs-2.json | 578 +++--- .../apis/storagegateway/2013-06-30/api-2.json | 70 +- .../storagegateway/2013-06-30/docs-2.json | 255 ++- models/apis/sts/2011-06-15/docs-2.json | 90 +- service/chime/api.go | 906 +++++++++ service/chime/chimeiface/interface.go | 19 + service/cloudfront/api.go | 852 ++++++-- .../cloudfront/cloudfrontiface/interface.go | 12 +- service/cloudfront/errors.go | 36 +- service/ec2/api.go | 1124 +++++++++-- service/ec2/ec2iface/interface.go | 11 + service/iam/api.go | 1734 +++++++++-------- service/iam/doc.go | 12 +- service/iam/errors.go | 7 +- service/iotsitewise/api.go | 1684 ++++++++++------ service/iotsitewise/doc.go | 12 +- service/iotsitewise/errors.go | 12 +- .../iotsitewise/iotsitewiseiface/interface.go | 8 + service/mq/api.go | 692 +++++-- service/storagegateway/api.go | 875 ++++++--- service/storagegateway/doc.go | 38 +- service/sts/api.go | 632 +++--- service/sts/doc.go | 10 +- service/sts/errors.go | 18 +- 38 files changed, 8351 insertions(+), 3463 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 313c2fd51eb..4e5738e6ed8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,23 @@ +Release v1.39.2 (2021-07-07) +=== + +### Service Client Updates +* `service/chime`: Updates service API, documentation, and paginators + * Releasing new APIs for AWS Chime MediaCapturePipeline +* `service/cloudfront`: Updates service API and documentation + * Amazon CloudFront now provides two new APIs, ListConflictingAliases and AssociateAlias, that help locate and move Alternate Domain Names (CNAMEs) if you encounter the CNAMEAlreadyExists error code. +* `service/ec2`: Updates service API, documentation, and paginators + * This release adds resource ids and tagging support for VPC security group rules. +* `service/iam`: Updates service documentation + * Documentation updates for AWS Identity and Access Management (IAM). +* `service/iotsitewise`: Updates service API and documentation +* `service/mq`: Updates service API and documentation + * adds support for modifying the maintenance window for brokers. +* `service/storagegateway`: Updates service API and documentation + * Adding support for oplocks for SMB file shares, S3 Access Point and S3 Private Link for all file shares and IP address support for file system associations +* `service/sts`: Updates service documentation + * Documentation updates for AWS Security Token Service. + Release v1.39.1 (2021-07-06) === diff --git a/aws/version.go b/aws/version.go index 3fe5cea3655..3fb3be1d54d 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.39.1" +const SDKVersion = "1.39.2" diff --git a/models/apis/chime/2018-05-01/api-2.json b/models/apis/chime/2018-05-01/api-2.json index 935d97c1ecc..4d091cd692a 100644 --- a/models/apis/chime/2018-05-01/api-2.json +++ b/models/apis/chime/2018-05-01/api-2.json @@ -448,6 +448,25 @@ ], "endpoint":{"hostPrefix":"messaging-"} }, + "CreateMediaCapturePipeline":{ + "name":"CreateMediaCapturePipeline", + "http":{ + "method":"POST", + "requestUri":"/media-capture-pipelines", + "responseCode":201 + }, + "input":{"shape":"CreateMediaCapturePipelineRequest"}, + "output":{"shape":"CreateMediaCapturePipelineResponse"}, + "errors":[ + {"shape":"ResourceLimitExceededException"}, + {"shape":"ForbiddenException"}, + {"shape":"BadRequestException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ] + }, "CreateMeeting":{ "name":"CreateMeeting", "http":{ @@ -925,6 +944,24 @@ {"shape":"ResourceLimitExceededException"} ] }, + "DeleteMediaCapturePipeline":{ + "name":"DeleteMediaCapturePipeline", + "http":{ + "method":"DELETE", + "requestUri":"/media-capture-pipelines/{mediaPipelineId}", + "responseCode":204 + }, + "input":{"shape":"DeleteMediaCapturePipelineRequest"}, + "errors":[ + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"BadRequestException"}, + {"shape":"ThrottledClientException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ] + }, "DeleteMeeting":{ "name":"DeleteMeeting", "http":{ @@ -1618,6 +1655,25 @@ {"shape":"ServiceFailureException"} ] }, + "GetMediaCapturePipeline":{ + "name":"GetMediaCapturePipeline", + "http":{ + "method":"GET", + "requestUri":"/media-capture-pipelines/{mediaPipelineId}", + "responseCode":200 + }, + "input":{"shape":"GetMediaCapturePipelineRequest"}, + "output":{"shape":"GetMediaCapturePipelineResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"ForbiddenException"}, + {"shape":"BadRequestException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ] + }, "GetMeeting":{ "name":"GetMeeting", "http":{ @@ -2315,6 +2371,24 @@ ], "endpoint":{"hostPrefix":"messaging-"} }, + "ListMediaCapturePipelines":{ + "name":"ListMediaCapturePipelines", + "http":{ + "method":"GET", + "requestUri":"/media-capture-pipelines", + "responseCode":200 + }, + "input":{"shape":"ListMediaCapturePipelinesRequest"}, + "output":{"shape":"ListMediaCapturePipelinesResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"ThrottledClientException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ] + }, "ListMeetingTags":{ "name":"ListMeetingTags", "http":{ @@ -4553,6 +4627,31 @@ "ChannelArn":{"shape":"ChimeArn"} } }, + "CreateMediaCapturePipelineRequest":{ + "type":"structure", + "required":[ + "SourceType", + "SourceArn", + "SinkType", + "SinkArn" + ], + "members":{ + "SourceType":{"shape":"MediaPipelineSourceType"}, + "SourceArn":{"shape":"Arn"}, + "SinkType":{"shape":"MediaPipelineSinkType"}, + "SinkArn":{"shape":"Arn"}, + "ClientRequestToken":{ + "shape":"ClientRequestToken", + "idempotencyToken":true + } + } + }, + "CreateMediaCapturePipelineResponse":{ + "type":"structure", + "members":{ + "MediaCapturePipeline":{"shape":"MediaCapturePipeline"} + } + }, "CreateMeetingDialOutRequest":{ "type":"structure", "required":[ @@ -5092,6 +5191,17 @@ } } }, + "DeleteMediaCapturePipelineRequest":{ + "type":"structure", + "required":["MediaPipelineId"], + "members":{ + "MediaPipelineId":{ + "shape":"GuidString", + "location":"uri", + "locationName":"mediaPipelineId" + } + } + }, "DeleteMeetingRequest":{ "type":"structure", "required":["MeetingId"], @@ -5890,6 +6000,23 @@ "VoiceConnector":{"shape":"VoiceConnectorSettings"} } }, + "GetMediaCapturePipelineRequest":{ + "type":"structure", + "required":["MediaPipelineId"], + "members":{ + "MediaPipelineId":{ + "shape":"GuidString", + "location":"uri", + "locationName":"mediaPipelineId" + } + } + }, + "GetMediaCapturePipelineResponse":{ + "type":"structure", + "members":{ + "MediaCapturePipeline":{"shape":"MediaCapturePipeline"} + } + }, "GetMeetingRequest":{ "type":"structure", "required":["MeetingId"], @@ -6811,6 +6938,28 @@ "NextToken":{"shape":"NextToken"} } }, + "ListMediaCapturePipelinesRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "location":"querystring", + "locationName":"next-token" + }, + "MaxResults":{ + "shape":"ResultMax", + "location":"querystring", + "locationName":"max-results" + } + } + }, + "ListMediaCapturePipelinesResponse":{ + "type":"structure", + "members":{ + "MediaCapturePipelines":{"shape":"MediaCapturePipelineList"}, + "NextToken":{"shape":"String"} + } + }, "ListMeetingTagsRequest":{ "type":"structure", "required":["MeetingId"], @@ -7233,6 +7382,41 @@ "max":50, "min":1 }, + "MediaCapturePipeline":{ + "type":"structure", + "members":{ + "MediaPipelineId":{"shape":"GuidString"}, + "SourceType":{"shape":"MediaPipelineSourceType"}, + "SourceArn":{"shape":"Arn"}, + "Status":{"shape":"MediaPipelineStatus"}, + "SinkType":{"shape":"MediaPipelineSinkType"}, + "SinkArn":{"shape":"Arn"}, + "CreatedTimestamp":{"shape":"Iso8601Timestamp"}, + "UpdatedTimestamp":{"shape":"Iso8601Timestamp"} + } + }, + "MediaCapturePipelineList":{ + "type":"list", + "member":{"shape":"MediaCapturePipeline"} + }, + "MediaPipelineSinkType":{ + "type":"string", + "enum":["S3Bucket"] + }, + "MediaPipelineSourceType":{ + "type":"string", + "enum":["ChimeSdkMeeting"] + }, + "MediaPipelineStatus":{ + "type":"string", + "enum":[ + "Initializing", + "InProgress", + "Failed", + "Stopping", + "Stopped" + ] + }, "MediaPlacement":{ "type":"structure", "members":{ diff --git a/models/apis/chime/2018-05-01/docs-2.json b/models/apis/chime/2018-05-01/docs-2.json index 8fdf50a7cfb..8449dd1e38e 100644 --- a/models/apis/chime/2018-05-01/docs-2.json +++ b/models/apis/chime/2018-05-01/docs-2.json @@ -24,6 +24,7 @@ "CreateChannelBan": "

Permanently bans a member from a channel. Moderators can't add banned members to a channel. To undo a ban, you first have to DeleteChannelBan, and then CreateChannelMembership. Bans are cleaned up when you delete users or channels.

If you ban a user who is already part of a channel, that user is automatically kicked from the channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "CreateChannelMembership": "

Adds a user to a channel. The InvitedBy response field is derived from the request header. A channel member can:

Privacy settings impact this action as follows:

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "CreateChannelModerator": "

Creates a new ChannelModerator. A channel moderator can:

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", + "CreateMediaCapturePipeline": "

Creates a media capture pipeline.

", "CreateMeeting": "

Creates a new Amazon Chime SDK meeting in the specified media Region with no initial attendees. For more information about specifying media Regions, see Amazon Chime SDK Media Regions in the Amazon Chime Developer Guide . For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide .

", "CreateMeetingDialOut": "

Uses the join token and call metadata in a meeting request (From number, To number, and so forth) to initiate an outbound call to a public switched telephone network (PSTN) and join them into a Chime meeting. Also ensures that the From number belongs to the customer.

To play welcome audio or implement an interactive voice response (IVR), use the CreateSipMediaApplicationCall action with the corresponding SIP media application ID.

", "CreateMeetingWithAttendees": "

Creates a new Amazon Chime SDK meeting in the specified media Region, with attendees. For more information about specifying media Regions, see Amazon Chime SDK Media Regions in the Amazon Chime Developer Guide . For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide .

", @@ -49,6 +50,7 @@ "DeleteChannelMessage": "

Deletes a channel message. Only admins can perform this action. Deletion makes messages inaccessible immediately. A background process deletes any revisions created by UpdateChannelMessage.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "DeleteChannelModerator": "

Deletes a channel moderator.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "DeleteEventsConfiguration": "

Deletes the events configuration that allows a bot to receive outgoing events.

", + "DeleteMediaCapturePipeline": "

Deletes the media capture pipeline.

", "DeleteMeeting": "

Deletes the specified Amazon Chime SDK meeting. The operation deletes all attendees, disconnects all clients, and prevents new clients from joining the meeting. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

", "DeletePhoneNumber": "

Moves the specified phone number into the Deletion queue. A phone number must be disassociated from any users or Amazon Chime Voice Connectors before it can be deleted.

Deleted phone numbers remain in the Deletion queue for 7 days before they are deleted permanently.

", "DeleteProxySession": "

Deletes the specified proxy session from the specified Amazon Chime Voice Connector.

", @@ -86,6 +88,7 @@ "GetChannelMessage": "

Gets the full details of a channel message.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "GetEventsConfiguration": "

Gets details for an events configuration that allows a bot to receive outgoing events, such as an HTTPS endpoint or Lambda function ARN.

", "GetGlobalSettings": "

Retrieves global settings for the administrator's AWS account, such as Amazon Chime Business Calling and Amazon Chime Voice Connector settings.

", + "GetMediaCapturePipeline": "

Gets an existing media capture pipeline.

", "GetMeeting": "

Gets the Amazon Chime SDK meeting details for the specified meeting ID. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide .

", "GetMessagingSessionEndpoint": "

The details of the endpoint for the messaging session.

", "GetPhoneNumber": "

Retrieves details for the specified phone number ID, such as associations, capabilities, and product type.

", @@ -123,6 +126,7 @@ "ListChannelModerators": "

Lists all the moderators for a channel.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "ListChannels": "

Lists all Channels created under a single Chime App as a paginated list. You can specify filters to narrow results.

Functionality & restrictions

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", "ListChannelsModeratedByAppInstanceUser": "

A list of the channels moderated by an AppInstanceUser.

The x-amz-chime-bearer request header is mandatory. Use the AppInstanceUserArn of the user that makes the API call as the value in the header.

", + "ListMediaCapturePipelines": "

Returns a list of media capture pipelines.

", "ListMeetingTags": "

Lists the tags applied to an Amazon Chime SDK meeting resource.

", "ListMeetings": "

Lists up to 100 active Amazon Chime SDK meetings. For more information about the Amazon Chime SDK, see Using the Amazon Chime SDK in the Amazon Chime Developer Guide.

", "ListPhoneNumberOrders": "

Lists the phone number orders for the administrator's Amazon Chime account.

", @@ -344,7 +348,11 @@ "base": null, "refs": { "AppInstanceStreamingConfiguration$ResourceArn": "

The resource ARN.

", + "CreateMediaCapturePipelineRequest$SourceArn": "

ARN of the source from which the media artifacts are captured.

", + "CreateMediaCapturePipelineRequest$SinkArn": "

The ARN of the sink type.

", "ListTagsForResourceRequest$ResourceARN": "

The resource ARN.

", + "MediaCapturePipeline$SourceArn": "

ARN of the source from which the media artifacts will be saved.

", + "MediaCapturePipeline$SinkArn": "

ARN of the destination to which the media artifacts are saved.

", "MeetingNotificationConfiguration$SnsTopicArn": "

The SNS topic ARN.

", "MeetingNotificationConfiguration$SqsQueueArn": "

The SQS queue ARN.

", "TagResourceRequest$ResourceARN": "

The resource ARN.

", @@ -927,6 +935,7 @@ "CreateAppInstanceRequest$ClientRequestToken": "

The ClientRequestToken of the AppInstance.

", "CreateAppInstanceUserRequest$ClientRequestToken": "

The token assigned to the user requesting an AppInstance.

", "CreateChannelRequest$ClientRequestToken": "

The client token for the request. An Idempotency token.

", + "CreateMediaCapturePipelineRequest$ClientRequestToken": "

The token assigned to the client making the pipeline request.

", "CreateMeetingRequest$ClientRequestToken": "

The unique identifier for the client request. Use a different token for different meetings.

", "CreateMeetingWithAttendeesRequest$ClientRequestToken": "

The unique identifier for the client request. Use a different token for different meetings.

", "CreateRoomRequest$ClientRequestToken": "

The idempotency token for the request.

", @@ -1090,6 +1099,16 @@ "refs": { } }, + "CreateMediaCapturePipelineRequest": { + "base": null, + "refs": { + } + }, + "CreateMediaCapturePipelineResponse": { + "base": null, + "refs": { + } + }, "CreateMeetingDialOutRequest": { "base": null, "refs": { @@ -1321,6 +1340,11 @@ "refs": { } }, + "DeleteMediaCapturePipelineRequest": { + "base": null, + "refs": { + } + }, "DeleteMeetingRequest": { "base": null, "refs": { @@ -1739,6 +1763,16 @@ "refs": { } }, + "GetMediaCapturePipelineRequest": { + "base": null, + "refs": { + } + }, + "GetMediaCapturePipelineResponse": { + "base": null, + "refs": { + } + }, "GetMeetingRequest": { "base": null, "refs": { @@ -1964,15 +1998,18 @@ "CreateMeetingDialOutResponse$TransactionId": "

Unique ID that tracks API calls.

", "DeleteAttendeeRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", "DeleteAttendeeRequest$AttendeeId": "

The Amazon Chime SDK attendee ID.

", + "DeleteMediaCapturePipelineRequest$MediaPipelineId": "

The ID of the media capture pipeline being deleted.

", "DeleteMeetingRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", "GetAttendeeRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", "GetAttendeeRequest$AttendeeId": "

The Amazon Chime SDK attendee ID.

", + "GetMediaCapturePipelineRequest$MediaPipelineId": "

The ID of the pipeline that you want to get.

", "GetMeetingRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", "GetPhoneNumberOrderRequest$PhoneNumberOrderId": "

The ID for the phone number order.

", "ListAttendeeTagsRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", "ListAttendeeTagsRequest$AttendeeId": "

The Amazon Chime SDK attendee ID.

", "ListAttendeesRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", "ListMeetingTagsRequest$MeetingId": "

The Amazon Chime SDK meeting ID.

", + "MediaCapturePipeline$MediaPipelineId": "

The ID of a media capture pipeline.

", "Meeting$MeetingId": "

The Amazon Chime SDK meeting ID.

", "PhoneNumberOrder$PhoneNumberOrderId": "

The phone number order ID.

", "SipMediaApplicationCall$TransactionId": "

The transaction ID of a call.

", @@ -2053,6 +2090,8 @@ "Bot$UpdatedTimestamp": "

The updated bot timestamp, in ISO 8601 format.

", "GetPhoneNumberSettingsResponse$CallingNameUpdatedTimestamp": "

The updated outbound calling name timestamp, in ISO 8601 format.

", "GetRetentionSettingsResponse$InitiateDeletionTimestamp": "

The timestamp representing the time at which the specified items are permanently deleted, in ISO 8601 format.

", + "MediaCapturePipeline$CreatedTimestamp": "

The time at which the capture pipeline was created, in ISO 8601 format.

", + "MediaCapturePipeline$UpdatedTimestamp": "

The time at which the capture pipeline was updated, in ISO 8601 format.

", "PhoneNumber$CreatedTimestamp": "

The phone number creation timestamp, in ISO 8601 format.

", "PhoneNumber$UpdatedTimestamp": "

The updated phone number timestamp, in ISO 8601 format.

", "PhoneNumber$DeletionTimestamp": "

The deleted phone number timestamp, in ISO 8601 format.

", @@ -2243,6 +2282,16 @@ "refs": { } }, + "ListMediaCapturePipelinesRequest": { + "base": null, + "refs": { + } + }, + "ListMediaCapturePipelinesResponse": { + "base": null, + "refs": { + } + }, "ListMeetingTagsRequest": { "base": null, "refs": { @@ -2426,6 +2475,40 @@ "ListChannelsRequest$MaxResults": "

The maximum number of channels that you want to return.

" } }, + "MediaCapturePipeline": { + "base": "

A media capture pipeline object. A string consisting of an ID, source type, a source ARN, a sink type, and a sink ARN.

", + "refs": { + "CreateMediaCapturePipelineResponse$MediaCapturePipeline": "

A media capture pipeline object, the ID, source type, source ARN, sink type, and sink ARN of a media capture pipeline object.

", + "GetMediaCapturePipelineResponse$MediaCapturePipeline": "

The media capture pipeline object.

", + "MediaCapturePipelineList$member": null + } + }, + "MediaCapturePipelineList": { + "base": null, + "refs": { + "ListMediaCapturePipelinesResponse$MediaCapturePipelines": "

The media capture pipeline objects in the list.

" + } + }, + "MediaPipelineSinkType": { + "base": null, + "refs": { + "CreateMediaCapturePipelineRequest$SinkType": "

Destination type to which the media artifacts are saved. You must use an S3 bucket.

", + "MediaCapturePipeline$SinkType": "

Destination type to which the media artifacts are saved. You must use an S3 Bucket.

" + } + }, + "MediaPipelineSourceType": { + "base": null, + "refs": { + "CreateMediaCapturePipelineRequest$SourceType": "

Source type from which the media artifacts will be captured. A Chime SDK Meeting is the only supported source.

", + "MediaCapturePipeline$SourceType": "

Source type from which media artifacts are saved. You must use ChimeMeeting.

" + } + }, + "MediaPipelineStatus": { + "base": null, + "refs": { + "MediaCapturePipeline$Status": "

The status of the media capture pipeline.

" + } + }, "MediaPlacement": { "base": "

A set of endpoints used by clients to connect to the media service group for a Amazon Chime SDK meeting.

", "refs": { @@ -3268,6 +3351,7 @@ "refs": { "ListAttendeesRequest$MaxResults": "

The maximum number of results to return in a single call.

", "ListBotsRequest$MaxResults": "

The maximum number of results to return in a single call. The default is 10.

", + "ListMediaCapturePipelinesRequest$MaxResults": "

The maximum number of results to return in a single call. Valid Range: 1 - 99.

", "ListMeetingsRequest$MaxResults": "

The maximum number of results to return in a single call.

", "ListPhoneNumberOrdersRequest$MaxResults": "

The maximum number of results to return in a single call.

", "ListPhoneNumbersRequest$MaxResults": "

The maximum number of results to return in a single call.

", @@ -3586,6 +3670,8 @@ "ListAttendeesResponse$NextToken": "

The token to use to retrieve the next page of results.

", "ListBotsRequest$NextToken": "

The token to use to retrieve the next page of results.

", "ListBotsResponse$NextToken": "

The token to use to retrieve the next page of results.

", + "ListMediaCapturePipelinesRequest$NextToken": "

The token used to retrieve the next page of results.

", + "ListMediaCapturePipelinesResponse$NextToken": "

The token used to retrieve the next page of results.

", "ListMeetingsRequest$NextToken": "

The token to use to retrieve the next page of results.

", "ListMeetingsResponse$NextToken": "

The token to use to retrieve the next page of results.

", "ListPhoneNumberOrdersRequest$NextToken": "

The token to use to retrieve the next page of results.

", diff --git a/models/apis/chime/2018-05-01/paginators-1.json b/models/apis/chime/2018-05-01/paginators-1.json index 8021a1e8848..0f87c882ba3 100644 --- a/models/apis/chime/2018-05-01/paginators-1.json +++ b/models/apis/chime/2018-05-01/paginators-1.json @@ -65,6 +65,11 @@ "output_token": "NextToken", "limit_key": "MaxResults" }, + "ListMediaCapturePipelines": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults" + }, "ListMeetings": { "input_token": "NextToken", "output_token": "NextToken", diff --git a/models/apis/cloudfront/2020-05-31/api-2.json b/models/apis/cloudfront/2020-05-31/api-2.json index 136d971cfb0..b3585b86a96 100644 --- a/models/apis/cloudfront/2020-05-31/api-2.json +++ b/models/apis/cloudfront/2020-05-31/api-2.json @@ -12,6 +12,22 @@ "uid":"cloudfront-2020-05-31" }, "operations":{ + "AssociateAlias":{ + "name":"AssociateAlias2020_05_31", + "http":{ + "method":"PUT", + "requestUri":"/2020-05-31/distribution/{TargetDistributionId}/associate-alias", + "responseCode":200 + }, + "input":{"shape":"AssociateAliasRequest"}, + "errors":[ + {"shape":"InvalidArgument"}, + {"shape":"NoSuchDistribution"}, + {"shape":"TooManyDistributionCNAMEs"}, + {"shape":"IllegalUpdate"}, + {"shape":"AccessDenied"} + ] + }, "CreateCachePolicy":{ "name":"CreateCachePolicy2020_05_31", "http":{ @@ -245,7 +261,8 @@ {"shape":"TooManyFunctions"}, {"shape":"FunctionAlreadyExists"}, {"shape":"FunctionSizeLimitExceeded"}, - {"shape":"InvalidArgument"} + {"shape":"InvalidArgument"}, + {"shape":"UnsupportedOperation"} ] }, "CreateInvalidation":{ @@ -494,7 +511,8 @@ {"shape":"InvalidIfMatchVersion"}, {"shape":"NoSuchFunctionExists"}, {"shape":"FunctionInUse"}, - {"shape":"PreconditionFailed"} + {"shape":"PreconditionFailed"}, + {"shape":"UnsupportedOperation"} ] }, "DeleteKeyGroup":{ @@ -603,7 +621,8 @@ "input":{"shape":"DescribeFunctionRequest"}, "output":{"shape":"DescribeFunctionResult"}, "errors":[ - {"shape":"NoSuchFunctionExists"} + {"shape":"NoSuchFunctionExists"}, + {"shape":"UnsupportedOperation"} ] }, "GetCachePolicy":{ @@ -745,7 +764,8 @@ "input":{"shape":"GetFunctionRequest"}, "output":{"shape":"GetFunctionResult"}, "errors":[ - {"shape":"NoSuchFunctionExists"} + {"shape":"NoSuchFunctionExists"}, + {"shape":"UnsupportedOperation"} ] }, "GetInvalidation":{ @@ -922,6 +942,20 @@ {"shape":"InvalidArgument"} ] }, + "ListConflictingAliases":{ + "name":"ListConflictingAliases2020_05_31", + "http":{ + "method":"GET", + "requestUri":"/2020-05-31/conflicting-alias", + "responseCode":200 + }, + "input":{"shape":"ListConflictingAliasesRequest"}, + "output":{"shape":"ListConflictingAliasesResult"}, + "errors":[ + {"shape":"InvalidArgument"}, + {"shape":"NoSuchDistribution"} + ] + }, "ListDistributions":{ "name":"ListDistributions2020_05_31", "http":{ @@ -1037,7 +1071,8 @@ "input":{"shape":"ListFunctionsRequest"}, "output":{"shape":"ListFunctionsResult"}, "errors":[ - {"shape":"InvalidArgument"} + {"shape":"InvalidArgument"}, + {"shape":"UnsupportedOperation"} ] }, "ListInvalidations":{ @@ -1145,7 +1180,8 @@ {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"}, {"shape":"NoSuchFunctionExists"}, - {"shape":"PreconditionFailed"} + {"shape":"PreconditionFailed"}, + {"shape":"UnsupportedOperation"} ] }, "TagResource":{ @@ -1179,7 +1215,8 @@ {"shape":"InvalidArgument"}, {"shape":"InvalidIfMatchVersion"}, {"shape":"NoSuchFunctionExists"}, - {"shape":"TestFunctionFailed"} + {"shape":"TestFunctionFailed"}, + {"shape":"UnsupportedOperation"} ] }, "UntagResource":{ @@ -1368,7 +1405,8 @@ {"shape":"InvalidIfMatchVersion"}, {"shape":"NoSuchFunctionExists"}, {"shape":"PreconditionFailed"}, - {"shape":"FunctionSizeLimitExceeded"} + {"shape":"FunctionSizeLimitExceeded"}, + {"shape":"UnsupportedOperation"} ] }, "UpdateKeyGroup":{ @@ -1545,6 +1583,25 @@ "CachedMethods":{"shape":"CachedMethods"} } }, + "AssociateAliasRequest":{ + "type":"structure", + "required":[ + "TargetDistributionId", + "Alias" + ], + "members":{ + "TargetDistributionId":{ + "shape":"string", + "location":"uri", + "locationName":"TargetDistributionId" + }, + "Alias":{ + "shape":"string", + "location":"querystring", + "locationName":"Alias" + } + } + }, "AwsAccountNumberList":{ "type":"list", "member":{ @@ -1861,6 +1918,30 @@ "type":"string", "sensitive":true }, + "ConflictingAlias":{ + "type":"structure", + "members":{ + "Alias":{"shape":"string"}, + "DistributionId":{"shape":"string"}, + "AccountId":{"shape":"string"} + } + }, + "ConflictingAliases":{ + "type":"list", + "member":{ + "shape":"ConflictingAlias", + "locationName":"ConflictingAlias" + } + }, + "ConflictingAliasesList":{ + "type":"structure", + "members":{ + "NextMarker":{"shape":"string"}, + "MaxItems":{"shape":"integer"}, + "Quantity":{"shape":"integer"}, + "Items":{"shape":"ConflictingAliases"} + } + }, "ContentTypeProfile":{ "type":"structure", "required":[ @@ -4241,6 +4322,42 @@ }, "payload":"CloudFrontOriginAccessIdentityList" }, + "ListConflictingAliasesRequest":{ + "type":"structure", + "required":[ + "DistributionId", + "Alias" + ], + "members":{ + "DistributionId":{ + "shape":"distributionIdString", + "location":"querystring", + "locationName":"DistributionId" + }, + "Alias":{ + "shape":"aliasString", + "location":"querystring", + "locationName":"Alias" + }, + "Marker":{ + "shape":"string", + "location":"querystring", + "locationName":"Marker" + }, + "MaxItems":{ + "shape":"listConflictingAliasesMaxItemsInteger", + "location":"querystring", + "locationName":"MaxItems" + } + } + }, + "ListConflictingAliasesResult":{ + "type":"structure", + "members":{ + "ConflictingAliasesList":{"shape":"ConflictingAliasesList"} + }, + "payload":"ConflictingAliasesList" + }, "ListDistributionsByCachePolicyIdRequest":{ "type":"structure", "required":["CachePolicyId"], @@ -6559,8 +6676,20 @@ "redirect-to-https" ] }, + "aliasString":{ + "type":"string", + "max":253 + }, "boolean":{"type":"boolean"}, + "distributionIdString":{ + "type":"string", + "max":25 + }, "integer":{"type":"integer"}, + "listConflictingAliasesMaxItemsInteger":{ + "type":"integer", + "max":100 + }, "long":{"type":"long"}, "string":{"type":"string"}, "timestamp":{"type":"timestamp"} diff --git a/models/apis/cloudfront/2020-05-31/docs-2.json b/models/apis/cloudfront/2020-05-31/docs-2.json index 0118d92f522..96e4608a6fa 100644 --- a/models/apis/cloudfront/2020-05-31/docs-2.json +++ b/models/apis/cloudfront/2020-05-31/docs-2.json @@ -2,6 +2,7 @@ "version": "2.0", "service": "Amazon CloudFront

This is the Amazon CloudFront API Reference. This guide is for developers who need detailed information about CloudFront API actions, data types, and errors. For detailed information about CloudFront features, see the Amazon CloudFront Developer Guide.

", "operations": { + "AssociateAlias": "

Associates an alias (also known as a CNAME or an alternate domain name) with a CloudFront distribution.

With this operation you can move an alias that’s already in use on a CloudFront distribution to a different distribution in one step. This prevents the downtime that could occur if you first remove the alias from one distribution and then separately add the alias to another distribution.

To use this operation to associate an alias with a distribution, you provide the alias and the ID of the target distribution for the alias. For more information, including how to set up the target distribution, prerequisites that you must complete, and other restrictions, see Moving an alternate domain name to a different distribution in the Amazon CloudFront Developer Guide.

", "CreateCachePolicy": "

Creates a cache policy.

After you create a cache policy, you can attach it to one or more cache behaviors. When it’s attached to a cache behavior, the cache policy determines the following:

The headers, cookies, and query strings that are included in the cache key are automatically included in requests that CloudFront sends to the origin. CloudFront sends a request when it can’t find an object in its cache that matches the request’s cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

For more information about cache policies, see Controlling the cache key in the Amazon CloudFront Developer Guide.

", "CreateCloudFrontOriginAccessIdentity": "

Creates a new origin access identity. If you're using Amazon S3 for your origin, you can use an origin access identity to require users to access your content using a CloudFront URL instead of the Amazon S3 URL. For more information about how to use origin access identities, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

", "CreateDistribution": "

Creates a new web distribution. You create a CloudFront distribution to tell CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery. Send a POST request to the /CloudFront API version/distribution/distribution ID resource.

When you update a distribution, there are more required fields than when you create a distribution. When you update your distribution by using UpdateDistribution, follow the steps included in the documentation to get the current configuration and then make your updates. This helps to make sure that you include all of the required fields. To view a summary, see Required Fields for Create Distribution and Update Distribution in the Amazon CloudFront Developer Guide.

", @@ -52,20 +53,21 @@ "GetRealtimeLogConfig": "

Gets a real-time log configuration.

To get a real-time log configuration, you can provide the configuration’s name or its Amazon Resource Name (ARN). You must provide at least one. If you provide both, CloudFront uses the name to identify the real-time log configuration to get.

", "GetStreamingDistribution": "

Gets information about a specified RTMP distribution, including the distribution configuration.

", "GetStreamingDistributionConfig": "

Get the configuration information about a streaming distribution.

", - "ListCachePolicies": "

Gets a list of cache policies.

You can optionally apply a filter to return only the managed policies created by AWS, or only the custom policies created in your AWS account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", + "ListCachePolicies": "

Gets a list of cache policies.

You can optionally apply a filter to return only the managed policies created by Amazon Web Services, or only the custom policies created in your account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListCloudFrontOriginAccessIdentities": "

Lists origin access identities.

", + "ListConflictingAliases": "

Gets a list of aliases (also called CNAMEs or alternate domain names) that conflict or overlap with the provided alias, and the associated CloudFront distributions and Amazon Web Services accounts for each conflicting alias. In the returned list, the distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don’t own.

Use this operation to find aliases that are in use in CloudFront that conflict or overlap with the provided alias. For example, if you provide www.example.com as input, the returned list can include www.example.com and the overlapping wildcard alternate domain name (*.example.com), if they exist. If you provide *.example.com as input, the returned list can include *.example.com and any alternate domain names covered by that wildcard (for example, www.example.com, test.example.com, dev.example.com, and so on), if they exist.

To list conflicting aliases, you provide the alias to search and the ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias. For more information, including how to set up the distribution and certificate, see Moving an alternate domain name to a different distribution in the Amazon CloudFront Developer Guide.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListDistributions": "

List CloudFront distributions.

", "ListDistributionsByCachePolicyId": "

Gets a list of distribution IDs for distributions that have a cache behavior that’s associated with the specified cache policy.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListDistributionsByKeyGroup": "

Gets a list of distribution IDs for distributions that have a cache behavior that references the specified key group.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListDistributionsByOriginRequestPolicyId": "

Gets a list of distribution IDs for distributions that have a cache behavior that’s associated with the specified origin request policy.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListDistributionsByRealtimeLogConfig": "

Gets a list of distributions that have a cache behavior that’s associated with the specified real-time log configuration.

You can specify the real-time log configuration by its name or its Amazon Resource Name (ARN). You must provide at least one. If you provide both, CloudFront uses the name to identify the real-time log configuration to list distributions for.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", - "ListDistributionsByWebACLId": "

List the distributions that are associated with a specified AWS WAF web ACL.

", + "ListDistributionsByWebACLId": "

List the distributions that are associated with a specified WAF web ACL.

", "ListFieldLevelEncryptionConfigs": "

List all field-level encryption configurations that have been created in CloudFront for this account.

", "ListFieldLevelEncryptionProfiles": "

Request a list of field-level encryption profiles that have been created in CloudFront for this account.

", - "ListFunctions": "

Gets a list of all CloudFront functions in your AWS account.

You can optionally apply a filter to return only the functions that are in the specified stage, either DEVELOPMENT or LIVE.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", + "ListFunctions": "

Gets a list of all CloudFront functions in your account.

You can optionally apply a filter to return only the functions that are in the specified stage, either DEVELOPMENT or LIVE.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListInvalidations": "

Lists invalidation batches.

", "ListKeyGroups": "

Gets a list of key groups.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", - "ListOriginRequestPolicies": "

Gets a list of origin request policies.

You can optionally apply a filter to return only the managed policies created by AWS, or only the custom policies created in your AWS account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", + "ListOriginRequestPolicies": "

Gets a list of origin request policies.

You can optionally apply a filter to return only the managed policies created by Amazon Web Services, or only the custom policies created in your account.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListPublicKeys": "

List all public keys that have been added to CloudFront for this account.

", "ListRealtimeLogConfigs": "

Gets a list of real-time log configurations.

You can optionally specify the maximum number of items to receive in the response. If the total number of items in the list exceeds the maximum that you specify, or the default maximum, the response is paginated. To get the next page of items, send a subsequent request that specifies the NextMarker value from the current response as the Marker value in the subsequent request.

", "ListStreamingDistributions": "

List streaming distributions.

", @@ -99,14 +101,14 @@ } }, "ActiveTrustedSigners": { - "base": "

A list of AWS accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

", + "base": "

A list of accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

", "refs": { - "Distribution$ActiveTrustedSigners": "

We recommend using TrustedKeyGroups instead of TrustedSigners.

CloudFront automatically adds this field to the response if you’ve configured a cache behavior in this distribution to serve private content using trusted signers. This field contains a list of AWS account IDs and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs or signed cookies.

", - "StreamingDistribution$ActiveTrustedSigners": "

A complex type that lists the AWS accounts, if any, that you included in the TrustedSigners complex type for this distribution. These are the accounts that you want to allow to create signed URLs for private content.

The Signer complex type lists the AWS account number of the trusted signer or self if the signer is the AWS account that created the distribution. The Signer element also includes the IDs of any active CloudFront key pairs that are associated with the trusted signer's AWS account. If no KeyPairId element appears for a Signer, that signer can't create signed URLs.

For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" + "Distribution$ActiveTrustedSigners": "

We recommend using TrustedKeyGroups instead of TrustedSigners.

CloudFront automatically adds this field to the response if you’ve configured a cache behavior in this distribution to serve private content using trusted signers. This field contains a list of account IDs and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs or signed cookies.

", + "StreamingDistribution$ActiveTrustedSigners": "

A complex type that lists the accounts, if any, that you included in the TrustedSigners complex type for this distribution. These are the accounts that you want to allow to create signed URLs for private content.

The Signer complex type lists the account number of the trusted signer or self if the signer is the account that created the distribution. The Signer element also includes the IDs of any active CloudFront key pairs that are associated with the trusted signer's account. If no KeyPairId element appears for a Signer, that signer can't create signed URLs.

For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" } }, "AliasICPRecordal": { - "base": "

AWS services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. The status is returned in the CloudFront response; you can't configure it yourself.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with AWS services in China.

", + "base": "

Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. The status is returned in the CloudFront response; you can't configure it yourself.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.

", "refs": { "AliasICPRecordals$member": null } @@ -114,8 +116,8 @@ "AliasICPRecordals": { "base": null, "refs": { - "Distribution$AliasICPRecordals": "

AWS services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with AWS services in China.

", - "DistributionSummary$AliasICPRecordals": "

AWS services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with AWS services in China.

" + "Distribution$AliasICPRecordals": "

Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.

", + "DistributionSummary$AliasICPRecordals": "

Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions.

For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.

" } }, "AliasList": { @@ -140,10 +142,15 @@ "DefaultCacheBehavior$AllowedMethods": null } }, + "AssociateAliasRequest": { + "base": null, + "refs": { + } + }, "AwsAccountNumberList": { "base": null, "refs": { - "TrustedSigners$Items": "

A list of AWS account identifiers.

" + "TrustedSigners$Items": "

A list of account identifiers.

" } }, "BatchTooLarge": { @@ -260,8 +267,8 @@ "CachePolicyType": { "base": null, "refs": { - "CachePolicySummary$Type": "

The type of cache policy, either managed (created by AWS) or custom (created in this AWS account).

", - "ListCachePoliciesRequest$Type": "

A filter to return only the specified kinds of cache policies. Valid values are:

" + "CachePolicySummary$Type": "

The type of cache policy, either managed (created by Amazon Web Services) or custom (created in this account).

", + "ListCachePoliciesRequest$Type": "

A filter to return only the specified kinds of cache policies. Valid values are:

" } }, "CachedMethods": { @@ -323,7 +330,7 @@ "CloudFrontOriginAccessIdentitySummaryList": { "base": null, "refs": { - "CloudFrontOriginAccessIdentityList$Items": "

A complex type that contains one CloudFrontOriginAccessIdentitySummary element for each origin access identity that was created by the current AWS account.

" + "CloudFrontOriginAccessIdentityList$Items": "

A complex type that contains one CloudFrontOriginAccessIdentitySummary element for each origin access identity that was created by the current account.

" } }, "CommentType": { @@ -332,6 +339,24 @@ "DistributionConfig$Comment": "

An optional comment to describe the distribution. The comment cannot be longer than 128 characters.

" } }, + "ConflictingAlias": { + "base": "

An alias (also called a CNAME) and the CloudFront distribution and Amazon Web Services account ID that it’s associated with. The distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don’t own.

", + "refs": { + "ConflictingAliases$member": null + } + }, + "ConflictingAliases": { + "base": null, + "refs": { + "ConflictingAliasesList$Items": "

Contains the conflicting aliases in the list.

" + } + }, + "ConflictingAliasesList": { + "base": "

A list of aliases (also called CNAMEs) and the CloudFront distributions and Amazon Web Services accounts that they are associated with. In the list, the distribution and account IDs are partially hidden, which allows you to identify the distributions and accounts that you own, but helps to protect the information of ones that you don’t own.

", + "refs": { + "ListConflictingAliasesResult$ConflictingAliasesList": "

A list of conflicting aliases.

" + } + }, "ContentTypeProfile": { "base": "

A field-level encryption content type profile.

", "refs": { @@ -367,7 +392,7 @@ "base": "

Contains a list of cookie names.

", "refs": { "CachePolicyCookiesConfig$Cookies": null, - "CookiePreference$WhitelistedNames": "

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.

If you want to include cookies in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.

If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.

Required if you specify whitelist for the value of Forward. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies.

If you specify all or none for the value of Forward, omit WhitelistedNames. If you change the value of Forward from whitelist to all or none and you don't delete the WhitelistedNames element and its child elements, CloudFront deletes them automatically.

For the current limit on the number of cookie names that you can whitelist for each cache behavior, see CloudFront Limits in the AWS General Reference.

", + "CookiePreference$WhitelistedNames": "

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.

If you want to include cookies in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.

If you want to send cookies to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.

Required if you specify whitelist for the value of Forward. A complex type that specifies how many different cookies you want CloudFront to forward to the origin for this cache behavior and, if you want to forward selected cookies, the names of those cookies.

If you specify all or none for the value of Forward, omit WhitelistedNames. If you change the value of Forward from whitelist to all or none and you don't delete the WhitelistedNames element and its child elements, CloudFront deletes them automatically.

For the current limit on the number of cookie names that you can whitelist for each cache behavior, see CloudFront Limits in the Amazon Web Services General Reference.

", "OriginRequestPolicyCookiesConfig$Cookies": null } }, @@ -706,7 +731,7 @@ "DistributionSummaryList": { "base": null, "refs": { - "DistributionList$Items": "

A complex type that contains one DistributionSummary element for each distribution that was created by the current AWS account.

" + "DistributionList$Items": "

A complex type that contains one DistributionSummary element for each distribution that was created by the current account.

" } }, "EncryptionEntities": { @@ -746,7 +771,7 @@ "base": null, "refs": { "FunctionAssociation$EventType": "

The event type of the function, either viewer-request or viewer-response. You cannot use origin-facing event types (origin-request and origin-response) with a CloudFront function.

", - "LambdaFunctionAssociation$EventType": "

Specifies the event type that triggers a Lambda function invocation. You can specify the following values:

" + "LambdaFunctionAssociation$EventType": "

Specifies the event type that triggers a Lambda@Edge function invocation. You can specify the following values:

" } }, "FieldLevelEncryption": { @@ -884,7 +909,7 @@ } }, "FunctionAlreadyExists": { - "base": "

A function with the same name already exists in this AWS account. To create a function, you must provide a unique name. To update an existing function, use UpdateFunction.

", + "base": "

A function with the same name already exists in this account. To create a function, you must provide a unique name. To update an existing function, use UpdateFunction.

", "refs": { } }, @@ -1317,7 +1342,7 @@ } }, "InvalidLambdaFunctionAssociation": { - "base": "

The specified Lambda function association is invalid.

", + "base": "

The specified Lambda@Edge function association is invalid.

", "refs": { } }, @@ -1392,7 +1417,7 @@ } }, "InvalidWebACLId": { - "base": "

A web ACL ID specified is not valid. To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.

", + "base": "

A web ACL ID specified is not valid. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.

", "refs": { } }, @@ -1425,7 +1450,7 @@ "InvalidationSummaryList": { "base": null, "refs": { - "InvalidationList$Items": "

A complex type that contains one InvalidationSummary element for each invalidation batch created by the current AWS account.

" + "InvalidationList$Items": "

A complex type that contains one InvalidationSummary element for each invalidation batch created by the current account.

" } }, "ItemSelection": { @@ -1509,11 +1534,11 @@ "LambdaFunctionARN": { "base": null, "refs": { - "LambdaFunctionAssociation$LambdaFunctionARN": "

The ARN of the Lambda function. You must specify the ARN of a function version; you can't specify a Lambda alias or $LATEST.

" + "LambdaFunctionAssociation$LambdaFunctionARN": "

The ARN of the Lambda@Edge function. You must specify the ARN of a function version; you can't specify an alias or $LATEST.

" } }, "LambdaFunctionAssociation": { - "base": "

A complex type that contains a Lambda function association.

", + "base": "

A complex type that contains a Lambda@Edge function association.

", "refs": { "LambdaFunctionAssociationList$member": null } @@ -1525,10 +1550,10 @@ } }, "LambdaFunctionAssociations": { - "base": "

A complex type that specifies a list of Lambda functions associations for a cache behavior.

If you want to invoke one or more Lambda functions triggered by requests that match the PathPattern of the cache behavior, specify the applicable values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation items in this list (one for each possible value of EventType) and each EventType can be associated with the Lambda function only once.

If you don't want to invoke any Lambda functions for the requests that match PathPattern, specify 0 for Quantity and omit Items.

", + "base": "

A complex type that specifies a list of Lambda@Edge functions associations for a cache behavior.

If you want to invoke one or more Lambda@Edge functions triggered by requests that match the PathPattern of the cache behavior, specify the applicable values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation items in this list (one for each possible value of EventType) and each EventType can be associated with only one function.

If you don't want to invoke any Lambda@Edge functions for the requests that match PathPattern, specify 0 for Quantity and omit Items.

", "refs": { - "CacheBehavior$LambdaFunctionAssociations": "

A complex type that contains zero or more Lambda function associations for a cache behavior.

", - "DefaultCacheBehavior$LambdaFunctionAssociations": "

A complex type that contains zero or more Lambda function associations for a cache behavior.

" + "CacheBehavior$LambdaFunctionAssociations": "

A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.

", + "DefaultCacheBehavior$LambdaFunctionAssociations": "

A complex type that contains zero or more Lambda@Edge function associations for a cache behavior.

" } }, "ListCachePoliciesRequest": { @@ -1551,6 +1576,16 @@ "refs": { } }, + "ListConflictingAliasesRequest": { + "base": null, + "refs": { + } + }, + "ListConflictingAliasesResult": { + "base": null, + "refs": { + } + }, "ListDistributionsByCachePolicyIdRequest": { "base": null, "refs": { @@ -1592,12 +1627,12 @@ } }, "ListDistributionsByWebACLIdRequest": { - "base": "

The request to list distributions that are associated with a specified AWS WAF web ACL.

", + "base": "

The request to list distributions that are associated with a specified WAF web ACL.

", "refs": { } }, "ListDistributionsByWebACLIdResult": { - "base": "

The response to a request to list the distributions that are associated with a specified AWS WAF web ACL.

", + "base": "

The response to a request to list the distributions that are associated with a specified WAF web ACL.

", "refs": { } }, @@ -1739,7 +1774,7 @@ "MinimumProtocolVersion": { "base": null, "refs": { - "ViewerCertificate$MinimumProtocolVersion": "

If the distribution uses Aliases (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:

For more information, see Security Policy and Supported Protocols and Ciphers Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

On the CloudFront console, this setting is called Security Policy.

When you’re using SNI only (you set SSLSupportMethod to sni-only), you must specify TLSv1 or higher.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net (you set CloudFrontDefaultCertificate to true), CloudFront automatically sets the security policy to TLSv1 regardless of the value that you set here.

" + "ViewerCertificate$MinimumProtocolVersion": "

If the distribution uses Aliases (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:

For more information, see Security Policy and Supported Protocols and Ciphers Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

On the CloudFront console, this setting is called Security Policy.

When you’re using SNI only (you set SSLSupportMethod to sni-only), you must specify TLSv1 or higher.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net (you set CloudFrontDefaultCertificate to true), CloudFront automatically sets the security policy to TLSv1 regardless of the value that you set here.

" } }, "MissingBody": { @@ -1978,8 +2013,8 @@ "OriginRequestPolicyType": { "base": null, "refs": { - "ListOriginRequestPoliciesRequest$Type": "

A filter to return only the specified kinds of origin request policies. Valid values are:

", - "OriginRequestPolicySummary$Type": "

The type of origin request policy, either managed (created by AWS) or custom (created in this AWS account).

" + "ListOriginRequestPoliciesRequest$Type": "

A filter to return only the specified kinds of origin request policies. Valid values are:

", + "OriginRequestPolicySummary$Type": "

The type of origin request policy, either managed (created by Amazon Web Services) or custom (created in this account).

" } }, "OriginShield": { @@ -1991,7 +2026,7 @@ "OriginShieldRegion": { "base": null, "refs": { - "OriginShield$OriginShieldRegion": "

The AWS Region for Origin Shield.

Specify the AWS Region that has the lowest latency to your origin. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

When you enable CloudFront Origin Shield, you must specify the AWS Region for Origin Shield. For the list of AWS Regions that you can specify, and for help choosing the best Region for your origin, see Choosing the AWS Region for Origin Shield in the Amazon CloudFront Developer Guide.

" + "OriginShield$OriginShieldRegion": "

The Region for Origin Shield.

Specify the Region that has the lowest latency to your origin. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.

When you enable CloudFront Origin Shield, you must specify the Region for Origin Shield. For the list of Regions that you can specify, and for help choosing the best Region for your origin, see Choosing the Region for Origin Shield in the Amazon CloudFront Developer Guide.

" } }, "OriginSslProtocols": { @@ -2181,7 +2216,7 @@ } }, "RealtimeLogConfigOwnerMismatch": { - "base": "

The specified real-time log configuration belongs to a different AWS account.

", + "base": "

The specified real-time log configuration belongs to a different account.

", "refs": { } }, @@ -2239,11 +2274,11 @@ "SSLSupportMethod": { "base": null, "refs": { - "ViewerCertificate$SSLSupportMethod": "

If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don’t set a value for this field.

" + "ViewerCertificate$SSLSupportMethod": "

If the distribution uses Aliases (alternate domain names or CNAMEs), specify which viewers the distribution accepts HTTPS connections from.

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, don’t set a value for this field.

" } }, "Signer": { - "base": "

A list of AWS accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

", + "base": "

A list of accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

", "refs": { "SignerList$member": null } @@ -2251,7 +2286,7 @@ "SignerList": { "base": null, "refs": { - "ActiveTrustedSigners$Items": "

A list of AWS accounts and the identifiers of active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

" + "ActiveTrustedSigners$Items": "

A list of accounts and the identifiers of active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

" } }, "SslProtocol": { @@ -2328,7 +2363,7 @@ "StreamingDistributionSummaryList": { "base": null, "refs": { - "StreamingDistributionList$Items": "

A complex type that contains one StreamingDistributionSummary element for each distribution that was created by the current AWS account.

" + "StreamingDistributionList$Items": "

A complex type that contains one StreamingDistributionSummary element for each distribution that was created by the current account.

" } }, "StreamingLoggingConfig": { @@ -2415,7 +2450,7 @@ } }, "TooManyCachePolicies": { - "base": "

You have reached the maximum number of cache policies for this AWS account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "base": "

You have reached the maximum number of cache policies for this account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", "refs": { } }, @@ -2480,12 +2515,12 @@ } }, "TooManyDistributionsWithLambdaAssociations": { - "base": "

Processing your request would cause the maximum number of distributions with Lambda function associations per owner to be exceeded.

", + "base": "

Processing your request would cause the maximum number of distributions with Lambda@Edge function associations per owner to be exceeded.

", "refs": { } }, "TooManyDistributionsWithSingleFunctionARN": { - "base": "

The maximum number of distributions have been associated with the specified Lambda function.

", + "base": "

The maximum number of distributions have been associated with the specified Lambda@Edge function.

", "refs": { } }, @@ -2525,7 +2560,7 @@ } }, "TooManyFunctions": { - "base": "

You have reached the maximum number of CloudFront functions for this AWS account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "base": "

You have reached the maximum number of CloudFront functions for this account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", "refs": { } }, @@ -2550,7 +2585,7 @@ } }, "TooManyKeyGroups": { - "base": "

You have reached the maximum number of key groups for this AWS account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "base": "

You have reached the maximum number of key groups for this account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", "refs": { } }, @@ -2560,7 +2595,7 @@ } }, "TooManyLambdaFunctionAssociations": { - "base": "

Your request contains more Lambda function associations than are allowed per distribution.

", + "base": "

Your request contains more Lambda@Edge function associations than are allowed per distribution.

", "refs": { } }, @@ -2575,7 +2610,7 @@ } }, "TooManyOriginRequestPolicies": { - "base": "

You have reached the maximum number of origin request policies for this AWS account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "base": "

You have reached the maximum number of origin request policies for this account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", "refs": { } }, @@ -2610,7 +2645,7 @@ } }, "TooManyRealtimeLogConfigs": { - "base": "

You have reached the maximum number of real-time log configurations for this AWS account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", + "base": "

You have reached the maximum number of real-time log configurations for this account. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

", "refs": { } }, @@ -2653,12 +2688,12 @@ } }, "TrustedSigners": { - "base": "

A list of AWS accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.

", + "base": "

A list of accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.

", "refs": { - "CacheBehavior$TrustedSigners": "

We recommend using TrustedKeyGroups instead of TrustedSigners.

A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer’s AWS account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

", - "DefaultCacheBehavior$TrustedSigners": "

We recommend using TrustedKeyGroups instead of TrustedSigners.

A list of AWS account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer’s AWS account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

", - "StreamingDistributionConfig$TrustedSigners": "

A complex type that specifies any AWS accounts that you want to permit to create signed URLs for private content. If you want the distribution to use signed URLs, include this element; if you want the distribution to use public URLs, remove this element. For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

", - "StreamingDistributionSummary$TrustedSigners": "

A complex type that specifies the AWS accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items.If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" + "CacheBehavior$TrustedSigners": "

We recommend using TrustedKeyGroups instead of TrustedSigners.

A list of account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in the trusted signer’s account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

", + "DefaultCacheBehavior$TrustedSigners": "

We recommend using TrustedKeyGroups instead of TrustedSigners.

A list of account IDs whose public keys CloudFront can use to validate signed URLs or signed cookies.

When a cache behavior contains trusted signers, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with the private key of a CloudFront key pair in a trusted signer’s account. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see Serving private content in the Amazon CloudFront Developer Guide.

", + "StreamingDistributionConfig$TrustedSigners": "

A complex type that specifies any accounts that you want to permit to create signed URLs for private content. If you want the distribution to use signed URLs, include this element; if you want the distribution to use public URLs, remove this element. For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

", + "StreamingDistributionSummary$TrustedSigners": "

A complex type that specifies the accounts, if any, that you want to allow to create signed URLs for private content. If you want to require signed URLs in requests for objects in the target origin that match the PathPattern for this cache behavior, specify true for Enabled, and specify the applicable values for Quantity and Items.If you don't want to require signed URLs in requests for objects that match PathPattern, specify false for Enabled and 0 for Quantity. Omit Items. To add, change, or remove one or more trusted signers, change Enabled to true (if it's currently false), change Quantity as applicable, and specify all of the trusted signers that you want to include in the updated distribution.

For more information, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

" } }, "UnsupportedOperation": { @@ -2782,7 +2817,7 @@ } }, "ViewerCertificate": { - "base": "

A complex type that determines the distribution’s SSL/TLS configuration for communicating with viewers.

If the distribution doesn’t use Aliases (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net—set CloudFrontDefaultCertificate to true and leave all other fields empty.

If the distribution uses Aliases (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:

All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy in the CacheBehavior or DefaultCacheBehavior. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use CustomOriginConfig.

For more information, see Using HTTPS with CloudFront and Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

", + "base": "

A complex type that determines the distribution’s SSL/TLS configuration for communicating with viewers.

If the distribution doesn’t use Aliases (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net—set CloudFrontDefaultCertificate to true and leave all other fields empty.

If the distribution uses Aliases (alternate domain names or CNAMEs), use the fields in this type to specify the following settings:

All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy in the CacheBehavior or DefaultCacheBehavior. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use CustomOriginConfig.

For more information, see Using HTTPS with CloudFront and Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

", "refs": { "DistributionConfig$ViewerCertificate": "

A complex type that determines the distribution’s SSL/TLS configuration for communicating with viewers.

", "DistributionSummary$ViewerCertificate": "

A complex type that determines the distribution’s SSL/TLS configuration for communicating with viewers.

" @@ -2795,11 +2830,17 @@ "DefaultCacheBehavior$ViewerProtocolPolicy": "

The protocol that viewers can use to access the files in the origin specified by TargetOriginId when a request matches the path pattern in PathPattern. You can specify the following options:

For more information about requiring the HTTPS protocol, see Requiring HTTPS Between Viewers and CloudFront in the Amazon CloudFront Developer Guide.

The only way to guarantee that viewers retrieve an object that was fetched from the origin using HTTPS is never to use any other protocol to fetch the object. If you have recently changed from HTTP to HTTPS, we recommend that you clear your objects’ cache because cached objects are protocol agnostic. That means that an edge location will return an object from the cache regardless of whether the current request protocol matches the protocol used previously. For more information, see Managing Cache Expiration in the Amazon CloudFront Developer Guide.

" } }, + "aliasString": { + "base": null, + "refs": { + "ListConflictingAliasesRequest$Alias": "

The alias (also called a CNAME) to search for conflicting aliases.

" + } + }, "boolean": { "base": null, "refs": { "ActiveTrustedKeyGroups$Enabled": "

This field is true if any of the key groups have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

", - "ActiveTrustedSigners$Enabled": "

This field is true if any of the AWS accounts in the list have active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

", + "ActiveTrustedSigners$Enabled": "

This field is true if any of the accounts in the list have active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

", "CacheBehavior$SmoothStreaming": "

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

", "CacheBehavior$Compress": "

Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true; if not, specify false. For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide.

", "CloudFrontOriginAccessIdentityList$IsTruncated": "

A flag that indicates whether more origin access identities remain to be listed. If your results were truncated, you can make a follow-up pagination request using the Marker request parameter to retrieve more items in the list.

", @@ -2807,14 +2848,14 @@ "DefaultCacheBehavior$SmoothStreaming": "

Indicates whether you want to distribute media files in the Microsoft Smooth Streaming format using the origin that is associated with this cache behavior. If so, specify true; if not, specify false. If you specify true for SmoothStreaming, you can still distribute other content using this cache behavior if the content matches the value of PathPattern.

", "DefaultCacheBehavior$Compress": "

Whether you want CloudFront to automatically compress certain files for this cache behavior. If so, specify true; if not, specify false. For more information, see Serving Compressed Files in the Amazon CloudFront Developer Guide.

", "DistributionConfig$Enabled": "

From this field, you can enable or disable the selected distribution.

", - "DistributionConfig$IsIPV6Enabled": "

If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.

In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.

If you're using an Amazon Route 53 alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Amazon Route 53 Developer Guide.

If you created a CNAME resource record set, either with Amazon Route 53 or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

", + "DistributionConfig$IsIPV6Enabled": "

If you want CloudFront to respond to IPv6 DNS requests with an IPv6 address for your distribution, specify true. If you specify false, CloudFront responds to IPv6 DNS requests with the DNS response code NOERROR and with no IP addresses. This allows viewers to submit a second request, for an IPv4 address for your distribution.

In general, you should enable IPv6 if you have users on IPv6 networks who want to access your content. However, if you're using signed URLs or signed cookies to restrict access to your content, and if you're using a custom policy that includes the IpAddress parameter to restrict the IP addresses that can access your content, don't enable IPv6. If you want to restrict access to some content by IP address and not restrict access to other content (or restrict access but not by IP address), you can create two distributions. For more information, see Creating a Signed URL Using a Custom Policy in the Amazon CloudFront Developer Guide.

If you're using an Route 53 Amazon Web Services Integration alias resource record set to route traffic to your CloudFront distribution, you need to create a second alias resource record set when both of the following are true:

For more information, see Routing Traffic to an Amazon CloudFront Web Distribution by Using Your Domain Name in the Route 53 Amazon Web Services Integration Developer Guide.

If you created a CNAME resource record set, either with Route 53 Amazon Web Services Integration or with another DNS service, you don't need to make any changes. A CNAME record will route traffic to your distribution regardless of the IP address format of the viewer request.

", "DistributionIdList$IsTruncated": "

A flag that indicates whether more distribution IDs remain to be listed. If your results were truncated, you can make a subsequent request using the Marker request field to retrieve more distribution IDs in the list.

", "DistributionList$IsTruncated": "

A flag that indicates whether more distributions remain to be listed. If your results were truncated, you can make a follow-up pagination request using the Marker request parameter to retrieve more distributions in the list.

", "DistributionSummary$Enabled": "

Whether the distribution is enabled to accept user requests for content.

", "DistributionSummary$IsIPV6Enabled": "

Whether CloudFront responds to IPv6 DNS requests with an IPv6 address for your distribution.

", "ForwardedValues$QueryString": "

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field.

If you want to include query strings in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide.

If you want to send query strings to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide.

Indicates whether you want CloudFront to forward query strings to the origin that is associated with this cache behavior and cache based on the query string parameters. CloudFront behavior depends on the value of QueryString and on the values that you specify for QueryStringCacheKeys, if any:

If you specify true for QueryString and you don't specify any values for QueryStringCacheKeys, CloudFront forwards all query string parameters to the origin and caches based on all query string parameters. Depending on how many query string parameters and values you have, this can adversely affect performance because CloudFront must forward more requests to the origin.

If you specify true for QueryString and you specify one or more values for QueryStringCacheKeys, CloudFront forwards all query string parameters to the origin, but it only caches based on the query string parameters that you specify.

If you specify false for QueryString, CloudFront doesn't forward any query string parameters to the origin, and doesn't cache based on query string parameters.

For more information, see Configuring CloudFront to Cache Based on Query String Parameters in the Amazon CloudFront Developer Guide.

", "InvalidationList$IsTruncated": "

A flag that indicates whether more invalidation batch requests remain to be listed. If your results were truncated, you can make a follow-up pagination request using the Marker request parameter to retrieve more invalidation batches in the list.

", - "LambdaFunctionAssociation$IncludeBody": "

A flag that allows a Lambda function to have read access to the body content. For more information, see Accessing the Request Body by Choosing the Include Body Option in the Amazon CloudFront Developer Guide.

", + "LambdaFunctionAssociation$IncludeBody": "

A flag that allows a Lambda@Edge function to have read access to the body content. For more information, see Accessing the Request Body by Choosing the Include Body Option in the Amazon CloudFront Developer Guide.

", "LoggingConfig$Enabled": "

Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you don't want to enable logging when you create a distribution or if you want to disable logging for an existing distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket, prefix, and IncludeCookies, the values are automatically deleted.

", "LoggingConfig$IncludeCookies": "

Specifies whether you want CloudFront to include cookies in access logs, specify true for IncludeCookies. If you choose to include cookies in logs, CloudFront logs all cookies regardless of how you configure the cache behaviors for this distribution. If you don't want to include cookies when you create a distribution or if you want to disable include cookies for an existing distribution, specify false for IncludeCookies.

", "OriginShield$Enabled": "

A flag that specifies whether Origin Shield is enabled.

When it’s enabled, CloudFront routes all requests through Origin Shield, which can help protect your origin. When it’s disabled, CloudFront might send requests directly to your origin from multiple edge locations or regional edge caches.

", @@ -2827,15 +2868,21 @@ "StreamingDistributionSummary$Enabled": "

Whether the distribution is enabled to accept end user requests for content.

", "StreamingLoggingConfig$Enabled": "

Specifies whether you want CloudFront to save access logs to an Amazon S3 bucket. If you don't want to enable logging when you create a streaming distribution or if you want to disable logging for an existing streaming distribution, specify false for Enabled, and specify empty Bucket and Prefix elements. If you specify false for Enabled but you specify values for Bucket and Prefix, the values are automatically deleted.

", "TrustedKeyGroups$Enabled": "

This field is true if any of the key groups in the list have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

", - "TrustedSigners$Enabled": "

This field is true if any of the AWS accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

", + "TrustedSigners$Enabled": "

This field is true if any of the accounts have public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies. If not, this field is false.

", "ViewerCertificate$CloudFrontDefaultCertificate": "

If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, set this field to true.

If the distribution uses Aliases (alternate domain names or CNAMEs), set this field to false and specify values for the following fields:

" } }, + "distributionIdString": { + "base": null, + "refs": { + "ListConflictingAliasesRequest$DistributionId": "

The ID of a distribution in your account that has an attached SSL/TLS certificate that includes the provided alias.

" + } + }, "integer": { "base": null, "refs": { "ActiveTrustedKeyGroups$Quantity": "

The number of key groups in the list.

", - "ActiveTrustedSigners$Quantity": "

The number of AWS accounts in the list.

", + "ActiveTrustedSigners$Quantity": "

The number of accounts in the list.

", "Aliases$Quantity": "

The number of CNAME aliases, if any, that you want to associate with this distribution.

", "AllowedMethods$Quantity": "

The number of HTTP methods that you want CloudFront to forward to your origin. Valid values are 2 (for GET and HEAD requests), 3 (for GET, HEAD, and OPTIONS requests) and 7 (for GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests).

", "CacheBehaviors$Quantity": "

The number of cache behaviors for this distribution.

", @@ -2843,7 +2890,9 @@ "CachePolicyList$Quantity": "

The total number of cache policies returned in the response.

", "CachedMethods$Quantity": "

The number of HTTP methods for which you want CloudFront to cache responses. Valid values are 2 (for caching responses to GET and HEAD requests) and 3 (for caching responses to GET, HEAD, and OPTIONS requests).

", "CloudFrontOriginAccessIdentityList$MaxItems": "

The maximum number of origin access identities you want in the response body.

", - "CloudFrontOriginAccessIdentityList$Quantity": "

The number of CloudFront origin access identities that were created by the current AWS account.

", + "CloudFrontOriginAccessIdentityList$Quantity": "

The number of CloudFront origin access identities that were created by the current account.

", + "ConflictingAliasesList$MaxItems": "

The maximum number of conflicting aliases requested.

", + "ConflictingAliasesList$Quantity": "

The number of conflicting aliases returned in the response.

", "ContentTypeProfiles$Quantity": "

The number of field-level encryption content type-profile mappings.

", "CookieNames$Quantity": "

The number of cookie names in the Items list.

", "CustomErrorResponse$ErrorCode": "

The HTTP status code for which you want to specify a custom error page and/or a caching duration.

", @@ -2857,7 +2906,7 @@ "DistributionIdList$MaxItems": "

The maximum number of distribution IDs requested.

", "DistributionIdList$Quantity": "

The total number of distribution IDs returned in the response.

", "DistributionList$MaxItems": "

The value you provided for the MaxItems request parameter.

", - "DistributionList$Quantity": "

The number of distributions that were created by the current AWS account.

", + "DistributionList$Quantity": "

The number of distributions that were created by the current account.

", "EncryptionEntities$Quantity": "

Number of field pattern items in a field-level encryption content type-profile mapping.

", "FieldLevelEncryptionList$MaxItems": "

The maximum number of elements you want in the response body.

", "FieldLevelEncryptionList$Quantity": "

The number of field-level encryption items.

", @@ -2870,11 +2919,11 @@ "GeoRestriction$Quantity": "

When geo restriction is enabled, this is the number of countries in your whitelist or blacklist. Otherwise, when it is not enabled, Quantity is 0, and you can omit Items.

", "Headers$Quantity": "

The number of header names in the Items list.

", "InvalidationList$MaxItems": "

The value that you provided for the MaxItems request parameter.

", - "InvalidationList$Quantity": "

The number of invalidation batches that were created by the current AWS account.

", + "InvalidationList$Quantity": "

The number of invalidation batches that were created by the current account.

", "KeyGroupList$MaxItems": "

The maximum number of key groups requested.

", "KeyGroupList$Quantity": "

The number of key groups returned in the response.

", "KeyPairIds$Quantity": "

The number of key pair identifiers in the list.

", - "LambdaFunctionAssociations$Quantity": "

The number of Lambda function associations for this cache behavior.

", + "LambdaFunctionAssociations$Quantity": "

The number of Lambda@Edge function associations for this cache behavior.

", "Origin$ConnectionAttempts": "

The number of times that CloudFront attempts to connect to the origin. The minimum number is 1, the maximum is 3, and the default (if you don’t specify otherwise) is 3.

For a custom origin (including an Amazon S3 bucket that’s configured with static website hosting), this value also specifies the number of times that CloudFront attempts to get a response from the origin, in the case of an Origin Response Timeout.

For more information, see Origin Connection Attempts in the Amazon CloudFront Developer Guide.

", "Origin$ConnectionTimeout": "

The number of seconds that CloudFront waits when trying to establish a connection to the origin. The minimum timeout is 1 second, the maximum is 10 seconds, and the default (if you don’t specify otherwise) is 10 seconds.

For more information, see Origin Connection Timeout in the Amazon CloudFront Developer Guide.

", "OriginGroupMembers$Quantity": "

The number of origins in an origin group.

", @@ -2893,9 +2942,15 @@ "StatusCodeList$member": null, "StatusCodes$Quantity": "

The number of status codes.

", "StreamingDistributionList$MaxItems": "

The value you provided for the MaxItems request parameter.

", - "StreamingDistributionList$Quantity": "

The number of streaming distributions that were created by the current AWS account.

", + "StreamingDistributionList$Quantity": "

The number of streaming distributions that were created by the current account.

", "TrustedKeyGroups$Quantity": "

The number of key groups in the list.

", - "TrustedSigners$Quantity": "

The number of AWS accounts in the list.

" + "TrustedSigners$Quantity": "

The number of accounts in the list.

" + } + }, + "listConflictingAliasesMaxItemsInteger": { + "base": null, + "refs": { + "ListConflictingAliasesRequest$MaxItems": "

The maximum number of conflicting aliases that you want in the response.

" } }, "long": { @@ -2922,6 +2977,8 @@ "AccessDenied$Message": null, "AliasICPRecordal$CNAME": "

A domain name associated with a distribution.

", "AliasList$member": null, + "AssociateAliasRequest$TargetDistributionId": "

The ID of the distribution that you’re associating the alias with.

", + "AssociateAliasRequest$Alias": "

The alias (also known as a CNAME) to add to the target distribution.

", "AwsAccountNumberList$member": null, "BatchTooLarge$Message": null, "CNAMEAlreadyExists$Message": null, @@ -2949,6 +3006,10 @@ "CloudFrontOriginAccessIdentitySummary$Id": "

The ID for the origin access identity. For example: E74FTE3AJFJ256A.

", "CloudFrontOriginAccessIdentitySummary$S3CanonicalUserId": "

The Amazon S3 canonical user ID for the origin access identity, which you use when giving the origin access identity read permission to an object in Amazon S3.

", "CloudFrontOriginAccessIdentitySummary$Comment": "

The comment for this origin access identity, as originally specified when created.

", + "ConflictingAlias$Alias": "

An alias (also called a CNAME).

", + "ConflictingAlias$DistributionId": "

The (partially hidden) ID of the CloudFront distribution associated with the alias.

", + "ConflictingAlias$AccountId": "

The (partially hidden) ID of the Amazon Web Services account that owns the distribution that’s associated with the alias.

", + "ConflictingAliasesList$NextMarker": "

If there are more items in the list than are in this response, this element is present. It contains the value that you should use in the Marker field of a subsequent request to continue listing conflicting aliases where you left off.

", "ContentTypeProfile$ProfileId": "

The profile ID for a field-level encryption content type-profile mapping.

", "ContentTypeProfile$ContentType": "

The content type for a field-level encryption content type-profile mapping.

", "CookieNameList$member": null, @@ -3013,13 +3074,13 @@ "DescribeFunctionRequest$Name": "

The name of the function that you are getting information about.

", "DescribeFunctionResult$ETag": "

The version identifier for the current version of the CloudFront function.

", "Distribution$Id": "

The identifier for the distribution. For example: EDFDVBD632BHDS5.

", - "Distribution$ARN": "

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

", + "Distribution$ARN": "

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.

", "Distribution$Status": "

This response element indicates the current status of the distribution. When the status is Deployed, the distribution's information is fully propagated to all CloudFront edge locations.

", "Distribution$DomainName": "

The domain name corresponding to the distribution, for example, d111111abcdef8.cloudfront.net.

", "DistributionAlreadyExists$Message": null, "DistributionConfig$CallerReference": "

A unique value (for example, a date-time stamp) that ensures that the request can't be replayed.

If the value of CallerReference is new (regardless of the content of the DistributionConfig object), CloudFront creates a new distribution.

If CallerReference is a value that you already sent in a previous request to create a distribution, CloudFront returns a DistributionAlreadyExists error.

", "DistributionConfig$DefaultRootObject": "

The object that you want CloudFront to request from your origin (for example, index.html) when a viewer requests the root URL for your distribution (http://www.example.com) instead of an object in your distribution (http://www.example.com/product-description.html). Specifying a default root object avoids exposing the contents of your distribution.

Specify only the object name, for example, index.html. Don't add a / before the object name.

If you don't want to specify a default root object when you create a distribution, include an empty DefaultRootObject element.

To delete the default root object from an existing distribution, update the distribution configuration and include an empty DefaultRootObject element.

To replace the default root object, update the distribution configuration and specify the new object.

For more information about the default root object, see Creating a Default Root Object in the Amazon CloudFront Developer Guide.

", - "DistributionConfig$WebACLId": "

A unique identifier that specifies the AWS WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about AWS WAF, see the AWS WAF Developer Guide.

", + "DistributionConfig$WebACLId": "

A unique identifier that specifies the WAF web ACL, if any, to associate with this distribution. To specify a web ACL created using the latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. To specify a web ACL created using WAF Classic, use the ACL ID, for example 473e64fd-f30b-4765-81a0-62ad96dd167a.

WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to CloudFront, and lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, CloudFront responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You can also configure CloudFront to return a custom error page when a request is blocked. For more information about WAF, see the WAF Developer Guide.

", "DistributionIdList$Marker": "

The value provided in the Marker request field.

", "DistributionIdList$NextMarker": "

Contains the value that you should use in the Marker field of a subsequent request to continue listing distribution IDs where you left off.

", "DistributionIdListSummary$member": null, @@ -3027,7 +3088,7 @@ "DistributionList$NextMarker": "

If IsTruncated is true, this element is present and contains the value you can use for the Marker request parameter to continue listing your distributions where they left off.

", "DistributionNotDisabled$Message": null, "DistributionSummary$Id": "

The identifier for the distribution. For example: EDFDVBD632BHDS5.

", - "DistributionSummary$ARN": "

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

", + "DistributionSummary$ARN": "

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.

", "DistributionSummary$Status": "

The current status of the distribution. When the status is Deployed, the distribution's information is propagated to all CloudFront edge locations.

", "DistributionSummary$DomainName": "

The domain name that corresponds to the distribution, for example, d111111abcdef8.cloudfront.net.

", "DistributionSummary$Comment": "

The comment originally specified when this distribution was created.

", @@ -3151,12 +3212,13 @@ "KeyGroupConfig$Comment": "

A comment to describe the key group. The comment cannot be longer than 128 characters.

", "KeyGroupList$NextMarker": "

If there are more items in the list than are in this response, this element is present. It contains the value that you should use in the Marker field of a subsequent request to continue listing key groups.

", "KeyPairIdList$member": null, - "KinesisStreamConfig$RoleARN": "

The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.

For more information the IAM role, see Real-time log configuration IAM role in the Amazon CloudFront Developer Guide.

", + "KinesisStreamConfig$RoleARN": "

The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) role that CloudFront can use to send real-time log data to your Kinesis data stream.

For more information the IAM role, see Real-time log configuration IAM role in the Amazon CloudFront Developer Guide.

", "KinesisStreamConfig$StreamARN": "

The Amazon Resource Name (ARN) of the Kinesis data stream where you are sending real-time log data.

", "ListCachePoliciesRequest$Marker": "

Use this field when paginating results to indicate where to begin in your list of cache policies. The response includes cache policies in the list that occur after the marker. To get the next page of the list, set this field’s value to the value of NextMarker from the current page’s response.

", "ListCachePoliciesRequest$MaxItems": "

The maximum number of cache policies that you want in the response.

", "ListCloudFrontOriginAccessIdentitiesRequest$Marker": "

Use this when paginating results to indicate where to begin in your list of origin access identities. The results include identities in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last identity on that page).

", "ListCloudFrontOriginAccessIdentitiesRequest$MaxItems": "

The maximum number of origin access identities you want in the response body.

", + "ListConflictingAliasesRequest$Marker": "

Use this field when paginating results to indicate where to begin in the list of conflicting aliases. The response includes conflicting aliases in the list that occur after the marker. To get the next page of the list, set this field’s value to the value of NextMarker from the current page’s response.

", "ListDistributionsByCachePolicyIdRequest$Marker": "

Use this field when paginating results to indicate where to begin in your list of distribution IDs. The response includes distribution IDs in the list that occur after the marker. To get the next page of the list, set this field’s value to the value of NextMarker from the current page’s response.

", "ListDistributionsByCachePolicyIdRequest$MaxItems": "

The maximum number of distribution IDs that you want in the response.

", "ListDistributionsByCachePolicyIdRequest$CachePolicyId": "

The ID of the cache policy whose associated distribution IDs you want to list.

", @@ -3172,7 +3234,7 @@ "ListDistributionsByRealtimeLogConfigRequest$RealtimeLogConfigArn": "

The Amazon Resource Name (ARN) of the real-time log configuration whose associated distributions you want to list.

", "ListDistributionsByWebACLIdRequest$Marker": "

Use Marker and MaxItems to control pagination of results. If you have more than MaxItems distributions that satisfy the request, the response includes a NextMarker element. To get the next page of results, submit another request. For the value of Marker, specify the value of NextMarker from the last response. (For the first request, omit Marker.)

", "ListDistributionsByWebACLIdRequest$MaxItems": "

The maximum number of distributions that you want CloudFront to return in the response body. The maximum and default values are both 100.

", - "ListDistributionsByWebACLIdRequest$WebACLId": "

The ID of the AWS WAF web ACL that you want to list the associated distributions. If you specify \"null\" for the ID, the request returns a list of the distributions that aren't associated with a web ACL.

", + "ListDistributionsByWebACLIdRequest$WebACLId": "

The ID of the WAF web ACL that you want to list the associated distributions. If you specify \"null\" for the ID, the request returns a list of the distributions that aren't associated with a web ACL.

", "ListDistributionsRequest$Marker": "

Use this when paginating results to indicate where to begin in your list of distributions. The results include distributions in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last distribution on that page).

", "ListDistributionsRequest$MaxItems": "

The maximum number of distributions you want in the response body.

", "ListFieldLevelEncryptionConfigsRequest$Marker": "

Use this when paginating results to indicate where to begin in your list of configurations. The results include configurations in the list that occur after the marker. To get the next page of results, set the Marker to the value of the NextMarker from the current page's response (which is also the ID of the last configuration on that page).

", @@ -3257,9 +3319,9 @@ "S3Origin$DomainName": "

The DNS name of the Amazon S3 origin.

", "S3Origin$OriginAccessIdentity": "

The CloudFront origin access identity to associate with the distribution. Use an origin access identity to configure the distribution so that end users can only access objects in an Amazon S3 bucket through CloudFront.

If you want end users to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element.

To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element.

To replace the origin access identity, update the distribution configuration and specify the new origin access identity.

For more information, see Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content in the Amazon CloudFront Developer Guide.

", "S3OriginConfig$OriginAccessIdentity": "

The CloudFront origin access identity to associate with the origin. Use an origin access identity to configure the origin so that viewers can only access objects in an Amazon S3 bucket through CloudFront. The format of the value is:

origin-access-identity/cloudfront/ID-of-origin-access-identity

where ID-of-origin-access-identity is the value that CloudFront returned in the ID element when you created the origin access identity.

If you want viewers to be able to access objects using either the CloudFront URL or the Amazon S3 URL, specify an empty OriginAccessIdentity element.

To delete the origin access identity from an existing distribution, update the distribution configuration and include an empty OriginAccessIdentity element.

To replace the origin access identity, update the distribution configuration and specify the new origin access identity.

For more information about the origin access identity, see Serving Private Content through CloudFront in the Amazon CloudFront Developer Guide.

", - "Signer$AwsAccountNumber": "

An AWS account number that contains active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If the AWS account that owns the key pairs is the same account that owns the CloudFront distribution, the value of this field is self.

", + "Signer$AwsAccountNumber": "

An account number that contains active CloudFront key pairs that CloudFront can use to verify the signatures of signed URLs and signed cookies. If the account that owns the key pairs is the same account that owns the CloudFront distribution, the value of this field is self.

", "StreamingDistribution$Id": "

The identifier for the RTMP distribution. For example: EGTXBD79EXAMPLE.

", - "StreamingDistribution$ARN": "

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

", + "StreamingDistribution$ARN": "

The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.

", "StreamingDistribution$Status": "

The current status of the RTMP distribution. When the status is Deployed, the distribution's information is propagated to all CloudFront edge locations.

", "StreamingDistribution$DomainName": "

The domain name that corresponds to the streaming distribution, for example, s5c39gqb8ow64r.cloudfront.net.

", "StreamingDistributionAlreadyExists$Message": null, @@ -3269,7 +3331,7 @@ "StreamingDistributionList$NextMarker": "

If IsTruncated is true, this element is present and contains the value you can use for the Marker request parameter to continue listing your RTMP distributions where they left off.

", "StreamingDistributionNotDisabled$Message": null, "StreamingDistributionSummary$Id": "

The identifier for the distribution, for example, EDFDVBD632BHDS5.

", - "StreamingDistributionSummary$ARN": "

The ARN (Amazon Resource Name) for the streaming distribution. For example: arn:aws:cloudfront::123456789012:streaming-distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.

", + "StreamingDistributionSummary$ARN": "

The ARN (Amazon Resource Name) for the streaming distribution. For example: arn:aws:cloudfront::123456789012:streaming-distribution/EDFDVBD632BHDS5, where 123456789012 is your account ID.

", "StreamingDistributionSummary$Status": "

Indicates the current status of the distribution. When the status is Deployed, the distribution's information is fully propagated throughout the Amazon CloudFront system.

", "StreamingDistributionSummary$DomainName": "

The domain name corresponding to the distribution, for example, d111111abcdef8.cloudfront.net.

", "StreamingDistributionSummary$Comment": "

The comment originally specified when this distribution was created.

", @@ -3361,8 +3423,8 @@ "UpdateStreamingDistributionRequest$Id": "

The streaming distribution's id.

", "UpdateStreamingDistributionRequest$IfMatch": "

The value of the ETag header that you received when retrieving the streaming distribution's configuration. For example: E2QWRUHAPOMQZL.

", "UpdateStreamingDistributionResult$ETag": "

The current version of the configuration. For example: E2QWRUHAPOMQZL.

", - "ViewerCertificate$IAMCertificateId": "

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in AWS Identity and Access Management (AWS IAM), provide the ID of the IAM certificate.

If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

", - "ViewerCertificate$ACMCertificateArn": "

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in AWS Certificate Manager (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (us-east-1).

If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

", + "ViewerCertificate$IAMCertificateId": "

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Identity and Access Management (IAM), provide the ID of the IAM certificate.

If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

", + "ViewerCertificate$ACMCertificateArn": "

If the distribution uses Aliases (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in Certificate Manager (ACM), provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region (us-east-1).

If you specify an ACM certificate ARN, you must also specify values for MinimumProtocolVersion and SSLSupportMethod.

", "ViewerCertificate$Certificate": "

This field is deprecated. Use one of the following fields instead:

" } }, diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 159e22ef5d2..001bef3c13b 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -277,7 +277,8 @@ "method":"POST", "requestUri":"/" }, - "input":{"shape":"AuthorizeSecurityGroupEgressRequest"} + "input":{"shape":"AuthorizeSecurityGroupEgressRequest"}, + "output":{"shape":"AuthorizeSecurityGroupEgressResult"} }, "AuthorizeSecurityGroupIngress":{ "name":"AuthorizeSecurityGroupIngress", @@ -285,7 +286,8 @@ "method":"POST", "requestUri":"/" }, - "input":{"shape":"AuthorizeSecurityGroupIngressRequest"} + "input":{"shape":"AuthorizeSecurityGroupIngressRequest"}, + "output":{"shape":"AuthorizeSecurityGroupIngressResult"} }, "BundleInstance":{ "name":"BundleInstance", @@ -2196,6 +2198,15 @@ "input":{"shape":"DescribeSecurityGroupReferencesRequest"}, "output":{"shape":"DescribeSecurityGroupReferencesResult"} }, + "DescribeSecurityGroupRules":{ + "name":"DescribeSecurityGroupRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeSecurityGroupRulesRequest"}, + "output":{"shape":"DescribeSecurityGroupRulesResult"} + }, "DescribeSecurityGroups":{ "name":"DescribeSecurityGroups", "http":{ @@ -3344,6 +3355,15 @@ "input":{"shape":"ModifyReservedInstancesRequest"}, "output":{"shape":"ModifyReservedInstancesResult"} }, + "ModifySecurityGroupRules":{ + "name":"ModifySecurityGroupRules", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifySecurityGroupRulesRequest"}, + "output":{"shape":"ModifySecurityGroupRulesResult"} + }, "ModifySnapshotAttribute":{ "name":"ModifySnapshotAttribute", "http":{ @@ -5547,6 +5567,10 @@ "shape":"IpPermissionList", "locationName":"ipPermissions" }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "locationName":"TagSpecification" + }, "CidrIp":{ "shape":"String", "locationName":"cidrIp" @@ -5573,6 +5597,19 @@ } } }, + "AuthorizeSecurityGroupEgressResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "locationName":"return" + }, + "SecurityGroupRules":{ + "shape":"SecurityGroupRuleList", + "locationName":"securityGroupRuleSet" + } + } + }, "AuthorizeSecurityGroupIngressRequest":{ "type":"structure", "members":{ @@ -5588,6 +5625,23 @@ "DryRun":{ "shape":"Boolean", "locationName":"dryRun" + }, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "locationName":"TagSpecification" + } + } + }, + "AuthorizeSecurityGroupIngressResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "locationName":"return" + }, + "SecurityGroupRules":{ + "shape":"SecurityGroupRuleList", + "locationName":"securityGroupRuleSet" } } }, @@ -13264,6 +13318,40 @@ } } }, + "DescribeSecurityGroupRulesMaxResults":{ + "type":"integer", + "max":1000, + "min":5 + }, + "DescribeSecurityGroupRulesRequest":{ + "type":"structure", + "members":{ + "Filters":{ + "shape":"FilterList", + "locationName":"Filter" + }, + "SecurityGroupRuleIds":{ + "shape":"SecurityGroupRuleIdList", + "locationName":"SecurityGroupRuleId" + }, + "DryRun":{"shape":"Boolean"}, + "NextToken":{"shape":"String"}, + "MaxResults":{"shape":"DescribeSecurityGroupRulesMaxResults"} + } + }, + "DescribeSecurityGroupRulesResult":{ + "type":"structure", + "members":{ + "SecurityGroupRules":{ + "shape":"SecurityGroupRuleList", + "locationName":"securityGroupRuleSet" + }, + "NextToken":{ + "shape":"String", + "locationName":"nextToken" + } + } + }, "DescribeSecurityGroupsMaxResults":{ "type":"integer", "max":1000, @@ -23276,6 +23364,30 @@ } } }, + "ModifySecurityGroupRulesRequest":{ + "type":"structure", + "required":[ + "GroupId", + "SecurityGroupRules" + ], + "members":{ + "GroupId":{"shape":"SecurityGroupId"}, + "SecurityGroupRules":{ + "shape":"SecurityGroupRuleUpdateList", + "locationName":"SecurityGroupRule" + }, + "DryRun":{"shape":"Boolean"} + } + }, + "ModifySecurityGroupRulesResult":{ + "type":"structure", + "members":{ + "Return":{ + "shape":"Boolean", + "locationName":"return" + } + } + }, "ModifySnapshotAttributeRequest":{ "type":"structure", "required":["SnapshotId"], @@ -26081,6 +26193,31 @@ "locationName":"item" } }, + "ReferencedSecurityGroup":{ + "type":"structure", + "members":{ + "GroupId":{ + "shape":"String", + "locationName":"groupId" + }, + "PeeringStatus":{ + "shape":"String", + "locationName":"peeringStatus" + }, + "UserId":{ + "shape":"String", + "locationName":"userId" + }, + "VpcId":{ + "shape":"String", + "locationName":"vpcId" + }, + "VpcPeeringConnectionId":{ + "shape":"String", + "locationName":"vpcPeeringConnectionId" + } + } + }, "Region":{ "type":"structure", "members":{ @@ -27592,6 +27729,7 @@ "reserved-instances", "route-table", "security-group", + "security-group-rule", "snapshot", "spot-fleet-request", "spot-instances-request", @@ -27845,6 +27983,10 @@ "shape":"IpPermissionList", "locationName":"ipPermissions" }, + "SecurityGroupRuleIds":{ + "shape":"SecurityGroupRuleIdList", + "locationName":"SecurityGroupRuleId" + }, "CidrIp":{ "shape":"String", "locationName":"cidrIp" @@ -27899,6 +28041,10 @@ "DryRun":{ "shape":"Boolean", "locationName":"dryRun" + }, + "SecurityGroupRuleIds":{ + "shape":"SecurityGroupRuleIdList", + "locationName":"SecurityGroupRuleId" } } }, @@ -28792,6 +28938,119 @@ "locationName":"item" } }, + "SecurityGroupRule":{ + "type":"structure", + "members":{ + "SecurityGroupRuleId":{ + "shape":"SecurityGroupRuleId", + "locationName":"securityGroupRuleId" + }, + "GroupId":{ + "shape":"SecurityGroupId", + "locationName":"groupId" + }, + "GroupOwnerId":{ + "shape":"String", + "locationName":"groupOwnerId" + }, + "IsEgress":{ + "shape":"Boolean", + "locationName":"isEgress" + }, + "IpProtocol":{ + "shape":"String", + "locationName":"ipProtocol" + }, + "FromPort":{ + "shape":"Integer", + "locationName":"fromPort" + }, + "ToPort":{ + "shape":"Integer", + "locationName":"toPort" + }, + "CidrIpv4":{ + "shape":"String", + "locationName":"cidrIpv4" + }, + "CidrIpv6":{ + "shape":"String", + "locationName":"cidrIpv6" + }, + "PrefixListId":{ + "shape":"PrefixListResourceId", + "locationName":"prefixListId" + }, + "ReferencedGroupInfo":{ + "shape":"ReferencedSecurityGroup", + "locationName":"referencedGroupInfo" + }, + "Description":{ + "shape":"String", + "locationName":"description" + }, + "Tags":{ + "shape":"TagList", + "locationName":"tagSet" + } + } + }, + "SecurityGroupRuleDescription":{ + "type":"structure", + "members":{ + "SecurityGroupRuleId":{"shape":"String"}, + "Description":{"shape":"String"} + } + }, + "SecurityGroupRuleDescriptionList":{ + "type":"list", + "member":{ + "shape":"SecurityGroupRuleDescription", + "locationName":"item" + } + }, + "SecurityGroupRuleId":{"type":"string"}, + "SecurityGroupRuleIdList":{ + "type":"list", + "member":{ + "shape":"String", + "locationName":"item" + } + }, + "SecurityGroupRuleList":{ + "type":"list", + "member":{ + "shape":"SecurityGroupRule", + "locationName":"item" + } + }, + "SecurityGroupRuleRequest":{ + "type":"structure", + "members":{ + "IpProtocol":{"shape":"String"}, + "FromPort":{"shape":"Integer"}, + "ToPort":{"shape":"Integer"}, + "CidrIpv4":{"shape":"String"}, + "CidrIpv6":{"shape":"String"}, + "PrefixListId":{"shape":"PrefixListResourceId"}, + "ReferencedGroupId":{"shape":"SecurityGroupId"}, + "Description":{"shape":"String"} + } + }, + "SecurityGroupRuleUpdate":{ + "type":"structure", + "members":{ + "SecurityGroupRuleId":{"shape":"SecurityGroupRuleId"}, + "SecurityGroupRule":{"shape":"SecurityGroupRuleRequest"} + } + }, + "SecurityGroupRuleUpdateList":{ + "type":"list", + "member":{ + "shape":"SecurityGroupRuleUpdate", + "locationName":"item" + } + }, "SecurityGroupStringList":{ "type":"list", "member":{ @@ -32381,12 +32640,15 @@ }, "UpdateSecurityGroupRuleDescriptionsEgressRequest":{ "type":"structure", - "required":["IpPermissions"], "members":{ "DryRun":{"shape":"Boolean"}, "GroupId":{"shape":"SecurityGroupId"}, "GroupName":{"shape":"SecurityGroupName"}, - "IpPermissions":{"shape":"IpPermissionList"} + "IpPermissions":{"shape":"IpPermissionList"}, + "SecurityGroupRuleDescriptions":{ + "shape":"SecurityGroupRuleDescriptionList", + "locationName":"SecurityGroupRuleDescription" + } } }, "UpdateSecurityGroupRuleDescriptionsEgressResult":{ @@ -32400,12 +32662,15 @@ }, "UpdateSecurityGroupRuleDescriptionsIngressRequest":{ "type":"structure", - "required":["IpPermissions"], "members":{ "DryRun":{"shape":"Boolean"}, "GroupId":{"shape":"SecurityGroupId"}, "GroupName":{"shape":"SecurityGroupName"}, - "IpPermissions":{"shape":"IpPermissionList"} + "IpPermissions":{"shape":"IpPermissionList"}, + "SecurityGroupRuleDescriptions":{ + "shape":"SecurityGroupRuleDescriptionList", + "locationName":"SecurityGroupRuleDescription" + } } }, "UpdateSecurityGroupRuleDescriptionsIngressResult":{ diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index 4b2d62a6e55..ae0699f9f1b 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -17,7 +17,7 @@ "AssociateAddress": "

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[VPC in an EC2-Classic account] If you don't specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.

", "AssociateClientVpnTargetNetwork": "

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that's in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that's associated with it.

", "AssociateDhcpOptions": "

Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide.

", - "AssociateEnclaveCertificateIamRole": "

Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see AWS Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS-managed KMS customer master (CMK) that has an attached attestation-based CMK policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt on the AWS KMS CMK returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide.

", + "AssociateEnclaveCertificateIamRole": "

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide.

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide.

", "AssociateIamInstanceProfile": "

Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.

", "AssociateRouteTable": "

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route Tables in the Amazon Virtual Private Cloud User Guide.

", "AssociateSubnetCidrBlock": "

Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64.

", @@ -31,8 +31,8 @@ "AttachVolume": "

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.

After you attach an EBS volume, you must make it available. For more information, see Making an EBS volume available for use.

If a volume has an AWS Marketplace product code:

For more information, see Attaching Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.

", "AttachVpnGateway": "

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see AWS Site-to-Site VPN in the AWS Site-to-Site VPN User Guide.

", "AuthorizeClientVpnIngress": "

Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks.

", - "AuthorizeSecurityGroupEgress": "

[VPC only] Adds the specified egress rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For more information about VPC security group limits, see Amazon VPC Limits.

", - "AuthorizeSecurityGroupIngress": "

Adds the specified ingress rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address ranges, or from the instances associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group limits, see Amazon VPC Limits.

", + "AuthorizeSecurityGroupEgress": "

[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas.

", + "AuthorizeSecurityGroupIngress": "

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas.

", "BundleInstance": "

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:\\) is bundled. Data on other instance store volumes is not preserved.

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

", "CancelBundleTask": "

Cancels a bundling operation for an instance store-backed Windows instance.

", "CancelCapacityReservation": "

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled.

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

", @@ -248,6 +248,7 @@ "DescribeScheduledInstanceAvailability": "

Finds available schedules that meet the specified criteria.

You can search for an available schedule no more than 3 months in advance. You must meet the minimum required duration of 1,200 hours per year. For example, the minimum daily schedule is 4 hours, the minimum weekly schedule is 24 hours, and the minimum monthly schedule is 100 hours.

After you find a schedule that meets your needs, call PurchaseScheduledInstances to purchase Scheduled Instances with that schedule.

", "DescribeScheduledInstances": "

Describes the specified Scheduled Instances or all your Scheduled Instances.

", "DescribeSecurityGroupReferences": "

[VPC only] Describes the VPCs on the other side of a VPC peering connection that are referencing the security groups you've specified in this request.

", + "DescribeSecurityGroupRules": "

Describes one or more of your security group rules.

", "DescribeSecurityGroups": "

Describes the specified security groups or all of your security groups.

A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide.

", "DescribeSnapshotAttribute": "

Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

", "DescribeSnapshots": "

Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you.

The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other AWS accounts for which you have explicit create volume permissions.

The create volume permissions fall into the following categories:

The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or AWS accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions.

If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results.

If you specify one or more snapshot owners using the OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the AWS account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.

If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify AWS account IDs (if you own the snapshots), self for snapshots for which you own or have explicit permissions, or all for public snapshots.

If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeSnapshots request to retrieve the remaining results.

To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores.

For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon Elastic Compute Cloud User Guide.

", @@ -305,7 +306,7 @@ "DisableVpcClassicLinkDnsSupport": "

Disables ClassicLink DNS support for a VPC. If disabled, DNS hostnames resolve to public IP addresses when addressed between a linked EC2-Classic instance and instances in the VPC to which it's linked. For more information, see ClassicLink in the Amazon Elastic Compute Cloud User Guide.

You must specify a VPC ID in the request.

", "DisassociateAddress": "

Disassociates an Elastic IP address from the instance or network interface it's associated with.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error.

", "DisassociateClientVpnTargetNetwork": "

Disassociates a target network from the specified Client VPN endpoint. When you disassociate the last target network from a Client VPN, the following happens:

", - "DisassociateEnclaveCertificateIamRole": "

Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the AWS Key Management Service (KMS) customer master key (CMK) used to encrypt the private key. This effectively revokes the role's permission to use the certificate.

", + "DisassociateEnclaveCertificateIamRole": "

Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role's permission to use the KMS key used to encrypt the private key. This effectively revokes the role's permission to use the certificate.

", "DisassociateIamInstanceProfile": "

Disassociates an IAM instance profile from a running or stopped instance.

Use DescribeIamInstanceProfileAssociations to get the association ID.

", "DisassociateRouteTable": "

Disassociates a subnet or gateway from a route table.

After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the routes in the VPC's main route table. For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide.

", "DisassociateSubnetCidrBlock": "

Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.

", @@ -326,7 +327,7 @@ "ExportClientVpnClientConfiguration": "

Downloads the contents of the Client VPN endpoint configuration file for the specified Client VPN endpoint. The Client VPN endpoint configuration file includes the Client VPN endpoint and certificate information clients need to establish a connection with the Client VPN endpoint.

", "ExportImage": "

Exports an Amazon Machine Image (AMI) to a VM file. For more information, see Exporting a VM directly from an Amazon Machine Image (AMI) in the VM Import/Export User Guide.

", "ExportTransitGatewayRoutes": "

Exports routes from the specified transit gateway route table to the specified S3 bucket. By default, all routes are exported. Alternatively, you can filter by CIDR range.

The routes are saved to the specified bucket in a JSON file. For more information, see Export Route Tables to Amazon S3 in Transit Gateways.

", - "GetAssociatedEnclaveCertificateIamRoles": "

Returns the IAM roles that are associated with the specified AWS Certificate Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the AWS Key Management Service (KMS) customer master key (CMK) that's used to encrypt the private key.

", + "GetAssociatedEnclaveCertificateIamRoles": "

Returns the IAM roles that are associated with the specified ACM (ACM) certificate. It also returns the name of the Amazon S3 bucket and the Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored, and the ARN of the KMS key that's used to encrypt the private key.

", "GetAssociatedIpv6PoolCidrs": "

Gets information about the IPv6 CIDR block associations for a specified IPv6 address pool.

", "GetCapacityReservationUsage": "

Gets usage information about a Capacity Reservation. If the Capacity Reservation is shared, it shows usage information for the Capacity Reservation owner and each account that is currently using the shared capacity. If the Capacity Reservation is not shared, it shows only the Capacity Reservation owner's usage.

", "GetCoipPoolUsage": "

Describes the allocations from the specified customer-owned address pool.

", @@ -352,7 +353,7 @@ "ImportClientVpnClientCertificateRevocationList": "

Uploads a client certificate revocation list to the specified Client VPN endpoint. Uploading a client certificate revocation list overwrites the existing client certificate revocation list.

Uploading a client certificate revocation list resets existing client connections.

", "ImportImage": "

Import single or multi-volume disk images or EBS snapshots into an Amazon Machine Image (AMI).

For more information, see Importing a VM as an image using VM Import/Export in the VM Import/Export User Guide.

", "ImportInstance": "

Creates an import instance task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead.

This API action is not supported by the AWS Command Line Interface (AWS CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing a VM to Amazon EC2 in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

", - "ImportKeyPair": "

Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which AWS creates the key pair and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, you create the key pair and give AWS just the public key. The private key is never transferred between you and AWS.

For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide.

", + "ImportKeyPair": "

Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which Amazon Web Services creates the key pair and gives the keys to you (Amazon Web Services keeps a copy of the public key). With ImportKeyPair, you create the key pair and give Amazon Web Services just the public key. The private key is never transferred between you and Amazon Web Services.

For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide.

", "ImportSnapshot": "

Imports a disk into an EBS snapshot.

For more information, see Importing a disk as a snapshot using VM Import/Export in the VM Import/Export User Guide.

", "ImportVolume": "

Creates an import volume task using metadata from the specified disk image.

This API action supports only single-volume VMs. To import multi-volume VMs, use ImportImage instead. To import a disk to a snapshot, use ImportSnapshot instead.

This API action is not supported by the AWS Command Line Interface (AWS CLI). For information about using the Amazon EC2 CLI, which is deprecated, see Importing Disks to Amazon EBS in the Amazon EC2 CLI Reference PDF file.

For information about the import manifest referenced by this API action, see VM Import Manifest.

", "ModifyAddressAttribute": "

Modifies an attribute of the specified Elastic IP address. For requirements, see Using reverse DNS for email applications.

", @@ -377,6 +378,7 @@ "ModifyManagedPrefixList": "

Modifies the specified managed prefix list.

Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.

If you specify a current version number that does not match the true current version number, the request fails.

", "ModifyNetworkInterfaceAttribute": "

Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.

", "ModifyReservedInstances": "

Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for Availability Zone, network platform, and instance type.

For more information, see Modifying Reserved Instances in the Amazon EC2 User Guide.

", + "ModifySecurityGroupRules": "

Modifies the rules of a security group.

", "ModifySnapshotAttribute": "

Adds or removes permission settings for the specified snapshot. You may add or remove specified AWS account IDs from a snapshot's list of create volume permissions, but you cannot do both in a single operation. If you need to both add and remove account IDs for a snapshot, you must use multiple operations. You can make up to 500 modifications to a snapshot in a single operation.

Encrypted snapshots and snapshots with AWS Marketplace product codes cannot be made public. Snapshots encrypted with your default CMK cannot be shared with other accounts.

For more information about modifying snapshot permissions, see Sharing snapshots in the Amazon Elastic Compute Cloud User Guide.

", "ModifySpotFleetRequest": "

Modifies the specified Spot Fleet request.

You can only modify a Spot Fleet request of type maintain.

While the Spot Fleet request is being modified, it is in the modifying state.

To scale up your Spot Fleet, increase its target capacity. The Spot Fleet launches the additional Spot Instances according to the allocation strategy for the Spot Fleet request. If the allocation strategy is lowestPrice, the Spot Fleet launches instances using the Spot Instance pool with the lowest price. If the allocation strategy is diversified, the Spot Fleet distributes the instances across the Spot Instance pools. If the allocation strategy is capacityOptimized, Spot Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.

To scale down your Spot Fleet, decrease its target capacity. First, the Spot Fleet cancels any open requests that exceed the new target capacity. You can request that the Spot Fleet terminate Spot Instances until the size of the fleet no longer exceeds the new target capacity. If the allocation strategy is lowestPrice, the Spot Fleet terminates the instances with the highest price per unit. If the allocation strategy is capacityOptimized, the Spot Fleet terminates the instances in the Spot Instance pools that have the least available Spot Instance capacity. If the allocation strategy is diversified, the Spot Fleet terminates instances across the Spot Instance pools. Alternatively, you can request that the Spot Fleet keep the fleet at its current size, but not replace any Spot Instances that are interrupted or that you terminate manually.

If you are finished with your Spot Fleet for now, but will use it again later, you can set the target capacity to 0.

", "ModifySubnetAttribute": "

Modifies a subnet attribute. You can only modify one attribute at a time.

", @@ -436,8 +438,8 @@ "RestoreAddressToClassic": "

Restores an Elastic IP address that was previously moved to the EC2-VPC platform back to the EC2-Classic platform. You cannot move an Elastic IP address that was originally allocated for use in EC2-VPC. The Elastic IP address must not be associated with an instance or network interface.

", "RestoreManagedPrefixListVersion": "

Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.

", "RevokeClientVpnIngress": "

Removes an ingress authorization rule from a Client VPN endpoint.

", - "RevokeSecurityGroupEgress": "

[VPC only] Removes the specified egress rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.

[Default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.

AWS recommends that you use DescribeSecurityGroups to verify that the rule has been removed.

Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not have to specify the description to revoke the rule.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", - "RevokeSecurityGroupIngress": "

Removes the specified ingress rules from a security group. To remove a rule, the values that you specify (for example, ports) must match the existing rule's values exactly.

[EC2-Classic , default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.

AWS recommends that you use DescribeSecurityGroups to verify that the rule has been removed.

Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not have to specify the description to revoke the rule.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", + "RevokeSecurityGroupEgress": "

[VPC only] Removes the specified outbound (egress) rules from a security group for EC2-VPC. This action does not apply to security groups for use in EC2-Classic.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and destination (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[Default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", + "RevokeSecurityGroupIngress": "

Removes the specified inbound (ingress) rules from a security group.

You can specify rules using either rule IDs or security group rule properties. If you use rule properties, the values that you specify (for example, ports) must match the existing rule's values exactly. Each rule has a protocol, from and to ports, and source (CIDR range, security group, or prefix list). For the TCP and UDP protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must also specify the ICMP type and code. If the security group rule has a description, you do not need to specify the description to revoke the rule.

[EC2-Classic, default VPC] If the values you specify do not match the existing rule's values, no error is returned, and the output describes the security group rules that were not revoked.

Amazon Web Services recommends that you describe the security group to verify that the rules were removed.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

", "RunInstances": "

Launches the specified number of instances using an AMI for which you have permissions.

You can specify a number of options, or leave the default options. The following rules apply:

You can create a launch template, which is a resource that contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify the launch template instead of specifying the launch parameters.

To ensure faster instance launches, break up large requests into smaller batches. For example, create five separate launch requests for 100 instances each instead of one launch request for 500 instances.

An instance is ready for you to use when it's in the running state. You can check the state of your instance using DescribeInstances. You can tag instances and EBS volumes during launch, after launch, or both. For more information, see CreateTags and Tagging your Amazon EC2 resources.

Linux instances have access to the public key of the key pair at boot. You can use this key to provide secure access to the instance. Amazon EC2 public images use this feature to provide secure access without passwords. For more information, see Key pairs.

For troubleshooting, see What to do if an instance immediately terminates, and Troubleshooting connecting to your instance.

", "RunScheduledInstances": "

Launches the specified Scheduled Instances.

Before you can launch a Scheduled Instance, you must purchase it and obtain an identifier using PurchaseScheduledInstances.

You must launch a Scheduled Instance during its scheduled time period. You can't stop or reboot a Scheduled Instance, but you can terminate it as needed. If you terminate a Scheduled Instance before the current scheduled time period ends, you can launch it again after a few minutes. For more information, see Scheduled Instances in the Amazon EC2 User Guide.

", "SearchLocalGatewayRoutes": "

Searches for routes in the specified local gateway route table.

", @@ -453,8 +455,8 @@ "UnassignIpv6Addresses": "

Unassigns one or more IPv6 addresses from a network interface.

", "UnassignPrivateIpAddresses": "

Unassigns one or more secondary private IP addresses from a network interface.

", "UnmonitorInstances": "

Disables detailed monitoring for a running instance. For more information, see Monitoring your instances and volumes in the Amazon EC2 User Guide.

", - "UpdateSecurityGroupRuleDescriptionsEgress": "

[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

You specify the description as part of the IP permissions structure. You can remove a description for a security group rule by omitting the description parameter in the request.

", - "UpdateSecurityGroupRuleDescriptionsIngress": "

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously.

You specify the description as part of the IP permissions structure. You can remove a description for a security group rule by omitting the description parameter in the request.

", + "UpdateSecurityGroupRuleDescriptionsEgress": "

[VPC only] Updates the description of an egress (outbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.

", + "UpdateSecurityGroupRuleDescriptionsIngress": "

Updates the description of an ingress (inbound) security group rule. You can replace an existing description, or add a description to a rule that did not have one previously. You can remove a description for a security group rule by omitting the description parameter in the request.

", "WithdrawByoipCidr": "

Stops advertising an address range that is provisioned as an address pool.

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.

" }, "shapes": { @@ -1188,11 +1190,21 @@ "refs": { } }, + "AuthorizeSecurityGroupEgressResult": { + "base": null, + "refs": { + } + }, "AuthorizeSecurityGroupIngressRequest": { "base": null, "refs": { } }, + "AuthorizeSecurityGroupIngressResult": { + "base": null, + "refs": { + } + }, "AutoAcceptSharedAssociationsValue": { "base": null, "refs": { @@ -1395,7 +1407,9 @@ "AuthorizeClientVpnIngressRequest$AuthorizeAllGroups": "

Indicates whether to grant access to all clients. Specify true to grant all clients who successfully establish a VPN connection access to the network. Must be set to true if AccessGroupId is not specified.

", "AuthorizeClientVpnIngressRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "AuthorizeSecurityGroupEgressRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "AuthorizeSecurityGroupEgressResult$Return": "

Returns true if the request succeeds; otherwise, returns an error.

", "AuthorizeSecurityGroupIngressRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "AuthorizeSecurityGroupIngressResult$Return": "

Returns true if the request succeeds; otherwise, returns an error.

", "BundleInstanceRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "CancelBundleTaskRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "CancelCapacityReservationRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -1636,6 +1650,7 @@ "DescribeScheduledInstanceAvailabilityRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "DescribeScheduledInstancesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "DescribeSecurityGroupReferencesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "DescribeSecurityGroupRulesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "DescribeSecurityGroupsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "DescribeSnapshotAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "DescribeSnapshotsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -1835,6 +1850,8 @@ "ModifyLaunchTemplateRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyManagedPrefixListRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifyNetworkInterfaceAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "ModifySecurityGroupRulesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", + "ModifySecurityGroupRulesResult$Return": "

Returns true if the request succeeds; otherwise, returns an error.

", "ModifySnapshotAttributeRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ModifySpotFleetRequestResponse$Return": "

Is true if the request succeeds, and an error otherwise.

", "ModifyTrafficMirrorFilterNetworkServicesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", @@ -1959,6 +1976,7 @@ "SearchTransitGatewayMulticastGroupsRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "SearchTransitGatewayRoutesRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "SearchTransitGatewayRoutesResult$AdditionalRoutesAvailable": "

Indicates whether there are additional routes available.

", + "SecurityGroupRule$IsEgress": "

Indicates whether the security group rule is an outbound rule.

", "SendDiagnosticInterruptRequest$DryRun": "

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

", "ServiceConfiguration$AcceptanceRequired": "

Indicates whether requests from other AWS accounts to create an endpoint to the service must first be accepted.

", "ServiceConfiguration$ManagesVpcEndpoints": "

Indicates whether the service manages its VPC endpoints. Management of the service VPC endpoints using the VPC endpoint API is restricted.

", @@ -5347,6 +5365,22 @@ "refs": { } }, + "DescribeSecurityGroupRulesMaxResults": { + "base": null, + "refs": { + "DescribeSecurityGroupRulesRequest$MaxResults": "

The maximum number of results to return in a single call. To retrieve the remaining results, make another request with the returned NextToken value. This value can be between 5 and 1000. If this parameter is not specified, then all results are returned.

" + } + }, + "DescribeSecurityGroupRulesRequest": { + "base": null, + "refs": { + } + }, + "DescribeSecurityGroupRulesResult": { + "base": null, + "refs": { + } + }, "DescribeSecurityGroupsMaxResults": { "base": null, "refs": { @@ -6946,7 +6980,8 @@ "DescribeRouteTablesRequest$Filters": "

One or more filters.

", "DescribeScheduledInstanceAvailabilityRequest$Filters": "

The filters.

", "DescribeScheduledInstancesRequest$Filters": "

The filters.

", - "DescribeSecurityGroupsRequest$Filters": "

The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

", + "DescribeSecurityGroupRulesRequest$Filters": "

One or more filters.

", + "DescribeSecurityGroupsRequest$Filters": "

The filters. If using multiple filters for rules, the results include security groups for which any combination of rules - not necessarily a single rule - match all filters.

", "DescribeSnapshotsRequest$Filters": "

The filters.

", "DescribeSpotInstanceRequestsRequest$Filters": "

One or more filters.

", "DescribeSpotPriceHistoryRequest$Filters": "

One or more filters.

", @@ -7634,7 +7669,7 @@ "base": null, "refs": { "AttachClassicLinkVpcRequest$Groups": "

The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC.

", - "DescribeSecurityGroupsRequest$GroupIds": "

The IDs of the security groups. Required for security groups in a nondefault VPC.

Default: Describes all your security groups.

", + "DescribeSecurityGroupsRequest$GroupIds": "

The IDs of the security groups. Required for security groups in a nondefault VPC.

Default: Describes all of your security groups.

", "LaunchTemplateInstanceNetworkInterfaceSpecification$Groups": "

The IDs of one or more security groups.

", "ModifyInstanceAttributeRequest$Groups": "

[EC2-VPC] Replaces the security groups of the instance with the specified security groups. You must specify at least one security group, even if it's just the default security group for the VPC. You must specify the security group ID, not the security group name.

" } @@ -7674,7 +7709,7 @@ "GroupNameStringList": { "base": null, "refs": { - "DescribeSecurityGroupsRequest$GroupNames": "

[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.

Default: Describes all your security groups.

", + "DescribeSecurityGroupsRequest$GroupNames": "

[EC2-Classic and default VPC only] The names of the security groups. You can specify either the security group name or the security group ID. For security groups in a nondefault VPC, use the group-name filter to describe security groups by name.

Default: Describes all of your security groups.

", "ModifySnapshotAttributeRequest$GroupNames": "

The group to modify for the snapshot.

" } }, @@ -8941,6 +8976,10 @@ "ScheduledInstancesNetworkInterface$DeviceIndex": "

The index of the device for the network interface attachment.

", "ScheduledInstancesNetworkInterface$Ipv6AddressCount": "

The number of IPv6 addresses to assign to the network interface. The IPv6 addresses are automatically selected from the subnet range.

", "ScheduledInstancesNetworkInterface$SecondaryPrivateIpAddressCount": "

The number of secondary private IPv4 addresses.

", + "SecurityGroupRule$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

", + "SecurityGroupRule$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

", + "SecurityGroupRuleRequest$FromPort": "

The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

", + "SecurityGroupRuleRequest$ToPort": "

The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

", "Snapshot$VolumeSize": "

The size of the volume, in GiB.

", "SnapshotInfo$VolumeSize": "

Size of the volume from which this snapshot was created.

", "SpotFleetRequestConfigData$TargetCapacity": "

The number of units to request for the Spot Fleet. You can choose to set the target capacity in terms of instances or a performance characteristic that is important to your application workload, such as vCPUs, memory, or I/O. If the request type is maintain, you can specify a target capacity of 0 and add capacity later.

", @@ -9096,8 +9135,8 @@ "RevokeSecurityGroupIngressResult$UnknownIpPermissions": "

The inbound rules that were unknown to the service. In some cases, unknownIpPermissionSet might be in a different format from the request parameter.

", "SecurityGroup$IpPermissions": "

The inbound rules associated with the security group.

", "SecurityGroup$IpPermissionsEgress": "

[VPC only] The outbound rules associated with the security group.

", - "UpdateSecurityGroupRuleDescriptionsEgressRequest$IpPermissions": "

The IP permissions for the security group rule.

", - "UpdateSecurityGroupRuleDescriptionsIngressRequest$IpPermissions": "

The IP permissions for the security group rule.

" + "UpdateSecurityGroupRuleDescriptionsEgressRequest$IpPermissions": "

The IP permissions for the security group rule. You must specify either the IP permissions or the description.

", + "UpdateSecurityGroupRuleDescriptionsIngressRequest$IpPermissions": "

The IP permissions for the security group rule. You must specify either IP permissions or a description.

" } }, "IpRange": { @@ -9237,7 +9276,7 @@ "KeyNameStringList": { "base": null, "refs": { - "DescribeKeyPairsRequest$KeyNames": "

The key pair names.

Default: Describes all your key pairs.

" + "DescribeKeyPairsRequest$KeyNames": "

The key pair names.

Default: Describes all of your key pairs.

" } }, "KeyPair": { @@ -10392,6 +10431,16 @@ "refs": { } }, + "ModifySecurityGroupRulesRequest": { + "base": null, + "refs": { + } + }, + "ModifySecurityGroupRulesResult": { + "base": null, + "refs": { + } + }, "ModifySnapshotAttributeRequest": { "base": null, "refs": { @@ -11604,6 +11653,8 @@ "PrefixListResourceIdStringList$member": null, "ReplaceRouteRequest$DestinationPrefixListId": "

The ID of the prefix list for the route.

", "RestoreManagedPrefixListVersionRequest$PrefixListId": "

The ID of the prefix list.

", + "SecurityGroupRule$PrefixListId": "

The ID of the prefix list.

", + "SecurityGroupRuleRequest$PrefixListId": "

The ID of the prefix list.

", "TransitGatewayPrefixListReference$PrefixListId": "

The ID of the prefix list.

", "TransitGatewayRoute$PrefixListId": "

The ID of the prefix list used for destination matches.

" } @@ -11979,6 +12030,12 @@ "ReservedInstancesOffering$RecurringCharges": "

The recurring charge tag assigned to the resource.

" } }, + "ReferencedSecurityGroup": { + "base": "

Describes the security group that is referenced in the security group rule.

", + "refs": { + "SecurityGroupRule$ReferencedGroupInfo": "

Describes the security group that is referenced in the rule.

" + } + }, "Region": { "base": "

Describes a Region.

", "refs": { @@ -12997,7 +13054,7 @@ } }, "SecurityGroup": { - "base": "

Describes a security group

", + "base": "

Describes a security group.

", "refs": { "SecurityGroupList$member": null } @@ -13010,11 +13067,14 @@ "ClientVpnSecurityGroupIdSet$member": null, "DeleteSecurityGroupRequest$GroupId": "

The ID of the security group. Required for a nondefault VPC.

", "GroupIds$member": null, + "ModifySecurityGroupRulesRequest$GroupId": "

The ID of the security group.

", "RequestSpotLaunchSpecificationSecurityGroupIdList$member": null, "RevokeSecurityGroupEgressRequest$GroupId": "

The ID of the security group.

", "RevokeSecurityGroupIngressRequest$GroupId": "

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

", "ScheduledInstancesSecurityGroupIdSet$member": null, "SecurityGroupIdStringList$member": null, + "SecurityGroupRule$GroupId": "

The ID of the security group.

", + "SecurityGroupRuleRequest$ReferencedGroupId": "

The ID of the security group that is referenced in the security group rule.

", "UpdateSecurityGroupRuleDescriptionsEgressRequest$GroupId": "

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

", "UpdateSecurityGroupRuleDescriptionsIngressRequest$GroupId": "

The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.

", "VpcEndpointSecurityGroupIdList$member": null @@ -13068,6 +13128,66 @@ "DescribeSecurityGroupReferencesResult$SecurityGroupReferenceSet": "

Information about the VPCs with the referencing security groups.

" } }, + "SecurityGroupRule": { + "base": "

Describes a security group rule.

", + "refs": { + "SecurityGroupRuleList$member": null + } + }, + "SecurityGroupRuleDescription": { + "base": "

Describes the description of a security group rule.

You can use this when you want to update the security group rule description for either an inbound or outbound rule.

", + "refs": { + "SecurityGroupRuleDescriptionList$member": null + } + }, + "SecurityGroupRuleDescriptionList": { + "base": null, + "refs": { + "UpdateSecurityGroupRuleDescriptionsEgressRequest$SecurityGroupRuleDescriptions": "

The description for the egress security group rules. You must specify either the description or the IP permissions.

", + "UpdateSecurityGroupRuleDescriptionsIngressRequest$SecurityGroupRuleDescriptions": "

[VPC only] The description for the ingress security group rules. You must specify either a description or IP permissions.

" + } + }, + "SecurityGroupRuleId": { + "base": null, + "refs": { + "SecurityGroupRule$SecurityGroupRuleId": "

The ID of the security group rule.

", + "SecurityGroupRuleUpdate$SecurityGroupRuleId": "

The ID of the security group rule.

" + } + }, + "SecurityGroupRuleIdList": { + "base": null, + "refs": { + "DescribeSecurityGroupRulesRequest$SecurityGroupRuleIds": "

The IDs of the security group rules.

", + "RevokeSecurityGroupEgressRequest$SecurityGroupRuleIds": "

The IDs of the security group rules.

", + "RevokeSecurityGroupIngressRequest$SecurityGroupRuleIds": "

The IDs of the security group rules.

" + } + }, + "SecurityGroupRuleList": { + "base": null, + "refs": { + "AuthorizeSecurityGroupEgressResult$SecurityGroupRules": "

Information about the outbound (egress) security group rules that were added.

", + "AuthorizeSecurityGroupIngressResult$SecurityGroupRules": "

Information about the inbound (ingress) security group rules that were added.

", + "DescribeSecurityGroupRulesResult$SecurityGroupRules": "

Information about security group rules.

" + } + }, + "SecurityGroupRuleRequest": { + "base": "

Describes a security group rule.

You must specify exactly one of the following parameters, based on the rule type:

When you modify a rule, you cannot change the rule type. For example, if the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new IPv4 address range.

", + "refs": { + "SecurityGroupRuleUpdate$SecurityGroupRule": "

Information about the security group rule.

" + } + }, + "SecurityGroupRuleUpdate": { + "base": "

Describes an update to a security group rule.

", + "refs": { + "SecurityGroupRuleUpdateList$member": null + } + }, + "SecurityGroupRuleUpdateList": { + "base": null, + "refs": { + "ModifySecurityGroupRulesRequest$SecurityGroupRules": "

Information about the security group properties to update.

" + } + }, "SecurityGroupStringList": { "base": null, "refs": { @@ -13643,7 +13763,7 @@ "AssociateClientVpnTargetNetworkResult$AssociationId": "

The unique ID of the target network association.

", "AssociateEnclaveCertificateIamRoleResult$CertificateS3BucketName": "

The name of the Amazon S3 bucket to which the certificate was uploaded.

", "AssociateEnclaveCertificateIamRoleResult$CertificateS3ObjectKey": "

The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The object key is formatted as follows: role_arn/certificate_arn.

", - "AssociateEnclaveCertificateIamRoleResult$EncryptionKmsKeyId": "

The ID of the AWS KMS CMK used to encrypt the private key of the certificate.

", + "AssociateEnclaveCertificateIamRoleResult$EncryptionKmsKeyId": "

The ID of the KMS key used to encrypt the private key of the certificate.

", "AssociateRouteTableResult$AssociationId": "

The route table association ID. This ID is required for disassociating the route table.

", "AssociateSubnetCidrBlockRequest$Ipv6CidrBlock": "

The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length.

", "AssociateSubnetCidrBlockResult$SubnetId": "

The ID of the subnet.

", @@ -13677,7 +13797,7 @@ "AuthorizeSecurityGroupIngressRequest$CidrIp": "

The IPv4 address range, in CIDR format. You can't specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

", "AuthorizeSecurityGroupIngressRequest$IpProtocol": "

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). To specify icmpv6, use a set of IP permissions.

[VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp, udp, or icmp, traffic on all ports is allowed, regardless of any ports you specify.

Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

", "AuthorizeSecurityGroupIngressRequest$SourceSecurityGroupName": "

[EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.

", - "AuthorizeSecurityGroupIngressRequest$SourceSecurityGroupOwnerId": "

[nondefault VPC] The AWS account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

", + "AuthorizeSecurityGroupIngressRequest$SourceSecurityGroupOwnerId": "

[nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.

", "AvailabilityZone$RegionName": "

The name of the Region.

", "AvailabilityZone$ZoneName": "

The name of the Availability Zone, Local Zone, or Wavelength Zone.

", "AvailabilityZone$ZoneId": "

The ID of the Availability Zone, Local Zone, or Wavelength Zone.

", @@ -14059,6 +14179,8 @@ "DescribeScheduledInstanceAvailabilityResult$NextToken": "

The token required to retrieve the next set of results. This value is null when there are no more results to return.

", "DescribeScheduledInstancesRequest$NextToken": "

The token for the next set of results.

", "DescribeScheduledInstancesResult$NextToken": "

The token required to retrieve the next set of results. This value is null when there are no more results to return.

", + "DescribeSecurityGroupRulesRequest$NextToken": "

The token for the next page of results.

", + "DescribeSecurityGroupRulesResult$NextToken": "

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", "DescribeSecurityGroupsRequest$NextToken": "

The token to request the next page of results.

", "DescribeSecurityGroupsResult$NextToken": "

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", "DescribeSnapshotAttributeResult$SnapshotId": "

The ID of the EBS snapshot.

", @@ -14387,7 +14509,7 @@ "ImportInstanceVolumeDetailItem$StatusMessage": "

The status information or errors related to the disk image.

", "ImportKeyPairRequest$KeyName": "

A unique name for the key pair.

", "ImportKeyPairResult$KeyFingerprint": "

The MD5 public key fingerprint as specified in section 4 of RFC 4716.

", - "ImportKeyPairResult$KeyName": "

The key pair name you provided.

", + "ImportKeyPairResult$KeyName": "

The key pair name that you provided.

", "ImportKeyPairResult$KeyPairId": "

The ID of the resulting key pair.

", "ImportSnapshotRequest$ClientToken": "

Token to enable idempotency for VM import requests.

", "ImportSnapshotRequest$Description": "

The description string for the import snapshot task.

", @@ -14480,7 +14602,7 @@ "KeyPair$KeyName": "

The name of the key pair.

", "KeyPair$KeyPairId": "

The ID of the key pair.

", "KeyPairInfo$KeyPairId": "

The ID of the key pair.

", - "KeyPairInfo$KeyFingerprint": "

If you used CreateKeyPair to create the key pair, this is the SHA-1 digest of the DER encoded private key. If you used ImportKeyPair to provide AWS the public key, this is the MD5 public key fingerprint as specified in section 4 of RFC4716.

", + "KeyPairInfo$KeyFingerprint": "

If you used CreateKeyPair to create the key pair, this is the SHA-1 digest of the DER encoded private key. If you used ImportKeyPair to provide Amazon Web Services the public key, this is the MD5 public key fingerprint as specified in section 4 of RFC4716.

", "KeyPairInfo$KeyName": "

The name of the key pair.

", "LastError$Message": "

The error message for the VPC endpoint error.

", "LastError$Code": "

The error code for the VPC endpoint error.

", @@ -14740,6 +14862,11 @@ "PurchaseRequest$PurchaseToken": "

The purchase token.

", "PurchaseReservedInstancesOfferingResult$ReservedInstancesId": "

The IDs of the purchased Reserved Instances. If your purchase crosses into a discounted pricing tier, the final Reserved Instances IDs might change. For more information, see Crossing pricing tiers in the Amazon Elastic Compute Cloud User Guide.

", "PurchaseScheduledInstancesRequest$ClientToken": "

Unique, case-sensitive identifier that ensures the idempotency of the request. For more information, see Ensuring Idempotency.

", + "ReferencedSecurityGroup$GroupId": "

The ID of the security group.

", + "ReferencedSecurityGroup$PeeringStatus": "

The status of a VPC peering connection, if applicable.

", + "ReferencedSecurityGroup$UserId": "

The account ID.

", + "ReferencedSecurityGroup$VpcId": "

The ID of the VPC.

", + "ReferencedSecurityGroup$VpcPeeringConnectionId": "

The ID of the VPC peering connection.

", "Region$Endpoint": "

The Region service endpoint.

", "Region$RegionName": "

The name of the Region.

", "Region$OptInStatus": "

The Region opt-in status. The possible values are opt-in-not-required, opted-in, and not-opted-in.

", @@ -14823,7 +14950,7 @@ "RevokeSecurityGroupIngressRequest$CidrIp": "

The CIDR IP address range. You can't specify this parameter when specifying a source security group.

", "RevokeSecurityGroupIngressRequest$IpProtocol": "

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). Use -1 to specify all.

", "RevokeSecurityGroupIngressRequest$SourceSecurityGroupName": "

[EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. For EC2-VPC, the source security group must be in the same VPC. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

", - "RevokeSecurityGroupIngressRequest$SourceSecurityGroupOwnerId": "

[EC2-Classic] The AWS account ID of the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

", + "RevokeSecurityGroupIngressRequest$SourceSecurityGroupOwnerId": "

[EC2-Classic] The Amazon Web Services account ID of the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. To revoke a specific rule for an IP protocol and port range, use a set of IP permissions instead.

", "Route$DestinationCidrBlock": "

The IPv4 CIDR block used for the destination match.

", "Route$DestinationIpv6CidrBlock": "

The IPv6 CIDR block used for the destination match.

", "Route$DestinationPrefixListId": "

The prefix of the AWS service.

", @@ -14889,7 +15016,7 @@ "SearchTransitGatewayMulticastGroupsResult$NextToken": "

The token to use to retrieve the next page of results. This value is null when there are no more results to return.

", "SecurityGroup$Description": "

A description of the security group.

", "SecurityGroup$GroupName": "

The name of the security group.

", - "SecurityGroup$OwnerId": "

The AWS account ID of the owner of the security group.

", + "SecurityGroup$OwnerId": "

The Amazon Web Services account ID of the owner of the security group.

", "SecurityGroup$GroupId": "

The ID of the security group.

", "SecurityGroup$VpcId": "

[VPC only] The ID of the VPC for the security group.

", "SecurityGroupIdentifier$GroupId": "

The ID of the security group.

", @@ -14897,6 +15024,18 @@ "SecurityGroupReference$GroupId": "

The ID of your security group.

", "SecurityGroupReference$ReferencingVpcId": "

The ID of the VPC with the referencing security group.

", "SecurityGroupReference$VpcPeeringConnectionId": "

The ID of the VPC peering connection.

", + "SecurityGroupRule$GroupOwnerId": "

The ID of the account that owns the security group.

", + "SecurityGroupRule$IpProtocol": "

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

Use -1 to specify all protocols.

", + "SecurityGroupRule$CidrIpv4": "

The IPv4 CIDR range.

", + "SecurityGroupRule$CidrIpv6": "

The IPv6 CIDR range.

", + "SecurityGroupRule$Description": "

The security group rule description.

", + "SecurityGroupRuleDescription$SecurityGroupRuleId": "

The ID of the security group rule.

", + "SecurityGroupRuleDescription$Description": "

The description of the security group rule.

", + "SecurityGroupRuleIdList$member": null, + "SecurityGroupRuleRequest$IpProtocol": "

The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers).

Use -1 to specify all protocols.

", + "SecurityGroupRuleRequest$CidrIpv4": "

The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix length.

", + "SecurityGroupRuleRequest$CidrIpv6": "

The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix length.

", + "SecurityGroupRuleRequest$Description": "

The description of the security group rule.

", "ServiceConfiguration$ServiceId": "

The ID of the service.

", "ServiceConfiguration$ServiceName": "

The name of the service.

", "ServiceConfiguration$PrivateDnsName": "

The private DNS name for the service.

", @@ -15123,7 +15262,7 @@ "UserIdGroupPair$GroupId": "

The ID of the security group.

", "UserIdGroupPair$GroupName": "

The name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.

For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.

", "UserIdGroupPair$PeeringStatus": "

The status of a VPC peering connection, if applicable.

", - "UserIdGroupPair$UserId": "

The ID of an AWS account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in another AWS account.

", + "UserIdGroupPair$UserId": "

The ID of an Amazon Web Services account.

For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

[EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account.

", "UserIdGroupPair$VpcId": "

The ID of the VPC for the referenced security group, if applicable.

", "UserIdGroupPair$VpcPeeringConnectionId": "

The ID of the VPC peering connection, if applicable.

", "UserIdStringList$member": null, @@ -15422,6 +15561,7 @@ "ReservedInstancesListing$Tags": "

Any tags assigned to the resource.

", "RouteTable$Tags": "

Any tags assigned to the route table.

", "SecurityGroup$Tags": "

Any tags assigned to the security group.

", + "SecurityGroupRule$Tags": "

The tags applied to the security group rule.

", "ServiceConfiguration$Tags": "

Any tags assigned to the service.

", "ServiceDetail$Tags": "

Any tags assigned to the service.

", "Snapshot$Tags": "

Any tags assigned to the snapshot.

", @@ -15463,6 +15603,8 @@ "refs": { "AllocateAddressRequest$TagSpecifications": "

The tags to assign to the Elastic IP address.

", "AllocateHostsRequest$TagSpecifications": "

The tags to apply to the Dedicated Host during creation.

", + "AuthorizeSecurityGroupEgressRequest$TagSpecifications": "

The tags applied to the security group rule.

", + "AuthorizeSecurityGroupIngressRequest$TagSpecifications": "

[VPC Only] The tags applied to the security group rule.

", "CopySnapshotRequest$TagSpecifications": "

The tags to apply to the new snapshot.

", "CreateCapacityReservationRequest$TagSpecifications": "

The tags to apply to the Capacity Reservation during launch.

", "CreateCarrierGatewayRequest$TagSpecifications": "

The tags to associate with the carrier gateway.

", @@ -16676,7 +16818,7 @@ } }, "UserIdGroupPair": { - "base": "

Describes a security group and AWS account ID pair.

", + "base": "

Describes a security group and Amazon Web Services account ID pair.

", "refs": { "UserIdGroupPairList$member": null, "UserIdGroupPairSet$member": null @@ -16685,7 +16827,7 @@ "UserIdGroupPairList": { "base": null, "refs": { - "IpPermission$UserIdGroupPairs": "

The security group and AWS account ID pairs.

" + "IpPermission$UserIdGroupPairs": "

The security group and Amazon Web Services account ID pairs.

" } }, "UserIdGroupPairSet": { diff --git a/models/apis/ec2/2016-11-15/paginators-1.json b/models/apis/ec2/2016-11-15/paginators-1.json index fde6975e311..e1d041efc2c 100755 --- a/models/apis/ec2/2016-11-15/paginators-1.json +++ b/models/apis/ec2/2016-11-15/paginators-1.json @@ -374,6 +374,12 @@ "output_token": "NextToken", "result_key": "ScheduledInstanceSet" }, + "DescribeSecurityGroupRules": { + "input_token": "NextToken", + "limit_key": "MaxResults", + "output_token": "NextToken", + "result_key": "SecurityGroupRules" + }, "DescribeSecurityGroups": { "input_token": "NextToken", "limit_key": "MaxResults", diff --git a/models/apis/iam/2010-05-08/docs-2.json b/models/apis/iam/2010-05-08/docs-2.json index 80b5868cc29..8aa5232c8fe 100644 --- a/models/apis/iam/2010-05-08/docs-2.json +++ b/models/apis/iam/2010-05-08/docs-2.json @@ -1,36 +1,36 @@ { "version": "2.0", - "service": "AWS Identity and Access Management

AWS Identity and Access Management (IAM) is a web service for securely controlling access to AWS services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users and applications can access. For more information about IAM, see AWS Identity and Access Management (IAM) and the AWS Identity and Access Management User Guide.

", + "service": "Identity and Access Management

Identity and Access Management (IAM) is a web service for securely controlling access to Amazon Web Services services. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which Amazon Web Services resources users and applications can access. For more information about IAM, see Identity and Access Management (IAM) and the Identity and Access Management User Guide.

", "operations": { "AddClientIDToOpenIDConnectProvider": "

Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified IAM OpenID Connect (OIDC) provider resource.

This operation is idempotent; it does not fail or return an error if you add an existing client ID to the provider.

", - "AddRoleToInstanceProfile": "

Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of AWS because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.

The caller of this operation must be granted the PassRole permission on the IAM role by a permissions policy.

For more information about roles, see Working with roles. For more information about instance profiles, see About instance profiles.

", + "AddRoleToInstanceProfile": "

Adds the specified IAM role to the specified instance profile. An instance profile can contain only one role, and this quota cannot be increased. You can remove the existing role and then add a different role to an instance profile. You must then wait for the change to appear across all of Amazon Web Services because of eventual consistency. To force the change, you must disassociate the instance profile and then associate the instance profile, or you can stop your instance and then restart it.

The caller of this operation must be granted the PassRole permission on the IAM role by a permissions policy.

For more information about roles, see Working with roles. For more information about instance profiles, see About instance profiles.

", "AddUserToGroup": "

Adds the specified user to the specified group.

", "AttachGroupPolicy": "

Attaches the specified managed policy to the specified IAM group.

You use this operation to attach a managed policy to a group. To embed an inline policy in a group, use PutGroupPolicy.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

", "AttachRolePolicy": "

Attaches the specified managed policy to the specified IAM role. When you attach a managed policy to a role, the managed policy becomes part of the role's permission (access) policy.

You cannot use a managed policy as the role's trust policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy.

Use this operation to attach a managed policy to a role. To embed an inline policy in a role, use PutRolePolicy. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

", "AttachUserPolicy": "

Attaches the specified managed policy to the specified user.

You use this operation to attach a managed policy to a user. To embed an inline policy in a user, use PutUserPolicy.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

", - "ChangePassword": "

Changes the password of the IAM user who is calling this operation. This operation can be performed using the AWS CLI, the AWS API, or the My Security Credentials page in the AWS Management Console. The AWS account root user password is not affected by this operation.

Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide.

", - "CreateAccessKey": "

Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials. This is true even if the AWS account has no associated users.

For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.

To ensure the security of your AWS account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

", - "CreateAccountAlias": "

Creates an alias for your AWS account. For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.

", + "ChangePassword": "

Changes the password of the IAM user who is calling this operation. This operation can be performed using the CLI, the Amazon Web Services API, or the My Security Credentials page in the Management Console. The account root user password is not affected by this operation.

Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. For more information about modifying passwords, see Managing passwords in the IAM User Guide.

", + "CreateAccessKey": "

Creates a new Amazon Web Services secret access key and corresponding Amazon Web Services access key ID for the specified user. The default status for new keys is Active.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials. This is true even if the account has no associated users.

For information about quotas on the number of keys you can create, see IAM and STS quotas in the IAM User Guide.

To ensure the security of your account, the secret access key is accessible only during key and user creation. You must save the key (for example, in a text file) if you want to be able to access it again. If a secret key is lost, you can delete the access keys for the associated user and then create new keys.

", + "CreateAccountAlias": "

Creates an alias for your account. For information about using an account alias, see Using an alias for your account ID in the IAM User Guide.

", "CreateGroup": "

Creates a new group.

For information about the number of groups you can create, see IAM and STS quotas in the IAM User Guide.

", "CreateInstanceProfile": "

Creates a new instance profile. For information about instance profiles, see Using roles for applications on Amazon EC2 in the IAM User Guide, and Instance profiles in the Amazon EC2 User Guide.

For information about the number of instance profiles you can create, see IAM object quotas in the IAM User Guide.

", - "CreateLoginProfile": "

Creates a password for the specified IAM user. A password allows an IAM user to access AWS services through the AWS Management Console.

You can use the AWS CLI, the AWS API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the AWS Management Console.

For more information about managing passwords, see Managing passwords in the IAM User Guide.

", - "CreateOpenIDConnectProvider": "

Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between AWS and the OIDC provider.

If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to AWS and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.

When you create the IAM OIDC provider, you specify the following:

You get all of this information from the OIDC IdP that you want to use to access AWS.

The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.

", - "CreatePolicy": "

Creates a new managed policy for your AWS account.

This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

For more information about managed policies in general, see Managed policies and inline policies in the IAM User Guide.

", + "CreateLoginProfile": "

Creates a password for the specified IAM user. A password allows an IAM user to access Amazon Web Services services through the Management Console.

You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to create a password for any IAM user. Use ChangePassword to update your own existing password in the My Security Credentials page in the Management Console.

For more information about managing passwords, see Managing passwords in the IAM User Guide.

", + "CreateOpenIDConnectProvider": "

Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC).

The OIDC provider that you create with this operation can be used as a principal in a role's trust policy. Such a policy establishes a trust relationship between Amazon Web Services and the OIDC provider.

If you are using an OIDC identity provider from Google, Facebook, or Amazon Cognito, you don't need to create a separate IAM identity provider. These OIDC identity providers are already built-in to Amazon Web Services and are available for your use. Instead, you can move directly to creating new roles using your identity provider. To learn more, see Creating a role for web identity or OpenID connect federation in the IAM User Guide.

When you create the IAM OIDC provider, you specify the following:

You get all of this information from the OIDC IdP that you want to use to access Amazon Web Services.

The trust for the OIDC provider is derived from the IAM provider that this operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider operation to highly privileged users.

", + "CreatePolicy": "

Creates a new managed policy for your account.

This operation creates a policy version with a version identifier of v1 and sets v1 as the policy's default version. For more information about policy versions, see Versioning for managed policies in the IAM User Guide.

As a best practice, you can validate your IAM policies. To learn more, see Validating IAM policies in the IAM User Guide.

For more information about managed policies in general, see Managed policies and inline policies in the IAM User Guide.

", "CreatePolicyVersion": "

Creates a new version of the specified managed policy. To update a managed policy, you create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must delete an existing version using DeletePolicyVersion before you create a new version.

Optionally, you can set the new version as the policy's default version. The default version is the version that is in effect for the IAM users, groups, and roles to which the policy is attached.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

", - "CreateRole": "

Creates a new role for your AWS account. For more information about roles, see IAM roles. For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the IAM User Guide.

", - "CreateSAMLProvider": "

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API access to AWS.

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires Signature Version 4.

For more information, see Enabling SAML 2.0 federated users to access the AWS Management Console and About SAML 2.0-based federation in the IAM User Guide.

", - "CreateServiceLinkedRole": "

Creates an IAM role that is linked to a specific AWS service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your AWS resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see Using service-linked roles in the IAM User Guide.

To attach a policy to this service-linked role, you must make the request using the AWS service that depends on this role.

", - "CreateServiceSpecificCredential": "

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for AWS CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

For more information about service-specific credentials, see Using IAM with AWS CodeCommit: Git credentials, SSH keys, and AWS access keys in the IAM User Guide.

", - "CreateUser": "

Creates a new IAM user for your AWS account.

For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the IAM User Guide.

", - "CreateVirtualMFADevice": "

Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the IAM User Guide.

The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your AWS access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.

", + "CreateRole": "

Creates a new role for your account. For more information about roles, see IAM roles. For information about quotas for role names and the number of roles you can create, see IAM and STS quotas in the IAM User Guide.

", + "CreateSAMLProvider": "

Creates an IAM resource that describes an identity provider (IdP) that supports SAML 2.0.

The SAML provider resource that you create with this operation can be used as a principal in an IAM role's trust policy. Such a policy can enable federated users who sign in using the SAML IdP to assume the role. You can create an IAM role that supports Web-based single sign-on (SSO) to the Management Console or one that supports API access to Amazon Web Services.

When you create the SAML provider resource, you upload a SAML metadata document that you get from your IdP. That document includes the issuer's name, expiration information, and keys that can be used to validate the SAML authentication response (assertions) that the IdP sends. You must generate the metadata document using the identity management software that is used as your organization's IdP.

This operation requires Signature Version 4.

For more information, see Enabling SAML 2.0 federated users to access the Management Console and About SAML 2.0-based federation in the IAM User Guide.

", + "CreateServiceLinkedRole": "

Creates an IAM role that is linked to a specific Amazon Web Services service. The service controls the attached policies and when the role can be deleted. This helps ensure that the service is not broken by an unexpectedly changed or deleted role, which could put your Amazon Web Services resources into an unknown state. Allowing the service to control the role helps improve service stability and proper cleanup when a service and its role are no longer needed. For more information, see Using service-linked roles in the IAM User Guide.

To attach a policy to this service-linked role, you must make the request using the Amazon Web Services service that depends on this role.

", + "CreateServiceSpecificCredential": "

Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service.

You can have a maximum of two sets of service-specific credentials for each supported service per user.

You can create service-specific credentials for CodeCommit and Amazon Keyspaces (for Apache Cassandra).

You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential.

For more information about service-specific credentials, see Using IAM with CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys in the IAM User Guide.

", + "CreateUser": "

Creates a new IAM user for your account.

For information about quotas for the number of IAM users you can create, see IAM and STS quotas in the IAM User Guide.

", + "CreateVirtualMFADevice": "

Creates a new virtual MFA device for the account. After creating the virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

For information about the maximum number of MFA devices you can create, see IAM and STS quotas in the IAM User Guide.

The seed information contained in the QR code and the Base32 string should be treated like any other secret access information. In other words, protect the seed information as you would your Amazon Web Services access keys or your passwords. After you provision your virtual device, you should ensure that the information is destroyed following secure procedures.

", "DeactivateMFADevice": "

Deactivates the specified MFA device and removes it from association with the user name for which it was originally enabled.

For more information about creating and working with virtual MFA devices, see Enabling a virtual multi-factor authentication (MFA) device in the IAM User Guide.

", - "DeleteAccessKey": "

Deletes the access key pair associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

", - "DeleteAccountAlias": "

Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.

", - "DeleteAccountPasswordPolicy": "

Deletes the password policy for the AWS account. There are no parameters.

", + "DeleteAccessKey": "

Deletes the access key pair associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.

", + "DeleteAccountAlias": "

Deletes the specified account alias. For information about using an Amazon Web Services account alias, see Using an alias for your account ID in the IAM User Guide.

", + "DeleteAccountPasswordPolicy": "

Deletes the password policy for the account. There are no parameters.

", "DeleteGroup": "

Deletes the specified IAM group. The group must not contain any users or have any attached policies.

", "DeleteGroupPolicy": "

Deletes the specified inline policy that is embedded in the specified IAM group.

A group can also have managed policies attached to it. To detach a managed policy from a group, use DetachGroupPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

", "DeleteInstanceProfile": "

Deletes the specified instance profile. The instance profile must not have an associated role.

Make sure that you do not have any Amazon EC2 instances running with the instance profile you are about to delete. Deleting a role or instance profile that is associated with a running instance will break any applications running on the instance.

For more information about instance profiles, see About instance profiles.

", - "DeleteLoginProfile": "

Deletes the password for the specified IAM user, which terminates the user's ability to access AWS services through the AWS Management Console.

You can use the AWS CLI, the AWS API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the AWS Management Console.

Deleting a user's password does not prevent a user from accessing AWS through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

", + "DeleteLoginProfile": "

Deletes the password for the specified IAM user, which terminates the user's ability to access Amazon Web Services services through the Management Console.

You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to delete a password for any IAM user. You can use ChangePassword to update, but not delete, your own password in the My Security Credentials page in the Management Console.

Deleting a user's password does not prevent a user from accessing Amazon Web Services through the command line interface or the API. To prevent all user access, you must also either make any access keys inactive or delete them. For more information about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey.

", "DeleteOpenIDConnectProvider": "

Deletes an OpenID Connect identity provider (IdP) resource object in IAM.

Deleting an IAM OIDC provider resource does not update any roles that reference the provider as a principal in their trust policies. Any attempt to assume a role that references a deleted provider fails.

This operation is idempotent; it does not fail or return an error if you call the operation for a provider that does not exist.

", "DeletePolicy": "

Deletes the specified managed policy.

Before you can delete a managed policy, you must first detach the policy from all users, groups, and roles that it is attached to. In addition, you must delete all the policy's versions. The following steps describe the process for deleting a managed policy:

For information about managed policies, see Managed policies and inline policies in the IAM User Guide.

", "DeletePolicyVersion": "

Deletes the specified version from the specified managed policy.

You cannot delete the default version from a policy using this operation. To delete the default version from a policy, use DeletePolicy. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

For information about versions for managed policies, see Versioning for managed policies in the IAM User Guide.

", @@ -38,12 +38,12 @@ "DeleteRolePermissionsBoundary": "

Deletes the permissions boundary for the specified IAM role.

Deleting the permissions boundary for a role might increase its permissions. For example, it might allow anyone who assumes the role to perform all the actions granted in its permissions policies.

", "DeleteRolePolicy": "

Deletes the specified inline policy that is embedded in the specified IAM role.

A role can also have managed policies attached to it. To detach a managed policy from a role, use DetachRolePolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

", "DeleteSAMLProvider": "

Deletes a SAML provider resource in IAM.

Deleting the provider resource from IAM does not update any roles that reference the SAML provider resource's ARN as a principal in their trust policies. Any attempt to assume a role that references a non-existent provider resource ARN fails.

This operation requires Signature Version 4.

", - "DeleteSSHPublicKey": "

Deletes the specified SSH public key.

The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.

", - "DeleteServerCertificate": "

Deletes the specified server certificate.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.

If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.

", - "DeleteServiceLinkedRole": "

Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is returned.

If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the AWS documentation for your service.

For more information about service-linked roles, see Roles terms and concepts: AWS service-linked role in the IAM User Guide.

", + "DeleteSSHPublicKey": "

Deletes the specified SSH public key.

The SSH public key deleted by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

", + "DeleteServerCertificate": "

Deletes the specified server certificate.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

If you are using a server certificate with Elastic Load Balancing, deleting the certificate could have implications for your application. If Elastic Load Balancing doesn't detect the deletion of bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic Load Balancing before using this command to delete the certificate. For more information, see DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference.

", + "DeleteServiceLinkedRole": "

Submits a service-linked role deletion request and returns a DeletionTaskId, which you can use to check the status of the deletion. Before you call this operation, confirm that the role has no active sessions and that any resources used by the role in the linked service are deleted. If you call this operation more than once for the same service-linked role and an earlier deletion task is not complete, then the DeletionTaskId of the earlier request is returned.

If you submit a deletion request for a service-linked role whose linked service is still accessing a resource, then the deletion task fails. If it fails, the GetServiceLinkedRoleDeletionStatus operation returns the reason for the failure, usually including the resources that must be deleted. To delete the service-linked role, you must first remove those resources from the linked service and then submit the deletion request again. Resources are specific to the service that is linked to the role. For more information about removing resources from a service, see the Amazon Web Services documentation for your service.

For more information about service-linked roles, see Roles terms and concepts: Amazon Web Services service-linked role in the IAM User Guide.

", "DeleteServiceSpecificCredential": "

Deletes the specified service-specific credential.

", - "DeleteSigningCertificate": "

Deletes a signing certificate associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated IAM users.

", - "DeleteUser": "

Deletes the specified IAM user. Unlike the AWS Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:

", + "DeleteSigningCertificate": "

Deletes a signing certificate associated with the specified IAM user.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated IAM users.

", + "DeleteUser": "

Deletes the specified IAM user. Unlike the Management Console, when you delete a user programmatically, you must delete the items attached to the user manually, or the deletion fails. For more information, see Deleting an IAM user. Before attempting to delete a user, remove the following items:

", "DeleteUserPermissionsBoundary": "

Deletes the permissions boundary for the specified IAM user.

Deleting the permissions boundary for a user might increase its permissions by allowing the user to perform all the actions granted in its permissions policies.

", "DeleteUserPolicy": "

Deletes the specified inline policy that is embedded in the specified IAM user.

A user can also have managed policies attached to it. To detach a managed policy from a user, use DetachUserPolicy. For more information about policies, refer to Managed policies and inline policies in the IAM User Guide.

", "DeleteVirtualMFADevice": "

Deletes a virtual MFA device.

You must deactivate a user's virtual MFA device before you can delete it. For information about deactivating MFA devices, see DeactivateMFADevice.

", @@ -51,36 +51,36 @@ "DetachRolePolicy": "

Removes the specified managed policy from the specified role.

A role can also have inline policies embedded with it. To delete an inline policy, use DeleteRolePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

", "DetachUserPolicy": "

Removes the specified managed policy from the specified user.

A user can also have inline policies embedded with it. To delete an inline policy, use DeleteUserPolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

", "EnableMFADevice": "

Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device.

", - "GenerateCredentialReport": "

Generates a credential report for the AWS account. For more information about the credential report, see Getting credential reports in the IAM User Guide.

", - "GenerateOrganizationsAccessReport": "

Generates a report for service last accessed data for AWS Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.

To call this operation, you must be signed in using your AWS Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and AWS Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.

You can generate a service last accessed data report for a policy by specifying an entity's path and an optional AWS Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.

For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.

The data includes all attempts to access AWS, not just the successful ones. This includes all attempts that were made using the AWS Management Console, the AWS API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.

To generate a service last accessed data report for entities, specify an entity path without specifying the optional AWS Organizations policy ID. The type of entity that you specify determines the data returned in the report.

To generate a service last accessed data report for policies, specify an entity path and the optional AWS Organizations policy ID. The type of entity that you specify determines the data returned for each service.

Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

", - "GenerateServiceLastAccessedDetails": "

Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access AWS services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked.

The service last accessed data includes all attempts to access an AWS API, not just the successful ones. This includes all attempts that were made using the AWS Management Console, the AWS API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:

To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.

For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.

Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.

", - "GetAccessKeyLastUsed": "

Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the AWS service and Region that were specified in the last request made with that key.

", - "GetAccountAuthorizationDetails": "

Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

", - "GetAccountPasswordPolicy": "

Retrieves the password policy for the AWS account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy.

", - "GetAccountSummary": "

Retrieves information about IAM entity usage and IAM quotas in the AWS account.

For information about IAM quotas, see IAM and STS quotas in the IAM User Guide.

", - "GetContextKeysForCustomPolicy": "

Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.

", - "GetContextKeysForPrincipalPolicy": "

Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.

You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead.

Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.

Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

", - "GetCredentialReport": "

Retrieves a credential report for the AWS account. For more information about the credential report, see Getting credential reports in the IAM User Guide.

", + "GenerateCredentialReport": "

Generates a credential report for the account. For more information about the credential report, see Getting credential reports in the IAM User Guide.

", + "GenerateOrganizationsAccessReport": "

Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.

To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.

You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.

For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.

The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.

To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.

To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.

Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.

", + "GenerateServiceLastAccessedDetails": "

Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked.

The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.

The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:

To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.

For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.

Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.

", + "GetAccessKeyLastUsed": "

Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the Amazon Web Services service and Region that were specified in the last request made with that key.

", + "GetAccountAuthorizationDetails": "

Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.

", + "GetAccountPasswordPolicy": "

Retrieves the password policy for the account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy.

", + "GetAccountSummary": "

Retrieves information about IAM entity usage and IAM quotas in the Amazon Web Services account.

For information about IAM quotas, see IAM and STS quotas in the IAM User Guide.

", + "GetContextKeysForCustomPolicy": "

Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy to understand what key names and values you must supply when you call SimulateCustomPolicy. Note that all parameters are shown in unencoded form here for clarity but must be URL encoded to be included as a part of a real HTML request.

", + "GetContextKeysForPrincipalPolicy": "

Gets a list of all of the context keys referenced in all the IAM policies that are attached to the specified IAM entity. The entity can be an IAM user, group, or role. If you specify a user, then the request also includes all of the policies attached to groups that the user is a member of.

You can optionally include a list of one or more additional policies, specified as strings. If you want to include only a list of policies by string, use GetContextKeysForCustomPolicy instead.

Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use GetContextKeysForCustomPolicy instead.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. Context keys can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy to understand what key names and values you must supply when you call SimulatePrincipalPolicy.

", + "GetCredentialReport": "

Retrieves a credential report for the account. For more information about the credential report, see Getting credential reports in the IAM User Guide.

", "GetGroup": "

Returns a list of IAM users that are in the specified IAM group. You can paginate the results using the MaxItems and Marker parameters.

", "GetGroupPolicy": "

Retrieves the specified inline policy document that is embedded in the specified IAM group.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM group can also have managed policies attached to it. To retrieve a managed policy document that is attached to a group, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

", "GetInstanceProfile": "

Retrieves information about the specified instance profile, including the instance profile's path, GUID, ARN, and role. For more information about instance profiles, see About instance profiles in the IAM User Guide.

", - "GetLoginProfile": "

Retrieves the user name and password creation date for the specified IAM user. If the user has not been assigned a password, the operation returns a 404 (NoSuchEntity) error.

", + "GetLoginProfile": "

Retrieves the user name for the specified IAM user. A login profile is created when you create a password for the user to access the Management Console. If the user does not exist or does not have a password, the operation returns a 404 (NoSuchEntity) error.

If you create an IAM user with access to the console, the CreateDate reflects the date you created the initial password for the user.

If you create an IAM user with programmatic access, and then later add a password for the user to access the Management Console, the CreateDate reflects the initial password creation date. A user with programmatic access does not have a login profile unless you create a password for the user to access the Management Console.

", "GetOpenIDConnectProvider": "

Returns information about the specified OpenID Connect (OIDC) provider resource object in IAM.

", - "GetOrganizationsAccessReport": "

Retrieves the service last accessed data report for AWS Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.

Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.

To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

For each service that principals in an account (root users, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.

By default, the list is sorted by service namespace.

", + "GetOrganizationsAccessReport": "

Retrieves the service last accessed data report for Organizations that was previously generated using the GenerateOrganizationsAccessReport operation. This operation retrieves the status of your report job and the report contents.

Depending on the parameters that you passed when you generated the report, the data returned could include different information. For details, see GenerateOrganizationsAccessReport.

To call this operation, you must be signed in to the management account in your organization. SCPs must be enabled for your organization root. You must have permissions to perform this operation. For more information, see Refining permissions using service last accessed data in the IAM User Guide.

For each service that principals in an account (root users, IAM users, or IAM roles) could access using SCPs, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, it returns the reason that it failed.

By default, the list is sorted by service namespace.

", "GetPolicy": "

Retrieves information about the specified managed policy, including the policy's default version and the total number of IAM users, groups, and roles to which the policy is attached. To retrieve the list of the specific users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy. This operation returns metadata about the policy. To retrieve the actual policy document for a specific version of the policy, use GetPolicyVersion.

This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded with an IAM user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

", "GetPolicyVersion": "

Retrieves information about the specified version of the specified managed policy, including the policy document.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

To list the available versions for a policy, use ListPolicyVersions.

This operation retrieves information about managed policies. To retrieve information about an inline policy that is embedded in a user, group, or role, use GetUserPolicy, GetGroupPolicy, or GetRolePolicy.

For more information about the types of policies, see Managed policies and inline policies in the IAM User Guide.

For more information about managed policy versions, see Versioning for managed policies in the IAM User Guide.

", "GetRole": "

Retrieves information about the specified role, including the role's path, GUID, ARN, and the role's trust policy that grants permission to assume the role. For more information about roles, see Working with roles.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

", "GetRolePolicy": "

Retrieves the specified inline policy document that is embedded with the specified IAM role.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

For more information about roles, see Using roles to delegate permissions and federate identities.

", "GetSAMLProvider": "

Returns the SAML provider metadocument that was uploaded when the IAM SAML provider resource object was created or updated.

This operation requires Signature Version 4.

", - "GetSSHPublicKey": "

Retrieves the specified SSH public key, including metadata about the key.

The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.

", - "GetServerCertificate": "

Retrieves information about the specified server certificate stored in IAM.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of AWS services that can use the server certificates that you manage with IAM.

", - "GetServiceLastAccessedDetails": "

Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails operation. You can use the JobId parameter in GetServiceLastAccessedDetails to retrieve the status of your report job. When the report is complete, you can retrieve the generated report. The report includes a list of AWS services that the resource (user, group, role, or managed policy) can access.

Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For each service that the resource could access using permissions policies, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails operation returns the reason that it failed.

The GetServiceLastAccessedDetails operation returns a list of services. This list includes the number of entities that have attempted to access the service and the date and time of the last attempt. It also returns the ARN of the following entity, depending on the resource ARN that you used to generate the report:

By default, the list is sorted by service namespace.

If you specified ACTION_LEVEL granularity when you generated the report, this operation returns service and action last accessed data. This includes the most recent access attempt for each tracked action within a service. Otherwise, this operation returns only service data.

For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.

", + "GetSSHPublicKey": "

Retrieves the specified SSH public key, including metadata about the key.

The SSH public key retrieved by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

", + "GetServerCertificate": "

Retrieves information about the specified server certificate stored in IAM.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

", + "GetServiceLastAccessedDetails": "

Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails operation. You can use the JobId parameter in GetServiceLastAccessedDetails to retrieve the status of your report job. When the report is complete, you can retrieve the generated report. The report includes a list of Amazon Web Services services that the resource (user, group, role, or managed policy) can access.

Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

For each service that the resource could access using permissions policies, the operation returns details about the most recent access attempt. If there was no attempt, the service is listed without details about the most recent attempt to access the service. If the operation fails, the GetServiceLastAccessedDetails operation returns the reason that it failed.

The GetServiceLastAccessedDetails operation returns a list of services. This list includes the number of entities that have attempted to access the service and the date and time of the last attempt. It also returns the ARN of the following entity, depending on the resource ARN that you used to generate the report:

By default, the list is sorted by service namespace.

If you specified ACTION_LEVEL granularity when you generated the report, this operation returns service and action last accessed data. This includes the most recent access attempt for each tracked action within a service. Otherwise, this operation returns only service data.

For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.

", "GetServiceLastAccessedDetailsWithEntities": "

After you generate a group or policy report using the GenerateServiceLastAccessedDetails operation, you can use the JobId parameter in GetServiceLastAccessedDetailsWithEntities. This operation retrieves the status of your report job and a list of entities that could have used group or policy permissions to access the specified service.

You can also use this operation for user or role reports to retrieve details about those entities.

If the operation fails, the GetServiceLastAccessedDetailsWithEntities operation returns the reason that it failed.

By default, the list of associated entities is sorted by date, with the most recent access listed first.

", "GetServiceLinkedRoleDeletionStatus": "

Retrieves the status of your service-linked role deletion. After you use DeleteServiceLinkedRole to submit a service-linked role for deletion, you can use the DeletionTaskId parameter in GetServiceLinkedRoleDeletionStatus to check the status of the deletion. If the deletion fails, this operation returns the reason that it failed, if that information is returned by the service.

", - "GetUser": "

Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.

If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID used to sign the request to this operation.

", + "GetUser": "

Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN.

If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID used to sign the request to this operation.

", "GetUserPolicy": "

Retrieves the specified inline policy document that is embedded in the specified IAM user.

Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM user can also have managed policies attached to it. To retrieve a managed policy document that is attached to a user, use GetPolicy to determine the policy's default version. Then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed policies and inline policies in the IAM User Guide.

", - "ListAccessKeys": "

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

To ensure the security of your AWS account, the secret access key is accessible only during key and user creation.

", - "ListAccountAliases": "

Lists the account alias associated with the AWS account (Note: you can have only one). For information about using an AWS account alias, see Using an alias for your AWS account ID in the IAM User Guide.

", + "ListAccessKeys": "

Returns information about the access key IDs associated with the specified IAM user. If there is none, the operation returns an empty list.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.

To ensure the security of your account, the secret access key is accessible only during key and user creation.

", + "ListAccountAliases": "

Lists the account alias associated with the account (Note: you can have only one). For information about using an account alias, see Using an alias for your account ID in the IAM User Guide.

", "ListAttachedGroupPolicies": "

Lists all managed policies that are attached to the specified IAM group.

An IAM group can also have inline policies embedded with it. To list the inline policies for a group, use ListGroupPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

", "ListAttachedRolePolicies": "

Lists all managed policies that are attached to the specified IAM role.

An IAM role can also have inline policies embedded with it. To list the inline policies for a role, use ListRolePolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified role (or none that match the specified path prefix), the operation returns an empty list.

", "ListAttachedUserPolicies": "

Lists all managed policies that are attached to the specified IAM user.

An IAM user can also have inline policies embedded with it. To list the inline policies for a user, use ListUserPolicies. For information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. You can use the PathPrefix parameter to limit the list of policies to only those matching the specified path prefix. If there are no policies attached to the specified group (or none that match the specified path prefix), the operation returns an empty list.

", @@ -92,11 +92,11 @@ "ListInstanceProfiles": "

Lists the instance profiles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about instance profiles, see About instance profiles.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an instance profile, see GetInstanceProfile.

You can paginate the results using the MaxItems and Marker parameters.

", "ListInstanceProfilesForRole": "

Lists the instance profiles that have the specified associated IAM role. If there are none, the operation returns an empty list. For more information about instance profiles, go to About instance profiles.

You can paginate the results using the MaxItems and Marker parameters.

", "ListMFADeviceTags": "

Lists the tags that are attached to the specified IAM virtual multi-factor authentication (MFA) device. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", - "ListMFADevices": "

Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key ID signing the request for this operation.

You can paginate the results using the MaxItems and Marker parameters.

", + "ListMFADevices": "

Lists the MFA devices for an IAM user. If the request includes a IAM user name, then this operation lists all the MFA devices associated with the specified user. If you do not specify a user name, IAM determines the user name implicitly based on the Amazon Web Services access key ID signing the request for this operation.

You can paginate the results using the MaxItems and Marker parameters.

", "ListOpenIDConnectProviderTags": "

Lists the tags that are attached to the specified OpenID Connect (OIDC)-compatible identity provider. The returned list of tags is sorted by tag key. For more information, see About web identity federation.

For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", - "ListOpenIDConnectProviders": "

Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the AWS account.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see GetOpenIDConnectProvider.

", - "ListPolicies": "

Lists all the managed policies that are available in your AWS account, including your own customer-defined managed policies and all AWS managed policies.

You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your AWS account, set Scope to Local. To list only AWS managed policies, set Scope to AWS.

You can paginate the results using the MaxItems and Marker parameters.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see GetPolicy.

", - "ListPoliciesGrantingServiceAccess": "

Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service.

This operation does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, AWS Organizations policies, IAM permissions boundaries, and AWS STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

The list of policies returned by the operation depends on the ARN of the identity that you provide.

For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed policy is currently used to set the permissions boundary for a user or role, use the GetUser or GetRole operations.

", + "ListOpenIDConnectProviders": "

Lists information about the IAM OpenID Connect (OIDC) provider resource objects defined in the account.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for an OIDC provider, see GetOpenIDConnectProvider.

", + "ListPolicies": "

Lists all the managed policies that are available in your account, including your own customer-defined managed policies and all Amazon Web Services managed policies.

You can filter the list of policies that is returned using the optional OnlyAttached, Scope, and PathPrefix parameters. For example, to list only the customer managed policies in your Amazon Web Services account, set Scope to Local. To list only Amazon Web Services managed policies, set Scope to AWS.

You can paginate the results using the MaxItems and Marker parameters.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a customer manged policy, see GetPolicy.

", + "ListPoliciesGrantingServiceAccess": "

Retrieves a list of policies that the IAM identity (user, group, or role) can use to access each specified service.

This operation does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.

The list of policies returned by the operation depends on the ARN of the identity that you provide.

For each managed policy, this operation returns the ARN and policy name. For each inline policy, it returns the policy name and the entity to which it is attached. Inline policies do not have an ARN. For more information about these policy types, see Managed policies and inline policies in the IAM User Guide.

Policies that are attached to users and roles as permissions boundaries are not returned. To view which managed policy is currently used to set the permissions boundary for a user or role, use the GetUser or GetRole operations.

", "ListPolicyTags": "

Lists the tags that are attached to the specified IAM customer managed policy. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "ListPolicyVersions": "

Lists information about the versions of the specified managed policy, including the version that is currently set as the policy's default version.

For more information about managed policies, see Managed policies and inline policies in the IAM User Guide.

", "ListRolePolicies": "

Lists the names of the inline policies that are embedded in the specified IAM role.

An IAM role can also have managed policies attached to it. To list the managed policies that are attached to a role, use ListAttachedRolePolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified role, the operation returns an empty list.

", @@ -104,62 +104,62 @@ "ListRoles": "

Lists the IAM roles that have the specified path prefix. If there are none, the operation returns an empty list. For more information about roles, see Working with roles.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a role, see GetRole.

You can paginate the results using the MaxItems and Marker parameters.

", "ListSAMLProviderTags": "

Lists the tags that are attached to the specified Security Assertion Markup Language (SAML) identity provider. The returned list of tags is sorted by tag key. For more information, see About SAML 2.0-based federation.

For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "ListSAMLProviders": "

Lists the SAML provider resource objects defined in IAM in the account. IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a SAML provider, see GetSAMLProvider.

This operation requires Signature Version 4.

", - "ListSSHPublicKeys": "

Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.

The SSH public keys returned by this operation are used only for authenticating the IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

", - "ListServerCertificateTags": "

Lists the tags that are attached to the specified IAM server certificate. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

", - "ListServerCertificates": "

Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see GetServerCertificate.

", - "ListServiceSpecificCredentials": "

Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an AWS service, see Set up service-specific credentials in the AWS CodeCommit User Guide.

", - "ListSigningCertificates": "

Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request for this operation. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

", + "ListSSHPublicKeys": "

Returns information about the SSH public keys associated with the specified IAM user. If none exists, the operation returns an empty list.

The SSH public keys returned by this operation are used only for authenticating the IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

Although each user is limited to a small number of keys, you can still paginate the results using the MaxItems and Marker parameters.

", + "ListServerCertificateTags": "

Lists the tags that are attached to the specified IAM server certificate. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

", + "ListServerCertificates": "

Lists the server certificates stored in IAM that have the specified path prefix. If none exist, the operation returns an empty list.

You can paginate the results using the MaxItems and Marker parameters.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a servercertificate, see GetServerCertificate.

", + "ListServiceSpecificCredentials": "

Returns information about the service-specific credentials associated with the specified IAM user. If none exists, the operation returns an empty list. The service-specific credentials returned by this operation are used only for authenticating the IAM user to a specific service. For more information about using service-specific credentials to authenticate to an Amazon Web Services service, see Set up service-specific credentials in the CodeCommit User Guide.

", + "ListSigningCertificates": "

Returns information about the signing certificates associated with the specified IAM user. If none exists, the operation returns an empty list.

Although each user is limited to a small number of signing certificates, you can still paginate the results using the MaxItems and Marker parameters.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request for this operation. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.

", "ListUserPolicies": "

Lists the names of the inline policies embedded in the specified IAM user.

An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.

You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the operation returns an empty list.

", "ListUserTags": "

Lists the tags that are attached to the specified IAM user. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", - "ListUsers": "

Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the AWS account. If there are none, the operation returns an empty list.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.

You can paginate the results using the MaxItems and Marker parameters.

", - "ListVirtualMFADevices": "

Lists the virtual MFA devices defined in the AWS account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a virtual MFA device, see ListVirtualMFADevices.

You can paginate the results using the MaxItems and Marker parameters.

", + "ListUsers": "

Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the account. If there are none, the operation returns an empty list.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.

You can paginate the results using the MaxItems and Marker parameters.

", + "ListVirtualMFADevices": "

Lists the virtual MFA devices defined in the account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.

IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a virtual MFA device, see ListVirtualMFADevices.

You can paginate the results using the MaxItems and Marker parameters.

", "PutGroupPolicy": "

Adds or updates an inline policy document that is embedded in the specified IAM group.

A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

For information about the maximum number of inline policies that you can embed in a group, see IAM and STS quotas in the IAM User Guide.

Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

", - "PutRolePermissionsBoundary": "

Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an AWS managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the role.

You cannot set the boundary for a service-linked role.

Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.

", + "PutRolePermissionsBoundary": "

Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the role.

You cannot set the boundary for a service-linked role.

Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.

", "PutRolePolicy": "

Adds or updates an inline policy document that is embedded in the specified IAM role.

When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. For more information about IAM roles, see Using roles to delegate permissions and federate identities.

A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

For information about the maximum number of inline policies that you can embed with a role, see IAM and STS quotas in the IAM User Guide.

Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

", - "PutUserPermissionsBoundary": "

Adds or updates the policy that is specified as the IAM user's permissions boundary. You can use an AWS managed policy or a customer managed policy to set the boundary for a user. Use the boundary to control the maximum permissions that the user can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the user.

Policies that are used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the user. To learn how the effective permissions for a user are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.

", + "PutUserPermissionsBoundary": "

Adds or updates the policy that is specified as the IAM user's permissions boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for a user. Use the boundary to control the maximum permissions that the user can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the user.

Policies that are used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the user. To learn how the effective permissions for a user are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.

", "PutUserPolicy": "

Adds or updates an inline policy document that is embedded in the specified IAM user.

An IAM user can also have a managed policy attached to it. To attach a managed policy to a user, use AttachUserPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.

For information about the maximum number of inline policies that you can embed in a user, see IAM and STS quotas in the IAM User Guide.

Because policy documents can be large, you should use POST rather than GET when calling PutUserPolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

", "RemoveClientIDFromOpenIDConnectProvider": "

Removes the specified client ID (also known as audience) from the list of client IDs registered for the specified IAM OpenID Connect (OIDC) provider resource object.

This operation is idempotent; it does not fail or return an error if you try to remove a client ID that does not exist.

", "RemoveRoleFromInstanceProfile": "

Removes the specified IAM role from the specified EC2 instance profile.

Make sure that you do not have any Amazon EC2 instances running with the role you are about to remove from the instance profile. Removing a role from an instance profile that is associated with a running instance might break any applications running on the instance.

For more information about IAM roles, see Working with roles. For more information about instance profiles, see About instance profiles.

", "RemoveUserFromGroup": "

Removes the specified user from the specified group.

", - "ResetServiceSpecificCredential": "

Resets the password for a service-specific credential. The new password is AWS generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user.

", - "ResyncMFADevice": "

Synchronizes the specified MFA device with its IAM resource object on the AWS servers.

For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

", + "ResetServiceSpecificCredential": "

Resets the password for a service-specific credential. The new password is Amazon Web Services generated and cryptographically strong. It cannot be configured by the user. Resetting the password immediately invalidates the previous password associated with this user.

", + "ResyncMFADevice": "

Synchronizes the specified MFA device with its IAM resource object on the Amazon Web Services servers.

For more information about creating and working with virtual MFA devices, see Using a virtual MFA device in the IAM User Guide.

", "SetDefaultPolicyVersion": "

Sets the specified version of the specified policy as the policy's default (operative) version.

This operation affects all users, groups, and roles that the policy is attached to. To list the users, groups, and roles that the policy is attached to, use ListEntitiesForPolicy.

For information about managed policies, see Managed policies and inline policies in the IAM User Guide.

", - "SetSecurityTokenServicePreferences": "

Sets the specified version of the global endpoint token as the token version used for the AWS account.

By default, AWS Security Token Service (STS) is available as a global service, and all STS requests go to a single endpoint at https://sts.amazonaws.com. AWS recommends using Regional STS endpoints to reduce latency, build in redundancy, and increase session token availability. For information about Regional endpoints for STS, see AWS AWS Security Token Service endpoints and quotas in the AWS General Reference.

If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in AWS Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an AWS region in the IAM User Guide.

To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.

", - "SimulateCustomPolicy": "

Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and AWS resources to determine the policies' effective permissions. The policies are provided as strings.

The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations. You can simulate resources that don't exist in your account.

If you want to simulate existing policies that are attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

Context keys are variables that are maintained by AWS and its services and which provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.

If the output is long, you can use MaxItems and Marker parameters to paginate the results.

For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

", - "SimulatePrincipalPolicy": "

Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and AWS resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.

You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.

You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation.

The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.

Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.

Context keys are variables maintained by AWS and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.

If the output is long, you can use the MaxItems and Marker parameters to paginate the results.

For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

", - "TagInstanceProfile": "

Adds one or more tags to an IAM instance profile. If a tag with the same key name already exists, then that tag is overwritten with the new value.

Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", - "TagMFADevice": "

Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", - "TagOpenIDConnectProvider": "

Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these providers, see About web identity federation. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", - "TagPolicy": "

Adds one or more tags to an IAM customer managed policy. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", - "TagRole": "

Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

For more information about tagging, see Tagging IAM identities in the IAM User Guide.

", - "TagSAMLProvider": "

Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider. For more information about these providers, see About SAML 2.0-based federation . If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", - "TagServerCertificate": "

Adds one or more tags to an IAM server certificate. If a tag with the same key name already exists, then that tag is overwritten with the new value.

For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", - "TagUser": "

Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

For more information about tagging, see Tagging IAM identities in the IAM User Guide.

", + "SetSecurityTokenServicePreferences": "

Sets the specified version of the global endpoint token as the token version used for the account.

By default, Security Token Service (STS) is available as a global service, and all STS requests go to a single endpoint at https://sts.amazonaws.com. Amazon Web Services recommends using Regional STS endpoints to reduce latency, build in redundancy, and increase session token availability. For information about Regional endpoints for STS, see Security Token Service endpoints and quotas in the Amazon Web Services General Reference.

If you make an STS call to the global endpoint, the resulting session tokens might be valid in some Regions but not others. It depends on the version that is set in this operation. Version 1 tokens are valid only in Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens. For information, see Activating and deactivating STS in an Region in the IAM User Guide.

To view the current session token version, see the GlobalEndpointTokenVersion entry in the response of the GetAccountSummary operation.

", + "SimulateCustomPolicy": "

Simulate how a set of IAM policies and optionally a resource-based policy works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The policies are provided as strings.

The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations. You can simulate resources that don't exist in your account.

If you want to simulate existing policies that are attached to an IAM user, group, or role, use SimulatePrincipalPolicy instead.

Context keys are variables that are maintained by Amazon Web Services and its services and which provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy.

If the output is long, you can use MaxItems and Marker parameters to paginate the results.

For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

", + "SimulatePrincipalPolicy": "

Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to. You can simulate resources that don't exist in your account.

You can optionally include a list of one or more additional policies specified as strings to include in the simulation. If you want to simulate only policies specified as strings, use SimulateCustomPolicy instead.

You can also optionally include one resource-based policy to be evaluated with each of the resources included in the simulation.

The simulation does not perform the API operations; it only checks the authorization to determine if the simulated policies allow or deny the operations.

Note: This operation discloses information about the permissions granted to other users. If you do not want users to see other user's permissions, then consider allowing them to use SimulateCustomPolicy instead.

Context keys are variables maintained by Amazon Web Services and its services that provide details about the context of an API query request. You can use the Condition element of an IAM policy to evaluate context keys. To get the list of context keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy.

If the output is long, you can use the MaxItems and Marker parameters to paginate the results.

For more information about using the policy simulator, see Testing IAM policies with the IAM policy simulator in the IAM User Guide.

", + "TagInstanceProfile": "

Adds one or more tags to an IAM instance profile. If a tag with the same key name already exists, then that tag is overwritten with the new value.

Each tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", + "TagMFADevice": "

Adds one or more tags to an IAM virtual multi-factor authentication (MFA) device. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", + "TagOpenIDConnectProvider": "

Adds one or more tags to an OpenID Connect (OIDC)-compatible identity provider. For more information about these providers, see About web identity federation. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", + "TagPolicy": "

Adds one or more tags to an IAM customer managed policy. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", + "TagRole": "

Adds one or more tags to an IAM role. The role can be a regular role or a service-linked role. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

For more information about tagging, see Tagging IAM identities in the IAM User Guide.

", + "TagSAMLProvider": "

Adds one or more tags to a Security Assertion Markup Language (SAML) identity provider. For more information about these providers, see About SAML 2.0-based federation . If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", + "TagServerCertificate": "

Adds one or more tags to an IAM server certificate. If a tag with the same key name already exists, then that tag is overwritten with the new value.

For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

", + "TagUser": "

Adds one or more tags to an IAM user. If a tag with the same key name already exists, then that tag is overwritten with the new value.

A tag consists of a key name and an associated value. By assigning tags to your resources, you can do the following:

For more information about tagging, see Tagging IAM identities in the IAM User Guide.

", "UntagInstanceProfile": "

Removes the specified tags from the IAM instance profile. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "UntagMFADevice": "

Removes the specified tags from the IAM virtual multi-factor authentication (MFA) device. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "UntagOpenIDConnectProvider": "

Removes the specified tags from the specified OpenID Connect (OIDC)-compatible identity provider in IAM. For more information about OIDC providers, see About web identity federation. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "UntagPolicy": "

Removes the specified tags from the customer managed policy. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "UntagRole": "

Removes the specified tags from the role. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", "UntagSAMLProvider": "

Removes the specified tags from the specified Security Assertion Markup Language (SAML) identity provider in IAM. For more information about these providers, see About web identity federation. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", - "UntagServerCertificate": "

Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

For certificates in a Region supported by AWS Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

", + "UntagServerCertificate": "

Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.

", "UntagUser": "

Removes the specified tags from the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.

", - "UpdateAccessKey": "

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

If the UserName is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

", - "UpdateAccountPasswordPolicy": "

Updates the password policy settings for the AWS account.

For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.

", + "UpdateAccessKey": "

Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.

If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.

For information about rotating keys, see Managing keys and certificates in the IAM User Guide.

", + "UpdateAccountPasswordPolicy": "

Updates the password policy settings for the account.

For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.

", "UpdateAssumeRolePolicy": "

Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the \"role trust policy\". For more information about roles, see Using roles to delegate permissions and federate identities.

", "UpdateGroup": "

Updates the name and/or the path of the specified IAM group.

You should understand the implications of changing a group's path or name. For more information, see Renaming users and groups in the IAM User Guide.

The person making the request (the principal), must have permission to change the role group with the old name and the new name. For example, to change the group named Managers to MGRs, the principal must have a policy that allows them to update both groups. If the principal has permission to update the Managers group, but not the MGRs group, then the update fails. For more information about permissions, see Access management.

", - "UpdateLoginProfile": "

Changes the password for the specified IAM user. You can use the AWS CLI, the AWS API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the AWS Management Console.

For more information about modifying passwords, see Managing passwords in the IAM User Guide.

", + "UpdateLoginProfile": "

Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Management Console.

For more information about modifying passwords, see Managing passwords in the IAM User Guide.

", "UpdateOpenIDConnectProviderThumbprint": "

Replaces the existing list of server certificate thumbprints associated with an OpenID Connect (OIDC) provider resource object with a new list of thumbprints.

The list that you pass with this operation completely replaces the existing list of thumbprints. (The lists are not merged.)

Typically, you need to update a thumbprint only when the identity provider's certificate changes, which occurs rarely. However, if the provider's certificate does change, any attempt to assume an IAM role that specifies the OIDC provider as a principal fails until the certificate thumbprint is updated.

Trust for the OIDC provider is derived from the provider's certificate and is validated by the thumbprint. Therefore, it is best to limit access to the UpdateOpenIDConnectProviderThumbprint operation to highly privileged users.

", "UpdateRole": "

Updates the description or maximum session duration setting of a role.

", "UpdateRoleDescription": "

Use UpdateRole instead.

Modifies only the description of a role. This operation performs the same function as the Description parameter in the UpdateRole operation.

", "UpdateSAMLProvider": "

Updates the metadata document for an existing SAML provider resource object.

This operation requires Signature Version 4.

", - "UpdateSSHPublicKey": "

Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.

The SSH public key affected by this operation is used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.

", - "UpdateServerCertificate": "

Updates the name and/or the path of the specified server certificate stored in IAM.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of AWS services that can use the server certificates that you manage with IAM.

You should understand the implications of changing a server certificate's path or name. For more information, see Renaming a server certificate in the IAM User Guide.

The person making the request (the principal), must have permission to change the server certificate with the old name and the new name. For example, to change the certificate named ProductionCert to ProdCert, the principal must have a policy that allows them to update both certificates. If the principal has permission to update the ProductionCert group, but not the ProdCert certificate, then the update fails. For more information about permissions, see Access management in the IAM User Guide.

", + "UpdateSSHPublicKey": "

Sets the status of an IAM user's SSH public key to active or inactive. SSH public keys that are inactive cannot be used for authentication. This operation can be used to disable a user's SSH public key as part of a key rotation work flow.

The SSH public key affected by this operation is used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

", + "UpdateServerCertificate": "

Updates the name and/or the path of the specified server certificate stored in IAM.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic also includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

You should understand the implications of changing a server certificate's path or name. For more information, see Renaming a server certificate in the IAM User Guide.

The person making the request (the principal), must have permission to change the server certificate with the old name and the new name. For example, to change the certificate named ProductionCert to ProdCert, the principal must have a policy that allows them to update both certificates. If the principal has permission to update the ProductionCert group, but not the ProdCert certificate, then the update fails. For more information about permissions, see Access management in the IAM User Guide.

", "UpdateServiceSpecificCredential": "

Sets the status of a service-specific credential to Active or Inactive. Service-specific credentials that are inactive cannot be used for authentication to the service. This operation can be used to disable a user's service-specific credential as part of a credential rotation work flow.

", - "UpdateSigningCertificate": "

Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.

If the UserName field is not specified, the user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

", + "UpdateSigningCertificate": "

Changes the status of the specified user signing certificate from active to disabled, or vice versa. This operation can be used to disable an IAM user's signing certificate as part of a certificate rotation work flow.

If the UserName field is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.

", "UpdateUser": "

Updates the name and/or the path of the specified IAM user.

You should understand the implications of changing an IAM user's path or name. For more information, see Renaming an IAM user and Renaming an IAM group in the IAM User Guide.

To change a user name, the requester must have appropriate permissions on both the source object and the target object. For example, to change Bob to Robert, the entity making the request must have permission on Bob and Robert, or must have permission on all (*). For more information about permissions, see Permissions and policies.

", - "UploadSSHPublicKey": "

Uploads an SSH public key and associates it with the specified IAM user.

The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an AWS CodeCommit repository. For more information about using SSH keys to authenticate to an AWS CodeCommit repository, see Set up AWS CodeCommit for SSH connections in the AWS CodeCommit User Guide.

", - "UploadServerCertificate": "

Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

We recommend that you use AWS Certificate Manager to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to AWS resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the AWS Certificate Manager User Guide.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of AWS services that can use the server certificates that you manage with IAM.

For information about the number of server certificates you can upload, see IAM and STS quotas in the IAM User Guide.

Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, see Signing AWS API requests in the AWS General Reference. For general information about using the Query API with IAM, see Calling the API by making HTTP query requests in the IAM User Guide.

", - "UploadSigningCertificate": "

Uploads an X.509 signing certificate and associates it with the specified IAM user. Some AWS services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

For information about when you would use an X.509 signing certificate, see Managing server certificates in IAM in the IAM User Guide.

If the UserName is not specified, the IAM user name is determined implicitly based on the AWS access key ID used to sign the request. This operation works for access keys under the AWS account. Consequently, you can use this operation to manage AWS account root user credentials even if the AWS account has no associated users.

Because the body of an X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, see Signing AWS API requests in the AWS General Reference. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

" + "UploadSSHPublicKey": "

Uploads an SSH public key and associates it with the specified IAM user.

The SSH public key uploaded by this operation can be used only for authenticating the associated IAM user to an CodeCommit repository. For more information about using SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit for SSH connections in the CodeCommit User Guide.

", + "UploadServerCertificate": "

Uploads a server certificate entity for the account. The server certificate entity includes a public key certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.

We recommend that you use Certificate Manager to provision, manage, and deploy your server certificates. With ACM you can request a certificate, deploy it to Amazon Web Services resources, and let ACM handle certificate renewals for you. Certificates provided by ACM are free. For more information about using ACM, see the Certificate Manager User Guide.

For more information about working with server certificates, see Working with server certificates in the IAM User Guide. This topic includes a list of Amazon Web Services services that can use the server certificates that you manage with IAM.

For information about the number of server certificates you can upload, see IAM and STS quotas in the IAM User Guide.

Because the body of the public key certificate, private key, and the certificate chain can be large, you should use POST rather than GET when calling UploadServerCertificate. For information about setting up signatures and authorization through the API, see Signing Amazon Web Services API requests in the Amazon Web Services General Reference. For general information about using the Query API with IAM, see Calling the API by making HTTP query requests in the IAM User Guide.

", + "UploadSigningCertificate": "

Uploads an X.509 signing certificate and associates it with the specified IAM user. Some Amazon Web Services services require you to use certificates to validate requests that are signed with a corresponding private key. When you upload the certificate, its default status is Active.

For information about when you would use an X.509 signing certificate, see Managing server certificates in IAM in the IAM User Guide.

If the UserName is not specified, the IAM user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the account. Consequently, you can use this operation to manage account root user credentials even if the account has no associated users.

Because the body of an X.509 certificate can be large, you should use POST rather than GET when calling UploadSigningCertificate. For information about setting up signatures and authorization through the API, see Signing Amazon Web Services API requests in the Amazon Web Services General Reference. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.

" }, "shapes": { "AccessAdvisorUsageGranularityType": { @@ -170,7 +170,7 @@ } }, "AccessDetail": { - "base": "

An object that contains details about when a principal in the reported AWS Organizations entity last attempted to access an AWS service. A principal can be an IAM user, an IAM role, or the AWS account root user within the reported Organizations entity.

This data type is a response element in the GetOrganizationsAccessReport operation.

", + "base": "

An object that contains details about when a principal in the reported Organizations entity last attempted to access an Amazon Web Services service. A principal can be an IAM user, an IAM role, or the Amazon Web Services account root user within the reported Organizations entity.

This data type is a response element in the GetOrganizationsAccessReport operation.

", "refs": { "AccessDetails$member": null } @@ -182,19 +182,19 @@ } }, "AccessKey": { - "base": "

Contains information about an AWS access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

", + "base": "

Contains information about an Amazon Web Services access key.

This data type is used as a response element in the CreateAccessKey and ListAccessKeys operations.

The SecretAccessKey value is returned only in response to CreateAccessKey. You can get a secret access key only when you first create an access key; you cannot recover the secret access key later. If you lose a secret access key, you must create a new access key.

", "refs": { "CreateAccessKeyResponse$AccessKey": "

A structure with details about the access key.

" } }, "AccessKeyLastUsed": { - "base": "

Contains information about the last time an AWS access key was used since IAM began tracking this information on April 22, 2015.

This data type is used as a response element in the GetAccessKeyLastUsed operation.

", + "base": "

Contains information about the last time an Amazon Web Services access key was used since IAM began tracking this information on April 22, 2015.

This data type is used as a response element in the GetAccessKeyLastUsed operation.

", "refs": { "GetAccessKeyLastUsedResponse$AccessKeyLastUsed": "

Contains information about the last time the access key was used.

" } }, "AccessKeyMetadata": { - "base": "

Contains information about an AWS access key, without its secret key.

This data type is used as a response element in the ListAccessKeys operation.

", + "base": "

Contains information about an Amazon Web Services access key, without its secret key.

This data type is used as a response element in the ListAccessKeys operation.

", "refs": { "accessKeyMetadataListType$member": null } @@ -669,7 +669,7 @@ } }, "EntityDetails": { - "base": "

An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified AWS service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

", + "base": "

An object that contains details about when the IAM entities (users or roles) were last used in an attempt to access the specified Amazon Web Services service.

This data type is a response element in the GetServiceLastAccessedDetailsWithEntities operation.

", "refs": { "entityDetailsListType$member": null } @@ -703,7 +703,7 @@ "EvalDecisionDetailsType": { "base": null, "refs": { - "EvaluationResult$EvalDecisionDetails": "

Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.

If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned.

When you make a cross-account request, AWS evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account.

If an AWS Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.

", + "EvaluationResult$EvalDecisionDetails": "

Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.

If the simulation evaluates policies within the same account and includes a resource ARN, then the parameter is present but the response is empty. If the simulation evaluates policies within the same account and specifies all resources (*), then the parameter is not returned.

When you make a cross-account request, Amazon Web Services evaluates the request in the trusting account and the trusted account. The request is allowed only if both evaluations return true. For more information about how policies are evaluated, see Evaluating policies within a single account.

If an Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.

", "ResourceSpecificResult$EvalDecisionDetails": "

Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.

" } }, @@ -1033,7 +1033,7 @@ } }, "LimitExceededException": { - "base": "

The request was rejected because it attempted to create resources beyond the current AWS account limits. The error message describes the limit exceeded.

", + "base": "

The request was rejected because it attempted to create resources beyond the current Amazon Web Services account limits. The error message describes the limit exceeded.

", "refs": { } }, @@ -1393,7 +1393,7 @@ "base": "

Contains the user name and password create date for a user.

This data type is used as a response element in the CreateLoginProfile and GetLoginProfile operations.

", "refs": { "CreateLoginProfileResponse$LoginProfile": "

A structure containing the user name and password create date.

", - "GetLoginProfileResponse$LoginProfile": "

A structure containing the user name and password create date for the user.

" + "GetLoginProfileResponse$LoginProfile": "

A structure containing the user name and the profile creation date for the user.

" } }, "MFADevice": { @@ -1438,13 +1438,13 @@ "OpenIDConnectProviderListType": { "base": "

Contains a list of IAM OpenID Connect providers.

", "refs": { - "ListOpenIDConnectProvidersResponse$OpenIDConnectProviderList": "

The list of IAM OIDC provider resource objects defined in the AWS account.

" + "ListOpenIDConnectProvidersResponse$OpenIDConnectProviderList": "

The list of IAM OIDC provider resource objects defined in the account.

" } }, "OpenIDConnectProviderUrlType": { "base": "

Contains a URL that specifies the endpoint for an OpenID Connect provider.

", "refs": { - "CreateOpenIDConnectProviderRequest$Url": "

The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.

You cannot register the same provider multiple times in a single AWS account. If you try to submit a URL that has already been used for an OpenID Connect provider in the AWS account, you will get an error.

", + "CreateOpenIDConnectProviderRequest$Url": "

The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com.

You cannot register the same provider multiple times in a single account. If you try to submit a URL that has already been used for an OpenID Connect provider in the account, you will get an error.

", "GetOpenIDConnectProviderResponse$Url": "

The URL that the IAM OIDC provider resource object is associated with. For more information, see CreateOpenIDConnectProvider.

" } }, @@ -1530,7 +1530,7 @@ } }, "PolicyNotAttachableException": { - "base": "

The request failed because AWS service role policies can only be attached to the service-linked role for that service.

", + "base": "

The request failed because Amazon Web Services service role policies can only be attached to the service-linked role for that service.

", "refs": { } }, @@ -1687,8 +1687,8 @@ "ResourceNameListType": { "base": null, "refs": { - "SimulateCustomPolicyRequest$ResourceArns": "

A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.

The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.

If you include a ResourcePolicy, then it must be applicable to all of the resources included in the simulation or you receive an invalid input error.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "SimulatePrincipalPolicyRequest$ResourceArns": "

A list of ARNs of AWS resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.

The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

" + "SimulateCustomPolicyRequest$ResourceArns": "

A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.

The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.

If you include a ResourcePolicy, then it must be applicable to all of the resources included in the simulation or you receive an invalid input error.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "SimulatePrincipalPolicyRequest$ResourceArns": "

A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter is not provided, then the value defaults to * (all resources). Each API in the ActionNames parameter is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination and reports it in the response. You can simulate resources that don't exist in your account.

The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy as a string in the ResourcePolicy parameter.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

" } }, "ResourceNameType": { @@ -1697,10 +1697,10 @@ "EvaluationResult$EvalResourceName": "

The ARN of the resource that the indicated API operation was tested on.

", "ResourceNameListType$member": null, "ResourceSpecificResult$EvalResourceName": "

The name of the simulated resource, in Amazon Resource Name (ARN) format.

", - "SimulateCustomPolicyRequest$ResourceOwner": "

An ARN representing the AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.

The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. For example, to represent the account with the 112233445566 ID, use the following ARN: arn:aws:iam::112233445566-ID:root.

", + "SimulateCustomPolicyRequest$ResourceOwner": "

An ARN representing the account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.

The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. For example, to represent the account with the 112233445566 ID, use the following ARN: arn:aws:iam::112233445566-ID:root.

", "SimulateCustomPolicyRequest$CallerArn": "

The ARN of the IAM user that you want to use as the simulated caller of the API operations. CallerArn is required if you include a ResourcePolicy so that the policy's Principal element has a value to use in evaluating the policy.

You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.

", - "SimulatePrincipalPolicyRequest$ResourceOwner": "

An AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.

", - "SimulatePrincipalPolicyRequest$CallerArn": "

The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies.

You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.

CallerArn is required if you include a ResourcePolicy and the PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's Principal element has a value to use in evaluating the policy.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

" + "SimulatePrincipalPolicyRequest$ResourceOwner": "

An account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN. Examples of resource ARNs include an S3 bucket or object. If ResourceOwner is specified, it is also used as the account owner of any ResourcePolicy included in the simulation. If the ResourceOwner parameter is not specified, then the owner of the resources and the resource policy defaults to the account of the identity provided in CallerArn. This parameter is required only if you specify a resource-based policy and account that owns the resource is different from the account that owns the simulated calling user CallerArn.

", + "SimulatePrincipalPolicyRequest$CallerArn": "

The ARN of the IAM user that you want to specify as the simulated caller of the API operations. If you do not specify a CallerArn, it defaults to the ARN of the user that you specify in PolicySourceArn, if you specified a user. If you include both a PolicySourceArn (for example, arn:aws:iam::123456789012:user/David) and a CallerArn (for example, arn:aws:iam::123456789012:user/Bob), the result is that you simulate calling the API operations as Bob, as if Bob had David's policies.

You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed role, federated user, or a service principal.

CallerArn is required if you include a ResourcePolicy and the PolicySourceArn is not the ARN for an IAM user. This is required so that the resource-based policy's Principal element has a value to use in evaluating the policy.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

" } }, "ResourceSpecificResult": { @@ -1772,7 +1772,7 @@ "SAMLProviderListType": { "base": null, "refs": { - "ListSAMLProvidersResponse$SAMLProviderList": "

The list of SAML provider resource objects defined in IAM for this AWS account.

" + "ListSAMLProvidersResponse$SAMLProviderList": "

The list of SAML provider resource objects defined in IAM for this Amazon Web Services account.

" } }, "SAMLProviderNameType": { @@ -1892,10 +1892,10 @@ "refs": { "GetContextKeysForCustomPolicyRequest$PolicyInputList": "

A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", "GetContextKeysForPrincipalPolicyRequest$PolicyInputList": "

An optional list of additional policies for which you want the list of context keys that are referenced.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "SimulateCustomPolicyRequest$PolicyInputList": "

A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be \"scope-down\" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "SimulateCustomPolicyRequest$PermissionsBoundaryPolicyInputList": "

The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that an IAM entity can have. You can input only one permissions boundary when you pass a policy to this operation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string that contains the complete, valid JSON text of a permissions boundary policy.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "SimulateCustomPolicyRequest$PolicyInputList": "

A list of policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy. Do not include any resource-based policies in this parameter. Any resource-based policy must be submitted with the ResourcePolicy parameter. The policies cannot be \"scope-down\" policies, such as you could include in a call to GetFederationToken or one of the AssumeRole API operations. In other words, do not use policies designed to restrict what a user can do while using the temporary credentials.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "SimulateCustomPolicyRequest$PermissionsBoundaryPolicyInputList": "

The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that an IAM entity can have. You can input only one permissions boundary when you pass a policy to this operation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string that contains the complete, valid JSON text of a permissions boundary policy.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", "SimulatePrincipalPolicyRequest$PolicyInputList": "

An optional list of additional policy documents to include in the simulation. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "SimulatePrincipalPolicyRequest$PermissionsBoundaryPolicyInputList": "

The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

" + "SimulatePrincipalPolicyRequest$PermissionsBoundaryPolicyInputList": "

The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions that the entity can have. You can input only one permissions boundary when you pass a policy to this operation. An IAM entity can only have one permissions boundary in effect at a time. For example, if a permissions boundary is attached to an entity and you pass in a different permissions boundary policy using this parameter, then the new permissions boundary policy is used for the simulation. For more information about permissions boundaries, see Permissions boundaries for IAM entities in the IAM User Guide. The policy input is specified as a string containing the complete, valid JSON text of a permissions boundary policy.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

" } }, "Statement": { @@ -2138,7 +2138,7 @@ "base": "

Contains information about an IAM user entity.

This data type is used as a response element in the following operations:

", "refs": { "CreateUserResponse$User": "

A structure with details about the new IAM user.

", - "GetUserResponse$User": "

A structure containing details about the IAM user.

Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.

You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to AWS in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access AWS programmatically you can refer to access key last used information because it is accurate for all dates.

", + "GetUserResponse$User": "

A structure containing details about the IAM user.

Due to a service issue, password last used data does not include password use from May 3, 2018 22:50 PDT to May 23, 2018 14:08 PDT. This affects last sign-in dates shown in the IAM console and password last used dates in the IAM credential report, and returned by this operation. If users signed in during the affected time, the password last used date that is returned is the date the user last signed in before May 3, 2018. For users that signed in after May 23, 2018 14:08 PDT, the returned password last used date is accurate.

You can use password last used information to identify unused credentials for deletion. For example, you might delete users who did not sign in to Amazon Web Services in the last 90 days. In cases like this, we recommend that you adjust your evaluation window to include dates after May 23, 2018. Alternatively, if your users use access keys to access Amazon Web Services programmatically you can refer to access key last used information because it is accurate for all dates.

", "VirtualMFADevice$User": "

The IAM user associated with this virtual MFA device.

", "userListType$member": null } @@ -2181,7 +2181,7 @@ "accountAliasListType": { "base": null, "refs": { - "ListAccountAliasesResponse$AccountAliases": "

A list of aliases associated with the account. AWS supports only one alias per account.

" + "ListAccountAliasesResponse$AccountAliases": "

A list of aliases associated with the account. Amazon Web Services supports only one alias per account.

" } }, "accountAliasType": { @@ -2193,66 +2193,66 @@ } }, "arnType": { - "base": "

The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the AWS General Reference.

", + "base": "

The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web Services resources.

For more information about ARNs, go to Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "refs": { "AddClientIDToOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the IAM OpenID Connect (OIDC) provider resource to add the client ID to. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

", "ArnListType$member": null, - "AttachGroupPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "AttachRolePolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "AttachUserPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "AttachGroupPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "AttachRolePolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "AttachUserPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to attach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "AttachedPermissionsBoundary$PermissionsBoundaryArn": "

The ARN of the policy used to set the permissions boundary for the user or role.

", "AttachedPolicy$PolicyArn": null, "CreateOpenIDConnectProviderResponse$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the new IAM OpenID Connect provider that is created. For more information, see OpenIDConnectProviderListEntry.

", - "CreatePolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "CreatePolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy to which you want to add a new version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "CreateRoleRequest$PermissionsBoundary": "

The ARN of the policy that is used to set the permissions boundary for the role.

", "CreateSAMLProviderResponse$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the new SAML provider resource in IAM.

", "CreateUserRequest$PermissionsBoundary": "

The ARN of the policy that is used to set the permissions boundary for the user.

", "DeleteOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the IAM OpenID Connect provider resource object to delete. You can get a list of OpenID Connect provider resource ARNs by using the ListOpenIDConnectProviders operation.

", - "DeletePolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to delete.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "DeletePolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "DeletePolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to delete.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "DeletePolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy from which you want to delete a version.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "DeleteSAMLProviderRequest$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the SAML provider to delete.

", - "DetachGroupPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "DetachRolePolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "DetachUserPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "DetachGroupPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "DetachRolePolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "DetachUserPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy you want to detach.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "EntityInfo$Arn": null, - "GenerateServiceLastAccessedDetailsRequest$Arn": "

The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an AWS service.

", - "GetContextKeysForPrincipalPolicyRequest$PolicySourceArn": "

The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "GetOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "GetPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the managed policy that you want information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "GetPolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the managed policy that you want information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "GetSAMLProviderRequest$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "GenerateServiceLastAccessedDetailsRequest$Arn": "

The ARN of the IAM resource (user, group, role, or managed policy) used to generate information about when the resource was last used in an attempt to access an Amazon Web Services service.

", + "GetContextKeysForPrincipalPolicyRequest$PolicySourceArn": "

The ARN of a user, group, or role whose policies contain the context keys that you want listed. If you specify a user, the list includes context keys that are found in all policies that are attached to the user. The list also includes all groups that the user is a member of. If you pick a group or a role, then it includes only those context keys that are found in policies attached to that entity. Note that all parameters are shown in unencoded form here for clarity, but must be URL encoded to be included as a part of a real HTML request.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "GetOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the OIDC provider resource object in IAM to get information for. You can get a list of OIDC provider resource ARNs by using the ListOpenIDConnectProviders operation.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "GetPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the managed policy that you want information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "GetPolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the managed policy that you want information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "GetSAMLProviderRequest$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the SAML provider resource object in IAM to get information about.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "Group$Arn": "

The Amazon Resource Name (ARN) specifying the group. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.

", "GroupDetail$Arn": null, "InstanceProfile$Arn": "

The Amazon Resource Name (ARN) specifying the instance profile. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.

", - "ListEntitiesForPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "ListOpenIDConnectProviderTagsRequest$OpenIDConnectProviderArn": "

The ARN of the OpenID Connect (OIDC) identity provider whose tags you want to see.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ListEntitiesForPolicyRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "ListOpenIDConnectProviderTagsRequest$OpenIDConnectProviderArn": "

The ARN of the OpenID Connect (OIDC) identity provider whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ListPoliciesGrantingServiceAccessRequest$Arn": "

The ARN of the IAM identity (user, group, or role) whose policies you want to list.

", - "ListPolicyTagsRequest$PolicyArn": "

The ARN of the IAM customer managed policy whose tags you want to see.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "ListPolicyVersionsRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "ListSAMLProviderTagsRequest$SAMLProviderArn": "

The ARN of the Security Assertion Markup Language (SAML) identity provider whose tags you want to see.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ListPolicyTagsRequest$PolicyArn": "

The ARN of the IAM customer managed policy whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "ListPolicyVersionsRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy for which you want the versions.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "ListSAMLProviderTagsRequest$SAMLProviderArn": "

The ARN of the Security Assertion Markup Language (SAML) identity provider whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ManagedPolicyDetail$Arn": null, "OpenIDConnectProviderListEntry$Arn": null, "Policy$Arn": null, "PolicyGrantingServiceAccess$PolicyArn": null, "PutRolePermissionsBoundaryRequest$PermissionsBoundary": "

The ARN of the policy that is used to set the permissions boundary for the role.

", "PutUserPermissionsBoundaryRequest$PermissionsBoundary": "

The ARN of the policy that is used to set the permissions boundary for the user.

", - "RemoveClientIDFromOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "RemoveClientIDFromOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the IAM OIDC provider resource to remove the client ID from. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "Role$Arn": "

The Amazon Resource Name (ARN) specifying the role. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide guide.

", "RoleDetail$Arn": null, "SAMLProviderListEntry$Arn": "

The Amazon Resource Name (ARN) of the SAML provider.

", "ServerCertificateMetadata$Arn": "

The Amazon Resource Name (ARN) specifying the server certificate. For more information about ARNs and how to use them in policies, see IAM identifiers in the IAM User Guide.

", - "ServiceLastAccessed$LastAuthenticatedEntity": "

The ARN of the authenticated entity (user or role) that last attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", - "SetDefaultPolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "SimulatePrincipalPolicyRequest$PolicySourceArn": "

The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "TagOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The ARN of the OIDC identity provider in IAM to which you want to add tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "TagPolicyRequest$PolicyArn": "

The ARN of the IAM customer managed policy to which you want to add tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "TagSAMLProviderRequest$SAMLProviderArn": "

The ARN of the SAML identity provider in IAM to which you want to add tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ServiceLastAccessed$LastAuthenticatedEntity": "

The ARN of the authenticated entity (user or role) that last attempted to access the service. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", + "SetDefaultPolicyVersionRequest$PolicyArn": "

The Amazon Resource Name (ARN) of the IAM policy whose default version you want to set.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "SimulatePrincipalPolicyRequest$PolicySourceArn": "

The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation. If you specify a user, group, or role, the simulation includes all policies that are associated with that entity. If you specify a user, the simulation also includes all policies that are attached to any groups the user belongs to.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "TagOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The ARN of the OIDC identity provider in IAM to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "TagPolicyRequest$PolicyArn": "

The ARN of the IAM customer managed policy to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "TagSAMLProviderRequest$SAMLProviderArn": "

The ARN of the SAML identity provider in IAM to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "TrackedActionLastAccessed$LastAccessedEntity": null, - "UntagOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The ARN of the OIDC provider in IAM from which you want to remove tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UntagPolicyRequest$PolicyArn": "

The ARN of the IAM customer managed policy from which you want to remove tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UntagSAMLProviderRequest$SAMLProviderArn": "

The ARN of the SAML identity provider in IAM from which you want to remove tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UpdateOpenIDConnectProviderThumbprintRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", - "UpdateSAMLProviderRequest$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the SAML provider to update.

For more information about ARNs, see Amazon Resource Names (ARNs) in the AWS General Reference.

", + "UntagOpenIDConnectProviderRequest$OpenIDConnectProviderArn": "

The ARN of the OIDC provider in IAM from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UntagPolicyRequest$PolicyArn": "

The ARN of the IAM customer managed policy from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UntagSAMLProviderRequest$SAMLProviderArn": "

The ARN of the SAML identity provider in IAM from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UpdateOpenIDConnectProviderThumbprintRequest$OpenIDConnectProviderArn": "

The Amazon Resource Name (ARN) of the IAM OIDC provider resource object for which you want to update the thumbprint. You can get a list of OIDC provider ARNs by using the ListOpenIDConnectProviders operation.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", + "UpdateSAMLProviderRequest$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the SAML provider to update.

For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.

", "UpdateSAMLProviderResponse$SAMLProviderArn": "

The Amazon Resource Name (ARN) of the SAML provider that was updated.

", "User$Arn": "

The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs and how to use ARNs in policies, see IAM Identifiers in the IAM User Guide.

", "UserDetail$Arn": null @@ -2320,27 +2320,27 @@ "ListGroupPoliciesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListGroupsForUserResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListGroupsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListInstanceProfileTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListInstanceProfileTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListInstanceProfilesForRoleResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListInstanceProfilesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListMFADeviceTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListMFADeviceTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListMFADevicesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListOpenIDConnectProviderTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListOpenIDConnectProviderTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListPoliciesGrantingServiceAccessResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListPoliciesRequest$OnlyAttached": "

A flag to filter the results to only the attached policies.

When OnlyAttached is true, the returned list contains only the policies that are attached to an IAM user, group, or role. When OnlyAttached is false, or when the parameter is not included, all policies are returned.

", "ListPoliciesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListPolicyTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListPolicyTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListPolicyVersionsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListRolePoliciesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListRoleTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListRoleTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListRolesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListSAMLProviderTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListSAMLProviderTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListSSHPublicKeysResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListServerCertificateTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListServerCertificateTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListServerCertificatesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListSigningCertificatesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListUserPoliciesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", - "ListUserTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can use the Marker request parameter to make a subsequent pagination request that retrieves more items. Note that IAM might return fewer than the MaxItems number of results even when more results are available. Check IsTruncated after every call to ensure that you receive all of your results.

", + "ListUserTagsResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListUsersResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "ListVirtualMFADevicesResponse$IsTruncated": "

A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the Marker request parameter to retrieve more items. Note that IAM might return fewer than the MaxItems number of results even when there are more results available. We recommend that you check IsTruncated after every call to ensure that you receive all your results.

", "LoginProfile$PasswordResetRequired": "

Specifies whether the user is required to set a new password on next sign-in.

", @@ -2360,7 +2360,7 @@ "UpdateAccountPasswordPolicyRequest$RequireNumbers": "

Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.

", "UpdateAccountPasswordPolicyRequest$RequireUppercaseCharacters": "

Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.

", "UpdateAccountPasswordPolicyRequest$RequireLowercaseCharacters": "

Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.

", - "UpdateAccountPasswordPolicyRequest$AllowUsersToChangePassword": "

Allows all IAM users in your account to use the AWS Management Console to change their own passwords. For more information, see Letting IAM users change their own passwords in the IAM User Guide.

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.

" + "UpdateAccountPasswordPolicyRequest$AllowUsersToChangePassword": "

Allows all IAM users in your account to use the Management Console to change their own passwords. For more information, see Letting IAM users change their own passwords in the IAM User Guide.

If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.

" } }, "certificateBodyType": { @@ -2435,13 +2435,13 @@ "dateType": { "base": null, "refs": { - "AccessDetail$LastAuthenticatedTime": "

The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.

", + "AccessDetail$LastAuthenticatedTime": "

The date and time, in ISO 8601 date-time format, when an authenticated principal most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.

This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.

", "AccessKey$CreateDate": "

The date when the access key was created.

", "AccessKeyLastUsed$LastUsedDate": "

The date and time, in ISO 8601 date-time format, when the access key was most recently used. This field is null in the following situations:

", "AccessKeyMetadata$CreateDate": "

The date when the access key was created.

", - "EntityDetails$LastAuthenticated": "

The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access AWS. AWS does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", + "EntityDetails$LastAuthenticated": "

The date and time, in ISO 8601 date-time format, when the authenticated entity last attempted to access Amazon Web Services. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", "GetCredentialReportResponse$GeneratedTime": "

The date and time when the credential report was created, in ISO 8601 date-time format.

", - "GetOpenIDConnectProviderResponse$CreateDate": "

The date and time when the IAM OIDC provider resource object was created in the AWS account.

", + "GetOpenIDConnectProviderResponse$CreateDate": "

The date and time when the IAM OIDC provider resource object was created in the account.

", "GetOrganizationsAccessReportResponse$JobCreationDate": "

The date and time, in ISO 8601 date-time format, when the report job was created.

", "GetOrganizationsAccessReportResponse$JobCompletionDate": "

The date and time, in ISO 8601 date-time format, when the generated report job was completed or failed.

This field is null if the job is still in progress, as indicated by a job status value of IN_PROGRESS.

", "GetSAMLProviderResponse$CreateDate": "

The date and time when the SAML provider was created.

", @@ -2469,13 +2469,13 @@ "SSHPublicKeyMetadata$UploadDate": "

The date and time, in ISO 8601 date-time format, when the SSH public key was uploaded.

", "ServerCertificateMetadata$UploadDate": "

The date when the server certificate was uploaded.

", "ServerCertificateMetadata$Expiration": "

The date on which the certificate is set to expire.

", - "ServiceLastAccessed$LastAuthenticated": "

The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", + "ServiceLastAccessed$LastAuthenticated": "

The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the service. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", "ServiceSpecificCredential$CreateDate": "

The date and time, in ISO 8601 date-time format, when the service-specific credential were created.

", "ServiceSpecificCredentialMetadata$CreateDate": "

The date and time, in ISO 8601 date-time format, when the service-specific credential were created.

", "SigningCertificate$UploadDate": "

The date when the signing certificate was uploaded.

", - "TrackedActionLastAccessed$LastAccessedTime": "

The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. AWS does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", + "TrackedActionLastAccessed$LastAccessedTime": "

The date and time, in ISO 8601 date-time format, when an authenticated entity most recently attempted to access the tracked service. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", "User$CreateDate": "

The date and time, in ISO 8601 date-time format, when the user was created.

", - "User$PasswordLastUsed": "

The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an AWS website. For a list of AWS websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:

A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.

This value is returned only in the GetUser and ListUsers operations.

", + "User$PasswordLastUsed": "

The date and time, in ISO 8601 date-time format, when the user's password was last used to sign in to an Amazon Web Services website. For a list of Amazon Web Services websites that capture a user's last sign-in time, see the Credential reports topic in the IAM User Guide. If a password is used more than once in a five-minute span, only the first use is returned in this field. If the field is null (no value), then it indicates that they never signed in with a password. This can be because:

A null value does not mean that the user never had a password. Also, if the user does not currently have a password but had one in the past, then this field contains the date and time the most recent password was used.

This value is returned only in the GetUser and ListUsers operations.

", "UserDetail$CreateDate": "

The date and time, in ISO 8601 date-time format, when the user was created.

", "VirtualMFADevice$EnableDate": "

The date and time on which the virtual MFA device was enabled.

" } @@ -2513,7 +2513,7 @@ "entityDetailsListType": { "base": null, "refs": { - "GetServiceLastAccessedDetailsWithEntitiesResponse$EntityDetailsList": "

An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified AWS service.

" + "GetServiceLastAccessedDetailsWithEntitiesResponse$EntityDetailsList": "

An EntityDetailsList object that contains details about when an IAM entity (user or role) used group or policy permissions in an attempt to access the specified Amazon Web Services service.

" } }, "entityListType": { @@ -2545,7 +2545,7 @@ "DeleteUserPolicyRequest$UserName": "

The name (friendly name, not ARN) identifying the user that the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "DeleteUserRequest$UserName": "

The name of the user to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "EnableMFADeviceRequest$UserName": "

The name of the IAM user for whom you want to enable the MFA device.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "GetAccessKeyLastUsedResponse$UserName": "

The name of the AWS IAM user that owns this access key.

", + "GetAccessKeyLastUsedResponse$UserName": "

The name of the IAM user that owns this access key.

", "GetUserPolicyRequest$UserName": "

The name of the user who the policy is associated with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "GetUserPolicyResponse$UserName": "

The user the policy is associated with.

", "GetUserRequest$UserName": "

The name of the user to get information about.

This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", @@ -2554,12 +2554,12 @@ "ListMFADevicesRequest$UserName": "

The name of the user whose MFA devices you want to list.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ListSigningCertificatesRequest$UserName": "

The name of the IAM user whose signing certificates you want to examine.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ListUserPoliciesRequest$UserName": "

The name of the user to list policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "ListUserTagsRequest$UserName": "

The name of the IAM user whose tags you want to see.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ListUserTagsRequest$UserName": "

The name of the IAM user whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "PutUserPolicyRequest$UserName": "

The name of the user to associate the policy with.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "RemoveUserFromGroupRequest$UserName": "

The name of the user to remove.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ResyncMFADeviceRequest$UserName": "

The name of the user whose MFA device you want to resynchronize.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "TagUserRequest$UserName": "

The name of the IAM user to which you want to add tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UntagUserRequest$UserName": "

The name of the IAM user from which you want to remove tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "TagUserRequest$UserName": "

The name of the IAM user to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UntagUserRequest$UserName": "

The name of the IAM user from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "UpdateAccessKeyRequest$UserName": "

The name of the user whose key you want to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "UpdateSigningCertificateRequest$UserName": "

The name of the IAM user the signing certificate belongs to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "UpdateUserRequest$UserName": "

Name of the user to update. If you're changing the name of the user, this is the original user name.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", @@ -2569,7 +2569,7 @@ "globalEndpointTokenVersion": { "base": null, "refs": { - "SetSecurityTokenServicePreferencesRequest$GlobalEndpointTokenVersion": "

The version of the global endpoint token. Version 1 tokens are valid only in AWS Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens.

For information, see Activating and deactivating STS in an AWS region in the IAM User Guide.

" + "SetSecurityTokenServicePreferencesRequest$GlobalEndpointTokenVersion": "

The version of the global endpoint token. Version 1 tokens are valid only in Regions that are available by default. These tokens do not work in manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in all Regions. However, version 2 tokens are longer and might affect systems where you temporarily store tokens.

For information, see Activating and deactivating STS in an Region in the IAM User Guide.

" } }, "groupDetailListType": { @@ -2597,7 +2597,7 @@ "AddUserToGroupRequest$GroupName": "

The name of the group to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "AttachGroupPolicyRequest$GroupName": "

The name (friendly name, not ARN) of the group to attach the policy to.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "CreateGroupRequest$GroupName": "

The name of the group to create. Do not include the path in this value.

IAM user, group, role, and policy names must be unique within the account. Names are not distinguished by case. For example, you cannot create resources named both \"MyResource\" and \"myresource\".

", - "CreateServiceLinkedRoleRequest$AWSServiceName": "

The service principal for the AWS service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com.

Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see AWS services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.

", + "CreateServiceLinkedRoleRequest$AWSServiceName": "

The service principal for the Amazon Web Services service to which this role is attached. You use a string similar to a URL but without the http:// in front. For example: elasticbeanstalk.amazonaws.com.

Service principals are unique and case-sensitive. To find the exact service principal for your service-linked role, see Amazon Web Services services that work with IAM in the IAM User Guide. Look for the services that have Yes in the Service-Linked Role column. Choose the Yes link to view the service-linked role documentation for that service.

", "DeleteGroupPolicyRequest$GroupName": "

The name (friendly name, not ARN) identifying the group that the policy is embedded in.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "DeleteGroupRequest$GroupName": "

The name of the IAM group to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "DetachGroupPolicyRequest$GroupName": "

The name (friendly name, not ARN) of the IAM group to detach the policy from.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", @@ -2651,10 +2651,10 @@ "DeleteInstanceProfileRequest$InstanceProfileName": "

The name of the instance profile to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "GetInstanceProfileRequest$InstanceProfileName": "

The name of the instance profile to get information about.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "InstanceProfile$InstanceProfileName": "

The name identifying the instance profile.

", - "ListInstanceProfileTagsRequest$InstanceProfileName": "

The name of the IAM instance profile whose tags you want to see.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ListInstanceProfileTagsRequest$InstanceProfileName": "

The name of the IAM instance profile whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "RemoveRoleFromInstanceProfileRequest$InstanceProfileName": "

The name of the instance profile to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "TagInstanceProfileRequest$InstanceProfileName": "

The name of the IAM instance profile to which you want to add tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UntagInstanceProfileRequest$InstanceProfileName": "

The name of the IAM instance profile from which you want to remove tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

" + "TagInstanceProfileRequest$InstanceProfileName": "

The name of the IAM instance profile to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UntagInstanceProfileRequest$InstanceProfileName": "

The name of the IAM instance profile from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

" } }, "integerType": { @@ -2805,25 +2805,25 @@ "ListGroupPoliciesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListGroupsForUserRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListGroupsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListInstanceProfileTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListInstanceProfileTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListInstanceProfilesForRoleRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListInstanceProfilesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListMFADeviceTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListMFADeviceTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListMFADevicesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListOpenIDConnectProviderTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListOpenIDConnectProviderTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListPoliciesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListPolicyTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListPolicyTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListPolicyVersionsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListRolePoliciesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListRoleTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListRoleTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListRolesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListSAMLProviderTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListSAMLProviderTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListSSHPublicKeysRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListServerCertificateTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListServerCertificateTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListServerCertificatesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListSigningCertificatesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListUserPoliciesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", - "ListUserTagsRequest$MaxItems": "

(Optional) Use this only when paginating results to indicate the maximum number of items that you want in the response. If additional items exist beyond the maximum that you specify, the IsTruncated response element is true.

If you do not include this parameter, it defaults to 100. Note that IAM might return fewer results, even when more results are available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", + "ListUserTagsRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListUsersRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "ListVirtualMFADevicesRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", "SimulateCustomPolicyRequest$MaxItems": "

Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the IsTruncated response element is true.

If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the IsTruncated response element returns true, and Marker contains a value to include in the subsequent call that tells the service where to continue from.

", @@ -2859,14 +2859,14 @@ "organizationsEntityPathType": { "base": null, "refs": { - "AccessDetail$EntityPath": "

The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.

", - "GenerateOrganizationsAccessReportRequest$EntityPath": "

The path of the AWS Organizations entity (root, OU, or account). You can build an entity path using the known structure of your organization. For example, assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.

" + "AccessDetail$EntityPath": "

The path of the Organizations entity (root, organizational unit, or account) from which an authenticated principal last attempted to access the service. Amazon Web Services does not report unauthenticated requests.

This field is null if no principals (IAM users, IAM roles, or root users) in the reported Organizations entity attempted to access the service within the reporting period.

", + "GenerateOrganizationsAccessReportRequest$EntityPath": "

The path of the Organizations entity (root, OU, or account). You can build an entity path using the known structure of your organization. For example, assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012.

" } }, "organizationsPolicyIdType": { "base": null, "refs": { - "GenerateOrganizationsAccessReportRequest$OrganizationsPolicyId": "

The identifier of the AWS Organizations service control policy (SCP). This parameter is optional.

This ID is used to generate information about when an account principal that is limited by the SCP attempted to access an AWS service.

" + "GenerateOrganizationsAccessReportRequest$OrganizationsPolicyId": "

The identifier of the Organizations service control policy (SCP). This parameter is optional.

This ID is used to generate information about when an account principal that is limited by the SCP attempted to access an Amazon Web Services service.

" } }, "passwordPolicyViolationMessage": { @@ -2886,9 +2886,9 @@ "base": null, "refs": { "ChangePasswordRequest$OldPassword": "

The IAM user's current password.

", - "ChangePasswordRequest$NewPassword": "

The new password. The new password must conform to the AWS account's password policy, if one exists.

The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

", - "CreateLoginProfileRequest$Password": "

The new password for the user.

The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the AWS Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

", - "UpdateLoginProfileRequest$Password": "

The new password for the specified IAM user.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

However, the format can be further restricted by the account administrator by setting a password policy on the AWS account. For more information, see UpdateAccountPasswordPolicy.

" + "ChangePasswordRequest$NewPassword": "

The new password. The new password must conform to the account's password policy, if one exists.

The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

", + "CreateLoginProfileRequest$Password": "

The new password for the user.

The regex pattern that is used to validate this parameter is a string of characters. That string can include almost any printable ASCII character from the space (\\u0020) through the end of the ASCII character range (\\u00FF). You can also include the tab (\\u0009), line feed (\\u000A), and carriage return (\\u000D) characters. Any of these characters are valid in a password. However, many tools, such as the Management Console, might restrict the ability to type certain characters because they have special meaning within that tool.

", + "UpdateLoginProfileRequest$Password": "

The new password for the specified IAM user.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

However, the format can be further restricted by the account administrator by setting a password policy on the account. For more information, see UpdateAccountPasswordPolicy.

" } }, "pathPrefixType": { @@ -2944,23 +2944,23 @@ "policyDocumentType": { "base": null, "refs": { - "CreatePolicyRequest$PolicyDocument": "

The JSON policy document that you want to use as the content for the new policy.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

To learn more about JSON policy grammar, see Grammar of the IAM JSON policy language in the IAM User Guide.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "CreatePolicyVersionRequest$PolicyDocument": "

The JSON policy document that you want to use as the content for this new version of the policy.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "CreateRoleRequest$AssumeRolePolicyDocument": "

The trust relationship policy document that grants an entity permission to assume the role.

In IAM, you must provide a JSON policy that has been converted to a string. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

Upon success, the response includes the same trust policy in JSON format.

", - "GetGroupPolicyResponse$PolicyDocument": "

The policy document.

IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

", - "GetRolePolicyResponse$PolicyDocument": "

The policy document.

IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

", - "GetUserPolicyResponse$PolicyDocument": "

The policy document.

IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

", + "CreatePolicyRequest$PolicyDocument": "

The JSON policy document that you want to use as the content for the new policy.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

To learn more about JSON policy grammar, see Grammar of the IAM JSON policy language in the IAM User Guide.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "CreatePolicyVersionRequest$PolicyDocument": "

The JSON policy document that you want to use as the content for this new version of the policy.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "CreateRoleRequest$AssumeRolePolicyDocument": "

The trust relationship policy document that grants an entity permission to assume the role.

In IAM, you must provide a JSON policy that has been converted to a string. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

Upon success, the response includes the same trust policy in JSON format.

", + "GetGroupPolicyResponse$PolicyDocument": "

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

", + "GetRolePolicyResponse$PolicyDocument": "

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

", + "GetUserPolicyResponse$PolicyDocument": "

The policy document.

IAM stores policies in JSON format. However, resources that were created using CloudFormation templates can be formatted in YAML. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

", "PolicyDetail$PolicyDocument": "

The policy document.

", "PolicyVersion$Document": "

The policy document.

The policy document is returned in the response to the GetPolicyVersion and GetAccountAuthorizationDetails operations. It is not returned in the response to the CreatePolicyVersion or ListPolicyVersions operations.

The policy document returned in this structure is URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

", - "PutGroupPolicyRequest$PolicyDocument": "

The policy document.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "PutRolePolicyRequest$PolicyDocument": "

The policy document.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "PutUserPolicyRequest$PolicyDocument": "

The policy document.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "PutGroupPolicyRequest$PolicyDocument": "

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to = IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "PutRolePolicyRequest$PolicyDocument": "

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "PutUserPolicyRequest$PolicyDocument": "

The policy document.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", "Role$AssumeRolePolicyDocument": "

The policy that grants an entity permission to assume the role.

", "RoleDetail$AssumeRolePolicyDocument": "

The trust policy that grants permission to assume the role.

", - "SimulateCustomPolicyRequest$ResourcePolicy": "

A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", - "SimulatePrincipalPolicyRequest$ResourcePolicy": "

A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "SimulateCustomPolicyRequest$ResourcePolicy": "

A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", + "SimulatePrincipalPolicyRequest$ResourcePolicy": "

A resource-based policy to include in the simulation provided as a string. Each resource in the simulation is treated as if it had this policy attached. You can include only one resource-based policy in a simulation.

The maximum length of the policy document that you can pass in this operation, including whitespace, is listed below. To view the maximum character counts of a managed policy with no whitespaces, see IAM and STS character quotas.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

", "SimulationPolicyListType$member": null, - "UpdateAssumeRolePolicyRequest$PolicyDocument": "

The policy that grants an entity permission to assume the role.

You must provide policies in JSON format in IAM. However, for AWS CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

" + "UpdateAssumeRolePolicyRequest$PolicyDocument": "

The policy that grants an entity permission to assume the role.

You must provide policies in JSON format in IAM. However, for CloudFormation templates formatted in YAML, you can provide the policy in JSON or YAML format. CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

The regex pattern used to validate this parameter is a string of characters consisting of the following:

" } }, "policyDocumentVersionListType": { @@ -3048,7 +3048,7 @@ "policyScopeType": { "base": null, "refs": { - "ListPoliciesRequest$Scope": "

The scope to use for filtering the results.

To list only AWS managed policies, set Scope to AWS. To list only the customer managed policies in your AWS account, set Scope to Local.

This parameter is optional. If it is not included, or if it is set to All, all policies are returned.

" + "ListPoliciesRequest$Scope": "

The scope to use for filtering the results.

To list only Amazon Web Services managed policies, set Scope to AWS. To list only the customer managed policies in your account, set Scope to Local.

This parameter is optional. If it is not included, or if it is set to All, all policies are returned.

" } }, "policyType": { @@ -3170,9 +3170,9 @@ "roleMaxSessionDurationType": { "base": null, "refs": { - "CreateRoleRequest$MaxSessionDuration": "

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.

", - "Role$MaxSessionDuration": "

The maximum session duration (in seconds) for the specified role. Anyone who uses the AWS CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.

", - "UpdateRoleRequest$MaxSessionDuration": "

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.

" + "CreateRoleRequest$MaxSessionDuration": "

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Anyone who assumes the role from the or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.

", + "Role$MaxSessionDuration": "

The maximum session duration (in seconds) for the specified role. Anyone who uses the CLI, or API to assume the role can specify the duration using the optional DurationSeconds API parameter or duration-seconds CLI parameter.

", + "UpdateRoleRequest$MaxSessionDuration": "

The maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.

Anyone who assumes the role from the CLI or API can use the DurationSeconds API parameter or the duration-seconds CLI parameter to request a longer session. The MaxSessionDuration setting determines the maximum duration that can be requested using the DurationSeconds parameter. If users don't specify a value for the DurationSeconds parameter, their security credentials are valid for one hour by default. This applies when you use the AssumeRole* API operations or the assume-role* CLI operations but does not apply when you use those operations to create a console URL. For more information, see Using IAM roles in the IAM User Guide.

" } }, "roleNameType": { @@ -3212,11 +3212,11 @@ "DeactivateMFADeviceRequest$SerialNumber": "

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

", "DeleteVirtualMFADeviceRequest$SerialNumber": "

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

", "EnableMFADeviceRequest$SerialNumber": "

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@:/-

", - "ListMFADeviceTagsRequest$SerialNumber": "

The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ListMFADeviceTagsRequest$SerialNumber": "

The unique identifier for the IAM virtual MFA device whose tags you want to see. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "MFADevice$SerialNumber": "

The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial number is the device ARN.

", "ResyncMFADeviceRequest$SerialNumber": "

Serial number that uniquely identifies the MFA device.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "TagMFADeviceRequest$SerialNumber": "

The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UntagMFADeviceRequest$SerialNumber": "

The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "TagMFADeviceRequest$SerialNumber": "

The unique identifier for the IAM virtual MFA device to which you want to add tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UntagMFADeviceRequest$SerialNumber": "

The unique identifier for the IAM virtual MFA device from which you want to remove tags. For virtual MFA devices, the serial number is the same as the ARN.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "VirtualMFADevice$SerialNumber": "

The serial number associated with VirtualMFADevice.

" } }, @@ -3231,10 +3231,10 @@ "refs": { "DeleteServerCertificateRequest$ServerCertificateName": "

The name of the server certificate you want to delete.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "GetServerCertificateRequest$ServerCertificateName": "

The name of the server certificate you want to retrieve information about.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "ListServerCertificateTagsRequest$ServerCertificateName": "

The name of the IAM server certificate whose tags you want to see.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "ListServerCertificateTagsRequest$ServerCertificateName": "

The name of the IAM server certificate whose tags you want to see.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ServerCertificateMetadata$ServerCertificateName": "

The name that identifies the server certificate.

", - "TagServerCertificateRequest$ServerCertificateName": "

The name of the IAM server certificate to which you want to add tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", - "UntagServerCertificateRequest$ServerCertificateName": "

The name of the IAM server certificate from which you want to remove tags.

This parameter accepts (through its regex pattern) a string of characters that consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-

", + "TagServerCertificateRequest$ServerCertificateName": "

The name of the IAM server certificate to which you want to add tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "UntagServerCertificateRequest$ServerCertificateName": "

The name of the IAM server certificate from which you want to remove tags.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "UpdateServerCertificateRequest$ServerCertificateName": "

The name of the server certificate that you want to update.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "UpdateServerCertificateRequest$NewServerCertificateName": "

The new name for the server certificate. Include this only if you are updating the server certificate's name. The name of the certificate cannot contain any spaces.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "UploadServerCertificateRequest$ServerCertificateName": "

The name for the server certificate. Do not include the path in this value. The name of the certificate cannot contain any spaces.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

" @@ -3249,8 +3249,8 @@ "serviceName": { "base": null, "refs": { - "CreateServiceSpecificCredentialRequest$ServiceName": "

The name of the AWS service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.

", - "ListServiceSpecificCredentialsRequest$ServiceName": "

Filters the returned results to only those for the specified AWS service. If not specified, then AWS returns service-specific credentials for all services.

", + "CreateServiceSpecificCredentialRequest$ServiceName": "

The name of the Amazon Web Services service that is to be associated with the credentials. The service you specify here is the only service that can be accessed using these credentials.

", + "ListServiceSpecificCredentialsRequest$ServiceName": "

Filters the returned results to only those for the specified Amazon Web Services service. If not specified, then Amazon Web Services returns service-specific credentials for all services.

", "ServiceSpecificCredential$ServiceName": "

The name of the service associated with the service-specific credential.

", "ServiceSpecificCredentialMetadata$ServiceName": "

The name of the service associated with the service-specific credential.

" } @@ -3265,16 +3265,16 @@ "serviceNamespaceListType": { "base": null, "refs": { - "ListPoliciesGrantingServiceAccessRequest$ServiceNamespaces": "

The service namespace for the AWS services whose policies you want to list.

To learn the service namespace for a service, see Actions, resources, and condition keys for AWS services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.

" + "ListPoliciesGrantingServiceAccessRequest$ServiceNamespaces": "

The service namespace for the Amazon Web Services services whose policies you want to list.

To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.

" } }, "serviceNamespaceType": { "base": null, "refs": { - "AccessDetail$ServiceNamespace": "

The namespace of the service in which access was attempted.

To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.

", - "GetServiceLastAccessedDetailsWithEntitiesRequest$ServiceNamespace": "

The service namespace for an AWS service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.

To learn the service namespace for a service, see Actions, resources, and condition keys for AWS services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.

", - "ListPoliciesGrantingServiceAccessEntry$ServiceNamespace": "

The namespace of the service that was accessed.

To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS service namespaces in the AWS General Reference.

", - "ServiceLastAccessed$ServiceNamespace": "

The namespace of the service in which access was attempted.

To learn the service namespace of a service, see Actions, resources, and condition keys for AWS services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see AWS Service Namespaces in the AWS General Reference.

", + "AccessDetail$ServiceNamespace": "

The namespace of the service in which access was attempted.

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.

", + "GetServiceLastAccessedDetailsWithEntitiesRequest$ServiceNamespace": "

The service namespace for an Amazon Web Services service. Provide the service namespace to learn when the IAM entity last attempted to access the specified service.

To learn the service namespace for a service, see Actions, resources, and condition keys for Amazon Web Services services in the IAM User Guide. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.

", + "ListPoliciesGrantingServiceAccessEntry$ServiceNamespace": "

The namespace of the service that was accessed.

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services service namespaces in the Amazon Web Services General Reference.

", + "ServiceLastAccessed$ServiceNamespace": "

The namespace of the service in which access was attempted.

To learn the service namespace of a service, see Actions, resources, and condition keys for Amazon Web Services services in the Service Authorization Reference. Choose the name of the service to view details for that service. In the first paragraph, find the service prefix. For example, (service prefix: a4b). For more information about service namespaces, see Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

", "serviceNamespaceListType$member": null } }, @@ -3303,7 +3303,7 @@ "serviceUserName": { "base": null, "refs": { - "ServiceSpecificCredential$ServiceUserName": "

The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the AWS account, as in jane-at-123456789012, for example. This value cannot be configured by the user.

", + "ServiceSpecificCredential$ServiceUserName": "

The generated user name for the service-specific credential. This value is generated by combining the IAM user's name combined with the ID number of the Amazon Web Services account, as in jane-at-123456789012, for example. This value cannot be configured by the user.

", "ServiceSpecificCredentialMetadata$ServiceUserName": "

The generated user name for the service-specific credential.

" } }, @@ -3318,29 +3318,29 @@ "refs": { "AccessKey$Status": "

The status of the access key. Active means that the key is valid for API calls, while Inactive means it is not.

", "AccessKeyMetadata$Status": "

The status of the access key. Active means that the key is valid for API calls; Inactive means it is not.

", - "SSHPublicKey$Status": "

The status of the SSH public key. Active means that the key can be used for authentication with an AWS CodeCommit repository. Inactive means that the key cannot be used.

", - "SSHPublicKeyMetadata$Status": "

The status of the SSH public key. Active means that the key can be used for authentication with an AWS CodeCommit repository. Inactive means that the key cannot be used.

", + "SSHPublicKey$Status": "

The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.

", + "SSHPublicKeyMetadata$Status": "

The status of the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.

", "ServiceSpecificCredential$Status": "

The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.

", "ServiceSpecificCredentialMetadata$Status": "

The status of the service-specific credential. Active means that the key is valid for API calls, while Inactive means it is not.

", "SigningCertificate$Status": "

The status of the signing certificate. Active means that the key is valid for API calls, while Inactive means it is not.

", - "UpdateAccessKeyRequest$Status": "

The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to AWS, while Inactive means that the key cannot be used.

", - "UpdateSSHPublicKeyRequest$Status": "

The status to assign to the SSH public key. Active means that the key can be used for authentication with an AWS CodeCommit repository. Inactive means that the key cannot be used.

", + "UpdateAccessKeyRequest$Status": "

The status you want to assign to the secret access key. Active means that the key can be used for programmatic calls to Amazon Web Services, while Inactive means that the key cannot be used.

", + "UpdateSSHPublicKeyRequest$Status": "

The status to assign to the SSH public key. Active means that the key can be used for authentication with an CodeCommit repository. Inactive means that the key cannot be used.

", "UpdateServiceSpecificCredentialRequest$Status": "

The status to be assigned to the service-specific credential.

", - "UpdateSigningCertificateRequest$Status": "

The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to AWS Inactive means that the certificate cannot be used.

" + "UpdateSigningCertificateRequest$Status": "

The status you want to assign to the certificate. Active means that the certificate can be used for programmatic calls to Amazon Web Services Inactive means that the certificate cannot be used.

" } }, "stringType": { "base": null, "refs": { "AccessDetail$Region": "

The Region where the last service access attempt occurred.

This field is null if no principals in the reported Organizations entity attempted to access the service within the reporting period.

", - "AccessKeyLastUsed$ServiceName": "

The name of the AWS service with which this access key was most recently used. The value of this field is \"N/A\" in the following situations:

", - "AccessKeyLastUsed$Region": "

The AWS Region where this access key was most recently used. The value for this field is \"N/A\" in the following situations:

For more information about AWS Regions, see Regions and endpoints in the Amazon Web Services General Reference.

", + "AccessKeyLastUsed$ServiceName": "

The name of the Amazon Web Services service with which this access key was most recently used. The value of this field is \"N/A\" in the following situations:

", + "AccessKeyLastUsed$Region": "

The Region where this access key was most recently used. The value for this field is \"N/A\" in the following situations:

For more information about Regions, see Regions and endpoints in the Amazon Web Services General Reference.

", "ErrorDetails$Message": "

Detailed information about the reason that the operation failed.

", "ErrorDetails$Code": "

The error code associated with the operation failure.

", - "RoleLastUsed$Region": "

The name of the AWS Region in which the role was last used.

", - "ServiceLastAccessed$LastAuthenticatedRegion": "

The Region from which the authenticated entity (user or role) last attempted to access the service. AWS does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", + "RoleLastUsed$Region": "

The name of the Region in which the role was last used.

", + "ServiceLastAccessed$LastAuthenticatedRegion": "

The Region from which the authenticated entity (user or role) last attempted to access the service. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

", "TrackedActionLastAccessed$ActionName": "

The name of the tracked action to which access was attempted. Tracked actions are actions that report activity to IAM.

", - "TrackedActionLastAccessed$LastAccessedRegion": "

The Region from which the authenticated entity (user or role) last attempted to access the tracked action. AWS does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

" + "TrackedActionLastAccessed$LastAccessedRegion": "

The Region from which the authenticated entity (user or role) last attempted to access the tracked action. Amazon Web Services does not report unauthenticated requests.

This field is null if no IAM entities attempted to access the service within the reporting period.

" } }, "summaryKeyType": { @@ -3426,7 +3426,7 @@ "tagValueType": { "base": null, "refs": { - "Tag$Value": "

The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.

AWS always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.

" + "Tag$Value": "

The value associated with this tag. For example, tags with a key name of Department could have values such as Human Resources, Accounting, and Support. Tags with a key name of Cost Center might have values that consist of the number associated with the different cost centers in your company. Typically, many resources have tags with the same key name but with different values.

Amazon Web Services always interprets the tag Value as a single string. If you need to store an array, you can store comma-separated values in the string. However, you must interpret the value in your code.

" } }, "thumbprintListType": { @@ -3486,9 +3486,9 @@ "GetLoginProfileRequest$UserName": "

The name of the user whose login profile you want to retrieve.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "GetSSHPublicKeyRequest$UserName": "

The name of the IAM user associated with the SSH public key.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ListAttachedUserPoliciesRequest$UserName": "

The name (friendly name, not ARN) of the user to list attached policies for.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "ListSSHPublicKeysRequest$UserName": "

The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the AWS access key used to sign the request.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", + "ListSSHPublicKeysRequest$UserName": "

The name of the IAM user to list SSH public keys for. If none is specified, the UserName field is determined implicitly based on the Amazon Web Services access key used to sign the request.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", "ListServiceSpecificCredentialsRequest$UserName": "

The name of the user whose service-specific credentials you want information about. If this value is not specified, then the operation assumes the user whose credentials are used to call the operation.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

", - "LoginProfile$UserName": "

The name of the user, which can be used for signing in to the AWS Management Console.

", + "LoginProfile$UserName": "

The name of the user, which can be used for signing in to the Management Console.

", "MFADevice$UserName": "

The user with whom the MFA device is associated.

", "PolicyUser$UserName": "

The name (friendly name, not ARN) identifying the user.

", "PutUserPermissionsBoundaryRequest$UserName": "

The name (friendly name, not ARN) of the IAM user for which you want to set the permissions boundary.

", diff --git a/models/apis/iotsitewise/2019-12-02/api-2.json b/models/apis/iotsitewise/2019-12-02/api-2.json index a95db29e83f..3c37c6bfaf3 100644 --- a/models/apis/iotsitewise/2019-12-02/api-2.json +++ b/models/apis/iotsitewise/2019-12-02/api-2.json @@ -511,6 +511,23 @@ ], "endpoint":{"hostPrefix":"monitor."} }, + "DescribeStorageConfiguration":{ + "name":"DescribeStorageConfiguration", + "http":{ + "method":"GET", + "requestUri":"/configuration/account/storage" + }, + "input":{"shape":"DescribeStorageConfigurationRequest"}, + "output":{"shape":"DescribeStorageConfigurationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictingOperationException"} + ] + }, "DisassociateAssets":{ "name":"DisassociateAssets", "http":{ @@ -804,6 +821,24 @@ ], "endpoint":{"hostPrefix":"model."} }, + "PutStorageConfiguration":{ + "name":"PutStorageConfiguration", + "http":{ + "method":"POST", + "requestUri":"/configuration/account/storage" + }, + "input":{"shape":"PutStorageConfigurationRequest"}, + "output":{"shape":"PutStorageConfigurationResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"ResourceAlreadyExistsException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalFailureException"}, + {"shape":"ThrottlingException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictingOperationException"} + ] + }, "TagResource":{ "name":"TagResource", "http":{ @@ -1868,6 +1903,17 @@ "projectArn":{"shape":"ARN"} } }, + "CustomerManagedS3Storage":{ + "type":"structure", + "required":[ + "s3ResourceArn", + "roleArn" + ], + "members":{ + "s3ResourceArn":{"shape":"ARN"}, + "roleArn":{"shape":"ARN"} + } + }, "DashboardDefinition":{ "type":"string", "max":204800, @@ -2387,6 +2433,24 @@ "projectLastUpdateDate":{"shape":"Timestamp"} } }, + "DescribeStorageConfigurationRequest":{ + "type":"structure", + "members":{ + } + }, + "DescribeStorageConfigurationResponse":{ + "type":"structure", + "required":[ + "storageType", + "configurationStatus" + ], + "members":{ + "storageType":{"shape":"StorageType"}, + "multiLayerStorage":{"shape":"MultiLayerStorage"}, + "configurationStatus":{"shape":"ConfigurationStatus"}, + "lastUpdateDate":{"shape":"Timestamp"} + } + }, "Description":{ "type":"string", "max":2048, @@ -3324,6 +3388,13 @@ } }, "MonitorErrorMessage":{"type":"string"}, + "MultiLayerStorage":{ + "type":"structure", + "required":["customerManagedS3Storage"], + "members":{ + "customerManagedS3Storage":{"shape":"CustomerManagedS3Storage"} + } + }, "Name":{ "type":"string", "max":256, @@ -3550,6 +3621,26 @@ "members":{ } }, + "PutStorageConfigurationRequest":{ + "type":"structure", + "required":["storageType"], + "members":{ + "storageType":{"shape":"StorageType"}, + "multiLayerStorage":{"shape":"MultiLayerStorage"} + } + }, + "PutStorageConfigurationResponse":{ + "type":"structure", + "required":[ + "storageType", + "configurationStatus" + ], + "members":{ + "storageType":{"shape":"StorageType"}, + "multiLayerStorage":{"shape":"MultiLayerStorage"}, + "configurationStatus":{"shape":"ConfigurationStatus"} + } + }, "Qualities":{ "type":"list", "member":{"shape":"Quality"}, @@ -3626,6 +3717,13 @@ "exception":true, "fault":true }, + "StorageType":{ + "type":"string", + "enum":[ + "SITEWISE_DEFAULT_STORAGE", + "MULTI_LAYER_STORAGE" + ] + }, "TagKey":{ "type":"string", "max":128, diff --git a/models/apis/iotsitewise/2019-12-02/docs-2.json b/models/apis/iotsitewise/2019-12-02/docs-2.json index 4c28d6806e4..9d4387ea13e 100644 --- a/models/apis/iotsitewise/2019-12-02/docs-2.json +++ b/models/apis/iotsitewise/2019-12-02/docs-2.json @@ -1,72 +1,74 @@ { "version": "2.0", - "service": "

Welcome to the AWS IoT SiteWise API Reference. AWS IoT SiteWise is an AWS service that connects Industrial Internet of Things (IIoT) devices to the power of the AWS Cloud. For more information, see the AWS IoT SiteWise User Guide. For information about AWS IoT SiteWise quotas, see Quotas in the AWS IoT SiteWise User Guide.

", + "service": "

Welcome to the IoT SiteWise API Reference. IoT SiteWise is an Amazon Web Services service that connects Industrial Internet of Things (IIoT) devices to the power of the Amazon Web Services Cloud. For more information, see the IoT SiteWise User Guide. For information about IoT SiteWise quotas, see Quotas in the IoT SiteWise User Guide.

", "operations": { - "AssociateAssets": "

Associates a child asset with the given parent asset through a hierarchy defined in the parent asset's model. For more information, see Associating assets in the AWS IoT SiteWise User Guide.

", - "BatchAssociateProjectAssets": "

Associates a group (batch) of assets with an AWS IoT SiteWise Monitor project.

", - "BatchDisassociateProjectAssets": "

Disassociates a group (batch) of assets from an AWS IoT SiteWise Monitor project.

", - "BatchPutAssetPropertyValue": "

Sends a list of asset property values to AWS IoT SiteWise. Each value is a timestamp-quality-value (TQV) data point. For more information, see Ingesting data using the API in the AWS IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

With respect to Unix epoch time, AWS IoT SiteWise accepts only TQVs that have a timestamp of no more than 7 days in the past and no more than 10 minutes in the future. AWS IoT SiteWise rejects timestamps outside of the inclusive range of [-7 days, +10 minutes] and returns a TimestampOutOfRangeException error.

For each asset property, AWS IoT SiteWise overwrites TQVs with duplicate timestamps unless the newer TQV has a different quality. For example, if you store a TQV {T1, GOOD, V1}, then storing {T1, GOOD, V2} replaces the existing TQV.

AWS IoT SiteWise authorizes access to each BatchPutAssetPropertyValue entry individually. For more information, see BatchPutAssetPropertyValue authorization in the AWS IoT SiteWise User Guide.

", - "CreateAccessPolicy": "

Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.

", - "CreateAsset": "

Creates an asset from an existing asset model. For more information, see Creating assets in the AWS IoT SiteWise User Guide.

", - "CreateAssetModel": "

Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see Defining asset models in the AWS IoT SiteWise User Guide.

", - "CreateDashboard": "

Creates a dashboard in an AWS IoT SiteWise Monitor project.

", - "CreateGateway": "

Creates a gateway, which is a virtual or edge device that delivers industrial data streams from local servers to AWS IoT SiteWise. For more information, see Ingesting data using a gateway in the AWS IoT SiteWise User Guide.

", - "CreatePortal": "

Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise Monitor uses AWS SSO or IAM to authenticate portal users and manage user permissions.

Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide.

", + "AssociateAssets": "

Associates a child asset with the given parent asset through a hierarchy defined in the parent asset's model. For more information, see Associating assets in the IoT SiteWise User Guide.

", + "BatchAssociateProjectAssets": "

Associates a group (batch) of assets with an IoT SiteWise Monitor project.

", + "BatchDisassociateProjectAssets": "

Disassociates a group (batch) of assets from an IoT SiteWise Monitor project.

", + "BatchPutAssetPropertyValue": "

Sends a list of asset property values to IoT SiteWise. Each value is a timestamp-quality-value (TQV) data point. For more information, see Ingesting data using the API in the IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

With respect to Unix epoch time, IoT SiteWise accepts only TQVs that have a timestamp of no more than 7 days in the past and no more than 10 minutes in the future. IoT SiteWise rejects timestamps outside of the inclusive range of [-7 days, +10 minutes] and returns a TimestampOutOfRangeException error.

For each asset property, IoT SiteWise overwrites TQVs with duplicate timestamps unless the newer TQV has a different quality. For example, if you store a TQV {T1, GOOD, V1}, then storing {T1, GOOD, V2} replaces the existing TQV.

IoT SiteWise authorizes access to each BatchPutAssetPropertyValue entry individually. For more information, see BatchPutAssetPropertyValue authorization in the IoT SiteWise User Guide.

", + "CreateAccessPolicy": "

Creates an access policy that grants the specified identity (Amazon Web Services SSO user, Amazon Web Services SSO group, or IAM user) access to the specified IoT SiteWise Monitor portal or project resource.

", + "CreateAsset": "

Creates an asset from an existing asset model. For more information, see Creating assets in the IoT SiteWise User Guide.

", + "CreateAssetModel": "

Creates an asset model from specified property and hierarchy definitions. You create assets from asset models. With asset models, you can easily create assets of the same type that have standardized definitions. Each asset created from a model inherits the asset model's property and hierarchy definitions. For more information, see Defining asset models in the IoT SiteWise User Guide.

", + "CreateDashboard": "

Creates a dashboard in an IoT SiteWise Monitor project.

", + "CreateGateway": "

Creates a gateway, which is a virtual or edge device that delivers industrial data streams from local servers to IoT SiteWise. For more information, see Ingesting data using a gateway in the IoT SiteWise User Guide.

", + "CreatePortal": "

Creates a portal, which can contain projects and dashboards. IoT SiteWise Monitor uses Amazon Web Services SSO or IAM to authenticate portal users and manage user permissions.

Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the IoT SiteWise User Guide.

", "CreateProject": "

Creates a project in the specified portal.

", - "DeleteAccessPolicy": "

Deletes an access policy that grants the specified identity access to the specified AWS IoT SiteWise Monitor resource. You can use this operation to revoke access to an AWS IoT SiteWise Monitor resource.

", - "DeleteAsset": "

Deletes an asset. This action can't be undone. For more information, see Deleting assets and models in the AWS IoT SiteWise User Guide.

You can't delete an asset that's associated to another asset. For more information, see DisassociateAssets.

", - "DeleteAssetModel": "

Deletes an asset model. This action can't be undone. You must delete all assets created from an asset model before you can delete the model. Also, you can't delete an asset model if a parent asset model exists that contains a property formula expression that depends on the asset model that you want to delete. For more information, see Deleting assets and models in the AWS IoT SiteWise User Guide.

", - "DeleteDashboard": "

Deletes a dashboard from AWS IoT SiteWise Monitor.

", - "DeleteGateway": "

Deletes a gateway from AWS IoT SiteWise. When you delete a gateway, some of the gateway's files remain in your gateway's file system.

", - "DeletePortal": "

Deletes a portal from AWS IoT SiteWise Monitor.

", - "DeleteProject": "

Deletes a project from AWS IoT SiteWise Monitor.

", - "DescribeAccessPolicy": "

Describes an access policy, which specifies an identity's access to an AWS IoT SiteWise Monitor portal or project.

", + "DeleteAccessPolicy": "

Deletes an access policy that grants the specified identity access to the specified IoT SiteWise Monitor resource. You can use this operation to revoke access to an IoT SiteWise Monitor resource.

", + "DeleteAsset": "

Deletes an asset. This action can't be undone. For more information, see Deleting assets and models in the IoT SiteWise User Guide.

You can't delete an asset that's associated to another asset. For more information, see DisassociateAssets.

", + "DeleteAssetModel": "

Deletes an asset model. This action can't be undone. You must delete all assets created from an asset model before you can delete the model. Also, you can't delete an asset model if a parent asset model exists that contains a property formula expression that depends on the asset model that you want to delete. For more information, see Deleting assets and models in the IoT SiteWise User Guide.

", + "DeleteDashboard": "

Deletes a dashboard from IoT SiteWise Monitor.

", + "DeleteGateway": "

Deletes a gateway from IoT SiteWise. When you delete a gateway, some of the gateway's files remain in your gateway's file system.

", + "DeletePortal": "

Deletes a portal from IoT SiteWise Monitor.

", + "DeleteProject": "

Deletes a project from IoT SiteWise Monitor.

", + "DescribeAccessPolicy": "

Describes an access policy, which specifies an identity's access to an IoT SiteWise Monitor portal or project.

", "DescribeAsset": "

Retrieves information about an asset.

", "DescribeAssetModel": "

Retrieves information about an asset model.

", "DescribeAssetProperty": "

Retrieves information about an asset property.

When you call this operation for an attribute property, this response includes the default attribute value that you define in the asset model. If you update the default value in the model, this operation's response includes the new default value.

This operation doesn't return the value of the asset property. To get the value of an asset property, use GetAssetPropertyValue.

", "DescribeDashboard": "

Retrieves information about a dashboard.

", - "DescribeDefaultEncryptionConfiguration": "

Retrieves information about the default encryption configuration for the AWS account in the default or specified region. For more information, see Key management in the AWS IoT SiteWise User Guide.

", + "DescribeDefaultEncryptionConfiguration": "

Retrieves information about the default encryption configuration for the Amazon Web Services account in the default or specified Region. For more information, see Key management in the IoT SiteWise User Guide.

", "DescribeGateway": "

Retrieves information about a gateway.

", - "DescribeGatewayCapabilityConfiguration": "

Retrieves information about a gateway capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the AWS IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.

", - "DescribeLoggingOptions": "

Retrieves the current AWS IoT SiteWise logging options.

", + "DescribeGatewayCapabilityConfiguration": "

Retrieves information about a gateway capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.

", + "DescribeLoggingOptions": "

Retrieves the current IoT SiteWise logging options.

", "DescribePortal": "

Retrieves information about a portal.

", "DescribeProject": "

Retrieves information about a project.

", + "DescribeStorageConfiguration": "

Retrieves information about the storage configuration for IoT SiteWise.

", "DisassociateAssets": "

Disassociates a child asset from the given parent asset through a hierarchy defined in the parent asset's model.

", - "GetAssetPropertyAggregates": "

Gets aggregated values for an asset property. For more information, see Querying aggregates in the AWS IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

", - "GetAssetPropertyValue": "

Gets an asset property's current value. For more information, see Querying current values in the AWS IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

", - "GetAssetPropertyValueHistory": "

Gets the history of an asset property's values. For more information, see Querying historical values in the AWS IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

", - "GetInterpolatedAssetPropertyValues": "

Get interpolated values for an asset property for a specified time interval, during a period of time. For example, you can use the this operation to return the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days.

This API isn't available in China (Beijing).

To identify an asset property, you must specify one of the following:

", - "ListAccessPolicies": "

Retrieves a paginated list of access policies for an identity (an AWS SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource (a portal or project).

", + "GetAssetPropertyAggregates": "

Gets aggregated values for an asset property. For more information, see Querying aggregates in the IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

", + "GetAssetPropertyValue": "

Gets an asset property's current value. For more information, see Querying current values in the IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

", + "GetAssetPropertyValueHistory": "

Gets the history of an asset property's values. For more information, see Querying historical values in the IoT SiteWise User Guide.

To identify an asset property, you must specify one of the following:

", + "GetInterpolatedAssetPropertyValues": "

Get interpolated values for an asset property for a specified time interval, during a period of time. For example, you can use the this operation to return the interpolated temperature values for a wind turbine every 24 hours over a duration of 7 days.

To identify an asset property, you must specify one of the following:

", + "ListAccessPolicies": "

Retrieves a paginated list of access policies for an identity (an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user) or an IoT SiteWise Monitor resource (a portal or project).

", "ListAssetModels": "

Retrieves a paginated list of summaries of all asset models.

", "ListAssetRelationships": "

Retrieves a paginated list of asset relationships for an asset. You can use this operation to identify an asset's root asset and all associated assets between that asset and its root.

", "ListAssets": "

Retrieves a paginated list of asset summaries.

You can use this operation to do the following:

You can't use this operation to list all assets. To retrieve summaries for all of your assets, use ListAssetModels to get all of your asset model IDs. Then, use ListAssets to get all assets for each asset model.

", "ListAssociatedAssets": "

Retrieves a paginated list of associated assets.

You can use this operation to do the following:

", - "ListDashboards": "

Retrieves a paginated list of dashboards for an AWS IoT SiteWise Monitor project.

", + "ListDashboards": "

Retrieves a paginated list of dashboards for an IoT SiteWise Monitor project.

", "ListGateways": "

Retrieves a paginated list of gateways.

", - "ListPortals": "

Retrieves a paginated list of AWS IoT SiteWise Monitor portals.

", - "ListProjectAssets": "

Retrieves a paginated list of assets associated with an AWS IoT SiteWise Monitor project.

", - "ListProjects": "

Retrieves a paginated list of projects for an AWS IoT SiteWise Monitor portal.

", - "ListTagsForResource": "

Retrieves the list of tags for an AWS IoT SiteWise resource.

", - "PutDefaultEncryptionConfiguration": "

Sets the default encryption configuration for the AWS account. For more information, see Key management in the AWS IoT SiteWise User Guide.

", - "PutLoggingOptions": "

Sets logging options for AWS IoT SiteWise.

", - "TagResource": "

Adds tags to an AWS IoT SiteWise resource. If a tag already exists for the resource, this operation updates the tag's value.

", - "UntagResource": "

Removes a tag from an AWS IoT SiteWise resource.

", - "UpdateAccessPolicy": "

Updates an existing access policy that specifies an identity's access to an AWS IoT SiteWise Monitor portal or project resource.

", - "UpdateAsset": "

Updates an asset's name. For more information, see Updating assets and models in the AWS IoT SiteWise User Guide.

", - "UpdateAssetModel": "

Updates an asset model and all of the assets that were created from the model. Each asset created from the model inherits the updated asset model's property and hierarchy definitions. For more information, see Updating assets and models in the AWS IoT SiteWise User Guide.

This operation overwrites the existing model with the provided model. To avoid deleting your asset model's properties or hierarchies, you must include their IDs and definitions in the updated asset model payload. For more information, see DescribeAssetModel.

If you remove a property from an asset model, AWS IoT SiteWise deletes all previous data for that property. If you remove a hierarchy definition from an asset model, AWS IoT SiteWise disassociates every asset associated with that hierarchy. You can't change the type or data type of an existing property.

", + "ListPortals": "

Retrieves a paginated list of IoT SiteWise Monitor portals.

", + "ListProjectAssets": "

Retrieves a paginated list of assets associated with an IoT SiteWise Monitor project.

", + "ListProjects": "

Retrieves a paginated list of projects for an IoT SiteWise Monitor portal.

", + "ListTagsForResource": "

Retrieves the list of tags for an IoT SiteWise resource.

", + "PutDefaultEncryptionConfiguration": "

Sets the default encryption configuration for the Amazon Web Services account. For more information, see Key management in the IoT SiteWise User Guide.

", + "PutLoggingOptions": "

Sets logging options for IoT SiteWise.

", + "PutStorageConfiguration": "

Configures storage settings for IoT SiteWise.

", + "TagResource": "

Adds tags to an IoT SiteWise resource. If a tag already exists for the resource, this operation updates the tag's value.

", + "UntagResource": "

Removes a tag from an IoT SiteWise resource.

", + "UpdateAccessPolicy": "

Updates an existing access policy that specifies an identity's access to an IoT SiteWise Monitor portal or project resource.

", + "UpdateAsset": "

Updates an asset's name. For more information, see Updating assets and models in the IoT SiteWise User Guide.

", + "UpdateAssetModel": "

Updates an asset model and all of the assets that were created from the model. Each asset created from the model inherits the updated asset model's property and hierarchy definitions. For more information, see Updating assets and models in the IoT SiteWise User Guide.

This operation overwrites the existing model with the provided model. To avoid deleting your asset model's properties or hierarchies, you must include their IDs and definitions in the updated asset model payload. For more information, see DescribeAssetModel.

If you remove a property from an asset model, IoT SiteWise deletes all previous data for that property. If you remove a hierarchy definition from an asset model, IoT SiteWise disassociates every asset associated with that hierarchy. You can't change the type or data type of an existing property.

", "UpdateAssetProperty": "

Updates an asset property's alias and notification state.

This operation overwrites the property's existing alias and notification state. To keep your existing property's alias or notification state, you must include the existing values in the UpdateAssetProperty request. For more information, see DescribeAssetProperty.

", - "UpdateDashboard": "

Updates an AWS IoT SiteWise Monitor dashboard.

", + "UpdateDashboard": "

Updates an IoT SiteWise Monitor dashboard.

", "UpdateGateway": "

Updates a gateway's name.

", - "UpdateGatewayCapabilityConfiguration": "

Updates a gateway capability configuration or defines a new capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the AWS IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.

", - "UpdatePortal": "

Updates an AWS IoT SiteWise Monitor portal.

", - "UpdateProject": "

Updates an AWS IoT SiteWise Monitor project.

" + "UpdateGatewayCapabilityConfiguration": "

Updates a gateway capability configuration or defines a new capability configuration. Each gateway capability defines data sources for a gateway. A capability configuration can contain multiple data source configurations. If you define OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA sources are stored in one capability configuration. To list all capability configurations for a gateway, use DescribeGateway.

", + "UpdatePortal": "

Updates an IoT SiteWise Monitor portal.

", + "UpdateProject": "

Updates an IoT SiteWise Monitor project.

" }, "shapes": { "ARN": { "base": null, "refs": { - "Alarms$alarmRoleArn": "

The ARN of the IAM role that allows the alarm to perform actions and access AWS resources, including AWS IoT Events.

", - "Alarms$notificationLambdaArn": "

The ARN of the AWS Lambda function that manages alarm notifications. For more information, see Managing alarm notifications in the AWS IoT Events Developer Guide.

", + "Alarms$alarmRoleArn": "

The ARN of the IAM role that allows the alarm to perform actions and access Amazon Web Services resources and services, such as IoT Events.

", + "Alarms$notificationLambdaArn": "

The ARN of the Lambda function that manages alarm notifications. For more information, see Managing alarm notifications in the IoT Events Developer Guide.

", "AssetModelSummary$arn": "

The ARN of the asset model, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:asset-model/${AssetModelId}

", "AssetSummary$arn": "

The ARN of the asset, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

", "AssociatedAssetsSummary$arn": "

The ARN of the asset, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

", @@ -75,25 +77,27 @@ "CreateAssetResponse$assetArn": "

The ARN of the asset, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

", "CreateDashboardResponse$dashboardArn": "

The ARN of the dashboard, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:dashboard/${DashboardId}

", "CreateGatewayResponse$gatewayArn": "

The ARN of the gateway, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:gateway/${GatewayId}

", - "CreatePortalRequest$roleArn": "

The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.

", + "CreatePortalRequest$roleArn": "

The ARN of a service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.

", "CreatePortalResponse$portalArn": "

The ARN of the portal, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}

", "CreateProjectResponse$projectArn": "

The ARN of the project, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:project/${ProjectId}

", + "CustomerManagedS3Storage$s3ResourceArn": "

The ARN of the Amazon S3 object. For more information about how to find the ARN for an Amazon S3 object, see Amazon S3 resources in the Amazon Simple Storage Service User Guide.

", + "CustomerManagedS3Storage$roleArn": "

The ARN of the Identity and Access Management role that allows IoT SiteWise to send data to Amazon S3.

", "DescribeAccessPolicyResponse$accessPolicyArn": "

The ARN of the access policy, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

", "DescribeAssetModelResponse$assetModelArn": "

The ARN of the asset model, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:asset-model/${AssetModelId}

", "DescribeAssetResponse$assetArn": "

The ARN of the asset, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:asset/${AssetId}

", "DescribeDashboardResponse$dashboardArn": "

The ARN of the dashboard, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:dashboard/${DashboardId}

", - "DescribeDefaultEncryptionConfigurationResponse$kmsKeyArn": "

The key ARN of the customer managed customer master key (CMK) used for AWS KMS encryption if you use KMS_BASED_ENCRYPTION.

", + "DescribeDefaultEncryptionConfigurationResponse$kmsKeyArn": "

The key ARN of the customer managed customer master key (CMK) used for KMS encryption if you use KMS_BASED_ENCRYPTION.

", "DescribeGatewayResponse$gatewayArn": "

The ARN of the gateway, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:gateway/${GatewayId}

", "DescribePortalResponse$portalArn": "

The ARN of the portal, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}

", - "DescribePortalResponse$roleArn": "

The ARN of the service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.

", + "DescribePortalResponse$roleArn": "

The ARN of the service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.

", "DescribeProjectResponse$projectArn": "

The ARN of the project, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:project/${ProjectId}

", - "Greengrass$groupArn": "

The ARN of the Greengrass group. For more information about how to find a group's ARN, see ListGroups and GetGroup in the AWS IoT Greengrass API Reference.

", + "Greengrass$groupArn": "

The ARN of the Greengrass group. For more information about how to find a group's ARN, see ListGroups and GetGroup in the IoT Greengrass API Reference.

", "IAMRoleIdentity$arn": "

The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide.

", "IAMUserIdentity$arn": "

The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide.

If you delete the IAM user, access policies that contain this identity include an empty arn. You can delete the access policy for the IAM user that no longer exists.

", "ListAccessPoliciesRequest$iamArn": "

The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide. This parameter is required if you specify IAM for identityType.

", - "PortalSummary$roleArn": "

The ARN of the service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.

", - "PutDefaultEncryptionConfigurationResponse$kmsKeyArn": "

The Key ARN of the AWS KMS CMK used for AWS KMS encryption if you use KMS_BASED_ENCRYPTION.

", - "UpdatePortalRequest$roleArn": "

The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide.

" + "PortalSummary$roleArn": "

The ARN of the service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.

", + "PutDefaultEncryptionConfigurationResponse$kmsKeyArn": "

The Key ARN of the KMS CMK used for KMS encryption if you use KMS_BASED_ENCRYPTION.

", + "UpdatePortalRequest$roleArn": "

The ARN of a service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide.

" } }, "AccessPolicySummaries": { @@ -103,7 +107,7 @@ } }, "AccessPolicySummary": { - "base": "

Contains an access policy that defines an identity's access to an AWS IoT SiteWise Monitor resource.

", + "base": "

Contains an access policy that defines an identity's access to an IoT SiteWise Monitor resource.

", "refs": { "AccessPolicySummaries$member": null } @@ -150,11 +154,11 @@ } }, "Alarms": { - "base": "

Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see .

", + "base": "

Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide.

", "refs": { - "CreatePortalRequest$alarms": "

Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see .

", - "DescribePortalResponse$alarms": "

Contains the configuration information of an alarm created in a AWS IoT SiteWise Monitor portal.

", - "UpdatePortalRequest$alarms": "

Contains the configuration information of an alarm created in an AWS IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see .

" + "CreatePortalRequest$alarms": "

Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide.

", + "DescribePortalResponse$alarms": "

Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal.

", + "UpdatePortalRequest$alarms": "

Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide.

" } }, "AmazonResourceName": { @@ -252,7 +256,7 @@ "base": null, "refs": { "DescribeAssetModelResponse$assetModelHierarchies": "

A list of asset model hierarchies that each contain a childAssetModelId and a hierarchyId (named id). A hierarchy specifies allowed parent/child asset relationships for an asset model.

", - "UpdateAssetModelRequest$assetModelHierarchies": "

The updated hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.

You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.

" + "UpdateAssetModelRequest$assetModelHierarchies": "

The updated hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.

You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the IoT SiteWise User Guide.

" } }, "AssetModelHierarchy": { @@ -270,7 +274,7 @@ "AssetModelHierarchyDefinitions": { "base": null, "refs": { - "CreateAssetModelRequest$assetModelHierarchies": "

The hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.

You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.

" + "CreateAssetModelRequest$assetModelHierarchies": "

The hierarchy definitions of the asset model. Each hierarchy specifies an asset model whose assets can be children of any other assets created from this asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.

You can specify up to 10 hierarchies per asset model. For more information, see Quotas in the IoT SiteWise User Guide.

" } }, "AssetModelProperties": { @@ -278,7 +282,7 @@ "refs": { "AssetModelCompositeModel$properties": "

The asset property definitions for this composite model.

", "DescribeAssetModelResponse$assetModelProperties": "

The list of asset properties for the asset model.

This object doesn't include properties that you define in composite models. You can find composite model properties in the assetModelCompositeModels object.

", - "UpdateAssetModelRequest$assetModelProperties": "

The updated property definitions of the asset model. For more information, see Asset properties in the AWS IoT SiteWise User Guide.

You can specify up to 200 properties per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.

" + "UpdateAssetModelRequest$assetModelProperties": "

The updated property definitions of the asset model. For more information, see Asset properties in the IoT SiteWise User Guide.

You can specify up to 200 properties per asset model. For more information, see Quotas in the IoT SiteWise User Guide.

" } }, "AssetModelProperty": { @@ -297,7 +301,7 @@ "base": null, "refs": { "AssetModelCompositeModelDefinition$properties": "

The asset property definitions for this composite model.

", - "CreateAssetModelRequest$assetModelProperties": "

The property definitions of the asset model. For more information, see Asset properties in the AWS IoT SiteWise User Guide.

You can specify up to 200 properties per asset model. For more information, see Quotas in the AWS IoT SiteWise User Guide.

" + "CreateAssetModelRequest$assetModelProperties": "

The property definitions of the asset model. For more information, see Asset properties in the IoT SiteWise User Guide.

You can specify up to 200 properties per asset model. For more information, see Quotas in the IoT SiteWise User Guide.

" } }, "AssetModelState": { @@ -307,7 +311,7 @@ } }, "AssetModelStatus": { - "base": "

Contains current status information for an asset model. For more information, see Asset and model states in the AWS IoT SiteWise User Guide.

", + "base": "

Contains current status information for an asset model. For more information, see Asset and model states in the IoT SiteWise User Guide.

", "refs": { "AssetModelSummary$status": "

The current status of the asset model.

", "CreateAssetModelResponse$assetModelStatus": "

The status of the asset model, which contains a state (CREATING after successfully calling this operation) and any error message.

", @@ -344,11 +348,11 @@ "AssetPropertyAlias": { "base": null, "refs": { - "GetAssetPropertyAggregatesRequest$propertyAlias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

", - "GetAssetPropertyValueHistoryRequest$propertyAlias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

", - "GetAssetPropertyValueRequest$propertyAlias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

", - "GetInterpolatedAssetPropertyValuesRequest$propertyAlias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

", - "PutAssetPropertyValueEntry$propertyAlias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

" + "GetAssetPropertyAggregatesRequest$propertyAlias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

", + "GetAssetPropertyValueHistoryRequest$propertyAlias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

", + "GetAssetPropertyValueRequest$propertyAlias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

", + "GetInterpolatedAssetPropertyValuesRequest$propertyAlias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

", + "PutAssetPropertyValueEntry$propertyAlias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

" } }, "AssetPropertyValue": { @@ -396,7 +400,7 @@ } }, "AssetStatus": { - "base": "

Contains information about the current status of an asset. For more information, see Asset and model states in the AWS IoT SiteWise User Guide.

", + "base": "

Contains information about the current status of an asset. For more information, see Asset and model states in the IoT SiteWise User Guide.

", "refs": { "AssetSummary$status": "

The current status of the asset.

", "AssociatedAssetsSummary$status": "

The current status of the asset.

", @@ -436,7 +440,7 @@ } }, "Attribute": { - "base": "

Contains an asset attribute property. For more information, see Attributes in the AWS IoT SiteWise User Guide.

", + "base": "

Contains an asset attribute property. For more information, see Attributes in the IoT SiteWise User Guide.

", "refs": { "PropertyType$attribute": "

Specifies an asset attribute property. An attribute generally contains static information, such as the serial number of an IIoT wind turbine.

" } @@ -444,7 +448,7 @@ "AuthMode": { "base": null, "refs": { - "CreatePortalRequest$portalAuthMode": "

The service to use to authenticate users to the portal. Choose from the following options:

You can't change this value after you create a portal.

Default: SSO

", + "CreatePortalRequest$portalAuthMode": "

The service to use to authenticate users to the portal. Choose from the following options:

You can't change this value after you create a portal.

Default: SSO

", "DescribePortalResponse$portalAuthMode": "

The service to use to authenticate users to the portal.

" } }, @@ -523,17 +527,17 @@ "CapabilityConfiguration": { "base": null, "refs": { - "DescribeGatewayCapabilityConfigurationResponse$capabilityConfiguration": "

The JSON document that defines the gateway capability's configuration. For more information, see Configuring data sources (CLI) in the AWS IoT SiteWise User Guide.

", - "UpdateGatewayCapabilityConfigurationRequest$capabilityConfiguration": "

The JSON document that defines the configuration for the gateway capability. For more information, see Configuring data sources (CLI) in the AWS IoT SiteWise User Guide.

" + "DescribeGatewayCapabilityConfigurationResponse$capabilityConfiguration": "

The JSON document that defines the gateway capability's configuration. For more information, see Configuring data sources (CLI) in the IoT SiteWise User Guide.

", + "UpdateGatewayCapabilityConfigurationRequest$capabilityConfiguration": "

The JSON document that defines the configuration for the gateway capability. For more information, see Configuring data sources (CLI) in the IoT SiteWise User Guide.

" } }, "CapabilityNamespace": { "base": null, "refs": { - "DescribeGatewayCapabilityConfigurationRequest$capabilityNamespace": "

The namespace of the capability configuration. For example, if you configure OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

", + "DescribeGatewayCapabilityConfigurationRequest$capabilityNamespace": "

The namespace of the capability configuration. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

", "DescribeGatewayCapabilityConfigurationResponse$capabilityNamespace": "

The namespace of the gateway capability.

", - "GatewayCapabilitySummary$capabilityNamespace": "

The namespace of the capability configuration. For example, if you configure OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

", - "UpdateGatewayCapabilityConfigurationRequest$capabilityNamespace": "

The namespace of the gateway capability configuration to be updated. For example, if you configure OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

", + "GatewayCapabilitySummary$capabilityNamespace": "

The namespace of the capability configuration. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

", + "UpdateGatewayCapabilityConfigurationRequest$capabilityNamespace": "

The namespace of the gateway capability configuration to be updated. For example, if you configure OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, where version is a number such as 1.

", "UpdateGatewayCapabilityConfigurationResponse$capabilityNamespace": "

The namespace of the gateway capability.

" } }, @@ -580,7 +584,7 @@ } }, "ConfigurationErrorDetails": { - "base": "

Contains the details of an AWS IoT SiteWise configuration error.

", + "base": "

Contains the details of an IoT SiteWise configuration error.

", "refs": { "ConfigurationStatus$error": "

Contains associated error information, if any.

" } @@ -595,7 +599,9 @@ "base": "

Contains current status information for the configuration.

", "refs": { "DescribeDefaultEncryptionConfigurationResponse$configurationStatus": "

The status of the account configuration. This contains the ConfigurationState. If there's an error, it also contains the ErrorDetails.

", - "PutDefaultEncryptionConfigurationResponse$configurationStatus": "

The status of the account configuration. This contains the ConfigurationState. If there is an error, it also contains the ErrorDetails.

" + "DescribeStorageConfigurationResponse$configurationStatus": null, + "PutDefaultEncryptionConfigurationResponse$configurationStatus": "

The status of the account configuration. This contains the ConfigurationState. If there is an error, it also contains the ErrorDetails.

", + "PutStorageConfigurationResponse$configurationStatus": null } }, "ConflictingOperationException": { @@ -673,12 +679,18 @@ "refs": { } }, + "CustomerManagedS3Storage": { + "base": "

Contains information about a customer managed Amazon S3 bucket.

", + "refs": { + "MultiLayerStorage$customerManagedS3Storage": "

Contains information about a customer managed Amazon S3 bucket.

" + } + }, "DashboardDefinition": { "base": null, "refs": { - "CreateDashboardRequest$dashboardDefinition": "

The dashboard definition specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the AWS IoT SiteWise User Guide.

", - "DescribeDashboardResponse$dashboardDefinition": "

The dashboard's definition JSON literal. For detailed information, see Creating dashboards (CLI) in the AWS IoT SiteWise User Guide.

", - "UpdateDashboardRequest$dashboardDefinition": "

The new dashboard definition, as specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the AWS IoT SiteWise User Guide.

" + "CreateDashboardRequest$dashboardDefinition": "

The dashboard definition specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the IoT SiteWise User Guide.

", + "DescribeDashboardResponse$dashboardDefinition": "

The dashboard's definition JSON literal. For detailed information, see Creating dashboards (CLI) in the IoT SiteWise User Guide.

", + "UpdateDashboardRequest$dashboardDefinition": "

The new dashboard definition, as specified in a JSON literal. For detailed information, see Creating dashboards (CLI) in the IoT SiteWise User Guide.

" } }, "DashboardSummaries": { @@ -696,7 +708,7 @@ "DefaultValue": { "base": null, "refs": { - "Attribute$defaultValue": "

The default value of the asset model property attribute. All assets that you create from the asset model contain this attribute value. You can update an attribute's value after you create an asset. For more information, see Updating attribute values in the AWS IoT SiteWise User Guide.

" + "Attribute$defaultValue": "

The default value of the asset model property attribute. All assets that you create from the asset model contain this attribute value. You can update an attribute's value after you create an asset. For more information, see Updating attribute values in the IoT SiteWise User Guide.

" } }, "DeleteAccessPolicyRequest": { @@ -874,6 +886,16 @@ "refs": { } }, + "DescribeStorageConfigurationRequest": { + "base": null, + "refs": { + } + }, + "DescribeStorageConfigurationResponse": { + "base": null, + "refs": { + } + }, "Description": { "base": null, "refs": { @@ -906,11 +928,11 @@ "Email": { "base": null, "refs": { - "CreatePortalRequest$portalContactEmail": "

The AWS administrator's contact email address.

", - "CreatePortalRequest$notificationSenderEmail": "

The email address that sends alarm notifications.

If you use the AWS IoT Events managed AWS Lambda function to manage your emails, you must verify the sender email address in Amazon SES.

", - "DescribePortalResponse$portalContactEmail": "

The AWS administrator's contact email address.

", + "CreatePortalRequest$portalContactEmail": "

The Amazon Web Services administrator's contact email address.

", + "CreatePortalRequest$notificationSenderEmail": "

The email address that sends alarm notifications.

If you use the IoT Events managed Lambda function to manage your emails, you must verify the sender email address in Amazon SES.

", + "DescribePortalResponse$portalContactEmail": "

The Amazon Web Services administrator's contact email address.

", "DescribePortalResponse$notificationSenderEmail": "

The email address that sends alarm notifications.

", - "UpdatePortalRequest$portalContactEmail": "

The AWS administrator's contact email address.

", + "UpdatePortalRequest$portalContactEmail": "

The Amazon Web Services administrator's contact email address.

", "UpdatePortalRequest$notificationSenderEmail": "

The email address that sends alarm notifications.

" } }, @@ -937,7 +959,7 @@ } }, "ErrorDetails": { - "base": "

Contains the details of an AWS IoT SiteWise error.

", + "base": "

Contains the details of an IoT SiteWise error.

", "refs": { "AssetModelStatus$error": "

Contains associated error information, if any.

", "AssetStatus$error": "

Contains associated error information, if any.

" @@ -969,8 +991,8 @@ "Expression": { "base": null, "refs": { - "Metric$expression": "

The mathematical expression that defines the metric aggregation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.

For more information, see Quotas in the AWS IoT SiteWise User Guide.

", - "Transform$expression": "

The mathematical expression that defines the transformation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.

For more information, see Quotas in the AWS IoT SiteWise User Guide.

" + "Metric$expression": "

The mathematical expression that defines the metric aggregation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.

For more information, see Quotas in the IoT SiteWise User Guide.

", + "Transform$expression": "

The mathematical expression that defines the transformation function. You can specify up to 10 variables per expression. You can specify up to 10 functions per expression.

For more information, see Quotas in the IoT SiteWise User Guide.

" } }, "ExpressionVariable": { @@ -1059,25 +1081,25 @@ } }, "Greengrass": { - "base": "

Contains details for a gateway that runs on AWS IoT Greengrass. To create a gateway that runs on AWS IoT Greengrass, you must add the IoT SiteWise connector to a Greengrass group and deploy it. Your Greengrass group must also have permissions to upload data to AWS IoT SiteWise. For more information, see Ingesting data using a gateway in the AWS IoT SiteWise User Guide.

", + "base": "

Contains details for a gateway that runs on IoT Greengrass. To create a gateway that runs on IoT Greengrass, you must add the IoT SiteWise connector to a Greengrass group and deploy it. Your Greengrass group must also have permissions to upload data to IoT SiteWise. For more information, see Ingesting data using a gateway in the IoT SiteWise User Guide.

", "refs": { - "GatewayPlatform$greengrass": "

A gateway that runs on AWS IoT Greengrass.

" + "GatewayPlatform$greengrass": "

A gateway that runs on IoT Greengrass.

" } }, "GroupIdentity": { "base": "

Contains information for a group identity in an access policy.

", "refs": { - "Identity$group": "

An AWS SSO group identity.

" + "Identity$group": "

An Amazon Web Services SSO group identity.

" } }, "IAMRoleIdentity": { - "base": "

Contains information about an AWS Identity and Access Management (IAM) role. For more information, see IAM roles in the IAM User Guide.

", + "base": "

Contains information about an Identity and Access Management role. For more information, see IAM roles in the IAM User Guide.

", "refs": { "Identity$iamRole": "

An IAM role identity.

" } }, "IAMUserIdentity": { - "base": "

Contains information about an AWS Identity and Access Management (IAM) user.

", + "base": "

Contains information about an Identity and Access Management user.

", "refs": { "Identity$iamUser": "

An IAM user identity.

" } @@ -1095,24 +1117,24 @@ "AssetModelHierarchy$childAssetModelId": "

The ID of the asset model. All assets in this hierarchy must be instances of the childAssetModelId asset model.

", "AssetModelHierarchyDefinition$childAssetModelId": "

The ID of an asset model for this hierarchy.

", "AssetModelProperty$id": "

The ID of the asset model property.

", - "AssetModelSummary$id": "

The ID of the asset model (used with AWS IoT SiteWise APIs).

", + "AssetModelSummary$id": "

The ID of the asset model (used with IoT SiteWise APIs).

", "AssetProperty$id": "

The ID of the asset property.

", "AssetSummary$id": "

The ID of the asset.

", "AssetSummary$assetModelId": "

The ID of the asset model used to create this asset.

", "AssociateAssetsRequest$assetId": "

The ID of the parent asset.

", - "AssociateAssetsRequest$hierarchyId": "

The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.

", + "AssociateAssetsRequest$hierarchyId": "

The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.

", "AssociateAssetsRequest$childAssetId": "

The ID of the child asset to be associated.

", "AssociatedAssetsSummary$id": "

The ID of the asset.

", "AssociatedAssetsSummary$assetModelId": "

The ID of the asset model used to create the asset.

", "BatchAssociateProjectAssetsRequest$projectId": "

The ID of the project to which to associate the assets.

", "BatchDisassociateProjectAssetsRequest$projectId": "

The ID of the project from which to disassociate the assets.

", "CreateAccessPolicyResponse$accessPolicyId": "

The ID of the access policy.

", - "CreateAssetModelResponse$assetModelId": "

The ID of the asset model. You can use this ID when you call other AWS IoT SiteWise APIs.

", + "CreateAssetModelResponse$assetModelId": "

The ID of the asset model. You can use this ID when you call other IoT SiteWise APIs.

", "CreateAssetRequest$assetModelId": "

The ID of the asset model from which to create the asset.

", - "CreateAssetResponse$assetId": "

The ID of the asset. This ID uniquely identifies the asset within AWS IoT SiteWise and can be used with other AWS IoT SiteWise APIs.

", + "CreateAssetResponse$assetId": "

The ID of the asset. This ID uniquely identifies the asset within IoT SiteWise and can be used with other IoT SiteWise APIs.

", "CreateDashboardRequest$projectId": "

The ID of the project in which to create the dashboard.

", "CreateDashboardResponse$dashboardId": "

The ID of the dashboard.

", - "CreateGatewayResponse$gatewayId": "

The ID of the gateway device. You can use this ID when you call other AWS IoT SiteWise APIs.

", + "CreateGatewayResponse$gatewayId": "

The ID of the gateway device. You can use this ID when you call other IoT SiteWise APIs.

", "CreatePortalResponse$portalId": "

The ID of the created portal.

", "CreateProjectRequest$portalId": "

The ID of the portal in which to create the project.

", "CreateProjectResponse$projectId": "

The ID of the project.

", @@ -1148,7 +1170,7 @@ "DescribeProjectResponse$projectId": "

The ID of the project.

", "DescribeProjectResponse$portalId": "

The ID of the portal that the project is in.

", "DisassociateAssetsRequest$assetId": "

The ID of the parent asset from which to disassociate the child asset.

", - "DisassociateAssetsRequest$hierarchyId": "

The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. You can use the hierarchy ID to identify the correct asset to disassociate. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.

", + "DisassociateAssetsRequest$hierarchyId": "

The ID of a hierarchy in the parent asset's model. Hierarchies allow different groupings of assets to be formed that all come from the same asset model. You can use the hierarchy ID to identify the correct asset to disassociate. For more information, see Asset hierarchies in the IoT SiteWise User Guide.

", "DisassociateAssetsRequest$childAssetId": "

The ID of the child asset to disassociate.

", "GatewaySummary$gatewayId": "

The ID of the gateway device.

", "GetAssetPropertyAggregatesRequest$assetId": "

The ID of the asset.

", @@ -1166,7 +1188,7 @@ "ListAssetRelationshipsRequest$assetId": "

The ID of the asset.

", "ListAssetsRequest$assetModelId": "

The ID of the asset model by which to filter the list of assets. This parameter is required if you choose ALL for filter.

", "ListAssociatedAssetsRequest$assetId": "

The ID of the asset to query.

", - "ListAssociatedAssetsRequest$hierarchyId": "

The ID of the hierarchy by which child assets are associated to the asset. To find a hierarchy ID, use the DescribeAsset or DescribeAssetModel operations. This parameter is required if you choose CHILD for traversalDirection.

For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.

", + "ListAssociatedAssetsRequest$hierarchyId": "

The ID of the hierarchy by which child assets are associated to the asset. To find a hierarchy ID, use the DescribeAsset or DescribeAssetModel operations. This parameter is required if you choose CHILD for traversalDirection.

For more information, see Asset hierarchies in the IoT SiteWise User Guide.

", "ListDashboardsRequest$projectId": "

The ID of the project.

", "ListProjectAssetsRequest$projectId": "

The ID of the project.

", "ListProjectsRequest$portalId": "

The ID of the portal.

", @@ -1197,26 +1219,26 @@ } }, "Identity": { - "base": "

Contains an identity that can access an AWS IoT SiteWise Monitor resource.

Currently, you can't use AWS APIs to retrieve AWS SSO identity IDs. You can find the AWS SSO identity IDs in the URL of user and group pages in the AWS SSO console.

", + "base": "

Contains an identity that can access an IoT SiteWise Monitor resource.

Currently, you can't use Amazon Web Services APIs to retrieve Amazon Web Services SSO identity IDs. You can find the Amazon Web Services SSO identity IDs in the URL of user and group pages in the Amazon Web Services SSO console.

", "refs": { - "AccessPolicySummary$identity": "

The identity (an AWS SSO user, an AWS SSO group, or an IAM user).

", - "CreateAccessPolicyRequest$accessPolicyIdentity": "

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

", - "DescribeAccessPolicyResponse$accessPolicyIdentity": "

The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.

", - "UpdateAccessPolicyRequest$accessPolicyIdentity": "

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

" + "AccessPolicySummary$identity": "

The identity (an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user).

", + "CreateAccessPolicyRequest$accessPolicyIdentity": "

The identity for this access policy. Choose an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user.

", + "DescribeAccessPolicyResponse$accessPolicyIdentity": "

The identity (Amazon Web Services SSO user, Amazon Web Services SSO group, or IAM user) to which this access policy applies.

", + "UpdateAccessPolicyRequest$accessPolicyIdentity": "

The identity for this access policy. Choose an Amazon Web Services SSO user, an Amazon Web Services SSO group, or an IAM user.

" } }, "IdentityId": { "base": null, "refs": { - "GroupIdentity$id": "

The AWS SSO ID of the group.

", + "GroupIdentity$id": "

The Amazon Web Services SSO ID of the group.

", "ListAccessPoliciesRequest$identityId": "

The ID of the identity. This parameter is required if you specify USER or GROUP for identityType.

", - "UserIdentity$id": "

The AWS SSO ID of the user.

" + "UserIdentity$id": "

The Amazon Web Services SSO ID of the user.

" } }, "IdentityType": { "base": null, "refs": { - "ListAccessPoliciesRequest$identityType": "

The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter is required if you specify identityId.

" + "ListAccessPoliciesRequest$identityType": "

The type of identity (Amazon Web Services SSO user, Amazon Web Services SSO group, or IAM user). This parameter is required if you specify identityId.

" } }, "Image": { @@ -1245,13 +1267,13 @@ } }, "ImageLocation": { - "base": "

Contains an image that is uploaded to AWS IoT SiteWise and available at a URL.

", + "base": "

Contains an image that is uploaded to IoT SiteWise and available at a URL.

", "refs": { "DescribePortalResponse$portalLogoImageLocation": "

The portal's logo image, which is available at a URL.

" } }, "InternalFailureException": { - "base": "

AWS IoT SiteWise can't process your request right now. Try again later.

", + "base": "

IoT SiteWise can't process your request right now. Try again later.

", "refs": { } }, @@ -1276,7 +1298,7 @@ "Interval": { "base": null, "refs": { - "TumblingWindow$interval": "

The time interval for the tumbling window. Note that w represents weeks, d represents days, h represents hours, and m represents minutes. AWS IoT SiteWise computes the 1w interval the end of Sunday at midnight each week (UTC), the 1d interval at the end of each day at midnight (UTC), the 1h interval at the end of each hour, and so on.

When AWS IoT SiteWise aggregates data points for metric computations, the start of each interval is exclusive and the end of each interval is inclusive. AWS IoT SiteWise places the computed data point at the end of the interval.

" + "TumblingWindow$interval": "

The time interval for the tumbling window. Note that w represents weeks, d represents days, h represents hours, and m represents minutes. IoT SiteWise computes the 1w interval the end of Sunday at midnight each week (UTC), the 1d interval at the end of each day at midnight (UTC), the 1h interval at the end of each hour, and so on.

When IoT SiteWise aggregates data points for metric computations, the start of each interval is exclusive and the end of each interval is inclusive. IoT SiteWise places the computed data point at the end of the interval.

" } }, "IntervalInSeconds": { @@ -1293,11 +1315,11 @@ "KmsKeyId": { "base": null, "refs": { - "PutDefaultEncryptionConfigurationRequest$kmsKeyId": "

The Key ID of the customer managed customer master key (CMK) used for AWS KMS encryption. This is required if you use KMS_BASED_ENCRYPTION.

" + "PutDefaultEncryptionConfigurationRequest$kmsKeyId": "

The Key ID of the customer managed customer master key (CMK) used for KMS encryption. This is required if you use KMS_BASED_ENCRYPTION.

" } }, "LimitExceededException": { - "base": "

You've reached the limit for a resource. For example, this can occur if you're trying to associate more than the allowed number of child assets or attempting to create more than the allowed number of properties for an asset model.

For more information, see Quotas in the AWS IoT SiteWise User Guide.

", + "base": "

You've reached the limit for a resource. For example, this can occur if you're trying to associate more than the allowed number of child assets or attempting to create more than the allowed number of properties for an asset model.

For more information, see Quotas in the IoT SiteWise User Guide.

", "refs": { } }, @@ -1420,7 +1442,7 @@ "LoggingLevel": { "base": null, "refs": { - "LoggingOptions$level": "

The AWS IoT SiteWise logging verbosity level.

" + "LoggingOptions$level": "

The IoT SiteWise logging verbosity level.

" } }, "LoggingOptions": { @@ -1434,40 +1456,40 @@ "base": null, "refs": { "VariableValue$propertyId": "

The ID of the property to use as the variable. You can use the property name if it's from the same asset model.

", - "VariableValue$hierarchyId": "

The ID of the hierarchy to query for the property ID. You can use the hierarchy's name instead of the hierarchy's ID.

You use a hierarchy ID instead of a model ID because you can have several hierarchies using the same model and therefore the same propertyId. For example, you might have separately grouped assets that come from the same asset model. For more information, see Asset hierarchies in the AWS IoT SiteWise User Guide.

" + "VariableValue$hierarchyId": "

The ID of the hierarchy to query for the property ID. You can use the hierarchy's name instead of the hierarchy's ID.

You use a hierarchy ID instead of a model ID because you can have several hierarchies using the same model and therefore the same propertyId. For example, you might have separately grouped assets that come from the same asset model. For more information, see Asset hierarchies in the IoT SiteWise User Guide.

" } }, "MaxInterpolatedResults": { "base": null, "refs": { - "GetInterpolatedAssetPropertyValuesRequest$maxResults": "

The maximum number of results to be returned per paginated request. If not specified, the default value is 10.

" + "GetInterpolatedAssetPropertyValuesRequest$maxResults": "

The maximum number of results to return for each paginated request. If not specified, the default value is 10.

" } }, "MaxResults": { "base": null, "refs": { - "GetAssetPropertyAggregatesRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 100

", - "GetAssetPropertyValueHistoryRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 100

", - "ListAccessPoliciesRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListAssetModelsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListAssetRelationshipsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

", - "ListAssetsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListAssociatedAssetsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListDashboardsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListGatewaysRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListPortalsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListProjectAssetsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

", - "ListProjectsRequest$maxResults": "

The maximum number of results to be returned per paginated request.

Default: 50

" + "GetAssetPropertyAggregatesRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 100

", + "GetAssetPropertyValueHistoryRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 100

", + "ListAccessPoliciesRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListAssetModelsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListAssetRelationshipsRequest$maxResults": "

The maximum number of results to return for each paginated request.

", + "ListAssetsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListAssociatedAssetsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListDashboardsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListGatewaysRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListPortalsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListProjectAssetsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

", + "ListProjectsRequest$maxResults": "

The maximum number of results to return for each paginated request.

Default: 50

" } }, "Measurement": { - "base": "

Contains an asset measurement property. For more information, see Measurements in the AWS IoT SiteWise User Guide.

", + "base": "

Contains an asset measurement property. For more information, see Measurements in the IoT SiteWise User Guide.

", "refs": { "PropertyType$measurement": "

Specifies an asset measurement property. A measurement represents a device's raw sensor data stream, such as timestamped temperature values or timestamped power values.

" } }, "Metric": { - "base": "

Contains an asset metric property. With metrics, you can calculate aggregate functions, such as an average, maximum, or minimum, as specified through an expression. A metric maps several values to a single value (such as a sum).

The maximum number of dependent/cascading variables used in any one metric calculation is 10. Therefore, a root metric can have up to 10 cascading metrics in its computational dependency tree. Additionally, a metric can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.

For more information, see Metrics in the AWS IoT SiteWise User Guide.

", + "base": "

Contains an asset metric property. With metrics, you can calculate aggregate functions, such as an average, maximum, or minimum, as specified through an expression. A metric maps several values to a single value (such as a sum).

The maximum number of dependent/cascading variables used in any one metric calculation is 10. Therefore, a root metric can have up to 10 cascading metrics in its computational dependency tree. Additionally, a metric can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.

For more information, see Metrics in the IoT SiteWise User Guide.

", "refs": { "PropertyType$metric": "

Specifies an asset metric property. A metric contains a mathematical expression that uses aggregate functions to process all input data points over a time interval and output a single data point, such as to calculate the average hourly temperature.

" } @@ -1475,7 +1497,7 @@ "MetricWindow": { "base": "

Contains a time interval window used for data aggregate computations (for example, average, sum, count, and so on).

", "refs": { - "Metric$window": "

The window (time interval) over which AWS IoT SiteWise computes the metric's aggregation expression. AWS IoT SiteWise computes one data point per window.

" + "Metric$window": "

The window (time interval) over which IoT SiteWise computes the metric's aggregation expression. IoT SiteWise computes one data point per window.

" } }, "MonitorErrorCode": { @@ -1485,7 +1507,7 @@ } }, "MonitorErrorDetails": { - "base": "

Contains AWS IoT SiteWise Monitor error details.

", + "base": "

Contains IoT SiteWise Monitor error details.

", "refs": { "PortalStatus$error": "

Contains associated error information, if any.

" } @@ -1496,6 +1518,14 @@ "MonitorErrorDetails$message": "

The error message.

" } }, + "MultiLayerStorage": { + "base": "

Contains information about the storage destination.

", + "refs": { + "DescribeStorageConfigurationResponse$multiLayerStorage": "

Contains information about the storage destination.

", + "PutStorageConfigurationRequest$multiLayerStorage": "

Identifies a storage destination. If you specified MULTI_LAYER_STORAGE for the storage type, you must specify a MultiLayerStorage object.

", + "PutStorageConfigurationResponse$multiLayerStorage": "

Contains information about the storage destination.

" + } + }, "Name": { "base": null, "refs": { @@ -1596,11 +1626,11 @@ "PortalClientId": { "base": null, "refs": { - "DescribePortalResponse$portalClientId": "

The AWS SSO application generated client ID (used with AWS SSO APIs). AWS IoT SiteWise includes portalClientId for only portals that use AWS SSO to authenticate users.

" + "DescribePortalResponse$portalClientId": "

The Amazon Web Services SSO application generated client ID (used with Amazon Web Services SSO APIs). IoT SiteWise includes portalClientId for only portals that use Amazon Web Services SSO to authenticate users.

" } }, "PortalResource": { - "base": "

Identifies an AWS IoT SiteWise Monitor portal.

", + "base": "

Identifies an IoT SiteWise Monitor portal.

", "refs": { "Resource$portal": "

A portal resource.

" } @@ -1634,7 +1664,7 @@ } }, "ProjectResource": { - "base": "

Identifies a specific AWS IoT SiteWise Monitor project.

", + "base": "

Identifies a specific IoT SiteWise Monitor project.

", "refs": { "Resource$project": "

A project resource.

" } @@ -1661,9 +1691,9 @@ "PropertyAlias": { "base": null, "refs": { - "AssetProperty$alias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

", - "Property$alias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

", - "UpdateAssetPropertyRequest$propertyAlias": "

The property alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the AWS IoT SiteWise User Guide.

If you omit this parameter, the alias is removed from the property.

" + "AssetProperty$alias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

", + "Property$alias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

", + "UpdateAssetPropertyRequest$propertyAlias": "

The alias that identifies the property, such as an OPC-UA server data stream path (for example, /company/windfarm/3/turbine/7/temperature). For more information, see Mapping industrial data streams to asset properties in the IoT SiteWise User Guide.

If you omit this parameter, the alias is removed from the property.

" } }, "PropertyDataType": { @@ -1676,7 +1706,7 @@ } }, "PropertyNotification": { - "base": "

Contains asset property value notification information. When the notification state is enabled, AWS IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the AWS IoT SiteWise User Guide.

", + "base": "

Contains asset property value notification information. When the notification state is enabled, IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the IoT SiteWise User Guide.

", "refs": { "AssetProperty$notification": "

The asset property's notification topic and state. For more information, see UpdateAssetProperty.

", "Property$notification": "

The asset property's notification topic and state. For more information, see UpdateAssetProperty.

" @@ -1686,13 +1716,13 @@ "base": null, "refs": { "PropertyNotification$state": "

The current notification state.

", - "UpdateAssetPropertyRequest$propertyNotificationState": "

The MQTT notification state (enabled or disabled) for this asset property. When the notification state is enabled, AWS IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the AWS IoT SiteWise User Guide.

If you omit this parameter, the notification state is set to DISABLED.

" + "UpdateAssetPropertyRequest$propertyNotificationState": "

The MQTT notification state (enabled or disabled) for this asset property. When the notification state is enabled, IoT SiteWise publishes property value updates to a unique MQTT topic. For more information, see Interacting with other services in the IoT SiteWise User Guide.

If you omit this parameter, the notification state is set to DISABLED.

" } }, "PropertyNotificationTopic": { "base": null, "refs": { - "PropertyNotification$topic": "

The MQTT topic to which AWS IoT SiteWise publishes property value update notifications.

" + "PropertyNotification$topic": "

The MQTT topic to which IoT SiteWise publishes property value update notifications.

" } }, "PropertyType": { @@ -1768,6 +1798,16 @@ "refs": { } }, + "PutStorageConfigurationRequest": { + "base": null, + "refs": { + } + }, + "PutStorageConfigurationResponse": { + "base": null, + "refs": { + } + }, "Qualities": { "base": null, "refs": { @@ -1791,12 +1831,12 @@ } }, "Resource": { - "base": "

Contains an AWS IoT SiteWise Monitor resource ID for a portal or project.

", + "base": "

Contains an IoT SiteWise Monitor resource ID for a portal or project.

", "refs": { - "AccessPolicySummary$resource": "

The AWS IoT SiteWise Monitor resource (a portal or project).

", - "CreateAccessPolicyRequest$accessPolicyResource": "

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

", - "DescribeAccessPolicyResponse$accessPolicyResource": "

The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.

", - "UpdateAccessPolicyRequest$accessPolicyResource": "

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

" + "AccessPolicySummary$resource": "

The IoT SiteWise Monitor resource (a portal or project).

", + "CreateAccessPolicyRequest$accessPolicyResource": "

The IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

", + "DescribeAccessPolicyResponse$accessPolicyResource": "

The IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.

", + "UpdateAccessPolicyRequest$accessPolicyResource": "

The IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

" } }, "ResourceAlreadyExistsException": { @@ -1832,7 +1872,7 @@ "SSOApplicationId": { "base": null, "refs": { - "CreatePortalResponse$ssoApplicationId": "

The associated AWS SSO application ID, if the portal uses AWS SSO.

" + "CreatePortalResponse$ssoApplicationId": "

The associated Amazon Web Services SSO application ID, if the portal uses Amazon Web Services SSO.

" } }, "ServiceUnavailableException": { @@ -1840,6 +1880,14 @@ "refs": { } }, + "StorageType": { + "base": null, + "refs": { + "DescribeStorageConfigurationResponse$storageType": "

The type of storage that you specified for your data. The storage type can be one of the following values:

", + "PutStorageConfigurationRequest$storageType": "

The type of storage that you specified for your data. The storage type can be one of the following values:

", + "PutStorageConfigurationResponse$storageType": "

The type of storage that you specified for your data. The storage type can be one of the following values:

" + } + }, "TagKey": { "base": null, "refs": { @@ -1856,15 +1904,15 @@ "TagMap": { "base": null, "refs": { - "CreateAccessPolicyRequest$tags": "

A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "CreateAssetModelRequest$tags": "

A list of key-value pairs that contain metadata for the asset model. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "CreateAssetRequest$tags": "

A list of key-value pairs that contain metadata for the asset. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "CreateDashboardRequest$tags": "

A list of key-value pairs that contain metadata for the dashboard. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "CreateGatewayRequest$tags": "

A list of key-value pairs that contain metadata for the gateway. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "CreatePortalRequest$tags": "

A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "CreateProjectRequest$tags": "

A list of key-value pairs that contain metadata for the project. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "ListTagsForResourceResponse$tags": "

The list of key-value pairs that contain metadata for the resource. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

", - "TagResourceRequest$tags": "

A list of key-value pairs that contain metadata for the resource. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

" + "CreateAccessPolicyRequest$tags": "

A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "CreateAssetModelRequest$tags": "

A list of key-value pairs that contain metadata for the asset model. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "CreateAssetRequest$tags": "

A list of key-value pairs that contain metadata for the asset. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "CreateDashboardRequest$tags": "

A list of key-value pairs that contain metadata for the dashboard. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "CreateGatewayRequest$tags": "

A list of key-value pairs that contain metadata for the gateway. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "CreatePortalRequest$tags": "

A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "CreateProjectRequest$tags": "

A list of key-value pairs that contain metadata for the project. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "ListTagsForResourceResponse$tags": "

The list of key-value pairs that contain metadata for the resource. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

", + "TagResourceRequest$tags": "

A list of key-value pairs that contain metadata for the resource. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

" } }, "TagResourceRequest": { @@ -1884,7 +1932,7 @@ } }, "ThrottlingException": { - "base": "

Your request exceeded a rate limit. For example, you might have exceeded the number of AWS IoT SiteWise assets that can be created per second, the allowed number of messages per second, and so on.

For more information, see Quotas in the AWS IoT SiteWise User Guide.

", + "base": "

Your request exceeded a rate limit. For example, you might have exceeded the number of IoT SiteWise assets that can be created per second, the allowed number of messages per second, and so on.

For more information, see Quotas in the IoT SiteWise User Guide.

", "refs": { } }, @@ -1939,6 +1987,7 @@ "DescribePortalResponse$portalLastUpdateDate": "

The date the portal was last updated, in Unix epoch time.

", "DescribeProjectResponse$projectCreationDate": "

The date the project was created, in Unix epoch time.

", "DescribeProjectResponse$projectLastUpdateDate": "

The date the project was last updated, in Unix epoch time.

", + "DescribeStorageConfigurationResponse$lastUpdateDate": "

The date the storage configuration was last updated, in Unix epoch time.

", "GatewaySummary$creationDate": "

The date the gateway was created, in Unix epoch time.

", "GatewaySummary$lastUpdateDate": "

The date the gateway was last updated, in Unix epoch time.

", "GetAssetPropertyAggregatesRequest$startDate": "

The exclusive start of the range from which to query historical data, expressed in seconds in Unix epoch time.

", @@ -1958,12 +2007,12 @@ } }, "TooManyTagsException": { - "base": "

You've reached the limit for the number of tags allowed for a resource. For more information, see Tag naming limits and requirements in the AWS General Reference.

", + "base": "

You've reached the limit for the number of tags allowed for a resource. For more information, see Tag naming limits and requirements in the Amazon Web Services General Reference.

", "refs": { } }, "Transform": { - "base": "

Contains an asset transform property. A transform is a one-to-one mapping of a property's data points from one form to another. For example, you can use a transform to convert a Celsius data stream to Fahrenheit by applying the transformation expression to each data point of the Celsius stream. A transform can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.

For more information, see Transforms in the AWS IoT SiteWise User Guide.

", + "base": "

Contains an asset transform property. A transform is a one-to-one mapping of a property's data points from one form to another. For example, you can use a transform to convert a Celsius data stream to Fahrenheit by applying the transformation expression to each data point of the Celsius stream. A transform can only have a data type of DOUBLE and consume properties with data types of INTEGER or DOUBLE.

For more information, see Transforms in the IoT SiteWise User Guide.

", "refs": { "PropertyType$transform": "

Specifies an asset transform property. A transform contains a mathematical expression that maps a property's data points from one form to another, such as a unit conversion from Celsius to Fahrenheit.

" } @@ -2084,16 +2133,16 @@ "Url": { "base": null, "refs": { - "CreatePortalResponse$portalStartUrl": "

The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the AWS IoT SiteWise console to get a URL that you can use to access the portal.

", - "DescribePortalResponse$portalStartUrl": "

The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the AWS IoT SiteWise console to get a URL that you can use to access the portal.

", + "CreatePortalResponse$portalStartUrl": "

The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use Amazon Web Services SSO for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.

", + "DescribePortalResponse$portalStartUrl": "

The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use Amazon Web Services SSO for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.

", "ImageLocation$url": "

The URL where the image is available. The URL is valid for 15 minutes so that you can view and download the image

", - "PortalSummary$startUrl": "

The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the AWS IoT SiteWise console to get a URL that you can use to access the portal.

" + "PortalSummary$startUrl": "

The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use Amazon Web Services SSO for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.

" } }, "UserIdentity": { "base": "

Contains information for a user identity in an access policy.

", "refs": { - "Identity$user": "

An AWS SSO user identity.

" + "Identity$user": "

An Amazon Web Services SSO user identity.

" } }, "VariableName": { diff --git a/models/apis/mq/2017-11-27/api-2.json b/models/apis/mq/2017-11-27/api-2.json index 3632145b674..12deb43ab7f 100644 --- a/models/apis/mq/2017-11-27/api-2.json +++ b/models/apis/mq/2017-11-27/api-2.json @@ -573,7 +573,8 @@ "shape" : "__string", "locationName" : "nextToken" } - } + }, + "required" : [ "MaxResults" ] }, "BrokerInstance" : { "type" : "structure", @@ -636,7 +637,8 @@ "shape" : "__string", "locationName" : "nextToken" } - } + }, + "required" : [ "MaxResults" ] }, "BrokerState" : { "type" : "string", @@ -681,7 +683,8 @@ "shape" : "__string", "locationName" : "hostInstanceType" } - } + }, + "required" : [ "DeploymentMode", "EngineType" ] }, "ChangeType" : { "type" : "string", @@ -730,7 +733,8 @@ "shape" : "__mapOf__string", "locationName" : "tags" } - } + }, + "required" : [ "Description", "EngineVersion", "LatestRevision", "AuthenticationStrategy", "EngineType", "Id", "Arn", "Name", "Created" ] }, "ConfigurationId" : { "type" : "structure", @@ -743,7 +747,8 @@ "shape" : "__integer", "locationName" : "revision" } - } + }, + "required" : [ "Id" ] }, "ConfigurationRevision" : { "type" : "structure", @@ -760,7 +765,8 @@ "shape" : "__integer", "locationName" : "revision" } - } + }, + "required" : [ "Revision", "Created" ] }, "Configurations" : { "type" : "structure", @@ -876,7 +882,8 @@ "shape" : "__listOfUser", "locationName" : "users" } - } + }, + "required" : [ "EngineVersion", "HostInstanceType", "AutoMinorVersionUpgrade", "Users", "BrokerName", "DeploymentMode", "EngineType", "PubliclyAccessible" ] }, "CreateBrokerOutput" : { "type" : "structure", @@ -971,7 +978,8 @@ "shape" : "__listOfUser", "locationName" : "users" } - } + }, + "required" : [ "EngineVersion", "HostInstanceType", "AutoMinorVersionUpgrade", "Users", "BrokerName", "DeploymentMode", "EngineType", "PubliclyAccessible" ] }, "CreateBrokerResponse" : { "type" : "structure", @@ -1009,7 +1017,8 @@ "shape" : "__mapOf__string", "locationName" : "tags" } - } + }, + "required" : [ "EngineVersion", "EngineType", "Name" ] }, "CreateConfigurationOutput" : { "type" : "structure", @@ -1038,7 +1047,8 @@ "shape" : "__string", "locationName" : "name" } - } + }, + "required" : [ "AuthenticationStrategy", "Id", "Arn", "Name", "Created" ] }, "CreateConfigurationRequest" : { "type" : "structure", @@ -1063,7 +1073,8 @@ "shape" : "__mapOf__string", "locationName" : "tags" } - } + }, + "required" : [ "EngineVersion", "EngineType", "Name" ] }, "CreateConfigurationResponse" : { "type" : "structure", @@ -1124,7 +1135,8 @@ "shape" : "__string", "locationName" : "password" } - } + }, + "required" : [ "Password" ] }, "CreateUserRequest" : { "type" : "structure", @@ -1152,7 +1164,7 @@ "locationName" : "username" } }, - "required" : [ "Username", "BrokerId" ] + "required" : [ "Username", "BrokerId", "Password" ] }, "CreateUserResponse" : { "type" : "structure", @@ -1430,7 +1442,8 @@ "shape" : "__listOfUserSummary", "locationName" : "users" } - } + }, + "required" : [ "DeploymentMode", "EngineType", "AutoMinorVersionUpgrade", "PubliclyAccessible" ] }, "DescribeBrokerRequest" : { "type" : "structure", @@ -1635,7 +1648,8 @@ "shape" : "__string", "locationName" : "description" } - } + }, + "required" : [ "Data", "ConfigurationId", "Created" ] }, "DescribeConfigurationRevisionRequest" : { "type" : "structure", @@ -1697,7 +1711,8 @@ "shape" : "__string", "locationName" : "username" } - } + }, + "required" : [ "Username", "BrokerId" ] }, "DescribeUserRequest" : { "type" : "structure", @@ -1861,7 +1876,8 @@ "shape" : "__boolean", "locationName" : "userSearchSubtree" } - } + }, + "required" : [ "Hosts", "UserSearchMatching", "UserBase", "RoleSearchMatching", "ServiceAccountUsername", "RoleBase", "ServiceAccountPassword" ] }, "LdapServerMetadataOutput" : { "type" : "structure", @@ -1906,7 +1922,8 @@ "shape" : "__boolean", "locationName" : "userSearchSubtree" } - } + }, + "required" : [ "Hosts", "UserSearchMatching", "UserBase", "RoleSearchMatching", "ServiceAccountUsername", "RoleBase" ] }, "ListBrokersOutput" : { "type" : "structure", @@ -2100,7 +2117,8 @@ "shape" : "__listOfUserSummary", "locationName" : "users" } - } + }, + "required" : [ "BrokerId", "MaxResults", "Users" ] }, "ListUsersRequest" : { "type" : "structure", @@ -2180,7 +2198,8 @@ "shape" : "PendingLogs", "locationName" : "pending" } - } + }, + "required" : [ "GeneralLogGroup", "General" ] }, "MaxResults" : { "type" : "integer", @@ -2247,7 +2266,8 @@ "shape" : "SanitizationWarningReason", "locationName" : "reason" } - } + }, + "required" : [ "Reason" ] }, "SanitizationWarningReason" : { "type" : "string", @@ -2310,6 +2330,10 @@ "shape" : "Logs", "locationName" : "logs" }, + "MaintenanceWindowStartTime" : { + "shape" : "WeeklyStartTime", + "locationName" : "maintenanceWindowStartTime" + }, "SecurityGroups" : { "shape" : "__listOf__string", "locationName" : "securityGroups" @@ -2351,11 +2375,16 @@ "shape" : "Logs", "locationName" : "logs" }, + "MaintenanceWindowStartTime" : { + "shape" : "WeeklyStartTime", + "locationName" : "maintenanceWindowStartTime" + }, "SecurityGroups" : { "shape" : "__listOf__string", "locationName" : "securityGroups" } - } + }, + "required" : [ "BrokerId" ] }, "UpdateBrokerRequest" : { "type" : "structure", @@ -2393,6 +2422,10 @@ "shape" : "Logs", "locationName" : "logs" }, + "MaintenanceWindowStartTime" : { + "shape" : "WeeklyStartTime", + "locationName" : "maintenanceWindowStartTime" + }, "SecurityGroups" : { "shape" : "__listOf__string", "locationName" : "securityGroups" @@ -2435,6 +2468,10 @@ "shape" : "Logs", "locationName" : "logs" }, + "MaintenanceWindowStartTime" : { + "shape" : "WeeklyStartTime", + "locationName" : "maintenanceWindowStartTime" + }, "SecurityGroups" : { "shape" : "__listOf__string", "locationName" : "securityGroups" @@ -2452,7 +2489,8 @@ "shape" : "__string", "locationName" : "description" } - } + }, + "required" : [ "Data" ] }, "UpdateConfigurationOutput" : { "type" : "structure", @@ -2481,7 +2519,8 @@ "shape" : "__listOfSanitizationWarning", "locationName" : "warnings" } - } + }, + "required" : [ "Id", "Arn", "Name", "Created" ] }, "UpdateConfigurationRequest" : { "type" : "structure", @@ -2500,7 +2539,7 @@ "locationName" : "description" } }, - "required" : [ "ConfigurationId" ] + "required" : [ "ConfigurationId", "Data" ] }, "UpdateConfigurationResponse" : { "type" : "structure", @@ -2599,7 +2638,8 @@ "shape" : "__string", "locationName" : "username" } - } + }, + "required" : [ "Username", "Password" ] }, "UserPendingChanges" : { "type" : "structure", @@ -2616,7 +2656,8 @@ "shape" : "ChangeType", "locationName" : "pendingChange" } - } + }, + "required" : [ "PendingChange" ] }, "UserSummary" : { "type" : "structure", @@ -2629,7 +2670,8 @@ "shape" : "__string", "locationName" : "username" } - } + }, + "required" : [ "Username" ] }, "WeeklyStartTime" : { "type" : "structure", @@ -2646,7 +2688,8 @@ "shape" : "__string", "locationName" : "timeZone" } - } + }, + "required" : [ "TimeOfDay", "DayOfWeek" ] }, "__boolean" : { "type" : "boolean" diff --git a/models/apis/mq/2017-11-27/docs-2.json b/models/apis/mq/2017-11-27/docs-2.json index f6461a6472a..90d7aa618ae 100644 --- a/models/apis/mq/2017-11-27/docs-2.json +++ b/models/apis/mq/2017-11-27/docs-2.json @@ -1,596 +1,598 @@ { "version" : "2.0", - "service" : "Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud. A message broker allows software applications and components to communicate using various programming languages, operating systems, and formal messaging protocols.", + "service" : "

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud. A message broker allows software applications and components to communicate using various programming languages, operating systems, and formal messaging protocols.

", "operations" : { - "CreateBroker" : "Creates a broker. Note: This API is asynchronous.", - "CreateConfiguration" : "Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version).", - "CreateTags" : "Add a tag to a resource.", - "CreateUser" : "Creates an ActiveMQ user.", - "DeleteBroker" : "Deletes a broker. Note: This API is asynchronous.", - "DeleteTags" : "Removes a tag from a resource.", - "DeleteUser" : "Deletes an ActiveMQ user.", - "DescribeBroker" : "Returns information about the specified broker.", - "DescribeBrokerEngineTypes" : "Describe available engine types and versions.", - "DescribeBrokerInstanceOptions" : "Describe available broker instance options.", - "DescribeConfiguration" : "Returns information about the specified configuration.", - "DescribeConfigurationRevision" : "Returns the specified configuration revision for the specified configuration.", - "DescribeUser" : "Returns information about an ActiveMQ user.", - "ListBrokers" : "Returns a list of all brokers.", - "ListConfigurationRevisions" : "Returns a list of all revisions for the specified configuration.", - "ListConfigurations" : "Returns a list of all configurations.", - "ListTags" : "Lists tags for a resource.", - "ListUsers" : "Returns a list of all ActiveMQ users.", - "RebootBroker" : "Reboots a broker. Note: This API is asynchronous.", - "UpdateBroker" : "Adds a pending configuration change to a broker.", - "UpdateConfiguration" : "Updates the specified configuration.", - "UpdateUser" : "Updates the information for an ActiveMQ user." + "CreateBroker" : "

Creates a broker. Note: This API is asynchronous.

To create a broker, you must either use the AmazonMQFullAccess IAM policy or include the following EC2 permissions in your IAM policy.

For more information, see Create an IAM User and Get Your AWS Credentials and Never Modify or Delete the Amazon MQ Elastic Network Interface in the Amazon MQ Developer Guide.

", + "CreateConfiguration" : "

Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version).

", + "CreateTags" : "

Add a tag to a resource.

", + "CreateUser" : "

Creates an ActiveMQ user.

", + "DeleteBroker" : "

Deletes a broker. Note: This API is asynchronous.

", + "DeleteTags" : "

Removes a tag from a resource.

", + "DeleteUser" : "

Deletes an ActiveMQ user.

", + "DescribeBroker" : "

Returns information about the specified broker.

", + "DescribeBrokerEngineTypes" : "

Describe available engine types and versions.

", + "DescribeBrokerInstanceOptions" : "

Describe available broker instance options.

", + "DescribeConfiguration" : "

Returns information about the specified configuration.

", + "DescribeConfigurationRevision" : "

Returns the specified configuration revision for the specified configuration.

", + "DescribeUser" : "

Returns information about an ActiveMQ user.

", + "ListBrokers" : "

Returns a list of all brokers.

", + "ListConfigurationRevisions" : "

Returns a list of all revisions for the specified configuration.

", + "ListConfigurations" : "

Returns a list of all configurations.

", + "ListTags" : "

Lists tags for a resource.

", + "ListUsers" : "

Returns a list of all ActiveMQ users.

", + "RebootBroker" : "

Reboots a broker. Note: This API is asynchronous.

", + "UpdateBroker" : "

Adds a pending configuration change to a broker.

", + "UpdateConfiguration" : "

Updates the specified configuration.

", + "UpdateUser" : "

Updates the information for an ActiveMQ user.

" }, "shapes" : { "AuthenticationStrategy" : { - "base" : "The authentication strategy used to secure the broker.", + "base" : "

Optional. The authentication strategy used to secure the broker. The default is SIMPLE.

", "refs" : { - "Configuration$AuthenticationStrategy" : "The authentication strategy associated with the configuration.", - "CreateBrokerInput$AuthenticationStrategy" : "The authentication strategy used to secure the broker.", - "CreateConfigurationInput$AuthenticationStrategy" : "The authentication strategy associated with the configuration.", - "CreateConfigurationOutput$AuthenticationStrategy" : "The authentication strategy associated with the configuration.", - "DescribeBrokerOutput$AuthenticationStrategy" : "The authentication strategy used to secure the broker.", - "DescribeBrokerOutput$PendingAuthenticationStrategy" : "The authentication strategy that will be applied when the broker is rebooted.", - "UpdateBrokerInput$AuthenticationStrategy" : "The authentication strategy used to secure the broker.", - "UpdateBrokerOutput$AuthenticationStrategy" : "The authentication strategy used to secure the broker." + "Configuration$AuthenticationStrategy" : "

Optional. The authentication strategy associated with the configuration. The default is SIMPLE.

", + "CreateBrokerInput$AuthenticationStrategy" : "

Optional. The authentication strategy used to secure the broker. The default is SIMPLE.

", + "CreateConfigurationInput$AuthenticationStrategy" : "

Optional. The authentication strategy associated with the configuration. The default is SIMPLE.

", + "CreateConfigurationOutput$AuthenticationStrategy" : "

Optional. The authentication strategy associated with the configuration. The default is SIMPLE.

", + "DescribeBrokerOutput$AuthenticationStrategy" : "

The authentication strategy used to secure the broker. The default is SIMPLE.

", + "DescribeBrokerOutput$PendingAuthenticationStrategy" : "

The authentication strategy that will be applied when the broker is rebooted. The default is SIMPLE.

", + "UpdateBrokerInput$AuthenticationStrategy" : "

Optional. The authentication strategy used to secure the broker. The default is SIMPLE.

", + "UpdateBrokerOutput$AuthenticationStrategy" : "

Optional. The authentication strategy used to secure the broker. The default is SIMPLE.

" } }, "AvailabilityZone" : { - "base" : "Name of the availability zone.", + "base" : "

Name of the availability zone.

", "refs" : { "__listOfAvailabilityZone$member" : null } }, "BadRequestException" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "BrokerEngineType" : { - "base" : "Types of broker engines.", + "base" : "

Types of broker engines.

", "refs" : { "__listOfBrokerEngineType$member" : null } }, "BrokerEngineTypeOutput" : { - "base" : "Returns a list of broker engine type.", + "base" : "

Returns a list of broker engine type.

", "refs" : { } }, "BrokerInstance" : { - "base" : "Returns information about all brokers.", + "base" : "

Returns information about all brokers.

", "refs" : { "__listOfBrokerInstance$member" : null } }, "BrokerInstanceOption" : { - "base" : "Option for host instance type.", + "base" : "

Option for host instance type.

", "refs" : { "__listOfBrokerInstanceOption$member" : null } }, "BrokerInstanceOptionsOutput" : { - "base" : "Returns a list of broker instance options.", + "base" : "

Returns a list of broker instance options.

", "refs" : { } }, "BrokerState" : { - "base" : "The status of the broker.", + "base" : "

The broker's status.

", "refs" : { - "BrokerSummary$BrokerState" : "The status of the broker.", - "DescribeBrokerOutput$BrokerState" : "The status of the broker." + "BrokerSummary$BrokerState" : "

The broker's status.

", + "DescribeBrokerOutput$BrokerState" : "

The broker's status.

" } }, "BrokerStorageType" : { - "base" : "The storage type of the broker. EFS is currently not Supported for RabbitMQ engine type.", + "base" : "

The broker's storage type.

EFS is not supported for RabbitMQ engine type.

", "refs" : { - "BrokerInstanceOption$StorageType" : "The broker's storage type.", - "CreateBrokerInput$StorageType" : "The broker's storage type.", - "DescribeBrokerOutput$StorageType" : "The broker's storage type." + "BrokerInstanceOption$StorageType" : "

The broker's storage type.

", + "CreateBrokerInput$StorageType" : "

The broker's storage type.

", + "DescribeBrokerOutput$StorageType" : "

The broker's storage type.

" } }, "BrokerSummary" : { - "base" : "The Amazon Resource Name (ARN) of the broker.", + "base" : "

Returns information about all brokers.

", "refs" : { "__listOfBrokerSummary$member" : null } }, "ChangeType" : { - "base" : "The type of change pending for the ActiveMQ user.", + "base" : "

The type of change pending for the ActiveMQ user.

", "refs" : { - "UserPendingChanges$PendingChange" : "Required. The type of change pending for the ActiveMQ user.", - "UserSummary$PendingChange" : "The type of change pending for the broker user." + "UserPendingChanges$PendingChange" : "

Required. The type of change pending for the ActiveMQ user.

", + "UserSummary$PendingChange" : "

The type of change pending for the broker user.

" } }, "Configuration" : { - "base" : "Returns information about all configurations.", + "base" : "

Returns information about all configurations.

", "refs" : { "__listOfConfiguration$member" : null } }, "ConfigurationId" : { - "base" : "A list of information about the configuration. Does not apply to RabbitMQ brokers.", + "base" : "

A list of information about the configuration.

Does not apply to RabbitMQ brokers.

", "refs" : { - "Configurations$Current" : "The current configuration of the broker.", - "Configurations$Pending" : "The pending configuration of the broker.", - "CreateBrokerInput$Configuration" : "A list of information about the configuration.", - "UpdateBrokerInput$Configuration" : "A list of information about the configuration.", - "UpdateBrokerOutput$Configuration" : "The ID of the updated configuration.", + "Configurations$Current" : "

The broker's current configuration.

", + "Configurations$Pending" : "

The broker's pending configuration.

", + "CreateBrokerInput$Configuration" : "

A list of information about the configuration.

", + "UpdateBrokerInput$Configuration" : "

A list of information about the configuration.

", + "UpdateBrokerOutput$Configuration" : "

The ID of the updated configuration.

", "__listOfConfigurationId$member" : null } }, "ConfigurationRevision" : { - "base" : "Returns information about the specified configuration revision.", + "base" : "

Returns information about the specified configuration revision.

", "refs" : { - "Configuration$LatestRevision" : "Required. The latest revision of the configuration.", - "CreateConfigurationOutput$LatestRevision" : "The latest revision of the configuration.", - "UpdateConfigurationOutput$LatestRevision" : "The latest revision of the configuration.", + "Configuration$LatestRevision" : "

Required. The latest revision of the configuration.

", + "CreateConfigurationOutput$LatestRevision" : "

The latest revision of the configuration.

", + "UpdateConfigurationOutput$LatestRevision" : "

The latest revision of the configuration.

", "__listOfConfigurationRevision$member" : null } }, "Configurations" : { - "base" : "Broker configuration information", + "base" : "

Broker configuration information

", "refs" : { - "DescribeBrokerOutput$Configurations" : "The list of all revisions for the specified configuration." + "DescribeBrokerOutput$Configurations" : "

The list of all revisions for the specified configuration.

" } }, "ConflictException" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "CreateBrokerInput" : { - "base" : "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", + "base" : "

Creates a broker.

", "refs" : { } }, "CreateBrokerOutput" : { - "base" : "Returns information about the created broker.", + "base" : "

Returns information about the created broker.

", "refs" : { } }, "CreateConfigurationInput" : { - "base" : "Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version).", + "base" : "

Creates a new configuration for the specified configuration name. Amazon MQ uses the default configuration (the engine type and version).

", "refs" : { } }, "CreateConfigurationOutput" : { - "base" : "Returns information about the created configuration.", + "base" : "

Returns information about the created configuration.

", "refs" : { } }, "CreateUserInput" : { - "base" : "Creates a new ActiveMQ user.", + "base" : "

Creates a new ActiveMQ user.

", "refs" : { } }, "DayOfWeek" : { "base" : null, "refs" : { - "WeeklyStartTime$DayOfWeek" : "Required. The day of the week." + "WeeklyStartTime$DayOfWeek" : "

Required. The day of the week.

" } }, "DeleteBrokerOutput" : { - "base" : "Returns information about the deleted broker.", + "base" : "

Returns information about the deleted broker.

", "refs" : { } }, "DeploymentMode" : { - "base" : "The deployment mode of the broker.", + "base" : "

The broker's deployment mode.

", "refs" : { - "BrokerSummary$DeploymentMode" : "Required. The deployment mode of the broker.", - "CreateBrokerInput$DeploymentMode" : "Required. The deployment mode of the broker.", - "DescribeBrokerOutput$DeploymentMode" : "Required. The deployment mode of the broker.", + "BrokerSummary$DeploymentMode" : "

The broker's deployment mode.

", + "CreateBrokerInput$DeploymentMode" : "

Required. The broker's deployment mode.

", + "DescribeBrokerOutput$DeploymentMode" : "

The broker's deployment mode.

", "__listOfDeploymentMode$member" : null } }, "DescribeBrokerOutput" : { - "base" : "The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", + "base" : "

Returns information about the specified broker.

", "refs" : { } }, "DescribeConfigurationRevisionOutput" : { - "base" : "Returns the specified configuration revision for the specified configuration.", + "base" : "

Returns the specified configuration revision for the specified configuration.

", "refs" : { } }, "DescribeUserOutput" : { - "base" : "Returns information about an ActiveMQ user.", + "base" : "

Returns information about an ActiveMQ user.

", "refs" : { } }, "EncryptionOptions" : { - "base" : "Encryption options for the broker.", + "base" : "

Does not apply to RabbitMQ brokers.

Encryption options for the broker.

", "refs" : { - "CreateBrokerInput$EncryptionOptions" : "Encryption options for the broker.", - "DescribeBrokerOutput$EncryptionOptions" : "Encryption options for the broker." + "CreateBrokerInput$EncryptionOptions" : "

Encryption options for the broker. Does not apply to RabbitMQ brokers.

", + "DescribeBrokerOutput$EncryptionOptions" : "

Encryption options for the broker. Does not apply to RabbitMQ brokers.

" } }, "EngineType" : { - "base" : "The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and RabbitMQ.", + "base" : "

The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ.

", "refs" : { - "BrokerEngineType$EngineType" : "The type of broker engine.", - "BrokerInstanceOption$EngineType" : "The type of broker engine.", - "BrokerSummary$EngineType" : "Required. The type of broker engine.", - "Configuration$EngineType" : "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.", - "CreateBrokerInput$EngineType" : "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.", - "CreateConfigurationInput$EngineType" : "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.", - "DescribeBrokerOutput$EngineType" : "Required. The type of broker engine. Note: Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ." + "BrokerEngineType$EngineType" : "

The broker's engine type.

", + "BrokerInstanceOption$EngineType" : "

The broker's engine type.

", + "BrokerSummary$EngineType" : "

The type of broker engine.

", + "Configuration$EngineType" : "

Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.

", + "CreateBrokerInput$EngineType" : "

Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.

", + "CreateConfigurationInput$EngineType" : "

Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.

", + "DescribeBrokerOutput$EngineType" : "

The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ and RABBITMQ.

" } }, "EngineVersion" : { - "base" : "Id of the engine version.", + "base" : "

Id of the engine version.

", "refs" : { "__listOfEngineVersion$member" : null } }, "Error" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "ForbiddenException" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "InternalServerErrorException" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "LdapServerMetadataInput" : { - "base" : "The metadata of the LDAP server used to authenticate and authorize connections to the broker. Currently not supported for RabbitMQ engine type.", + "base" : "

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.

Does not apply to RabbitMQ brokers.

", "refs" : { - "CreateBrokerInput$LdapServerMetadata" : "The metadata of the LDAP server used to authenticate and authorize connections to the broker.", - "UpdateBrokerInput$LdapServerMetadata" : "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "CreateBrokerInput$LdapServerMetadata" : "

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.

", + "UpdateBrokerInput$LdapServerMetadata" : "

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.

" } }, "LdapServerMetadataOutput" : { - "base" : "The metadata of the LDAP server used to authenticate and authorize connections to the broker.", + "base" : "

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker.

", "refs" : { - "DescribeBrokerOutput$LdapServerMetadata" : "The metadata of the LDAP server used to authenticate and authorize connections to the broker.", - "DescribeBrokerOutput$PendingLdapServerMetadata" : "The metadata of the LDAP server that will be used to authenticate and authorize connections to the broker once it is rebooted.", - "UpdateBrokerOutput$LdapServerMetadata" : "The metadata of the LDAP server used to authenticate and authorize connections to the broker." + "DescribeBrokerOutput$LdapServerMetadata" : "

The metadata of the LDAP server used to authenticate and authorize connections to the broker.

", + "DescribeBrokerOutput$PendingLdapServerMetadata" : "

The metadata of the LDAP server that will be used to authenticate and authorize connections to the broker after it is rebooted.

", + "UpdateBrokerOutput$LdapServerMetadata" : "

Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.

" } }, "ListBrokersOutput" : { - "base" : "A list of information about all brokers.", + "base" : null, "refs" : { } }, "ListConfigurationRevisionsOutput" : { - "base" : "Returns a list of all revisions for the specified configuration.", + "base" : "

Returns a list of all revisions for the specified configuration.

", "refs" : { } }, "ListConfigurationsOutput" : { - "base" : "Returns a list of all configurations.", + "base" : "

Returns a list of all configurations.

", "refs" : { } }, "ListUsersOutput" : { - "base" : "Returns a list of all ActiveMQ users.", + "base" : "

Returns a list of all ActiveMQ users.

", "refs" : { } }, "Logs" : { - "base" : "The list of information about logs to be enabled for the specified broker.", + "base" : "

The list of information about logs to be enabled for the specified broker.

", "refs" : { - "CreateBrokerInput$Logs" : "Enables Amazon CloudWatch logging for brokers.", - "UpdateBrokerInput$Logs" : "Enables Amazon CloudWatch logging for brokers.", - "UpdateBrokerOutput$Logs" : "The list of information about logs to be enabled for the specified broker." + "CreateBrokerInput$Logs" : "

Enables Amazon CloudWatch logging for brokers.

", + "UpdateBrokerInput$Logs" : "

Enables Amazon CloudWatch logging for brokers.

", + "UpdateBrokerOutput$Logs" : "

The list of information about logs to be enabled for the specified broker.

" } }, "LogsSummary" : { - "base" : "The list of information about logs currently enabled and pending to be deployed for the specified broker.", + "base" : "

The list of information about logs currently enabled and pending to be deployed for the specified broker.

", "refs" : { - "DescribeBrokerOutput$Logs" : "The list of information about logs currently enabled and pending to be deployed for the specified broker." + "DescribeBrokerOutput$Logs" : "

The list of information about logs currently enabled and pending to be deployed for the specified broker.

" } }, "NotFoundException" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "PendingLogs" : { - "base" : "The list of information about logs to be enabled for the specified broker.", + "base" : "

The list of information about logs to be enabled for the specified broker.

", "refs" : { - "LogsSummary$Pending" : "The list of information about logs pending to be deployed for the specified broker." + "LogsSummary$Pending" : "

The list of information about logs pending to be deployed for the specified broker.

" } }, "SanitizationWarning" : { - "base" : "Returns information about the XML element or attribute that was sanitized in the configuration.", + "base" : "

Returns information about the XML element or attribute that was sanitized in the configuration.

", "refs" : { "__listOfSanitizationWarning$member" : null } }, "SanitizationWarningReason" : { - "base" : "The reason for which the XML elements or attributes were sanitized.", + "base" : "

The reason for which the XML elements or attributes were sanitized.

", "refs" : { - "SanitizationWarning$Reason" : "Required. The reason for which the XML elements or attributes were sanitized." + "SanitizationWarning$Reason" : "

Required. The reason for which the XML elements or attributes were sanitized.

" } }, "Tags" : { - "base" : "A map of the key-value pairs for the resource tag.", + "base" : "

A map of the key-value pairs for the resource tag.

", "refs" : { } }, "UnauthorizedException" : { - "base" : "Returns information about an error.", + "base" : "

Returns information about an error.

", "refs" : { } }, "UpdateBrokerInput" : { - "base" : "Updates the broker using the specified properties.", + "base" : "

Updates the broker using the specified properties.

", "refs" : { } }, "UpdateBrokerOutput" : { - "base" : "Returns information about the updated broker.", + "base" : "

Returns information about the updated broker.

", "refs" : { } }, "UpdateConfigurationInput" : { - "base" : "Updates the specified configuration.", + "base" : "

Updates the specified configuration.

", "refs" : { } }, "UpdateConfigurationOutput" : { - "base" : "Returns information about the updated configuration.", + "base" : "

Returns information about the updated configuration.

", "refs" : { } }, "UpdateUserInput" : { - "base" : "Updates the information for an ActiveMQ user.", + "base" : "

Updates the information for an ActiveMQ user.

", "refs" : { } }, "User" : { - "base" : "A user associated with the broker.", + "base" : "

A user associated with the broker. For RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.

", "refs" : { "__listOfUser$member" : null } }, "UserPendingChanges" : { - "base" : "Returns information about the status of the changes pending for the ActiveMQ user.", + "base" : "

Returns information about the status of the changes pending for the ActiveMQ user.

", "refs" : { - "DescribeUserOutput$Pending" : "The status of the changes pending for the ActiveMQ user." + "DescribeUserOutput$Pending" : "

The status of the changes pending for the ActiveMQ user.

" } }, "UserSummary" : { - "base" : "Returns a list of all broker users.", + "base" : "

Returns a list of all broker users. Does not apply to RabbitMQ brokers.

", "refs" : { "__listOfUserSummary$member" : null } }, "WeeklyStartTime" : { - "base" : "The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker.", + "base" : "

The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker.

", "refs" : { - "CreateBrokerInput$MaintenanceWindowStartTime" : "The parameters that determine the WeeklyStartTime.", - "DescribeBrokerOutput$MaintenanceWindowStartTime" : "The parameters that determine the WeeklyStartTime." + "CreateBrokerInput$MaintenanceWindowStartTime" : "

The parameters that determine the WeeklyStartTime.

", + "DescribeBrokerOutput$MaintenanceWindowStartTime" : "

The parameters that determine the WeeklyStartTime.

", + "UpdateBrokerInput$MaintenanceWindowStartTime" : "

The parameters that determine the WeeklyStartTime.

", + "UpdateBrokerOutput$MaintenanceWindowStartTime" : "

The parameters that determine the WeeklyStartTime.

" } }, "__boolean" : { "base" : null, "refs" : { - "CreateBrokerInput$AutoMinorVersionUpgrade" : "Required. Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot.", - "CreateBrokerInput$PubliclyAccessible" : "Required. Enables connections from applications outside of the VPC that hosts the broker's subnets.", - "CreateUserInput$ConsoleAccess" : "Enables access to the ActiveMQ Web Console for the ActiveMQ user.", - "DescribeBrokerOutput$AutoMinorVersionUpgrade" : "Required. Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot.", - "DescribeBrokerOutput$PubliclyAccessible" : "Required. Enables connections from applications outside of the VPC that hosts the broker's subnets.", - "DescribeUserOutput$ConsoleAccess" : "Enables access to the the ActiveMQ Web Console for the ActiveMQ user.", - "EncryptionOptions$UseAwsOwnedKey" : "Enables the use of an AWS owned CMK using AWS Key Management Service (KMS).", - "LdapServerMetadataInput$RoleSearchSubtree" : "The directory search scope for the role. If set to true, scope is to search the entire sub-tree.", - "LdapServerMetadataInput$UserSearchSubtree" : "The directory search scope for the user. If set to true, scope is to search the entire sub-tree.", - "LdapServerMetadataOutput$RoleSearchSubtree" : "The directory search scope for the role. If set to true, scope is to search the entire sub-tree.", - "LdapServerMetadataOutput$UserSearchSubtree" : "The directory search scope for the user. If set to true, scope is to search the entire sub-tree.", - "Logs$Audit" : "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Does not apply to RabbitMQ brokers.", - "Logs$General" : "Enables general logging.", - "LogsSummary$Audit" : "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged.", - "LogsSummary$General" : "Enables general logging.", - "PendingLogs$Audit" : "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged.", - "PendingLogs$General" : "Enables general logging.", - "UpdateBrokerInput$AutoMinorVersionUpgrade" : "Enables automatic upgrades to new minor versions for brokers, as Apache releases the versions. The automatic upgrades occur during the maintenance window of the broker or after a manual broker reboot.", - "UpdateBrokerOutput$AutoMinorVersionUpgrade" : "The new value of automatic upgrades to new minor version for brokers.", - "UpdateUserInput$ConsoleAccess" : "Enables access to the the ActiveMQ Web Console for the ActiveMQ user.", - "User$ConsoleAccess" : "Enables access to the ActiveMQ Web Console for the ActiveMQ user (Does not apply to RabbitMQ brokers).", - "UserPendingChanges$ConsoleAccess" : "Enables access to the the ActiveMQ Web Console for the ActiveMQ user." + "CreateBrokerInput$AutoMinorVersionUpgrade" : "

Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot. Set to true by default, if no value is specified.

", + "CreateBrokerInput$PubliclyAccessible" : "

Enables connections from applications outside of the VPC that hosts the broker's subnets. Set to false by default, if no value is provided.

", + "CreateUserInput$ConsoleAccess" : "

Enables access to the ActiveMQ Web Console for the ActiveMQ user.

", + "DescribeBrokerOutput$AutoMinorVersionUpgrade" : "

Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.

", + "DescribeBrokerOutput$PubliclyAccessible" : "

Enables connections from applications outside of the VPC that hosts the broker's subnets.

", + "DescribeUserOutput$ConsoleAccess" : "

Enables access to the the ActiveMQ Web Console for the ActiveMQ user.

", + "EncryptionOptions$UseAwsOwnedKey" : "

Enables the use of an AWS owned CMK using AWS Key Management Service (KMS). Set to true by default, if no value is provided, for example, for RabbitMQ brokers.

", + "LdapServerMetadataInput$RoleSearchSubtree" : "

The directory search scope for the role. If set to true, scope is to search the entire subtree.

", + "LdapServerMetadataInput$UserSearchSubtree" : "

The directory search scope for the user. If set to true, scope is to search the entire subtree.

", + "LdapServerMetadataOutput$RoleSearchSubtree" : "

The directory search scope for the role. If set to true, scope is to search the entire subtree.

", + "LdapServerMetadataOutput$UserSearchSubtree" : "

The directory search scope for the user. If set to true, scope is to search the entire subtree.

", + "Logs$Audit" : "

Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Does not apply to RabbitMQ brokers.

", + "Logs$General" : "

Enables general logging.

", + "LogsSummary$Audit" : "

Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged.

", + "LogsSummary$General" : "

Enables general logging.

", + "PendingLogs$Audit" : "

Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged.

", + "PendingLogs$General" : "

Enables general logging.

", + "UpdateBrokerInput$AutoMinorVersionUpgrade" : "

Enables automatic upgrades to new minor versions for brokers, as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.

", + "UpdateBrokerOutput$AutoMinorVersionUpgrade" : "

The new boolean value that specifies whether broker engines automatically upgrade to new minor versions as new versions are released and supported by Amazon MQ.

", + "UpdateUserInput$ConsoleAccess" : "

Enables access to the the ActiveMQ Web Console for the ActiveMQ user.

", + "User$ConsoleAccess" : "

Enables access to the ActiveMQ Web Console for the ActiveMQ user. Does not apply to RabbitMQ brokers.

", + "UserPendingChanges$ConsoleAccess" : "

Enables access to the the ActiveMQ Web Console for the ActiveMQ user.

" } }, "__integer" : { "base" : null, "refs" : { - "ConfigurationId$Revision" : "The revision number of the configuration.", - "ConfigurationRevision$Revision" : "Required. The revision number of the configuration.", - "ListConfigurationRevisionsOutput$MaxResults" : "The maximum number of configuration revisions that can be returned per page (20 by default). This value must be an integer from 5 to 100.", - "ListConfigurationsOutput$MaxResults" : "The maximum number of configurations that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100." + "ConfigurationId$Revision" : "

The revision number of the configuration.

", + "ConfigurationRevision$Revision" : "

Required. The revision number of the configuration.

", + "ListConfigurationRevisionsOutput$MaxResults" : "

The maximum number of configuration revisions that can be returned per page (20 by default). This value must be an integer from 5 to 100.

", + "ListConfigurationsOutput$MaxResults" : "

The maximum number of configurations that Amazon MQ can return per page (20 by default). This value must be an integer from 5 to 100.

" } }, "__integerMin5Max100" : { "base" : null, "refs" : { - "BrokerEngineTypeOutput$MaxResults" : "Required. The maximum number of engine types that can be returned per page (20 by default). This value must be an integer from 5 to 100.", - "BrokerInstanceOptionsOutput$MaxResults" : "Required. The maximum number of instance options that can be returned per page (20 by default). This value must be an integer from 5 to 100.", - "ListUsersOutput$MaxResults" : "Required. The maximum number of ActiveMQ users that can be returned per page (20 by default). This value must be an integer from 5 to 100." + "BrokerEngineTypeOutput$MaxResults" : "

Required. The maximum number of engine types that can be returned per page (20 by default). This value must be an integer from 5 to 100.

", + "BrokerInstanceOptionsOutput$MaxResults" : "

Required. The maximum number of instance options that can be returned per page (20 by default). This value must be an integer from 5 to 100.

", + "ListUsersOutput$MaxResults" : "

Required. The maximum number of ActiveMQ users that can be returned per page (20 by default). This value must be an integer from 5 to 100.

" } }, "__listOfAvailabilityZone" : { "base" : null, "refs" : { - "BrokerInstanceOption$AvailabilityZones" : "The list of available az." + "BrokerInstanceOption$AvailabilityZones" : "

The list of available az.

" } }, "__listOfBrokerEngineType" : { "base" : null, "refs" : { - "BrokerEngineTypeOutput$BrokerEngineTypes" : "List of available engine types and versions." + "BrokerEngineTypeOutput$BrokerEngineTypes" : "

List of available engine types and versions.

" } }, "__listOfBrokerInstance" : { "base" : null, "refs" : { - "DescribeBrokerOutput$BrokerInstances" : "A list of information about allocated brokers." + "DescribeBrokerOutput$BrokerInstances" : "

A list of information about allocated brokers.

" } }, "__listOfBrokerInstanceOption" : { "base" : null, "refs" : { - "BrokerInstanceOptionsOutput$BrokerInstanceOptions" : "List of available broker instance options." + "BrokerInstanceOptionsOutput$BrokerInstanceOptions" : "

List of available broker instance options.

" } }, "__listOfBrokerSummary" : { "base" : null, "refs" : { - "ListBrokersOutput$BrokerSummaries" : "A list of information about all brokers." + "ListBrokersOutput$BrokerSummaries" : "

A list of information about all brokers.

" } }, "__listOfConfiguration" : { "base" : null, "refs" : { - "ListConfigurationsOutput$Configurations" : "The list of all revisions for the specified configuration." + "ListConfigurationsOutput$Configurations" : "

The list of all revisions for the specified configuration.

" } }, "__listOfConfigurationId" : { "base" : null, "refs" : { - "Configurations$History" : "The history of configurations applied to the broker." + "Configurations$History" : "

The history of configurations applied to the broker.

" } }, "__listOfConfigurationRevision" : { "base" : null, "refs" : { - "ListConfigurationRevisionsOutput$Revisions" : "The list of all revisions for the specified configuration." + "ListConfigurationRevisionsOutput$Revisions" : "

The list of all revisions for the specified configuration.

" } }, "__listOfDeploymentMode" : { "base" : null, "refs" : { - "BrokerInstanceOption$SupportedDeploymentModes" : "The list of supported deployment modes." + "BrokerInstanceOption$SupportedDeploymentModes" : "

The list of supported deployment modes.

" } }, "__listOfEngineVersion" : { "base" : null, "refs" : { - "BrokerEngineType$EngineVersions" : "The list of engine versions." + "BrokerEngineType$EngineVersions" : "

The list of engine versions.

" } }, "__listOfSanitizationWarning" : { "base" : null, "refs" : { - "UpdateConfigurationOutput$Warnings" : "The list of the first 20 warnings about the configuration XML elements or attributes that were sanitized." + "UpdateConfigurationOutput$Warnings" : "

The list of the first 20 warnings about the configuration XML elements or attributes that were sanitized.

" } }, "__listOfUser" : { "base" : null, "refs" : { - "CreateBrokerInput$Users" : "Required. The list of broker users (persons or applications) who can access queues and topics. For RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ Web Console. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "CreateBrokerInput$Users" : "

Required. The list of broker users (persons or applications) who can access queues and topics. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

Amazon MQ for RabbitMQ

When you create an Amazon MQ for RabbitMQ broker, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.

" } }, "__listOfUserSummary" : { "base" : null, "refs" : { - "DescribeBrokerOutput$Users" : "The list of all broker usernames for the specified broker.", - "ListUsersOutput$Users" : "Required. The list of all ActiveMQ usernames for the specified broker." + "DescribeBrokerOutput$Users" : "

The list of all broker usernames for the specified broker.

", + "ListUsersOutput$Users" : "

Required. The list of all ActiveMQ usernames for the specified broker. Does not apply to RabbitMQ brokers.

" } }, "__listOf__string" : { "base" : null, "refs" : { - "BrokerInstance$Endpoints" : "The broker's wire-level protocol endpoints.", - "BrokerInstanceOption$SupportedEngineVersions" : "The list of supported engine versions.", - "CreateBrokerInput$SecurityGroups" : "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.", - "CreateBrokerInput$SubnetIds" : "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet.", - "CreateUserInput$Groups" : "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "DescribeBrokerOutput$PendingSecurityGroups" : "The list of pending security groups to authorize connections to brokers.", - "DescribeBrokerOutput$SecurityGroups" : "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.", - "DescribeBrokerOutput$SubnetIds" : "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet.", - "DescribeUserOutput$Groups" : "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "LdapServerMetadataInput$Hosts" : "Fully qualified domain name of the LDAP server. Optional failover server.", - "LdapServerMetadataOutput$Hosts" : "Fully qualified domain name of the LDAP server. Optional failover server.", - "UpdateBrokerInput$SecurityGroups" : "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.", - "UpdateBrokerOutput$SecurityGroups" : "The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.", - "UpdateUserInput$Groups" : "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "User$Groups" : "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "UserPendingChanges$Groups" : "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long." + "BrokerInstance$Endpoints" : "

The broker's wire-level protocol endpoints.

", + "BrokerInstanceOption$SupportedEngineVersions" : "

The list of supported engine versions.

", + "CreateBrokerInput$SecurityGroups" : "

The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.

", + "CreateBrokerInput$SubnetIds" : "

The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ Amazon MQ for ActiveMQ deployment requires two subnets. A CLUSTER_MULTI_AZ Amazon MQ for RabbitMQ deployment has no subnet requirements when deployed with public accessibility. Deployment without public accessibility requires at least one subnet.

If you specify subnets in a shared VPC for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account. Amazon MQ will not be able to create VPC endpoints in VPCs that are not owned by your AWS account.

", + "CreateUserInput$Groups" : "

The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

", + "DescribeBrokerOutput$PendingSecurityGroups" : "

The list of pending security groups to authorize connections to brokers.

", + "DescribeBrokerOutput$SecurityGroups" : "

The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.

", + "DescribeBrokerOutput$SubnetIds" : "

The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones.

", + "DescribeUserOutput$Groups" : "

The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

", + "LdapServerMetadataInput$Hosts" : "

Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.

", + "LdapServerMetadataOutput$Hosts" : "

Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.

", + "UpdateBrokerInput$SecurityGroups" : "

The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.

", + "UpdateBrokerOutput$SecurityGroups" : "

The list of security groups (1 minimum, 5 maximum) that authorizes connections to brokers.

", + "UpdateUserInput$Groups" : "

The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

", + "User$Groups" : "

The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long. Does not apply to RabbitMQ brokers.

", + "UserPendingChanges$Groups" : "

The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

" } }, "__mapOf__string" : { "base" : null, "refs" : { - "Configuration$Tags" : "The list of all tags associated with this configuration.", - "CreateBrokerInput$Tags" : "Create tags when creating the broker.", - "CreateConfigurationInput$Tags" : "Create tags when creating the configuration.", - "DescribeBrokerOutput$Tags" : "The list of all tags associated with this broker.", - "Tags$Tags" : "The key-value pair for the resource tag." + "Configuration$Tags" : "

The list of all tags associated with this configuration.

", + "CreateBrokerInput$Tags" : "

Create tags when creating the broker.

", + "CreateConfigurationInput$Tags" : "

Create tags when creating the configuration.

", + "DescribeBrokerOutput$Tags" : "

The list of all tags associated with this broker.

", + "Tags$Tags" : "

The key-value pair for the resource tag.

" } }, "__string" : { "base" : null, "refs" : { - "AvailabilityZone$Name" : "Id for the availability zone.", - "BrokerEngineTypeOutput$NextToken" : "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.", - "BrokerInstance$ConsoleURL" : "The URL of the broker's Web Console.", - "BrokerInstance$IpAddress" : "The IP address of the Elastic Network Interface (ENI) attached to the broker. Does not apply to RabbitMQ brokers", - "BrokerInstanceOption$HostInstanceType" : "The type of broker instance.", - "BrokerInstanceOptionsOutput$NextToken" : "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.", - "BrokerSummary$BrokerArn" : "The Amazon Resource Name (ARN) of the broker.", - "BrokerSummary$BrokerId" : "The unique ID that Amazon MQ generates for the broker.", - "BrokerSummary$BrokerName" : "The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters.", - "BrokerSummary$HostInstanceType" : "The broker's instance type.", - "Configuration$Arn" : "Required. The ARN of the configuration.", - "Configuration$Description" : "Required. The description of the configuration.", - "Configuration$EngineVersion" : "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "Configuration$Id" : "Required. The unique ID that Amazon MQ generates for the configuration.", - "Configuration$Name" : "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", - "ConfigurationId$Id" : "Required. The unique ID that Amazon MQ generates for the configuration.", - "ConfigurationRevision$Description" : "The description of the configuration revision.", - "CreateBrokerInput$BrokerName" : "Required. The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters.", - "CreateBrokerInput$CreatorRequestId" : "The unique ID that the requester receives for the created broker. Amazon MQ passes your ID with the API action. Note: We recommend using a Universally Unique Identifier (UUID) for the creatorRequestId. You may omit the creatorRequestId if your application doesn't require idempotency.", - "CreateBrokerInput$EngineVersion" : "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "CreateBrokerInput$HostInstanceType" : "Required. The broker's instance type.", - "CreateBrokerOutput$BrokerArn" : "The Amazon Resource Name (ARN) of the broker.", - "CreateBrokerOutput$BrokerId" : "The unique ID that Amazon MQ generates for the broker.", - "CreateConfigurationInput$EngineVersion" : "Required. The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "CreateConfigurationInput$Name" : "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", - "CreateConfigurationOutput$Arn" : "Required. The Amazon Resource Name (ARN) of the configuration.", - "CreateConfigurationOutput$Id" : "Required. The unique ID that Amazon MQ generates for the configuration.", - "CreateConfigurationOutput$Name" : "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", - "CreateUserInput$Password" : "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas.", - "DeleteBrokerOutput$BrokerId" : "The unique ID that Amazon MQ generates for the broker.", - "DescribeBrokerOutput$BrokerArn" : "The Amazon Resource Name (ARN) of the broker.", - "DescribeBrokerOutput$BrokerId" : "The unique ID that Amazon MQ generates for the broker.", - "DescribeBrokerOutput$BrokerName" : "The name of the broker. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain whitespaces, brackets, wildcard characters, or special characters.", - "DescribeBrokerOutput$EngineVersion" : "The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "DescribeBrokerOutput$HostInstanceType" : "The broker's instance type.", - "DescribeBrokerOutput$PendingEngineVersion" : "The version of the broker engine to upgrade to. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "DescribeBrokerOutput$PendingHostInstanceType" : "The host instance type of the broker to upgrade to. For a list of supported instance types, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide//broker.html#broker-instance-types", - "DescribeConfigurationRevisionOutput$ConfigurationId" : "Required. The unique ID that Amazon MQ generates for the configuration.", - "DescribeConfigurationRevisionOutput$Data" : "Required. The base64-encoded XML configuration.", - "DescribeConfigurationRevisionOutput$Description" : "The description of the configuration.", - "DescribeUserOutput$BrokerId" : "Required. The unique ID that Amazon MQ generates for the broker.", - "DescribeUserOutput$Username" : "Required. The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "EncryptionOptions$KmsKeyId" : "The symmetric customer master key (CMK) to use for the AWS Key Management Service (KMS). This key is used to encrypt your data at rest. If not provided, Amazon MQ will use a default CMK to encrypt your data.", - "EngineVersion$Name" : "Id for the version.", - "Error$ErrorAttribute" : "The attribute which caused the error.", - "Error$Message" : "The explanation of the error.", - "LdapServerMetadataInput$RoleBase" : "Fully qualified name of the directory to search for a user’s groups.", - "LdapServerMetadataInput$RoleName" : "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.", - "LdapServerMetadataInput$RoleSearchMatching" : "The search criteria for groups.", - "LdapServerMetadataInput$ServiceAccountPassword" : "Service account password.", - "LdapServerMetadataInput$ServiceAccountUsername" : "Service account username.", - "LdapServerMetadataInput$UserBase" : "Fully qualified name of the directory where you want to search for users.", - "LdapServerMetadataInput$UserRoleName" : "Specifies the name of the LDAP attribute for the user group membership.", - "LdapServerMetadataInput$UserSearchMatching" : "The search criteria for users.", - "LdapServerMetadataOutput$RoleBase" : "Fully qualified name of the directory to search for a user’s groups.", - "LdapServerMetadataOutput$RoleName" : "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.", - "LdapServerMetadataOutput$RoleSearchMatching" : "The search criteria for groups.", - "LdapServerMetadataOutput$ServiceAccountUsername" : "Service account username.", - "LdapServerMetadataOutput$UserBase" : "Fully qualified name of the directory where you want to search for users.", - "LdapServerMetadataOutput$UserRoleName" : "Specifies the name of the LDAP attribute for the user group membership.", - "LdapServerMetadataOutput$UserSearchMatching" : "The search criteria for users.", - "ListBrokersOutput$NextToken" : "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.", - "ListConfigurationRevisionsOutput$ConfigurationId" : "The unique ID that Amazon MQ generates for the configuration.", - "ListConfigurationRevisionsOutput$NextToken" : "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.", - "ListConfigurationsOutput$NextToken" : "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.", - "ListUsersOutput$BrokerId" : "Required. The unique ID that Amazon MQ generates for the broker.", - "ListUsersOutput$NextToken" : "The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.", - "LogsSummary$AuditLogGroup" : "The location of the CloudWatch Logs log group where audit logs are sent.", - "LogsSummary$GeneralLogGroup" : "The location of the CloudWatch Logs log group where general logs are sent.", - "SanitizationWarning$AttributeName" : "The name of the XML attribute that has been sanitized.", - "SanitizationWarning$ElementName" : "The name of the XML element that has been sanitized.", - "UpdateBrokerInput$EngineVersion" : "The version of the broker engine. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "UpdateBrokerInput$HostInstanceType" : "The host instance type of the broker to upgrade to. For a list of supported instance types, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide//broker.html#broker-instance-types", - "UpdateBrokerOutput$BrokerId" : "Required. The unique ID that Amazon MQ generates for the broker.", - "UpdateBrokerOutput$EngineVersion" : "The version of the broker engine to upgrade to. For a list of supported engine versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html", - "UpdateBrokerOutput$HostInstanceType" : "The host instance type of the broker to upgrade to. For a list of supported instance types, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide//broker.html#broker-instance-types", - "UpdateConfigurationInput$Data" : "Required. The base64-encoded XML configuration.", - "UpdateConfigurationInput$Description" : "The description of the configuration.", - "UpdateConfigurationOutput$Arn" : "Required. The Amazon Resource Name (ARN) of the configuration.", - "UpdateConfigurationOutput$Id" : "Required. The unique ID that Amazon MQ generates for the configuration.", - "UpdateConfigurationOutput$Name" : "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", - "UpdateUserInput$Password" : "The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas.", - "User$Password" : "Required. The password of the broker user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas.", - "User$Username" : "Required. The username of the broker user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "UserSummary$Username" : "Required. The username of the broker user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.", - "WeeklyStartTime$TimeOfDay" : "Required. The time, in 24-hour format.", - "WeeklyStartTime$TimeZone" : "The time zone, UTC by default, in either the Country/City format, or the UTC offset format.", + "AvailabilityZone$Name" : "

Id for the availability zone.

", + "BrokerEngineTypeOutput$NextToken" : "

The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.

", + "BrokerInstance$ConsoleURL" : "

The brokers web console URL.

", + "BrokerInstance$IpAddress" : "

The IP address of the Elastic Network Interface (ENI) attached to the broker. Does not apply to RabbitMQ brokers.

", + "BrokerInstanceOption$HostInstanceType" : "

The broker's instance type.

", + "BrokerInstanceOptionsOutput$NextToken" : "

The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.

", + "BrokerSummary$BrokerArn" : "

The broker's Amazon Resource Name (ARN).

", + "BrokerSummary$BrokerId" : "

The unique ID that Amazon MQ generates for the broker.

", + "BrokerSummary$BrokerName" : "

The broker's name. This value is unique in your AWS account, 1-50 characters long, and containing only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.

", + "BrokerSummary$HostInstanceType" : "

The broker's instance type.

", + "Configuration$Arn" : "

Required. The ARN of the configuration.

", + "Configuration$Description" : "

Required. The description of the configuration.

", + "Configuration$EngineVersion" : "

Required. The broker engine's version. For a list of supported engine versions, see, Supported engines.

", + "Configuration$Id" : "

Required. The unique ID that Amazon MQ generates for the configuration.

", + "Configuration$Name" : "

Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.

", + "ConfigurationId$Id" : "

Required. The unique ID that Amazon MQ generates for the configuration.

", + "ConfigurationRevision$Description" : "

The description of the configuration revision.

", + "CreateBrokerInput$BrokerName" : "

Required. The broker's name. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.

", + "CreateBrokerInput$CreatorRequestId" : "

The unique ID that the requester receives for the created broker. Amazon MQ passes your ID with the API action. Note: We recommend using a Universally Unique Identifier (UUID) for the creatorRequestId. You may omit the creatorRequestId if your application doesn't require idempotency.

", + "CreateBrokerInput$EngineVersion" : "

Required. The broker engine's version. For a list of supported engine versions, see Supported engines.

", + "CreateBrokerInput$HostInstanceType" : "

Required. The broker's instance type.

", + "CreateBrokerOutput$BrokerArn" : "

The broker's Amazon Resource Name (ARN).

", + "CreateBrokerOutput$BrokerId" : "

The unique ID that Amazon MQ generates for the broker.

", + "CreateConfigurationInput$EngineVersion" : "

Required. The broker engine's version. For a list of supported engine versions, see Supported engines.

", + "CreateConfigurationInput$Name" : "

Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.

", + "CreateConfigurationOutput$Arn" : "

Required. The Amazon Resource Name (ARN) of the configuration.

", + "CreateConfigurationOutput$Id" : "

Required. The unique ID that Amazon MQ generates for the configuration.

", + "CreateConfigurationOutput$Name" : "

Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.

", + "CreateUserInput$Password" : "

Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).

", + "DeleteBrokerOutput$BrokerId" : "

The unique ID that Amazon MQ generates for the broker.

", + "DescribeBrokerOutput$BrokerArn" : "

The broker's Amazon Resource Name (ARN).

", + "DescribeBrokerOutput$BrokerId" : "

The unique ID that Amazon MQ generates for the broker.

", + "DescribeBrokerOutput$BrokerName" : "

The broker's name. This value must be unique in your AWS account, 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.

", + "DescribeBrokerOutput$EngineVersion" : "

The broker engine's version. For a list of supported engine versions, see Supported engines.

", + "DescribeBrokerOutput$HostInstanceType" : "

The broker's instance type.

", + "DescribeBrokerOutput$PendingEngineVersion" : "

The broker engine version to upgrade to. For a list of supported engine versions, see Supported engines.

", + "DescribeBrokerOutput$PendingHostInstanceType" : "

The broker's host instance type to upgrade to. For a list of supported instance types, see Broker instance types.

", + "DescribeConfigurationRevisionOutput$ConfigurationId" : "

Required. The unique ID that Amazon MQ generates for the configuration.

", + "DescribeConfigurationRevisionOutput$Data" : "

Required. The base64-encoded XML configuration.

", + "DescribeConfigurationRevisionOutput$Description" : "

The description of the configuration.

", + "DescribeUserOutput$BrokerId" : "

Required. The unique ID that Amazon MQ generates for the broker.

", + "DescribeUserOutput$Username" : "

Required. The username of the ActiveMQ user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

", + "EncryptionOptions$KmsKeyId" : "

The customer master key (CMK) to use for the AWS Key Management Service (KMS). This key is used to encrypt your data at rest. If not provided, Amazon MQ will use a default CMK to encrypt your data.

", + "EngineVersion$Name" : "

Id for the version.

", + "Error$ErrorAttribute" : "

The attribute which caused the error.

", + "Error$Message" : "

The explanation of the error.

", + "LdapServerMetadataInput$RoleBase" : "

The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, ou=group, ou=corp, dc=corp,\n dc=example, dc=com.

", + "LdapServerMetadataInput$RoleName" : "

Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.

", + "LdapServerMetadataInput$RoleSearchMatching" : "

The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1})for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the roleBase.

", + "LdapServerMetadataInput$ServiceAccountPassword" : "

Service account password. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example,\n dc=com.

", + "LdapServerMetadataInput$ServiceAccountUsername" : "

Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example,\n dc=com.

", + "LdapServerMetadataInput$UserBase" : "

Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users,ou=corp, dc=corp,\n dc=example, dc=com, the search for user entries is restricted to the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com.

", + "LdapServerMetadataInput$UserRoleName" : "

Specifies the name of the LDAP attribute for the user group membership.

", + "LdapServerMetadataInput$UserSearchMatching" : "

The LDAP search filter used to find users within the userBase. The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe, the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, dc=example,\n dc=com.

", + "LdapServerMetadataOutput$RoleBase" : "

The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, ou=group, ou=corp, dc=corp,\n dc=example, dc=com.

", + "LdapServerMetadataOutput$RoleName" : "

Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.

", + "LdapServerMetadataOutput$RoleSearchMatching" : "

The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the {0} placeholder in the search filter. The client's username is substituted into the {1} placeholder. For example, if you set this option to (member=uid={1})for the user janedoe, the search filter becomes (member=uid=janedoe) after string substitution. It matches all role entries that have a member attribute equal to uid=janedoe under the subtree selected by the roleBase.

", + "LdapServerMetadataOutput$ServiceAccountUsername" : "

Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, cn=admin,dc=corp, dc=example,\n dc=com.

", + "LdapServerMetadataOutput$UserBase" : "

Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to ou=Users,ou=corp, dc=corp,\n dc=example, dc=com, the search for user entries is restricted to the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com.

", + "LdapServerMetadataOutput$UserRoleName" : "

Specifies the name of the LDAP attribute for the user group membership.

", + "LdapServerMetadataOutput$UserSearchMatching" : "

The LDAP search filter used to find users within the userBase. The client's username is substituted into the {0} placeholder in the search filter. For example, if this option is set to (uid={0}) and the received username is janedoe, the search filter becomes (uid=janedoe) after string substitution. It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, dc=example,\n dc=com.

", + "ListBrokersOutput$NextToken" : "

The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.

", + "ListConfigurationRevisionsOutput$ConfigurationId" : "

The unique ID that Amazon MQ generates for the configuration.

", + "ListConfigurationRevisionsOutput$NextToken" : "

The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.

", + "ListConfigurationsOutput$NextToken" : "

The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.

", + "ListUsersOutput$BrokerId" : "

Required. The unique ID that Amazon MQ generates for the broker.

", + "ListUsersOutput$NextToken" : "

The token that specifies the next page of results Amazon MQ should return. To request the first page, leave nextToken empty.

", + "LogsSummary$AuditLogGroup" : "

The location of the CloudWatch Logs log group where audit logs are sent.

", + "LogsSummary$GeneralLogGroup" : "

The location of the CloudWatch Logs log group where general logs are sent.

", + "SanitizationWarning$AttributeName" : "

The name of the XML attribute that has been sanitized.

", + "SanitizationWarning$ElementName" : "

The name of the XML element that has been sanitized.

", + "UpdateBrokerInput$EngineVersion" : "

The broker engine version. For a list of supported engine versions, see Supported engines.

", + "UpdateBrokerInput$HostInstanceType" : "

The broker's host instance type to upgrade to. For a list of supported instance types, see Broker instance types.

", + "UpdateBrokerOutput$BrokerId" : "

Required. The unique ID that Amazon MQ generates for the broker.

", + "UpdateBrokerOutput$EngineVersion" : "

The broker engine version to upgrade to. For a list of supported engine versions, see Supported engines.

", + "UpdateBrokerOutput$HostInstanceType" : "

The broker's host instance type to upgrade to. For a list of supported instance types, see Broker instance types.

", + "UpdateConfigurationInput$Data" : "

Required. The base64-encoded XML configuration.

", + "UpdateConfigurationInput$Description" : "

The description of the configuration.

", + "UpdateConfigurationOutput$Arn" : "

Required. The Amazon Resource Name (ARN) of the configuration.

", + "UpdateConfigurationOutput$Id" : "

Required. The unique ID that Amazon MQ generates for the configuration.

", + "UpdateConfigurationOutput$Name" : "

Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.

", + "UpdateUserInput$Password" : "

The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).

", + "User$Password" : "

Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).

", + "User$Username" : "

important>Amazon MQ for ActiveMQ For ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

/important> Amazon MQ for RabbitMQ

For RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using guest as a valid usename. This value must be 2-100 characters long.

", + "UserSummary$Username" : "

Required. The username of the broker user. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.

", + "WeeklyStartTime$TimeOfDay" : "

Required. The time, in 24-hour format.

", + "WeeklyStartTime$TimeZone" : "

The time zone, UTC by default, in either the Country/City format, or the UTC offset format.

", "__listOf__string$member" : null, "__mapOf__string$member" : null } @@ -598,13 +600,13 @@ "__timestampIso8601" : { "base" : null, "refs" : { - "BrokerSummary$Created" : "The time when the broker was created.", - "Configuration$Created" : "Required. The date and time of the configuration revision.", - "ConfigurationRevision$Created" : "Required. The date and time of the configuration revision.", - "CreateConfigurationOutput$Created" : "Required. The date and time of the configuration.", - "DescribeBrokerOutput$Created" : "The time when the broker was created.", - "DescribeConfigurationRevisionOutput$Created" : "Required. The date and time of the configuration.", - "UpdateConfigurationOutput$Created" : "Required. The date and time of the configuration." + "BrokerSummary$Created" : "

The time when the broker was created.

", + "Configuration$Created" : "

Required. The date and time of the configuration revision.

", + "ConfigurationRevision$Created" : "

Required. The date and time of the configuration revision.

", + "CreateConfigurationOutput$Created" : "

Required. The date and time of the configuration.

", + "DescribeBrokerOutput$Created" : "

The time when the broker was created.

", + "DescribeConfigurationRevisionOutput$Created" : "

Required. The date and time of the configuration.

", + "UpdateConfigurationOutput$Created" : "

Required. The date and time of the configuration.

" } } } diff --git a/models/apis/storagegateway/2013-06-30/api-2.json b/models/apis/storagegateway/2013-06-30/api-2.json index e2e20437e6f..e41de6d0bfc 100644 --- a/models/apis/storagegateway/2013-06-30/api-2.json +++ b/models/apis/storagegateway/2013-06-30/api-2.json @@ -1318,7 +1318,8 @@ "LocationARN":{"shape":"FileSystemLocationARN"}, "Tags":{"shape":"Tags"}, "AuditDestinationARN":{"shape":"AuditDestinationARN"}, - "CacheAttributes":{"shape":"CacheAttributes"} + "CacheAttributes":{"shape":"CacheAttributes"}, + "EndpointNetworkConfiguration":{"shape":"EndpointNetworkConfiguration"} } }, "AssociateFileSystemOutput":{ @@ -1591,7 +1592,9 @@ "Tags":{"shape":"Tags"}, "FileShareName":{"shape":"FileShareName"}, "CacheAttributes":{"shape":"CacheAttributes"}, - "NotificationPolicy":{"shape":"NotificationPolicy"} + "NotificationPolicy":{"shape":"NotificationPolicy"}, + "VPCEndpointDNSName":{"shape":"DNSHostName"}, + "BucketRegion":{"shape":"RegionId"} } }, "CreateNFSFileShareOutput":{ @@ -1631,7 +1634,10 @@ "Tags":{"shape":"Tags"}, "FileShareName":{"shape":"FileShareName"}, "CacheAttributes":{"shape":"CacheAttributes"}, - "NotificationPolicy":{"shape":"NotificationPolicy"} + "NotificationPolicy":{"shape":"NotificationPolicy"}, + "VPCEndpointDNSName":{"shape":"DNSHostName"}, + "BucketRegion":{"shape":"RegionId"}, + "OplocksEnabled":{"shape":"Boolean"} } }, "CreateSMBFileShareOutput":{ @@ -1781,6 +1787,12 @@ } }, "CreatedDate":{"type":"timestamp"}, + "DNSHostName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"^(([a-zA-Z0-9\\-]*[a-zA-Z0-9])\\.)*([A-Za-z0-9\\-]*[A-Za-z0-9])$" + }, "DayOfMonth":{ "type":"integer", "max":28, @@ -2077,7 +2089,9 @@ "HostEnvironment":{"shape":"HostEnvironment"}, "EndpointType":{"shape":"EndpointType"}, "SoftwareUpdatesEndDate":{"shape":"SoftwareUpdatesEndDate"}, - "DeprecationDate":{"shape":"DeprecationDate"} + "DeprecationDate":{"shape":"DeprecationDate"}, + "GatewayCapacity":{"shape":"GatewayCapacity"}, + "SupportedGatewayCapacities":{"shape":"SupportedGatewayCapacities"} } }, "DescribeMaintenanceStartTimeInput":{ @@ -2396,6 +2410,12 @@ "DoubleObject":{"type":"double"}, "Ec2InstanceId":{"type":"string"}, "Ec2InstanceRegion":{"type":"string"}, + "EndpointNetworkConfiguration":{ + "type":"structure", + "members":{ + "IpAddresses":{"shape":"IpAddressList"} + } + }, "EndpointType":{ "type":"string", "max":8, @@ -2546,7 +2566,8 @@ "AuditDestinationARN":{"shape":"AuditDestinationARN"}, "GatewayARN":{"shape":"GatewayARN"}, "Tags":{"shape":"Tags"}, - "CacheAttributes":{"shape":"CacheAttributes"} + "CacheAttributes":{"shape":"CacheAttributes"}, + "EndpointNetworkConfiguration":{"shape":"EndpointNetworkConfiguration"} } }, "FileSystemAssociationInfoList":{ @@ -2592,6 +2613,14 @@ "max":500, "min":50 }, + "GatewayCapacity":{ + "type":"string", + "enum":[ + "Small", + "Medium", + "Large" + ] + }, "GatewayId":{ "type":"string", "max":30, @@ -2668,6 +2697,12 @@ "max":23, "min":0 }, + "IPV4Address":{ + "type":"string", + "max":15, + "min":7, + "pattern":"^((25[0-5]|(2[0-4]|1[0-9]|[1-9]|)[0-9])(\\.(?!$)|$)){4}" + }, "IPV4AddressCIDR":{ "type":"string", "pattern":"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\\/([0-9]|[1-2][0-9]|3[0-2]))?$" @@ -2697,6 +2732,12 @@ }, "exception":true }, + "IpAddressList":{ + "type":"list", + "member":{"shape":"IPV4Address"}, + "max":1, + "min":0 + }, "IqnName":{ "type":"string", "max":255, @@ -2965,7 +3006,9 @@ "Tags":{"shape":"Tags"}, "FileShareName":{"shape":"FileShareName"}, "CacheAttributes":{"shape":"CacheAttributes"}, - "NotificationPolicy":{"shape":"NotificationPolicy"} + "NotificationPolicy":{"shape":"NotificationPolicy"}, + "VPCEndpointDNSName":{"shape":"DNSHostName"}, + "BucketRegion":{"shape":"RegionId"} } }, "NFSFileShareInfoList":{ @@ -3236,7 +3279,10 @@ "Tags":{"shape":"Tags"}, "FileShareName":{"shape":"FileShareName"}, "CacheAttributes":{"shape":"CacheAttributes"}, - "NotificationPolicy":{"shape":"NotificationPolicy"} + "NotificationPolicy":{"shape":"NotificationPolicy"}, + "VPCEndpointDNSName":{"shape":"DNSHostName"}, + "BucketRegion":{"shape":"RegionId"}, + "OplocksEnabled":{"shape":"Boolean"} } }, "SMBFileShareInfoList":{ @@ -3394,6 +3440,10 @@ "type":"list", "member":{"shape":"StorediSCSIVolume"} }, + "SupportedGatewayCapacities":{ + "type":"list", + "member":{"shape":"GatewayCapacity"} + }, "Tag":{ "type":"structure", "required":[ @@ -3647,7 +3697,8 @@ "GatewayARN":{"shape":"GatewayARN"}, "GatewayName":{"shape":"GatewayName"}, "GatewayTimezone":{"shape":"GatewayTimezone"}, - "CloudWatchLogGroupARN":{"shape":"CloudWatchLogGroupARN"} + "CloudWatchLogGroupARN":{"shape":"CloudWatchLogGroupARN"}, + "GatewayCapacity":{"shape":"GatewayCapacity"} } }, "UpdateGatewayInformationOutput":{ @@ -3738,7 +3789,8 @@ "CaseSensitivity":{"shape":"CaseSensitivity"}, "FileShareName":{"shape":"FileShareName"}, "CacheAttributes":{"shape":"CacheAttributes"}, - "NotificationPolicy":{"shape":"NotificationPolicy"} + "NotificationPolicy":{"shape":"NotificationPolicy"}, + "OplocksEnabled":{"shape":"Boolean"} } }, "UpdateSMBFileShareOutput":{ diff --git a/models/apis/storagegateway/2013-06-30/docs-2.json b/models/apis/storagegateway/2013-06-30/docs-2.json index 2b1d6a6df66..72bc107f084 100644 --- a/models/apis/storagegateway/2013-06-30/docs-2.json +++ b/models/apis/storagegateway/2013-06-30/docs-2.json @@ -1,22 +1,22 @@ { "version": "2.0", - "service": "AWS Storage Gateway Service

AWS Storage Gateway is the service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the AWS storage infrastructure. The service enables you to securely upload data to the AWS Cloud for cost effective backup and rapid disaster recovery.

Use the following links to get started using the AWS Storage Gateway Service API Reference:

AWS Storage Gateway resource IDs are in uppercase. When you use these resource IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-AA22BB012345DAF670. When you use this ID with the EC2 API, you must change it to vol-aa22bb012345daf670. Otherwise, the EC2 API might not behave as expected.

IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format. Starting in December 2016, all new volumes and snapshots will be created with a 17-character string. Starting in April 2016, you will be able to use these longer IDs so you can test your systems with the new format. For more information, see Longer EC2 and EBS resource IDs.

For example, a volume Amazon Resource Name (ARN) with the longer volume ID format looks like the following:

arn:aws:storagegateway:us-west-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABBCCDDEEFFG.

A snapshot ID with the longer ID format looks like the following: snap-78e226633445566ee.

For more information, see Announcement: Heads-up – Longer AWS Storage Gateway volume and snapshot IDs coming in 2016.

", + "service": "Storage Gateway Service

Storage Gateway is the service that connects an on-premises software appliance with cloud-based storage to provide seamless and secure integration between an organization's on-premises IT environment and the Amazon Web Services storage infrastructure. The service enables you to securely upload data to the Cloud for cost effective backup and rapid disaster recovery.

Use the following links to get started using the Storage Gateway Service API Reference:

Storage Gateway resource IDs are in uppercase. When you use these resource IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must change your resource ID to lowercase to use it with the EC2 API. For example, in Storage Gateway the ID for a volume might be vol-AA22BB012345DAF670. When you use this ID with the EC2 API, you must change it to vol-aa22bb012345daf670. Otherwise, the EC2 API might not behave as expected.

IDs for Storage Gateway volumes and Amazon EBS snapshots created from gateway volumes are changing to a longer format. Starting in December 2016, all new volumes and snapshots will be created with a 17-character string. Starting in April 2016, you will be able to use these longer IDs so you can test your systems with the new format. For more information, see Longer EC2 and EBS resource IDs.

For example, a volume Amazon Resource Name (ARN) with the longer volume ID format looks like the following:

arn:aws:storagegateway:us-west-2:111122223333:gateway/sgw-12A3456B/volume/vol-1122AABBCCDDEEFFG.

A snapshot ID with the longer ID format looks like the following: snap-78e226633445566ee.

For more information, see Announcement: Heads-up – Longer Storage Gateway volume and snapshot IDs coming in 2016.

", "operations": { - "ActivateGateway": "

Activates the gateway you previously deployed on your host. In the activation process, you specify information such as the AWS Region that you want to use for storing snapshots or tapes, the time zone for scheduled snapshots the gateway snapshot schedule window, an activation key, and a name for your gateway. The activation process also associates your gateway with your account. For more information, see UpdateGatewayInformation.

You must turn on the gateway VM before you can activate your gateway.

", - "AddCache": "

Configures one or more gateway local disks as cache for a gateway. This operation is only supported in the cached volume, tape, and file gateway type (see How AWS Storage Gateway works (architecture).

In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache, and one or more disk IDs that you want to configure as cache.

", - "AddTagsToResource": "

Adds one or more tags to the specified resource. You use tags to add metadata to resources, which you can use to categorize these resources. For example, you can categorize resources by purpose, owner, environment, or team. Each tag consists of a key and a value, which you define. You can add tags to the following AWS Storage Gateway resources:

You can create a maximum of 50 tags for each resource. Virtual tapes and storage volumes that are recovered to a new gateway maintain their tags.

", + "ActivateGateway": "

Activates the gateway you previously deployed on your host. In the activation process, you specify information such as the Region that you want to use for storing snapshots or tapes, the time zone for scheduled snapshots the gateway snapshot schedule window, an activation key, and a name for your gateway. The activation process also associates your gateway with your account. For more information, see UpdateGatewayInformation.

You must turn on the gateway VM before you can activate your gateway.

", + "AddCache": "

Configures one or more gateway local disks as cache for a gateway. This operation is only supported in the cached volume, tape, and file gateway type (see How Storage Gateway works (architecture).

In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache, and one or more disk IDs that you want to configure as cache.

", + "AddTagsToResource": "

Adds one or more tags to the specified resource. You use tags to add metadata to resources, which you can use to categorize these resources. For example, you can categorize resources by purpose, owner, environment, or team. Each tag consists of a key and a value, which you define. You can add tags to the following Storage Gateway resources:

You can create a maximum of 50 tags for each resource. Virtual tapes and storage volumes that are recovered to a new gateway maintain their tags.

", "AddUploadBuffer": "

Configures one or more gateway local disks as upload buffer for a specified gateway. This operation is supported for the stored volume, cached volume, and tape gateway types.

In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add upload buffer, and one or more disk IDs that you want to configure as upload buffer.

", "AddWorkingStorage": "

Configures one or more gateway local disks as working storage for a gateway. This operation is only supported in the stored volume gateway type. This operation is deprecated in cached volume API version 20120630. Use AddUploadBuffer instead.

Working storage is also referred to as upload buffer. You can also use the AddUploadBuffer operation to add upload buffer to a stored volume gateway.

In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add working storage, and one or more disk IDs that you want to configure as working storage.

", "AssignTapePool": "

Assigns a tape to a tape pool for archiving. The tape assigned to a pool is archived in the S3 storage class that is associated with the pool. When you use your backup application to eject the tape, the tape is archived directly into the S3 storage class (S3 Glacier or S3 Glacier Deep Archive) that corresponds to the pool.

Valid Values: GLACIER | DEEP_ARCHIVE

", - "AssociateFileSystem": "

Associate an Amazon FSx file system with the Amazon FSx file gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the Amazon FSx file gateway type.

", + "AssociateFileSystem": "

Associate an Amazon FSx file system with the FSx File Gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the FSx File Gateway type.

", "AttachVolume": "

Connects a volume to an iSCSI connection and then attaches the volume to the specified gateway. Detaching and attaching a volume enables you to recover your data from one gateway to a different gateway without creating a snapshot. It also makes it easier to move your volumes from an on-premises gateway to a gateway hosted on an Amazon EC2 instance.

", "CancelArchival": "

Cancels archiving of a virtual tape to the virtual tape shelf (VTS) after the archiving process is initiated. This operation is only supported in the tape gateway type.

", "CancelRetrieval": "

Cancels retrieval of a virtual tape from the virtual tape shelf (VTS) to a gateway after the retrieval process is initiated. The virtual tape is returned to the VTS. This operation is only supported in the tape gateway type.

", "CreateCachediSCSIVolume": "

Creates a cached volume on a specified cached volume gateway. This operation is only supported in the cached volume gateway type.

Cache storage must be allocated to the gateway before you can create a cached volume. Use the AddCache operation to add cache storage to a gateway.

In the request, you must specify the gateway, size of the volume in bytes, the iSCSI target name, an IP address on which to expose the target, and a unique client token. In response, the gateway creates the volume and returns information about it. This information includes the volume Amazon Resource Name (ARN), its size, and the iSCSI target ARN that initiators can use to connect to the volume target.

Optionally, you can provide the ARN for an existing volume as the SourceVolumeARN for this cached volume, which creates an exact copy of the existing volume’s latest recovery point. The VolumeSizeInBytes value must be equal to or larger than the size of the copied volume, in bytes.

", - "CreateNFSFileShare": "

Creates a Network File System (NFS) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. This operation is only supported for file gateways.

File gateway requires AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in the AWS Region, activate it. For information about how to activate AWS STS, see Activating and deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide.

File gateway does not support creating hard or symbolic links on a file share.

", - "CreateSMBFileShare": "

Creates a Server Message Block (SMB) file share on an existing file gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an SMB interface. This operation is only supported for file gateways.

File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see Activating and deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide.

File gateways don't support creating hard or symbolic links on a file share.

", - "CreateSnapshot": "

Initiates a snapshot of a volume.

AWS Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, and also import the data to an Amazon Elastic Block Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway volume on a scheduled or ad hoc basis. This API enables you to take an ad hoc snapshot. For more information, see Editing a snapshot schedule.

In the CreateSnapshot request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide description for the snapshot. When AWS Storage Gateway takes the snapshot of specified volume, the snapshot and description appears in the AWS Storage Gateway console. In response, AWS Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot. This operation is only supported in stored and cached volume gateway type.

To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.

Volume and snapshot IDs are changing to a longer length ID format. For more information, see the important note on the Welcome page.

", - "CreateSnapshotFromVolumeRecoveryPoint": "

Initiates a snapshot of a gateway from a volume recovery point. This operation is only supported in the cached volume gateway type.

A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot. To get a list of volume recovery point for cached volume gateway, use ListVolumeRecoveryPoints.

In the CreateSnapshotFromVolumeRecoveryPoint request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When the gateway takes a snapshot of the specified volume, the snapshot and its description appear in the AWS Storage Gateway console. In response, the gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot.

To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.

", + "CreateNFSFileShare": "

Creates a Network File System (NFS) file share on an existing S3 File Gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. This operation is only supported for S3 File Gateways.

S3 File gateway requires Security Token Service (STS) to be activated to enable you to create a file share. Make sure STS is activated in the Region you are creating your S3 File Gateway in. If STS is not activated in the Region, activate it. For information about how to activate STS, see Activating and deactivating STS in an Region in the Identity and Access Management User Guide.

S3 File Gateways do not support creating hard or symbolic links on a file share.

", + "CreateSMBFileShare": "

Creates a Server Message Block (SMB) file share on an existing S3 File Gateway. In Storage Gateway, a file share is a file system mount point backed by Amazon S3 cloud storage. Storage Gateway exposes file shares using an SMB interface. This operation is only supported for S3 File Gateways.

S3 File Gateways require Security Token Service (STS) to be activated to enable you to create a file share. Make sure that STS is activated in the Region you are creating your S3 File Gateway in. If STS is not activated in this Region, activate it. For information about how to activate STS, see Activating and deactivating STS in an Region in the Identity and Access Management User Guide.

File gateways don't support creating hard or symbolic links on a file share.

", + "CreateSnapshot": "

Initiates a snapshot of a volume.

Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, and also import the data to an Amazon Elastic Block Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway volume on a scheduled or ad hoc basis. This API enables you to take an ad hoc snapshot. For more information, see Editing a snapshot schedule.

In the CreateSnapshot request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide description for the snapshot. When Storage Gateway takes the snapshot of specified volume, the snapshot and description appears in the Storage Gateway console. In response, Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot. This operation is only supported in stored and cached volume gateway type.

To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.

Volume and snapshot IDs are changing to a longer length ID format. For more information, see the important note on the Welcome page.

", + "CreateSnapshotFromVolumeRecoveryPoint": "

Initiates a snapshot of a gateway from a volume recovery point. This operation is only supported in the cached volume gateway type.

A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot. To get a list of volume recovery point for cached volume gateway, use ListVolumeRecoveryPoints.

In the CreateSnapshotFromVolumeRecoveryPoint request, you identify the volume by providing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When the gateway takes a snapshot of the specified volume, the snapshot and its description appear in the Storage Gateway console. In response, the gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from a snapshot.

To list or delete a snapshot, you must use the Amazon EC2 API. For more information, see DescribeSnapshots or DeleteSnapshot in the Amazon Elastic Compute Cloud API Reference.

", "CreateStorediSCSIVolume": "

Creates a volume on a specified gateway. This operation is only supported in the stored volume gateway type.

The size of the volume to create is inferred from the disk size. You can choose to preserve existing data on the disk, create volume from an existing snapshot, or create an empty volume. If you choose to create an empty gateway volume, then any existing data on the disk is erased.

In the request, you must specify the gateway and the disk information on which you are creating the volume. In response, the gateway creates the volume and returns volume information such as the volume Amazon Resource Name (ARN), its size, and the iSCSI target ARN that initiators can use to connect to the volume target.

", "CreateTapePool": "

Creates a new custom tape pool. You can use custom tape pool to enable tape retention lock on tapes that are archived in the custom pool.

", "CreateTapeWithBarcode": "

Creates a virtual tape by using your own barcode. You write data to the virtual tape and then archive the tape. A barcode is unique and cannot be reused if it has already been used on a tape. This applies to barcodes used on deleted tapes. This operation is only supported in the tape gateway type.

Cache storage must be allocated to the gateway before you can create a virtual tape. Use the AddCache operation to add cache storage to a gateway.

", @@ -24,8 +24,8 @@ "DeleteAutomaticTapeCreationPolicy": "

Deletes the automatic tape creation policy of a gateway. If you delete this policy, new virtual tapes must be created manually. Use the Amazon Resource Name (ARN) of the gateway in your request to remove the policy.

", "DeleteBandwidthRateLimit": "

Deletes the bandwidth rate limits of a gateway. You can delete either the upload and download bandwidth rate limit, or you can delete both. If you delete only one of the limits, the other limit remains unchanged. To specify which gateway to work with, use the Amazon Resource Name (ARN) of the gateway in your request. This operation is supported for the stored volume, cached volume and tape gateway types.

", "DeleteChapCredentials": "

Deletes Challenge-Handshake Authentication Protocol (CHAP) credentials for a specified iSCSI target and initiator pair. This operation is supported in volume and tape gateway types.

", - "DeleteFileShare": "

Deletes a file share from a file gateway. This operation is only supported for file gateways.

", - "DeleteGateway": "

Deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name (ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the gateway virtual machine (VM) from your host computer.

After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a gateway, your next step is to remove it from your environment.

You no longer pay software charges after the gateway is deleted; however, your existing Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription.  If you prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 console. For more information, see the AWS Storage Gateway detail page.

", + "DeleteFileShare": "

Deletes a file share from an S3 File Gateway. This operation is only supported for S3 File Gateways.

", + "DeleteGateway": "

Deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name (ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the gateway virtual machine (VM) from your host computer.

After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a gateway, your next step is to remove it from your environment.

You no longer pay software charges after the gateway is deleted; however, your existing Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription.  If you prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 console. For more information, see the Storage Gateway detail page.

", "DeleteSnapshotSchedule": "

Deletes a snapshot of a volume.

You can take snapshots of your gateway volumes on a scheduled or ad hoc basis. This API action enables you to delete a snapshot schedule for a volume. For more information, see Backing up your volumes. In the DeleteSnapshotSchedule request, you identify the volume by providing its Amazon Resource Name (ARN). This operation is only supported in stored and cached volume gateway types.

To list or delete a snapshot, you must use the Amazon EC2 API. For more information, go to DescribeSnapshots in the Amazon Elastic Compute Cloud API Reference.

", "DeleteTape": "

Deletes the specified virtual tape. This operation is only supported in the tape gateway type.

", "DeleteTapeArchive": "

Deletes the specified virtual tape from the virtual tape shelf (VTS). This operation is only supported in the tape gateway type.

", @@ -35,30 +35,30 @@ "DescribeBandwidthRateLimit": "

Returns the bandwidth rate limits of a gateway. By default, these limits are not set, which means no bandwidth rate limiting is in effect. This operation is supported for the stored volume, cached volume, and tape gateway types.

This operation only returns a value for a bandwidth rate limit only if the limit is set. If no limits are set for the gateway, then this operation returns only the gateway ARN in the response body. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.

", "DescribeBandwidthRateLimitSchedule": "

Returns information about the bandwidth rate limit schedule of a gateway. By default, gateways do not have bandwidth rate limit schedules, which means no bandwidth rate limiting is in effect. This operation is supported only in the volume and tape gateway types.

This operation returns information about a gateway's bandwidth rate limit schedule. A bandwidth rate limit schedule consists of one or more bandwidth rate limit intervals. A bandwidth rate limit interval defines a period of time on one or more days of the week, during which bandwidth rate limits are specified for uploading, downloading, or both.

A bandwidth rate limit interval consists of one or more days of the week, a start hour and minute, an ending hour and minute, and bandwidth rate limits for uploading and downloading

If no bandwidth rate limit schedule intervals are set for the gateway, this operation returns an empty response. To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.

", "DescribeCache": "

Returns information about the cache of a gateway. This operation is only supported in the cached volume, tape, and file gateway types.

The response includes disk IDs that are configured as cache, and it includes the amount of cache allocated and used.

", - "DescribeCachediSCSIVolumes": "

Returns a description of the gateway volumes specified in the request. This operation is only supported in the cached volume gateway types.

The list of gateway volumes in the request must be from one gateway. In the response, AWS Storage Gateway returns volume information sorted by volume Amazon Resource Name (ARN).

", + "DescribeCachediSCSIVolumes": "

Returns a description of the gateway volumes specified in the request. This operation is only supported in the cached volume gateway types.

The list of gateway volumes in the request must be from one gateway. In the response, Storage Gateway returns volume information sorted by volume Amazon Resource Name (ARN).

", "DescribeChapCredentials": "

Returns an array of Challenge-Handshake Authentication Protocol (CHAP) credentials information for a specified iSCSI target, one for each target-initiator pair. This operation is supported in the volume and tape gateway types.

", - "DescribeFileSystemAssociations": "

Gets the file system association information. This operation is only supported for Amazon FSx file gateways.

", + "DescribeFileSystemAssociations": "

Gets the file system association information. This operation is only supported for FSx File Gateways.

", "DescribeGatewayInformation": "

Returns metadata about a gateway such as its name, network interfaces, configured time zone, and the state (whether the gateway is running or not). To specify which gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.

", "DescribeMaintenanceStartTime": "

Returns your gateway's weekly maintenance start time including the day and time of the week. Note that values are in terms of the gateway's time zone.

", - "DescribeNFSFileShares": "

Gets a description for one or more Network File System (NFS) file shares from a file gateway. This operation is only supported for file gateways.

", - "DescribeSMBFileShares": "

Gets a description for one or more Server Message Block (SMB) file shares from a file gateway. This operation is only supported for file gateways.

", + "DescribeNFSFileShares": "

Gets a description for one or more Network File System (NFS) file shares from an S3 File Gateway. This operation is only supported for S3 File Gateways.

", + "DescribeSMBFileShares": "

Gets a description for one or more Server Message Block (SMB) file shares from a S3 File Gateway. This operation is only supported for S3 File Gateways.

", "DescribeSMBSettings": "

Gets a description of a Server Message Block (SMB) file share settings from a file gateway. This operation is only supported for file gateways.

", "DescribeSnapshotSchedule": "

Describes the snapshot schedule for the specified gateway volume. The snapshot schedule information includes intervals at which snapshots are automatically initiated on the volume. This operation is only supported in the cached volume and stored volume types.

", - "DescribeStorediSCSIVolumes": "

Returns the description of the gateway volumes specified in the request. The list of gateway volumes in the request must be from one gateway. In the response, AWS Storage Gateway returns volume information sorted by volume ARNs. This operation is only supported in stored volume gateway type.

", - "DescribeTapeArchives": "

Returns a description of specified virtual tapes in the virtual tape shelf (VTS). This operation is only supported in the tape gateway type.

If a specific TapeARN is not specified, AWS Storage Gateway returns a description of all virtual tapes found in the VTS associated with your account.

", + "DescribeStorediSCSIVolumes": "

Returns the description of the gateway volumes specified in the request. The list of gateway volumes in the request must be from one gateway. In the response, Storage Gateway returns volume information sorted by volume ARNs. This operation is only supported in stored volume gateway type.

", + "DescribeTapeArchives": "

Returns a description of specified virtual tapes in the virtual tape shelf (VTS). This operation is only supported in the tape gateway type.

If a specific TapeARN is not specified, Storage Gateway returns a description of all virtual tapes found in the VTS associated with your account.

", "DescribeTapeRecoveryPoints": "

Returns a list of virtual tape recovery points that are available for the specified tape gateway.

A recovery point is a point-in-time view of a virtual tape at which all the data on the virtual tape is consistent. If your gateway crashes, virtual tapes that have recovery points can be recovered to a new gateway. This operation is only supported in the tape gateway type.

", "DescribeTapes": "

Returns a description of the specified Amazon Resource Name (ARN) of virtual tapes. If a TapeARN is not specified, returns a description of all virtual tapes associated with the specified gateway. This operation is only supported in the tape gateway type.

", "DescribeUploadBuffer": "

Returns information about the upload buffer of a gateway. This operation is supported for the stored volume, cached volume, and tape gateway types.

The response includes disk IDs that are configured as upload buffer space, and it includes the amount of upload buffer space allocated and used.

", - "DescribeVTLDevices": "

Returns a description of virtual tape library (VTL) devices for the specified tape gateway. In the response, AWS Storage Gateway returns VTL device information.

This operation is only supported in the tape gateway type.

", + "DescribeVTLDevices": "

Returns a description of virtual tape library (VTL) devices for the specified tape gateway. In the response, Storage Gateway returns VTL device information.

This operation is only supported in the tape gateway type.

", "DescribeWorkingStorage": "

Returns information about the working storage of a gateway. This operation is only supported in the stored volumes gateway type. This operation is deprecated in cached volumes API version (20120630). Use DescribeUploadBuffer instead.

Working storage is also referred to as upload buffer. You can also use the DescribeUploadBuffer operation to add upload buffer to a stored volume gateway.

The response includes disk IDs that are configured as working storage, and it includes the amount of working storage allocated and used.

", "DetachVolume": "

Disconnects a volume from an iSCSI connection and then detaches the volume from the specified gateway. Detaching and attaching a volume enables you to recover your data from one gateway to a different gateway without creating a snapshot. It also makes it easier to move your volumes from an on-premises gateway to a gateway hosted on an Amazon EC2 instance. This operation is only supported in the volume gateway type.

", "DisableGateway": "

Disables a tape gateway when the gateway is no longer functioning. For example, if your gateway VM is damaged, you can disable the gateway so you can recover virtual tapes.

Use this operation for a tape gateway that is not reachable or not functioning. This operation is only supported in the tape gateway type.

After a gateway is disabled, it cannot be enabled.

", - "DisassociateFileSystem": "

Disassociates an Amazon FSx file system from the specified gateway. After the disassociation process finishes, the gateway can no longer access the Amazon FSx file system. This operation is only supported in the Amazon FSx file gateway type.

", + "DisassociateFileSystem": "

Disassociates an Amazon FSx file system from the specified gateway. After the disassociation process finishes, the gateway can no longer access the Amazon FSx file system. This operation is only supported in the FSx File Gateway type.

", "JoinDomain": "

Adds a file gateway to an Active Directory domain. This operation is only supported for file gateways that support the SMB file protocol.

", "ListAutomaticTapeCreationPolicies": "

Lists the automatic tape creation policies for a gateway. If there are no automatic tape creation policies for the gateway, it returns an empty list.

This operation is only supported for tape gateways.

", - "ListFileShares": "

Gets a list of the file shares for a specific file gateway, or the list of file shares that belong to the calling user account. This operation is only supported for file gateways.

", - "ListFileSystemAssociations": "

Gets a list of FileSystemAssociationSummary objects. Each object contains a summary of a file system association. This operation is only supported for Amazon FSx file gateways.

", - "ListGateways": "

Lists gateways owned by an AWS account in an AWS Region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN).

By default, the operation returns a maximum of 100 gateways. This operation supports pagination that allows you to optionally reduce the number of gateways returned in a response.

If you have more gateways than are returned in a response (that is, the response returns only a truncated list of your gateways), the response contains a marker that you can specify in your next request to fetch the next page of gateways.

", + "ListFileShares": "

Gets a list of the file shares for a specific S3 File Gateway, or the list of file shares that belong to the calling user account. This operation is only supported for S3 File Gateways.

", + "ListFileSystemAssociations": "

Gets a list of FileSystemAssociationSummary objects. Each object contains a summary of a file system association. This operation is only supported for FSx File Gateways.

", + "ListGateways": "

Lists gateways owned by an account in an Region specified in the request. The returned list is ordered by gateway Amazon Resource Name (ARN).

By default, the operation returns a maximum of 100 gateways. This operation supports pagination that allows you to optionally reduce the number of gateways returned in a response.

If you have more gateways than are returned in a response (that is, the response returns only a truncated list of your gateways), the response contains a marker that you can specify in your next request to fetch the next page of gateways.

", "ListLocalDisks": "

Returns a list of the gateway's local disks. To specify which gateway to describe, you use the Amazon Resource Name (ARN) of the gateway in the body of the request.

The request returns a list of all disks, specifying which are configured as working storage, cache storage, or stored volume or not configured at all. The response includes a DiskStatus field. This field can have a value of present (the disk is available to use), missing (the disk is no longer connected to the gateway), or mismatch (the disk node is occupied by a disk that has incorrect metadata or the disk content is corrupted).

", "ListTagsForResource": "

Lists the tags that have been added to the specified resource. This operation is supported in storage gateways of all types.

", "ListTapePools": "

Lists custom tape pools. You specify custom tape pools to list by specifying one or more custom tape pool Amazon Resource Names (ARNs). If you don't specify a custom tape pool ARN, the operation lists all custom tape pools.

This operation supports pagination. You can optionally specify the Limit parameter in the body to limit the number of tape pools in the response. If the number of tape pools returned in the response is truncated, the response includes a Marker element that you can use in your subsequent request to retrieve the next set of tape pools.

", @@ -66,14 +66,14 @@ "ListVolumeInitiators": "

Lists iSCSI initiators that are connected to a volume. You can use this operation to determine whether a volume is being used or not. This operation is only supported in the cached volume and stored volume gateway types.

", "ListVolumeRecoveryPoints": "

Lists the recovery points for a specified gateway. This operation is only supported in the cached volume gateway type.

Each cache volume has one recovery point. A volume recovery point is a point in time at which all data of the volume is consistent and from which you can create a snapshot or clone a new cached volume from a source volume. To create a snapshot from a volume recovery point use the CreateSnapshotFromVolumeRecoveryPoint operation.

", "ListVolumes": "

Lists the iSCSI stored volumes of a gateway. Results are sorted by volume ARN. The response includes only the volume ARNs. If you want additional volume information, use the DescribeStorediSCSIVolumes or the DescribeCachediSCSIVolumes API.

The operation supports pagination. By default, the operation returns a maximum of up to 100 volumes. You can optionally specify the Limit field in the body to limit the number of volumes in the response. If the number of volumes returned in the response is truncated, the response includes a Marker field. You can use this Marker value in your subsequent request to retrieve the next set of volumes. This operation is only supported in the cached volume and stored volume gateway types.

", - "NotifyWhenUploaded": "

Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.

AWS Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or AWS Lambda function. This operation is only supported for file gateways.

For more information, see Getting file upload notification in the AWS Storage Gateway User Guide.

", - "RefreshCache": "

Refreshes the cached inventory of objects for the specified file share. This operation finds objects in the Amazon S3 bucket that were added, removed, or replaced since the gateway last listed the bucket's contents and cached the results. This operation does not import files into the file gateway cache storage. It only updates the cached inventory to reflect changes in the inventory of the objects in the S3 bucket. This operation is only supported in the file gateway type. You can subscribe to be notified through an Amazon CloudWatch event when your RefreshCache operation completes. For more information, see Getting notified about file operations in the AWS Storage Gateway User Guide.

When this API is called, it only initiates the refresh operation. When the API call completes and returns a success code, it doesn't necessarily mean that the file refresh has completed. You should use the refresh-complete notification to determine that the operation has completed before you check for new files on the gateway file share. You can subscribe to be notified through a CloudWatch event when your RefreshCache operation completes.

Throttle limit: This API is asynchronous, so the gateway will accept no more than two refreshes at any time. We recommend using the refresh-complete CloudWatch event notification before issuing additional requests. For more information, see Getting notified about file operations in the AWS Storage Gateway User Guide.

If you invoke the RefreshCache API when two requests are already being processed, any new request will cause an InvalidGatewayRequestException error because too many requests were sent to the server.

For more information, see Getting notified about file operations in the AWS Storage Gateway User Guide.

", + "NotifyWhenUploaded": "

Sends you notification through CloudWatch Events when all files written to your file share have been uploaded to Amazon S3.

Storage Gateway can send a notification through Amazon CloudWatch Events when all files written to your file share up to that point in time have been uploaded to Amazon S3. These files include files written to the file share up to the time that you make a request for notification. When the upload is done, Storage Gateway sends you notification through an Amazon CloudWatch Event. You can configure CloudWatch Events to send the notification through event targets such as Amazon SNS or Lambda function. This operation is only supported for S3 File Gateways.

For more information, see Getting file upload notification in the Storage Gateway User Guide.

", + "RefreshCache": "

Refreshes the cached inventory of objects for the specified file share. This operation finds objects in the Amazon S3 bucket that were added, removed, or replaced since the gateway last listed the bucket's contents and cached the results. This operation does not import files into the S3 File Gateway cache storage. It only updates the cached inventory to reflect changes in the inventory of the objects in the S3 bucket. This operation is only supported in the S3 File Gateway types.

You can subscribe to be notified through an Amazon CloudWatch event when your RefreshCache operation completes. For more information, see Getting notified about file operations in the Storage Gateway User Guide. This operation is Only supported for S3 File Gateways.

When this API is called, it only initiates the refresh operation. When the API call completes and returns a success code, it doesn't necessarily mean that the file refresh has completed. You should use the refresh-complete notification to determine that the operation has completed before you check for new files on the gateway file share. You can subscribe to be notified through a CloudWatch event when your RefreshCache operation completes.

Throttle limit: This API is asynchronous, so the gateway will accept no more than two refreshes at any time. We recommend using the refresh-complete CloudWatch event notification before issuing additional requests. For more information, see Getting notified about file operations in the Storage Gateway User Guide.

If you invoke the RefreshCache API when two requests are already being processed, any new request will cause an InvalidGatewayRequestException error because too many requests were sent to the server.

For more information, see Getting notified about file operations in the Storage Gateway User Guide.

", "RemoveTagsFromResource": "

Removes one or more tags from the specified resource. This operation is supported in storage gateways of all types.

", "ResetCache": "

Resets all cache disks that have encountered an error and makes the disks available for reconfiguration as cache storage. If your cache disk encounters an error, the gateway prevents read and write operations on virtual tapes in the gateway. For example, an error can occur when a disk is corrupted or removed from the gateway. When a cache is reset, the gateway loses its cache storage. At this point, you can reconfigure the disks as cache disks. This operation is only supported in the cached volume and tape types.

If the cache disk you are resetting contains data that has not been uploaded to Amazon S3 yet, that data can be lost. After you reset cache disks, there will be no configured cache disks left in the gateway, so you must configure at least one new cache disk for your gateway to function properly.

", "RetrieveTapeArchive": "

Retrieves an archived virtual tape from the virtual tape shelf (VTS) to a tape gateway. Virtual tapes archived in the VTS are not associated with any gateway. However after a tape is retrieved, it is associated with a gateway, even though it is also listed in the VTS, that is, archive. This operation is only supported in the tape gateway type.

Once a tape is successfully retrieved to a gateway, it cannot be retrieved again to another gateway. You must archive the tape again before you can retrieve it to another gateway. This operation is only supported in the tape gateway type.

", "RetrieveTapeRecoveryPoint": "

Retrieves the recovery point for the specified virtual tape. This operation is only supported in the tape gateway type.

A recovery point is a point in time view of a virtual tape at which all the data on the tape is consistent. If your gateway crashes, virtual tapes that have recovery points can be recovered to a new gateway.

The virtual tape can be retrieved to only one gateway. The retrieved tape is read-only. The virtual tape can be retrieved to only a tape gateway. There is no charge for retrieving recovery points.

", "SetLocalConsolePassword": "

Sets the password for your VM local console. When you log in to the local console for the first time, you log in to the VM with the default credentials. We recommend that you set a new password. You don't need to know the default password to set a new password.

", - "SetSMBGuestPassword": "

Sets the password for the guest user smbguest. The smbguest user is the user when the authentication method for the file share is set to GuestAccess.

", + "SetSMBGuestPassword": "

Sets the password for the guest user smbguest. The smbguest user is the user when the authentication method for the file share is set to GuestAccess. This operation only supported for S3 File Gateways

", "ShutdownGateway": "

Shuts down a gateway. To specify which gateway to shut down, use the Amazon Resource Name (ARN) of the gateway in the body of your request.

The operation shuts down the gateway service component running in the gateway's virtual machine (VM) and not the host VM.

If you want to shut down the VM, it is recommended that you first shut down the gateway component in the VM to avoid unpredictable conditions.

After the gateway is shutdown, you cannot call any other API except StartGateway, DescribeGatewayInformation, and ListGateways. For more information, see ActivateGateway. Your applications cannot read from or write to the gateway's storage volumes, and there are no snapshots taken.

When you make a shutdown request, you will get a 200 OK success response immediately. However, it might take some time for the gateway to shut down. You can call the DescribeGatewayInformation API to check the status. For more information, see ActivateGateway.

If do not intend to use the gateway again, you must delete the gateway (using DeleteGateway) to no longer pay software charges associated with the gateway.

", "StartAvailabilityMonitorTest": "

Start a test that verifies that the specified gateway is configured for High Availability monitoring in your host environment. This request only initiates the test and that a successful response only indicates that the test was started. It doesn't indicate that the test passed. For the status of the test, invoke the DescribeAvailabilityMonitorTest API.

Starting this test will cause your gateway to go offline for a brief period.

", "StartGateway": "

Starts a gateway that you previously shut down (see ShutdownGateway). After the gateway starts, you can then make other API calls, your applications can read from or write to the gateway's storage volumes and you will be able to take snapshot backups.

When you make a request, you will get a 200 OK success response immediately. However, it might take some time for the gateway to be ready. You should call DescribeGatewayInformation and check the status before making any additional API calls. For more information, see ActivateGateway.

To specify which gateway to start, use the Amazon Resource Name (ARN) of the gateway in your request.

", @@ -81,13 +81,13 @@ "UpdateBandwidthRateLimit": "

Updates the bandwidth rate limits of a gateway. You can update both the upload and download bandwidth rate limit or specify only one of the two. If you don't set a bandwidth rate limit, the existing rate limit remains. This operation is supported for the stored volume, cached volume, and tape gateway types.

By default, a gateway's bandwidth rate limits are not set. If you don't set any limit, the gateway does not have any limitations on its bandwidth usage and could potentially use the maximum available bandwidth.

To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.

", "UpdateBandwidthRateLimitSchedule": "

Updates the bandwidth rate limit schedule for a specified gateway. By default, gateways do not have bandwidth rate limit schedules, which means no bandwidth rate limiting is in effect. Use this to initiate or update a gateway's bandwidth rate limit schedule. This operation is supported in the volume and tape gateway types.

", "UpdateChapCredentials": "

Updates the Challenge-Handshake Authentication Protocol (CHAP) credentials for a specified iSCSI target. By default, a gateway does not have CHAP enabled; however, for added security, you might use it. This operation is supported in the volume and tape gateway types.

When you update CHAP credentials, all existing connections on the target are closed and initiators must reconnect with the new credentials.

", - "UpdateFileSystemAssociation": "

Updates a file system association. This operation is only supported in the Amazon FSx file gateway type.

", + "UpdateFileSystemAssociation": "

Updates a file system association. This operation is only supported in the FSx File Gateways.

", "UpdateGatewayInformation": "

Updates a gateway's metadata, which includes the gateway's name and time zone. To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.

For gateways activated after September 2, 2015, the gateway's ARN contains the gateway ID rather than the gateway name. However, changing the name of the gateway has no effect on the gateway's ARN.

", "UpdateGatewaySoftwareNow": "

Updates the gateway virtual machine (VM) software. The request immediately triggers the software update.

When you make this request, you get a 200 OK success response immediately. However, it might take some time for the update to complete. You can call DescribeGatewayInformation to verify the gateway is in the STATE_RUNNING state.

A software update forces a system restart of your gateway. You can minimize the chance of any disruption to your applications by increasing your iSCSI Initiators' timeouts. For more information about increasing iSCSI Initiator timeouts for Windows and Linux, see Customizing your Windows iSCSI settings and Customizing your Linux iSCSI settings, respectively.

", "UpdateMaintenanceStartTime": "

Updates a gateway's weekly maintenance start time information, including day and time of the week. The maintenance time is the time in your gateway's time zone.

", - "UpdateNFSFileShare": "

Updates a Network File System (NFS) file share. This operation is only supported in the file gateway type.

To leave a file share field unchanged, set the corresponding input field to null.

Updates the following file share settings:

", - "UpdateSMBFileShare": "

Updates a Server Message Block (SMB) file share. This operation is only supported for file gateways.

To leave a file share field unchanged, set the corresponding input field to null.

File gateways require AWS Security Token Service (AWS STS) to be activated to enable you to create a file share. Make sure that AWS STS is activated in the AWS Region you are creating your file gateway in. If AWS STS is not activated in this AWS Region, activate it. For information about how to activate AWS STS, see Activating and deactivating AWS STS in an AWS Region in the AWS Identity and Access Management User Guide.

File gateways don't support creating hard or symbolic links on a file share.

", - "UpdateSMBFileShareVisibility": "

Controls whether the shares on a gateway are visible in a net view or browse list.

", + "UpdateNFSFileShare": "

Updates a Network File System (NFS) file share. This operation is only supported in S3 File Gateways.

To leave a file share field unchanged, set the corresponding input field to null.

Updates the following file share settings:

", + "UpdateSMBFileShare": "

Updates a Server Message Block (SMB) file share. This operation is only supported for S3 File Gateways.

To leave a file share field unchanged, set the corresponding input field to null.

File gateways require Security Token Service (STS) to be activated to enable you to create a file share. Make sure that STS is activated in the Region you are creating your file gateway in. If STS is not activated in this Region, activate it. For information about how to activate STS, see Activating and deactivating STS in an Region in the Identity and Access Management User Guide.

File gateways don't support creating hard or symbolic links on a file share.

", + "UpdateSMBFileShareVisibility": "

Controls whether the shares on an S3 File Gateway are visible in a net view or browse list. The operation is only supported for S3 File Gateways.

", "UpdateSMBSecurityStrategy": "

Updates the SMB security strategy on a file gateway. This action is only supported in file gateways.

This API is called Security level in the User Guide.

A higher security level can affect performance of the gateway.

", "UpdateSnapshotSchedule": "

Updates a snapshot schedule configured for a gateway volume. This operation is only supported in the cached volume and stored volume gateway types.

The default snapshot schedule for volume is once every 24 hours, starting at the creation time of the volume. You can use this API to change the snapshot schedule configured for the volume.

In the request you must identify the gateway volume whose snapshot schedule you want to update, and the schedule information, including when you want the snapshot to begin on a day and the frequency (in hours) of snapshots.

", "UpdateVTLDeviceType": "

Updates the type of medium changer in a tape gateway. When you activate a tape gateway, you select a medium changer type for the tape gateway. This operation enables you to select a different type of medium changer after a tape gateway is activated. This operation is only supported in the tape gateway type.

" @@ -99,14 +99,14 @@ } }, "ActivateGatewayOutput": { - "base": "

AWS Storage Gateway returns the Amazon Resource Name (ARN) of the activated gateway. It is a string made of information such as your account, gateway name, and AWS Region. This ARN is used to reference the gateway in other API operations as well as resource-based authorization.

For gateways activated prior to September 02, 2015, the gateway ARN contains the gateway name rather than the gateway ID. Changing the name of the gateway has no effect on the gateway ARN.

", + "base": "

Storage Gateway returns the Amazon Resource Name (ARN) of the activated gateway. It is a string made of information such as your account, gateway name, and Region. This ARN is used to reference the gateway in other API operations as well as resource-based authorization.

For gateways activated prior to September 02, 2015, the gateway ARN contains the gateway name rather than the gateway ID. Changing the name of the gateway has no effect on the gateway ARN.

", "refs": { } }, "ActivationKey": { "base": null, "refs": { - "ActivateGatewayInput$ActivationKey": "

Your gateway activation key. You can obtain the activation key by sending an HTTP GET request with redirects enabled to the gateway IP address (port 80). The redirect URL returned in the response provides you the activation key for your gateway in the query string parameter activationKey. It may also include other activation-related parameters, however, these are merely defaults -- the arguments you pass to the ActivateGateway API call determine the actual configuration of your gateway.

For more information, see Getting activation key in the AWS Storage Gateway User Guide.

" + "ActivateGatewayInput$ActivationKey": "

Your gateway activation key. You can obtain the activation key by sending an HTTP GET request with redirects enabled to the gateway IP address (port 80). The redirect URL returned in the response provides you the activation key for your gateway in the query string parameter activationKey. It may also include other activation-related parameters, however, these are merely defaults -- the arguments you pass to the ActivateGateway API call determine the actual configuration of your gateway.

For more information, see Getting activation key in the Storage Gateway User Guide.

" } }, "ActiveDirectoryStatus": { @@ -273,22 +273,23 @@ "Boolean": { "base": null, "refs": { - "CreateCachediSCSIVolumeInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", - "CreateNFSFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "CreateCachediSCSIVolumeInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "CreateNFSFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", "CreateNFSFileShareInput$ReadOnly": "

A value that sets the write status of a file share. Set this value to true to set the write status to read-only, otherwise set to false.

Valid Values: true | false

", "CreateNFSFileShareInput$GuessMIMETypeEnabled": "

A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, otherwise set to false. The default value is true.

Valid Values: true | false

", "CreateNFSFileShareInput$RequesterPays": "

A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.

RequesterPays is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.

Valid Values: true | false

", - "CreateSMBFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "CreateSMBFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", "CreateSMBFileShareInput$ReadOnly": "

A value that sets the write status of a file share. Set this value to true to set the write status to read-only, otherwise set to false.

Valid Values: true | false

", "CreateSMBFileShareInput$GuessMIMETypeEnabled": "

A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, otherwise set to false. The default value is true.

Valid Values: true | false

", "CreateSMBFileShareInput$RequesterPays": "

A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.

RequesterPays is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.

Valid Values: true | false

", - "CreateSMBFileShareInput$SMBACLEnabled": "

Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.

For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the AWS Storage Gateway User Guide.

Valid Values: true | false

", + "CreateSMBFileShareInput$SMBACLEnabled": "

Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.

For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.

Valid Values: true | false

", "CreateSMBFileShareInput$AccessBasedEnumeration": "

The files and folders on this share will only be visible to users with read access.

", - "CreateStorediSCSIVolumeInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", - "CreateTapeWithBarcodeInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", - "CreateTapesInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", - "DescribeSMBSettingsOutput$SMBGuestPasswordSet": "

This value is true if a password for the guest user smbguest is set, otherwise false.

Valid Values: true | false

", - "DescribeSMBSettingsOutput$FileSharesVisible": "

The shares on this gateway appear when listing shares.

", + "CreateSMBFileShareInput$OplocksEnabled": "

Specifies whether opportunistic locking is enabled for the SMB file share.

Enabling opportunistic locking on case-sensitive shares is not recommended for workloads that involve access to files with the same name in different case.

Valid Values: true | false

", + "CreateStorediSCSIVolumeInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "CreateTapeWithBarcodeInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "CreateTapesInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "DescribeSMBSettingsOutput$SMBGuestPasswordSet": "

This value is true if a password for the guest user smbguest is set, otherwise false. Only supported for S3 File Gateways.

Valid Values: true | false

", + "DescribeSMBSettingsOutput$FileSharesVisible": "

The shares on this gateway appear when listing shares. Only supported for S3 File Gateways.

", "DetachVolumeInput$ForceDetach": "

Set to true to forcibly remove the iSCSI connection of the target volume and detach the volume. The default is false. If this value is set to false, you must manually disconnect the iSCSI connection from the target volume.

Valid Values: true | false

", "NFSFileShareInfo$ReadOnly": "

A value that sets the write status of a file share. Set this value to true to set the write status to read-only, otherwise set to false.

Valid Values: true | false

", "NFSFileShareInfo$GuessMIMETypeEnabled": "

A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, otherwise set to false. The default value is true.

Valid Values: true | false

", @@ -297,23 +298,25 @@ "SMBFileShareInfo$ReadOnly": "

A value that sets the write status of a file share. Set this value to true to set the write status to read-only, otherwise set to false.

Valid Values: true | false

", "SMBFileShareInfo$GuessMIMETypeEnabled": "

A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, otherwise set to false. The default value is true.

Valid Values: true | false

", "SMBFileShareInfo$RequesterPays": "

A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.

RequesterPays is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.

Valid Values: true | false

", - "SMBFileShareInfo$SMBACLEnabled": "

If this value is set to true, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to false, it indicates that file and directory permissions are mapped to the POSIX permission.

For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the AWS Storage Gateway User Guide.

", + "SMBFileShareInfo$SMBACLEnabled": "

If this value is set to true, it indicates that access control list (ACL) is enabled on the SMB file share. If it is set to false, it indicates that file and directory permissions are mapped to the POSIX permission.

For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.

", "SMBFileShareInfo$AccessBasedEnumeration": "

Indicates whether AccessBasedEnumeration is enabled.

", - "UpdateNFSFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "SMBFileShareInfo$OplocksEnabled": "

Specifies whether opportunistic locking is enabled for the SMB file share.

Enabling opportunistic locking on case-sensitive shares is not recommended for workloads that involve access to files with the same name in different case.

Valid Values: true | false

", + "UpdateNFSFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", "UpdateNFSFileShareInput$ReadOnly": "

A value that sets the write status of a file share. Set this value to true to set the write status to read-only, otherwise set to false.

Valid Values: true | false

", "UpdateNFSFileShareInput$GuessMIMETypeEnabled": "

A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, otherwise set to false. The default value is true.

Valid Values: true | false

", "UpdateNFSFileShareInput$RequesterPays": "

A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.

RequesterPays is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.

Valid Values: true | false

", - "UpdateSMBFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "UpdateSMBFileShareInput$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", "UpdateSMBFileShareInput$ReadOnly": "

A value that sets the write status of a file share. Set this value to true to set write status to read-only, otherwise set to false.

Valid Values: true | false

", "UpdateSMBFileShareInput$GuessMIMETypeEnabled": "

A value that enables guessing of the MIME type for uploaded objects based on file extensions. Set this value to true to enable MIME type guessing, otherwise set to false. The default value is true.

Valid Values: true | false

", "UpdateSMBFileShareInput$RequesterPays": "

A value that sets who pays the cost of the request and the cost associated with data download from the S3 bucket. If this value is set to true, the requester pays the costs; otherwise, the S3 bucket owner pays. However, the S3 bucket owner always pays the cost of storing data.

RequesterPays is a configuration for the S3 bucket that backs the file share, so make sure that the configuration on the file share is the same as the S3 bucket configuration.

Valid Values: true | false

", - "UpdateSMBFileShareInput$SMBACLEnabled": "

Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.

For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the AWS Storage Gateway User Guide.

Valid Values: true | false

", + "UpdateSMBFileShareInput$SMBACLEnabled": "

Set this value to true to enable access control list (ACL) on the SMB file share. Set it to false to map file and directory permissions to the POSIX permissions.

For more information, see Using Microsoft Windows ACLs to control access to an SMB file share in the Storage Gateway User Guide.

Valid Values: true | false

", "UpdateSMBFileShareInput$AccessBasedEnumeration": "

The files and folders on this share will only be visible to users with read access.

", + "UpdateSMBFileShareInput$OplocksEnabled": "

Specifies whether opportunistic locking is enabled for the SMB file share.

Enabling opportunistic locking on case-sensitive shares is not recommended for workloads that involve access to files with the same name in different case.

Valid Values: true | false

", "UpdateSMBFileShareVisibilityInput$FileSharesVisible": "

The shares on this gateway appear when listing shares.

" } }, "CacheAttributes": { - "base": "

The refresh cache information for the file share.

", + "base": "

The refresh cache information for the file share or FSx file systems.

", "refs": { "AssociateFileSystemInput$CacheAttributes": null, "CreateNFSFileShareInput$CacheAttributes": "

Specifies refresh cache information for the file share.

", @@ -329,7 +332,7 @@ "CacheStaleTimeoutInSeconds": { "base": null, "refs": { - "CacheAttributes$CacheStaleTimeoutInSeconds": "

Refreshes a file share's cache by using Time To Live (TTL). TTL is the length of time since the last refresh after which access to the directory would cause the file gateway to first refresh that directory's contents from the Amazon S3 bucket or Amazon FSx file system. The TTL duration is in seconds.

Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days)

" + "CacheAttributes$CacheStaleTimeoutInSeconds": "

Refreshes a file share's cache by using Time To Live (TTL). TTL is the length of time since the last refresh after which access to the directory would cause the file gateway to first refresh that directory's contents from the Amazon S3 bucket or Amazon FSx file system. The TTL duration is in seconds.

Valid Values:0, 300 to 2,592,000 seconds (5 minutes to 30 days)

" } }, "CachediSCSIVolume": { @@ -396,10 +399,10 @@ "ClientToken": { "base": null, "refs": { - "AssociateFileSystemInput$ClientToken": "

A unique string value that you supply that is used by the file gateway to ensure idempotent file system association creation.

", + "AssociateFileSystemInput$ClientToken": "

A unique string value that you supply that is used by the FSx File Gateway to ensure idempotent file system association creation.

", "CreateCachediSCSIVolumeInput$ClientToken": "

A unique identifier that you use to retry a request. If you retry a request, use the same ClientToken you specified in the initial request.

", - "CreateNFSFileShareInput$ClientToken": "

A unique string value that you supply that is used by file gateway to ensure idempotent file share creation.

", - "CreateSMBFileShareInput$ClientToken": "

A unique string value that you supply that is used by file gateway to ensure idempotent file share creation.

", + "CreateNFSFileShareInput$ClientToken": "

A unique string value that you supply that is used by S3 File Gateway to ensure idempotent file share creation.

", + "CreateSMBFileShareInput$ClientToken": "

A unique string value that you supply that is used by S3 File Gateway to ensure idempotent file share creation.

", "CreateTapesInput$ClientToken": "

A unique identifier that you use to retry a request. If you retry a request, use the same ClientToken you specified in the initial request.

Using the same ClientToken prevents creating the tape multiple times.

" } }, @@ -507,6 +510,15 @@ "StorediSCSIVolume$CreatedDate": "

The date the volume was created. Volumes created prior to March 28, 2017 don’t have this timestamp.

" } }, + "DNSHostName": { + "base": null, + "refs": { + "CreateNFSFileShareInput$VPCEndpointDNSName": "

Specifies the DNS name for the VPC endpoint that the NFS file share uses to connect to Amazon S3.

This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

", + "CreateSMBFileShareInput$VPCEndpointDNSName": "

Specifies the DNS name for the VPC endpoint that the SMB file share uses to connect to Amazon S3.

This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

", + "NFSFileShareInfo$VPCEndpointDNSName": "

Specifies the DNS name for the VPC endpoint that the NFS file share uses to connect to Amazon S3.

This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

", + "SMBFileShareInfo$VPCEndpointDNSName": "

Specifies the DNS name for the VPC endpoint that the SMB file share uses to connect to Amazon S3.

This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

" + } + }, "DayOfMonth": { "base": null, "refs": { @@ -975,8 +987,15 @@ "Ec2InstanceRegion": { "base": null, "refs": { - "DescribeGatewayInformationOutput$Ec2InstanceRegion": "

The AWS Region where the Amazon EC2 instance is located.

", - "GatewayInfo$Ec2InstanceRegion": "

The AWS Region where the Amazon EC2 instance is located.

" + "DescribeGatewayInformationOutput$Ec2InstanceRegion": "

The Region where the Amazon EC2 instance is located.

", + "GatewayInfo$Ec2InstanceRegion": "

The Region where the Amazon EC2 instance is located.

" + } + }, + "EndpointNetworkConfiguration": { + "base": "

Specifies network configuration information for the gateway associated with the Amazon FSx file system.

", + "refs": { + "AssociateFileSystemInput$EndpointNetworkConfiguration": "

Specifies the network configuration information for the gateway associated with the Amazon FSx file system.

If multiple file systems are associated with this gateway, this parameter's IpAddresses field is required.

", + "FileSystemAssociationInfo$EndpointNetworkConfiguration": "

Specifies network configuration information for the gateway associated with the Amazon FSx file system.

If multiple file systems are associated with this gateway, this parameter's IpAddresses field is required.

" } }, "EndpointType": { @@ -1020,11 +1039,11 @@ } }, "FileShareClientList": { - "base": "

The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.

", + "base": "

The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.

", "refs": { - "CreateNFSFileShareInput$ClientList": "

The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.

", + "CreateNFSFileShareInput$ClientList": "

The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.

", "NFSFileShareInfo$ClientList": null, - "UpdateNFSFileShareInput$ClientList": "

The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks.

" + "UpdateNFSFileShareInput$ClientList": "

The list of clients that are allowed to access the S3 File Gateway. The list must contain either valid IP addresses or valid CIDR blocks.

" } }, "FileShareId": { @@ -1036,7 +1055,7 @@ } }, "FileShareInfo": { - "base": "

Describes a file share.

", + "base": "

Describes a file share. Only supported S3 File Gateway.

", "refs": { "FileShareInfoList$member": null } @@ -1044,7 +1063,7 @@ "FileShareInfoList": { "base": null, "refs": { - "ListFileSharesOutput$FileShareInfoList": "

An array of information about the file gateway's file shares.

" + "ListFileSharesOutput$FileShareInfoList": "

An array of information about the S3 File Gateway's file shares.

" } }, "FileShareName": { @@ -1112,8 +1131,8 @@ "FileSystemAssociationStatus": { "base": null, "refs": { - "FileSystemAssociationInfo$FileSystemAssociationStatus": "

The status of the file system association. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | MISCONFIGURED | UPDATING | UNAVAILABLE

", - "FileSystemAssociationSummary$FileSystemAssociationStatus": "

The status of the file share. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | MISCONFIGURED | UPDATING | UNAVAILABLE

" + "FileSystemAssociationInfo$FileSystemAssociationStatus": "

The status of the file system association. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | UPDATING | ERROR

", + "FileSystemAssociationSummary$FileSystemAssociationStatus": "

The status of the file share. Valid Values: AVAILABLE | CREATING | DELETING | FORCE_DELETING | UPDATING | ERROR

" } }, "FileSystemAssociationSummary": { @@ -1131,7 +1150,7 @@ "FileSystemLocationARN": { "base": null, "refs": { - "AssociateFileSystemInput$LocationARN": "

The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the Amazon FSx file gateway.

", + "AssociateFileSystemInput$LocationARN": "

The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the FSx File Gateway.

", "FileSystemAssociationInfo$LocationARN": "

The ARN of the backend Amazon FSx file system used for storing file data. For information, see FileSystem in the Amazon FSx API Reference.

" } }, @@ -1148,7 +1167,7 @@ } }, "GatewayARN": { - "base": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", + "base": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.

", "refs": { "ActivateGatewayOutput$GatewayARN": null, "AddCacheInput$GatewayARN": null, @@ -1163,18 +1182,18 @@ "CancelArchivalInput$GatewayARN": null, "CancelRetrievalInput$GatewayARN": null, "CreateCachediSCSIVolumeInput$GatewayARN": null, - "CreateNFSFileShareInput$GatewayARN": "

The Amazon Resource Name (ARN) of the file gateway on which you want to create a file share.

", - "CreateSMBFileShareInput$GatewayARN": "

The ARN of the file gateway on which you want to create a file share.

", + "CreateNFSFileShareInput$GatewayARN": "

The Amazon Resource Name (ARN) of the S3 File Gateway on which you want to create a file share.

", + "CreateSMBFileShareInput$GatewayARN": "

The ARN of the S3 File Gateway on which you want to create a file share.

", "CreateStorediSCSIVolumeInput$GatewayARN": null, - "CreateTapeWithBarcodeInput$GatewayARN": "

The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tape with. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", - "CreateTapesInput$GatewayARN": "

The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tapes with. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", + "CreateTapeWithBarcodeInput$GatewayARN": "

The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tape with. Use the ListGateways operation to return a list of gateways for your account and Region.

", + "CreateTapesInput$GatewayARN": "

The unique Amazon Resource Name (ARN) that represents the gateway to associate the virtual tapes with. Use the ListGateways operation to return a list of gateways for your account and Region.

", "DeleteAutomaticTapeCreationPolicyInput$GatewayARN": null, "DeleteAutomaticTapeCreationPolicyOutput$GatewayARN": null, "DeleteBandwidthRateLimitInput$GatewayARN": null, "DeleteBandwidthRateLimitOutput$GatewayARN": null, "DeleteGatewayInput$GatewayARN": null, "DeleteGatewayOutput$GatewayARN": null, - "DeleteTapeInput$GatewayARN": "

The unique Amazon Resource Name (ARN) of the gateway that the virtual tape to delete is associated with. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", + "DeleteTapeInput$GatewayARN": "

The unique Amazon Resource Name (ARN) of the gateway that the virtual tape to delete is associated with. Use the ListGateways operation to return a list of gateways for your account and Region.

", "DescribeAvailabilityMonitorTestInput$GatewayARN": null, "DescribeAvailabilityMonitorTestOutput$GatewayARN": null, "DescribeBandwidthRateLimitInput$GatewayARN": null, @@ -1203,8 +1222,8 @@ "FileShareInfo$GatewayARN": null, "FileSystemAssociationInfo$GatewayARN": null, "FileSystemAssociationSummary$GatewayARN": null, - "GatewayInfo$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", - "JoinDomainInput$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", + "GatewayInfo$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.

", + "JoinDomainInput$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.

", "JoinDomainOutput$GatewayARN": "

The unique Amazon Resource Name (ARN) of the gateway that joined the domain.

", "ListAutomaticTapeCreationPoliciesInput$GatewayARN": null, "ListFileSharesInput$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway whose file shares you want to list. If this field is not present, all file shares under your account are listed.

", @@ -1218,12 +1237,12 @@ "NFSFileShareInfo$GatewayARN": null, "ResetCacheInput$GatewayARN": null, "ResetCacheOutput$GatewayARN": null, - "RetrieveTapeArchiveInput$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway you want to retrieve the virtual tape to. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

You retrieve archived virtual tapes to only one gateway and the gateway must be a tape gateway.

", + "RetrieveTapeArchiveInput$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway you want to retrieve the virtual tape to. Use the ListGateways operation to return a list of gateways for your account and Region.

You retrieve archived virtual tapes to only one gateway and the gateway must be a tape gateway.

", "RetrieveTapeRecoveryPointInput$GatewayARN": null, "SMBFileShareInfo$GatewayARN": null, "SetLocalConsolePasswordInput$GatewayARN": null, "SetLocalConsolePasswordOutput$GatewayARN": null, - "SetSMBGuestPasswordInput$GatewayARN": "

The Amazon Resource Name (ARN) of the file gateway the SMB file share is associated with.

", + "SetSMBGuestPasswordInput$GatewayARN": "

The Amazon Resource Name (ARN) of the S3 File Gateway the SMB file share is associated with.

", "SetSMBGuestPasswordOutput$GatewayARN": null, "ShutdownGatewayInput$GatewayARN": null, "ShutdownGatewayOutput$GatewayARN": null, @@ -1232,7 +1251,7 @@ "StartGatewayInput$GatewayARN": null, "StartGatewayOutput$GatewayARN": null, "TapeArchive$RetrievedTo": "

The Amazon Resource Name (ARN) of the tape gateway that the virtual tape is being retrieved to.

The virtual tape is retrieved from the virtual tape shelf (VTS).

", - "TapeInfo$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and AWS Region.

", + "TapeInfo$GatewayARN": "

The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation to return a list of gateways for your account and Region.

", "UpdateAutomaticTapeCreationPolicyInput$GatewayARN": null, "UpdateAutomaticTapeCreationPolicyOutput$GatewayARN": null, "UpdateBandwidthRateLimitInput$GatewayARN": null, @@ -1252,6 +1271,14 @@ "VolumeInfo$GatewayARN": null } }, + "GatewayCapacity": { + "base": null, + "refs": { + "DescribeGatewayInformationOutput$GatewayCapacity": "

Specifies the size of the gateway's metadata cache.

", + "SupportedGatewayCapacities$member": null, + "UpdateGatewayInformationInput$GatewayCapacity": "

Specifies the size of the gateway's metadata cache.

" + } + }, "GatewayId": { "base": null, "refs": { @@ -1304,7 +1331,7 @@ "GatewayType": { "base": null, "refs": { - "ActivateGatewayInput$GatewayType": "

A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is CACHED.

Valid Values: STORED | CACHED | VTL | FILE_S3

", + "ActivateGatewayInput$GatewayType": "

A value that defines the type of gateway to activate. The type specified is critical to all later functions of the gateway and cannot be changed after activation. The default value is CACHED.

Valid Values: STORED | CACHED | VTL | FILE_S3 | FILE_FSX_SMB|

", "DescribeGatewayInformationOutput$GatewayType": "

The type of the gateway.

", "GatewayInfo$GatewayType": "

The type of the gateway.

" } @@ -1344,6 +1371,12 @@ "UpdateSnapshotScheduleInput$StartAt": "

The hour of the day at which the snapshot schedule begins represented as hh, where hh is the hour (0 to 23). The hour of the day is in the time zone of the gateway.

" } }, + "IPV4Address": { + "base": null, + "refs": { + "IpAddressList$member": null + } + }, "IPV4AddressCIDR": { "base": null, "refs": { @@ -1372,6 +1405,12 @@ "refs": { } }, + "IpAddressList": { + "base": null, + "refs": { + "EndpointNetworkConfiguration$IpAddresses": "

A list of gateway IP addresses on which the associated Amazon FSx file system is available.

If multiple file systems are associated with this gateway, this field is required.

" + } + }, "IqnName": { "base": null, "refs": { @@ -1536,8 +1575,8 @@ "LocationARN": { "base": "

The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".

", "refs": { - "CreateNFSFileShareInput$LocationARN": "

The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".

", - "CreateSMBFileShareInput$LocationARN": "

The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".

", + "CreateNFSFileShareInput$LocationARN": "

The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".

You can specify a bucket attached to an access point using a complete ARN that includes the bucket region as shown:

arn:aws:s3:region:account-id:accesspoint/access-point-name

If you specify a bucket attached to an access point, the bucket policy must be configured to delegate access control to the access point. For information, see Delegating access control to access points in the Amazon S3 User Guide.

", + "CreateSMBFileShareInput$LocationARN": "

The ARN of the backend storage used for storing file data. A prefix name can be added to the S3 bucket name. It must end with a \"/\".

You can specify a bucket attached to an access point using a complete ARN that includes the bucket region as shown:

arn:aws:s3:region:account-id:accesspoint/access-point-name

If you specify a bucket attached to an access point, the bucket policy must be configured to delegate access control to the access point. For information, see Delegating access control to access points in the Amazon S3 User Guide.

", "NFSFileShareInfo$LocationARN": null, "SMBFileShareInfo$LocationARN": null } @@ -1593,7 +1632,7 @@ } }, "NFSFileShareDefaults": { - "base": "

Describes Network File System (NFS) file share default values. Files and folders stored as Amazon S3 objects in S3 buckets don't, by default, have Unix file permissions assigned to them. Upon discovery in an S3 bucket by Storage Gateway, the S3 objects that represent files and folders are assigned these default Unix permissions. This operation is only supported for file gateways.

", + "base": "

Describes Network File System (NFS) file share default values. Files and folders stored as Amazon S3 objects in S3 buckets don't, by default, have Unix file permissions assigned to them. Upon discovery in an S3 bucket by Storage Gateway, the S3 objects that represent files and folders are assigned these default Unix permissions. This operation is only supported for S3 File Gateways.

", "refs": { "CreateNFSFileShareInput$NFSFileShareDefaults": "

File share default values. Optional.

", "NFSFileShareInfo$NFSFileShareDefaults": null, @@ -1601,7 +1640,7 @@ } }, "NFSFileShareInfo": { - "base": "

The Unix file permissions and ownership information assigned, by default, to native S3 objects when file gateway discovers them in S3 buckets. This operation is only supported in file gateways.

", + "base": "

The Unix file permissions and ownership information assigned, by default, to native S3 objects when an S3 File Gateway discovers them in S3 buckets. This operation is only supported in S3 File Gateways.

", "refs": { "NFSFileShareInfoList$member": null } @@ -1669,14 +1708,14 @@ } }, "ObjectACL": { - "base": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.

", + "base": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that an S3 File Gateway puts objects into. The default value is private.

", "refs": { - "CreateNFSFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.

", - "CreateSMBFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.

", + "CreateNFSFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.

", + "CreateSMBFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.

", "NFSFileShareInfo$ObjectACL": null, "SMBFileShareInfo$ObjectACL": null, - "UpdateNFSFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.

", - "UpdateSMBFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a file gateway puts objects into. The default value is private.

" + "UpdateNFSFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.

", + "UpdateSMBFileShareInput$ObjectACL": "

A value that sets the access control list (ACL) permission for objects in the S3 bucket that a S3 File Gateway puts objects into. The default value is private.

" } }, "OrganizationalUnit": { @@ -1709,11 +1748,11 @@ "PoolARN": { "base": null, "refs": { - "CreateTapePoolOutput$PoolARN": "

The unique Amazon Resource Name (ARN) that represents the custom tape pool. Use the ListTapePools operation to return a list of tape pools for your account and AWS Region.

", + "CreateTapePoolOutput$PoolARN": "

The unique Amazon Resource Name (ARN) that represents the custom tape pool. Use the ListTapePools operation to return a list of tape pools for your account and Region.

", "DeleteTapePoolInput$PoolARN": "

The Amazon Resource Name (ARN) of the custom tape pool to delete.

", "DeleteTapePoolOutput$PoolARN": "

The Amazon Resource Name (ARN) of the custom tape pool being deleted.

", "PoolARNs$member": null, - "PoolInfo$PoolARN": "

The Amazon Resource Name (ARN) of the custom tape pool. Use the ListTapePools operation to return a list of custom tape pools for your account and AWS Region.

" + "PoolInfo$PoolARN": "

The Amazon Resource Name (ARN) of the custom tape pool. Use the ListTapePools operation to return a list of custom tape pools for your account and Region.

" } }, "PoolARNs": { @@ -1796,7 +1835,11 @@ "RegionId": { "base": null, "refs": { - "ActivateGatewayInput$GatewayRegion": "

A value that indicates the AWS Region where you want to store your data. The gateway AWS Region specified must be the same AWS Region as the AWS Region in your Host header in the request. For more information about available AWS Regions and endpoints for AWS Storage Gateway, see AWS Storage Gateway endpoints and quotas in the AWS General Reference.

Valid Values: See AWS Storage Gateway endpoints and quotas in the AWS General Reference.

" + "ActivateGatewayInput$GatewayRegion": "

A value that indicates the Region where you want to store your data. The gateway Region specified must be the same Region as the Region in your Host header in the request. For more information about available Regions and endpoints for Storage Gateway, see Storage Gateway endpoints and quotas in the Amazon Web Services General Reference.

Valid Values: See Storage Gateway endpoints and quotas in the Amazon Web Services General Reference.

", + "CreateNFSFileShareInput$BucketRegion": "

Specifies the Region of the S3 bucket where the NFS file share stores files.

This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

", + "CreateSMBFileShareInput$BucketRegion": "

Specifies the Region of the S3 bucket where the SMB file share stores files.

This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

", + "NFSFileShareInfo$BucketRegion": "

Specifies the Region of the S3 bucket where the NFS file share stores files.

This parameter is required for NFS file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

", + "SMBFileShareInfo$BucketRegion": "

Specifies the Region of the S3 bucket where the SMB file share stores files.

This parameter is required for SMB file shares that connect to Amazon S3 through a VPC endpoint, a VPC access point, or an access point alias that points to a VPC access point.

" } }, "RemoveTagsFromResourceInput": { @@ -1840,8 +1883,8 @@ "RetentionLockType": { "base": null, "refs": { - "CreateTapePoolInput$RetentionLockType": "

Tape retention lock can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account.

", - "PoolInfo$RetentionLockType": "

Tape retention lock type, which can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account.

" + "CreateTapePoolInput$RetentionLockType": "

Tape retention lock can be configured in two modes. When configured in governance mode, accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root account.

", + "PoolInfo$RetentionLockType": "

Tape retention lock type, which can be configured in two modes. When configured in governance mode, accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root account.

" } }, "RetrieveTapeArchiveInput": { @@ -1865,16 +1908,16 @@ } }, "Role": { - "base": "

The ARN of the IAM role that file gateway assumes when it accesses the underlying storage.

", + "base": "

The ARN of the IAM role that an S3 File Gateway assumes when it accesses the underlying storage.

", "refs": { - "CreateNFSFileShareInput$Role": "

The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.

", - "CreateSMBFileShareInput$Role": "

The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.

", + "CreateNFSFileShareInput$Role": "

The ARN of the Identity and Access Management (IAM) role that an S3 File Gateway assumes when it accesses the underlying storage.

", + "CreateSMBFileShareInput$Role": "

The ARN of the Identity and Access Management (IAM) role that an S3 File Gateway assumes when it accesses the underlying storage.

", "NFSFileShareInfo$Role": null, "SMBFileShareInfo$Role": null } }, "SMBFileShareInfo": { - "base": "

The Windows file permissions and ownership information assigned, by default, to native S3 objects when file gateway discovers them in S3 buckets. This operation is only supported for file gateways.

", + "base": "

The Windows file permissions and ownership information assigned, by default, to native S3 objects when S3 File Gateway discovers them in S3 buckets. This operation is only supported for S3 File Gateways.

", "refs": { "SMBFileShareInfoList$member": null } @@ -1894,8 +1937,8 @@ "SMBSecurityStrategy": { "base": null, "refs": { - "DescribeSMBSettingsOutput$SMBSecurityStrategy": "

The type of security strategy that was specified for file gateway.

", - "UpdateSMBSecurityStrategyInput$SMBSecurityStrategy": "

Specifies the type of security strategy.

ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment.

MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.

MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.

" + "DescribeSMBSettingsOutput$SMBSecurityStrategy": "

The type of security strategy that was specified for file gateway.

", + "UpdateSMBSecurityStrategyInput$SMBSecurityStrategy": "

Specifies the type of security strategy.

ClientSpecified: if you use this option, requests are established based on what is negotiated by the client. This option is recommended when you want to maximize compatibility across different clients in your environment. Supported only in S3 File Gateway.

MandatorySigning: if you use this option, file gateway only allows connections from SMBv2 or SMBv3 clients that have signing enabled. This option works with SMB clients on Microsoft Windows Vista, Windows Server 2008 or newer.

MandatoryEncryption: if you use this option, file gateway only allows connections from SMBv3 clients that have encryption enabled. This option is highly recommended for environments that handle sensitive data. This option works with SMB clients on Microsoft Windows 8, Windows Server 2012 or newer.

" } }, "ServiceUnavailableError": { @@ -1936,8 +1979,8 @@ "SnapshotDescription": { "base": null, "refs": { - "CreateSnapshotFromVolumeRecoveryPointInput$SnapshotDescription": "

Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the AWS Storage Gateway snapshot Details pane, Description field.

", - "CreateSnapshotInput$SnapshotDescription": "

Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the AWS Storage Gateway snapshot Details pane, Description field.

" + "CreateSnapshotFromVolumeRecoveryPointInput$SnapshotDescription": "

Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the Storage Gateway snapshot Details pane, Description field.

", + "CreateSnapshotInput$SnapshotDescription": "

Textual description of the snapshot that appears in the Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and in the Storage Gateway snapshot Details pane, Description field.

" } }, "SnapshotId": { @@ -1988,12 +2031,12 @@ "StorageClass": { "base": "

", "refs": { - "CreateNFSFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", - "CreateSMBFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", - "NFSFileShareInfo$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", - "SMBFileShareInfo$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", - "UpdateNFSFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", - "UpdateSMBFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the file gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

" + "CreateNFSFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", + "CreateSMBFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", + "NFSFileShareInfo$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", + "SMBFileShareInfo$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", + "UpdateNFSFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

", + "UpdateSMBFileShareInput$DefaultStorageClass": "

The default storage class for objects put into an Amazon S3 bucket by the S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional.

Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA

" } }, "StorageGatewayError": { @@ -2016,6 +2059,12 @@ "DescribeStorediSCSIVolumesOutput$StorediSCSIVolumes": "

Describes a single unit of output from DescribeStorediSCSIVolumes. The following fields are returned:

" } }, + "SupportedGatewayCapacities": { + "base": null, + "refs": { + "DescribeGatewayInformationOutput$SupportedGatewayCapacities": "

A list of the metadata cache sizes that the gateway can support based on its current hardware specifications.

" + } + }, "Tag": { "base": "

A key-value pair that helps you manage, filter, and search for your resource. Allowed characters: letters, white space, and numbers, representable in UTF-8, and the following characters: + - = . _ : /.

", "refs": { @@ -2582,13 +2631,13 @@ "CreateStorediSCSIVolumeInput$PreserveExistingData": "

Set to true if you want to preserve the data on the local disk. Otherwise, set to false to create an empty volume.

Valid Values: true | false

", "CreateTapeWithBarcodeInput$Worm": "

Set to TRUE if the tape you are creating is to be configured as a write-once-read-many (WORM) tape.

", "CreateTapesInput$Worm": "

Set to TRUE if the tape you are creating is to be configured as a write-once-read-many (WORM) tape.

", - "DeleteFileShareInput$ForceDelete": "

If this value is set to true, the operation deletes a file share immediately and aborts all data uploads to AWS. Otherwise, the file share is not deleted until all data is uploaded to AWS. This process aborts the data upload process, and the file share enters the FORCE_DELETING status.

Valid Values: true | false

", + "DeleteFileShareInput$ForceDelete": "

If this value is set to true, the operation deletes a file share immediately and aborts all data uploads to Amazon Web Services. Otherwise, the file share is not deleted until all data is uploaded to Amazon Web Services. This process aborts the data upload process, and the file share enters the FORCE_DELETING status.

Valid Values: true | false

", "DeleteTapeArchiveInput$BypassGovernanceRetention": "

Set to TRUE to delete an archived tape that belongs to a custom pool with tape retention lock. Only archived tapes with tape retention lock set to governance can be deleted. Archived tapes with tape retention lock set to compliance can't be deleted.

", "DeleteTapeInput$BypassGovernanceRetention": "

Set to TRUE to delete an archived tape that belongs to a custom pool with tape retention lock. Only archived tapes with tape retention lock set to governance can be deleted. Archived tapes with tape retention lock set to compliance can't be deleted.

", "DeviceiSCSIAttributes$ChapEnabled": "

Indicates whether mutual CHAP is enabled for the iSCSI target.

", "DisassociateFileSystemInput$ForceDelete": "

If this value is set to true, the operation disassociates an Amazon FSx file system immediately. It ends all data uploads to the file system, and the file system association enters the FORCE_DELETING status. If this value is set to false, the Amazon FSx file system does not disassociate until all data is uploaded.

", - "NFSFileShareInfo$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", - "SMBFileShareInfo$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own AWS KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "NFSFileShareInfo$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", + "SMBFileShareInfo$KMSEncrypted": "

Set to true to use Amazon S3 server-side encryption with your own KMS key, or false to use a key managed by Amazon S3. Optional.

Valid Values: true | false

", "StorediSCSIVolume$PreservedExistingData": "

Indicates if when the stored volume was created, existing data on the underlying local disk was preserved.

Valid Values: true | false

", "Tape$Worm": "

If the tape is archived as write-once-read-many (WORM), this value is true.

", "TapeArchive$Worm": "

Set to true if the archived tape is stored as write-once-read-many (WORM).

", @@ -2599,7 +2648,7 @@ "base": null, "refs": { "DescribeCacheOutput$CacheUsedPercentage": "

Percent use of the gateway's cache storage. This metric applies only to the gateway-cached volume setup. The sample is taken at the end of the reporting period.

", - "DescribeCacheOutput$CacheDirtyPercentage": "

The file share's contribution to the overall percentage of the gateway's cache that has not been persisted to AWS. The sample is taken at the end of the reporting period.

", + "DescribeCacheOutput$CacheDirtyPercentage": "

The file share's contribution to the overall percentage of the gateway's cache that has not been persisted to Amazon Web Services. The sample is taken at the end of the reporting period.

", "DescribeCacheOutput$CacheHitPercentage": "

Percent of application read operations from the file shares that are served from cache. The sample is taken at the end of the reporting period.

", "DescribeCacheOutput$CacheMissPercentage": "

Percent of application read operations from the file shares that are not served from cache. The sample is taken at the end of the reporting period.

" } diff --git a/models/apis/sts/2011-06-15/docs-2.json b/models/apis/sts/2011-06-15/docs-2.json index f0f6c11e51d..6b8f014cccf 100644 --- a/models/apis/sts/2011-06-15/docs-2.json +++ b/models/apis/sts/2011-06-15/docs-2.json @@ -1,15 +1,15 @@ { "version": "2.0", - "service": "AWS Security Token Service

AWS Security Token Service (STS) enables you to request temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials.

", + "service": "Security Token Service

Security Token Service (STS) enables you to request temporary, limited-privilege credentials for Identity and Access Management (IAM) users or for users that you authenticate (federated users). This guide provides descriptions of the STS API. For more information about using this service, see Temporary Security Credentials.

", "operations": { - "AssumeRole": "

Returns a set of temporary security credentials that you can use to access AWS resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.

Permissions

The temporary security credentials created by AssumeRole can be used to make API calls to any AWS service with the following exception: You cannot call the AWS STS GetFederationToken or GetSessionToken API operations.

(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

To assume a role from a different account, your AWS account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account.

A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call AssumeRole for the ARN of the role in the other account. If the user is in the same account as the role, then you can do either of the following:

In this case, the trust policy acts as an IAM resource-based policy. Users in the same account as the role do not need explicit permission to assume the role. For more information about trust policies and resource-based policies, see IAM Policies in the IAM User Guide.

Tags

(Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

Using MFA with AssumeRole

(Optional) You can include multi-factor authentication (MFA) information when you call AssumeRole. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an AWS MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example.

\"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}

For more information, see Configuring MFA-Protected API Access in the IAM User Guide guide.

To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode parameters. The SerialNumber value identifies the user's hardware or virtual MFA device. The TokenCode is the time-based one-time password (TOTP) that the MFA device produces.

", - "AssumeRoleWithSAML": "

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based AWS access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.

The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS services.

Session Duration

By default, the temporary security credentials created by AssumeRoleWithSAML last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

Role chaining limits your AWS CLI or AWS API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails.

Permissions

The temporary security credentials created by AssumeRoleWithSAML can be used to make API calls to any AWS service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Calling AssumeRoleWithSAML does not require the use of AWS security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.

Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail logs. The entry includes the value in the NameID element of the SAML assertion. We recommend that you use a NameIDType that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).

Tags

(Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

SAML Configuration

Before your application can call AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by AWS. Additionally, you must use AWS Identity and Access Management (IAM) to create a SAML provider entity in your AWS account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy.

For more information, see the following resources:

", - "AssumeRoleWithWebIdentity": "

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.

For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the AWS SDK for iOS Developer Guide and the AWS SDK for Android Developer Guide to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.

To learn more about Amazon Cognito, see Amazon Cognito Overview in AWS SDK for Android Developer Guide and Amazon Cognito Overview in the AWS SDK for iOS Developer Guide.

Calling AssumeRoleWithWebIdentity does not require the use of AWS security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term AWS credentials in the application. You also don't need to deploy server-based proxy services that use long-term AWS credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.

The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to AWS service API operations.

Session Duration

By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

Permissions

The temporary security credentials created by AssumeRoleWithWebIdentity can be used to make API calls to any AWS service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Tags

(Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

Identities

Before your application can call AssumeRoleWithWebIdentity, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.

Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail logs. The entry includes the Subject of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as suggested in the OIDC specification.

For more information about how to use web identity federation and the AssumeRoleWithWebIdentity API, see the following resources:

", - "DecodeAuthorizationMessage": "

Decodes additional information about the authorization status of a request from an encoded message returned in response to an AWS request.

For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some AWS operations additionally return an encoded message that can provide details about this authorization failure.

Only certain AWS operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.

The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.

The decoded message includes the following type of information:

", - "GetAccessKeyInfo": "

Returns the account identifier for the specified access key ID.

Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For more information about access keys, see Managing Access Keys for IAM Users in the IAM User Guide.

When you pass an access key ID to this operation, it returns the ID of the AWS account to which the keys belong. Access key IDs beginning with AKIA are long-term credentials for an IAM user or the AWS account root user. Access key IDs beginning with ASIA are temporary credentials that are created using STS operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a credentials report to learn which IAM user owns the keys. To learn who requested the temporary credentials for an ASIA access key, view the STS events in your CloudTrail logs in the IAM User Guide.

This operation does not indicate the state of the access key. The key might be active, inactive, or deleted. Active keys might not have permissions to perform an operation. Providing a deleted access key might return an error that the key doesn't exist.

", + "AssumeRole": "

Returns a set of temporary security credentials that you can use to access Amazon Web Services resources that you might not normally have access to. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.

Permissions

The temporary security credentials created by AssumeRole can be used to make API calls to any Amazon Web Services service with the following exception: You cannot call the STS GetFederationToken or GetSessionToken API operations.

(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

To assume a role from a different account, your account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account.

A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call AssumeRole for the ARN of the role in the other account. If the user is in the same account as the role, then you can do either of the following:

In this case, the trust policy acts as an IAM resource-based policy. Users in the same account as the role do not need explicit permission to assume the role. For more information about trust policies and resource-based policies, see IAM Policies in the IAM User Guide.

Tags

(Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

Using MFA with AssumeRole

(Optional) You can include multi-factor authentication (MFA) information when you call AssumeRole. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example.

\"Condition\": {\"Bool\": {\"aws:MultiFactorAuthPresent\": true}}

For more information, see Configuring MFA-Protected API Access in the IAM User Guide guide.

To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode parameters. The SerialNumber value identifies the user's hardware or virtual MFA device. The TokenCode is the time-based one-time password (TOTP) that the MFA device produces.

", + "AssumeRoleWithSAML": "

Returns a set of temporary security credentials for users who have been authenticated via a SAML authentication response. This operation provides a mechanism for tying an enterprise identity store or directory to role-based Amazon Web Services access without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.

The temporary security credentials returned by this operation consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services services.

Session Duration

By default, the temporary security credentials created by AssumeRoleWithSAML last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. Your role session lasts for the duration that you specify, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

Role chaining limits your CLI or Amazon Web Services API role session to a maximum of one hour. When you use the AssumeRole API operation to assume a role, you can specify the duration of your role session with the DurationSeconds parameter. You can specify a parameter value of up to 43200 seconds (12 hours), depending on the maximum session duration setting for your role. However, if you assume a role using role chaining and provide a DurationSeconds parameter value greater than one hour, the operation fails.

Permissions

The temporary security credentials created by AssumeRoleWithSAML can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Calling AssumeRoleWithSAML does not require the use of Amazon Web Services security credentials. The identity of the caller is validated by using keys in the metadata document that is uploaded for the SAML provider entity for your identity provider.

Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. The entry includes the value in the NameID element of the SAML assertion. We recommend that you use a NameIDType that is not associated with any personally identifiable information (PII). For example, you could instead use the persistent identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent).

Tags

(Optional) You can configure your IdP to pass attributes into your SAML assertion as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is attached to the role. When you do, session tags override the role's tags with the same key.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

SAML Configuration

Before your application can call AssumeRoleWithSAML, you must configure your SAML identity provider (IdP) to issue the claims required by Amazon Web Services. Additionally, you must use Identity and Access Management (IAM) to create a SAML provider entity in your Amazon Web Services account that represents your identity provider. You must also create an IAM role that specifies this SAML provider in its trust policy.

For more information, see the following resources:

", + "AssumeRoleWithWebIdentity": "

Returns a set of temporary security credentials for users who have been authenticated in a mobile or web application with a web identity provider. Example providers include Amazon Cognito, Login with Amazon, Facebook, Google, or any OpenID Connect-compatible identity provider.

For mobile applications, we recommend that you use Amazon Cognito. You can use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide and the Amazon Web Services SDK for Android Developer Guide to uniquely identify a user. You can also supply the user with a consistent identity throughout the lifetime of an application.

To learn more about Amazon Cognito, see Amazon Cognito Overview in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito Overview in the Amazon Web Services SDK for iOS Developer Guide.

Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web Services security credentials. Therefore, you can distribute an application (for example, on mobile devices) that requests temporary security credentials without including long-term Amazon Web Services credentials in the application. You also don't need to deploy server-based proxy services that use long-term Amazon Web Services credentials. Instead, the identity of the caller is validated by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.

The temporary security credentials returned by this API consist of an access key ID, a secret access key, and a security token. Applications can use these temporary security credentials to sign calls to Amazon Web Services service API operations.

Session Duration

By default, the temporary security credentials created by AssumeRoleWithWebIdentity last for one hour. However, you can use the optional DurationSeconds parameter to specify the duration of your session. You can provide a value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide. The maximum session duration limit applies when you use the AssumeRole* API operations or the assume-role* CLI commands. However the limit does not apply when you use those operations to create a console URL. For more information, see Using IAM Roles in the IAM User Guide.

Permissions

The temporary security credentials created by AssumeRoleWithWebIdentity can be used to make API calls to any Amazon Web Services service with the following exception: you cannot call the STS GetFederationToken or GetSessionToken API operations.

(Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

Tags

(Optional) You can configure your IdP to pass attributes into your web identity token as session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is attached to the role. When you do, the session tag overrides the role tag with the same key.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide.

Identities

Before your application can call AssumeRoleWithWebIdentity, you must have an identity token from a supported identity provider and create a role that the application can assume. The role that your application assumes must trust the identity provider that is associated with the identity token. In other words, the identity provider must be specified in the role's trust policy.

Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail logs. The entry includes the Subject of the provided web identity token. We recommend that you avoid using any personally identifiable information (PII) in this field. For example, you could instead use a GUID or a pairwise identifier, as suggested in the OIDC specification.

For more information about how to use web identity federation and the AssumeRoleWithWebIdentity API, see the following resources:

", + "DecodeAuthorizationMessage": "

Decodes additional information about the authorization status of a request from an encoded message returned in response to an Amazon Web Services request.

For example, if a user is not authorized to perform an operation that he or she has requested, the request returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some Amazon Web Services operations additionally return an encoded message that can provide details about this authorization failure.

Only certain Amazon Web Services operations return an encoded authorization message. The documentation for an individual operation indicates whether that operation returns an encoded message in addition to returning an HTTP code.

The message is encoded because the details of the authorization status can constitute privileged information that the user who requested the operation should not see. To decode an authorization status message, a user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage (sts:DecodeAuthorizationMessage) action.

The decoded message includes the following type of information:

", + "GetAccessKeyInfo": "

Returns the account identifier for the specified access key ID.

Access keys consist of two parts: an access key ID (for example, AKIAIOSFODNN7EXAMPLE) and a secret access key (for example, wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY). For more information about access keys, see Managing Access Keys for IAM Users in the IAM User Guide.

When you pass an access key ID to this operation, it returns the ID of the Amazon Web Services account to which the keys belong. Access key IDs beginning with AKIA are long-term credentials for an IAM user or the Amazon Web Services account root user. Access key IDs beginning with ASIA are temporary credentials that are created using STS operations. If the account in the response belongs to you, you can sign in as the root user and review your root user access keys. Then, you can pull a credentials report to learn which IAM user owns the keys. To learn who requested the temporary credentials for an ASIA access key, view the STS events in your CloudTrail logs in the IAM User Guide.

This operation does not indicate the state of the access key. The key might be active, inactive, or deleted. Active keys might not have permissions to perform an operation. Providing a deleted access key might return an error that the key doesn't exist.

", "GetCallerIdentity": "

Returns details about the IAM user or role whose credentials are used to call the operation.

No permissions are required to perform this operation. If an administrator adds a policy to your IAM user or role that explicitly denies access to the sts:GetCallerIdentity action, you can still perform this operation. Permissions are not required because the same information is returned when an IAM user or role is denied access. To view an example response, see I Am Not Authorized to Perform: iam:DeleteVirtualMFADevice in the IAM User Guide.

", - "GetFederationToken": "

Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.

You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.

You can also call GetFederationToken using the security credentials of an AWS account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.

Session duration

The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account root user credentials have a maximum duration of 3,600 seconds (1 hour).

Permissions

You can use the temporary credentials created by GetFederationToken in any AWS service except the following:

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.

Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.

Tags

(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.

You can also call GetFederationToken using the security credentials of an AWS account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.

Session duration

The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using AWS account root user credentials have a maximum duration of 3,600 seconds (1 hour).

Permissions

You can use the temporary credentials created by GetFederationToken in any AWS service except the following:

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plain text that you use for both inline and managed session policies can't exceed 2,048 characters.

Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.

Tags

(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the user that you are federating has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.

", - "GetSessionToken": "

Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the AWS STS API operations in the IAM User Guide.

Session Duration

The GetSessionToken operation must be called by using the long-term AWS security credentials of the AWS account root user or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.

Permissions

The temporary security credentials created by GetSessionToken can be used to make API calls to any AWS service with the following exceptions:

We recommend that you do not call GetSessionToken with AWS account root user credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with AWS.

The credentials that are returned by GetSessionToken are based on permissions associated with the user whose credentials were used to call the operation. If GetSessionToken is called using AWS account root user credentials, the temporary credentials have root user permissions. Similarly, if GetSessionToken is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.

" + "GetFederationToken": "

Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.

You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.

You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.

Session duration

The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).

Permissions

You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service except the following:

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters.

Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.

Tags

(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide.

You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide.

Session duration

The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials that are obtained by using Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour).

Permissions

You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service except the following:

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plain text that you use for both inline and managed session policies can't exceed 2,048 characters.

Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker.

You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies.

Tags

(Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide.

Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the user that you are federating has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.

", + "GetSessionToken": "

Returns a set of temporary credentials for an Amazon Web Services account or IAM user. The credentials consist of an access key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want to use MFA to protect programmatic calls to specific Amazon Web Services API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is associated with their MFA device. Using the temporary security credentials that are returned from the call, IAM users can then make programmatic calls to API operations that require MFA authentication. If you do not supply a correct MFA code, then the API returns an access denied error. For a comparison of GetSessionToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the STS API operations in the IAM User Guide.

Session Duration

The GetSessionToken operation must be called by using the long-term Amazon Web Services security credentials of the Amazon Web Services account root user or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify. This duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials based on account credentials can range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a default of 1 hour.

Permissions

The temporary security credentials created by GetSessionToken can be used to make API calls to any Amazon Web Services service with the following exceptions:

We recommend that you do not call GetSessionToken with Amazon Web Services account root user credentials. Instead, follow our best practices by creating one or more IAM users, giving them the necessary permissions, and using IAM users for everyday interaction with Amazon Web Services.

The credentials that are returned by GetSessionToken are based on permissions associated with the user whose credentials were used to call the operation. If GetSessionToken is called using Amazon Web Services account root user credentials, the temporary credentials have root user permissions. Similarly, if GetSessionToken is called using the credentials of an IAM user, the temporary credentials have the same permissions as the IAM user.

For more information about using GetSessionToken to create temporary credentials, go to Temporary Credentials for Users in Untrusted Environments in the IAM User Guide.

" }, "shapes": { "AssumeRoleRequest": { @@ -18,7 +18,7 @@ } }, "AssumeRoleResponse": { - "base": "

Contains the response to a successful AssumeRole request, including temporary AWS credentials that can be used to make AWS requests.

", + "base": "

Contains the response to a successful AssumeRole request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

", "refs": { } }, @@ -28,7 +28,7 @@ } }, "AssumeRoleWithSAMLResponse": { - "base": "

Contains the response to a successful AssumeRoleWithSAML request, including temporary AWS credentials that can be used to make AWS requests.

", + "base": "

Contains the response to a successful AssumeRoleWithSAML request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

", "refs": { } }, @@ -38,7 +38,7 @@ } }, "AssumeRoleWithWebIdentityResponse": { - "base": "

Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary AWS credentials that can be used to make AWS requests.

", + "base": "

Contains the response to a successful AssumeRoleWithWebIdentity request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

", "refs": { } }, @@ -58,7 +58,7 @@ } }, "Credentials": { - "base": "

AWS credentials for API authentication.

", + "base": "

Amazon Web Services credentials for API authentication.

", "refs": { "AssumeRoleResponse$Credentials": "

The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.

The size of the security token that STS API operations return is not fixed. We strongly recommend that you make no assumptions about the maximum size.

", "AssumeRoleWithSAMLResponse$Credentials": "

The temporary security credentials, which include an access key ID, a secret access key, and a security (or session) token.

The size of the security token that STS API operations return is not fixed. We strongly recommend that you make no assumptions about the maximum size.

", @@ -73,7 +73,7 @@ } }, "DecodeAuthorizationMessageResponse": { - "base": "

A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an AWS request.

", + "base": "

A document that contains additional information about the authorization status of a request from an encoded message that is returned in response to an Amazon Web Services request.

", "refs": { } }, @@ -114,7 +114,7 @@ } }, "GetFederationTokenResponse": { - "base": "

Contains the response to a successful GetFederationToken request, including temporary AWS credentials that can be used to make AWS requests.

", + "base": "

Contains the response to a successful GetFederationToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

", "refs": { } }, @@ -124,7 +124,7 @@ } }, "GetSessionTokenResponse": { - "base": "

Contains the response to a successful GetSessionToken request, including temporary AWS credentials that can be used to make AWS requests.

", + "base": "

Contains the response to a successful GetSessionToken request, including temporary Amazon Web Services credentials that can be used to make Amazon Web Services requests.

", "refs": { } }, @@ -144,7 +144,7 @@ } }, "InvalidIdentityTokenException": { - "base": "

The web identity token that was passed could not be validated by AWS. Get a new identity token from the identity provider and then retry the request.

", + "base": "

The web identity token that was passed could not be validated by Amazon Web Services. Get a new identity token from the identity provider and then retry the request.

", "refs": { } }, @@ -163,11 +163,11 @@ "NameQualifier": { "base": null, "refs": { - "AssumeRoleWithSAMLResponse$NameQualifier": "

A hash value based on the concatenation of the following:

The combination of NameQualifier and Subject can be used to uniquely identify a federated user.

The following pseudocode shows how the hash value is calculated:

BASE64 ( SHA1 ( \"https://example.com/saml\" + \"123456789012\" + \"/MySAMLIdP\" ) )

" + "AssumeRoleWithSAMLResponse$NameQualifier": "

A hash value based on the concatenation of the following:

The combination of NameQualifier and Subject can be used to uniquely identify a federated user.

The following pseudocode shows how the hash value is calculated:

BASE64 ( SHA1 ( \"https://example.com/saml\" + \"123456789012\" + \"/MySAMLIdP\" ) )

" } }, "PackedPolicyTooLargeException": { - "base": "

The request was rejected because the total packed size of the session policies and session tags combined was too large. An AWS conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in STS in the IAM User Guide.

You could receive this error even though you meet other defined session policy and session tag limits. For more information, see IAM and STS Entity Character Limits in the IAM User Guide.

", + "base": "

The request was rejected because the total packed size of the session policies and session tags combined was too large. An Amazon Web Services conversion compresses the session policy document, session policy ARNs, and session tags into a packed binary format that has a separate limit. The error message indicates by percentage how close the policies and tags are to the upper size limit. For more information, see Passing Session Tags in STS in the IAM User Guide.

You could receive this error even though you meet other defined session policy and session tag limits. For more information, see IAM and STS Entity Character Limits in the IAM User Guide.

", "refs": { } }, @@ -178,7 +178,7 @@ } }, "RegionDisabledException": { - "base": "

STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating AWS STS in an AWS Region in the IAM User Guide.

", + "base": "

STS is not activated in the requested region for the account that is being asked to generate credentials. The account administrator must use the IAM console to activate STS in that region. For more information, see Activating and Deactivating Amazon Web Services STS in an Amazon Web Services Region in the IAM User Guide.

", "refs": { } }, @@ -201,7 +201,7 @@ } }, "Tag": { - "base": "

You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging AWS STS Sessions in the IAM User Guide.

", + "base": "

You can pass custom key-value pair attributes when you assume a role or federate a user. These are called session tags. You can then use the session tags to control access to resources. For more information, see Tagging STS Sessions in the IAM User Guide.

", "refs": { "tagListType$member": null } @@ -222,8 +222,8 @@ "accountType": { "base": null, "refs": { - "GetAccessKeyInfoResponse$Account": "

The number used to identify the AWS account.

", - "GetCallerIdentityResponse$Account": "

The AWS account ID number of the account that owns or contains the calling entity.

" + "GetAccessKeyInfoResponse$Account": "

The number used to identify the Amazon Web Services account.

", + "GetCallerIdentityResponse$Account": "

The Amazon Web Services account ID number of the account that owns or contains the calling entity.

" } }, "arnType": { @@ -235,14 +235,14 @@ "AssumeRoleWithWebIdentityRequest$RoleArn": "

The Amazon Resource Name (ARN) of the role that the caller is assuming.

", "AssumedRoleUser$Arn": "

The ARN of the temporary security credentials that are returned from the AssumeRole action. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

", "FederatedUser$Arn": "

The ARN that specifies the federated user that is associated with the credentials. For more information about ARNs and how to use them in policies, see IAM Identifiers in the IAM User Guide.

", - "GetCallerIdentityResponse$Arn": "

The AWS ARN associated with the calling entity.

", - "PolicyDescriptorType$arn": "

The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

" + "GetCallerIdentityResponse$Arn": "

The Amazon Web Services ARN associated with the calling entity.

", + "PolicyDescriptorType$arn": "

The Amazon Resource Name (ARN) of the IAM managed policy to use as a session policy for the role. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

" } }, "assumedRoleIdType": { "base": null, "refs": { - "AssumedRoleUser$AssumedRoleId": "

A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by AWS when the role is created.

" + "AssumedRoleUser$AssumedRoleId": "

A unique identifier that contains the role ID and the role session name of the role that is being assumed. The role ID is generated by Amazon Web Services when the role is created.

" } }, "clientTokenType": { @@ -266,8 +266,8 @@ "durationSecondsType": { "base": null, "refs": { - "GetFederationTokenRequest$DurationSeconds": "

The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained using AWS account root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.

", - "GetSessionTokenRequest$DurationSeconds": "

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for AWS account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for AWS account owners defaults to one hour.

" + "GetFederationTokenRequest$DurationSeconds": "

The duration, in seconds, that the session should last. Acceptable durations for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained using Amazon Web Services account root user credentials are restricted to a maximum of 3,600 seconds (one hour). If the specified duration is longer than one hour, the session obtained by using root user credentials defaults to one hour.

", + "GetSessionTokenRequest$DurationSeconds": "

The duration, in seconds, that the credentials should remain valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions for Amazon Web Services account owners are restricted to a maximum of 3,600 seconds (one hour). If the duration is longer than one hour, the session for Amazon Web Services account owners defaults to one hour.

" } }, "encodedMessageType": { @@ -285,7 +285,7 @@ "externalIdType": { "base": null, "refs": { - "AssumeRoleRequest$ExternalId": "

A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

" + "AssumeRoleRequest$ExternalId": "

A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your Amazon Web Services Resources to a Third Party in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

" } }, "federatedIdType": { @@ -342,10 +342,10 @@ "policyDescriptorListType": { "base": null, "refs": { - "AssumeRoleRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

", - "AssumeRoleWithSAMLRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

", - "AssumeRoleWithWebIdentityRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

", - "GetFederationTokenRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. The policies must exist in the same account as the IAM user that is requesting federated access.

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service Namespaces in the AWS General Reference.

This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.

When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.

The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

" + "AssumeRoleRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

", + "AssumeRoleWithSAMLRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

", + "AssumeRoleWithWebIdentityRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role.

This parameter is optional. You can provide up to 10 managed policy ARNs. However, the plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

", + "GetFederationTokenRequest$PolicyArns": "

The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as a managed session policy. The policies must exist in the same account as the IAM user that is requesting federated access.

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. You can provide up to 10 managed policy ARNs. For more information about ARNs, see Amazon Resource Names (ARNs) and Amazon Web Services Service Namespaces in the Amazon Web Services General Reference.

This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.

When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.

The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

" } }, "regionDisabledMessage": { @@ -357,15 +357,15 @@ "roleDurationSecondsType": { "base": null, "refs": { - "AssumeRoleRequest$DurationSeconds": "

The duration, in seconds, of the role session. The value specified can can range from 900 seconds (15 minutes) up to the maximum session duration that is set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

", - "AssumeRoleWithSAMLRequest$DurationSeconds": "

The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the DurationSeconds parameter, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

", - "AssumeRoleWithWebIdentityRequest$DurationSeconds": "

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the AWS Management Console in the IAM User Guide.

" + "AssumeRoleRequest$DurationSeconds": "

The duration, in seconds, of the role session. The value specified can can range from 900 seconds (15 minutes) up to the maximum session duration that is set for the role. The maximum session duration setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting or the administrator setting (whichever is lower), the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the Management Console in the IAM User Guide.

", + "AssumeRoleWithSAMLRequest$DurationSeconds": "

The duration, in seconds, of the role session. Your role session lasts for the duration that you specify for the DurationSeconds parameter, or until the time specified in the SAML authentication response's SessionNotOnOrAfter value, whichever is shorter. You can provide a DurationSeconds value from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the Management Console in the IAM User Guide.

", + "AssumeRoleWithWebIdentityRequest$DurationSeconds": "

The duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role. This setting can have a value from 1 hour to 12 hours. If you specify a value higher than this setting, the operation fails. For example, if you specify a session duration of 12 hours, but your administrator set the maximum session duration to 6 hours, your operation fails. To learn how to view the maximum value for your role, see View the Maximum Session Duration Setting for a Role in the IAM User Guide.

By default, the value is set to 3600 seconds.

The DurationSeconds parameter is separate from the duration of a console session that you might request using the returned credentials. The request to the federation endpoint for a console sign-in token takes a SessionDuration parameter that specifies the maximum length of the console session. For more information, see Creating a URL that Enables Federated Users to Access the Management Console in the IAM User Guide.

" } }, "roleSessionNameType": { "base": null, "refs": { - "AssumeRoleRequest$RoleSessionName": "

An identifier for the assumed role session.

Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also used in the ARN of the assumed role principal. This means that subsequent cross-account API requests that use the temporary security credentials will expose the role session name to the external account in their AWS CloudTrail logs.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

", + "AssumeRoleRequest$RoleSessionName": "

An identifier for the assumed role session.

Use the role session name to uniquely identify a session when the same role is assumed by different principals or for different reasons. In cross-account scenarios, the role session name is visible to, and can be logged by the account that owns the role. The role session name is also used in the ARN of the assumed role principal. This means that subsequent cross-account API requests that use the temporary security credentials will expose the role session name to the external account in their CloudTrail logs.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

", "AssumeRoleWithWebIdentityRequest$RoleSessionName": "

An identifier for the assumed role session. Typically, you pass the name or identifier that is associated with the user who is using your application. That way, the temporary security credentials that your application will use are associated with that user. This session name is included as part of the ARN and assumed role ID in the AssumedRoleUser response element.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

" } }, @@ -373,23 +373,23 @@ "base": null, "refs": { "AssumeRoleRequest$SerialNumber": "

The identification number of the MFA device that is associated with the user who is making the AssumeRole call. Specify this value if the trust policy of the role being assumed includes a condition that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user).

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

", - "GetSessionTokenRequest$SerialNumber": "

The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the AWS Management Console and viewing the user's security credentials.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

" + "GetSessionTokenRequest$SerialNumber": "

The identification number of the MFA device that is associated with the IAM user who is making the GetSessionToken call. Specify this value if the IAM user has a policy that requires MFA authentication. The value is either the serial number for a hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). You can find the device for an IAM user by going to the Management Console and viewing the user's security credentials.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@:/-

" } }, "sessionPolicyDocumentType": { "base": null, "refs": { - "AssumeRoleRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

", - "AssumeRoleWithSAMLRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

", - "AssumeRoleWithWebIdentityRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent AWS API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

", - "GetFederationTokenRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies.

This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.

When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.

The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

" + "AssumeRoleRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

", + "AssumeRoleWithSAMLRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

", + "AssumeRoleWithWebIdentityRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

This parameter is optional. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

", + "GetFederationTokenRequest$Policy": "

An IAM policy in JSON format that you want to use as an inline session policy.

You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policies to use as managed session policies.

This parameter is optional. However, if you do not pass any session policies, then the resulting federated user session has no permissions.

When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide.

The resulting credentials can be used to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions that are granted by the session policies.

The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. The JSON policy characters can be any ASCII character from the space character to the end of the valid character list (\\u0020 through \\u00FF). It can also include the tab (\\u0009), linefeed (\\u000A), and carriage return (\\u000D) characters.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

" } }, "sourceIdentityType": { "base": null, "refs": { - "AssumeRoleRequest$SourceIdentity": "

The source identity specified by the principal that is calling the AssumeRole operation.

You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in AWS CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to AWS resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-. You cannot use a value that begins with the text aws:. This prefix is reserved for AWS internal use.

", - "AssumeRoleResponse$SourceIdentity": "

The source identity specified by the principal that is calling the AssumeRole operation.

You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in AWS CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to AWS resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

", + "AssumeRoleRequest$SourceIdentity": "

The source identity specified by the principal that is calling the AssumeRole operation.

You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to Amazon Web Services resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-. You cannot use a value that begins with the text aws:. This prefix is reserved for Amazon Web Services internal use.

", + "AssumeRoleResponse$SourceIdentity": "

The source identity specified by the principal that is calling the AssumeRole operation.

You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to Amazon Web Services resources based on the value of source identity. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

", "AssumeRoleWithSAMLResponse$SourceIdentity": "

The value in the SourceIdentity attribute in the SAML assertion.

You can require users to set a source identity value when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. That way, actions that are taken with the role are associated with that user. After the source identity is set, the value cannot be changed. It is present in the request for all actions that are taken by the role and persists across chained role sessions. You can configure your SAML identity provider to use an attribute associated with your users, like user name or email, as the source identity when calling AssumeRoleWithSAML. You do this by adding an attribute to the SAML assertion. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

", "AssumeRoleWithWebIdentityResponse$SourceIdentity": "

The value of the source identity that is returned in the JSON web token (JWT) from the identity provider.

You can require users to set a source identity value when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. That way, actions that are taken with the role are associated with that user. After the source identity is set, the value cannot be changed. It is present in the request for all actions that are taken by the role and persists across chained role sessions. You can configure your identity provider to use an attribute associated with your users, like user name or email, as the source identity when calling AssumeRoleWithWebIdentity. You do this by adding a claim to the JSON web token. To learn more about OIDC tokens and claims, see Using Tokens with User Pools in the Amazon Cognito Developer Guide. For more information about using source identity, see Monitor and control actions taken with assumed roles in the IAM User Guide.

The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-

" } @@ -410,8 +410,8 @@ "tagListType": { "base": null, "refs": { - "AssumeRoleRequest$Tags": "

A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see Tagging AWS STS Sessions in the IAM User Guide.

This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session tags override a role tag with the same key.

Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.

Additionally, if you used temporary credentials to perform this operation, the new session inherits any transitive session tags from the calling session. If you pass a session tag with the same key as an inherited tag, the operation fails. To view the inherited tags for a session, see the AWS CloudTrail logs. For more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.

", - "GetFederationTokenRequest$Tags": "

A list of session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An AWS conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is already attached to the user you are federating. When you do, session tags override a user tag with the same key.

Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.

" + "AssumeRoleRequest$Tags": "

A list of session tags that you want to pass. Each session tag consists of a key name and an associated value. For more information about session tags, see Tagging STS Sessions in the IAM User Guide.

This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters, and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is already attached to the role. When you do, session tags override a role tag with the same key.

Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.

Additionally, if you used temporary credentials to perform this operation, the new session inherits any transitive session tags from the calling session. If you pass a session tag with the same key as an inherited tag, the operation fails. To view the inherited tags for a session, see the CloudTrail logs. For more information, see Viewing Session Tags in CloudTrail in the IAM User Guide.

", + "GetFederationTokenRequest$Tags": "

A list of session tags. Each session tag consists of a key name and an associated value. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide.

This parameter is optional. You can pass up to 50 session tags. The plaintext session tag keys can’t exceed 128 characters and the values can’t exceed 256 characters. For these and additional limits, see IAM and STS Character Limits in the IAM User Guide.

An Amazon Web Services conversion compresses the passed session policies and session tags into a packed binary format that has a separate limit. Your request can fail for this limit even if your plaintext meets the other requirements. The PackedPolicySize response element indicates by percentage how close the policies and tags for your request are to the upper size limit.

You can pass a session tag with the same key as a tag that is already attached to the user you are federating. When you do, session tags override a user tag with the same key.

Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the role has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the role tag.

" } }, "tagValueType": { diff --git a/service/chime/api.go b/service/chime/api.go index 2f0f86e7535..fa19b2406a9 100644 --- a/service/chime/api.go +++ b/service/chime/api.go @@ -2314,6 +2314,103 @@ func (c *Chime) CreateChannelModeratorWithContext(ctx aws.Context, input *Create return out, req.Send() } +const opCreateMediaCapturePipeline = "CreateMediaCapturePipeline" + +// CreateMediaCapturePipelineRequest generates a "aws/request.Request" representing the +// client's request for the CreateMediaCapturePipeline operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateMediaCapturePipeline for more information on using the CreateMediaCapturePipeline +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateMediaCapturePipelineRequest method. +// req, resp := client.CreateMediaCapturePipelineRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/CreateMediaCapturePipeline +func (c *Chime) CreateMediaCapturePipelineRequest(input *CreateMediaCapturePipelineInput) (req *request.Request, output *CreateMediaCapturePipelineOutput) { + op := &request.Operation{ + Name: opCreateMediaCapturePipeline, + HTTPMethod: "POST", + HTTPPath: "/media-capture-pipelines", + } + + if input == nil { + input = &CreateMediaCapturePipelineInput{} + } + + output = &CreateMediaCapturePipelineOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateMediaCapturePipeline API operation for Amazon Chime. +// +// Creates a media capture pipeline. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Chime's +// API operation CreateMediaCapturePipeline for usage and error information. +// +// Returned Error Types: +// * ResourceLimitExceededException +// The request exceeds the resource limit. +// +// * ForbiddenException +// The client is permanently forbidden from making the request. +// +// * BadRequestException +// The input parameters don't match the service's restrictions. +// +// * UnauthorizedClientException +// The client is not currently authorized to make the request. +// +// * ThrottledClientException +// The client exceeded its request rate limit. +// +// * ServiceUnavailableException +// The service is currently unavailable. +// +// * ServiceFailureException +// The service encountered an unexpected error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/CreateMediaCapturePipeline +func (c *Chime) CreateMediaCapturePipeline(input *CreateMediaCapturePipelineInput) (*CreateMediaCapturePipelineOutput, error) { + req, out := c.CreateMediaCapturePipelineRequest(input) + return out, req.Send() +} + +// CreateMediaCapturePipelineWithContext is the same as CreateMediaCapturePipeline with the addition of +// the ability to pass a context and additional request options. +// +// See CreateMediaCapturePipeline for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chime) CreateMediaCapturePipelineWithContext(ctx aws.Context, input *CreateMediaCapturePipelineInput, opts ...request.Option) (*CreateMediaCapturePipelineOutput, error) { + req, out := c.CreateMediaCapturePipelineRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateMeeting = "CreateMeeting" // CreateMeetingRequest generates a "aws/request.Request" representing the @@ -4861,6 +4958,104 @@ func (c *Chime) DeleteEventsConfigurationWithContext(ctx aws.Context, input *Del return out, req.Send() } +const opDeleteMediaCapturePipeline = "DeleteMediaCapturePipeline" + +// DeleteMediaCapturePipelineRequest generates a "aws/request.Request" representing the +// client's request for the DeleteMediaCapturePipeline operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteMediaCapturePipeline for more information on using the DeleteMediaCapturePipeline +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteMediaCapturePipelineRequest method. +// req, resp := client.DeleteMediaCapturePipelineRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/DeleteMediaCapturePipeline +func (c *Chime) DeleteMediaCapturePipelineRequest(input *DeleteMediaCapturePipelineInput) (req *request.Request, output *DeleteMediaCapturePipelineOutput) { + op := &request.Operation{ + Name: opDeleteMediaCapturePipeline, + HTTPMethod: "DELETE", + HTTPPath: "/media-capture-pipelines/{mediaPipelineId}", + } + + if input == nil { + input = &DeleteMediaCapturePipelineInput{} + } + + output = &DeleteMediaCapturePipelineOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// DeleteMediaCapturePipeline API operation for Amazon Chime. +// +// Deletes the media capture pipeline. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Chime's +// API operation DeleteMediaCapturePipeline for usage and error information. +// +// Returned Error Types: +// * ForbiddenException +// The client is permanently forbidden from making the request. +// +// * NotFoundException +// One or more of the resources in the request does not exist in the system. +// +// * BadRequestException +// The input parameters don't match the service's restrictions. +// +// * ThrottledClientException +// The client exceeded its request rate limit. +// +// * UnauthorizedClientException +// The client is not currently authorized to make the request. +// +// * ServiceUnavailableException +// The service is currently unavailable. +// +// * ServiceFailureException +// The service encountered an unexpected error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/DeleteMediaCapturePipeline +func (c *Chime) DeleteMediaCapturePipeline(input *DeleteMediaCapturePipelineInput) (*DeleteMediaCapturePipelineOutput, error) { + req, out := c.DeleteMediaCapturePipelineRequest(input) + return out, req.Send() +} + +// DeleteMediaCapturePipelineWithContext is the same as DeleteMediaCapturePipeline with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteMediaCapturePipeline for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chime) DeleteMediaCapturePipelineWithContext(ctx aws.Context, input *DeleteMediaCapturePipelineInput, opts ...request.Option) (*DeleteMediaCapturePipelineOutput, error) { + req, out := c.DeleteMediaCapturePipelineRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteMeeting = "DeleteMeeting" // DeleteMeetingRequest generates a "aws/request.Request" representing the @@ -8543,6 +8738,103 @@ func (c *Chime) GetGlobalSettingsWithContext(ctx aws.Context, input *GetGlobalSe return out, req.Send() } +const opGetMediaCapturePipeline = "GetMediaCapturePipeline" + +// GetMediaCapturePipelineRequest generates a "aws/request.Request" representing the +// client's request for the GetMediaCapturePipeline operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetMediaCapturePipeline for more information on using the GetMediaCapturePipeline +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetMediaCapturePipelineRequest method. +// req, resp := client.GetMediaCapturePipelineRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/GetMediaCapturePipeline +func (c *Chime) GetMediaCapturePipelineRequest(input *GetMediaCapturePipelineInput) (req *request.Request, output *GetMediaCapturePipelineOutput) { + op := &request.Operation{ + Name: opGetMediaCapturePipeline, + HTTPMethod: "GET", + HTTPPath: "/media-capture-pipelines/{mediaPipelineId}", + } + + if input == nil { + input = &GetMediaCapturePipelineInput{} + } + + output = &GetMediaCapturePipelineOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetMediaCapturePipeline API operation for Amazon Chime. +// +// Gets an existing media capture pipeline. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Chime's +// API operation GetMediaCapturePipeline for usage and error information. +// +// Returned Error Types: +// * NotFoundException +// One or more of the resources in the request does not exist in the system. +// +// * ForbiddenException +// The client is permanently forbidden from making the request. +// +// * BadRequestException +// The input parameters don't match the service's restrictions. +// +// * UnauthorizedClientException +// The client is not currently authorized to make the request. +// +// * ThrottledClientException +// The client exceeded its request rate limit. +// +// * ServiceUnavailableException +// The service is currently unavailable. +// +// * ServiceFailureException +// The service encountered an unexpected error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/GetMediaCapturePipeline +func (c *Chime) GetMediaCapturePipeline(input *GetMediaCapturePipelineInput) (*GetMediaCapturePipelineOutput, error) { + req, out := c.GetMediaCapturePipelineRequest(input) + return out, req.Send() +} + +// GetMediaCapturePipelineWithContext is the same as GetMediaCapturePipeline with the addition of +// the ability to pass a context and additional request options. +// +// See GetMediaCapturePipeline for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chime) GetMediaCapturePipelineWithContext(ctx aws.Context, input *GetMediaCapturePipelineInput, opts ...request.Option) (*GetMediaCapturePipelineOutput, error) { + req, out := c.GetMediaCapturePipelineRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opGetMeeting = "GetMeeting" // GetMeetingRequest generates a "aws/request.Request" representing the @@ -12943,6 +13235,158 @@ func (c *Chime) ListChannelsModeratedByAppInstanceUserPagesWithContext(ctx aws.C return p.Err() } +const opListMediaCapturePipelines = "ListMediaCapturePipelines" + +// ListMediaCapturePipelinesRequest generates a "aws/request.Request" representing the +// client's request for the ListMediaCapturePipelines operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListMediaCapturePipelines for more information on using the ListMediaCapturePipelines +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListMediaCapturePipelinesRequest method. +// req, resp := client.ListMediaCapturePipelinesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/ListMediaCapturePipelines +func (c *Chime) ListMediaCapturePipelinesRequest(input *ListMediaCapturePipelinesInput) (req *request.Request, output *ListMediaCapturePipelinesOutput) { + op := &request.Operation{ + Name: opListMediaCapturePipelines, + HTTPMethod: "GET", + HTTPPath: "/media-capture-pipelines", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListMediaCapturePipelinesInput{} + } + + output = &ListMediaCapturePipelinesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListMediaCapturePipelines API operation for Amazon Chime. +// +// Returns a list of media capture pipelines. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Chime's +// API operation ListMediaCapturePipelines for usage and error information. +// +// Returned Error Types: +// * BadRequestException +// The input parameters don't match the service's restrictions. +// +// * ForbiddenException +// The client is permanently forbidden from making the request. +// +// * ThrottledClientException +// The client exceeded its request rate limit. +// +// * UnauthorizedClientException +// The client is not currently authorized to make the request. +// +// * ServiceUnavailableException +// The service is currently unavailable. +// +// * ServiceFailureException +// The service encountered an unexpected error. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chime-2018-05-01/ListMediaCapturePipelines +func (c *Chime) ListMediaCapturePipelines(input *ListMediaCapturePipelinesInput) (*ListMediaCapturePipelinesOutput, error) { + req, out := c.ListMediaCapturePipelinesRequest(input) + return out, req.Send() +} + +// ListMediaCapturePipelinesWithContext is the same as ListMediaCapturePipelines with the addition of +// the ability to pass a context and additional request options. +// +// See ListMediaCapturePipelines for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chime) ListMediaCapturePipelinesWithContext(ctx aws.Context, input *ListMediaCapturePipelinesInput, opts ...request.Option) (*ListMediaCapturePipelinesOutput, error) { + req, out := c.ListMediaCapturePipelinesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListMediaCapturePipelinesPages iterates over the pages of a ListMediaCapturePipelines operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListMediaCapturePipelines method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListMediaCapturePipelines operation. +// pageNum := 0 +// err := client.ListMediaCapturePipelinesPages(params, +// func(page *chime.ListMediaCapturePipelinesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *Chime) ListMediaCapturePipelinesPages(input *ListMediaCapturePipelinesInput, fn func(*ListMediaCapturePipelinesOutput, bool) bool) error { + return c.ListMediaCapturePipelinesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListMediaCapturePipelinesPagesWithContext same as ListMediaCapturePipelinesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chime) ListMediaCapturePipelinesPagesWithContext(ctx aws.Context, input *ListMediaCapturePipelinesInput, fn func(*ListMediaCapturePipelinesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListMediaCapturePipelinesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListMediaCapturePipelinesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListMediaCapturePipelinesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opListMeetingTags = "ListMeetingTags" // ListMeetingTagsRequest generates a "aws/request.Request" representing the @@ -23867,6 +24311,130 @@ func (s *CreateChannelOutput) SetChannelArn(v string) *CreateChannelOutput { return s } +type CreateMediaCapturePipelineInput struct { + _ struct{} `type:"structure"` + + // The token assigned to the client making the pipeline request. + ClientRequestToken *string `min:"2" type:"string" idempotencyToken:"true" sensitive:"true"` + + // The ARN of the sink type. + // + // SinkArn is a required field + SinkArn *string `min:"1" type:"string" required:"true" sensitive:"true"` + + // Destination type to which the media artifacts are saved. You must use an + // S3 bucket. + // + // SinkType is a required field + SinkType *string `type:"string" required:"true" enum:"MediaPipelineSinkType"` + + // ARN of the source from which the media artifacts are captured. + // + // SourceArn is a required field + SourceArn *string `min:"1" type:"string" required:"true" sensitive:"true"` + + // Source type from which the media artifacts will be captured. A Chime SDK + // Meeting is the only supported source. + // + // SourceType is a required field + SourceType *string `type:"string" required:"true" enum:"MediaPipelineSourceType"` +} + +// String returns the string representation +func (s CreateMediaCapturePipelineInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateMediaCapturePipelineInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateMediaCapturePipelineInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateMediaCapturePipelineInput"} + if s.ClientRequestToken != nil && len(*s.ClientRequestToken) < 2 { + invalidParams.Add(request.NewErrParamMinLen("ClientRequestToken", 2)) + } + if s.SinkArn == nil { + invalidParams.Add(request.NewErrParamRequired("SinkArn")) + } + if s.SinkArn != nil && len(*s.SinkArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SinkArn", 1)) + } + if s.SinkType == nil { + invalidParams.Add(request.NewErrParamRequired("SinkType")) + } + if s.SourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("SourceArn")) + } + if s.SourceArn != nil && len(*s.SourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SourceArn", 1)) + } + if s.SourceType == nil { + invalidParams.Add(request.NewErrParamRequired("SourceType")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetClientRequestToken sets the ClientRequestToken field's value. +func (s *CreateMediaCapturePipelineInput) SetClientRequestToken(v string) *CreateMediaCapturePipelineInput { + s.ClientRequestToken = &v + return s +} + +// SetSinkArn sets the SinkArn field's value. +func (s *CreateMediaCapturePipelineInput) SetSinkArn(v string) *CreateMediaCapturePipelineInput { + s.SinkArn = &v + return s +} + +// SetSinkType sets the SinkType field's value. +func (s *CreateMediaCapturePipelineInput) SetSinkType(v string) *CreateMediaCapturePipelineInput { + s.SinkType = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *CreateMediaCapturePipelineInput) SetSourceArn(v string) *CreateMediaCapturePipelineInput { + s.SourceArn = &v + return s +} + +// SetSourceType sets the SourceType field's value. +func (s *CreateMediaCapturePipelineInput) SetSourceType(v string) *CreateMediaCapturePipelineInput { + s.SourceType = &v + return s +} + +type CreateMediaCapturePipelineOutput struct { + _ struct{} `type:"structure"` + + // A media capture pipeline object, the ID, source type, source ARN, sink type, + // and sink ARN of a media capture pipeline object. + MediaCapturePipeline *MediaCapturePipeline `type:"structure"` +} + +// String returns the string representation +func (s CreateMediaCapturePipelineOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CreateMediaCapturePipelineOutput) GoString() string { + return s.String() +} + +// SetMediaCapturePipeline sets the MediaCapturePipeline field's value. +func (s *CreateMediaCapturePipelineOutput) SetMediaCapturePipeline(v *MediaCapturePipeline) *CreateMediaCapturePipelineOutput { + s.MediaCapturePipeline = v + return s +} + type CreateMeetingDialOutInput struct { _ struct{} `type:"structure"` @@ -26236,6 +26804,61 @@ func (s DeleteEventsConfigurationOutput) GoString() string { return s.String() } +type DeleteMediaCapturePipelineInput struct { + _ struct{} `type:"structure"` + + // The ID of the media capture pipeline being deleted. + // + // MediaPipelineId is a required field + MediaPipelineId *string `location:"uri" locationName:"mediaPipelineId" type:"string" required:"true"` +} + +// String returns the string representation +func (s DeleteMediaCapturePipelineInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteMediaCapturePipelineInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteMediaCapturePipelineInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteMediaCapturePipelineInput"} + if s.MediaPipelineId == nil { + invalidParams.Add(request.NewErrParamRequired("MediaPipelineId")) + } + if s.MediaPipelineId != nil && len(*s.MediaPipelineId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MediaPipelineId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMediaPipelineId sets the MediaPipelineId field's value. +func (s *DeleteMediaCapturePipelineInput) SetMediaPipelineId(v string) *DeleteMediaCapturePipelineInput { + s.MediaPipelineId = &v + return s +} + +type DeleteMediaCapturePipelineOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DeleteMediaCapturePipelineOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DeleteMediaCapturePipelineOutput) GoString() string { + return s.String() +} + type DeleteMeetingInput struct { _ struct{} `type:"structure"` @@ -29048,6 +29671,70 @@ func (s *GetGlobalSettingsOutput) SetVoiceConnector(v *VoiceConnectorSettings) * return s } +type GetMediaCapturePipelineInput struct { + _ struct{} `type:"structure"` + + // The ID of the pipeline that you want to get. + // + // MediaPipelineId is a required field + MediaPipelineId *string `location:"uri" locationName:"mediaPipelineId" type:"string" required:"true"` +} + +// String returns the string representation +func (s GetMediaCapturePipelineInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetMediaCapturePipelineInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetMediaCapturePipelineInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetMediaCapturePipelineInput"} + if s.MediaPipelineId == nil { + invalidParams.Add(request.NewErrParamRequired("MediaPipelineId")) + } + if s.MediaPipelineId != nil && len(*s.MediaPipelineId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("MediaPipelineId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMediaPipelineId sets the MediaPipelineId field's value. +func (s *GetMediaCapturePipelineInput) SetMediaPipelineId(v string) *GetMediaCapturePipelineInput { + s.MediaPipelineId = &v + return s +} + +type GetMediaCapturePipelineOutput struct { + _ struct{} `type:"structure"` + + // The media capture pipeline object. + MediaCapturePipeline *MediaCapturePipeline `type:"structure"` +} + +// String returns the string representation +func (s GetMediaCapturePipelineOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s GetMediaCapturePipelineOutput) GoString() string { + return s.String() +} + +// SetMediaCapturePipeline sets the MediaCapturePipeline field's value. +func (s *GetMediaCapturePipelineOutput) SetMediaCapturePipeline(v *MediaCapturePipeline) *GetMediaCapturePipelineOutput { + s.MediaCapturePipeline = v + return s +} + type GetMeetingInput struct { _ struct{} `type:"structure"` @@ -32142,6 +32829,84 @@ func (s *ListChannelsOutput) SetNextToken(v string) *ListChannelsOutput { return s } +type ListMediaCapturePipelinesInput struct { + _ struct{} `type:"structure"` + + // The maximum number of results to return in a single call. Valid Range: 1 + // - 99. + MaxResults *int64 `location:"querystring" locationName:"max-results" min:"1" type:"integer"` + + // The token used to retrieve the next page of results. + NextToken *string `location:"querystring" locationName:"next-token" type:"string"` +} + +// String returns the string representation +func (s ListMediaCapturePipelinesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListMediaCapturePipelinesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListMediaCapturePipelinesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListMediaCapturePipelinesInput"} + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListMediaCapturePipelinesInput) SetMaxResults(v int64) *ListMediaCapturePipelinesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListMediaCapturePipelinesInput) SetNextToken(v string) *ListMediaCapturePipelinesInput { + s.NextToken = &v + return s +} + +type ListMediaCapturePipelinesOutput struct { + _ struct{} `type:"structure"` + + // The media capture pipeline objects in the list. + MediaCapturePipelines []*MediaCapturePipeline `type:"list"` + + // The token used to retrieve the next page of results. + NextToken *string `type:"string"` +} + +// String returns the string representation +func (s ListMediaCapturePipelinesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListMediaCapturePipelinesOutput) GoString() string { + return s.String() +} + +// SetMediaCapturePipelines sets the MediaCapturePipelines field's value. +func (s *ListMediaCapturePipelinesOutput) SetMediaCapturePipelines(v []*MediaCapturePipeline) *ListMediaCapturePipelinesOutput { + s.MediaCapturePipelines = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListMediaCapturePipelinesOutput) SetNextToken(v string) *ListMediaCapturePipelinesOutput { + s.NextToken = &v + return s +} + type ListMeetingTagsInput struct { _ struct{} `type:"structure"` @@ -33506,6 +34271,95 @@ func (s LogoutUserOutput) GoString() string { return s.String() } +// A media capture pipeline object. A string consisting of an ID, source type, +// a source ARN, a sink type, and a sink ARN. +type MediaCapturePipeline struct { + _ struct{} `type:"structure"` + + // The time at which the capture pipeline was created, in ISO 8601 format. + CreatedTimestamp *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The ID of a media capture pipeline. + MediaPipelineId *string `type:"string"` + + // ARN of the destination to which the media artifacts are saved. + SinkArn *string `min:"1" type:"string" sensitive:"true"` + + // Destination type to which the media artifacts are saved. You must use an + // S3 Bucket. + SinkType *string `type:"string" enum:"MediaPipelineSinkType"` + + // ARN of the source from which the media artifacts will be saved. + SourceArn *string `min:"1" type:"string" sensitive:"true"` + + // Source type from which media artifacts are saved. You must use ChimeMeeting. + SourceType *string `type:"string" enum:"MediaPipelineSourceType"` + + // The status of the media capture pipeline. + Status *string `type:"string" enum:"MediaPipelineStatus"` + + // The time at which the capture pipeline was updated, in ISO 8601 format. + UpdatedTimestamp *time.Time `type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation +func (s MediaCapturePipeline) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MediaCapturePipeline) GoString() string { + return s.String() +} + +// SetCreatedTimestamp sets the CreatedTimestamp field's value. +func (s *MediaCapturePipeline) SetCreatedTimestamp(v time.Time) *MediaCapturePipeline { + s.CreatedTimestamp = &v + return s +} + +// SetMediaPipelineId sets the MediaPipelineId field's value. +func (s *MediaCapturePipeline) SetMediaPipelineId(v string) *MediaCapturePipeline { + s.MediaPipelineId = &v + return s +} + +// SetSinkArn sets the SinkArn field's value. +func (s *MediaCapturePipeline) SetSinkArn(v string) *MediaCapturePipeline { + s.SinkArn = &v + return s +} + +// SetSinkType sets the SinkType field's value. +func (s *MediaCapturePipeline) SetSinkType(v string) *MediaCapturePipeline { + s.SinkType = &v + return s +} + +// SetSourceArn sets the SourceArn field's value. +func (s *MediaCapturePipeline) SetSourceArn(v string) *MediaCapturePipeline { + s.SourceArn = &v + return s +} + +// SetSourceType sets the SourceType field's value. +func (s *MediaCapturePipeline) SetSourceType(v string) *MediaCapturePipeline { + s.SourceType = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *MediaCapturePipeline) SetStatus(v string) *MediaCapturePipeline { + s.Status = &v + return s +} + +// SetUpdatedTimestamp sets the UpdatedTimestamp field's value. +func (s *MediaCapturePipeline) SetUpdatedTimestamp(v time.Time) *MediaCapturePipeline { + s.UpdatedTimestamp = &v + return s +} + // A set of endpoints used by clients to connect to the media service group // for a Amazon Chime SDK meeting. type MediaPlacement struct { @@ -41101,6 +41955,58 @@ func License_Values() []string { } } +const ( + // MediaPipelineSinkTypeS3bucket is a MediaPipelineSinkType enum value + MediaPipelineSinkTypeS3bucket = "S3Bucket" +) + +// MediaPipelineSinkType_Values returns all elements of the MediaPipelineSinkType enum +func MediaPipelineSinkType_Values() []string { + return []string{ + MediaPipelineSinkTypeS3bucket, + } +} + +const ( + // MediaPipelineSourceTypeChimeSdkMeeting is a MediaPipelineSourceType enum value + MediaPipelineSourceTypeChimeSdkMeeting = "ChimeSdkMeeting" +) + +// MediaPipelineSourceType_Values returns all elements of the MediaPipelineSourceType enum +func MediaPipelineSourceType_Values() []string { + return []string{ + MediaPipelineSourceTypeChimeSdkMeeting, + } +} + +const ( + // MediaPipelineStatusInitializing is a MediaPipelineStatus enum value + MediaPipelineStatusInitializing = "Initializing" + + // MediaPipelineStatusInProgress is a MediaPipelineStatus enum value + MediaPipelineStatusInProgress = "InProgress" + + // MediaPipelineStatusFailed is a MediaPipelineStatus enum value + MediaPipelineStatusFailed = "Failed" + + // MediaPipelineStatusStopping is a MediaPipelineStatus enum value + MediaPipelineStatusStopping = "Stopping" + + // MediaPipelineStatusStopped is a MediaPipelineStatus enum value + MediaPipelineStatusStopped = "Stopped" +) + +// MediaPipelineStatus_Values returns all elements of the MediaPipelineStatus enum +func MediaPipelineStatus_Values() []string { + return []string{ + MediaPipelineStatusInitializing, + MediaPipelineStatusInProgress, + MediaPipelineStatusFailed, + MediaPipelineStatusStopping, + MediaPipelineStatusStopped, + } +} + const ( // MemberTypeUser is a MemberType enum value MemberTypeUser = "User" diff --git a/service/chime/chimeiface/interface.go b/service/chime/chimeiface/interface.go index 470af58ba0f..3acd2d817ee 100644 --- a/service/chime/chimeiface/interface.go +++ b/service/chime/chimeiface/interface.go @@ -148,6 +148,10 @@ type ChimeAPI interface { CreateChannelModeratorWithContext(aws.Context, *chime.CreateChannelModeratorInput, ...request.Option) (*chime.CreateChannelModeratorOutput, error) CreateChannelModeratorRequest(*chime.CreateChannelModeratorInput) (*request.Request, *chime.CreateChannelModeratorOutput) + CreateMediaCapturePipeline(*chime.CreateMediaCapturePipelineInput) (*chime.CreateMediaCapturePipelineOutput, error) + CreateMediaCapturePipelineWithContext(aws.Context, *chime.CreateMediaCapturePipelineInput, ...request.Option) (*chime.CreateMediaCapturePipelineOutput, error) + CreateMediaCapturePipelineRequest(*chime.CreateMediaCapturePipelineInput) (*request.Request, *chime.CreateMediaCapturePipelineOutput) + CreateMeeting(*chime.CreateMeetingInput) (*chime.CreateMeetingOutput, error) CreateMeetingWithContext(aws.Context, *chime.CreateMeetingInput, ...request.Option) (*chime.CreateMeetingOutput, error) CreateMeetingRequest(*chime.CreateMeetingInput) (*request.Request, *chime.CreateMeetingOutput) @@ -248,6 +252,10 @@ type ChimeAPI interface { DeleteEventsConfigurationWithContext(aws.Context, *chime.DeleteEventsConfigurationInput, ...request.Option) (*chime.DeleteEventsConfigurationOutput, error) DeleteEventsConfigurationRequest(*chime.DeleteEventsConfigurationInput) (*request.Request, *chime.DeleteEventsConfigurationOutput) + DeleteMediaCapturePipeline(*chime.DeleteMediaCapturePipelineInput) (*chime.DeleteMediaCapturePipelineOutput, error) + DeleteMediaCapturePipelineWithContext(aws.Context, *chime.DeleteMediaCapturePipelineInput, ...request.Option) (*chime.DeleteMediaCapturePipelineOutput, error) + DeleteMediaCapturePipelineRequest(*chime.DeleteMediaCapturePipelineInput) (*request.Request, *chime.DeleteMediaCapturePipelineOutput) + DeleteMeeting(*chime.DeleteMeetingInput) (*chime.DeleteMeetingOutput, error) DeleteMeetingWithContext(aws.Context, *chime.DeleteMeetingInput, ...request.Option) (*chime.DeleteMeetingOutput, error) DeleteMeetingRequest(*chime.DeleteMeetingInput) (*request.Request, *chime.DeleteMeetingOutput) @@ -396,6 +404,10 @@ type ChimeAPI interface { GetGlobalSettingsWithContext(aws.Context, *chime.GetGlobalSettingsInput, ...request.Option) (*chime.GetGlobalSettingsOutput, error) GetGlobalSettingsRequest(*chime.GetGlobalSettingsInput) (*request.Request, *chime.GetGlobalSettingsOutput) + GetMediaCapturePipeline(*chime.GetMediaCapturePipelineInput) (*chime.GetMediaCapturePipelineOutput, error) + GetMediaCapturePipelineWithContext(aws.Context, *chime.GetMediaCapturePipelineInput, ...request.Option) (*chime.GetMediaCapturePipelineOutput, error) + GetMediaCapturePipelineRequest(*chime.GetMediaCapturePipelineInput) (*request.Request, *chime.GetMediaCapturePipelineOutput) + GetMeeting(*chime.GetMeetingInput) (*chime.GetMeetingOutput, error) GetMeetingWithContext(aws.Context, *chime.GetMeetingInput, ...request.Option) (*chime.GetMeetingOutput, error) GetMeetingRequest(*chime.GetMeetingInput) (*request.Request, *chime.GetMeetingOutput) @@ -583,6 +595,13 @@ type ChimeAPI interface { ListChannelsModeratedByAppInstanceUserPages(*chime.ListChannelsModeratedByAppInstanceUserInput, func(*chime.ListChannelsModeratedByAppInstanceUserOutput, bool) bool) error ListChannelsModeratedByAppInstanceUserPagesWithContext(aws.Context, *chime.ListChannelsModeratedByAppInstanceUserInput, func(*chime.ListChannelsModeratedByAppInstanceUserOutput, bool) bool, ...request.Option) error + ListMediaCapturePipelines(*chime.ListMediaCapturePipelinesInput) (*chime.ListMediaCapturePipelinesOutput, error) + ListMediaCapturePipelinesWithContext(aws.Context, *chime.ListMediaCapturePipelinesInput, ...request.Option) (*chime.ListMediaCapturePipelinesOutput, error) + ListMediaCapturePipelinesRequest(*chime.ListMediaCapturePipelinesInput) (*request.Request, *chime.ListMediaCapturePipelinesOutput) + + ListMediaCapturePipelinesPages(*chime.ListMediaCapturePipelinesInput, func(*chime.ListMediaCapturePipelinesOutput, bool) bool) error + ListMediaCapturePipelinesPagesWithContext(aws.Context, *chime.ListMediaCapturePipelinesInput, func(*chime.ListMediaCapturePipelinesOutput, bool) bool, ...request.Option) error + ListMeetingTags(*chime.ListMeetingTagsInput) (*chime.ListMeetingTagsOutput, error) ListMeetingTagsWithContext(aws.Context, *chime.ListMeetingTagsInput, ...request.Option) (*chime.ListMeetingTagsOutput, error) ListMeetingTagsRequest(*chime.ListMeetingTagsInput) (*request.Request, *chime.ListMeetingTagsOutput) diff --git a/service/cloudfront/api.go b/service/cloudfront/api.go index 022d6fef09b..8e2b35b4a18 100644 --- a/service/cloudfront/api.go +++ b/service/cloudfront/api.go @@ -13,6 +13,111 @@ import ( "github.com/aws/aws-sdk-go/private/protocol/restxml" ) +const opAssociateAlias = "AssociateAlias2020_05_31" + +// AssociateAliasRequest generates a "aws/request.Request" representing the +// client's request for the AssociateAlias operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See AssociateAlias for more information on using the AssociateAlias +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the AssociateAliasRequest method. +// req, resp := client.AssociateAliasRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/AssociateAlias +func (c *CloudFront) AssociateAliasRequest(input *AssociateAliasInput) (req *request.Request, output *AssociateAliasOutput) { + op := &request.Operation{ + Name: opAssociateAlias, + HTTPMethod: "PUT", + HTTPPath: "/2020-05-31/distribution/{TargetDistributionId}/associate-alias", + } + + if input == nil { + input = &AssociateAliasInput{} + } + + output = &AssociateAliasOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restxml.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// AssociateAlias API operation for Amazon CloudFront. +// +// Associates an alias (also known as a CNAME or an alternate domain name) with +// a CloudFront distribution. +// +// With this operation you can move an alias that’s already in use on a CloudFront +// distribution to a different distribution in one step. This prevents the downtime +// that could occur if you first remove the alias from one distribution and +// then separately add the alias to another distribution. +// +// To use this operation to associate an alias with a distribution, you provide +// the alias and the ID of the target distribution for the alias. For more information, +// including how to set up the target distribution, prerequisites that you must +// complete, and other restrictions, see Moving an alternate domain name to +// a different distribution (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move) +// in the Amazon CloudFront Developer Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation AssociateAlias for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidArgument "InvalidArgument" +// An argument is invalid. +// +// * ErrCodeNoSuchDistribution "NoSuchDistribution" +// The specified distribution does not exist. +// +// * ErrCodeTooManyDistributionCNAMEs "TooManyDistributionCNAMEs" +// Your request contains more CNAMEs than are allowed per distribution. +// +// * ErrCodeIllegalUpdate "IllegalUpdate" +// The update contains modifications that are not allowed. +// +// * ErrCodeAccessDenied "AccessDenied" +// Access denied. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/AssociateAlias +func (c *CloudFront) AssociateAlias(input *AssociateAliasInput) (*AssociateAliasOutput, error) { + req, out := c.AssociateAliasRequest(input) + return out, req.Send() +} + +// AssociateAliasWithContext is the same as AssociateAlias with the addition of +// the ability to pass a context and additional request options. +// +// See AssociateAlias for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) AssociateAliasWithContext(ctx aws.Context, input *AssociateAliasInput, opts ...request.Option) (*AssociateAliasOutput, error) { + req, out := c.AssociateAliasRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateCachePolicy = "CreateCachePolicy2020_05_31" // CreateCachePolicyRequest generates a "aws/request.Request" representing the @@ -103,8 +208,8 @@ func (c *CloudFront) CreateCachePolicyRequest(input *CreateCachePolicyInput) (re // To modify an existing cache policy, use UpdateCachePolicy. // // * ErrCodeTooManyCachePolicies "TooManyCachePolicies" -// You have reached the maximum number of cache policies for this AWS account. -// For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// You have reached the maximum number of cache policies for this account. For +// more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. // // * ErrCodeTooManyHeadersInCachePolicy "TooManyHeadersInCachePolicy" @@ -422,8 +527,8 @@ func (c *CloudFront) CreateDistributionRequest(input *CreateDistributionInput) ( // // * ErrCodeInvalidWebACLId "InvalidWebACLId" // A web ACL ID specified is not valid. To specify a web ACL created using the -// latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. -// To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example +// latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. +// To specify a web ACL created using WAF Classic, use the ACL ID, for example // 473e64fd-f30b-4765-81a0-62ad96dd167a. // // * ErrCodeTooManyOriginCustomHeaders "TooManyOriginCustomHeaders" @@ -437,18 +542,18 @@ func (c *CloudFront) CreateDistributionRequest(input *CreateDistributionInput) ( // // * ErrCodeTooManyDistributionsWithLambdaAssociations "TooManyDistributionsWithLambdaAssociations" // Processing your request would cause the maximum number of distributions with -// Lambda function associations per owner to be exceeded. +// Lambda@Edge function associations per owner to be exceeded. // // * ErrCodeTooManyDistributionsWithSingleFunctionARN "TooManyDistributionsWithSingleFunctionARN" // The maximum number of distributions have been associated with the specified -// Lambda function. +// Lambda@Edge function. // // * ErrCodeTooManyLambdaFunctionAssociations "TooManyLambdaFunctionAssociations" -// Your request contains more Lambda function associations than are allowed +// Your request contains more Lambda@Edge function associations than are allowed // per distribution. // // * ErrCodeInvalidLambdaFunctionAssociation "InvalidLambdaFunctionAssociation" -// The specified Lambda function association is invalid. +// The specified Lambda@Edge function association is invalid. // // * ErrCodeTooManyDistributionsWithFunctionAssociations "TooManyDistributionsWithFunctionAssociations" // You have reached the maximum number of distributions that are associated @@ -513,7 +618,7 @@ func (c *CloudFront) CreateDistributionRequest(input *CreateDistributionInput) ( // The real-time log configuration does not exist. // // * ErrCodeRealtimeLogConfigOwnerMismatch "RealtimeLogConfigOwnerMismatch" -// The specified real-time log configuration belongs to a different AWS account. +// The specified real-time log configuration belongs to a different account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateDistribution func (c *CloudFront) CreateDistribution(input *CreateDistributionInput) (*CreateDistributionOutput, error) { @@ -702,8 +807,8 @@ func (c *CloudFront) CreateDistributionWithTagsRequest(input *CreateDistribution // // * ErrCodeInvalidWebACLId "InvalidWebACLId" // A web ACL ID specified is not valid. To specify a web ACL created using the -// latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. -// To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example +// latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. +// To specify a web ACL created using WAF Classic, use the ACL ID, for example // 473e64fd-f30b-4765-81a0-62ad96dd167a. // // * ErrCodeTooManyOriginCustomHeaders "TooManyOriginCustomHeaders" @@ -720,18 +825,18 @@ func (c *CloudFront) CreateDistributionWithTagsRequest(input *CreateDistribution // // * ErrCodeTooManyDistributionsWithLambdaAssociations "TooManyDistributionsWithLambdaAssociations" // Processing your request would cause the maximum number of distributions with -// Lambda function associations per owner to be exceeded. +// Lambda@Edge function associations per owner to be exceeded. // // * ErrCodeTooManyDistributionsWithSingleFunctionARN "TooManyDistributionsWithSingleFunctionARN" // The maximum number of distributions have been associated with the specified -// Lambda function. +// Lambda@Edge function. // // * ErrCodeTooManyLambdaFunctionAssociations "TooManyLambdaFunctionAssociations" -// Your request contains more Lambda function associations than are allowed +// Your request contains more Lambda@Edge function associations than are allowed // per distribution. // // * ErrCodeInvalidLambdaFunctionAssociation "InvalidLambdaFunctionAssociation" -// The specified Lambda function association is invalid. +// The specified Lambda@Edge function association is invalid. // // * ErrCodeTooManyDistributionsWithFunctionAssociations "TooManyDistributionsWithFunctionAssociations" // You have reached the maximum number of distributions that are associated @@ -796,7 +901,7 @@ func (c *CloudFront) CreateDistributionWithTagsRequest(input *CreateDistribution // The real-time log configuration does not exist. // // * ErrCodeRealtimeLogConfigOwnerMismatch "RealtimeLogConfigOwnerMismatch" -// The specified real-time log configuration belongs to a different AWS account. +// The specified real-time log configuration belongs to a different account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateDistributionWithTags func (c *CloudFront) CreateDistributionWithTags(input *CreateDistributionWithTagsInput) (*CreateDistributionWithTagsOutput, error) { @@ -1092,13 +1197,13 @@ func (c *CloudFront) CreateFunctionRequest(input *CreateFunctionInput) (req *req // // Returned Error Codes: // * ErrCodeTooManyFunctions "TooManyFunctions" -// You have reached the maximum number of CloudFront functions for this AWS -// account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// You have reached the maximum number of CloudFront functions for this account. +// For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. // // * ErrCodeFunctionAlreadyExists "FunctionAlreadyExists" -// A function with the same name already exists in this AWS account. To create -// a function, you must provide a unique name. To update an existing function, +// A function with the same name already exists in this account. To create a +// function, you must provide a unique name. To update an existing function, // use UpdateFunction. // // * ErrCodeFunctionSizeLimitExceeded "FunctionSizeLimitExceeded" @@ -1108,6 +1213,9 @@ func (c *CloudFront) CreateFunctionRequest(input *CreateFunctionInput) (req *req // * ErrCodeInvalidArgument "InvalidArgument" // An argument is invalid. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/CreateFunction func (c *CloudFront) CreateFunction(input *CreateFunctionInput) (*CreateFunctionOutput, error) { req, out := c.CreateFunctionRequest(input) @@ -1302,8 +1410,8 @@ func (c *CloudFront) CreateKeyGroupRequest(input *CreateKeyGroupInput) (req *req // To modify an existing key group, use UpdateKeyGroup. // // * ErrCodeTooManyKeyGroups "TooManyKeyGroups" -// You have reached the maximum number of key groups for this AWS account. For -// more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// You have reached the maximum number of key groups for this account. For more +// information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. // // * ErrCodeTooManyPublicKeysInKeyGroup "TooManyPublicKeysInKeyGroup" @@ -1516,8 +1624,8 @@ func (c *CloudFront) CreateOriginRequestPolicyRequest(input *CreateOriginRequest // a unique name. To modify an existing origin request policy, use UpdateOriginRequestPolicy. // // * ErrCodeTooManyOriginRequestPolicies "TooManyOriginRequestPolicies" -// You have reached the maximum number of origin request policies for this AWS -// account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// You have reached the maximum number of origin request policies for this account. +// For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. // // * ErrCodeTooManyHeadersInOriginRequestPolicy "TooManyHeadersInOriginRequestPolicy" @@ -1713,7 +1821,7 @@ func (c *CloudFront) CreateRealtimeLogConfigRequest(input *CreateRealtimeLogConf // // * ErrCodeTooManyRealtimeLogConfigs "TooManyRealtimeLogConfigs" // You have reached the maximum number of real-time log configurations for this -// AWS account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) +// account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. // // * ErrCodeInvalidArgument "InvalidArgument" @@ -2531,6 +2639,9 @@ func (c *CloudFront) DeleteFunctionRequest(input *DeleteFunctionInput) (req *req // * ErrCodePreconditionFailed "PreconditionFailed" // The precondition in one or more of the request fields evaluated to false. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/DeleteFunction func (c *CloudFront) DeleteFunction(input *DeleteFunctionInput) (*DeleteFunctionOutput, error) { req, out := c.DeleteFunctionRequest(input) @@ -3221,6 +3332,9 @@ func (c *CloudFront) DescribeFunctionRequest(input *DescribeFunctionInput) (req // * ErrCodeNoSuchFunctionExists "NoSuchFunctionExists" // The function does not exist. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/DescribeFunction func (c *CloudFront) DescribeFunction(input *DescribeFunctionInput) (*DescribeFunctionOutput, error) { req, out := c.DescribeFunctionRequest(input) @@ -4140,6 +4254,9 @@ func (c *CloudFront) GetFunctionRequest(input *GetFunctionInput) (req *request.R // * ErrCodeNoSuchFunctionExists "NoSuchFunctionExists" // The function does not exist. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/GetFunction func (c *CloudFront) GetFunction(input *GetFunctionInput) (*GetFunctionOutput, error) { req, out := c.GetFunctionRequest(input) @@ -5150,7 +5267,7 @@ func (c *CloudFront) ListCachePoliciesRequest(input *ListCachePoliciesInput) (re // Gets a list of cache policies. // // You can optionally apply a filter to return only the managed policies created -// by AWS, or only the custom policies created in your AWS account. +// by Amazon Web Services, or only the custom policies created in your account. // // You can optionally specify the maximum number of items to receive in the // response. If the total number of items in the list exceeds the maximum that @@ -5334,6 +5451,114 @@ func (c *CloudFront) ListCloudFrontOriginAccessIdentitiesPagesWithContext(ctx aw return p.Err() } +const opListConflictingAliases = "ListConflictingAliases2020_05_31" + +// ListConflictingAliasesRequest generates a "aws/request.Request" representing the +// client's request for the ListConflictingAliases operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListConflictingAliases for more information on using the ListConflictingAliases +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListConflictingAliasesRequest method. +// req, resp := client.ListConflictingAliasesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListConflictingAliases +func (c *CloudFront) ListConflictingAliasesRequest(input *ListConflictingAliasesInput) (req *request.Request, output *ListConflictingAliasesOutput) { + op := &request.Operation{ + Name: opListConflictingAliases, + HTTPMethod: "GET", + HTTPPath: "/2020-05-31/conflicting-alias", + } + + if input == nil { + input = &ListConflictingAliasesInput{} + } + + output = &ListConflictingAliasesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListConflictingAliases API operation for Amazon CloudFront. +// +// Gets a list of aliases (also called CNAMEs or alternate domain names) that +// conflict or overlap with the provided alias, and the associated CloudFront +// distributions and Amazon Web Services accounts for each conflicting alias. +// In the returned list, the distribution and account IDs are partially hidden, +// which allows you to identify the distributions and accounts that you own, +// but helps to protect the information of ones that you don’t own. +// +// Use this operation to find aliases that are in use in CloudFront that conflict +// or overlap with the provided alias. For example, if you provide www.example.com +// as input, the returned list can include www.example.com and the overlapping +// wildcard alternate domain name (*.example.com), if they exist. If you provide +// *.example.com as input, the returned list can include *.example.com and any +// alternate domain names covered by that wildcard (for example, www.example.com, +// test.example.com, dev.example.com, and so on), if they exist. +// +// To list conflicting aliases, you provide the alias to search and the ID of +// a distribution in your account that has an attached SSL/TLS certificate that +// includes the provided alias. For more information, including how to set up +// the distribution and certificate, see Moving an alternate domain name to +// a different distribution (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html#alternate-domain-names-move) +// in the Amazon CloudFront Developer Guide. +// +// You can optionally specify the maximum number of items to receive in the +// response. If the total number of items in the list exceeds the maximum that +// you specify, or the default maximum, the response is paginated. To get the +// next page of items, send a subsequent request that specifies the NextMarker +// value from the current response as the Marker value in the subsequent request. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon CloudFront's +// API operation ListConflictingAliases for usage and error information. +// +// Returned Error Codes: +// * ErrCodeInvalidArgument "InvalidArgument" +// An argument is invalid. +// +// * ErrCodeNoSuchDistribution "NoSuchDistribution" +// The specified distribution does not exist. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListConflictingAliases +func (c *CloudFront) ListConflictingAliases(input *ListConflictingAliasesInput) (*ListConflictingAliasesOutput, error) { + req, out := c.ListConflictingAliasesRequest(input) + return out, req.Send() +} + +// ListConflictingAliasesWithContext is the same as ListConflictingAliases with the addition of +// the ability to pass a context and additional request options. +// +// See ListConflictingAliases for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *CloudFront) ListConflictingAliasesWithContext(ctx aws.Context, input *ListConflictingAliasesInput, opts ...request.Option) (*ListConflictingAliasesOutput, error) { + req, out := c.ListConflictingAliasesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opListDistributions = "ListDistributions2020_05_31" // ListDistributionsRequest generates a "aws/request.Request" representing the @@ -5879,7 +6104,7 @@ func (c *CloudFront) ListDistributionsByWebACLIdRequest(input *ListDistributions // ListDistributionsByWebACLId API operation for Amazon CloudFront. // -// List the distributions that are associated with a specified AWS WAF web ACL. +// List the distributions that are associated with a specified WAF web ACL. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5894,8 +6119,8 @@ func (c *CloudFront) ListDistributionsByWebACLIdRequest(input *ListDistributions // // * ErrCodeInvalidWebACLId "InvalidWebACLId" // A web ACL ID specified is not valid. To specify a web ACL created using the -// latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. -// To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example +// latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. +// To specify a web ACL created using WAF Classic, use the ACL ID, for example // 473e64fd-f30b-4765-81a0-62ad96dd167a. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListDistributionsByWebACLId @@ -6124,7 +6349,7 @@ func (c *CloudFront) ListFunctionsRequest(input *ListFunctionsInput) (req *reque // ListFunctions API operation for Amazon CloudFront. // -// Gets a list of all CloudFront functions in your AWS account. +// Gets a list of all CloudFront functions in your account. // // You can optionally apply a filter to return only the functions that are in // the specified stage, either DEVELOPMENT or LIVE. @@ -6146,6 +6371,9 @@ func (c *CloudFront) ListFunctionsRequest(input *ListFunctionsInput) (req *reque // * ErrCodeInvalidArgument "InvalidArgument" // An argument is invalid. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/ListFunctions func (c *CloudFront) ListFunctions(input *ListFunctionsInput) (*ListFunctionsOutput, error) { req, out := c.ListFunctionsRequest(input) @@ -6443,7 +6671,7 @@ func (c *CloudFront) ListOriginRequestPoliciesRequest(input *ListOriginRequestPo // Gets a list of origin request policies. // // You can optionally apply a filter to return only the managed policies created -// by AWS, or only the custom policies created in your AWS account. +// by Amazon Web Services, or only the custom policies created in your account. // // You can optionally specify the maximum number of items to receive in the // response. If the total number of items in the list exceeds the maximum that @@ -6960,6 +7188,9 @@ func (c *CloudFront) PublishFunctionRequest(input *PublishFunctionInput) (req *r // * ErrCodePreconditionFailed "PreconditionFailed" // The precondition in one or more of the request fields evaluated to false. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/PublishFunction func (c *CloudFront) PublishFunction(input *PublishFunctionInput) (*PublishFunctionOutput, error) { req, out := c.PublishFunctionRequest(input) @@ -7149,6 +7380,9 @@ func (c *CloudFront) TestFunctionRequest(input *TestFunctionInput) (req *request // * ErrCodeTestFunctionFailed "TestFunctionFailed" // The CloudFront function failed. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/TestFunction func (c *CloudFront) TestFunction(input *TestFunctionInput) (*TestFunctionOutput, error) { req, out := c.TestFunctionRequest(input) @@ -7713,8 +7947,8 @@ func (c *CloudFront) UpdateDistributionRequest(input *UpdateDistributionInput) ( // // * ErrCodeInvalidWebACLId "InvalidWebACLId" // A web ACL ID specified is not valid. To specify a web ACL created using the -// latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. -// To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example +// latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. +// To specify a web ACL created using WAF Classic, use the ACL ID, for example // 473e64fd-f30b-4765-81a0-62ad96dd167a. // // * ErrCodeTooManyOriginCustomHeaders "TooManyOriginCustomHeaders" @@ -7728,18 +7962,18 @@ func (c *CloudFront) UpdateDistributionRequest(input *UpdateDistributionInput) ( // // * ErrCodeTooManyDistributionsWithLambdaAssociations "TooManyDistributionsWithLambdaAssociations" // Processing your request would cause the maximum number of distributions with -// Lambda function associations per owner to be exceeded. +// Lambda@Edge function associations per owner to be exceeded. // // * ErrCodeTooManyDistributionsWithSingleFunctionARN "TooManyDistributionsWithSingleFunctionARN" // The maximum number of distributions have been associated with the specified -// Lambda function. +// Lambda@Edge function. // // * ErrCodeTooManyLambdaFunctionAssociations "TooManyLambdaFunctionAssociations" -// Your request contains more Lambda function associations than are allowed +// Your request contains more Lambda@Edge function associations than are allowed // per distribution. // // * ErrCodeInvalidLambdaFunctionAssociation "InvalidLambdaFunctionAssociation" -// The specified Lambda function association is invalid. +// The specified Lambda@Edge function association is invalid. // // * ErrCodeTooManyDistributionsWithFunctionAssociations "TooManyDistributionsWithFunctionAssociations" // You have reached the maximum number of distributions that are associated @@ -7804,7 +8038,7 @@ func (c *CloudFront) UpdateDistributionRequest(input *UpdateDistributionInput) ( // The real-time log configuration does not exist. // // * ErrCodeRealtimeLogConfigOwnerMismatch "RealtimeLogConfigOwnerMismatch" -// The specified real-time log configuration belongs to a different AWS account. +// The specified real-time log configuration belongs to a different account. // // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateDistribution func (c *CloudFront) UpdateDistribution(input *UpdateDistributionInput) (*UpdateDistributionOutput, error) { @@ -8130,6 +8364,9 @@ func (c *CloudFront) UpdateFunctionRequest(input *UpdateFunctionInput) (req *req // The function is too large. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. // +// * ErrCodeUnsupportedOperation "UnsupportedOperation" +// This operation is not supported in this region. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/cloudfront-2020-05-31/UpdateFunction func (c *CloudFront) UpdateFunction(input *UpdateFunctionInput) (*UpdateFunctionOutput, error) { req, out := c.UpdateFunctionRequest(input) @@ -8755,25 +8992,24 @@ func (s *ActiveTrustedKeyGroups) SetQuantity(v int64) *ActiveTrustedKeyGroups { return s } -// A list of AWS accounts and the active CloudFront key pairs in each account -// that CloudFront can use to verify the signatures of signed URLs and signed -// cookies. +// A list of accounts and the active CloudFront key pairs in each account that +// CloudFront can use to verify the signatures of signed URLs and signed cookies. type ActiveTrustedSigners struct { _ struct{} `type:"structure"` - // This field is true if any of the AWS accounts in the list have active CloudFront + // This field is true if any of the accounts in the list have active CloudFront // key pairs that CloudFront can use to verify the signatures of signed URLs // and signed cookies. If not, this field is false. // // Enabled is a required field Enabled *bool `type:"boolean" required:"true"` - // A list of AWS accounts and the identifiers of active CloudFront key pairs - // in each account that CloudFront can use to verify the signatures of signed - // URLs and signed cookies. + // A list of accounts and the identifiers of active CloudFront key pairs in + // each account that CloudFront can use to verify the signatures of signed URLs + // and signed cookies. Items []*Signer `locationNameList:"Signer" type:"list"` - // The number of AWS accounts in the list. + // The number of accounts in the list. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -8807,16 +9043,16 @@ func (s *ActiveTrustedSigners) SetQuantity(v int64) *ActiveTrustedSigners { return s } -// AWS services in China customers must file for an Internet Content Provider -// (ICP) recordal if they want to serve content publicly on an alternate domain -// name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal -// provides the ICP recordal status for CNAMEs associated with distributions. -// The status is returned in the CloudFront response; you can't configure it -// yourself. +// Amazon Web Services services in China customers must file for an Internet +// Content Provider (ICP) recordal if they want to serve content publicly on +// an alternate domain name, also known as a CNAME, that they've added to CloudFront. +// AliasICPRecordal provides the ICP recordal status for CNAMEs associated with +// distributions. The status is returned in the CloudFront response; you can't +// configure it yourself. // // For more information about ICP recordals, see Signup, Accounts, and Credentials // (https://docs.amazonaws.cn/en_us/aws/latest/userguide/accounts-and-credentials.html) -// in Getting Started with AWS services in China. +// in Getting Started with Amazon Web Services services in China. type AliasICPRecordal struct { _ struct{} `type:"structure"` @@ -9011,6 +9247,75 @@ func (s *AllowedMethods) SetQuantity(v int64) *AllowedMethods { return s } +type AssociateAliasInput struct { + _ struct{} `locationName:"AssociateAliasRequest" type:"structure"` + + // The alias (also known as a CNAME) to add to the target distribution. + // + // Alias is a required field + Alias *string `location:"querystring" locationName:"Alias" type:"string" required:"true"` + + // The ID of the distribution that you’re associating the alias with. + // + // TargetDistributionId is a required field + TargetDistributionId *string `location:"uri" locationName:"TargetDistributionId" type:"string" required:"true"` +} + +// String returns the string representation +func (s AssociateAliasInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateAliasInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateAliasInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateAliasInput"} + if s.Alias == nil { + invalidParams.Add(request.NewErrParamRequired("Alias")) + } + if s.TargetDistributionId == nil { + invalidParams.Add(request.NewErrParamRequired("TargetDistributionId")) + } + if s.TargetDistributionId != nil && len(*s.TargetDistributionId) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TargetDistributionId", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAlias sets the Alias field's value. +func (s *AssociateAliasInput) SetAlias(v string) *AssociateAliasInput { + s.Alias = &v + return s +} + +// SetTargetDistributionId sets the TargetDistributionId field's value. +func (s *AssociateAliasInput) SetTargetDistributionId(v string) *AssociateAliasInput { + s.TargetDistributionId = &v + return s +} + +type AssociateAliasOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s AssociateAliasOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s AssociateAliasOutput) GoString() string { + return s.String() +} + // A complex type that describes how CloudFront processes requests. // // You must create at least as many cache behaviors (including the default cache @@ -9123,8 +9428,8 @@ type CacheBehavior struct { // with a cache behavior. FunctionAssociations *FunctionAssociations `type:"structure"` - // A complex type that contains zero or more Lambda function associations for - // a cache behavior. + // A complex type that contains zero or more Lambda@Edge function associations + // for a cache behavior. LambdaFunctionAssociations *LambdaFunctionAssociations `type:"structure"` // This field is deprecated. We recommend that you use the MaxTTL field in a @@ -9223,15 +9528,15 @@ type CacheBehavior struct { // // We recommend using TrustedKeyGroups instead of TrustedSigners. // - // A list of AWS account IDs whose public keys CloudFront can use to validate - // signed URLs or signed cookies. + // A list of account IDs whose public keys CloudFront can use to validate signed + // URLs or signed cookies. // // When a cache behavior contains trusted signers, CloudFront requires signed // URLs or signed cookies for all requests that match the cache behavior. The // URLs or cookies must be signed with the private key of a CloudFront key pair - // in the trusted signer’s AWS account. The signed URL or cookie contains - // information about which public key CloudFront should use to verify the signature. - // For more information, see Serving private content (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) + // in the trusted signer’s account. The signed URL or cookie contains information + // about which public key CloudFront should use to verify the signature. For + // more information, see Serving private content (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) // in the Amazon CloudFront Developer Guide. TrustedSigners *TrustedSigners `type:"structure"` @@ -9977,8 +10282,8 @@ type CachePolicySummary struct { // CachePolicy is a required field CachePolicy *CachePolicy `type:"structure" required:"true"` - // The type of cache policy, either managed (created by AWS) or custom (created - // in this AWS account). + // The type of cache policy, either managed (created by Amazon Web Services) + // or custom (created in this account). // // Type is a required field Type *string `type:"string" required:"true" enum:"CachePolicyType"` @@ -10071,6 +10376,112 @@ func (s *CachedMethods) SetQuantity(v int64) *CachedMethods { return s } +// An alias (also called a CNAME) and the CloudFront distribution and Amazon +// Web Services account ID that it’s associated with. The distribution and +// account IDs are partially hidden, which allows you to identify the distributions +// and accounts that you own, but helps to protect the information of ones that +// you don’t own. +type ConflictingAlias struct { + _ struct{} `type:"structure"` + + // The (partially hidden) ID of the Amazon Web Services account that owns the + // distribution that’s associated with the alias. + AccountId *string `type:"string"` + + // An alias (also called a CNAME). + Alias *string `type:"string"` + + // The (partially hidden) ID of the CloudFront distribution associated with + // the alias. + DistributionId *string `type:"string"` +} + +// String returns the string representation +func (s ConflictingAlias) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ConflictingAlias) GoString() string { + return s.String() +} + +// SetAccountId sets the AccountId field's value. +func (s *ConflictingAlias) SetAccountId(v string) *ConflictingAlias { + s.AccountId = &v + return s +} + +// SetAlias sets the Alias field's value. +func (s *ConflictingAlias) SetAlias(v string) *ConflictingAlias { + s.Alias = &v + return s +} + +// SetDistributionId sets the DistributionId field's value. +func (s *ConflictingAlias) SetDistributionId(v string) *ConflictingAlias { + s.DistributionId = &v + return s +} + +// A list of aliases (also called CNAMEs) and the CloudFront distributions and +// Amazon Web Services accounts that they are associated with. In the list, +// the distribution and account IDs are partially hidden, which allows you to +// identify the distributions and accounts that you own, but helps to protect +// the information of ones that you don’t own. +type ConflictingAliasesList struct { + _ struct{} `type:"structure"` + + // Contains the conflicting aliases in the list. + Items []*ConflictingAlias `locationNameList:"ConflictingAlias" type:"list"` + + // The maximum number of conflicting aliases requested. + MaxItems *int64 `type:"integer"` + + // If there are more items in the list than are in this response, this element + // is present. It contains the value that you should use in the Marker field + // of a subsequent request to continue listing conflicting aliases where you + // left off. + NextMarker *string `type:"string"` + + // The number of conflicting aliases returned in the response. + Quantity *int64 `type:"integer"` +} + +// String returns the string representation +func (s ConflictingAliasesList) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ConflictingAliasesList) GoString() string { + return s.String() +} + +// SetItems sets the Items field's value. +func (s *ConflictingAliasesList) SetItems(v []*ConflictingAlias) *ConflictingAliasesList { + s.Items = v + return s +} + +// SetMaxItems sets the MaxItems field's value. +func (s *ConflictingAliasesList) SetMaxItems(v int64) *ConflictingAliasesList { + s.MaxItems = &v + return s +} + +// SetNextMarker sets the NextMarker field's value. +func (s *ConflictingAliasesList) SetNextMarker(v string) *ConflictingAliasesList { + s.NextMarker = &v + return s +} + +// SetQuantity sets the Quantity field's value. +func (s *ConflictingAliasesList) SetQuantity(v int64) *ConflictingAliasesList { + s.Quantity = &v + return s +} + // A field-level encryption content type profile. type ContentTypeProfile struct { _ struct{} `type:"structure"` @@ -10358,7 +10769,7 @@ type CookiePreference struct { // // For the current limit on the number of cookie names that you can whitelist // for each cache behavior, see CloudFront Limits (https://docs.aws.amazon.com/general/latest/gr/xrefaws_service_limits.html#limits_cloudfront) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. WhitelistedNames *CookieNames `type:"structure"` } @@ -12236,8 +12647,8 @@ type DefaultCacheBehavior struct { // with a cache behavior. FunctionAssociations *FunctionAssociations `type:"structure"` - // A complex type that contains zero or more Lambda function associations for - // a cache behavior. + // A complex type that contains zero or more Lambda@Edge function associations + // for a cache behavior. LambdaFunctionAssociations *LambdaFunctionAssociations `type:"structure"` // This field is deprecated. We recommend that you use the MaxTTL field in a @@ -12317,13 +12728,13 @@ type DefaultCacheBehavior struct { // // We recommend using TrustedKeyGroups instead of TrustedSigners. // - // A list of AWS account IDs whose public keys CloudFront can use to validate - // signed URLs or signed cookies. + // A list of account IDs whose public keys CloudFront can use to validate signed + // URLs or signed cookies. // // When a cache behavior contains trusted signers, CloudFront requires signed // URLs or signed cookies for all requests that match the cache behavior. The // URLs or cookies must be signed with the private key of a CloudFront key pair - // in a trusted signer’s AWS account. The signed URL or cookie contains information + // in a trusted signer’s account. The signed URL or cookie contains information // about which public key CloudFront should use to verify the signature. For // more information, see Serving private content (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) // in the Amazon CloudFront Developer Guide. @@ -13403,7 +13814,7 @@ type Distribution struct { _ struct{} `type:"structure"` // The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, - // where 123456789012 is your AWS account ID. + // where 123456789012 is your account ID. // // ARN is a required field ARN *string `type:"string" required:"true"` @@ -13420,19 +13831,20 @@ type Distribution struct { // // CloudFront automatically adds this field to the response if you’ve configured // a cache behavior in this distribution to serve private content using trusted - // signers. This field contains a list of AWS account IDs and the active CloudFront + // signers. This field contains a list of account IDs and the active CloudFront // key pairs in each account that CloudFront can use to verify the signatures // of signed URLs or signed cookies. ActiveTrustedSigners *ActiveTrustedSigners `type:"structure"` - // AWS services in China customers must file for an Internet Content Provider - // (ICP) recordal if they want to serve content publicly on an alternate domain - // name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal - // provides the ICP recordal status for CNAMEs associated with distributions. + // Amazon Web Services services in China customers must file for an Internet + // Content Provider (ICP) recordal if they want to serve content publicly on + // an alternate domain name, also known as a CNAME, that they've added to CloudFront. + // AliasICPRecordal provides the ICP recordal status for CNAMEs associated with + // distributions. // // For more information about ICP recordals, see Signup, Accounts, and Credentials // (https://docs.amazonaws.cn/en_us/aws/latest/userguide/accounts-and-credentials.html) - // in Getting Started with AWS services in China. + // in Getting Started with Amazon Web Services services in China. AliasICPRecordals []*AliasICPRecordal `locationNameList:"AliasICPRecordal" type:"list"` // The current configuration information for the distribution. Send a GET request @@ -13644,9 +14056,10 @@ type DistributionConfig struct { // For more information, see Creating a Signed URL Using a Custom Policy (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-creating-signed-url-custom-policy.html) // in the Amazon CloudFront Developer Guide. // - // If you're using an Amazon Route 53 alias resource record set to route traffic - // to your CloudFront distribution, you need to create a second alias resource - // record set when both of the following are true: + // If you're using an Route 53 Amazon Web Services Integration alias resource + // record set to route traffic to your CloudFront distribution, you need to + // create a second alias resource record set when both of the following are + // true: // // * You enable IPv6 for the distribution // @@ -13654,12 +14067,12 @@ type DistributionConfig struct { // // For more information, see Routing Traffic to an Amazon CloudFront Web Distribution // by Using Your Domain Name (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-cloudfront-distribution.html) - // in the Amazon Route 53 Developer Guide. + // in the Route 53 Amazon Web Services Integration Developer Guide. // - // If you created a CNAME resource record set, either with Amazon Route 53 or - // with another DNS service, you don't need to make any changes. A CNAME record - // will route traffic to your distribution regardless of the IP address format - // of the viewer request. + // If you created a CNAME resource record set, either with Route 53 Amazon Web + // Services Integration or with another DNS service, you don't need to make + // any changes. A CNAME record will route traffic to your distribution regardless + // of the IP address format of the viewer request. IsIPV6Enabled *bool `type:"boolean"` // A complex type that controls whether access logs are written for the distribution. @@ -13701,20 +14114,20 @@ type DistributionConfig struct { // for communicating with viewers. ViewerCertificate *ViewerCertificate `type:"structure"` - // A unique identifier that specifies the AWS WAF web ACL, if any, to associate + // A unique identifier that specifies the WAF web ACL, if any, to associate // with this distribution. To specify a web ACL created using the latest version - // of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. - // To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example + // of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. + // To specify a web ACL created using WAF Classic, use the ACL ID, for example // 473e64fd-f30b-4765-81a0-62ad96dd167a. // - // AWS WAF is a web application firewall that lets you monitor the HTTP and - // HTTPS requests that are forwarded to CloudFront, and lets you control access - // to your content. Based on conditions that you specify, such as the IP addresses + // WAF is a web application firewall that lets you monitor the HTTP and HTTPS + // requests that are forwarded to CloudFront, and lets you control access to + // your content. Based on conditions that you specify, such as the IP addresses // that requests originate from or the values of query strings, CloudFront responds // to requests either with the requested content or with an HTTP 403 status // code (Forbidden). You can also configure CloudFront to return a custom error - // page when a request is blocked. For more information about AWS WAF, see the - // AWS WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html). + // page when a request is blocked. For more information about WAF, see the WAF + // Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html). WebACLId *string `type:"string"` } @@ -14052,7 +14465,7 @@ type DistributionList struct { IsTruncated *bool `type:"boolean" required:"true"` // A complex type that contains one DistributionSummary element for each distribution - // that was created by the current AWS account. + // that was created by the current account. Items []*DistributionSummary `locationNameList:"DistributionSummary" type:"list"` // The value you provided for the Marker request parameter. @@ -14070,7 +14483,7 @@ type DistributionList struct { // where they left off. NextMarker *string `type:"string"` - // The number of distributions that were created by the current AWS account. + // The number of distributions that were created by the current account. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -14127,19 +14540,20 @@ type DistributionSummary struct { _ struct{} `type:"structure"` // The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, - // where 123456789012 is your AWS account ID. + // where 123456789012 is your account ID. // // ARN is a required field ARN *string `type:"string" required:"true"` - // AWS services in China customers must file for an Internet Content Provider - // (ICP) recordal if they want to serve content publicly on an alternate domain - // name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal - // provides the ICP recordal status for CNAMEs associated with distributions. + // Amazon Web Services services in China customers must file for an Internet + // Content Provider (ICP) recordal if they want to serve content publicly on + // an alternate domain name, also known as a CNAME, that they've added to CloudFront. + // AliasICPRecordal provides the ICP recordal status for CNAMEs associated with + // distributions. // // For more information about ICP recordals, see Signup, Accounts, and Credentials // (https://docs.amazonaws.cn/en_us/aws/latest/userguide/accounts-and-credentials.html) - // in Getting Started with AWS services in China. + // in Getting Started with Amazon Web Services services in China. AliasICPRecordals []*AliasICPRecordal `locationNameList:"AliasICPRecordal" type:"list"` // A complex type that contains information about CNAMEs (alternate domain names), @@ -17594,7 +18008,7 @@ type InvalidationList struct { IsTruncated *bool `type:"boolean" required:"true"` // A complex type that contains one InvalidationSummary element for each invalidation - // batch created by the current AWS account. + // batch created by the current account. Items []*InvalidationSummary `locationNameList:"InvalidationSummary" type:"list"` // The value that you provided for the Marker request parameter. @@ -17612,7 +18026,7 @@ type InvalidationList struct { // batches where they left off. NextMarker *string `type:"string"` - // The number of invalidation batches that were created by the current AWS account. + // The number of invalidation batches that were created by the current account. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -17986,7 +18400,7 @@ func (s *KeyPairIds) SetQuantity(v int64) *KeyPairIds { type KinesisStreamConfig struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of an AWS Identity and Access Management (IAM) + // The Amazon Resource Name (ARN) of an Identity and Access Management (IAM) // role that CloudFront can use to send real-time log data to your Kinesis data // stream. // @@ -18042,12 +18456,12 @@ func (s *KinesisStreamConfig) SetStreamARN(v string) *KinesisStreamConfig { return s } -// A complex type that contains a Lambda function association. +// A complex type that contains a Lambda@Edge function association. type LambdaFunctionAssociation struct { _ struct{} `type:"structure"` - // Specifies the event type that triggers a Lambda function invocation. You - // can specify the following values: + // Specifies the event type that triggers a Lambda@Edge function invocation. + // You can specify the following values: // // * viewer-request: The function executes when CloudFront receives a request // from a viewer and before it checks to see whether the requested object @@ -18069,14 +18483,14 @@ type LambdaFunctionAssociation struct { // EventType is a required field EventType *string `type:"string" required:"true" enum:"EventType"` - // A flag that allows a Lambda function to have read access to the body content. - // For more information, see Accessing the Request Body by Choosing the Include - // Body Option (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html) + // A flag that allows a Lambda@Edge function to have read access to the body + // content. For more information, see Accessing the Request Body by Choosing + // the Include Body Option (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-include-body-access.html) // in the Amazon CloudFront Developer Guide. IncludeBody *bool `type:"boolean"` - // The ARN of the Lambda function. You must specify the ARN of a function version; - // you can't specify a Lambda alias or $LATEST. + // The ARN of the Lambda@Edge function. You must specify the ARN of a function + // version; you can't specify an alias or $LATEST. // // LambdaFunctionARN is a required field LambdaFunctionARN *string `type:"string" required:"true"` @@ -18126,17 +18540,17 @@ func (s *LambdaFunctionAssociation) SetLambdaFunctionARN(v string) *LambdaFuncti return s } -// A complex type that specifies a list of Lambda functions associations for -// a cache behavior. +// A complex type that specifies a list of Lambda@Edge functions associations +// for a cache behavior. // -// If you want to invoke one or more Lambda functions triggered by requests +// If you want to invoke one or more Lambda@Edge functions triggered by requests // that match the PathPattern of the cache behavior, specify the applicable // values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation // items in this list (one for each possible value of EventType) and each EventType -// can be associated with the Lambda function only once. +// can be associated with only one function. // -// If you don't want to invoke any Lambda functions for the requests that match -// PathPattern, specify 0 for Quantity and omit Items. +// If you don't want to invoke any Lambda@Edge functions for the requests that +// match PathPattern, specify 0 for Quantity and omit Items. type LambdaFunctionAssociations struct { _ struct{} `type:"structure"` @@ -18144,7 +18558,7 @@ type LambdaFunctionAssociations struct { // this cache behavior. If Quantity is 0, you can omit Items. Items []*LambdaFunctionAssociation `locationNameList:"LambdaFunctionAssociation" type:"list"` - // The number of Lambda function associations for this cache behavior. + // The number of Lambda@Edge function associations for this cache behavior. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -18210,9 +18624,10 @@ type ListCachePoliciesInput struct { // A filter to return only the specified kinds of cache policies. Valid values // are: // - // * managed – Returns only the managed policies created by AWS. + // * managed – Returns only the managed policies created by Amazon Web + // Services. // - // * custom – Returns only the custom policies created in your AWS account. + // * custom – Returns only the custom policies created in your account. Type *string `location:"querystring" locationName:"Type" type:"string" enum:"CachePolicyType"` } @@ -18328,6 +18743,104 @@ func (s *ListCloudFrontOriginAccessIdentitiesOutput) SetCloudFrontOriginAccessId return s } +type ListConflictingAliasesInput struct { + _ struct{} `locationName:"ListConflictingAliasesRequest" type:"structure"` + + // The alias (also called a CNAME) to search for conflicting aliases. + // + // Alias is a required field + Alias *string `location:"querystring" locationName:"Alias" type:"string" required:"true"` + + // The ID of a distribution in your account that has an attached SSL/TLS certificate + // that includes the provided alias. + // + // DistributionId is a required field + DistributionId *string `location:"querystring" locationName:"DistributionId" type:"string" required:"true"` + + // Use this field when paginating results to indicate where to begin in the + // list of conflicting aliases. The response includes conflicting aliases in + // the list that occur after the marker. To get the next page of the list, set + // this field’s value to the value of NextMarker from the current page’s + // response. + Marker *string `location:"querystring" locationName:"Marker" type:"string"` + + // The maximum number of conflicting aliases that you want in the response. + MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` +} + +// String returns the string representation +func (s ListConflictingAliasesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListConflictingAliasesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListConflictingAliasesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListConflictingAliasesInput"} + if s.Alias == nil { + invalidParams.Add(request.NewErrParamRequired("Alias")) + } + if s.DistributionId == nil { + invalidParams.Add(request.NewErrParamRequired("DistributionId")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAlias sets the Alias field's value. +func (s *ListConflictingAliasesInput) SetAlias(v string) *ListConflictingAliasesInput { + s.Alias = &v + return s +} + +// SetDistributionId sets the DistributionId field's value. +func (s *ListConflictingAliasesInput) SetDistributionId(v string) *ListConflictingAliasesInput { + s.DistributionId = &v + return s +} + +// SetMarker sets the Marker field's value. +func (s *ListConflictingAliasesInput) SetMarker(v string) *ListConflictingAliasesInput { + s.Marker = &v + return s +} + +// SetMaxItems sets the MaxItems field's value. +func (s *ListConflictingAliasesInput) SetMaxItems(v int64) *ListConflictingAliasesInput { + s.MaxItems = &v + return s +} + +type ListConflictingAliasesOutput struct { + _ struct{} `type:"structure" payload:"ConflictingAliasesList"` + + // A list of conflicting aliases. + ConflictingAliasesList *ConflictingAliasesList `type:"structure"` +} + +// String returns the string representation +func (s ListConflictingAliasesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListConflictingAliasesOutput) GoString() string { + return s.String() +} + +// SetConflictingAliasesList sets the ConflictingAliasesList field's value. +func (s *ListConflictingAliasesOutput) SetConflictingAliasesList(v *ConflictingAliasesList) *ListConflictingAliasesOutput { + s.ConflictingAliasesList = v + return s +} + type ListDistributionsByCachePolicyIdInput struct { _ struct{} `locationName:"ListDistributionsByCachePolicyIdRequest" type:"structure"` @@ -18663,8 +19176,8 @@ func (s *ListDistributionsByRealtimeLogConfigOutput) SetDistributionList(v *Dist return s } -// The request to list distributions that are associated with a specified AWS -// WAF web ACL. +// The request to list distributions that are associated with a specified WAF +// web ACL. type ListDistributionsByWebACLIdInput struct { _ struct{} `locationName:"ListDistributionsByWebACLIdRequest" type:"structure"` @@ -18679,7 +19192,7 @@ type ListDistributionsByWebACLIdInput struct { // the response body. The maximum and default values are both 100. MaxItems *int64 `location:"querystring" locationName:"MaxItems" type:"integer"` - // The ID of the AWS WAF web ACL that you want to list the associated distributions. + // The ID of the WAF web ACL that you want to list the associated distributions. // If you specify "null" for the ID, the request returns a list of the distributions // that aren't associated with a web ACL. // @@ -18732,7 +19245,7 @@ func (s *ListDistributionsByWebACLIdInput) SetWebACLId(v string) *ListDistributi } // The response to a request to list the distributions that are associated with -// a specified AWS WAF web ACL. +// a specified WAF web ACL. type ListDistributionsByWebACLIdOutput struct { _ struct{} `type:"structure" payload:"DistributionList"` @@ -19172,9 +19685,10 @@ type ListOriginRequestPoliciesInput struct { // A filter to return only the specified kinds of origin request policies. Valid // values are: // - // * managed – Returns only the managed policies created by AWS. + // * managed – Returns only the managed policies created by Amazon Web + // Services. // - // * custom – Returns only the custom policies created in your AWS account. + // * custom – Returns only the custom policies created in your account. Type *string `location:"querystring" locationName:"Type" type:"string" enum:"OriginRequestPolicyType"` } @@ -19932,7 +20446,7 @@ type OriginAccessIdentityList struct { IsTruncated *bool `type:"boolean" required:"true"` // A complex type that contains one CloudFrontOriginAccessIdentitySummary element - // for each origin access identity that was created by the current AWS account. + // for each origin access identity that was created by the current account. Items []*OriginAccessIdentitySummary `locationNameList:"CloudFrontOriginAccessIdentitySummary" type:"list"` // Use this when paginating results to indicate where to begin in your list @@ -19955,7 +20469,7 @@ type OriginAccessIdentityList struct { NextMarker *string `type:"string"` // The number of CloudFront origin access identities that were created by the - // current AWS account. + // current account. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -20873,8 +21387,8 @@ type OriginRequestPolicySummary struct { // OriginRequestPolicy is a required field OriginRequestPolicy *OriginRequestPolicy `type:"structure" required:"true"` - // The type of origin request policy, either managed (created by AWS) or custom - // (created in this AWS account). + // The type of origin request policy, either managed (created by Amazon Web + // Services) or custom (created in this account). // // Type is a required field Type *string `type:"string" required:"true" enum:"OriginRequestPolicyType"` @@ -20920,16 +21434,16 @@ type OriginShield struct { // Enabled is a required field Enabled *bool `type:"boolean" required:"true"` - // The AWS Region for Origin Shield. + // The Region for Origin Shield. // - // Specify the AWS Region that has the lowest latency to your origin. To specify + // Specify the Region that has the lowest latency to your origin. To specify // a region, use the region code, not the region name. For example, specify // the US East (Ohio) region as us-east-2. // - // When you enable CloudFront Origin Shield, you must specify the AWS Region - // for Origin Shield. For the list of AWS Regions that you can specify, and - // for help choosing the best Region for your origin, see Choosing the AWS Region - // for Origin Shield (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html#choose-origin-shield-region) + // When you enable CloudFront Origin Shield, you must specify the Region for + // Origin Shield. For the list of Regions that you can specify, and for help + // choosing the best Region for your origin, see Choosing the Region for Origin + // Shield (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html#choose-origin-shield-region) // in the Amazon CloudFront Developer Guide. OriginShieldRegion *string `min:"1" type:"string"` } @@ -22302,15 +22816,14 @@ func (s *S3OriginConfig) SetOriginAccessIdentity(v string) *S3OriginConfig { return s } -// A list of AWS accounts and the active CloudFront key pairs in each account -// that CloudFront can use to verify the signatures of signed URLs and signed -// cookies. +// A list of accounts and the active CloudFront key pairs in each account that +// CloudFront can use to verify the signatures of signed URLs and signed cookies. type Signer struct { _ struct{} `type:"structure"` - // An AWS account number that contains active CloudFront key pairs that CloudFront + // An account number that contains active CloudFront key pairs that CloudFront // can use to verify the signatures of signed URLs and signed cookies. If the - // AWS account that owns the key pairs is the same account that owns the CloudFront + // account that owns the key pairs is the same account that owns the CloudFront // distribution, the value of this field is self. AwsAccountNumber *string `type:"string"` @@ -22404,20 +22917,20 @@ type StreamingDistribution struct { _ struct{} `type:"structure"` // The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, - // where 123456789012 is your AWS account ID. + // where 123456789012 is your account ID. // // ARN is a required field ARN *string `type:"string" required:"true"` - // A complex type that lists the AWS accounts, if any, that you included in - // the TrustedSigners complex type for this distribution. These are the accounts + // A complex type that lists the accounts, if any, that you included in the + // TrustedSigners complex type for this distribution. These are the accounts // that you want to allow to create signed URLs for private content. // - // The Signer complex type lists the AWS account number of the trusted signer - // or self if the signer is the AWS account that created the distribution. The - // Signer element also includes the IDs of any active CloudFront key pairs that - // are associated with the trusted signer's AWS account. If no KeyPairId element - // appears for a Signer, that signer can't create signed URLs. + // The Signer complex type lists the account number of the trusted signer or + // self if the signer is the account that created the distribution. The Signer + // element also includes the IDs of any active CloudFront key pairs that are + // associated with the trusted signer's account. If no KeyPairId element appears + // for a Signer, that signer can't create signed URLs. // // For more information, see Serving Private Content through CloudFront (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) // in the Amazon CloudFront Developer Guide. @@ -22549,11 +23062,11 @@ type StreamingDistributionConfig struct { // S3Origin is a required field S3Origin *S3Origin `type:"structure" required:"true"` - // A complex type that specifies any AWS accounts that you want to permit to - // create signed URLs for private content. If you want the distribution to use - // signed URLs, include this element; if you want the distribution to use public - // URLs, remove this element. For more information, see Serving Private Content - // through CloudFront (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) + // A complex type that specifies any accounts that you want to permit to create + // signed URLs for private content. If you want the distribution to use signed + // URLs, include this element; if you want the distribution to use public URLs, + // remove this element. For more information, see Serving Private Content through + // CloudFront (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) // in the Amazon CloudFront Developer Guide. // // TrustedSigners is a required field @@ -22740,7 +23253,7 @@ type StreamingDistributionList struct { IsTruncated *bool `type:"boolean" required:"true"` // A complex type that contains one StreamingDistributionSummary element for - // each distribution that was created by the current AWS account. + // each distribution that was created by the current account. Items []*StreamingDistributionSummary `locationNameList:"StreamingDistributionSummary" type:"list"` // The value you provided for the Marker request parameter. @@ -22758,8 +23271,7 @@ type StreamingDistributionList struct { // where they left off. NextMarker *string `type:"string"` - // The number of streaming distributions that were created by the current AWS - // account. + // The number of streaming distributions that were created by the current account. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -22817,7 +23329,7 @@ type StreamingDistributionSummary struct { // The ARN (Amazon Resource Name) for the streaming distribution. For example: // arn:aws:cloudfront::123456789012:streaming-distribution/EDFDVBD632BHDS5, - // where 123456789012 is your AWS account ID. + // where 123456789012 is your account ID. // // ARN is a required field ARN *string `type:"string" required:"true"` @@ -22872,8 +23384,8 @@ type StreamingDistributionSummary struct { // Status is a required field Status *string `type:"string" required:"true"` - // A complex type that specifies the AWS accounts, if any, that you want to - // allow to create signed URLs for private content. If you want to require signed + // A complex type that specifies the accounts, if any, that you want to allow + // to create signed URLs for private content. If you want to require signed // URLs in requests for objects in the target origin that match the PathPattern // for this cache behavior, specify true for Enabled, and specify the applicable // values for Quantity and Items.If you don't want to require signed URLs in @@ -23478,22 +23990,22 @@ func (s *TrustedKeyGroups) SetQuantity(v int64) *TrustedKeyGroups { return s } -// A list of AWS accounts whose public keys CloudFront can use to verify the -// signatures of signed URLs and signed cookies. +// A list of accounts whose public keys CloudFront can use to verify the signatures +// of signed URLs and signed cookies. type TrustedSigners struct { _ struct{} `type:"structure"` - // This field is true if any of the AWS accounts have public keys that CloudFront + // This field is true if any of the accounts have public keys that CloudFront // can use to verify the signatures of signed URLs and signed cookies. If not, // this field is false. // // Enabled is a required field Enabled *bool `type:"boolean" required:"true"` - // A list of AWS account identifiers. + // A list of account identifiers. Items []*string `locationNameList:"AwsAccountNumber" type:"list"` - // The number of AWS accounts in the list. + // The number of accounts in the list. // // Quantity is a required field Quantity *int64 `type:"integer" required:"true"` @@ -24803,9 +25315,8 @@ func (s *UpdateStreamingDistributionOutput) SetStreamingDistribution(v *Streamin // (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) // in the Amazon CloudFront Developer Guide. // -// * The location of the SSL/TLS certificate, AWS Certificate Manager (ACM) -// (https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) (recommended) -// or AWS Identity and Access Management (AWS IAM) (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). +// * The location of the SSL/TLS certificate, Certificate Manager (ACM) (https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) +// (recommended) or Identity and Access Management (IAM) (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html). // You specify the location by setting a value in one of the following fields // (not both): ACMCertificateArn IAMCertificateId // @@ -24821,7 +25332,7 @@ type ViewerCertificate struct { _ struct{} `type:"structure"` // If the distribution uses Aliases (alternate domain names or CNAMEs) and the - // SSL/TLS certificate is stored in AWS Certificate Manager (ACM) (https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html), + // SSL/TLS certificate is stored in Certificate Manager (ACM) (https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html), // provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront // only supports ACM certificates in the US East (N. Virginia) Region (us-east-1). // @@ -24866,8 +25377,7 @@ type ViewerCertificate struct { CloudFrontDefaultCertificate *bool `type:"boolean"` // If the distribution uses Aliases (alternate domain names or CNAMEs) and the - // SSL/TLS certificate is stored in AWS Identity and Access Management (AWS - // IAM) (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), + // SSL/TLS certificate is stored in Identity and Access Management (IAM) (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html), // provide the ID of the IAM certificate. // // If you specify an IAM certificate ID, you must also specify values for MinimumProtocolVersion @@ -24912,7 +25422,7 @@ type ViewerCertificate struct { // * static-ip - Do not specify this value unless your distribution has been // enabled for this feature by the CloudFront team. If you have a use case // that requires static IP addresses for a distribution, contact CloudFront - // through the AWS Support Center (https://console.aws.amazon.com/support/home). + // through the Amazon Web Services Support Center (https://console.aws.amazon.com/support/home). // // If the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net, // don’t set a value for this field. diff --git a/service/cloudfront/cloudfrontiface/interface.go b/service/cloudfront/cloudfrontiface/interface.go index 4e1d89be9d5..07cd95071cb 100644 --- a/service/cloudfront/cloudfrontiface/interface.go +++ b/service/cloudfront/cloudfrontiface/interface.go @@ -26,7 +26,7 @@ import ( // // myFunc uses an SDK service client to make a request to // // Amazon CloudFront. // func myFunc(svc cloudfrontiface.CloudFrontAPI) bool { -// // Make svc.CreateCachePolicy request +// // Make svc.AssociateAlias request // } // // func main() { @@ -42,7 +42,7 @@ import ( // type mockCloudFrontClient struct { // cloudfrontiface.CloudFrontAPI // } -// func (m *mockCloudFrontClient) CreateCachePolicy(input *cloudfront.CreateCachePolicyInput) (*cloudfront.CreateCachePolicyOutput, error) { +// func (m *mockCloudFrontClient) AssociateAlias(input *cloudfront.AssociateAliasInput) (*cloudfront.AssociateAliasOutput, error) { // // mock response/functionality // } // @@ -60,6 +60,10 @@ import ( // and waiters. Its suggested to use the pattern above for testing, or using // tooling to generate mocks to satisfy the interfaces. type CloudFrontAPI interface { + AssociateAlias(*cloudfront.AssociateAliasInput) (*cloudfront.AssociateAliasOutput, error) + AssociateAliasWithContext(aws.Context, *cloudfront.AssociateAliasInput, ...request.Option) (*cloudfront.AssociateAliasOutput, error) + AssociateAliasRequest(*cloudfront.AssociateAliasInput) (*request.Request, *cloudfront.AssociateAliasOutput) + CreateCachePolicy(*cloudfront.CreateCachePolicyInput) (*cloudfront.CreateCachePolicyOutput, error) CreateCachePolicyWithContext(aws.Context, *cloudfront.CreateCachePolicyInput, ...request.Option) (*cloudfront.CreateCachePolicyOutput, error) CreateCachePolicyRequest(*cloudfront.CreateCachePolicyInput) (*request.Request, *cloudfront.CreateCachePolicyOutput) @@ -271,6 +275,10 @@ type CloudFrontAPI interface { ListCloudFrontOriginAccessIdentitiesPages(*cloudfront.ListCloudFrontOriginAccessIdentitiesInput, func(*cloudfront.ListCloudFrontOriginAccessIdentitiesOutput, bool) bool) error ListCloudFrontOriginAccessIdentitiesPagesWithContext(aws.Context, *cloudfront.ListCloudFrontOriginAccessIdentitiesInput, func(*cloudfront.ListCloudFrontOriginAccessIdentitiesOutput, bool) bool, ...request.Option) error + ListConflictingAliases(*cloudfront.ListConflictingAliasesInput) (*cloudfront.ListConflictingAliasesOutput, error) + ListConflictingAliasesWithContext(aws.Context, *cloudfront.ListConflictingAliasesInput, ...request.Option) (*cloudfront.ListConflictingAliasesOutput, error) + ListConflictingAliasesRequest(*cloudfront.ListConflictingAliasesInput) (*request.Request, *cloudfront.ListConflictingAliasesOutput) + ListDistributions(*cloudfront.ListDistributionsInput) (*cloudfront.ListDistributionsOutput, error) ListDistributionsWithContext(aws.Context, *cloudfront.ListDistributionsInput, ...request.Option) (*cloudfront.ListDistributionsOutput, error) ListDistributionsRequest(*cloudfront.ListDistributionsInput) (*request.Request, *cloudfront.ListDistributionsOutput) diff --git a/service/cloudfront/errors.go b/service/cloudfront/errors.go index c10d7291a8c..ab34df5bd64 100644 --- a/service/cloudfront/errors.go +++ b/service/cloudfront/errors.go @@ -89,8 +89,8 @@ const ( // ErrCodeFunctionAlreadyExists for service response error code // "FunctionAlreadyExists". // - // A function with the same name already exists in this AWS account. To create - // a function, you must provide a unique name. To update an existing function, + // A function with the same name already exists in this account. To create a + // function, you must provide a unique name. To update an existing function, // use UpdateFunction. ErrCodeFunctionAlreadyExists = "FunctionAlreadyExists" @@ -186,7 +186,7 @@ const ( // ErrCodeInvalidLambdaFunctionAssociation for service response error code // "InvalidLambdaFunctionAssociation". // - // The specified Lambda function association is invalid. + // The specified Lambda@Edge function association is invalid. ErrCodeInvalidLambdaFunctionAssociation = "InvalidLambdaFunctionAssociation" // ErrCodeInvalidLocationCode for service response error code @@ -282,8 +282,8 @@ const ( // "InvalidWebACLId". // // A web ACL ID specified is not valid. To specify a web ACL created using the - // latest version of AWS WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. - // To specify a web ACL created using AWS WAF Classic, use the ACL ID, for example + // latest version of WAF, use the ACL ARN, for example arn:aws:wafv2:us-east-1:123456789012:global/webacl/ExampleWebACL/473e64fd-f30b-4765-81a0-62ad96dd167a. + // To specify a web ACL created using WAF Classic, use the ACL ID, for example // 473e64fd-f30b-4765-81a0-62ad96dd167a. ErrCodeInvalidWebACLId = "InvalidWebACLId" @@ -449,7 +449,7 @@ const ( // ErrCodeRealtimeLogConfigOwnerMismatch for service response error code // "RealtimeLogConfigOwnerMismatch". // - // The specified real-time log configuration belongs to a different AWS account. + // The specified real-time log configuration belongs to a different account. ErrCodeRealtimeLogConfigOwnerMismatch = "RealtimeLogConfigOwnerMismatch" // ErrCodeResourceInUse for service response error code @@ -487,8 +487,8 @@ const ( // ErrCodeTooManyCachePolicies for service response error code // "TooManyCachePolicies". // - // You have reached the maximum number of cache policies for this AWS account. - // For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // You have reached the maximum number of cache policies for this account. For + // more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. ErrCodeTooManyCachePolicies = "TooManyCachePolicies" @@ -584,14 +584,14 @@ const ( // "TooManyDistributionsWithLambdaAssociations". // // Processing your request would cause the maximum number of distributions with - // Lambda function associations per owner to be exceeded. + // Lambda@Edge function associations per owner to be exceeded. ErrCodeTooManyDistributionsWithLambdaAssociations = "TooManyDistributionsWithLambdaAssociations" // ErrCodeTooManyDistributionsWithSingleFunctionARN for service response error code // "TooManyDistributionsWithSingleFunctionARN". // // The maximum number of distributions have been associated with the specified - // Lambda function. + // Lambda@Edge function. ErrCodeTooManyDistributionsWithSingleFunctionARN = "TooManyDistributionsWithSingleFunctionARN" // ErrCodeTooManyFieldLevelEncryptionConfigs for service response error code @@ -646,8 +646,8 @@ const ( // ErrCodeTooManyFunctions for service response error code // "TooManyFunctions". // - // You have reached the maximum number of CloudFront functions for this AWS - // account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // You have reached the maximum number of CloudFront functions for this account. + // For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. ErrCodeTooManyFunctions = "TooManyFunctions" @@ -683,8 +683,8 @@ const ( // ErrCodeTooManyKeyGroups for service response error code // "TooManyKeyGroups". // - // You have reached the maximum number of key groups for this AWS account. For - // more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // You have reached the maximum number of key groups for this account. For more + // information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. ErrCodeTooManyKeyGroups = "TooManyKeyGroups" @@ -699,7 +699,7 @@ const ( // ErrCodeTooManyLambdaFunctionAssociations for service response error code // "TooManyLambdaFunctionAssociations". // - // Your request contains more Lambda function associations than are allowed + // Your request contains more Lambda@Edge function associations than are allowed // per distribution. ErrCodeTooManyLambdaFunctionAssociations = "TooManyLambdaFunctionAssociations" @@ -719,8 +719,8 @@ const ( // ErrCodeTooManyOriginRequestPolicies for service response error code // "TooManyOriginRequestPolicies". // - // You have reached the maximum number of origin request policies for this AWS - // account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // You have reached the maximum number of origin request policies for this account. + // For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. ErrCodeTooManyOriginRequestPolicies = "TooManyOriginRequestPolicies" @@ -771,7 +771,7 @@ const ( // "TooManyRealtimeLogConfigs". // // You have reached the maximum number of real-time log configurations for this - // AWS account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) + // account. For more information, see Quotas (https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) // (formerly known as limits) in the Amazon CloudFront Developer Guide. ErrCodeTooManyRealtimeLogConfigs = "TooManyRealtimeLogConfigs" diff --git a/service/ec2/api.go b/service/ec2/api.go index 8de3d9cdeb6..9c4262af3cb 100644 --- a/service/ec2/api.go +++ b/service/ec2/api.go @@ -1309,25 +1309,25 @@ func (c *EC2) AssociateEnclaveCertificateIamRoleRequest(input *AssociateEnclaveC // AssociateEnclaveCertificateIamRole API operation for Amazon Elastic Compute Cloud. // -// Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate +// Associates an Identity and Access Management (IAM) role with an Certificate // Manager (ACM) certificate. This enables the certificate to be used by the // ACM for Nitro Enclaves application inside an enclave. For more information, -// see AWS Certificate Manager for Nitro Enclaves (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) -// in the AWS Nitro Enclaves User Guide. +// see Certificate Manager for Nitro Enclaves (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) +// in the Amazon Web Services Nitro Enclaves User Guide. // // When the IAM role is associated with the ACM certificate, the certificate, // certificate chain, and encrypted private key are placed in an Amazon S3 bucket // that only the associated IAM role can access. The private key of the certificate -// is encrypted with an AWS-managed KMS customer master (CMK) that has an attached -// attestation-based CMK policy. +// is encrypted with an Amazon Web Services managed key that has an attached +// attestation-based key policy. // // To enable the IAM role to access the Amazon S3 object, you must grant it // permission to call s3:GetObject on the Amazon S3 bucket returned by the command. -// To enable the IAM role to access the AWS KMS CMK, you must grant it permission -// to call kms:Decrypt on the AWS KMS CMK returned by the command. For more -// information, see Grant the role permission to access the certificate and -// encryption key (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) -// in the AWS Nitro Enclaves User Guide. +// To enable the IAM role to access the KMS key, you must grant it permission +// to call kms:Decrypt on the KMS key returned by the command. For more information, +// see Grant the role permission to access the certificate and encryption key +// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy) +// in the Amazon Web Services Nitro Enclaves User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2439,18 +2439,17 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE output = &AuthorizeSecurityGroupEgressOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // AuthorizeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Adds the specified egress rules to a security group for use with -// a VPC. +// [VPC only] Adds the specified outbound (egress) rules to a security group +// for use with a VPC. // // An outbound rule permits instances to send traffic to the specified IPv4 -// or IPv6 CIDR address ranges, or to the instances associated with the specified -// destination security groups. +// or IPv6 CIDR address ranges, or to the instances that are associated with +// the specified destination security groups. // // You specify a protocol for each rule (for example, TCP). For the TCP and // UDP protocols, you must also specify the destination port or port range. @@ -2460,8 +2459,7 @@ func (c *EC2) AuthorizeSecurityGroupEgressRequest(input *AuthorizeSecurityGroupE // Rule changes are propagated to affected instances as quickly as possible. // However, a small delay might occur. // -// For more information about VPC security group limits, see Amazon VPC Limits -// (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). +// For information about VPC security group quotas, see Amazon VPC quotas (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2530,17 +2528,16 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup output = &AuthorizeSecurityGroupIngressOutput{} req = c.newRequest(op, input, output) - req.Handlers.Unmarshal.Swap(ec2query.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // AuthorizeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Adds the specified ingress rules to a security group. +// Adds the specified inbound (ingress) rules to a security group. // // An inbound rule permits instances to receive traffic from the specified IPv4 -// or IPv6 CIDR address ranges, or from the instances associated with the specified -// destination security groups. +// or IPv6 CIDR address range, or from the instances that are associated with +// the specified destination security groups. // // You specify a protocol for each rule (for example, TCP). For TCP and UDP, // you must also specify the destination port or port range. For ICMP/ICMPv6, @@ -2550,7 +2547,7 @@ func (c *EC2) AuthorizeSecurityGroupIngressRequest(input *AuthorizeSecurityGroup // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. // -// For more information about VPC security group limits, see Amazon VPC Limits +// For more information about VPC security group quotas, see Amazon VPC quotas // (https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -22964,6 +22961,138 @@ func (c *EC2) DescribeSecurityGroupReferencesWithContext(ctx aws.Context, input return out, req.Send() } +const opDescribeSecurityGroupRules = "DescribeSecurityGroupRules" + +// DescribeSecurityGroupRulesRequest generates a "aws/request.Request" representing the +// client's request for the DescribeSecurityGroupRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeSecurityGroupRules for more information on using the DescribeSecurityGroupRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeSecurityGroupRulesRequest method. +// req, resp := client.DescribeSecurityGroupRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupRules +func (c *EC2) DescribeSecurityGroupRulesRequest(input *DescribeSecurityGroupRulesInput) (req *request.Request, output *DescribeSecurityGroupRulesOutput) { + op := &request.Operation{ + Name: opDescribeSecurityGroupRules, + HTTPMethod: "POST", + HTTPPath: "/", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &DescribeSecurityGroupRulesInput{} + } + + output = &DescribeSecurityGroupRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeSecurityGroupRules API operation for Amazon Elastic Compute Cloud. +// +// Describes one or more of your security group rules. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation DescribeSecurityGroupRules for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupRules +func (c *EC2) DescribeSecurityGroupRules(input *DescribeSecurityGroupRulesInput) (*DescribeSecurityGroupRulesOutput, error) { + req, out := c.DescribeSecurityGroupRulesRequest(input) + return out, req.Send() +} + +// DescribeSecurityGroupRulesWithContext is the same as DescribeSecurityGroupRules with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeSecurityGroupRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSecurityGroupRulesWithContext(ctx aws.Context, input *DescribeSecurityGroupRulesInput, opts ...request.Option) (*DescribeSecurityGroupRulesOutput, error) { + req, out := c.DescribeSecurityGroupRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// DescribeSecurityGroupRulesPages iterates over the pages of a DescribeSecurityGroupRules operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See DescribeSecurityGroupRules method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a DescribeSecurityGroupRules operation. +// pageNum := 0 +// err := client.DescribeSecurityGroupRulesPages(params, +// func(page *ec2.DescribeSecurityGroupRulesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *EC2) DescribeSecurityGroupRulesPages(input *DescribeSecurityGroupRulesInput, fn func(*DescribeSecurityGroupRulesOutput, bool) bool) error { + return c.DescribeSecurityGroupRulesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// DescribeSecurityGroupRulesPagesWithContext same as DescribeSecurityGroupRulesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) DescribeSecurityGroupRulesPagesWithContext(ctx aws.Context, input *DescribeSecurityGroupRulesInput, fn func(*DescribeSecurityGroupRulesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *DescribeSecurityGroupRulesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeSecurityGroupRulesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*DescribeSecurityGroupRulesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + const opDescribeSecurityGroups = "DescribeSecurityGroups" // DescribeSecurityGroupsRequest generates a "aws/request.Request" representing the @@ -29305,13 +29434,12 @@ func (c *EC2) DisassociateEnclaveCertificateIamRoleRequest(input *DisassociateEn // DisassociateEnclaveCertificateIamRole API operation for Amazon Elastic Compute Cloud. // -// Disassociates an IAM role from an AWS Certificate Manager (ACM) certificate. +// Disassociates an IAM role from an Certificate Manager (ACM) certificate. // Disassociating an IAM role from an ACM certificate removes the Amazon S3 // object that contains the certificate, certificate chain, and encrypted private // key from the Amazon S3 bucket. It also revokes the IAM role's permission -// to use the AWS Key Management Service (KMS) customer master key (CMK) used -// to encrypt the private key. This effectively revokes the role's permission -// to use the certificate. +// to use the KMS key used to encrypt the private key. This effectively revokes +// the role's permission to use the certificate. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -30944,11 +31072,10 @@ func (c *EC2) GetAssociatedEnclaveCertificateIamRolesRequest(input *GetAssociate // GetAssociatedEnclaveCertificateIamRoles API operation for Amazon Elastic Compute Cloud. // -// Returns the IAM roles that are associated with the specified AWS Certificate -// Manager (ACM) certificate. It also returns the name of the Amazon S3 bucket -// and the Amazon S3 object key where the certificate, certificate chain, and -// encrypted private key bundle are stored, and the ARN of the AWS Key Management -// Service (KMS) customer master key (CMK) that's used to encrypt the private +// Returns the IAM roles that are associated with the specified ACM (ACM) certificate. +// It also returns the name of the Amazon S3 bucket and the Amazon S3 object +// key where the certificate, certificate chain, and encrypted private key bundle +// are stored, and the ARN of the KMS key that's used to encrypt the private // key. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -33507,10 +33634,11 @@ func (c *EC2) ImportKeyPairRequest(input *ImportKeyPairInput) (req *request.Requ // ImportKeyPair API operation for Amazon Elastic Compute Cloud. // // Imports the public key from an RSA key pair that you created with a third-party -// tool. Compare this with CreateKeyPair, in which AWS creates the key pair -// and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, -// you create the key pair and give AWS just the public key. The private key -// is never transferred between you and AWS. +// tool. Compare this with CreateKeyPair, in which Amazon Web Services creates +// the key pair and gives the keys to you (Amazon Web Services keeps a copy +// of the public key). With ImportKeyPair, you create the key pair and give +// Amazon Web Services just the public key. The private key is never transferred +// between you and Amazon Web Services. // // For more information about key pairs, see Key Pairs (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) // in the Amazon Elastic Compute Cloud User Guide. @@ -35532,6 +35660,80 @@ func (c *EC2) ModifyReservedInstancesWithContext(ctx aws.Context, input *ModifyR return out, req.Send() } +const opModifySecurityGroupRules = "ModifySecurityGroupRules" + +// ModifySecurityGroupRulesRequest generates a "aws/request.Request" representing the +// client's request for the ModifySecurityGroupRules operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ModifySecurityGroupRules for more information on using the ModifySecurityGroupRules +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ModifySecurityGroupRulesRequest method. +// req, resp := client.ModifySecurityGroupRulesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules +func (c *EC2) ModifySecurityGroupRulesRequest(input *ModifySecurityGroupRulesInput) (req *request.Request, output *ModifySecurityGroupRulesOutput) { + op := &request.Operation{ + Name: opModifySecurityGroupRules, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &ModifySecurityGroupRulesInput{} + } + + output = &ModifySecurityGroupRulesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ModifySecurityGroupRules API operation for Amazon Elastic Compute Cloud. +// +// Modifies the rules of a security group. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Elastic Compute Cloud's +// API operation ModifySecurityGroupRules for usage and error information. +// See also, https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifySecurityGroupRules +func (c *EC2) ModifySecurityGroupRules(input *ModifySecurityGroupRulesInput) (*ModifySecurityGroupRulesOutput, error) { + req, out := c.ModifySecurityGroupRulesRequest(input) + return out, req.Send() +} + +// ModifySecurityGroupRulesWithContext is the same as ModifySecurityGroupRules with the addition of +// the ability to pass a context and additional request options. +// +// See ModifySecurityGroupRules for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *EC2) ModifySecurityGroupRulesWithContext(ctx aws.Context, input *ModifySecurityGroupRulesInput, opts ...request.Option) (*ModifySecurityGroupRulesOutput, error) { + req, out := c.ModifySecurityGroupRulesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opModifySnapshotAttribute = "ModifySnapshotAttribute" // ModifySnapshotAttributeRequest generates a "aws/request.Request" representing the @@ -40407,23 +40609,25 @@ func (c *EC2) RevokeSecurityGroupEgressRequest(input *RevokeSecurityGroupEgressI // RevokeSecurityGroupEgress API operation for Amazon Elastic Compute Cloud. // -// [VPC only] Removes the specified egress rules from a security group for EC2-VPC. -// This action does not apply to security groups for use in EC2-Classic. To -// remove a rule, the values that you specify (for example, ports) must match -// the existing rule's values exactly. +// [VPC only] Removes the specified outbound (egress) rules from a security +// group for EC2-VPC. This action does not apply to security groups for use +// in EC2-Classic. +// +// You can specify rules using either rule IDs or security group rule properties. +// If you use rule properties, the values that you specify (for example, ports) +// must match the existing rule's values exactly. Each rule has a protocol, +// from and to ports, and destination (CIDR range, security group, or prefix +// list). For the TCP and UDP protocols, you must also specify the destination +// port or range of ports. For the ICMP protocol, you must also specify the +// ICMP type and code. If the security group rule has a description, you do +// not need to specify the description to revoke the rule. // // [Default VPC] If the values you specify do not match the existing rule's // values, no error is returned, and the output describes the security group // rules that were not revoked. // -// AWS recommends that you use DescribeSecurityGroups to verify that the rule -// has been removed. -// -// Each rule consists of the protocol and the IPv4 or IPv6 CIDR range or source -// security group. For the TCP and UDP protocols, you must also specify the -// destination port or range of ports. For the ICMP protocol, you must also -// specify the ICMP type and code. If the security group rule has a description, -// you do not have to specify the description to revoke the rule. +// Amazon Web Services recommends that you describe the security group to verify +// that the rules were removed. // // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. @@ -40500,22 +40704,23 @@ func (c *EC2) RevokeSecurityGroupIngressRequest(input *RevokeSecurityGroupIngres // RevokeSecurityGroupIngress API operation for Amazon Elastic Compute Cloud. // -// Removes the specified ingress rules from a security group. To remove a rule, -// the values that you specify (for example, ports) must match the existing -// rule's values exactly. +// Removes the specified inbound (ingress) rules from a security group. +// +// You can specify rules using either rule IDs or security group rule properties. +// If you use rule properties, the values that you specify (for example, ports) +// must match the existing rule's values exactly. Each rule has a protocol, +// from and to ports, and source (CIDR range, security group, or prefix list). +// For the TCP and UDP protocols, you must also specify the destination port +// or range of ports. For the ICMP protocol, you must also specify the ICMP +// type and code. If the security group rule has a description, you do not need +// to specify the description to revoke the rule. // -// [EC2-Classic , default VPC] If the values you specify do not match the existing +// [EC2-Classic, default VPC] If the values you specify do not match the existing // rule's values, no error is returned, and the output describes the security // group rules that were not revoked. // -// AWS recommends that you use DescribeSecurityGroups to verify that the rule -// has been removed. -// -// Each rule consists of the protocol and the CIDR range or source security -// group. For the TCP and UDP protocols, you must also specify the destination -// port or range of ports. For the ICMP protocol, you must also specify the -// ICMP type and code. If the security group rule has a description, you do -// not have to specify the description to revoke the rule. +// Amazon Web Services recommends that you describe the security group to verify +// that the rules were removed. // // Rule changes are propagated to instances within the security group as quickly // as possible. However, a small delay might occur. @@ -42027,11 +42232,8 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsEgressRequest(input *UpdateSecu // // [VPC only] Updates the description of an egress (outbound) security group // rule. You can replace an existing description, or add a description to a -// rule that did not have one previously. -// -// You specify the description as part of the IP permissions structure. You -// can remove a description for a security group rule by omitting the description -// parameter in the request. +// rule that did not have one previously. You can remove a description for a +// security group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -42107,11 +42309,8 @@ func (c *EC2) UpdateSecurityGroupRuleDescriptionsIngressRequest(input *UpdateSec // // Updates the description of an ingress (inbound) security group rule. You // can replace an existing description, or add a description to a rule that -// did not have one previously. -// -// You specify the description as part of the IP permissions structure. You -// can remove a description for a security group rule by omitting the description -// parameter in the request. +// did not have one previously. You can remove a description for a security +// group rule by omitting the description parameter in the request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -44658,7 +44857,7 @@ type AssociateEnclaveCertificateIamRoleOutput struct { // private key bundle are stored. The object key is formatted as follows: role_arn/certificate_arn. CertificateS3ObjectKey *string `locationName:"certificateS3ObjectKey" type:"string"` - // The ID of the AWS KMS CMK used to encrypt the private key of the certificate. + // The ID of the KMS key used to encrypt the private key of the certificate. EncryptionKmsKeyId *string `locationName:"encryptionKmsKeyId" type:"string"` } @@ -46320,6 +46519,9 @@ type AuthorizeSecurityGroupEgressInput struct { // group. SourceSecurityGroupOwnerId *string `locationName:"sourceSecurityGroupOwnerId" type:"string"` + // The tags applied to the security group rule. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // Not supported. Use a set of IP permissions to specify the port. ToPort *int64 `locationName:"toPort" type:"integer"` } @@ -46395,6 +46597,12 @@ func (s *AuthorizeSecurityGroupEgressInput) SetSourceSecurityGroupOwnerId(v stri return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AuthorizeSecurityGroupEgressInput) SetTagSpecifications(v []*TagSpecification) *AuthorizeSecurityGroupEgressInput { + s.TagSpecifications = v + return s +} + // SetToPort sets the ToPort field's value. func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurityGroupEgressInput { s.ToPort = &v @@ -46403,6 +46611,12 @@ func (s *AuthorizeSecurityGroupEgressInput) SetToPort(v int64) *AuthorizeSecurit type AuthorizeSecurityGroupEgressOutput struct { _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` + + // Information about the outbound (egress) security group rules that were added. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -46415,6 +46629,18 @@ func (s AuthorizeSecurityGroupEgressOutput) GoString() string { return s.String() } +// SetReturn sets the Return field's value. +func (s *AuthorizeSecurityGroupEgressOutput) SetReturn(v bool) *AuthorizeSecurityGroupEgressOutput { + s.Return = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *AuthorizeSecurityGroupEgressOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *AuthorizeSecurityGroupEgressOutput { + s.SecurityGroupRules = v + return s +} + type AuthorizeSecurityGroupIngressInput struct { _ struct{} `type:"structure"` @@ -46472,14 +46698,18 @@ type AuthorizeSecurityGroupIngressInput struct { // be in the same VPC. SourceSecurityGroupName *string `type:"string"` - // [nondefault VPC] The AWS account ID for the source security group, if the - // source security group is in a different account. You can't specify this parameter - // in combination with the following parameters: the CIDR IP address range, - // the IP protocol, the start of the port range, and the end of the port range. - // Creates rules that grant full ICMP, UDP, and TCP access. To create a rule - // with a specific IP protocol and port range, use a set of IP permissions instead. + // [nondefault VPC] The Amazon Web Services account ID for the source security + // group, if the source security group is in a different account. You can't + // specify this parameter in combination with the following parameters: the + // CIDR IP address range, the IP protocol, the start of the port range, and + // the end of the port range. Creates rules that grant full ICMP, UDP, and TCP + // access. To create a rule with a specific IP protocol and port range, use + // a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` + // [VPC Only] The tags applied to the security group rule. + TagSpecifications []*TagSpecification `locationName:"TagSpecification" locationNameList:"item" type:"list"` + // The end of port range for the TCP and UDP protocols, or an ICMP code number. // For the ICMP code number, use -1 to specify all codes. If you specify all // ICMP types, you must specify all codes. @@ -46553,6 +46783,12 @@ func (s *AuthorizeSecurityGroupIngressInput) SetSourceSecurityGroupOwnerId(v str return s } +// SetTagSpecifications sets the TagSpecifications field's value. +func (s *AuthorizeSecurityGroupIngressInput) SetTagSpecifications(v []*TagSpecification) *AuthorizeSecurityGroupIngressInput { + s.TagSpecifications = v + return s +} + // SetToPort sets the ToPort field's value. func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecurityGroupIngressInput { s.ToPort = &v @@ -46561,6 +46797,12 @@ func (s *AuthorizeSecurityGroupIngressInput) SetToPort(v int64) *AuthorizeSecuri type AuthorizeSecurityGroupIngressOutput struct { _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` + + // Information about the inbound (ingress) security group rules that were added. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` } // String returns the string representation @@ -46573,6 +46815,18 @@ func (s AuthorizeSecurityGroupIngressOutput) GoString() string { return s.String() } +// SetReturn sets the Return field's value. +func (s *AuthorizeSecurityGroupIngressOutput) SetReturn(v bool) *AuthorizeSecurityGroupIngressOutput { + s.Return = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *AuthorizeSecurityGroupIngressOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *AuthorizeSecurityGroupIngressOutput { + s.SecurityGroupRules = v + return s +} + // Describes Availability Zones, Local Zones, and Wavelength Zones. type AvailabilityZone struct { _ struct{} `type:"structure"` @@ -69811,7 +70065,7 @@ type DescribeKeyPairsInput struct { // The key pair names. // - // Default: Describes all your key pairs. + // Default: Describes all of your key pairs. KeyNames []*string `locationName:"KeyName" locationNameList:"KeyName" type:"list"` // The IDs of the key pairs. @@ -73820,6 +74074,127 @@ func (s *DescribeSecurityGroupReferencesOutput) SetSecurityGroupReferenceSet(v [ return s } +type DescribeSecurityGroupRulesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // One or more filters. + // + // * group-id - The ID of the security group. + // + // * security-group-rule-id - The ID of the security group rule. + // + // * tag: - The key/value combination of a tag assigned to the resource. + // Use the tag key in the filter name and the tag value as the filter value. + // For example, to find all resources that have a tag with the key Owner + // and the value TeamA, specify tag:Owner for the filter name and TeamA for + // the filter value. + Filters []*Filter `locationName:"Filter" locationNameList:"Filter" type:"list"` + + // The maximum number of results to return in a single call. To retrieve the + // remaining results, make another request with the returned NextToken value. + // This value can be between 5 and 1000. If this parameter is not specified, + // then all results are returned. + MaxResults *int64 `min:"5" type:"integer"` + + // The token for the next page of results. + NextToken *string `type:"string"` + + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeSecurityGroupRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecurityGroupRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeSecurityGroupRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeSecurityGroupRulesInput"} + if s.MaxResults != nil && *s.MaxResults < 5 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 5)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *DescribeSecurityGroupRulesInput) SetDryRun(v bool) *DescribeSecurityGroupRulesInput { + s.DryRun = &v + return s +} + +// SetFilters sets the Filters field's value. +func (s *DescribeSecurityGroupRulesInput) SetFilters(v []*Filter) *DescribeSecurityGroupRulesInput { + s.Filters = v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *DescribeSecurityGroupRulesInput) SetMaxResults(v int64) *DescribeSecurityGroupRulesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSecurityGroupRulesInput) SetNextToken(v string) *DescribeSecurityGroupRulesInput { + s.NextToken = &v + return s +} + +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *DescribeSecurityGroupRulesInput) SetSecurityGroupRuleIds(v []*string) *DescribeSecurityGroupRulesInput { + s.SecurityGroupRuleIds = v + return s +} + +type DescribeSecurityGroupRulesOutput struct { + _ struct{} `type:"structure"` + + // The token to use to retrieve the next page of results. This value is null + // when there are no more results to return. + NextToken *string `locationName:"nextToken" type:"string"` + + // Information about security group rules. + SecurityGroupRules []*SecurityGroupRule `locationName:"securityGroupRuleSet" locationNameList:"item" type:"list"` +} + +// String returns the string representation +func (s DescribeSecurityGroupRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeSecurityGroupRulesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *DescribeSecurityGroupRulesOutput) SetNextToken(v string) *DescribeSecurityGroupRulesOutput { + s.NextToken = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *DescribeSecurityGroupRulesOutput) SetSecurityGroupRules(v []*SecurityGroupRule) *DescribeSecurityGroupRulesOutput { + s.SecurityGroupRules = v + return s +} + type DescribeSecurityGroupsInput struct { _ struct{} `type:"structure"` @@ -73859,8 +74234,8 @@ type DescribeSecurityGroupsInput struct { // * egress.ip-permission.to-port - For an outbound rule, the end of port // range for the TCP and UDP protocols, or an ICMP code. // - // * egress.ip-permission.user-id - The ID of an AWS account that has been - // referenced in an outbound security group rule. + // * egress.ip-permission.user-id - The ID of an Amazon Web Services account + // that has been referenced in an outbound security group rule. // // * group-id - The ID of the security group. // @@ -73890,10 +74265,11 @@ type DescribeSecurityGroupsInput struct { // * ip-permission.to-port - For an inbound rule, the end of port range for // the TCP and UDP protocols, or an ICMP code. // - // * ip-permission.user-id - The ID of an AWS account that has been referenced - // in an inbound security group rule. + // * ip-permission.user-id - The ID of an Amazon Web Services account that + // has been referenced in an inbound security group rule. // - // * owner-id - The AWS account ID of the owner of the security group. + // * owner-id - The Amazon Web Services account ID of the owner of the security + // group. // // * tag: - The key/value combination of a tag assigned to the resource. // Use the tag key in the filter name and the tag value as the filter value. @@ -73911,7 +74287,7 @@ type DescribeSecurityGroupsInput struct { // The IDs of the security groups. Required for security groups in a nondefault // VPC. // - // Default: Describes all your security groups. + // Default: Describes all of your security groups. GroupIds []*string `locationName:"GroupId" locationNameList:"groupId" type:"list"` // [EC2-Classic and default VPC only] The names of the security groups. You @@ -73919,7 +74295,7 @@ type DescribeSecurityGroupsInput struct { // security groups in a nondefault VPC, use the group-name filter to describe // security groups by name. // - // Default: Describes all your security groups. + // Default: Describes all of your security groups. GroupNames []*string `locationName:"GroupName" locationNameList:"GroupName" type:"list"` // The maximum number of results to return in a single call. To retrieve the @@ -90814,7 +91190,7 @@ type ImportKeyPairOutput struct { // The MD5 public key fingerprint as specified in section 4 of RFC 4716. KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` - // The key pair name you provided. + // The key pair name that you provided. KeyName *string `locationName:"keyName" type:"string"` // The ID of the resulting key pair. @@ -93820,7 +94196,7 @@ type IpPermission struct { // types, you must specify all codes. ToPort *int64 `locationName:"toPort" type:"integer"` - // The security group and AWS account ID pairs. + // The security group and Amazon Web Services account ID pairs. UserIdGroupPairs []*UserIdGroupPair `locationName:"groups" locationNameList:"item" type:"list"` } @@ -94065,9 +94441,9 @@ type KeyPairInfo struct { _ struct{} `type:"structure"` // If you used CreateKeyPair to create the key pair, this is the SHA-1 digest - // of the DER encoded private key. If you used ImportKeyPair to provide AWS - // the public key, this is the MD5 public key fingerprint as specified in section - // 4 of RFC4716. + // of the DER encoded private key. If you used ImportKeyPair to provide Amazon + // Web Services the public key, this is the MD5 public key fingerprint as specified + // in section 4 of RFC4716. KeyFingerprint *string `locationName:"keyFingerprint" type:"string"` // The name of the key pair. @@ -99931,6 +100307,93 @@ func (s *ModifyReservedInstancesOutput) SetReservedInstancesModificationId(v str return s } +type ModifySecurityGroupRulesInput struct { + _ struct{} `type:"structure"` + + // Checks whether you have the required permissions for the action, without + // actually making the request, and provides an error response. If you have + // the required permissions, the error response is DryRunOperation. Otherwise, + // it is UnauthorizedOperation. + DryRun *bool `type:"boolean"` + + // The ID of the security group. + // + // GroupId is a required field + GroupId *string `type:"string" required:"true"` + + // Information about the security group properties to update. + // + // SecurityGroupRules is a required field + SecurityGroupRules []*SecurityGroupRuleUpdate `locationName:"SecurityGroupRule" locationNameList:"item" type:"list" required:"true"` +} + +// String returns the string representation +func (s ModifySecurityGroupRulesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifySecurityGroupRulesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ModifySecurityGroupRulesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ModifySecurityGroupRulesInput"} + if s.GroupId == nil { + invalidParams.Add(request.NewErrParamRequired("GroupId")) + } + if s.SecurityGroupRules == nil { + invalidParams.Add(request.NewErrParamRequired("SecurityGroupRules")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDryRun sets the DryRun field's value. +func (s *ModifySecurityGroupRulesInput) SetDryRun(v bool) *ModifySecurityGroupRulesInput { + s.DryRun = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *ModifySecurityGroupRulesInput) SetGroupId(v string) *ModifySecurityGroupRulesInput { + s.GroupId = &v + return s +} + +// SetSecurityGroupRules sets the SecurityGroupRules field's value. +func (s *ModifySecurityGroupRulesInput) SetSecurityGroupRules(v []*SecurityGroupRuleUpdate) *ModifySecurityGroupRulesInput { + s.SecurityGroupRules = v + return s +} + +type ModifySecurityGroupRulesOutput struct { + _ struct{} `type:"structure"` + + // Returns true if the request succeeds; otherwise, returns an error. + Return *bool `locationName:"return" type:"boolean"` +} + +// String returns the string representation +func (s ModifySecurityGroupRulesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ModifySecurityGroupRulesOutput) GoString() string { + return s.String() +} + +// SetReturn sets the Return field's value. +func (s *ModifySecurityGroupRulesOutput) SetReturn(v bool) *ModifySecurityGroupRulesOutput { + s.Return = &v + return s +} + type ModifySnapshotAttributeInput struct { _ struct{} `type:"structure"` @@ -106996,6 +107459,66 @@ func (s *RecurringCharge) SetFrequency(v string) *RecurringCharge { return s } +// Describes the security group that is referenced in the security group rule. +type ReferencedSecurityGroup struct { + _ struct{} `type:"structure"` + + // The ID of the security group. + GroupId *string `locationName:"groupId" type:"string"` + + // The status of a VPC peering connection, if applicable. + PeeringStatus *string `locationName:"peeringStatus" type:"string"` + + // The account ID. + UserId *string `locationName:"userId" type:"string"` + + // The ID of the VPC. + VpcId *string `locationName:"vpcId" type:"string"` + + // The ID of the VPC peering connection. + VpcPeeringConnectionId *string `locationName:"vpcPeeringConnectionId" type:"string"` +} + +// String returns the string representation +func (s ReferencedSecurityGroup) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ReferencedSecurityGroup) GoString() string { + return s.String() +} + +// SetGroupId sets the GroupId field's value. +func (s *ReferencedSecurityGroup) SetGroupId(v string) *ReferencedSecurityGroup { + s.GroupId = &v + return s +} + +// SetPeeringStatus sets the PeeringStatus field's value. +func (s *ReferencedSecurityGroup) SetPeeringStatus(v string) *ReferencedSecurityGroup { + s.PeeringStatus = &v + return s +} + +// SetUserId sets the UserId field's value. +func (s *ReferencedSecurityGroup) SetUserId(v string) *ReferencedSecurityGroup { + s.UserId = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *ReferencedSecurityGroup) SetVpcId(v string) *ReferencedSecurityGroup { + s.VpcId = &v + return s +} + +// SetVpcPeeringConnectionId sets the VpcPeeringConnectionId field's value. +func (s *ReferencedSecurityGroup) SetVpcPeeringConnectionId(v string) *ReferencedSecurityGroup { + s.VpcPeeringConnectionId = &v + return s +} + // Describes a Region. type Region struct { _ struct{} `type:"structure"` @@ -111846,6 +112369,9 @@ type RevokeSecurityGroupEgressInput struct { // number. IpProtocol *string `locationName:"ipProtocol" type:"string"` + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` + // Not supported. Use a set of IP permissions to specify a destination security // group. SourceSecurityGroupName *string `locationName:"sourceSecurityGroupName" type:"string"` @@ -111917,6 +112443,12 @@ func (s *RevokeSecurityGroupEgressInput) SetIpProtocol(v string) *RevokeSecurity return s } +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *RevokeSecurityGroupEgressInput) SetSecurityGroupRuleIds(v []*string) *RevokeSecurityGroupEgressInput { + s.SecurityGroupRuleIds = v + return s +} + // SetSourceSecurityGroupName sets the SourceSecurityGroupName field's value. func (s *RevokeSecurityGroupEgressInput) SetSourceSecurityGroupName(v string) *RevokeSecurityGroupEgressInput { s.SourceSecurityGroupName = &v @@ -112002,6 +112534,9 @@ type RevokeSecurityGroupIngressInput struct { // Use -1 to specify all. IpProtocol *string `type:"string"` + // The IDs of the security group rules. + SecurityGroupRuleIds []*string `locationName:"SecurityGroupRuleId" locationNameList:"item" type:"list"` + // [EC2-Classic, default VPC] The name of the source security group. You can't // specify this parameter in combination with the following parameters: the // CIDR IP address range, the start of the port range, the IP protocol, and @@ -112010,12 +112545,12 @@ type RevokeSecurityGroupIngressInput struct { // use a set of IP permissions instead. SourceSecurityGroupName *string `type:"string"` - // [EC2-Classic] The AWS account ID of the source security group, if the source - // security group is in a different account. You can't specify this parameter - // in combination with the following parameters: the CIDR IP address range, - // the IP protocol, the start of the port range, and the end of the port range. - // To revoke a specific rule for an IP protocol and port range, use a set of - // IP permissions instead. + // [EC2-Classic] The Amazon Web Services account ID of the source security group, + // if the source security group is in a different account. You can't specify + // this parameter in combination with the following parameters: the CIDR IP + // address range, the IP protocol, the start of the port range, and the end + // of the port range. To revoke a specific rule for an IP protocol and port + // range, use a set of IP permissions instead. SourceSecurityGroupOwnerId *string `type:"string"` // The end of port range for the TCP and UDP protocols, or an ICMP code number. @@ -112075,6 +112610,12 @@ func (s *RevokeSecurityGroupIngressInput) SetIpProtocol(v string) *RevokeSecurit return s } +// SetSecurityGroupRuleIds sets the SecurityGroupRuleIds field's value. +func (s *RevokeSecurityGroupIngressInput) SetSecurityGroupRuleIds(v []*string) *RevokeSecurityGroupIngressInput { + s.SecurityGroupRuleIds = v + return s +} + // SetSourceSecurityGroupName sets the SourceSecurityGroupName field's value. func (s *RevokeSecurityGroupIngressInput) SetSourceSecurityGroupName(v string) *RevokeSecurityGroupIngressInput { s.SourceSecurityGroupName = &v @@ -114651,7 +115192,7 @@ func (s *SearchTransitGatewayRoutesOutput) SetRoutes(v []*TransitGatewayRoute) * return s } -// Describes a security group +// Describes a security group. type SecurityGroup struct { _ struct{} `type:"structure"` @@ -114670,7 +115211,7 @@ type SecurityGroup struct { // [VPC only] The outbound rules associated with the security group. IpPermissionsEgress []*IpPermission `locationName:"ipPermissionsEgress" locationNameList:"item" type:"list"` - // The AWS account ID of the owner of the security group. + // The Amazon Web Services account ID of the owner of the security group. OwnerId *string `locationName:"ownerId" type:"string"` // Any tags assigned to the security group. @@ -114813,6 +115354,325 @@ func (s *SecurityGroupReference) SetVpcPeeringConnectionId(v string) *SecurityGr return s } +// Describes a security group rule. +type SecurityGroupRule struct { + _ struct{} `type:"structure"` + + // The IPv4 CIDR range. + CidrIpv4 *string `locationName:"cidrIpv4" type:"string"` + + // The IPv6 CIDR range. + CidrIpv6 *string `locationName:"cidrIpv6" type:"string"` + + // The security group rule description. + Description *string `locationName:"description" type:"string"` + + // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 + // type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + FromPort *int64 `locationName:"fromPort" type:"integer"` + + // The ID of the security group. + GroupId *string `locationName:"groupId" type:"string"` + + // The ID of the account that owns the security group. + GroupOwnerId *string `locationName:"groupOwnerId" type:"string"` + + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // + // Use -1 to specify all protocols. + IpProtocol *string `locationName:"ipProtocol" type:"string"` + + // Indicates whether the security group rule is an outbound rule. + IsEgress *bool `locationName:"isEgress" type:"boolean"` + + // The ID of the prefix list. + PrefixListId *string `locationName:"prefixListId" type:"string"` + + // Describes the security group that is referenced in the rule. + ReferencedGroupInfo *ReferencedSecurityGroup `locationName:"referencedGroupInfo" type:"structure"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `locationName:"securityGroupRuleId" type:"string"` + + // The tags applied to the security group rule. + Tags []*Tag `locationName:"tagSet" locationNameList:"item" type:"list"` + + // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + ToPort *int64 `locationName:"toPort" type:"integer"` +} + +// String returns the string representation +func (s SecurityGroupRule) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRule) GoString() string { + return s.String() +} + +// SetCidrIpv4 sets the CidrIpv4 field's value. +func (s *SecurityGroupRule) SetCidrIpv4(v string) *SecurityGroupRule { + s.CidrIpv4 = &v + return s +} + +// SetCidrIpv6 sets the CidrIpv6 field's value. +func (s *SecurityGroupRule) SetCidrIpv6(v string) *SecurityGroupRule { + s.CidrIpv6 = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRule) SetDescription(v string) *SecurityGroupRule { + s.Description = &v + return s +} + +// SetFromPort sets the FromPort field's value. +func (s *SecurityGroupRule) SetFromPort(v int64) *SecurityGroupRule { + s.FromPort = &v + return s +} + +// SetGroupId sets the GroupId field's value. +func (s *SecurityGroupRule) SetGroupId(v string) *SecurityGroupRule { + s.GroupId = &v + return s +} + +// SetGroupOwnerId sets the GroupOwnerId field's value. +func (s *SecurityGroupRule) SetGroupOwnerId(v string) *SecurityGroupRule { + s.GroupOwnerId = &v + return s +} + +// SetIpProtocol sets the IpProtocol field's value. +func (s *SecurityGroupRule) SetIpProtocol(v string) *SecurityGroupRule { + s.IpProtocol = &v + return s +} + +// SetIsEgress sets the IsEgress field's value. +func (s *SecurityGroupRule) SetIsEgress(v bool) *SecurityGroupRule { + s.IsEgress = &v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *SecurityGroupRule) SetPrefixListId(v string) *SecurityGroupRule { + s.PrefixListId = &v + return s +} + +// SetReferencedGroupInfo sets the ReferencedGroupInfo field's value. +func (s *SecurityGroupRule) SetReferencedGroupInfo(v *ReferencedSecurityGroup) *SecurityGroupRule { + s.ReferencedGroupInfo = v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRule) SetSecurityGroupRuleId(v string) *SecurityGroupRule { + s.SecurityGroupRuleId = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *SecurityGroupRule) SetTags(v []*Tag) *SecurityGroupRule { + s.Tags = v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *SecurityGroupRule) SetToPort(v int64) *SecurityGroupRule { + s.ToPort = &v + return s +} + +// Describes the description of a security group rule. +// +// You can use this when you want to update the security group rule description +// for either an inbound or outbound rule. +type SecurityGroupRuleDescription struct { + _ struct{} `type:"structure"` + + // The description of the security group rule. + Description *string `type:"string"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `type:"string"` +} + +// String returns the string representation +func (s SecurityGroupRuleDescription) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleDescription) GoString() string { + return s.String() +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRuleDescription) SetDescription(v string) *SecurityGroupRuleDescription { + s.Description = &v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRuleDescription) SetSecurityGroupRuleId(v string) *SecurityGroupRuleDescription { + s.SecurityGroupRuleId = &v + return s +} + +// Describes a security group rule. +// +// You must specify exactly one of the following parameters, based on the rule +// type: +// +// * CidrIpv4 +// +// * CidrIpv6 +// +// * PrefixListId +// +// * ReferencedGroupId +// +// When you modify a rule, you cannot change the rule type. For example, if +// the rule uses an IPv4 address range, you must use CidrIpv4 to specify a new +// IPv4 address range. +type SecurityGroupRuleRequest struct { + _ struct{} `type:"structure"` + + // The IPv4 CIDR range. To specify a single IPv4 address, use the /32 prefix + // length. + CidrIpv4 *string `type:"string"` + + // The IPv6 CIDR range. To specify a single IPv6 address, use the /128 prefix + // length. + CidrIpv6 *string `type:"string"` + + // The description of the security group rule. + Description *string `type:"string"` + + // The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 + // type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + FromPort *int64 `type:"integer"` + + // The IP protocol name (tcp, udp, icmp, icmpv6) or number (see Protocol Numbers + // (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + // + // Use -1 to specify all protocols. + IpProtocol *string `type:"string"` + + // The ID of the prefix list. + PrefixListId *string `type:"string"` + + // The ID of the security group that is referenced in the security group rule. + ReferencedGroupId *string `type:"string"` + + // The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. + // A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 + // types, you must specify all codes. + ToPort *int64 `type:"integer"` +} + +// String returns the string representation +func (s SecurityGroupRuleRequest) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleRequest) GoString() string { + return s.String() +} + +// SetCidrIpv4 sets the CidrIpv4 field's value. +func (s *SecurityGroupRuleRequest) SetCidrIpv4(v string) *SecurityGroupRuleRequest { + s.CidrIpv4 = &v + return s +} + +// SetCidrIpv6 sets the CidrIpv6 field's value. +func (s *SecurityGroupRuleRequest) SetCidrIpv6(v string) *SecurityGroupRuleRequest { + s.CidrIpv6 = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *SecurityGroupRuleRequest) SetDescription(v string) *SecurityGroupRuleRequest { + s.Description = &v + return s +} + +// SetFromPort sets the FromPort field's value. +func (s *SecurityGroupRuleRequest) SetFromPort(v int64) *SecurityGroupRuleRequest { + s.FromPort = &v + return s +} + +// SetIpProtocol sets the IpProtocol field's value. +func (s *SecurityGroupRuleRequest) SetIpProtocol(v string) *SecurityGroupRuleRequest { + s.IpProtocol = &v + return s +} + +// SetPrefixListId sets the PrefixListId field's value. +func (s *SecurityGroupRuleRequest) SetPrefixListId(v string) *SecurityGroupRuleRequest { + s.PrefixListId = &v + return s +} + +// SetReferencedGroupId sets the ReferencedGroupId field's value. +func (s *SecurityGroupRuleRequest) SetReferencedGroupId(v string) *SecurityGroupRuleRequest { + s.ReferencedGroupId = &v + return s +} + +// SetToPort sets the ToPort field's value. +func (s *SecurityGroupRuleRequest) SetToPort(v int64) *SecurityGroupRuleRequest { + s.ToPort = &v + return s +} + +// Describes an update to a security group rule. +type SecurityGroupRuleUpdate struct { + _ struct{} `type:"structure"` + + // Information about the security group rule. + SecurityGroupRule *SecurityGroupRuleRequest `type:"structure"` + + // The ID of the security group rule. + SecurityGroupRuleId *string `type:"string"` +} + +// String returns the string representation +func (s SecurityGroupRuleUpdate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SecurityGroupRuleUpdate) GoString() string { + return s.String() +} + +// SetSecurityGroupRule sets the SecurityGroupRule field's value. +func (s *SecurityGroupRuleUpdate) SetSecurityGroupRule(v *SecurityGroupRuleRequest) *SecurityGroupRuleUpdate { + s.SecurityGroupRule = v + return s +} + +// SetSecurityGroupRuleId sets the SecurityGroupRuleId field's value. +func (s *SecurityGroupRuleUpdate) SetSecurityGroupRuleId(v string) *SecurityGroupRuleUpdate { + s.SecurityGroupRuleId = &v + return s +} + type SendDiagnosticInterruptInput struct { _ struct{} `type:"structure"` @@ -122331,10 +123191,13 @@ type UpdateSecurityGroupRuleDescriptionsEgressInput struct { // security group ID or the security group name in the request. GroupName *string `type:"string"` - // The IP permissions for the security group rule. - // - // IpPermissions is a required field - IpPermissions []*IpPermission `locationNameList:"item" type:"list" required:"true"` + // The IP permissions for the security group rule. You must specify either the + // IP permissions or the description. + IpPermissions []*IpPermission `locationNameList:"item" type:"list"` + + // The description for the egress security group rules. You must specify either + // the description or the IP permissions. + SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } // String returns the string representation @@ -122347,19 +123210,6 @@ func (s UpdateSecurityGroupRuleDescriptionsEgressInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityGroupRuleDescriptionsEgressInput"} - if s.IpPermissions == nil { - invalidParams.Add(request.NewErrParamRequired("IpPermissions")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetDryRun sets the DryRun field's value. func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetDryRun(v bool) *UpdateSecurityGroupRuleDescriptionsEgressInput { s.DryRun = &v @@ -122384,6 +123234,12 @@ func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetIpPermissions(v []*I return s } +// SetSecurityGroupRuleDescriptions sets the SecurityGroupRuleDescriptions field's value. +func (s *UpdateSecurityGroupRuleDescriptionsEgressInput) SetSecurityGroupRuleDescriptions(v []*SecurityGroupRuleDescription) *UpdateSecurityGroupRuleDescriptionsEgressInput { + s.SecurityGroupRuleDescriptions = v + return s +} + type UpdateSecurityGroupRuleDescriptionsEgressOutput struct { _ struct{} `type:"structure"` @@ -122425,10 +123281,13 @@ type UpdateSecurityGroupRuleDescriptionsIngressInput struct { // either the security group ID or the security group name in the request. GroupName *string `type:"string"` - // The IP permissions for the security group rule. - // - // IpPermissions is a required field - IpPermissions []*IpPermission `locationNameList:"item" type:"list" required:"true"` + // The IP permissions for the security group rule. You must specify either IP + // permissions or a description. + IpPermissions []*IpPermission `locationNameList:"item" type:"list"` + + // [VPC only] The description for the ingress security group rules. You must + // specify either a description or IP permissions. + SecurityGroupRuleDescriptions []*SecurityGroupRuleDescription `locationName:"SecurityGroupRuleDescription" locationNameList:"item" type:"list"` } // String returns the string representation @@ -122441,19 +123300,6 @@ func (s UpdateSecurityGroupRuleDescriptionsIngressInput) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "UpdateSecurityGroupRuleDescriptionsIngressInput"} - if s.IpPermissions == nil { - invalidParams.Add(request.NewErrParamRequired("IpPermissions")) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetDryRun sets the DryRun field's value. func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetDryRun(v bool) *UpdateSecurityGroupRuleDescriptionsIngressInput { s.DryRun = &v @@ -122478,6 +123324,12 @@ func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetIpPermissions(v []* return s } +// SetSecurityGroupRuleDescriptions sets the SecurityGroupRuleDescriptions field's value. +func (s *UpdateSecurityGroupRuleDescriptionsIngressInput) SetSecurityGroupRuleDescriptions(v []*SecurityGroupRuleDescription) *UpdateSecurityGroupRuleDescriptionsIngressInput { + s.SecurityGroupRuleDescriptions = v + return s +} + type UpdateSecurityGroupRuleDescriptionsIngressOutput struct { _ struct{} `type:"structure"` @@ -122593,7 +123445,7 @@ func (s *UserData) SetData(v string) *UserData { return s } -// Describes a security group and AWS account ID pair. +// Describes a security group and Amazon Web Services account ID pair. type UserIdGroupPair struct { _ struct{} `type:"structure"` @@ -122618,14 +123470,14 @@ type UserIdGroupPair struct { // The status of a VPC peering connection, if applicable. PeeringStatus *string `locationName:"peeringStatus" type:"string"` - // The ID of an AWS account. + // The ID of an Amazon Web Services account. // // For a referenced security group in another VPC, the account ID of the referenced // security group is returned in the response. If the referenced security group // is deleted, this value is not returned. // // [EC2-Classic] Required when adding or removing rules that reference a security - // group in another AWS account. + // group in another Amazon Web Services account. UserId *string `locationName:"userId" type:"string"` // The ID of the VPC for the referenced security group, if applicable. @@ -130109,6 +130961,9 @@ const ( // ResourceTypeSecurityGroup is a ResourceType enum value ResourceTypeSecurityGroup = "security-group" + // ResourceTypeSecurityGroupRule is a ResourceType enum value + ResourceTypeSecurityGroupRule = "security-group-rule" + // ResourceTypeSnapshot is a ResourceType enum value ResourceTypeSnapshot = "snapshot" @@ -130196,6 +131051,7 @@ func ResourceType_Values() []string { ResourceTypeReservedInstances, ResourceTypeRouteTable, ResourceTypeSecurityGroup, + ResourceTypeSecurityGroupRule, ResourceTypeSnapshot, ResourceTypeSpotFleetRequest, ResourceTypeSpotInstancesRequest, diff --git a/service/ec2/ec2iface/interface.go b/service/ec2/ec2iface/interface.go index 4976d0c43e4..a242fbe3f01 100644 --- a/service/ec2/ec2iface/interface.go +++ b/service/ec2/ec2iface/interface.go @@ -1212,6 +1212,13 @@ type EC2API interface { DescribeSecurityGroupReferencesWithContext(aws.Context, *ec2.DescribeSecurityGroupReferencesInput, ...request.Option) (*ec2.DescribeSecurityGroupReferencesOutput, error) DescribeSecurityGroupReferencesRequest(*ec2.DescribeSecurityGroupReferencesInput) (*request.Request, *ec2.DescribeSecurityGroupReferencesOutput) + DescribeSecurityGroupRules(*ec2.DescribeSecurityGroupRulesInput) (*ec2.DescribeSecurityGroupRulesOutput, error) + DescribeSecurityGroupRulesWithContext(aws.Context, *ec2.DescribeSecurityGroupRulesInput, ...request.Option) (*ec2.DescribeSecurityGroupRulesOutput, error) + DescribeSecurityGroupRulesRequest(*ec2.DescribeSecurityGroupRulesInput) (*request.Request, *ec2.DescribeSecurityGroupRulesOutput) + + DescribeSecurityGroupRulesPages(*ec2.DescribeSecurityGroupRulesInput, func(*ec2.DescribeSecurityGroupRulesOutput, bool) bool) error + DescribeSecurityGroupRulesPagesWithContext(aws.Context, *ec2.DescribeSecurityGroupRulesInput, func(*ec2.DescribeSecurityGroupRulesOutput, bool) bool, ...request.Option) error + DescribeSecurityGroups(*ec2.DescribeSecurityGroupsInput) (*ec2.DescribeSecurityGroupsOutput, error) DescribeSecurityGroupsWithContext(aws.Context, *ec2.DescribeSecurityGroupsInput, ...request.Option) (*ec2.DescribeSecurityGroupsOutput, error) DescribeSecurityGroupsRequest(*ec2.DescribeSecurityGroupsInput) (*request.Request, *ec2.DescribeSecurityGroupsOutput) @@ -1848,6 +1855,10 @@ type EC2API interface { ModifyReservedInstancesWithContext(aws.Context, *ec2.ModifyReservedInstancesInput, ...request.Option) (*ec2.ModifyReservedInstancesOutput, error) ModifyReservedInstancesRequest(*ec2.ModifyReservedInstancesInput) (*request.Request, *ec2.ModifyReservedInstancesOutput) + ModifySecurityGroupRules(*ec2.ModifySecurityGroupRulesInput) (*ec2.ModifySecurityGroupRulesOutput, error) + ModifySecurityGroupRulesWithContext(aws.Context, *ec2.ModifySecurityGroupRulesInput, ...request.Option) (*ec2.ModifySecurityGroupRulesOutput, error) + ModifySecurityGroupRulesRequest(*ec2.ModifySecurityGroupRulesInput) (*request.Request, *ec2.ModifySecurityGroupRulesOutput) + ModifySnapshotAttribute(*ec2.ModifySnapshotAttributeInput) (*ec2.ModifySnapshotAttributeOutput, error) ModifySnapshotAttributeWithContext(aws.Context, *ec2.ModifySnapshotAttributeInput, ...request.Option) (*ec2.ModifySnapshotAttributeOutput, error) ModifySnapshotAttributeRequest(*ec2.ModifySnapshotAttributeInput) (*request.Request, *ec2.ModifySnapshotAttributeOutput) diff --git a/service/iam/api.go b/service/iam/api.go index 99d58b02a59..f3ed7f565df 100644 --- a/service/iam/api.go +++ b/service/iam/api.go @@ -82,7 +82,8 @@ func (c *IAM) AddClientIDToOpenIDConnectProviderRequest(input *AddClientIDToOpen // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -158,8 +159,8 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // Adds the specified IAM role to the specified instance profile. An instance // profile can contain only one role, and this quota cannot be increased. You // can remove the existing role and then add a different role to an instance -// profile. You must then wait for the change to appear across all of AWS because -// of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency). +// profile. You must then wait for the change to appear across all of Amazon +// Web Services because of eventual consistency (https://en.wikipedia.org/wiki/Eventual_consistency). // To force the change, you must disassociate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisassociateIamInstanceProfile.html) // and then associate the instance profile (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateIamInstanceProfile.html), // or you can stop your instance and then restart it. @@ -189,7 +190,8 @@ func (c *IAM) AddRoleToInstanceProfileRequest(input *AddRoleToInstanceProfileInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -284,7 +286,8 @@ func (c *IAM) AddUserToGroupRequest(input *AddUserToGroupInput) (req *request.Re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -384,15 +387,16 @@ func (c *IAM) AttachGroupPolicyRequest(input *AttachGroupPolicyInput) (req *requ // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied // for an input parameter. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -496,7 +500,8 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -509,8 +514,8 @@ func (c *IAM) AttachRolePolicyRequest(input *AttachRolePolicyInput) (req *reques // request the change through that service. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -610,15 +615,16 @@ func (c *IAM) AttachUserPolicyRequest(input *AttachUserPolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied // for an input parameter. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -692,13 +698,13 @@ func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *request.Re // ChangePassword API operation for AWS Identity and Access Management. // // Changes the password of the IAM user who is calling this operation. This -// operation can be performed using the AWS CLI, the AWS API, or the My Security -// Credentials page in the AWS Management Console. The AWS account root user -// password is not affected by this operation. +// operation can be performed using the CLI, the Amazon Web Services API, or +// the My Security Credentials page in the Management Console. The account root +// user password is not affected by this operation. // -// Use UpdateLoginProfile to use the AWS CLI, the AWS API, or the Users page -// in the IAM console to change the password for any IAM user. For more information -// about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) +// Use UpdateLoginProfile to use the CLI, the Amazon Web Services API, or the +// Users page in the IAM console to change the password for any IAM user. For +// more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -719,7 +725,8 @@ func (c *IAM) ChangePasswordRequest(input *ChangePasswordInput) (req *request.Re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityTemporarilyUnmodifiableException "EntityTemporarilyUnmodifiable" // The request was rejected because it referenced an entity that is temporarily @@ -801,20 +808,21 @@ func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *request. // CreateAccessKey API operation for AWS Identity and Access Management. // -// Creates a new AWS secret access key and corresponding AWS access key ID for -// the specified user. The default status for new keys is Active. +// Creates a new Amazon Web Services secret access key and corresponding Amazon +// Web Services access key ID for the specified user. The default status for +// new keys is Active. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials. This is true even if the AWS -// account has no associated users. +// based on the Amazon Web Services access key ID signing the request. This +// operation works for access keys under the account. Consequently, you can +// use this operation to manage account root user credentials. This is true +// even if the account has no associated users. // // For information about quotas on the number of keys you can create, see IAM // and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. // -// To ensure the security of your AWS account, the secret access key is accessible +// To ensure the security of your account, the secret access key is accessible // only during key and user creation. You must save the key (for example, in // a text file) if you want to be able to access it again. If a secret key is // lost, you can delete the access keys for the associated user and then create @@ -834,7 +842,8 @@ func (c *IAM) CreateAccessKeyRequest(input *CreateAccessKeyInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -907,8 +916,8 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // CreateAccountAlias API operation for AWS Identity and Access Management. // -// Creates an alias for your AWS account. For information about using an AWS -// account alias, see Using an alias for your AWS account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) +// Creates an alias for your account. For information about using an account +// alias, see Using an alias for your account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -925,7 +934,8 @@ func (c *IAM) CreateAccountAliasRequest(input *CreateAccountAliasInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -1013,7 +1023,8 @@ func (c *IAM) CreateGroupRequest(input *CreateGroupInput) (req *request.Request, // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -1120,7 +1131,8 @@ func (c *IAM) CreateInstanceProfileRequest(input *CreateInstanceProfileInput) (r // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -1198,12 +1210,12 @@ func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *re // CreateLoginProfile API operation for AWS Identity and Access Management. // // Creates a password for the specified IAM user. A password allows an IAM user -// to access AWS services through the AWS Management Console. +// to access Amazon Web Services services through the Management Console. // -// You can use the AWS CLI, the AWS API, or the Users page in the IAM console -// to create a password for any IAM user. Use ChangePassword to update your -// own existing password in the My Security Credentials page in the AWS Management -// Console. +// You can use the CLI, the Amazon Web Services API, or the Users page in the +// IAM console to create a password for any IAM user. Use ChangePassword to +// update your own existing password in the My Security Credentials page in +// the Management Console. // // For more information about managing passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. @@ -1230,7 +1242,8 @@ func (c *IAM) CreateLoginProfileRequest(input *CreateLoginProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -1307,14 +1320,14 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // // The OIDC provider that you create with this operation can be used as a principal // in a role's trust policy. Such a policy establishes a trust relationship -// between AWS and the OIDC provider. +// between Amazon Web Services and the OIDC provider. // // If you are using an OIDC identity provider from Google, Facebook, or Amazon // Cognito, you don't need to create a separate IAM identity provider. These -// OIDC identity providers are already built-in to AWS and are available for -// your use. Instead, you can move directly to creating new roles using your -// identity provider. To learn more, see Creating a role for web identity or -// OpenID connect federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) +// OIDC identity providers are already built-in to Amazon Web Services and are +// available for your use. Instead, you can move directly to creating new roles +// using your identity provider. To learn more, see Creating a role for web +// identity or OpenID connect federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-idp_oidc.html) // in the IAM User Guide. // // When you create the IAM OIDC provider, you specify the following: @@ -1322,13 +1335,13 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // * The URL of the OIDC identity provider (IdP) to trust // // * A list of client IDs (also known as audiences) that identify the application -// or applications that are allowed to authenticate using the OIDC provider +// or applications allowed to authenticate using the OIDC provider // // * A list of thumbprints of one or more server certificates that the IdP // uses // // You get all of this information from the OIDC IdP that you want to use to -// access AWS. +// access Amazon Web Services. // // The trust for the OIDC provider is derived from the IAM provider that this // operation creates. Therefore, it is best to limit access to the CreateOpenIDConnectProvider @@ -1352,7 +1365,8 @@ func (c *IAM) CreateOpenIDConnectProviderRequest(input *CreateOpenIDConnectProvi // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -1429,7 +1443,7 @@ func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Reques // CreatePolicy API operation for AWS Identity and Access Management. // -// Creates a new managed policy for your AWS account. +// Creates a new managed policy for your account. // // This operation creates a policy version with a version identifier of v1 and // sets v1 as the policy's default version. For more information about policy @@ -1458,7 +1472,8 @@ func (c *IAM) CreatePolicyRequest(input *CreatePolicyInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -1578,7 +1593,8 @@ func (c *IAM) CreatePolicyVersionRequest(input *CreatePolicyVersionInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -1650,8 +1666,8 @@ func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, o // CreateRole API operation for AWS Identity and Access Management. // -// Creates a new role for your AWS account. For more information about roles, -// see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). +// Creates a new role for your account. For more information about roles, see +// IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/WorkingWithRoles.html). // For information about quotas for role names and the number of roles you can // create, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. @@ -1666,7 +1682,8 @@ func (c *IAM) CreateRoleRequest(input *CreateRoleInput) (req *request.Request, o // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -1761,8 +1778,8 @@ func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *re // The SAML provider resource that you create with this operation can be used // as a principal in an IAM role's trust policy. Such a policy can enable federated // users who sign in using the SAML IdP to assume the role. You can create an -// IAM role that supports Web-based single sign-on (SSO) to the AWS Management -// Console or one that supports API access to AWS. +// IAM role that supports Web-based single sign-on (SSO) to the Management Console +// or one that supports API access to Amazon Web Services. // // When you create the SAML provider resource, you upload a SAML metadata document // that you get from your IdP. That document includes the issuer's name, expiration @@ -1774,7 +1791,7 @@ func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *re // This operation requires Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). // // For more information, see Enabling SAML 2.0 federated users to access the -// AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) +// Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-saml.html) // and About SAML 2.0-based federation (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html) // in the IAM User Guide. // @@ -1796,7 +1813,8 @@ func (c *IAM) CreateSAMLProviderRequest(input *CreateSAMLProviderInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -1873,17 +1891,17 @@ func (c *IAM) CreateServiceLinkedRoleRequest(input *CreateServiceLinkedRoleInput // CreateServiceLinkedRole API operation for AWS Identity and Access Management. // -// Creates an IAM role that is linked to a specific AWS service. The service -// controls the attached policies and when the role can be deleted. This helps -// ensure that the service is not broken by an unexpectedly changed or deleted -// role, which could put your AWS resources into an unknown state. Allowing -// the service to control the role helps improve service stability and proper -// cleanup when a service and its role are no longer needed. For more information, -// see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) +// Creates an IAM role that is linked to a specific Amazon Web Services service. +// The service controls the attached policies and when the role can be deleted. +// This helps ensure that the service is not broken by an unexpectedly changed +// or deleted role, which could put your Amazon Web Services resources into +// an unknown state. Allowing the service to control the role helps improve +// service stability and proper cleanup when a service and its role are no longer +// needed. For more information, see Using service-linked roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) // in the IAM User Guide. // // To attach a policy to this service-linked role, you must make the request -// using the AWS service that depends on this role. +// using the Amazon Web Services service that depends on this role. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1899,7 +1917,8 @@ func (c *IAM) CreateServiceLinkedRoleRequest(input *CreateServiceLinkedRoleInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -1982,13 +2001,14 @@ func (c *IAM) CreateServiceSpecificCredentialRequest(input *CreateServiceSpecifi // You can have a maximum of two sets of service-specific credentials for each // supported service per user. // -// You can create service-specific credentials for AWS CodeCommit and Amazon -// Keyspaces (for Apache Cassandra). +// You can create service-specific credentials for CodeCommit and Amazon Keyspaces +// (for Apache Cassandra). // // You can reset the password to a new service-generated value by calling ResetServiceSpecificCredential. // // For more information about service-specific credentials, see Using IAM with -// AWS CodeCommit: Git credentials, SSH keys, and AWS access keys (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html) +// CodeCommit: Git credentials, SSH keys, and Amazon Web Services access keys +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_ssh-keys.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2001,7 +2021,8 @@ func (c *IAM) CreateServiceSpecificCredentialRequest(input *CreateServiceSpecifi // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -2076,7 +2097,7 @@ func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *request.Request, o // CreateUser API operation for AWS Identity and Access Management. // -// Creates a new IAM user for your AWS account. +// Creates a new IAM user for your account. // // For information about quotas for the number of IAM users you can create, // see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) @@ -2092,7 +2113,8 @@ func (c *IAM) CreateUserRequest(input *CreateUserInput) (req *request.Request, o // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -2181,10 +2203,10 @@ func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) // CreateVirtualMFADevice API operation for AWS Identity and Access Management. // -// Creates a new virtual MFA device for the AWS account. After creating the -// virtual MFA, use EnableMFADevice to attach the MFA device to an IAM user. -// For more information about creating and working with virtual MFA devices, -// see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) +// Creates a new virtual MFA device for the account. After creating the virtual +// MFA, use EnableMFADevice to attach the MFA device to an IAM user. For more +// information about creating and working with virtual MFA devices, see Using +// a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) // in the IAM User Guide. // // For information about the maximum number of MFA devices you can create, see @@ -2193,9 +2215,9 @@ func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) // // The seed information contained in the QR code and the Base32 string should // be treated like any other secret access information. In other words, protect -// the seed information as you would your AWS access keys or your passwords. -// After you provision your virtual device, you should ensure that the information -// is destroyed following secure procedures. +// the seed information as you would your Amazon Web Services access keys or +// your passwords. After you provision your virtual device, you should ensure +// that the information is destroyed following secure procedures. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2207,7 +2229,8 @@ func (c *IAM) CreateVirtualMFADeviceRequest(input *CreateVirtualMFADeviceInput) // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -2320,7 +2343,8 @@ func (c *IAM) DeactivateMFADeviceRequest(input *DeactivateMFADeviceInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2396,10 +2420,10 @@ func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *request. // Deletes the access key pair associated with the specified IAM user. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID signing the request. This +// operation works for access keys under the account. Consequently, you can +// use this operation to manage account root user credentials even if the account +// has no associated users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2415,7 +2439,8 @@ func (c *IAM) DeleteAccessKeyRequest(input *DeleteAccessKeyInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2488,8 +2513,8 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // DeleteAccountAlias API operation for AWS Identity and Access Management. // -// Deletes the specified AWS account alias. For information about using an AWS -// account alias, see Using an alias for your AWS account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) +// Deletes the specified account alias. For information about using an Amazon +// Web Services account alias, see Using an alias for your account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2506,7 +2531,8 @@ func (c *IAM) DeleteAccountAliasRequest(input *DeleteAccountAliasInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2579,7 +2605,7 @@ func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPol // DeleteAccountPasswordPolicy API operation for AWS Identity and Access Management. // -// Deletes the password policy for the AWS account. There are no parameters. +// Deletes the password policy for the account. There are no parameters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2595,7 +2621,8 @@ func (c *IAM) DeleteAccountPasswordPolicyRequest(input *DeleteAccountPasswordPol // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2689,7 +2716,8 @@ func (c *IAM) DeleteGroupRequest(input *DeleteGroupInput) (req *request.Request, // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2784,7 +2812,8 @@ func (c *IAM) DeleteGroupPolicyRequest(input *DeleteGroupPolicyInput) (req *requ // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2886,7 +2915,8 @@ func (c *IAM) DeleteInstanceProfileRequest(input *DeleteInstanceProfileInput) (r // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -2960,17 +2990,18 @@ func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *re // DeleteLoginProfile API operation for AWS Identity and Access Management. // // Deletes the password for the specified IAM user, which terminates the user's -// ability to access AWS services through the AWS Management Console. +// ability to access Amazon Web Services services through the Management Console. // -// You can use the AWS CLI, the AWS API, or the Users page in the IAM console -// to delete a password for any IAM user. You can use ChangePassword to update, -// but not delete, your own password in the My Security Credentials page in -// the AWS Management Console. +// You can use the CLI, the Amazon Web Services API, or the Users page in the +// IAM console to delete a password for any IAM user. You can use ChangePassword +// to update, but not delete, your own password in the My Security Credentials +// page in the Management Console. // -// Deleting a user's password does not prevent a user from accessing AWS through -// the command line interface or the API. To prevent all user access, you must -// also either make any access keys inactive or delete them. For more information -// about making keys inactive or deleting them, see UpdateAccessKey and DeleteAccessKey. +// Deleting a user's password does not prevent a user from accessing Amazon +// Web Services through the command line interface or the API. To prevent all +// user access, you must also either make any access keys inactive or delete +// them. For more information about making keys inactive or deleting them, see +// UpdateAccessKey and DeleteAccessKey. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2992,7 +3023,8 @@ func (c *IAM) DeleteLoginProfileRequest(input *DeleteLoginProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -3199,7 +3231,8 @@ func (c *IAM) DeletePolicyRequest(input *DeletePolicyInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -3304,7 +3337,8 @@ func (c *IAM) DeletePolicyVersionRequest(input *DeletePolicyVersionInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -3411,7 +3445,8 @@ func (c *IAM) DeleteRoleRequest(input *DeleteRoleInput) (req *request.Request, o // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -3612,7 +3647,8 @@ func (c *IAM) DeleteRolePolicyRequest(input *DeleteRolePolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -3714,7 +3750,8 @@ func (c *IAM) DeleteSAMLProviderRequest(input *DeleteSAMLProviderInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -3794,10 +3831,10 @@ func (c *IAM) DeleteSSHPublicKeyRequest(input *DeleteSSHPublicKeyInput) (req *re // Deletes the specified SSH public key. // // The SSH public key deleted by this operation is used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3882,8 +3919,8 @@ func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic also includes a list of AWS services that -// can use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic also includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // If you are using a server certificate with Elastic Load Balancing, deleting // the certificate could have implications for your application. If Elastic @@ -3913,7 +3950,8 @@ func (c *IAM) DeleteServerCertificateRequest(input *DeleteServerCertificateInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -3999,11 +4037,11 @@ func (c *IAM) DeleteServiceLinkedRoleRequest(input *DeleteServiceLinkedRoleInput // the service-linked role, you must first remove those resources from the linked // service and then submit the deletion request again. Resources are specific // to the service that is linked to the role. For more information about removing -// resources from a service, see the AWS documentation (http://docs.aws.amazon.com/) +// resources from a service, see the Amazon Web Services documentation (http://docs.aws.amazon.com/) // for your service. // // For more information about service-linked roles, see Roles terms and concepts: -// AWS service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) +// Amazon Web Services service-linked role (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-service-linked-role) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4020,7 +4058,8 @@ func (c *IAM) DeleteServiceLinkedRoleRequest(input *DeleteServiceLinkedRoleInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4177,10 +4216,10 @@ func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInp // Deletes a signing certificate associated with the specified IAM user. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated IAM users. +// based on the Amazon Web Services access key ID signing the request. This +// operation works for access keys under the account. Consequently, you can +// use this operation to manage account root user credentials even if the account +// has no associated IAM users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4196,7 +4235,8 @@ func (c *IAM) DeleteSigningCertificateRequest(input *DeleteSigningCertificateInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4269,10 +4309,9 @@ func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *request.Request, o // DeleteUser API operation for AWS Identity and Access Management. // -// Deletes the specified IAM user. Unlike the AWS Management Console, when you -// delete a user programmatically, you must delete the items attached to the -// user manually, or the deletion fails. For more information, see Deleting -// an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli). +// Deletes the specified IAM user. Unlike the Management Console, when you delete +// a user programmatically, you must delete the items attached to the user manually, +// or the deletion fails. For more information, see Deleting an IAM user (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_manage.html#id_users_deleting_cli). // Before attempting to delete a user, remove the following items: // // * Password (DeleteLoginProfile) @@ -4303,7 +4342,8 @@ func (c *IAM) DeleteUserRequest(input *DeleteUserInput) (req *request.Request, o // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -4500,7 +4540,8 @@ func (c *IAM) DeleteUserPolicyRequest(input *DeleteUserPolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4596,7 +4637,8 @@ func (c *IAM) DeleteVirtualMFADeviceRequest(input *DeleteVirtualMFADeviceInput) // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -4690,7 +4732,8 @@ func (c *IAM) DetachGroupPolicyRequest(input *DetachGroupPolicyInput) (req *requ // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -4788,7 +4831,8 @@ func (c *IAM) DetachRolePolicyRequest(input *DetachRolePolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -4892,7 +4936,8 @@ func (c *IAM) DetachUserPolicyRequest(input *DetachUserPolicyInput) (req *reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -4997,7 +5042,8 @@ func (c *IAM) EnableMFADeviceRequest(input *EnableMFADeviceInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -5073,7 +5119,7 @@ func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInp // GenerateCredentialReport API operation for AWS Identity and Access Management. // -// Generates a credential report for the AWS account. For more information about +// Generates a credential report for the account. For more information about // the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // in the IAM User Guide. // @@ -5087,7 +5133,8 @@ func (c *IAM) GenerateCredentialReportRequest(input *GenerateCredentialReportInp // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -5159,16 +5206,16 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // GenerateOrganizationsAccessReport API operation for AWS Identity and Access Management. // -// Generates a report for service last accessed data for AWS Organizations. -// You can generate a report for any entities (organization root, organizational +// Generates a report for service last accessed data for Organizations. You +// can generate a report for any entities (organization root, organizational // unit, or account) or policies in your organization. // -// To call this operation, you must be signed in using your AWS Organizations -// management account credentials. You can use your long-term IAM user or root -// user credentials, or temporary credentials from assuming an IAM role. SCPs -// must be enabled for your organization root. You must have the required IAM -// and AWS Organizations permissions. For more information, see Refining permissions -// using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) +// To call this operation, you must be signed in using your Organizations management +// account credentials. You can use your long-term IAM user or root user credentials, +// or temporary credentials from assuming an IAM role. SCPs must be enabled +// for your organization root. You must have the required IAM and Organizations +// permissions. For more information, see Refining permissions using service +// last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // // You can generate a service last accessed data report for entities by specifying @@ -5176,7 +5223,7 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // by any service control policies (SCPs) that apply to the entity. // // You can generate a service last accessed data report for a policy by specifying -// an entity's path and an optional AWS Organizations policy ID. This data includes +// an entity's path and an optional Organizations policy ID. This data includes // a list of services that are allowed by the specified SCP. // // For each service in both report types, the data includes the most recent @@ -5186,14 +5233,14 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // Reducing permissions using service last accessed data (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html) // in the IAM User Guide. // -// The data includes all attempts to access AWS, not just the successful ones. -// This includes all attempts that were made using the AWS Management Console, -// the AWS API through any of the SDKs, or any of the command line tools. An -// unexpected entry in the service last accessed data does not mean that an -// account has been compromised, because the request might have been denied. -// Refer to your CloudTrail logs as the authoritative source for information -// about all API calls and whether they were successful or denied access. For -// more information, see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// The data includes all attempts to access Amazon Web Services, not just the +// successful ones. This includes all attempts that were made using the Management +// Console, the Amazon Web Services API through any of the SDKs, or any of the +// command line tools. An unexpected entry in the service last accessed data +// does not mean that an account has been compromised, because the request might +// have been denied. Refer to your CloudTrail logs as the authoritative source +// for information about all API calls and whether they were successful or denied +// access. For more information, see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. // // This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport @@ -5203,8 +5250,8 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // you can retrieve the report. // // To generate a service last accessed data report for entities, specify an -// entity path without specifying the optional AWS Organizations policy ID. -// The type of entity that you specify determines the data returned in the report. +// entity path without specifying the optional Organizations policy ID. The +// type of entity that you specify determines the data returned in the report. // // * Root – When you specify the organizations root as the entity, the // resulting report lists all of the services allowed by SCPs that are attached @@ -5219,9 +5266,9 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // account, because the management account is not limited by SCPs. // // * management account – When you specify the management account, the -// resulting report lists all AWS services, because the management account -// is not limited by SCPs. For each service, the report includes data for -// only the management account. +// resulting report lists all Amazon Web Services services, because the management +// account is not limited by SCPs. For each service, the report includes +// data for only the management account. // // * Account – When you specify another account as the entity, the resulting // report lists all of the services allowed by SCPs that are attached to @@ -5229,7 +5276,7 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // for only the specified account. // // To generate a service last accessed data report for policies, specify an -// entity path and the optional AWS Organizations policy ID. The type of entity +// entity path and the optional Organizations policy ID. The type of entity // that you specify determines the data returned for each service. // // * Root – When you specify the root entity and a policy ID, the resulting @@ -5251,10 +5298,10 @@ func (c *IAM) GenerateOrganizationsAccessReportRequest(input *GenerateOrganizati // data. // // * management account – When you specify the management account, the -// resulting report lists all AWS services, because the management account -// is not limited by SCPs. If you specify a policy ID in the CLI or API, -// the policy is ignored. For each service, the report includes data for -// only the management account. +// resulting report lists all Amazon Web Services services, because the management +// account is not limited by SCPs. If you specify a policy ID in the CLI +// or API, the policy is ignored. For each service, the report includes data +// for only the management account. // // * Account – When you specify another account entity and a policy ID, // the resulting report lists all of the services that are allowed by the @@ -5355,20 +5402,21 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // GenerateServiceLastAccessedDetails API operation for AWS Identity and Access Management. // // Generates a report that includes details about when an IAM resource (user, -// group, role, or policy) was last used in an attempt to access AWS services. -// Recent activity usually appears within four hours. IAM reports activity for -// the last 365 days, or less if your Region began supporting this feature within -// the last year. For more information, see Regions where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). -// -// The service last accessed data includes all attempts to access an AWS API, -// not just the successful ones. This includes all attempts that were made using -// the AWS Management Console, the AWS API through any of the SDKs, or any of -// the command line tools. An unexpected entry in the service last accessed -// data does not mean that your account has been compromised, because the request -// might have been denied. Refer to your CloudTrail logs as the authoritative -// source for information about all API calls and whether they were successful -// or denied access. For more information, see Logging IAM events with CloudTrail -// (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) +// group, role, or policy) was last used in an attempt to access Amazon Web +// Services services. Recent activity usually appears within four hours. IAM +// reports activity for the last 365 days, or less if your Region began supporting +// this feature within the last year. For more information, see Regions where +// data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// +// The service last accessed data includes all attempts to access an Amazon +// Web Services API, not just the successful ones. This includes all attempts +// that were made using the Management Console, the Amazon Web Services API +// through any of the SDKs, or any of the command line tools. An unexpected +// entry in the service last accessed data does not mean that your account has +// been compromised, because the request might have been denied. Refer to your +// CloudTrail logs as the authoritative source for information about all API +// calls and whether they were successful or denied access. For more information, +// see Logging IAM events with CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) // in the IAM User Guide. // // The GenerateServiceLastAccessedDetails operation returns a JobId. Use this @@ -5376,15 +5424,16 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // your report: // // * GetServiceLastAccessedDetails – Use this operation for users, groups, -// roles, or policies to list every AWS service that the resource could access -// using permissions policies. For each service, the response includes information -// about the most recent access attempt. The JobId returned by GenerateServiceLastAccessedDetail -// must be used by the same role within a session, or by the same user when -// used to call GetServiceLastAccessedDetail. +// roles, or policies to list every Amazon Web Services service that the +// resource could access using permissions policies. For each service, the +// response includes information about the most recent access attempt. The +// JobId returned by GenerateServiceLastAccessedDetail must be used by the +// same role within a session, or by the same user when used to call GetServiceLastAccessedDetail. // // * GetServiceLastAccessedDetailsWithEntities – Use this operation for // groups and policies to list information about the associated entities -// (users or roles) that attempted to access a specific AWS service. +// (users or roles) that attempted to access a specific Amazon Web Services +// service. // // To check the status of the GenerateServiceLastAccessedDetails request, use // the JobId parameter in the same operations and test the JobStatus response @@ -5396,10 +5445,10 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // // Service last accessed data does not use other policy types when determining // whether a resource could access a service. These other policy types include -// resource-based policies, access control lists, AWS Organizations policies, -// IAM permissions boundaries, and AWS STS assume role policies. It only applies -// permissions policy logic. For more about the evaluation of policy types, -// see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// resource-based policies, access control lists, Organizations policies, IAM +// permissions boundaries, and STS assume role policies. It only applies permissions +// policy logic. For more about the evaluation of policy types, see Evaluating +// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. // // For more information about service and action last accessed data, see Reducing @@ -5489,9 +5538,9 @@ func (c *IAM) GetAccessKeyLastUsedRequest(input *GetAccessKeyLastUsedInput) (req // GetAccessKeyLastUsed API operation for AWS Identity and Access Management. // // Retrieves information about when the specified access key was last used. -// The information includes the date and time of last use, along with the AWS -// service and Region that were specified in the last request made with that -// key. +// The information includes the date and time of last use, along with the Amazon +// Web Services service and Region that were specified in the last request made +// with that key. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5578,9 +5627,9 @@ func (c *IAM) GetAccountAuthorizationDetailsRequest(input *GetAccountAuthorizati // GetAccountAuthorizationDetails API operation for AWS Identity and Access Management. // // Retrieves information about all IAM users, groups, roles, and policies in -// your AWS account, including their relationships to one another. Use this -// operation to obtain a snapshot of the configuration of IAM permissions (users, -// groups, roles, and policies) in your account. +// your Amazon Web Services account, including their relationships to one another. +// Use this operation to obtain a snapshot of the configuration of IAM permissions +// (users, groups, roles, and policies) in your account. // // Policies returned by this operation are URL-encoded compliant with RFC 3986 // (https://tools.ietf.org/html/rfc3986). You can use a URL decoding method @@ -5721,7 +5770,7 @@ func (c *IAM) GetAccountPasswordPolicyRequest(input *GetAccountPasswordPolicyInp // GetAccountPasswordPolicy API operation for AWS Identity and Access Management. // -// Retrieves the password policy for the AWS account. This tells you the complexity +// Retrieves the password policy for the account. This tells you the complexity // requirements and mandatory rotation periods for the IAM user passwords in // your account. For more information about using a password policy, see Managing // an IAM password policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html). @@ -5808,7 +5857,8 @@ func (c *IAM) GetAccountSummaryRequest(input *GetAccountSummaryInput) (req *requ // GetAccountSummary API operation for AWS Identity and Access Management. // -// Retrieves information about IAM entity usage and IAM quotas in the AWS account. +// Retrieves information about IAM entity usage and IAM quotas in the Amazon +// Web Services account. // // For information about IAM quotas, see IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) // in the IAM User Guide. @@ -5895,12 +5945,13 @@ func (c *IAM) GetContextKeysForCustomPolicyRequest(input *GetContextKeysForCusto // The policies are supplied as a list of one or more strings. To get the context // keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. Context keys can be evaluated -// by testing against a value specified in an IAM policy. Use GetContextKeysForCustomPolicy -// to understand what key names and values you must supply when you call SimulateCustomPolicy. -// Note that all parameters are shown in unencoded form here for clarity but -// must be URL encoded to be included as a part of a real HTML request. +// Context keys are variables maintained by Amazon Web Services and its services +// that provide details about the context of an API query request. Context keys +// can be evaluated by testing against a value specified in an IAM policy. Use +// GetContextKeysForCustomPolicy to understand what key names and values you +// must supply when you call SimulateCustomPolicy. Note that all parameters +// are shown in unencoded form here for clarity but must be URL encoded to be +// included as a part of a real HTML request. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5993,9 +6044,9 @@ func (c *IAM) GetContextKeysForPrincipalPolicyRequest(input *GetContextKeysForPr // to other users. If you do not want users to see other user's permissions, // then consider allowing them to use GetContextKeysForCustomPolicy instead. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. Context keys can be evaluated -// by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy +// Context keys are variables maintained by Amazon Web Services and its services +// that provide details about the context of an API query request. Context keys +// can be evaluated by testing against a value in an IAM policy. Use GetContextKeysForPrincipalPolicy // to understand what key names and values you must supply when you call SimulatePrincipalPolicy. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6080,7 +6131,7 @@ func (c *IAM) GetCredentialReportRequest(input *GetCredentialReportInput) (req * // GetCredentialReport API operation for AWS Identity and Access Management. // -// Retrieves a credential report for the AWS account. For more information about +// Retrieves a credential report for the account. For more information about // the credential report, see Getting credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // in the IAM User Guide. // @@ -6506,10 +6557,20 @@ func (c *IAM) GetLoginProfileRequest(input *GetLoginProfileInput) (req *request. // GetLoginProfile API operation for AWS Identity and Access Management. // -// Retrieves the user name and password creation date for the specified IAM -// user. If the user has not been assigned a password, the operation returns +// Retrieves the user name for the specified IAM user. A login profile is created +// when you create a password for the user to access the Management Console. +// If the user does not exist or does not have a password, the operation returns // a 404 (NoSuchEntity) error. // +// If you create an IAM user with access to the console, the CreateDate reflects +// the date you created the initial password for the user. +// +// If you create an IAM user with programmatic access, and then later add a +// password for the user to access the Management Console, the CreateDate reflects +// the initial password creation date. A user with programmatic access does +// not have a login profile unless you create a password for the user to access +// the Management Console. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6681,8 +6742,8 @@ func (c *IAM) GetOrganizationsAccessReportRequest(input *GetOrganizationsAccessR // GetOrganizationsAccessReport API operation for AWS Identity and Access Management. // -// Retrieves the service last accessed data report for AWS Organizations that -// was previously generated using the GenerateOrganizationsAccessReport operation. +// Retrieves the service last accessed data report for Organizations that was +// previously generated using the GenerateOrganizationsAccessReport operation. // This operation retrieves the status of your report job and the report contents. // // Depending on the parameters that you passed when you generated the report, @@ -7279,10 +7340,10 @@ func (c *IAM) GetSSHPublicKeyRequest(input *GetSSHPublicKeyInput) (req *request. // Retrieves the specified SSH public key, including metadata about the key. // // The SSH public key retrieved by this operation is used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7370,8 +7431,8 @@ func (c *IAM) GetServerCertificateRequest(input *GetServerCertificateInput) (req // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic includes a list of AWS services that can -// use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7458,15 +7519,16 @@ func (c *IAM) GetServiceLastAccessedDetailsRequest(input *GetServiceLastAccessed // Retrieves a service last accessed report that was created using the GenerateServiceLastAccessedDetails // operation. You can use the JobId parameter in GetServiceLastAccessedDetails // to retrieve the status of your report job. When the report is complete, you -// can retrieve the generated report. The report includes a list of AWS services -// that the resource (user, group, role, or managed policy) can access. +// can retrieve the generated report. The report includes a list of Amazon Web +// Services services that the resource (user, group, role, or managed policy) +// can access. // // Service last accessed data does not use other policy types when determining // whether a resource could access a service. These other policy types include -// resource-based policies, access control lists, AWS Organizations policies, -// IAM permissions boundaries, and AWS STS assume role policies. It only applies -// permissions policy logic. For more about the evaluation of policy types, -// see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// resource-based policies, access control lists, Organizations policies, IAM +// permissions boundaries, and STS assume role policies. It only applies permissions +// policy logic. For more about the evaluation of policy types, see Evaluating +// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. // // For each service that the resource could access using permissions policies, @@ -7786,7 +7848,8 @@ func (c *IAM) GetUserRequest(input *GetUserInput) (req *request.Request, output // creation date, path, unique ID, and ARN. // // If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID used to sign the request to this operation. +// based on the Amazon Web Services access key ID used to sign the request to +// this operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7983,12 +8046,12 @@ func (c *IAM) ListAccessKeysRequest(input *ListAccessKeysInput) (req *request.Re // the results using the MaxItems and Marker parameters. // // If the UserName field is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // -// To ensure the security of your AWS account, the secret access key is accessible +// To ensure the security of your account, the secret access key is accessible // only during key and user creation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -8131,9 +8194,9 @@ func (c *IAM) ListAccountAliasesRequest(input *ListAccountAliasesInput) (req *re // ListAccountAliases API operation for AWS Identity and Access Management. // -// Lists the account alias associated with the AWS account (Note: you can have -// only one). For information about using an AWS account alias, see Using an -// alias for your AWS account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) +// Lists the account alias associated with the account (Note: you can have only +// one). For information about using an account alias, see Using an alias for +// your account ID (https://docs.aws.amazon.com/IAM/latest/UserGuide/AccountAlias.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -9808,7 +9871,8 @@ func (c *IAM) ListMFADevicesRequest(input *ListMFADevicesInput) (req *request.Re // Lists the MFA devices for an IAM user. If the request includes a IAM user // name, then this operation lists all the MFA devices associated with the specified // user. If you do not specify a user name, IAM determines the user name implicitly -// based on the AWS access key ID signing the request for this operation. +// based on the Amazon Web Services access key ID signing the request for this +// operation. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -10040,7 +10104,7 @@ func (c *IAM) ListOpenIDConnectProvidersRequest(input *ListOpenIDConnectProvider // ListOpenIDConnectProviders API operation for AWS Identity and Access Management. // // Lists information about the IAM OpenID Connect (OIDC) provider resource objects -// defined in the AWS account. +// defined in the account. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -10131,13 +10195,14 @@ func (c *IAM) ListPoliciesRequest(input *ListPoliciesInput) (req *request.Reques // ListPolicies API operation for AWS Identity and Access Management. // -// Lists all the managed policies that are available in your AWS account, including -// your own customer-defined managed policies and all AWS managed policies. +// Lists all the managed policies that are available in your account, including +// your own customer-defined managed policies and all Amazon Web Services managed +// policies. // // You can filter the list of policies that is returned using the optional OnlyAttached, // Scope, and PathPrefix parameters. For example, to list only the customer -// managed policies in your AWS account, set Scope to Local. To list only AWS -// managed policies, set Scope to AWS. +// managed policies in your Amazon Web Services account, set Scope to Local. +// To list only Amazon Web Services managed policies, set Scope to AWS. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -10285,10 +10350,9 @@ func (c *IAM) ListPoliciesGrantingServiceAccessRequest(input *ListPoliciesGranti // // This operation does not use other policy types when determining whether a // resource could access a service. These other policy types include resource-based -// policies, access control lists, AWS Organizations policies, IAM permissions -// boundaries, and AWS STS assume role policies. It only applies permissions -// policy logic. For more about the evaluation of policy types, see Evaluating -// policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) +// policies, access control lists, Organizations policies, IAM permissions boundaries, +// and STS assume role policies. It only applies permissions policy logic. For +// more about the evaluation of policy types, see Evaluating policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics) // in the IAM User Guide. // // The list of policies returned by the operation depends on the ARN of the @@ -11215,10 +11279,10 @@ func (c *IAM) ListSSHPublicKeysRequest(input *ListSSHPublicKeysInput) (req *requ // IAM user. If none exists, the operation returns an empty list. // // The SSH public keys returned by this operation are used only for authenticating -// the IAM user to an AWS CodeCommit repository. For more information about -// using SSH keys to authenticate to an AWS CodeCommit repository, see Set up -// AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the IAM user to an CodeCommit repository. For more information about using +// SSH keys to authenticate to an CodeCommit repository, see Set up CodeCommit +// for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Although each user is limited to a small number of keys, you can still paginate // the results using the MaxItems and Marker parameters. @@ -11358,10 +11422,10 @@ func (c *IAM) ListServerCertificateTagsRequest(input *ListServerCertificateTagsI // tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // -// For certificates in a Region supported by AWS Certificate Manager (ACM), -// we recommend that you don't use IAM server certificates. Instead, use ACM -// to provision, manage, and deploy your server certificates. For more information -// about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) +// For certificates in a Region supported by Certificate Manager (ACM), we recommend +// that you don't use IAM server certificates. Instead, use ACM to provision, +// manage, and deploy your server certificates. For more information about IAM +// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11459,8 +11523,8 @@ func (c *IAM) ListServerCertificatesRequest(input *ListServerCertificatesInput) // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic also includes a list of AWS services that -// can use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic also includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -11601,9 +11665,9 @@ func (c *IAM) ListServiceSpecificCredentialsRequest(input *ListServiceSpecificCr // the specified IAM user. If none exists, the operation returns an empty list. // The service-specific credentials returned by this operation are used only // for authenticating the IAM user to a specific service. For more information -// about using service-specific credentials to authenticate to an AWS service, -// see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) -// in the AWS CodeCommit User Guide. +// about using service-specific credentials to authenticate to an Amazon Web +// Services service, see Set up service-specific credentials (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -11699,10 +11763,10 @@ func (c *IAM) ListSigningCertificatesRequest(input *ListSigningCertificatesInput // you can still paginate the results using the MaxItems and Marker parameters. // // If the UserName field is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request for this operation. -// This operation works for access keys under the AWS account. Consequently, -// you can use this operation to manage AWS account root user credentials even -// if the AWS account has no associated users. +// based on the Amazon Web Services access key ID used to sign the request for +// this operation. This operation works for access keys under the account. Consequently, +// you can use this operation to manage account root user credentials even if +// the account has no associated users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12141,8 +12205,8 @@ func (c *IAM) ListUsersRequest(input *ListUsersInput) (req *request.Request, out // ListUsers API operation for AWS Identity and Access Management. // // Lists the IAM users that have the specified path prefix. If no path prefix -// is specified, the operation returns all users in the AWS account. If there -// are none, the operation returns an empty list. +// is specified, the operation returns all users in the account. If there are +// none, the operation returns an empty list. // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even @@ -12287,7 +12351,7 @@ func (c *IAM) ListVirtualMFADevicesRequest(input *ListVirtualMFADevicesInput) (r // ListVirtualMFADevices API operation for AWS Identity and Access Management. // -// Lists the virtual MFA devices defined in the AWS account by assignment status. +// Lists the virtual MFA devices defined in the account by assignment status. // If you do not specify an assignment status, the operation returns a list // of all virtual MFA devices. Assignment status can be Assigned, Unassigned, // or Any. @@ -12452,7 +12516,8 @@ func (c *IAM) PutGroupPolicyRequest(input *PutGroupPolicyInput) (req *request.Re // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" // The request was rejected because the policy document was malformed. The error @@ -12534,10 +12599,10 @@ func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundar // PutRolePermissionsBoundary API operation for AWS Identity and Access Management. // // Adds or updates the policy that is specified as the IAM role's permissions -// boundary. You can use an AWS managed policy or a customer managed policy -// to set the boundary for a role. Use the boundary to control the maximum permissions -// that the role can have. Setting a permissions boundary is an advanced feature -// that can affect the permissions for the role. +// boundary. You can use an Amazon Web Services managed policy or a customer +// managed policy to set the boundary for a role. Use the boundary to control +// the maximum permissions that the role can have. Setting a permissions boundary +// is an advanced feature that can affect the permissions for the role. // // You cannot set the boundary for a service-linked role. // @@ -12570,8 +12635,8 @@ func (c *IAM) PutRolePermissionsBoundaryRequest(input *PutRolePermissionsBoundar // request the change through that service. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -12678,7 +12743,8 @@ func (c *IAM) PutRolePolicyRequest(input *PutRolePolicyInput) (req *request.Requ // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" // The request was rejected because the policy document was malformed. The error @@ -12766,10 +12832,10 @@ func (c *IAM) PutUserPermissionsBoundaryRequest(input *PutUserPermissionsBoundar // PutUserPermissionsBoundary API operation for AWS Identity and Access Management. // // Adds or updates the policy that is specified as the IAM user's permissions -// boundary. You can use an AWS managed policy or a customer managed policy -// to set the boundary for a user. Use the boundary to control the maximum permissions -// that the user can have. Setting a permissions boundary is an advanced feature -// that can affect the permissions for the user. +// boundary. You can use an Amazon Web Services managed policy or a customer +// managed policy to set the boundary for a user. Use the boundary to control +// the maximum permissions that the user can have. Setting a permissions boundary +// is an advanced feature that can affect the permissions for the user. // // Policies that are used as permissions boundaries do not provide permissions. // You must also attach a permissions policy to the user. To learn how the effective @@ -12794,8 +12860,8 @@ func (c *IAM) PutUserPermissionsBoundaryRequest(input *PutUserPermissionsBoundar // for an input parameter. // // * ErrCodePolicyNotAttachableException "PolicyNotAttachable" -// The request failed because AWS service role policies can only be attached -// to the service-linked role for that service. +// The request failed because Amazon Web Services service role policies can +// only be attached to the service-linked role for that service. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -12896,7 +12962,8 @@ func (c *IAM) PutUserPolicyRequest(input *PutUserPolicyInput) (req *request.Requ // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocument" // The request was rejected because the policy document was malformed. The error @@ -13096,7 +13163,8 @@ func (c *IAM) RemoveRoleFromInstanceProfileRequest(input *RemoveRoleFromInstance // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -13191,7 +13259,8 @@ func (c *IAM) RemoveUserFromGroupRequest(input *RemoveUserFromGroupInput) (req * // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -13264,9 +13333,9 @@ func (c *IAM) ResetServiceSpecificCredentialRequest(input *ResetServiceSpecificC // ResetServiceSpecificCredential API operation for AWS Identity and Access Management. // // Resets the password for a service-specific credential. The new password is -// AWS generated and cryptographically strong. It cannot be configured by the -// user. Resetting the password immediately invalidates the previous password -// associated with this user. +// Amazon Web Services generated and cryptographically strong. It cannot be +// configured by the user. Resetting the password immediately invalidates the +// previous password associated with this user. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13348,7 +13417,7 @@ func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request. // ResyncMFADevice API operation for AWS Identity and Access Management. // // Synchronizes the specified MFA device with its IAM resource object on the -// AWS servers. +// Amazon Web Services servers. // // For more information about creating and working with virtual MFA devices, // see Using a virtual MFA device (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_VirtualMFA.html) @@ -13372,7 +13441,8 @@ func (c *IAM) ResyncMFADeviceRequest(input *ResyncMFADeviceInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -13474,7 +13544,8 @@ func (c *IAM) SetDefaultPolicyVersionRequest(input *SetDefaultPolicyVersionInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -13548,23 +13619,24 @@ func (c *IAM) SetSecurityTokenServicePreferencesRequest(input *SetSecurityTokenS // SetSecurityTokenServicePreferences API operation for AWS Identity and Access Management. // // Sets the specified version of the global endpoint token as the token version -// used for the AWS account. +// used for the account. // -// By default, AWS Security Token Service (STS) is available as a global service, +// By default, Security Token Service (STS) is available as a global service, // and all STS requests go to a single endpoint at https://sts.amazonaws.com. -// AWS recommends using Regional STS endpoints to reduce latency, build in redundancy, -// and increase session token availability. For information about Regional endpoints -// for STS, see AWS AWS Security Token Service endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html) -// in the AWS General Reference. +// Amazon Web Services recommends using Regional STS endpoints to reduce latency, +// build in redundancy, and increase session token availability. For information +// about Regional endpoints for STS, see Security Token Service endpoints and +// quotas (https://docs.aws.amazon.com/general/latest/gr/sts.html) in the Amazon +// Web Services General Reference. // // If you make an STS call to the global endpoint, the resulting session tokens // might be valid in some Regions but not others. It depends on the version -// that is set in this operation. Version 1 tokens are valid only in AWS Regions +// that is set in this operation. Version 1 tokens are valid only in Regions // that are available by default. These tokens do not work in manually enabled // Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid in // all Regions. However, version 2 tokens are longer and might affect systems // where you temporarily store tokens. For information, see Activating and deactivating -// STS in an AWS region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // To view the current session token version, see the GlobalEndpointTokenVersion @@ -13655,8 +13727,9 @@ func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req // SimulateCustomPolicy API operation for AWS Identity and Access Management. // // Simulate how a set of IAM policies and optionally a resource-based policy -// works with a list of API operations and AWS resources to determine the policies' -// effective permissions. The policies are provided as strings. +// works with a list of API operations and Amazon Web Services resources to +// determine the policies' effective permissions. The policies are provided +// as strings. // // The simulation does not perform the API operations; it only checks the authorization // to determine if the simulated policies allow or deny the operations. You @@ -13665,11 +13738,11 @@ func (c *IAM) SimulateCustomPolicyRequest(input *SimulateCustomPolicyInput) (req // If you want to simulate existing policies that are attached to an IAM user, // group, or role, use SimulatePrincipalPolicy instead. // -// Context keys are variables that are maintained by AWS and its services and -// which provide details about the context of an API query request. You can -// use the Condition element of an IAM policy to evaluate context keys. To get -// the list of context keys that the policies require for correct simulation, -// use GetContextKeysForCustomPolicy. +// Context keys are variables that are maintained by Amazon Web Services and +// its services and which provide details about the context of an API query +// request. You can use the Condition element of an IAM policy to evaluate context +// keys. To get the list of context keys that the policies require for correct +// simulation, use GetContextKeysForCustomPolicy. // // If the output is long, you can use MaxItems and Marker parameters to paginate // the results. @@ -13819,11 +13892,11 @@ func (c *IAM) SimulatePrincipalPolicyRequest(input *SimulatePrincipalPolicyInput // SimulatePrincipalPolicy API operation for AWS Identity and Access Management. // // Simulate how a set of IAM policies attached to an IAM entity works with a -// list of API operations and AWS resources to determine the policies' effective -// permissions. The entity can be an IAM user, group, or role. If you specify -// a user, then the simulation also includes all of the policies that are attached -// to groups that the user belongs to. You can simulate resources that don't -// exist in your account. +// list of API operations and Amazon Web Services resources to determine the +// policies' effective permissions. The entity can be an IAM user, group, or +// role. If you specify a user, then the simulation also includes all of the +// policies that are attached to groups that the user belongs to. You can simulate +// resources that don't exist in your account. // // You can optionally include a list of one or more additional policies specified // as strings to include in the simulation. If you want to simulate only policies @@ -13839,10 +13912,11 @@ func (c *IAM) SimulatePrincipalPolicyRequest(input *SimulatePrincipalPolicyInput // to other users. If you do not want users to see other user's permissions, // then consider allowing them to use SimulateCustomPolicy instead. // -// Context keys are variables maintained by AWS and its services that provide -// details about the context of an API query request. You can use the Condition -// element of an IAM policy to evaluate context keys. To get the list of context -// keys that the policies require for correct simulation, use GetContextKeysForPrincipalPolicy. +// Context keys are variables maintained by Amazon Web Services and its services +// that provide details about the context of an API query request. You can use +// the Condition element of an IAM policy to evaluate context keys. To get the +// list of context keys that the policies require for correct simulation, use +// GetContextKeysForPrincipalPolicy. // // If the output is long, you can use the MaxItems and Marker parameters to // paginate the results. @@ -14014,9 +14088,9 @@ func (c *IAM) TagInstanceProfileRequest(input *TagInstanceProfileInput) (req *re // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14036,7 +14110,8 @@ func (c *IAM) TagInstanceProfileRequest(input *TagInstanceProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -14139,9 +14214,9 @@ func (c *IAM) TagMFADeviceRequest(input *TagMFADeviceInput) (req *request.Reques // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14161,7 +14236,8 @@ func (c *IAM) TagMFADeviceRequest(input *TagMFADeviceInput) (req *request.Reques // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -14266,9 +14342,9 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14284,7 +14360,8 @@ func (c *IAM) TagOpenIDConnectProviderRequest(input *TagOpenIDConnectProviderInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14390,9 +14467,9 @@ func (c *IAM) TagPolicyRequest(input *TagPolicyInput) (req *request.Request, out // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14408,7 +14485,8 @@ func (c *IAM) TagPolicyRequest(input *TagPolicyInput) (req *request.Request, out // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14511,7 +14589,7 @@ func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output // in the IAM User Guide. // // * Cost allocation - Use tags to help track which individuals and teams -// are using which AWS resources. +// are using which Amazon Web Services resources. // // * If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not @@ -14519,9 +14597,9 @@ func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. @@ -14540,7 +14618,8 @@ func (c *IAM) TagRoleRequest(input *TagRoleInput) (req *request.Request, output // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14649,9 +14728,9 @@ func (c *IAM) TagSAMLProviderRequest(input *TagSAMLProviderInput) (req *request. // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14667,7 +14746,8 @@ func (c *IAM) TagSAMLProviderRequest(input *TagSAMLProviderInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -14752,10 +14832,10 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // Adds one or more tags to an IAM server certificate. If a tag with the same // key name already exists, then that tag is overwritten with the new value. // -// For certificates in a Region supported by AWS Certificate Manager (ACM), -// we recommend that you don't use IAM server certificates. Instead, use ACM -// to provision, manage, and deploy your server certificates. For more information -// about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) +// For certificates in a Region supported by Certificate Manager (ACM), we recommend +// that you don't use IAM server certificates. Instead, use ACM to provision, +// manage, and deploy your server certificates. For more information about IAM +// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // A tag consists of a key name and an associated value. By assigning tags to @@ -14774,7 +14854,7 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // in the IAM User Guide. // // * Cost allocation - Use tags to help track which individuals and teams -// are using which AWS resources. +// are using which Amazon Web Services resources. // // * If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not @@ -14782,9 +14862,9 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -14804,7 +14884,8 @@ func (c *IAM) TagServerCertificateRequest(input *TagServerCertificateInput) (req // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeConcurrentModificationException "ConcurrentModification" // The request was rejected because multiple requests to change this object @@ -14903,7 +14984,7 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // the IAM User Guide. // // * Cost allocation - Use tags to help track which individuals and teams -// are using which AWS resources. +// are using which Amazon Web Services resources. // // * If any one of the tags is invalid or if you exceed the allowed maximum // number of tags, then the entire request fails and the resource is not @@ -14911,9 +14992,9 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) in the // IAM User Guide. // -// * AWS always interprets the tag Value as a single string. If you need -// to store an array, you can store comma-separated values in the string. -// However, you must interpret the value in your code. +// * Amazon Web Services always interprets the tag Value as a single string. +// If you need to store an array, you can store comma-separated values in +// the string. However, you must interpret the value in your code. // // For more information about tagging, see Tagging IAM identities (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. @@ -14932,7 +15013,8 @@ func (c *IAM) TagUserRequest(input *TagUserInput) (req *request.Request, output // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -15595,10 +15677,10 @@ func (c *IAM) UntagServerCertificateRequest(input *UntagServerCertificateInput) // about tagging, see Tagging IAM resources (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_tags.html) // in the IAM User Guide. // -// For certificates in a Region supported by AWS Certificate Manager (ACM), -// we recommend that you don't use IAM server certificates. Instead, use ACM -// to provision, manage, and deploy your server certificates. For more information -// about IAM server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) +// For certificates in a Region supported by Certificate Manager (ACM), we recommend +// that you don't use IAM server certificates. Instead, use ACM to provision, +// manage, and deploy your server certificates. For more information about IAM +// server certificates, Working with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -15790,10 +15872,10 @@ func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request. // a key rotation workflow. // // If the UserName is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // // For information about rotating keys, see Managing keys and certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingCredentials.html) // in the IAM User Guide. @@ -15812,7 +15894,8 @@ func (c *IAM) UpdateAccessKeyRequest(input *UpdateAccessKeyInput) (req *request. // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -15885,7 +15968,7 @@ func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPol // UpdateAccountPasswordPolicy API operation for AWS Identity and Access Management. // -// Updates the password policy settings for the AWS account. +// Updates the password policy settings for the account. // // * This operation does not support partial updates. No parameters are required, // but if you do not specify a parameter, that parameter's value reverts @@ -15916,7 +15999,8 @@ func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPol // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16012,7 +16096,8 @@ func (c *IAM) UpdateAssumeRolePolicyRequest(input *UpdateAssumeRolePolicyInput) // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeUnmodifiableEntityException "UnmodifiableEntity" // The request was rejected because only the service that depends on the service-linked @@ -16122,7 +16207,8 @@ func (c *IAM) UpdateGroupRequest(input *UpdateGroupInput) (req *request.Request, // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16195,10 +16281,10 @@ func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *re // UpdateLoginProfile API operation for AWS Identity and Access Management. // -// Changes the password for the specified IAM user. You can use the AWS CLI, -// the AWS API, or the Users page in the IAM console to change the password -// for any IAM user. Use ChangePassword to change your own password in the My -// Security Credentials page in the AWS Management Console. +// Changes the password for the specified IAM user. You can use the CLI, the +// Amazon Web Services API, or the Users page in the IAM console to change the +// password for any IAM user. Use ChangePassword to change your own password +// in the My Security Credentials page in the Management Console. // // For more information about modifying passwords, see Managing passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingLogins.html) // in the IAM User Guide. @@ -16227,7 +16313,8 @@ func (c *IAM) UpdateLoginProfileRequest(input *UpdateLoginProfileInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16608,7 +16695,8 @@ func (c *IAM) UpdateSAMLProviderRequest(input *UpdateSAMLProviderInput) (req *re // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16687,10 +16775,10 @@ func (c *IAM) UpdateSSHPublicKeyRequest(input *UpdateSSHPublicKeyInput) (req *re // work flow. // // The SSH public key affected by this operation is used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16776,8 +16864,8 @@ func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic also includes a list of AWS services that -// can use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic also includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // You should understand the implications of changing a server certificate's // path or name. For more information, see Renaming a server certificate (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs_manage.html#RenamingServerCerts) @@ -16810,7 +16898,8 @@ func (c *IAM) UpdateServerCertificateRequest(input *UpdateServerCertificateInput // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -16972,10 +17061,10 @@ func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInp // user's signing certificate as part of a certificate rotation work flow. // // If the UserName field is not specified, the user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -16991,7 +17080,8 @@ func (c *IAM) UpdateSigningCertificateRequest(input *UpdateSigningCertificateInp // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeServiceFailureException "ServiceFailure" // The request processing has failed because of an unknown error, exception @@ -17091,7 +17181,8 @@ func (c *IAM) UpdateUserRequest(input *UpdateUserInput) (req *request.Request, o // // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -17181,10 +17272,10 @@ func (c *IAM) UploadSSHPublicKeyRequest(input *UploadSSHPublicKeyInput) (req *re // Uploads an SSH public key and associates it with the specified IAM user. // // The SSH public key uploaded by this operation can be used only for authenticating -// the associated IAM user to an AWS CodeCommit repository. For more information -// about using SSH keys to authenticate to an AWS CodeCommit repository, see -// Set up AWS CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) -// in the AWS CodeCommit User Guide. +// the associated IAM user to an CodeCommit repository. For more information +// about using SSH keys to authenticate to an CodeCommit repository, see Set +// up CodeCommit for SSH connections (https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-credentials-ssh.html) +// in the CodeCommit User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17196,7 +17287,8 @@ func (c *IAM) UploadSSHPublicKeyRequest(input *UploadSSHPublicKeyInput) (req *re // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeNoSuchEntityException "NoSuchEntity" // The request was rejected because it referenced a resource entity that does @@ -17280,20 +17372,21 @@ func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput // UploadServerCertificate API operation for AWS Identity and Access Management. // -// Uploads a server certificate entity for the AWS account. The server certificate +// Uploads a server certificate entity for the account. The server certificate // entity includes a public key certificate, a private key, and an optional // certificate chain, which should all be PEM-encoded. // -// We recommend that you use AWS Certificate Manager (https://docs.aws.amazon.com/acm/) +// We recommend that you use Certificate Manager (https://docs.aws.amazon.com/acm/) // to provision, manage, and deploy your server certificates. With ACM you can -// request a certificate, deploy it to AWS resources, and let ACM handle certificate -// renewals for you. Certificates provided by ACM are free. For more information -// about using ACM, see the AWS Certificate Manager User Guide (https://docs.aws.amazon.com/acm/latest/userguide/). +// request a certificate, deploy it to Amazon Web Services resources, and let +// ACM handle certificate renewals for you. Certificates provided by ACM are +// free. For more information about using ACM, see the Certificate Manager User +// Guide (https://docs.aws.amazon.com/acm/latest/userguide/). // // For more information about working with server certificates, see Working // with server certificates (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) -// in the IAM User Guide. This topic includes a list of AWS services that can -// use the server certificates that you manage with IAM. +// in the IAM User Guide. This topic includes a list of Amazon Web Services +// services that can use the server certificates that you manage with IAM. // // For information about the number of server certificates you can upload, see // IAM and STS quotas (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html) @@ -17302,10 +17395,11 @@ func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput // Because the body of the public key certificate, private key, and the certificate // chain can be large, you should use POST rather than GET when calling UploadServerCertificate. // For information about setting up signatures and authorization through the -// API, see Signing AWS API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) -// in the AWS General Reference. For general information about using the Query -// API with IAM, see Calling the API by making HTTP query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) -// in the IAM User Guide. +// API, see Signing Amazon Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) +// in the Amazon Web Services General Reference. For general information about +// using the Query API with IAM, see Calling the API by making HTTP query requests +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/programming.html) in the +// IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -17317,7 +17411,8 @@ func (c *IAM) UploadServerCertificateRequest(input *UploadServerCertificateInput // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeInvalidInputException "InvalidInput" // The request was rejected because an invalid or out-of-range value was supplied @@ -17411,26 +17506,26 @@ func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInp // UploadSigningCertificate API operation for AWS Identity and Access Management. // // Uploads an X.509 signing certificate and associates it with the specified -// IAM user. Some AWS services require you to use certificates to validate requests -// that are signed with a corresponding private key. When you upload the certificate, -// its default status is Active. +// IAM user. Some Amazon Web Services services require you to use certificates +// to validate requests that are signed with a corresponding private key. When +// you upload the certificate, its default status is Active. // // For information about when you would use an X.509 signing certificate, see // Managing server certificates in IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) // in the IAM User Guide. // // If the UserName is not specified, the IAM user name is determined implicitly -// based on the AWS access key ID used to sign the request. This operation works -// for access keys under the AWS account. Consequently, you can use this operation -// to manage AWS account root user credentials even if the AWS account has no -// associated users. +// based on the Amazon Web Services access key ID used to sign the request. +// This operation works for access keys under the account. Consequently, you +// can use this operation to manage account root user credentials even if the +// account has no associated users. // // Because the body of an X.509 certificate can be large, you should use POST // rather than GET when calling UploadSigningCertificate. For information about -// setting up signatures and authorization through the API, see Signing AWS -// API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) -// in the AWS General Reference. For general information about using the Query -// API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) +// setting up signatures and authorization through the API, see Signing Amazon +// Web Services API requests (https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) +// in the Amazon Web Services General Reference. For general information about +// using the Query API with IAM, see Making query requests (https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UsingQueryAPI.html) // in the IAM User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -17443,7 +17538,8 @@ func (c *IAM) UploadSigningCertificateRequest(input *UploadSigningCertificateInp // Returned Error Codes: // * ErrCodeLimitExceededException "LimitExceeded" // The request was rejected because it attempted to create resources beyond -// the current AWS account limits. The error message describes the limit exceeded. +// the current Amazon Web Services account limits. The error message describes +// the limit exceeded. // // * ErrCodeEntityAlreadyExistsException "EntityAlreadyExists" // The request was rejected because it attempted to create a resource that already @@ -17490,10 +17586,10 @@ func (c *IAM) UploadSigningCertificateWithContext(ctx aws.Context, input *Upload return out, req.Send() } -// An object that contains details about when a principal in the reported AWS -// Organizations entity last attempted to access an AWS service. A principal -// can be an IAM user, an IAM role, or the AWS account root user within the -// reported Organizations entity. +// An object that contains details about when a principal in the reported Organizations +// entity last attempted to access an Amazon Web Services service. A principal +// can be an IAM user, an IAM role, or the Amazon Web Services account root +// user within the reported Organizations entity. // // This data type is a response element in the GetOrganizationsAccessReport // operation. @@ -17502,7 +17598,7 @@ type AccessDetail struct { // The path of the Organizations entity (root, organizational unit, or account) // from which an authenticated principal last attempted to access the service. - // AWS does not report unauthenticated requests. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no principals (IAM users, IAM roles, or root users) // in the reported Organizations entity attempted to access the service within @@ -17511,7 +17607,7 @@ type AccessDetail struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when an authenticated principal most recently attempted to access the service. - // AWS does not report unauthenticated requests. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no principals in the reported Organizations entity // attempted to access the service within the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -17531,12 +17627,12 @@ type AccessDetail struct { // The namespace of the service in which access was attempted. // // To learn the service namespace of a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the Service Authorization Reference. Choose the name of the service to // view details for that service. In the first paragraph, find the service prefix. // For example, (service prefix: a4b). For more information about service namespaces, - // see AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // see Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` @@ -17592,7 +17688,7 @@ func (s *AccessDetail) SetTotalAuthenticatedEntities(v int64) *AccessDetail { return s } -// Contains information about an AWS access key. +// Contains information about an Amazon Web Services access key. // // This data type is used as a response element in the CreateAccessKey and ListAccessKeys // operations. @@ -17669,8 +17765,8 @@ func (s *AccessKey) SetUserName(v string) *AccessKey { return s } -// Contains information about the last time an AWS access key was used since -// IAM began tracking this information on April 22, 2015. +// Contains information about the last time an Amazon Web Services access key +// was used since IAM began tracking this information on April 22, 2015. // // This data type is used as a response element in the GetAccessKeyLastUsed // operation. @@ -17691,8 +17787,8 @@ type AccessKeyLastUsed struct { // LastUsedDate is a required field LastUsedDate *time.Time `type:"timestamp" required:"true"` - // The AWS Region where this access key was most recently used. The value for - // this field is "N/A" in the following situations: + // The Region where this access key was most recently used. The value for this + // field is "N/A" in the following situations: // // * The user does not have an access key. // @@ -17701,14 +17797,14 @@ type AccessKeyLastUsed struct { // // * There is no sign-in data associated with the user. // - // For more information about AWS Regions, see Regions and endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) + // For more information about Regions, see Regions and endpoints (https://docs.aws.amazon.com/general/latest/gr/rande.html) // in the Amazon Web Services General Reference. // // Region is a required field Region *string `type:"string" required:"true"` - // The name of the AWS service with which this access key was most recently - // used. The value of this field is "N/A" in the following situations: + // The name of the Amazon Web Services service with which this access key was + // most recently used. The value of this field is "N/A" in the following situations: // // * The user does not have an access key. // @@ -17749,7 +17845,8 @@ func (s *AccessKeyLastUsed) SetServiceName(v string) *AccessKeyLastUsed { return s } -// Contains information about an AWS access key, without its secret key. +// Contains information about an Amazon Web Services access key, without its +// secret key. // // This data type is used as a response element in the ListAccessKeys operation. type AccessKeyMetadata struct { @@ -18053,7 +18150,7 @@ type AttachGroupPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to attach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -18123,7 +18220,7 @@ type AttachRolePolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to attach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -18202,7 +18299,7 @@ type AttachUserPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to attach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -18331,10 +18428,11 @@ func (s *AttachedPermissionsBoundary) SetPermissionsBoundaryType(v string) *Atta type AttachedPolicy struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. PolicyArn *string `min:"20" type:"string"` // The friendly name of the attached policy. @@ -18366,7 +18464,7 @@ func (s *AttachedPolicy) SetPolicyName(v string) *AttachedPolicy { type ChangePasswordInput struct { _ struct{} `type:"structure"` - // The new password. The new password must conform to the AWS account's password + // The new password. The new password must conform to the account's password // policy, if one exists. // // The regex pattern (http://wikipedia.org/wiki/regex) that is used to validate @@ -18374,9 +18472,9 @@ type ChangePasswordInput struct { // any printable ASCII character from the space (\u0020) through the end of // the ASCII character range (\u00FF). You can also include the tab (\u0009), // line feed (\u000A), and carriage return (\u000D) characters. Any of these - // characters are valid in a password. However, many tools, such as the AWS - // Management Console, might restrict the ability to type certain characters - // because they have special meaning within that tool. + // characters are valid in a password. However, many tools, such as the Management + // Console, might restrict the ability to type certain characters because they + // have special meaning within that tool. // // NewPassword is a required field NewPassword *string `min:"1" type:"string" required:"true" sensitive:"true"` @@ -18861,9 +18959,9 @@ type CreateLoginProfileInput struct { // any printable ASCII character from the space (\u0020) through the end of // the ASCII character range (\u00FF). You can also include the tab (\u0009), // line feed (\u000A), and carriage return (\u000D) characters. Any of these - // characters are valid in a password. However, many tools, such as the AWS - // Management Console, might restrict the ability to type certain characters - // because they have special meaning within that tool. + // characters are valid in a password. However, many tools, such as the Management + // Console, might restrict the ability to type certain characters because they + // have special meaning within that tool. // // Password is a required field Password *string `min:"1" type:"string" required:"true" sensitive:"true"` @@ -19012,9 +19110,9 @@ type CreateOpenIDConnectProviderInput struct { // Typically the URL consists of only a hostname, like https://server.example.org // or https://example.com. // - // You cannot register the same provider multiple times in a single AWS account. + // You cannot register the same provider multiple times in a single account. // If you try to submit a URL that has already been used for an OpenID Connect - // provider in the AWS account, you will get an error. + // provider in the account, you will get an error. // // Url is a required field Url *string `min:"1" type:"string" required:"true"` @@ -19151,11 +19249,16 @@ type CreatePolicyInput struct { // The JSON policy document that you want to use as the content for the new // policy. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // To learn more about JSON policy grammar, see Grammar of the IAM JSON policy // language (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_grammar.html) // in the IAM User Guide. @@ -19300,7 +19403,7 @@ type CreatePolicyVersionInput struct { // a new version. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -19308,11 +19411,16 @@ type CreatePolicyVersionInput struct { // The JSON policy document that you want to use as the content for this new // version of the policy. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -19421,8 +19529,8 @@ type CreateRoleInput struct { // assume the role. // // In IAM, you must provide a JSON policy that has been converted to a string. - // However, for AWS CloudFormation templates formatted in YAML, you can provide - // the policy in JSON or YAML format. AWS CloudFormation always converts a YAML + // However, for CloudFormation templates formatted in YAML, you can provide + // the policy in JSON or YAML format. CloudFormation always converts a YAML // policy to JSON format before submitting it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -19449,8 +19557,8 @@ type CreateRoleInput struct { // role. If you do not specify a value for this setting, the default maximum // of one hour is applied. This setting can have a value from 1 hour to 12 hours. // - // Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds - // API parameter or the duration-seconds CLI parameter to request a longer session. + // Anyone who assumes the role from the or API can use the DurationSeconds API + // parameter or the duration-seconds CLI parameter to request a longer session. // The MaxSessionDuration setting determines the maximum duration that can be // requested using the DurationSeconds parameter. If users don't specify a value // for the DurationSeconds parameter, their security credentials are valid for @@ -19751,13 +19859,13 @@ func (s *CreateSAMLProviderOutput) SetTags(v []*Tag) *CreateSAMLProviderOutput { type CreateServiceLinkedRoleInput struct { _ struct{} `type:"structure"` - // The service principal for the AWS service to which this role is attached. - // You use a string similar to a URL but without the http:// in front. For example: - // elasticbeanstalk.amazonaws.com. + // The service principal for the Amazon Web Services service to which this role + // is attached. You use a string similar to a URL but without the http:// in + // front. For example: elasticbeanstalk.amazonaws.com. // // Service principals are unique and case-sensitive. To find the exact service - // principal for your service-linked role, see AWS services that work with IAM - // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) + // principal for your service-linked role, see Amazon Web Services services + // that work with IAM (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html) // in the IAM User Guide. Look for the services that have Yes in the Service-Linked // Role column. Choose the Yes link to view the service-linked role documentation // for that service. @@ -19853,9 +19961,9 @@ func (s *CreateServiceLinkedRoleOutput) SetRole(v *Role) *CreateServiceLinkedRol type CreateServiceSpecificCredentialInput struct { _ struct{} `type:"structure"` - // The name of the AWS service that is to be associated with the credentials. - // The service you specify here is the only service that can be accessed using - // these credentials. + // The name of the Amazon Web Services service that is to be associated with + // the credentials. The service you specify here is the only service that can + // be accessed using these credentials. // // ServiceName is a required field ServiceName *string `type:"string" required:"true"` @@ -20758,7 +20866,7 @@ type DeletePolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to delete. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -20817,7 +20925,7 @@ type DeletePolicyVersionInput struct { // a version. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -21814,7 +21922,7 @@ type DetachGroupPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to detach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -21884,7 +21992,7 @@ type DetachRolePolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to detach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -21963,7 +22071,7 @@ type DetachUserPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy you want to detach. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -22170,7 +22278,8 @@ func (s EnableMFADeviceOutput) GoString() string { } // An object that contains details about when the IAM entities (users or roles) -// were last used in an attempt to access the specified AWS service. +// were last used in an attempt to access the specified Amazon Web Services +// service. // // This data type is a response element in the GetServiceLastAccessedDetailsWithEntities // operation. @@ -22183,8 +22292,8 @@ type EntityDetails struct { EntityInfo *EntityInfo `type:"structure" required:"true"` // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - // when the authenticated entity last attempted to access AWS. AWS does not - // report unauthenticated requests. + // when the authenticated entity last attempted to access Amazon Web Services. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -22219,10 +22328,11 @@ func (s *EntityDetails) SetLastAuthenticated(v time.Time) *EntityDetails { type EntityInfo struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` @@ -22356,14 +22466,14 @@ type EvaluationResult struct { // If the simulation evaluates policies within the same account and specifies // all resources (*), then the parameter is not returned. // - // When you make a cross-account request, AWS evaluates the request in the trusting - // account and the trusted account. The request is allowed only if both evaluations - // return true. For more information about how policies are evaluated, see Evaluating - // policies within a single account (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics). + // When you make a cross-account request, Amazon Web Services evaluates the + // request in the trusting account and the trusted account. The request is allowed + // only if both evaluations return true. For more information about how policies + // are evaluated, see Evaluating policies within a single account (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-basics). // - // If an AWS Organizations SCP included in the evaluation denies access, the - // simulation ends. In this case, policy evaluation does not proceed any further - // and this parameter is not returned. + // If an Organizations SCP included in the evaluation denies access, the simulation + // ends. In this case, policy evaluation does not proceed any further and this + // parameter is not returned. EvalDecisionDetails map[string]*string `type:"map"` // The ARN of the resource that the indicated API operation was tested on. @@ -22513,20 +22623,20 @@ func (s *GenerateCredentialReportOutput) SetState(v string) *GenerateCredentialR type GenerateOrganizationsAccessReportInput struct { _ struct{} `type:"structure"` - // The path of the AWS Organizations entity (root, OU, or account). You can - // build an entity path using the known structure of your organization. For - // example, assume that your account ID is 123456789012 and its parent OU ID - // is ou-rge0-awsabcde. The organization root ID is r-f6g7h8i9j0example and - // your organization ID is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. + // The path of the Organizations entity (root, OU, or account). You can build + // an entity path using the known structure of your organization. For example, + // assume that your account ID is 123456789012 and its parent OU ID is ou-rge0-awsabcde. + // The organization root ID is r-f6g7h8i9j0example and your organization ID + // is o-a1b2c3d4e5. Your entity path is o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-rge0-awsabcde/123456789012. // // EntityPath is a required field EntityPath *string `min:"19" type:"string" required:"true"` - // The identifier of the AWS Organizations service control policy (SCP). This - // parameter is optional. + // The identifier of the Organizations service control policy (SCP). This parameter + // is optional. // // This ID is used to generate information about when an account principal that - // is limited by the SCP attempted to access an AWS service. + // is limited by the SCP attempted to access an Amazon Web Services service. OrganizationsPolicyId *string `type:"string"` } @@ -22596,7 +22706,7 @@ type GenerateServiceLastAccessedDetailsInput struct { // The ARN of the IAM resource (user, group, role, or managed policy) used to // generate information about when the resource was last used in an attempt - // to access an AWS service. + // to access an Amazon Web Services service. // // Arn is a required field Arn *string `min:"20" type:"string" required:"true"` @@ -22728,7 +22838,7 @@ type GetAccessKeyLastUsedOutput struct { // Contains information about the last time the access key was used. AccessKeyLastUsed *AccessKeyLastUsed `type:"structure"` - // The name of the AWS IAM user that owns this access key. + // The name of the IAM user that owns this access key. UserName *string `min:"1" type:"string"` } @@ -23088,7 +23198,7 @@ type GetContextKeysForPrincipalPolicyInput struct { // a real HTML request. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicySourceArn is a required field PolicySourceArn *string `min:"20" type:"string" required:"true"` @@ -23410,8 +23520,8 @@ type GetGroupPolicyOutput struct { // The policy document. // // IAM stores policies in JSON format. However, resources that were created - // using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation - // always converts a YAML policy to JSON format before submitting it to IAM. + // using CloudFormation templates can be formatted in YAML. CloudFormation always + // converts a YAML policy to JSON format before submitting it to IAM. // // PolicyDocument is a required field PolicyDocument *string `min:"1" type:"string" required:"true"` @@ -23570,7 +23680,8 @@ func (s *GetLoginProfileInput) SetUserName(v string) *GetLoginProfileInput { type GetLoginProfileOutput struct { _ struct{} `type:"structure"` - // A structure containing the user name and password create date for the user. + // A structure containing the user name and the profile creation date for the + // user. // // LoginProfile is a required field LoginProfile *LoginProfile `type:"structure" required:"true"` @@ -23600,7 +23711,7 @@ type GetOpenIDConnectProviderInput struct { // by using the ListOpenIDConnectProviders operation. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -23647,7 +23758,7 @@ type GetOpenIDConnectProviderOutput struct { ClientIDList []*string `type:"list"` // The date and time when the IAM OIDC provider resource object was created - // in the AWS account. + // in the account. CreateDate *time.Time `type:"timestamp"` // A list of tags that are attached to the specified IAM OIDC provider. The @@ -23917,7 +24028,7 @@ type GetPolicyInput struct { // about. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -23986,7 +24097,7 @@ type GetPolicyVersionInput struct { // about. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -24211,8 +24322,8 @@ type GetRolePolicyOutput struct { // The policy document. // // IAM stores policies in JSON format. However, resources that were created - // using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation - // always converts a YAML policy to JSON format before submitting it to IAM. + // using CloudFormation templates can be formatted in YAML. CloudFormation always + // converts a YAML policy to JSON format before submitting it to IAM. // // PolicyDocument is a required field PolicyDocument *string `min:"1" type:"string" required:"true"` @@ -24263,7 +24374,7 @@ type GetSAMLProviderInput struct { // to get information about. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -24745,16 +24856,17 @@ type GetServiceLastAccessedDetailsWithEntitiesInput struct { // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` - // The service namespace for an AWS service. Provide the service namespace to - // learn when the IAM entity last attempted to access the specified service. + // The service namespace for an Amazon Web Services service. Provide the service + // namespace to learn when the IAM entity last attempted to access the specified + // service. // // To learn the service namespace for a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the IAM User Guide. Choose the name of the service to view details for // that service. In the first paragraph, find the service prefix. For example, // (service prefix: a4b). For more information about service namespaces, see - // AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` @@ -24827,7 +24939,7 @@ type GetServiceLastAccessedDetailsWithEntitiesOutput struct { // An EntityDetailsList object that contains details about when an IAM entity // (user or role) used group or policy permissions in an attempt to access the - // specified AWS service. + // specified Amazon Web Services service. // // EntityDetailsList is a required field EntityDetailsList []*EntityDetails `type:"list" required:"true"` @@ -25055,10 +25167,11 @@ type GetUserOutput struct { // // You can use password last used information to identify unused credentials // for deletion. For example, you might delete users who did not sign in to - // AWS in the last 90 days. In cases like this, we recommend that you adjust - // your evaluation window to include dates after May 23, 2018. Alternatively, - // if your users use access keys to access AWS programmatically you can refer - // to access key last used information because it is accurate for all dates. + // Amazon Web Services in the last 90 days. In cases like this, we recommend + // that you adjust your evaluation window to include dates after May 23, 2018. + // Alternatively, if your users use access keys to access Amazon Web Services + // programmatically you can refer to access key last used information because + // it is accurate for all dates. // // User is a required field User *User `type:"structure" required:"true"` @@ -25153,8 +25266,8 @@ type GetUserPolicyOutput struct { // The policy document. // // IAM stores policies in JSON format. However, resources that were created - // using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation - // always converts a YAML policy to JSON format before submitting it to IAM. + // using CloudFormation templates can be formatted in YAML. CloudFormation always + // converts a YAML policy to JSON format before submitting it to IAM. // // PolicyDocument is a required field PolicyDocument *string `min:"1" type:"string" required:"true"` @@ -25290,10 +25403,11 @@ func (s *Group) SetPath(v string) *Group { type GroupDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // A list of the managed policies attached to the group. @@ -25669,8 +25783,8 @@ func (s *ListAccountAliasesInput) SetMaxItems(v int64) *ListAccountAliasesInput type ListAccountAliasesOutput struct { _ struct{} `type:"structure"` - // A list of aliases associated with the account. AWS supports only one alias - // per account. + // A list of aliases associated with the account. Amazon Web Services supports + // only one alias per account. // // AccountAliases is a required field AccountAliases []*string `type:"list" required:"true"` @@ -26203,7 +26317,7 @@ type ListEntitiesForPolicyInput struct { // The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -26754,9 +26868,9 @@ type ListInstanceProfileTagsInput struct { // The name of the IAM instance profile whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // InstanceProfileName is a required field InstanceProfileName *string `min:"1" type:"string" required:"true"` @@ -26767,16 +26881,15 @@ type ListInstanceProfileTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` } @@ -26834,11 +26947,11 @@ type ListInstanceProfileTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -27150,24 +27263,23 @@ type ListMFADeviceTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The unique identifier for the IAM virtual MFA device whose tags you want // to see. For virtual MFA devices, the serial number is the same as the ARN. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SerialNumber is a required field SerialNumber *string `min:"9" type:"string" required:"true"` @@ -27227,11 +27339,11 @@ type ListMFADeviceTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -27408,24 +27520,23 @@ type ListOpenIDConnectProviderTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The ARN of the OpenID Connect (OIDC) identity provider whose tags you want // to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -27485,11 +27596,11 @@ type ListOpenIDConnectProviderTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -27551,7 +27662,7 @@ func (s ListOpenIDConnectProvidersInput) GoString() string { type ListOpenIDConnectProvidersOutput struct { _ struct{} `type:"structure"` - // The list of IAM OIDC provider resource objects defined in the AWS account. + // The list of IAM OIDC provider resource objects defined in the account. OpenIDConnectProviderList []*OpenIDConnectProviderListEntry `type:"list"` } @@ -27586,12 +27697,12 @@ type ListPoliciesGrantingServiceAccessEntry struct { // The namespace of the service that was accessed. // // To learn the service namespace of a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the Service Authorization Reference. Choose the name of the service to // view details for that service. In the first paragraph, find the service prefix. // For example, (service prefix: a4b). For more information about service namespaces, - // see AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // see Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. ServiceNamespace *string `min:"1" type:"string"` } @@ -27632,15 +27743,16 @@ type ListPoliciesGrantingServiceAccessInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // The service namespace for the AWS services whose policies you want to list. + // The service namespace for the Amazon Web Services services whose policies + // you want to list. // // To learn the service namespace for a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the IAM User Guide. Choose the name of the service to view details for // that service. In the first paragraph, find the service prefix. For example, // (service prefix: a4b). For more information about service namespaces, see - // AWS service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // Amazon Web Services service namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespaces is a required field ServiceNamespaces []*string `min:"1" type:"list" required:"true"` @@ -27796,8 +27908,8 @@ type ListPoliciesInput struct { // The scope to use for filtering the results. // - // To list only AWS managed policies, set Scope to AWS. To list only the customer - // managed policies in your AWS account, set Scope to Local. + // To list only Amazon Web Services managed policies, set Scope to AWS. To list + // only the customer managed policies in your account, set Scope to Local. // // This parameter is optional. If it is not included, or if it is set to All, // all policies are returned. @@ -27926,23 +28038,22 @@ type ListPolicyTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The ARN of the IAM customer managed policy whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -28002,11 +28113,11 @@ type ListPolicyTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -28072,7 +28183,7 @@ type ListPolicyVersionsInput struct { // The Amazon Resource Name (ARN) of the IAM policy for which you want the versions. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -28319,16 +28430,15 @@ type ListRoleTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM role for which you want to see the list of tags. @@ -28395,11 +28505,11 @@ type ListRoleTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -28581,24 +28691,23 @@ type ListSAMLProviderTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The ARN of the Security Assertion Markup Language (SAML) identity provider // whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -28658,11 +28767,11 @@ type ListSAMLProviderTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -28724,7 +28833,8 @@ func (s ListSAMLProvidersInput) GoString() string { type ListSAMLProvidersOutput struct { _ struct{} `type:"structure"` - // The list of SAML provider resource objects defined in IAM for this AWS account. + // The list of SAML provider resource objects defined in IAM for this Amazon + // Web Services account. SAMLProviderList []*SAMLProviderListEntry `type:"list"` } @@ -28765,8 +28875,8 @@ type ListSSHPublicKeysInput struct { MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM user to list SSH public keys for. If none is specified, - // the UserName field is determined implicitly based on the AWS access key used - // to sign the request. + // the UserName field is determined implicitly based on the Amazon Web Services + // access key used to sign the request. // // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) // a string of characters consisting of upper and lowercase alphanumeric characters @@ -28878,23 +28988,22 @@ type ListServerCertificateTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM server certificate whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // ServerCertificateName is a required field ServerCertificateName *string `min:"1" type:"string" required:"true"` @@ -28954,11 +29063,11 @@ type ListServerCertificateTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -29134,8 +29243,9 @@ func (s *ListServerCertificatesOutput) SetServerCertificateMetadataList(v []*Ser type ListServiceSpecificCredentialsInput struct { _ struct{} `type:"structure"` - // Filters the returned results to only those for the specified AWS service. - // If not specified, then AWS returns service-specific credentials for all services. + // Filters the returned results to only those for the specified Amazon Web Services + // service. If not specified, then Amazon Web Services returns service-specific + // credentials for all services. ServiceName *string `type:"string"` // The name of the user whose service-specific credentials you want information @@ -29470,23 +29580,22 @@ type ListUserTagsInput struct { // the next call should start. Marker *string `min:"1" type:"string"` - // (Optional) Use this only when paginating results to indicate the maximum - // number of items that you want in the response. If additional items exist - // beyond the maximum that you specify, the IsTruncated response element is - // true. + // Use this only when paginating results to indicate the maximum number of items + // you want in the response. If additional items exist beyond the maximum you + // specify, the IsTruncated response element is true. // - // If you do not include this parameter, it defaults to 100. Note that IAM might - // return fewer results, even when more results are available. In that case, - // the IsTruncated response element returns true, and Marker contains a value - // to include in the subsequent call that tells the service where to continue - // from. + // If you do not include this parameter, the number of items defaults to 100. + // Note that IAM might return fewer results, even when there are more results + // available. In that case, the IsTruncated response element returns true, and + // Marker contains a value to include in the subsequent call that tells the + // service where to continue from. MaxItems *int64 `min:"1" type:"integer"` // The name of the IAM user whose tags you want to see. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // UserName is a required field UserName *string `min:"1" type:"string" required:"true"` @@ -29546,11 +29655,11 @@ type ListUserTagsOutput struct { _ struct{} `type:"structure"` // A flag that indicates whether there are more items to return. If your results - // were truncated, you can use the Marker request parameter to make a subsequent - // pagination request that retrieves more items. Note that IAM might return - // fewer than the MaxItems number of results even when more results are available. - // Check IsTruncated after every call to ensure that you receive all of your - // results. + // were truncated, you can make a subsequent pagination request using the Marker + // request parameter to retrieve more items. Note that IAM might return fewer + // than the MaxItems number of results even when there are more results available. + // We recommend that you check IsTruncated after every call to ensure that you + // receive all your results. IsTruncated *bool `type:"boolean"` // When IsTruncated is true, this element is present and contains the value @@ -29859,7 +29968,7 @@ type LoginProfile struct { // Specifies whether the user is required to set a new password on next sign-in. PasswordResetRequired *bool `type:"boolean"` - // The name of the user, which can be used for signing in to the AWS Management + // The name of the user, which can be used for signing in to the Management // Console. // // UserName is a required field @@ -29958,10 +30067,11 @@ func (s *MFADevice) SetUserName(v string) *MFADevice { type ManagedPolicyDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // The number of principal entities (users, groups, and roles) that the policy @@ -30108,10 +30218,11 @@ func (s *ManagedPolicyDetail) SetUpdateDate(v time.Time) *ManagedPolicyDetail { type OpenIDConnectProviderListEntry struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` } @@ -30318,10 +30429,11 @@ func (s *PermissionsBoundaryDecisionDetail) SetAllowedByPermissionsBoundary(v bo type Policy struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // The number of entities (users, groups, and roles) that the policy is attached @@ -30523,10 +30635,11 @@ type PolicyGrantingServiceAccess struct { // in the IAM User Guide. EntityType *string `type:"string" enum:"PolicyOwnerEntityType"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. PolicyArn *string `min:"20" type:"string"` // The policy name. @@ -30831,10 +30944,10 @@ type PutGroupPolicyInput struct { // The policy document. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting - // it to IAM. + // CloudFormation always converts a YAML policy to JSON format before submitting + // it to = IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: @@ -31010,9 +31123,9 @@ type PutRolePolicyInput struct { // The policy document. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -31198,9 +31311,9 @@ type PutUserPolicyInput struct { // The policy document. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -31321,7 +31434,7 @@ type RemoveClientIDFromOpenIDConnectProviderInput struct { // ListOpenIDConnectProviders operation. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -31870,9 +31983,8 @@ type Role struct { Description *string `type:"string"` // The maximum session duration (in seconds) for the specified role. Anyone - // who uses the AWS CLI, or API to assume the role can specify the duration - // using the optional DurationSeconds API parameter or duration-seconds CLI - // parameter. + // who uses the CLI, or API to assume the role can specify the duration using + // the optional DurationSeconds API parameter or duration-seconds CLI parameter. MaxSessionDuration *int64 `min:"3600" type:"integer"` // The path to the role. For more information about paths, see IAM identifiers @@ -31999,10 +32111,11 @@ func (s *Role) SetTags(v []*Tag) *Role { type RoleDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // The trust policy that grants permission to assume the role. @@ -32162,7 +32275,7 @@ type RoleLastUsed struct { // in the IAM User Guide. LastUsedDate *time.Time `type:"timestamp"` - // The name of the AWS Region in which the role was last used. + // The name of the Region in which the role was last used. Region *string `type:"string"` } @@ -32290,8 +32403,8 @@ type SSHPublicKey struct { SSHPublicKeyId *string `min:"20" type:"string" required:"true"` // The status of the SSH public key. Active means that the key can be used for - // authentication with an AWS CodeCommit repository. Inactive means that the - // key cannot be used. + // authentication with an CodeCommit repository. Inactive means that the key + // cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -32364,8 +32477,8 @@ type SSHPublicKeyMetadata struct { SSHPublicKeyId *string `min:"20" type:"string" required:"true"` // The status of the SSH public key. Active means that the key can be used for - // authentication with an AWS CodeCommit repository. Inactive means that the - // key cannot be used. + // authentication with an CodeCommit repository. Inactive means that the key + // cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -32574,21 +32687,22 @@ type ServiceLastAccessed struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when an authenticated entity most recently attempted to access the service. - // AWS does not report unauthenticated requests. + // Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). LastAuthenticated *time.Time `type:"timestamp"` // The ARN of the authenticated entity (user or role) that last attempted to - // access the service. AWS does not report unauthenticated requests. + // access the service. Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). LastAuthenticatedEntity *string `min:"20" type:"string"` // The Region from which the authenticated entity (user or role) last attempted - // to access the service. AWS does not report unauthenticated requests. + // to access the service. Amazon Web Services does not report unauthenticated + // requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -32602,12 +32716,12 @@ type ServiceLastAccessed struct { // The namespace of the service in which access was attempted. // // To learn the service namespace of a service, see Actions, resources, and - // condition keys for AWS services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) + // condition keys for Amazon Web Services services (https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html) // in the Service Authorization Reference. Choose the name of the service to // view details for that service. In the first paragraph, find the service prefix. // For example, (service prefix: a4b). For more information about service namespaces, - // see AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) - // in the AWS General Reference. + // see Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) + // in the Amazon Web Services General Reference. // // ServiceNamespace is a required field ServiceNamespace *string `min:"1" type:"string" required:"true"` @@ -32709,8 +32823,8 @@ type ServiceSpecificCredential struct { // The generated user name for the service-specific credential. This value is // generated by combining the IAM user's name combined with the ID number of - // the AWS account, as in jane-at-123456789012, for example. This value cannot - // be configured by the user. + // the Amazon Web Services account, as in jane-at-123456789012, for example. + // This value cannot be configured by the user. // // ServiceUserName is a required field ServiceUserName *string `min:"17" type:"string" required:"true"` @@ -32869,7 +32983,7 @@ type SetDefaultPolicyVersionInput struct { // want to set. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -32943,12 +33057,12 @@ type SetSecurityTokenServicePreferencesInput struct { _ struct{} `type:"structure"` // The version of the global endpoint token. Version 1 tokens are valid only - // in AWS Regions that are available by default. These tokens do not work in - // manually enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens - // are valid in all Regions. However, version 2 tokens are longer and might - // affect systems where you temporarily store tokens. + // in Regions that are available by default. These tokens do not work in manually + // enabled Regions, such as Asia Pacific (Hong Kong). Version 2 tokens are valid + // in all Regions. However, version 2 tokens are longer and might affect systems + // where you temporarily store tokens. // - // For information, see Activating and deactivating STS in an AWS region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // For information, see Activating and deactivating STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // GlobalEndpointTokenVersion is a required field @@ -33120,6 +33234,11 @@ type SimulateCustomPolicyInput struct { // in the IAM User Guide. The policy input is specified as a string that contains // the complete, valid JSON text of a permissions boundary policy. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33143,6 +33262,11 @@ type SimulateCustomPolicyInput struct { // API operations. In other words, do not use policies designed to restrict // what a user can do while using the temporary credentials. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33158,12 +33282,12 @@ type SimulateCustomPolicyInput struct { // PolicyInputList is a required field PolicyInputList []*string `type:"list" required:"true"` - // A list of ARNs of AWS resources to include in the simulation. If this parameter - // is not provided, then the value defaults to * (all resources). Each API in - // the ActionNames parameter is evaluated for each resource in this list. The - // simulation determines the access result (allowed or denied) of each combination - // and reports it in the response. You can simulate resources that don't exist - // in your account. + // A list of ARNs of Amazon Web Services resources to include in the simulation. + // If this parameter is not provided, then the value defaults to * (all resources). + // Each API in the ActionNames parameter is evaluated for each resource in this + // list. The simulation determines the access result (allowed or denied) of + // each combination and reports it in the response. You can simulate resources + // that don't exist in your account. // // The simulation does not automatically retrieve policies for the specified // resources. If you want to include a resource policy in the simulation, then @@ -33173,7 +33297,7 @@ type SimulateCustomPolicyInput struct { // resources included in the simulation or you receive an invalid input error. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. ResourceArns []*string `type:"list"` // Specifies the type of simulation to run. Different API operations that support @@ -33207,7 +33331,7 @@ type SimulateCustomPolicyInput struct { // subnet, volume ResourceHandlingOption *string `min:"1" type:"string"` - // An ARN representing the AWS account ID that specifies the owner of any simulated + // An ARN representing the account ID that specifies the owner of any simulated // resource that does not identify its owner in the resource ARN. Examples of // resource ARNs include an S3 bucket or object. If ResourceOwner is specified, // it is also used as the account owner of any ResourcePolicy included in the @@ -33226,6 +33350,11 @@ type SimulateCustomPolicyInput struct { // Each resource in the simulation is treated as if it had this policy attached. // You can include only one resource-based policy in a simulation. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33435,7 +33564,7 @@ type SimulatePrincipalPolicyInput struct { // policy's Principal element has a value to use in evaluating the policy. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. CallerArn *string `min:"1" type:"string"` // A list of context keys and corresponding values for the simulation to use. @@ -33471,6 +33600,11 @@ type SimulatePrincipalPolicyInput struct { // in the IAM User Guide. The policy input is specified as a string containing // the complete, valid JSON text of a permissions boundary policy. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33507,25 +33641,30 @@ type SimulatePrincipalPolicyInput struct { // If you specify a user, the simulation also includes all policies that are // attached to any groups the user belongs to. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // PolicySourceArn is a required field PolicySourceArn *string `min:"20" type:"string" required:"true"` - // A list of ARNs of AWS resources to include in the simulation. If this parameter - // is not provided, then the value defaults to * (all resources). Each API in - // the ActionNames parameter is evaluated for each resource in this list. The - // simulation determines the access result (allowed or denied) of each combination - // and reports it in the response. You can simulate resources that don't exist - // in your account. + // A list of ARNs of Amazon Web Services resources to include in the simulation. + // If this parameter is not provided, then the value defaults to * (all resources). + // Each API in the ActionNames parameter is evaluated for each resource in this + // list. The simulation determines the access result (allowed or denied) of + // each combination and reports it in the response. You can simulate resources + // that don't exist in your account. // // The simulation does not automatically retrieve policies for the specified // resources. If you want to include a resource policy in the simulation, then // you must include the policy as a string in the ResourcePolicy parameter. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. ResourceArns []*string `type:"list"` // Specifies the type of simulation to run. Different API operations that support @@ -33559,11 +33698,11 @@ type SimulatePrincipalPolicyInput struct { // subnet, volume ResourceHandlingOption *string `min:"1" type:"string"` - // An AWS account ID that specifies the owner of any simulated resource that - // does not identify its owner in the resource ARN. Examples of resource ARNs - // include an S3 bucket or object. If ResourceOwner is specified, it is also - // used as the account owner of any ResourcePolicy included in the simulation. - // If the ResourceOwner parameter is not specified, then the owner of the resources + // An account ID that specifies the owner of any simulated resource that does + // not identify its owner in the resource ARN. Examples of resource ARNs include + // an S3 bucket or object. If ResourceOwner is specified, it is also used as + // the account owner of any ResourcePolicy included in the simulation. If the + // ResourceOwner parameter is not specified, then the owner of the resources // and the resource policy defaults to the account of the identity provided // in CallerArn. This parameter is required only if you specify a resource-based // policy and account that owns the resource is different from the account that @@ -33574,6 +33713,11 @@ type SimulatePrincipalPolicyInput struct { // Each resource in the simulation is treated as if it had this policy attached. // You can include only one resource-based policy in a simulation. // + // The maximum length of the policy document that you can pass in this operation, + // including whitespace, is listed below. To view the maximum character counts + // of a managed policy with no whitespaces, see IAM and STS character quotas + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length). + // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this // parameter is a string of characters consisting of the following: // @@ -33791,9 +33935,9 @@ type Tag struct { // number associated with the different cost centers in your company. Typically, // many resources have tags with the same key name but with different values. // - // AWS always interprets the tag Value as a single string. If you need to store - // an array, you can store comma-separated values in the string. However, you - // must interpret the value in your code. + // Amazon Web Services always interprets the tag Value as a single string. If + // you need to store an array, you can store comma-separated values in the string. + // However, you must interpret the value in your code. // // Value is a required field Value *string `type:"string" required:"true"` @@ -33845,9 +33989,9 @@ type TagInstanceProfileInput struct { // The name of the IAM instance profile to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // InstanceProfileName is a required field InstanceProfileName *string `min:"1" type:"string" required:"true"` @@ -33930,9 +34074,9 @@ type TagMFADeviceInput struct { // The unique identifier for the IAM virtual MFA device to which you want to // add tags. For virtual MFA devices, the serial number is the same as the ARN. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SerialNumber is a required field SerialNumber *string `min:"9" type:"string" required:"true"` @@ -34014,9 +34158,9 @@ type TagOpenIDConnectProviderInput struct { // The ARN of the OIDC identity provider in IAM to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -34098,9 +34242,9 @@ type TagPolicyInput struct { // The ARN of the IAM customer managed policy to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -34266,9 +34410,9 @@ type TagSAMLProviderInput struct { // The ARN of the SAML identity provider in IAM to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -34350,9 +34494,9 @@ type TagServerCertificateInput struct { // The name of the IAM server certificate to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // ServerCertificateName is a required field ServerCertificateName *string `min:"1" type:"string" required:"true"` @@ -34440,9 +34584,9 @@ type TagUserInput struct { // The name of the IAM user to which you want to add tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // UserName is a required field UserName *string `min:"1" type:"string" required:"true"` @@ -34525,14 +34669,16 @@ type TrackedActionLastAccessed struct { // are actions that report activity to IAM. ActionName *string `type:"string"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. LastAccessedEntity *string `min:"20" type:"string"` // The Region from which the authenticated entity (user or role) last attempted - // to access the tracked action. AWS does not report unauthenticated requests. + // to access the tracked action. Amazon Web Services does not report unauthenticated + // requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -34540,7 +34686,7 @@ type TrackedActionLastAccessed struct { // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), // when an authenticated entity most recently attempted to access the tracked - // service. AWS does not report unauthenticated requests. + // service. Amazon Web Services does not report unauthenticated requests. // // This field is null if no IAM entities attempted to access the service within // the reporting period (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#service-last-accessed-reporting-period). @@ -34586,9 +34732,9 @@ type UntagInstanceProfileInput struct { // The name of the IAM instance profile from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // InstanceProfileName is a required field InstanceProfileName *string `min:"1" type:"string" required:"true"` @@ -34662,9 +34808,9 @@ type UntagMFADeviceInput struct { // to remove tags. For virtual MFA devices, the serial number is the same as // the ARN. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SerialNumber is a required field SerialNumber *string `min:"9" type:"string" required:"true"` @@ -34736,9 +34882,9 @@ type UntagOpenIDConnectProviderInput struct { // The ARN of the OIDC provider in IAM from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -34811,9 +34957,9 @@ type UntagPolicyInput struct { // The ARN of the IAM customer managed policy from which you want to remove // tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // PolicyArn is a required field PolicyArn *string `min:"20" type:"string" required:"true"` @@ -34960,9 +35106,9 @@ type UntagSAMLProviderInput struct { // The ARN of the SAML identity provider in IAM from which you want to remove // tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -35034,9 +35180,9 @@ type UntagServerCertificateInput struct { // The name of the IAM server certificate from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // ServerCertificateName is a required field ServerCertificateName *string `min:"1" type:"string" required:"true"` @@ -35114,9 +35260,9 @@ type UntagUserInput struct { // The name of the IAM user from which you want to remove tags. // - // This parameter accepts (through its regex pattern (http://wikipedia.org/wiki/regex)) - // a string of characters that consist of upper and lowercase alphanumeric characters - // with no spaces. You can also include any of the following characters: =,.@- + // This parameter allows (through its regex pattern (http://wikipedia.org/wiki/regex)) + // a string of characters consisting of upper and lowercase alphanumeric characters + // with no spaces. You can also include any of the following characters: _+=,.@- // // UserName is a required field UserName *string `min:"1" type:"string" required:"true"` @@ -35190,8 +35336,8 @@ type UpdateAccessKeyInput struct { AccessKeyId *string `min:"16" type:"string" required:"true"` // The status you want to assign to the secret access key. Active means that - // the key can be used for programmatic calls to AWS, while Inactive means that - // the key cannot be used. + // the key can be used for programmatic calls to Amazon Web Services, while + // Inactive means that the key cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -35271,9 +35417,9 @@ func (s UpdateAccessKeyOutput) GoString() string { type UpdateAccountPasswordPolicyInput struct { _ struct{} `type:"structure"` - // Allows all IAM users in your account to use the AWS Management Console to - // change their own passwords. For more information, see Letting IAM users change - // their own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html) + // Allows all IAM users in your account to use the Management Console to change + // their own passwords. For more information, see Letting IAM users change their + // own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html) // in the IAM User Guide. // // If you do not specify a value for this parameter, then the operation uses @@ -35446,9 +35592,9 @@ type UpdateAssumeRolePolicyInput struct { // The policy that grants an entity permission to assume the role. // - // You must provide policies in JSON format in IAM. However, for AWS CloudFormation + // You must provide policies in JSON format in IAM. However, for CloudFormation // templates formatted in YAML, you can provide the policy in JSON or YAML format. - // AWS CloudFormation always converts a YAML policy to JSON format before submitting + // CloudFormation always converts a YAML policy to JSON format before submitting // it to IAM. // // The regex pattern (http://wikipedia.org/wiki/regex) used to validate this @@ -35647,8 +35793,7 @@ type UpdateLoginProfileInput struct { // return (\u000D) // // However, the format can be further restricted by the account administrator - // by setting a password policy on the AWS account. For more information, see - // UpdateAccountPasswordPolicy. + // by setting a password policy on the account. For more information, see UpdateAccountPasswordPolicy. Password *string `min:"1" type:"string" sensitive:"true"` // Allows this new password to be used only once by requiring the specified @@ -35734,7 +35879,7 @@ type UpdateOpenIDConnectProviderThumbprintInput struct { // ARNs by using the ListOpenIDConnectProviders operation. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // OpenIDConnectProviderArn is a required field OpenIDConnectProviderArn *string `min:"20" type:"string" required:"true"` @@ -35889,7 +36034,7 @@ type UpdateRoleInput struct { // role. If you do not specify a value for this setting, the default maximum // of one hour is applied. This setting can have a value from 1 hour to 12 hours. // - // Anyone who assumes the role from the AWS CLI or API can use the DurationSeconds + // Anyone who assumes the role from the CLI or API can use the DurationSeconds // API parameter or the duration-seconds CLI parameter to request a longer session. // The MaxSessionDuration setting determines the maximum duration that can be // requested using the DurationSeconds parameter. If users don't specify a value @@ -35983,7 +36128,7 @@ type UpdateSAMLProviderInput struct { // The Amazon Resource Name (ARN) of the SAML provider to update. // // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. // // SAMLProviderArn is a required field SAMLProviderArn *string `min:"20" type:"string" required:"true"` @@ -36070,7 +36215,7 @@ type UpdateSSHPublicKeyInput struct { SSHPublicKeyId *string `min:"20" type:"string" required:"true"` // The status to assign to the SSH public key. Active means that the key can - // be used for authentication with an AWS CodeCommit repository. Inactive means + // be used for authentication with an CodeCommit repository. Inactive means // that the key cannot be used. // // Status is a required field @@ -36354,8 +36499,8 @@ type UpdateSigningCertificateInput struct { CertificateId *string `min:"24" type:"string" required:"true"` // The status you want to assign to the certificate. Active means that the certificate - // can be used for programmatic calls to AWS Inactive means that the certificate - // cannot be used. + // can be used for programmatic calls to Amazon Web Services Inactive means + // that the certificate cannot be used. // // Status is a required field Status *string `type:"string" required:"true" enum:"StatusType"` @@ -36969,9 +37114,9 @@ type User struct { CreateDate *time.Time `type:"timestamp" required:"true"` // The date and time, in ISO 8601 date-time format (http://www.iso.org/iso/iso8601), - // when the user's password was last used to sign in to an AWS website. For - // a list of AWS websites that capture a user's last sign-in time, see the Credential - // reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) + // when the user's password was last used to sign in to an Amazon Web Services + // website. For a list of Amazon Web Services websites that capture a user's + // last sign-in time, see the Credential reports (https://docs.aws.amazon.com/IAM/latest/UserGuide/credential-reports.html) // topic in the IAM User Guide. If a password is used more than once in a five-minute // span, only the first use is returned in this field. If the field is null // (no value), then it indicates that they never signed in with a password. @@ -37087,10 +37232,11 @@ func (s *User) SetUserName(v string) *User { type UserDetail struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN). ARNs are unique identifiers for AWS resources. + // The Amazon Resource Name (ARN). ARNs are unique identifiers for Amazon Web + // Services resources. // // For more information about ARNs, go to Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. Arn *string `min:"20" type:"string"` // A list of the managed policies attached to the user. diff --git a/service/iam/doc.go b/service/iam/doc.go index 13f89fa1900..c8a978b6eef 100644 --- a/service/iam/doc.go +++ b/service/iam/doc.go @@ -3,12 +3,12 @@ // Package iam provides the client and types for making API // requests to AWS Identity and Access Management. // -// AWS Identity and Access Management (IAM) is a web service for securely controlling -// access to AWS services. With IAM, you can centrally manage users, security -// credentials such as access keys, and permissions that control which AWS resources -// users and applications can access. For more information about IAM, see AWS -// Identity and Access Management (IAM) (http://aws.amazon.com/iam/) and the -// AWS Identity and Access Management User Guide (https://docs.aws.amazon.com/IAM/latest/UserGuide/). +// Identity and Access Management (IAM) is a web service for securely controlling +// access to Amazon Web Services services. With IAM, you can centrally manage +// users, security credentials such as access keys, and permissions that control +// which Amazon Web Services resources users and applications can access. For +// more information about IAM, see Identity and Access Management (IAM) (http://aws.amazon.com/iam/) +// and the Identity and Access Management User Guide (https://docs.aws.amazon.com/IAM/latest/UserGuide/). // // See https://docs.aws.amazon.com/goto/WebAPI/iam-2010-05-08 for more information on this service. // diff --git a/service/iam/errors.go b/service/iam/errors.go index 3a4ff5f0502..376c9710ee7 100644 --- a/service/iam/errors.go +++ b/service/iam/errors.go @@ -117,7 +117,8 @@ const ( // "LimitExceeded". // // The request was rejected because it attempted to create resources beyond - // the current AWS account limits. The error message describes the limit exceeded. + // the current Amazon Web Services account limits. The error message describes + // the limit exceeded. ErrCodeLimitExceededException = "LimitExceeded" // ErrCodeMalformedCertificateException for service response error code @@ -158,8 +159,8 @@ const ( // ErrCodePolicyNotAttachableException for service response error code // "PolicyNotAttachable". // - // The request failed because AWS service role policies can only be attached - // to the service-linked role for that service. + // The request failed because Amazon Web Services service role policies can + // only be attached to the service-linked role for that service. ErrCodePolicyNotAttachableException = "PolicyNotAttachable" // ErrCodeReportGenerationLimitExceededException for service response error code diff --git a/service/iotsitewise/api.go b/service/iotsitewise/api.go index 3cb75894ed9..e50c013dd66 100644 --- a/service/iotsitewise/api.go +++ b/service/iotsitewise/api.go @@ -63,7 +63,7 @@ func (c *IoTSiteWise) AssociateAssetsRequest(input *AssociateAssetsInput) (req * // Associates a child asset with the given parent asset through a hierarchy // defined in the parent asset's model. For more information, see Associating // assets (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/add-associated-assets.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -81,7 +81,7 @@ func (c *IoTSiteWise) AssociateAssetsRequest(input *AssociateAssetsInput) (req * // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -89,15 +89,15 @@ func (c *IoTSiteWise) AssociateAssetsRequest(input *AssociateAssetsInput) (req * // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -171,7 +171,7 @@ func (c *IoTSiteWise) BatchAssociateProjectAssetsRequest(input *BatchAssociatePr // BatchAssociateProjectAssets API operation for AWS IoT SiteWise. // -// Associates a group (batch) of assets with an AWS IoT SiteWise Monitor project. +// Associates a group (batch) of assets with an IoT SiteWise Monitor project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -189,15 +189,15 @@ func (c *IoTSiteWise) BatchAssociateProjectAssetsRequest(input *BatchAssociatePr // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -205,7 +205,7 @@ func (c *IoTSiteWise) BatchAssociateProjectAssetsRequest(input *BatchAssociatePr // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/BatchAssociateProjectAssets func (c *IoTSiteWise) BatchAssociateProjectAssets(input *BatchAssociateProjectAssetsInput) (*BatchAssociateProjectAssetsOutput, error) { @@ -275,8 +275,7 @@ func (c *IoTSiteWise) BatchDisassociateProjectAssetsRequest(input *BatchDisassoc // BatchDisassociateProjectAssets API operation for AWS IoT SiteWise. // -// Disassociates a group (batch) of assets from an AWS IoT SiteWise Monitor -// project. +// Disassociates a group (batch) of assets from an IoT SiteWise Monitor project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -294,15 +293,15 @@ func (c *IoTSiteWise) BatchDisassociateProjectAssetsRequest(input *BatchDisassoc // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/BatchDisassociateProjectAssets func (c *IoTSiteWise) BatchDisassociateProjectAssets(input *BatchDisassociateProjectAssetsInput) (*BatchDisassociateProjectAssetsOutput, error) { @@ -372,10 +371,10 @@ func (c *IoTSiteWise) BatchPutAssetPropertyValueRequest(input *BatchPutAssetProp // BatchPutAssetPropertyValue API operation for AWS IoT SiteWise. // -// Sends a list of asset property values to AWS IoT SiteWise. Each value is -// a timestamp-quality-value (TQV) data point. For more information, see Ingesting -// data using the API (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/ingest-api.html) -// in the AWS IoT SiteWise User Guide. +// Sends a list of asset property values to IoT SiteWise. Each value is a timestamp-quality-value +// (TQV) data point. For more information, see Ingesting data using the API +// (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/ingest-api.html) +// in the IoT SiteWise User Guide. // // To identify an asset property, you must specify one of the following: // @@ -384,21 +383,18 @@ func (c *IoTSiteWise) BatchPutAssetPropertyValueRequest(input *BatchPutAssetProp // * A propertyAlias, which is a data stream alias (for example, /company/windfarm/3/turbine/7/temperature). // To define an asset property's alias, see UpdateAssetProperty (https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_UpdateAssetProperty.html). // -// With respect to Unix epoch time, AWS IoT SiteWise accepts only TQVs that -// have a timestamp of no more than 7 days in the past and no more than 10 minutes -// in the future. AWS IoT SiteWise rejects timestamps outside of the inclusive -// range of [-7 days, +10 minutes] and returns a TimestampOutOfRangeException -// error. +// With respect to Unix epoch time, IoT SiteWise accepts only TQVs that have +// a timestamp of no more than 7 days in the past and no more than 10 minutes +// in the future. IoT SiteWise rejects timestamps outside of the inclusive range +// of [-7 days, +10 minutes] and returns a TimestampOutOfRangeException error. // -// For each asset property, AWS IoT SiteWise overwrites TQVs with duplicate -// timestamps unless the newer TQV has a different quality. For example, if -// you store a TQV {T1, GOOD, V1}, then storing {T1, GOOD, V2} replaces the -// existing TQV. +// For each asset property, IoT SiteWise overwrites TQVs with duplicate timestamps +// unless the newer TQV has a different quality. For example, if you store a +// TQV {T1, GOOD, V1}, then storing {T1, GOOD, V2} replaces the existing TQV. // -// AWS IoT SiteWise authorizes access to each BatchPutAssetPropertyValue entry -// individually. For more information, see BatchPutAssetPropertyValue authorization -// (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-batchputassetpropertyvalue-action) -// in the AWS IoT SiteWise User Guide. +// IoT SiteWise authorizes access to each BatchPutAssetPropertyValue entry individually. +// For more information, see BatchPutAssetPropertyValue authorization (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-id-based-policies-batchputassetpropertyvalue-action) +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -416,15 +412,15 @@ func (c *IoTSiteWise) BatchPutAssetPropertyValueRequest(input *BatchPutAssetProp // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -432,7 +428,7 @@ func (c *IoTSiteWise) BatchPutAssetPropertyValueRequest(input *BatchPutAssetProp // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ServiceUnavailableException // The requested service is unavailable. @@ -509,9 +505,9 @@ func (c *IoTSiteWise) CreateAccessPolicyRequest(input *CreateAccessPolicyInput) // CreateAccessPolicy API operation for AWS IoT SiteWise. // -// Creates an access policy that grants the specified identity (AWS SSO user, -// AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor -// portal or project resource. +// Creates an access policy that grants the specified identity (Amazon Web Services +// SSO user, Amazon Web Services SSO group, or IAM user) access to the specified +// IoT SiteWise Monitor portal or project resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -529,15 +525,15 @@ func (c *IoTSiteWise) CreateAccessPolicyRequest(input *CreateAccessPolicyInput) // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -545,7 +541,7 @@ func (c *IoTSiteWise) CreateAccessPolicyRequest(input *CreateAccessPolicyInput) // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/CreateAccessPolicy func (c *IoTSiteWise) CreateAccessPolicy(input *CreateAccessPolicyInput) (*CreateAccessPolicyOutput, error) { @@ -617,7 +613,7 @@ func (c *IoTSiteWise) CreateAssetRequest(input *CreateAssetInput) (req *request. // // Creates an asset from an existing asset model. For more information, see // Creating assets (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/create-assets.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -638,15 +634,15 @@ func (c *IoTSiteWise) CreateAssetRequest(input *CreateAssetInput) (req *request. // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -654,7 +650,7 @@ func (c *IoTSiteWise) CreateAssetRequest(input *CreateAssetInput) (req *request. // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -733,7 +729,7 @@ func (c *IoTSiteWise) CreateAssetModelRequest(input *CreateAssetModelInput) (req // assets of the same type that have standardized definitions. Each asset created // from a model inherits the asset model's property and hierarchy definitions. // For more information, see Defining asset models (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/define-models.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -754,15 +750,15 @@ func (c *IoTSiteWise) CreateAssetModelRequest(input *CreateAssetModelInput) (req // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -770,7 +766,7 @@ func (c *IoTSiteWise) CreateAssetModelRequest(input *CreateAssetModelInput) (req // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -844,7 +840,7 @@ func (c *IoTSiteWise) CreateDashboardRequest(input *CreateDashboardInput) (req * // CreateDashboard API operation for AWS IoT SiteWise. // -// Creates a dashboard in an AWS IoT SiteWise Monitor project. +// Creates a dashboard in an IoT SiteWise Monitor project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -862,15 +858,15 @@ func (c *IoTSiteWise) CreateDashboardRequest(input *CreateDashboardInput) (req * // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -878,7 +874,7 @@ func (c *IoTSiteWise) CreateDashboardRequest(input *CreateDashboardInput) (req * // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/CreateDashboard func (c *IoTSiteWise) CreateDashboard(input *CreateDashboardInput) (*CreateDashboardOutput, error) { @@ -949,9 +945,9 @@ func (c *IoTSiteWise) CreateGatewayRequest(input *CreateGatewayInput) (req *requ // CreateGateway API operation for AWS IoT SiteWise. // // Creates a gateway, which is a virtual or edge device that delivers industrial -// data streams from local servers to AWS IoT SiteWise. For more information, -// see Ingesting data using a gateway (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/gateway-connector.html) -// in the AWS IoT SiteWise User Guide. +// data streams from local servers to IoT SiteWise. For more information, see +// Ingesting data using a gateway (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/gateway-connector.html) +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -969,15 +965,15 @@ func (c *IoTSiteWise) CreateGatewayRequest(input *CreateGatewayInput) (req *requ // The resource already exists. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -985,7 +981,7 @@ func (c *IoTSiteWise) CreateGatewayRequest(input *CreateGatewayInput) (req *requ // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/CreateGateway func (c *IoTSiteWise) CreateGateway(input *CreateGatewayInput) (*CreateGatewayOutput, error) { @@ -1055,14 +1051,14 @@ func (c *IoTSiteWise) CreatePortalRequest(input *CreatePortalInput) (req *reques // CreatePortal API operation for AWS IoT SiteWise. // -// Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise -// Monitor uses AWS SSO or IAM to authenticate portal users and manage user -// permissions. +// Creates a portal, which can contain projects and dashboards. IoT SiteWise +// Monitor uses Amazon Web Services SSO or IAM to authenticate portal users +// and manage user permissions. // // Before you can sign in to a new portal, you must add at least one identity // to that portal. For more information, see Adding or removing portal administrators // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/administer-portals.html#portal-change-admins) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1080,15 +1076,15 @@ func (c *IoTSiteWise) CreatePortalRequest(input *CreatePortalInput) (req *reques // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -1096,7 +1092,7 @@ func (c *IoTSiteWise) CreatePortalRequest(input *CreatePortalInput) (req *reques // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/CreatePortal func (c *IoTSiteWise) CreatePortal(input *CreatePortalInput) (*CreatePortalOutput, error) { @@ -1184,15 +1180,15 @@ func (c *IoTSiteWise) CreateProjectRequest(input *CreateProjectInput) (req *requ // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -1200,7 +1196,7 @@ func (c *IoTSiteWise) CreateProjectRequest(input *CreateProjectInput) (req *requ // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/CreateProject func (c *IoTSiteWise) CreateProject(input *CreateProjectInput) (*CreateProjectOutput, error) { @@ -1272,8 +1268,8 @@ func (c *IoTSiteWise) DeleteAccessPolicyRequest(input *DeleteAccessPolicyInput) // DeleteAccessPolicy API operation for AWS IoT SiteWise. // // Deletes an access policy that grants the specified identity access to the -// specified AWS IoT SiteWise Monitor resource. You can use this operation to -// revoke access to an AWS IoT SiteWise Monitor resource. +// specified IoT SiteWise Monitor resource. You can use this operation to revoke +// access to an IoT SiteWise Monitor resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1291,15 +1287,15 @@ func (c *IoTSiteWise) DeleteAccessPolicyRequest(input *DeleteAccessPolicyInput) // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DeleteAccessPolicy func (c *IoTSiteWise) DeleteAccessPolicy(input *DeleteAccessPolicyInput) (*DeleteAccessPolicyOutput, error) { @@ -1371,7 +1367,7 @@ func (c *IoTSiteWise) DeleteAssetRequest(input *DeleteAssetInput) (req *request. // // Deletes an asset. This action can't be undone. For more information, see // Deleting assets and models (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/delete-assets-and-models.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // You can't delete an asset that's associated to another asset. For more information, // see DisassociateAssets (https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_DisassociateAssets.html). @@ -1392,15 +1388,15 @@ func (c *IoTSiteWise) DeleteAssetRequest(input *DeleteAssetInput) (req *request. // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -1479,7 +1475,7 @@ func (c *IoTSiteWise) DeleteAssetModelRequest(input *DeleteAssetModelInput) (req // you can't delete an asset model if a parent asset model exists that contains // a property formula expression that depends on the asset model that you want // to delete. For more information, see Deleting assets and models (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/delete-assets-and-models.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1497,15 +1493,15 @@ func (c *IoTSiteWise) DeleteAssetModelRequest(input *DeleteAssetModelInput) (req // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -1580,7 +1576,7 @@ func (c *IoTSiteWise) DeleteDashboardRequest(input *DeleteDashboardInput) (req * // DeleteDashboard API operation for AWS IoT SiteWise. // -// Deletes a dashboard from AWS IoT SiteWise Monitor. +// Deletes a dashboard from IoT SiteWise Monitor. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1598,15 +1594,15 @@ func (c *IoTSiteWise) DeleteDashboardRequest(input *DeleteDashboardInput) (req * // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DeleteDashboard func (c *IoTSiteWise) DeleteDashboard(input *DeleteDashboardInput) (*DeleteDashboardOutput, error) { @@ -1677,8 +1673,8 @@ func (c *IoTSiteWise) DeleteGatewayRequest(input *DeleteGatewayInput) (req *requ // DeleteGateway API operation for AWS IoT SiteWise. // -// Deletes a gateway from AWS IoT SiteWise. When you delete a gateway, some -// of the gateway's files remain in your gateway's file system. +// Deletes a gateway from IoT SiteWise. When you delete a gateway, some of the +// gateway's files remain in your gateway's file system. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1696,15 +1692,15 @@ func (c *IoTSiteWise) DeleteGatewayRequest(input *DeleteGatewayInput) (req *requ // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DeleteGateway func (c *IoTSiteWise) DeleteGateway(input *DeleteGatewayInput) (*DeleteGatewayOutput, error) { @@ -1774,7 +1770,7 @@ func (c *IoTSiteWise) DeletePortalRequest(input *DeletePortalInput) (req *reques // DeletePortal API operation for AWS IoT SiteWise. // -// Deletes a portal from AWS IoT SiteWise Monitor. +// Deletes a portal from IoT SiteWise Monitor. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1792,15 +1788,15 @@ func (c *IoTSiteWise) DeletePortalRequest(input *DeletePortalInput) (req *reques // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -1875,7 +1871,7 @@ func (c *IoTSiteWise) DeleteProjectRequest(input *DeleteProjectInput) (req *requ // DeleteProject API operation for AWS IoT SiteWise. // -// Deletes a project from AWS IoT SiteWise Monitor. +// Deletes a project from IoT SiteWise Monitor. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1893,15 +1889,15 @@ func (c *IoTSiteWise) DeleteProjectRequest(input *DeleteProjectInput) (req *requ // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DeleteProject func (c *IoTSiteWise) DeleteProject(input *DeleteProjectInput) (*DeleteProjectOutput, error) { @@ -1971,8 +1967,8 @@ func (c *IoTSiteWise) DescribeAccessPolicyRequest(input *DescribeAccessPolicyInp // DescribeAccessPolicy API operation for AWS IoT SiteWise. // -// Describes an access policy, which specifies an identity's access to an AWS -// IoT SiteWise Monitor portal or project. +// Describes an access policy, which specifies an identity's access to an IoT +// SiteWise Monitor portal or project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1990,15 +1986,15 @@ func (c *IoTSiteWise) DescribeAccessPolicyRequest(input *DescribeAccessPolicyInp // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeAccessPolicy func (c *IoTSiteWise) DescribeAccessPolicy(input *DescribeAccessPolicyInput) (*DescribeAccessPolicyOutput, error) { @@ -2086,15 +2082,15 @@ func (c *IoTSiteWise) DescribeAssetRequest(input *DescribeAssetInput) (req *requ // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeAsset func (c *IoTSiteWise) DescribeAsset(input *DescribeAssetInput) (*DescribeAssetOutput, error) { @@ -2182,15 +2178,15 @@ func (c *IoTSiteWise) DescribeAssetModelRequest(input *DescribeAssetModelInput) // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeAssetModel func (c *IoTSiteWise) DescribeAssetModel(input *DescribeAssetModelInput) (*DescribeAssetModelOutput, error) { @@ -2286,15 +2282,15 @@ func (c *IoTSiteWise) DescribeAssetPropertyRequest(input *DescribeAssetPropertyI // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeAssetProperty func (c *IoTSiteWise) DescribeAssetProperty(input *DescribeAssetPropertyInput) (*DescribeAssetPropertyOutput, error) { @@ -2382,15 +2378,15 @@ func (c *IoTSiteWise) DescribeDashboardRequest(input *DescribeDashboardInput) (r // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeDashboard func (c *IoTSiteWise) DescribeDashboard(input *DescribeDashboardInput) (*DescribeDashboardOutput, error) { @@ -2459,9 +2455,9 @@ func (c *IoTSiteWise) DescribeDefaultEncryptionConfigurationRequest(input *Descr // DescribeDefaultEncryptionConfiguration API operation for AWS IoT SiteWise. // // Retrieves information about the default encryption configuration for the -// AWS account in the default or specified region. For more information, see -// Key management (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/key-management.html) -// in the AWS IoT SiteWise User Guide. +// Amazon Web Services account in the default or specified Region. For more +// information, see Key management (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/key-management.html) +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2476,15 +2472,15 @@ func (c *IoTSiteWise) DescribeDefaultEncryptionConfigurationRequest(input *Descr // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeDefaultEncryptionConfiguration func (c *IoTSiteWise) DescribeDefaultEncryptionConfiguration(input *DescribeDefaultEncryptionConfigurationInput) (*DescribeDefaultEncryptionConfigurationOutput, error) { @@ -2572,15 +2568,15 @@ func (c *IoTSiteWise) DescribeGatewayRequest(input *DescribeGatewayInput) (req * // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeGateway func (c *IoTSiteWise) DescribeGateway(input *DescribeGatewayInput) (*DescribeGatewayOutput, error) { @@ -2653,8 +2649,8 @@ func (c *IoTSiteWise) DescribeGatewayCapabilityConfigurationRequest(input *Descr // Retrieves information about a gateway capability configuration. Each gateway // capability defines data sources for a gateway. A capability configuration // can contain multiple data source configurations. If you define OPC-UA sources -// for a gateway in the AWS IoT SiteWise console, all of your OPC-UA sources -// are stored in one capability configuration. To list all capability configurations +// for a gateway in the IoT SiteWise console, all of your OPC-UA sources are +// stored in one capability configuration. To list all capability configurations // for a gateway, use DescribeGateway (https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_DescribeGateway.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -2673,15 +2669,15 @@ func (c *IoTSiteWise) DescribeGatewayCapabilityConfigurationRequest(input *Descr // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeGatewayCapabilityConfiguration func (c *IoTSiteWise) DescribeGatewayCapabilityConfiguration(input *DescribeGatewayCapabilityConfigurationInput) (*DescribeGatewayCapabilityConfigurationOutput, error) { @@ -2751,7 +2747,7 @@ func (c *IoTSiteWise) DescribeLoggingOptionsRequest(input *DescribeLoggingOption // DescribeLoggingOptions API operation for AWS IoT SiteWise. // -// Retrieves the current AWS IoT SiteWise logging options. +// Retrieves the current IoT SiteWise logging options. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2767,14 +2763,14 @@ func (c *IoTSiteWise) DescribeLoggingOptionsRequest(input *DescribeLoggingOption // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ResourceNotFoundException // The requested resource can't be found. @@ -2865,15 +2861,15 @@ func (c *IoTSiteWise) DescribePortalRequest(input *DescribePortalInput) (req *re // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribePortal func (c *IoTSiteWise) DescribePortal(input *DescribePortalInput) (*DescribePortalOutput, error) { @@ -2961,15 +2957,15 @@ func (c *IoTSiteWise) DescribeProjectRequest(input *DescribeProjectInput) (req * // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeProject func (c *IoTSiteWise) DescribeProject(input *DescribeProjectInput) (*DescribeProjectOutput, error) { @@ -2993,6 +2989,112 @@ func (c *IoTSiteWise) DescribeProjectWithContext(ctx aws.Context, input *Describ return out, req.Send() } +const opDescribeStorageConfiguration = "DescribeStorageConfiguration" + +// DescribeStorageConfigurationRequest generates a "aws/request.Request" representing the +// client's request for the DescribeStorageConfiguration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeStorageConfiguration for more information on using the DescribeStorageConfiguration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeStorageConfigurationRequest method. +// req, resp := client.DescribeStorageConfigurationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeStorageConfiguration +func (c *IoTSiteWise) DescribeStorageConfigurationRequest(input *DescribeStorageConfigurationInput) (req *request.Request, output *DescribeStorageConfigurationOutput) { + op := &request.Operation{ + Name: opDescribeStorageConfiguration, + HTTPMethod: "GET", + HTTPPath: "/configuration/account/storage", + } + + if input == nil { + input = &DescribeStorageConfigurationInput{} + } + + output = &DescribeStorageConfigurationOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeStorageConfiguration API operation for AWS IoT SiteWise. +// +// Retrieves information about the storage configuration for IoT SiteWise. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS IoT SiteWise's +// API operation DescribeStorageConfiguration for usage and error information. +// +// Returned Error Types: +// * InvalidRequestException +// The request isn't valid. This can occur if your request contains malformed +// JSON or unsupported characters. Check your request and try again. +// +// * ResourceNotFoundException +// The requested resource can't be found. +// +// * InternalFailureException +// IoT SiteWise can't process your request right now. Try again later. +// +// * ThrottlingException +// Your request exceeded a rate limit. For example, you might have exceeded +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. +// +// For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) +// in the IoT SiteWise User Guide. +// +// * LimitExceededException +// You've reached the limit for a resource. For example, this can occur if you're +// trying to associate more than the allowed number of child assets or attempting +// to create more than the allowed number of properties for an asset model. +// +// For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) +// in the IoT SiteWise User Guide. +// +// * ConflictingOperationException +// Your request has conflicting operations. This can occur if you're trying +// to perform more than one operation on the same resource at the same time. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/DescribeStorageConfiguration +func (c *IoTSiteWise) DescribeStorageConfiguration(input *DescribeStorageConfigurationInput) (*DescribeStorageConfigurationOutput, error) { + req, out := c.DescribeStorageConfigurationRequest(input) + return out, req.Send() +} + +// DescribeStorageConfigurationWithContext is the same as DescribeStorageConfiguration with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeStorageConfiguration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IoTSiteWise) DescribeStorageConfigurationWithContext(ctx aws.Context, input *DescribeStorageConfigurationInput, opts ...request.Option) (*DescribeStorageConfigurationOutput, error) { + req, out := c.DescribeStorageConfigurationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDisassociateAssets = "DisassociateAssets" // DisassociateAssetsRequest generates a "aws/request.Request" representing the @@ -3059,15 +3161,15 @@ func (c *IoTSiteWise) DisassociateAssetsRequest(input *DisassociateAssetsInput) // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -3149,7 +3251,7 @@ func (c *IoTSiteWise) GetAssetPropertyAggregatesRequest(input *GetAssetPropertyA // // Gets aggregated values for an asset property. For more information, see Querying // aggregates (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/query-industrial-data.html#aggregates) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // To identify an asset property, you must specify one of the following: // @@ -3174,15 +3276,15 @@ func (c *IoTSiteWise) GetAssetPropertyAggregatesRequest(input *GetAssetPropertyA // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ServiceUnavailableException // The requested service is unavailable. @@ -3309,7 +3411,7 @@ func (c *IoTSiteWise) GetAssetPropertyValueRequest(input *GetAssetPropertyValueI // // Gets an asset property's current value. For more information, see Querying // current values (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/query-industrial-data.html#current-values) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // To identify an asset property, you must specify one of the following: // @@ -3334,15 +3436,15 @@ func (c *IoTSiteWise) GetAssetPropertyValueRequest(input *GetAssetPropertyValueI // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ServiceUnavailableException // The requested service is unavailable. @@ -3423,7 +3525,7 @@ func (c *IoTSiteWise) GetAssetPropertyValueHistoryRequest(input *GetAssetPropert // // Gets the history of an asset property's values. For more information, see // Querying historical values (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/query-industrial-data.html#historical-values) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // To identify an asset property, you must specify one of the following: // @@ -3448,15 +3550,15 @@ func (c *IoTSiteWise) GetAssetPropertyValueHistoryRequest(input *GetAssetPropert // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ServiceUnavailableException // The requested service is unavailable. @@ -3592,8 +3694,6 @@ func (c *IoTSiteWise) GetInterpolatedAssetPropertyValuesRequest(input *GetInterp // the interpolated temperature values for a wind turbine every 24 hours over // a duration of 7 days. // -// This API isn't available in China (Beijing). -// // To identify an asset property, you must specify one of the following: // // * The assetId and propertyId of an asset property. @@ -3617,15 +3717,15 @@ func (c *IoTSiteWise) GetInterpolatedAssetPropertyValuesRequest(input *GetInterp // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ServiceUnavailableException // The requested service is unavailable. @@ -3756,9 +3856,9 @@ func (c *IoTSiteWise) ListAccessPoliciesRequest(input *ListAccessPoliciesInput) // ListAccessPolicies API operation for AWS IoT SiteWise. // -// Retrieves a paginated list of access policies for an identity (an AWS SSO -// user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource -// (a portal or project). +// Retrieves a paginated list of access policies for an identity (an Amazon +// Web Services SSO user, an Amazon Web Services SSO group, or an IAM user) +// or an IoT SiteWise Monitor resource (a portal or project). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3773,15 +3873,15 @@ func (c *IoTSiteWise) ListAccessPoliciesRequest(input *ListAccessPoliciesInput) // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListAccessPolicies func (c *IoTSiteWise) ListAccessPolicies(input *ListAccessPoliciesInput) (*ListAccessPoliciesOutput, error) { @@ -3924,15 +4024,15 @@ func (c *IoTSiteWise) ListAssetModelsRequest(input *ListAssetModelsInput) (req * // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListAssetModels func (c *IoTSiteWise) ListAssetModels(input *ListAssetModelsInput) (*ListAssetModelsOutput, error) { @@ -4077,18 +4177,18 @@ func (c *IoTSiteWise) ListAssetRelationshipsRequest(input *ListAssetRelationship // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ResourceNotFoundException // The requested resource can't be found. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListAssetRelationships func (c *IoTSiteWise) ListAssetRelationships(input *ListAssetRelationshipsInput) (*ListAssetRelationshipsOutput, error) { @@ -4242,18 +4342,18 @@ func (c *IoTSiteWise) ListAssetsRequest(input *ListAssetsInput) (req *request.Re // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ResourceNotFoundException // The requested resource can't be found. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListAssets func (c *IoTSiteWise) ListAssets(input *ListAssetsInput) (*ListAssetsOutput, error) { @@ -4403,18 +4503,18 @@ func (c *IoTSiteWise) ListAssociatedAssetsRequest(input *ListAssociatedAssetsInp // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ResourceNotFoundException // The requested resource can't be found. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListAssociatedAssets func (c *IoTSiteWise) ListAssociatedAssets(input *ListAssociatedAssetsInput) (*ListAssociatedAssetsOutput, error) { @@ -4542,8 +4642,7 @@ func (c *IoTSiteWise) ListDashboardsRequest(input *ListDashboardsInput) (req *re // ListDashboards API operation for AWS IoT SiteWise. // -// Retrieves a paginated list of dashboards for an AWS IoT SiteWise Monitor -// project. +// Retrieves a paginated list of dashboards for an IoT SiteWise Monitor project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4558,15 +4657,15 @@ func (c *IoTSiteWise) ListDashboardsRequest(input *ListDashboardsInput) (req *re // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListDashboards func (c *IoTSiteWise) ListDashboards(input *ListDashboardsInput) (*ListDashboardsOutput, error) { @@ -4709,15 +4808,15 @@ func (c *IoTSiteWise) ListGatewaysRequest(input *ListGatewaysInput) (req *reques // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListGateways func (c *IoTSiteWise) ListGateways(input *ListGatewaysInput) (*ListGatewaysOutput, error) { @@ -4845,7 +4944,7 @@ func (c *IoTSiteWise) ListPortalsRequest(input *ListPortalsInput) (req *request. // ListPortals API operation for AWS IoT SiteWise. // -// Retrieves a paginated list of AWS IoT SiteWise Monitor portals. +// Retrieves a paginated list of IoT SiteWise Monitor portals. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4860,15 +4959,15 @@ func (c *IoTSiteWise) ListPortalsRequest(input *ListPortalsInput) (req *request. // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListPortals func (c *IoTSiteWise) ListPortals(input *ListPortalsInput) (*ListPortalsOutput, error) { @@ -4996,8 +5095,8 @@ func (c *IoTSiteWise) ListProjectAssetsRequest(input *ListProjectAssetsInput) (r // ListProjectAssets API operation for AWS IoT SiteWise. // -// Retrieves a paginated list of assets associated with an AWS IoT SiteWise -// Monitor project. +// Retrieves a paginated list of assets associated with an IoT SiteWise Monitor +// project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5012,15 +5111,15 @@ func (c *IoTSiteWise) ListProjectAssetsRequest(input *ListProjectAssetsInput) (r // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListProjectAssets func (c *IoTSiteWise) ListProjectAssets(input *ListProjectAssetsInput) (*ListProjectAssetsOutput, error) { @@ -5148,7 +5247,7 @@ func (c *IoTSiteWise) ListProjectsRequest(input *ListProjectsInput) (req *reques // ListProjects API operation for AWS IoT SiteWise. // -// Retrieves a paginated list of projects for an AWS IoT SiteWise Monitor portal. +// Retrieves a paginated list of projects for an IoT SiteWise Monitor portal. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5163,15 +5262,15 @@ func (c *IoTSiteWise) ListProjectsRequest(input *ListProjectsInput) (req *reques // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/ListProjects func (c *IoTSiteWise) ListProjects(input *ListProjectsInput) (*ListProjectsOutput, error) { @@ -5291,7 +5390,7 @@ func (c *IoTSiteWise) ListTagsForResourceRequest(input *ListTagsForResourceInput // ListTagsForResource API operation for AWS IoT SiteWise. // -// Retrieves the list of tags for an AWS IoT SiteWise resource. +// Retrieves the list of tags for an IoT SiteWise resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5306,15 +5405,15 @@ func (c *IoTSiteWise) ListTagsForResourceRequest(input *ListTagsForResourceInput // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ResourceNotFoundException // The requested resource can't be found. @@ -5329,7 +5428,7 @@ func (c *IoTSiteWise) ListTagsForResourceRequest(input *ListTagsForResourceInput // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * UnauthorizedException // You are not authorized. @@ -5400,9 +5499,9 @@ func (c *IoTSiteWise) PutDefaultEncryptionConfigurationRequest(input *PutDefault // PutDefaultEncryptionConfiguration API operation for AWS IoT SiteWise. // -// Sets the default encryption configuration for the AWS account. For more information, -// see Key management (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/key-management.html) -// in the AWS IoT SiteWise User Guide. +// Sets the default encryption configuration for the Amazon Web Services account. +// For more information, see Key management (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/key-management.html) +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5417,15 +5516,15 @@ func (c *IoTSiteWise) PutDefaultEncryptionConfigurationRequest(input *PutDefault // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -5433,7 +5532,7 @@ func (c *IoTSiteWise) PutDefaultEncryptionConfigurationRequest(input *PutDefault // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -5508,7 +5607,7 @@ func (c *IoTSiteWise) PutLoggingOptionsRequest(input *PutLoggingOptionsInput) (r // PutLoggingOptions API operation for AWS IoT SiteWise. // -// Sets logging options for AWS IoT SiteWise. +// Sets logging options for IoT SiteWise. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5524,14 +5623,14 @@ func (c *IoTSiteWise) PutLoggingOptionsRequest(input *PutLoggingOptionsInput) (r // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -5562,6 +5661,115 @@ func (c *IoTSiteWise) PutLoggingOptionsWithContext(ctx aws.Context, input *PutLo return out, req.Send() } +const opPutStorageConfiguration = "PutStorageConfiguration" + +// PutStorageConfigurationRequest generates a "aws/request.Request" representing the +// client's request for the PutStorageConfiguration operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See PutStorageConfiguration for more information on using the PutStorageConfiguration +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the PutStorageConfigurationRequest method. +// req, resp := client.PutStorageConfigurationRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/PutStorageConfiguration +func (c *IoTSiteWise) PutStorageConfigurationRequest(input *PutStorageConfigurationInput) (req *request.Request, output *PutStorageConfigurationOutput) { + op := &request.Operation{ + Name: opPutStorageConfiguration, + HTTPMethod: "POST", + HTTPPath: "/configuration/account/storage", + } + + if input == nil { + input = &PutStorageConfigurationInput{} + } + + output = &PutStorageConfigurationOutput{} + req = c.newRequest(op, input, output) + return +} + +// PutStorageConfiguration API operation for AWS IoT SiteWise. +// +// Configures storage settings for IoT SiteWise. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS IoT SiteWise's +// API operation PutStorageConfiguration for usage and error information. +// +// Returned Error Types: +// * InvalidRequestException +// The request isn't valid. This can occur if your request contains malformed +// JSON or unsupported characters. Check your request and try again. +// +// * ResourceAlreadyExistsException +// The resource already exists. +// +// * ResourceNotFoundException +// The requested resource can't be found. +// +// * InternalFailureException +// IoT SiteWise can't process your request right now. Try again later. +// +// * ThrottlingException +// Your request exceeded a rate limit. For example, you might have exceeded +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. +// +// For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) +// in the IoT SiteWise User Guide. +// +// * LimitExceededException +// You've reached the limit for a resource. For example, this can occur if you're +// trying to associate more than the allowed number of child assets or attempting +// to create more than the allowed number of properties for an asset model. +// +// For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) +// in the IoT SiteWise User Guide. +// +// * ConflictingOperationException +// Your request has conflicting operations. This can occur if you're trying +// to perform more than one operation on the same resource at the same time. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/PutStorageConfiguration +func (c *IoTSiteWise) PutStorageConfiguration(input *PutStorageConfigurationInput) (*PutStorageConfigurationOutput, error) { + req, out := c.PutStorageConfigurationRequest(input) + return out, req.Send() +} + +// PutStorageConfigurationWithContext is the same as PutStorageConfiguration with the addition of +// the ability to pass a context and additional request options. +// +// See PutStorageConfiguration for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *IoTSiteWise) PutStorageConfigurationWithContext(ctx aws.Context, input *PutStorageConfigurationInput, opts ...request.Option) (*PutStorageConfigurationOutput, error) { + req, out := c.PutStorageConfigurationRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the @@ -5607,8 +5815,8 @@ func (c *IoTSiteWise) TagResourceRequest(input *TagResourceInput) (req *request. // TagResource API operation for AWS IoT SiteWise. // -// Adds tags to an AWS IoT SiteWise resource. If a tag already exists for the -// resource, this operation updates the tag's value. +// Adds tags to an IoT SiteWise resource. If a tag already exists for the resource, +// this operation updates the tag's value. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5623,15 +5831,15 @@ func (c *IoTSiteWise) TagResourceRequest(input *TagResourceInput) (req *request. // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ResourceNotFoundException // The requested resource can't be found. @@ -5646,7 +5854,7 @@ func (c *IoTSiteWise) TagResourceRequest(input *TagResourceInput) (req *request. // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * UnauthorizedException // You are not authorized. @@ -5654,7 +5862,7 @@ func (c *IoTSiteWise) TagResourceRequest(input *TagResourceInput) (req *request. // * TooManyTagsException // You've reached the limit for the number of tags allowed for a resource. For // more information, see Tag naming limits and requirements (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html#tag-conventions) -// in the AWS General Reference. +// in the Amazon Web Services General Reference. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/TagResource func (c *IoTSiteWise) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { @@ -5723,7 +5931,7 @@ func (c *IoTSiteWise) UntagResourceRequest(input *UntagResourceInput) (req *requ // UntagResource API operation for AWS IoT SiteWise. // -// Removes a tag from an AWS IoT SiteWise resource. +// Removes a tag from an IoT SiteWise resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5738,15 +5946,15 @@ func (c *IoTSiteWise) UntagResourceRequest(input *UntagResourceInput) (req *requ // JSON or unsupported characters. Check your request and try again. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ResourceNotFoundException // The requested resource can't be found. @@ -5761,7 +5969,7 @@ func (c *IoTSiteWise) UntagResourceRequest(input *UntagResourceInput) (req *requ // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * UnauthorizedException // You are not authorized. @@ -5836,7 +6044,7 @@ func (c *IoTSiteWise) UpdateAccessPolicyRequest(input *UpdateAccessPolicyInput) // UpdateAccessPolicy API operation for AWS IoT SiteWise. // // Updates an existing access policy that specifies an identity's access to -// an AWS IoT SiteWise Monitor portal or project resource. +// an IoT SiteWise Monitor portal or project resource. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5854,15 +6062,15 @@ func (c *IoTSiteWise) UpdateAccessPolicyRequest(input *UpdateAccessPolicyInput) // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/UpdateAccessPolicy func (c *IoTSiteWise) UpdateAccessPolicy(input *UpdateAccessPolicyInput) (*UpdateAccessPolicyOutput, error) { @@ -5934,7 +6142,7 @@ func (c *IoTSiteWise) UpdateAssetRequest(input *UpdateAssetInput) (req *request. // // Updates an asset's name. For more information, see Updating assets and models // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/update-assets-and-models.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5955,15 +6163,15 @@ func (c *IoTSiteWise) UpdateAssetRequest(input *UpdateAssetInput) (req *request. // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -6041,17 +6249,17 @@ func (c *IoTSiteWise) UpdateAssetModelRequest(input *UpdateAssetModelInput) (req // Each asset created from the model inherits the updated asset model's property // and hierarchy definitions. For more information, see Updating assets and // models (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/update-assets-and-models.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // This operation overwrites the existing model with the provided model. To // avoid deleting your asset model's properties or hierarchies, you must include // their IDs and definitions in the updated asset model payload. For more information, // see DescribeAssetModel (https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_DescribeAssetModel.html). // -// If you remove a property from an asset model, AWS IoT SiteWise deletes all -// previous data for that property. If you remove a hierarchy definition from -// an asset model, AWS IoT SiteWise disassociates every asset associated with -// that hierarchy. You can't change the type or data type of an existing property. +// If you remove a property from an asset model, IoT SiteWise deletes all previous +// data for that property. If you remove a hierarchy definition from an asset +// model, IoT SiteWise disassociates every asset associated with that hierarchy. +// You can't change the type or data type of an existing property. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6072,7 +6280,7 @@ func (c *IoTSiteWise) UpdateAssetModelRequest(input *UpdateAssetModelInput) (req // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -6080,15 +6288,15 @@ func (c *IoTSiteWise) UpdateAssetModelRequest(input *UpdateAssetModelInput) (req // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -6186,15 +6394,15 @@ func (c *IoTSiteWise) UpdateAssetPropertyRequest(input *UpdateAssetPropertyInput // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -6269,7 +6477,7 @@ func (c *IoTSiteWise) UpdateDashboardRequest(input *UpdateDashboardInput) (req * // UpdateDashboard API operation for AWS IoT SiteWise. // -// Updates an AWS IoT SiteWise Monitor dashboard. +// Updates an IoT SiteWise Monitor dashboard. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6287,15 +6495,15 @@ func (c *IoTSiteWise) UpdateDashboardRequest(input *UpdateDashboardInput) (req * // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/UpdateDashboard func (c *IoTSiteWise) UpdateDashboard(input *UpdateDashboardInput) (*UpdateDashboardOutput, error) { @@ -6388,15 +6596,15 @@ func (c *IoTSiteWise) UpdateGatewayRequest(input *UpdateGatewayInput) (req *requ // to perform more than one operation on the same resource at the same time. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/UpdateGateway func (c *IoTSiteWise) UpdateGateway(input *UpdateGatewayInput) (*UpdateGatewayOutput, error) { @@ -6469,8 +6677,8 @@ func (c *IoTSiteWise) UpdateGatewayCapabilityConfigurationRequest(input *UpdateG // Updates a gateway capability configuration or defines a new capability configuration. // Each gateway capability defines data sources for a gateway. A capability // configuration can contain multiple data source configurations. If you define -// OPC-UA sources for a gateway in the AWS IoT SiteWise console, all of your -// OPC-UA sources are stored in one capability configuration. To list all capability +// OPC-UA sources for a gateway in the IoT SiteWise console, all of your OPC-UA +// sources are stored in one capability configuration. To list all capability // configurations for a gateway, use DescribeGateway (https://docs.aws.amazon.com/iot-sitewise/latest/APIReference/API_DescribeGateway.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -6493,15 +6701,15 @@ func (c *IoTSiteWise) UpdateGatewayCapabilityConfigurationRequest(input *UpdateG // to perform more than one operation on the same resource at the same time. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * LimitExceededException // You've reached the limit for a resource. For example, this can occur if you're @@ -6509,7 +6717,7 @@ func (c *IoTSiteWise) UpdateGatewayCapabilityConfigurationRequest(input *UpdateG // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/UpdateGatewayCapabilityConfiguration func (c *IoTSiteWise) UpdateGatewayCapabilityConfiguration(input *UpdateGatewayCapabilityConfigurationInput) (*UpdateGatewayCapabilityConfigurationOutput, error) { @@ -6579,7 +6787,7 @@ func (c *IoTSiteWise) UpdatePortalRequest(input *UpdatePortalInput) (req *reques // UpdatePortal API operation for AWS IoT SiteWise. // -// Updates an AWS IoT SiteWise Monitor portal. +// Updates an IoT SiteWise Monitor portal. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6597,15 +6805,15 @@ func (c *IoTSiteWise) UpdatePortalRequest(input *UpdatePortalInput) (req *reques // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // * ConflictingOperationException // Your request has conflicting operations. This can occur if you're trying @@ -6680,7 +6888,7 @@ func (c *IoTSiteWise) UpdateProjectRequest(input *UpdateProjectInput) (req *requ // UpdateProject API operation for AWS IoT SiteWise. // -// Updates an AWS IoT SiteWise Monitor project. +// Updates an IoT SiteWise Monitor project. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6698,15 +6906,15 @@ func (c *IoTSiteWise) UpdateProjectRequest(input *UpdateProjectInput) (req *requ // The requested resource can't be found. // // * InternalFailureException -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. // // * ThrottlingException // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02/UpdateProject func (c *IoTSiteWise) UpdateProject(input *UpdateProjectInput) (*UpdateProjectOutput, error) { @@ -6730,8 +6938,8 @@ func (c *IoTSiteWise) UpdateProjectWithContext(ctx aws.Context, input *UpdatePro return out, req.Send() } -// Contains an access policy that defines an identity's access to an AWS IoT -// SiteWise Monitor resource. +// Contains an access policy that defines an identity's access to an IoT SiteWise +// Monitor resource. type AccessPolicySummary struct { _ struct{} `type:"structure"` @@ -6743,7 +6951,8 @@ type AccessPolicySummary struct { // Id is a required field Id *string `locationName:"id" min:"36" type:"string" required:"true"` - // The identity (an AWS SSO user, an AWS SSO group, or an IAM user). + // The identity (an Amazon Web Services SSO user, an Amazon Web Services SSO + // group, or an IAM user). // // Identity is a required field Identity *Identity `locationName:"identity" type:"structure" required:"true"` @@ -6757,7 +6966,7 @@ type AccessPolicySummary struct { // Permission is a required field Permission *string `locationName:"permission" type:"string" required:"true" enum:"Permission"` - // The AWS IoT SiteWise Monitor resource (a portal or project). + // The IoT SiteWise Monitor resource (a portal or project). // // Resource is a required field Resource *Resource `locationName:"resource" type:"structure" required:"true"` @@ -6925,24 +7134,25 @@ func (s *Aggregates) SetSum(v float64) *Aggregates { return s } -// Contains the configuration information of an alarm created in an AWS IoT -// SiteWise Monitor portal. You can use the alarm to monitor an asset property -// and get notified when the asset property value is outside a specified range. -// For more information, see . +// Contains the configuration information of an alarm created in an IoT SiteWise +// Monitor portal. You can use the alarm to monitor an asset property and get +// notified when the asset property value is outside a specified range. For +// more information, see Monitoring with alarms (https://docs.aws.amazon.com/iot-sitewise/latest/appguide/monitor-alarms.html) +// in the IoT SiteWise Application Guide. type Alarms struct { _ struct{} `type:"structure"` // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of the IAM role that allows the alarm to perform actions and access AWS resources, - // including AWS IoT Events. + // of the IAM role that allows the alarm to perform actions and access Amazon + // Web Services resources and services, such as IoT Events. // // AlarmRoleArn is a required field AlarmRoleArn *string `locationName:"alarmRoleArn" min:"1" type:"string" required:"true"` // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of the AWS Lambda function that manages alarm notifications. For more information, - // see Managing alarm notifications (https://docs.aws.amazon.com/) in the AWS - // IoT Events Developer Guide. + // of the Lambda function that manages alarm notifications. For more information, + // see Managing alarm notifications (https://docs.aws.amazon.com/iotevents/latest/developerguide/lambda-support.html) + // in the IoT Events Developer Guide. NotificationLambdaArn *string `locationName:"notificationLambdaArn" min:"1" type:"string"` } @@ -7713,7 +7923,7 @@ func (s *AssetModelPropertyDefinition) SetUnit(v string) *AssetModelPropertyDefi // Contains current status information for an asset model. For more information, // see Asset and model states (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-and-model-states.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type AssetModelStatus struct { _ struct{} `type:"structure"` @@ -7770,7 +7980,7 @@ type AssetModelSummary struct { // Description is a required field Description *string `locationName:"description" min:"1" type:"string" required:"true"` - // The ID of the asset model (used with AWS IoT SiteWise APIs). + // The ID of the asset model (used with IoT SiteWise APIs). // // Id is a required field Id *string `locationName:"id" min:"36" type:"string" required:"true"` @@ -7847,11 +8057,10 @@ func (s *AssetModelSummary) SetStatus(v *AssetModelStatus) *AssetModelSummary { type AssetProperty struct { _ struct{} `type:"structure"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. Alias *string `locationName:"alias" min:"1" type:"string"` // The data type of the asset property. @@ -8044,7 +8253,7 @@ func (s *AssetRelationshipSummary) SetRelationshipType(v string) *AssetRelations // Contains information about the current status of an asset. For more information, // see Asset and model states (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-and-model-states.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type AssetStatus struct { _ struct{} `type:"structure"` @@ -8207,7 +8416,7 @@ type AssociateAssetsInput struct { // The ID of a hierarchy in the parent asset's model. Hierarchies allow different // groupings of assets to be formed that all come from the same asset model. // For more information, see Asset hierarchies (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-hierarchies.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // HierarchyId is a required field HierarchyId *string `locationName:"hierarchyId" min:"36" type:"string" required:"true"` @@ -8401,7 +8610,7 @@ func (s *AssociatedAssetsSummary) SetStatus(v *AssetStatus) *AssociatedAssetsSum // Contains an asset attribute property. For more information, see Attributes // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-properties.html#attributes) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type Attribute struct { _ struct{} `type:"structure"` @@ -8409,7 +8618,7 @@ type Attribute struct { // you create from the asset model contain this attribute value. You can update // an attribute's value after you create an asset. For more information, see // Updating attribute values (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/update-attribute-values.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. DefaultValue *string `locationName:"defaultValue" min:"1" type:"string"` } @@ -8842,7 +9051,7 @@ func (s *CompositeModelProperty) SetType(v string) *CompositeModelProperty { return s } -// Contains the details of an AWS IoT SiteWise configuration error. +// Contains the details of an IoT SiteWise configuration error. type ConfigurationErrorDetails struct { _ struct{} `type:"structure"` @@ -8984,8 +9193,8 @@ func (s *ConflictingOperationException) RequestID() string { type CreateAccessPolicyInput struct { _ struct{} `type:"structure"` - // The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, - // or an IAM user. + // The identity for this access policy. Choose an Amazon Web Services SSO user, + // an Amazon Web Services SSO group, or an IAM user. // // AccessPolicyIdentity is a required field AccessPolicyIdentity *Identity `locationName:"accessPolicyIdentity" type:"structure" required:"true"` @@ -8996,8 +9205,8 @@ type CreateAccessPolicyInput struct { // AccessPolicyPermission is a required field AccessPolicyPermission *string `locationName:"accessPolicyPermission" type:"string" required:"true" enum:"Permission"` - // The AWS IoT SiteWise Monitor resource for this access policy. Choose either - // a portal or a project. + // The IoT SiteWise Monitor resource for this access policy. Choose either a + // portal or a project. // // AccessPolicyResource is a required field AccessPolicyResource *Resource `locationName:"accessPolicyResource" type:"structure" required:"true"` @@ -9008,8 +9217,8 @@ type CreateAccessPolicyInput struct { ClientToken *string `locationName:"clientToken" min:"36" type:"string" idempotencyToken:"true"` // A list of key-value pairs that contain metadata for the access policy. For - // more information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // more information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -9146,8 +9355,8 @@ type CreateAssetInput struct { ClientToken *string `locationName:"clientToken" min:"36" type:"string" idempotencyToken:"true"` // A list of key-value pairs that contain metadata for the asset. For more information, - // see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -9228,11 +9437,11 @@ type CreateAssetModelInput struct { // The hierarchy definitions of the asset model. Each hierarchy specifies an // asset model whose assets can be children of any other assets created from // this asset model. For more information, see Asset hierarchies (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-hierarchies.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // You can specify up to 10 hierarchies per asset model. For more information, // see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. AssetModelHierarchies []*AssetModelHierarchyDefinition `locationName:"assetModelHierarchies" type:"list"` // A unique, friendly name for the asset model. @@ -9242,11 +9451,11 @@ type CreateAssetModelInput struct { // The property definitions of the asset model. For more information, see Asset // properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-properties.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // You can specify up to 200 properties per asset model. For more information, // see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. AssetModelProperties []*AssetModelPropertyDefinition `locationName:"assetModelProperties" type:"list"` // A unique case-sensitive identifier that you can provide to ensure the idempotency @@ -9255,8 +9464,8 @@ type CreateAssetModelInput struct { ClientToken *string `locationName:"clientToken" min:"36" type:"string" idempotencyToken:"true"` // A list of key-value pairs that contain metadata for the asset model. For - // more information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // more information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -9378,8 +9587,8 @@ type CreateAssetModelOutput struct { // AssetModelArn is a required field AssetModelArn *string `locationName:"assetModelArn" min:"1" type:"string" required:"true"` - // The ID of the asset model. You can use this ID when you call other AWS IoT - // SiteWise APIs. + // The ID of the asset model. You can use this ID when you call other IoT SiteWise + // APIs. // // AssetModelId is a required field AssetModelId *string `locationName:"assetModelId" min:"36" type:"string" required:"true"` @@ -9430,8 +9639,8 @@ type CreateAssetOutput struct { // AssetArn is a required field AssetArn *string `locationName:"assetArn" min:"1" type:"string" required:"true"` - // The ID of the asset. This ID uniquely identifies the asset within AWS IoT - // SiteWise and can be used with other AWS IoT SiteWise APIs. + // The ID of the asset. This ID uniquely identifies the asset within IoT SiteWise + // and can be used with other IoT SiteWise APIs. // // AssetId is a required field AssetId *string `locationName:"assetId" min:"36" type:"string" required:"true"` @@ -9481,7 +9690,7 @@ type CreateDashboardInput struct { // The dashboard definition specified in a JSON literal. For detailed information, // see Creating dashboards (CLI) (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/create-dashboards-using-aws-cli.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // DashboardDefinition is a required field DashboardDefinition *string `locationName:"dashboardDefinition" type:"string" required:"true"` @@ -9500,8 +9709,8 @@ type CreateDashboardInput struct { ProjectId *string `locationName:"projectId" min:"36" type:"string" required:"true"` // A list of key-value pairs that contain metadata for the dashboard. For more - // information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -9638,8 +9847,8 @@ type CreateGatewayInput struct { GatewayPlatform *GatewayPlatform `locationName:"gatewayPlatform" type:"structure" required:"true"` // A list of key-value pairs that contain metadata for the gateway. For more - // information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -9709,8 +9918,8 @@ type CreateGatewayOutput struct { // GatewayArn is a required field GatewayArn *string `locationName:"gatewayArn" min:"1" type:"string" required:"true"` - // The ID of the gateway device. You can use this ID when you call other AWS - // IoT SiteWise APIs. + // The ID of the gateway device. You can use this ID when you call other IoT + // SiteWise APIs. // // GatewayId is a required field GatewayId *string `locationName:"gatewayId" min:"36" type:"string" required:"true"` @@ -9741,10 +9950,11 @@ func (s *CreateGatewayOutput) SetGatewayId(v string) *CreateGatewayOutput { type CreatePortalInput struct { _ struct{} `type:"structure"` - // Contains the configuration information of an alarm created in an AWS IoT - // SiteWise Monitor portal. You can use the alarm to monitor an asset property - // and get notified when the asset property value is outside a specified range. - // For more information, see . + // Contains the configuration information of an alarm created in an IoT SiteWise + // Monitor portal. You can use the alarm to monitor an asset property and get + // notified when the asset property value is outside a specified range. For + // more information, see Monitoring with alarms (https://docs.aws.amazon.com/iot-sitewise/latest/appguide/monitor-alarms.html) + // in the IoT SiteWise Application Guide. Alarms *Alarms `locationName:"alarms" type:"structure"` // A unique case-sensitive identifier that you can provide to ensure the idempotency @@ -9754,30 +9964,31 @@ type CreatePortalInput struct { // The email address that sends alarm notifications. // - // If you use the AWS IoT Events managed AWS Lambda function to manage your - // emails, you must verify the sender email address in Amazon SES (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html). + // If you use the IoT Events managed Lambda function (https://docs.aws.amazon.com/iotevents/latest/developerguide/lambda-support.html) + // to manage your emails, you must verify the sender email address in Amazon + // SES (https://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-email-addresses.html). NotificationSenderEmail *string `locationName:"notificationSenderEmail" min:"1" type:"string"` // The service to use to authenticate users to the portal. Choose from the following // options: // - // * SSO – The portal uses AWS Single Sign-On to authenticate users and - // manage user permissions. Before you can create a portal that uses AWS - // SSO, you must enable AWS SSO. For more information, see Enabling AWS SSO - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) - // in the AWS IoT SiteWise User Guide. This option is only available in AWS - // Regions other than the China Regions. + // * SSO – The portal uses Amazon Web Services Single Sign On to authenticate + // users and manage user permissions. Before you can create a portal that + // uses Amazon Web Services SSO, you must enable Amazon Web Services SSO. + // For more information, see Enabling Amazon Web Services SSO (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-get-started.html#mon-gs-sso) + // in the IoT SiteWise User Guide. This option is only available in Amazon + // Web Services Regions other than the China Regions. // - // * IAM – The portal uses AWS Identity and Access Management (IAM) to - // authenticate users and manage user permissions. This option is only available - // in the China Regions. + // * IAM – The portal uses Identity and Access Management to authenticate + // users and manage user permissions. This option is only available in the + // China Regions. // // You can't change this value after you create a portal. // // Default: SSO PortalAuthMode *string `locationName:"portalAuthMode" type:"string" enum:"AuthMode"` - // The AWS administrator's contact email address. + // The Amazon Web Services administrator's contact email address. // // PortalContactEmail is a required field PortalContactEmail *string `locationName:"portalContactEmail" min:"1" type:"string" required:"true"` @@ -9795,17 +10006,17 @@ type CreatePortalInput struct { PortalName *string `locationName:"portalName" min:"1" type:"string" required:"true"` // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of a service role that allows the portal's users to access your AWS IoT SiteWise + // of a service role that allows the portal's users to access your IoT SiteWise // resources on your behalf. For more information, see Using service roles for - // AWS IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) - // in the AWS IoT SiteWise User Guide. + // IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) + // in the IoT SiteWise User Guide. // // RoleArn is a required field RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"` // A list of key-value pairs that contain metadata for the portal. For more - // information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -9945,10 +10156,10 @@ type CreatePortalOutput struct { // PortalId is a required field PortalId *string `locationName:"portalId" min:"36" type:"string" required:"true"` - // The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to - // access portals that use AWS SSO for authentication. For portals that use - // IAM for authentication, you must use the AWS IoT SiteWise console to get - // a URL that you can use to access the portal. + // The URL for the IoT SiteWise Monitor portal. You can use this URL to access + // portals that use Amazon Web Services SSO for authentication. For portals + // that use IAM for authentication, you must use the IoT SiteWise console to + // get a URL that you can use to access the portal. // // PortalStartUrl is a required field PortalStartUrl *string `locationName:"portalStartUrl" min:"1" type:"string" required:"true"` @@ -9959,7 +10170,8 @@ type CreatePortalOutput struct { // PortalStatus is a required field PortalStatus *PortalStatus `locationName:"portalStatus" type:"structure" required:"true"` - // The associated AWS SSO application ID, if the portal uses AWS SSO. + // The associated Amazon Web Services SSO application ID, if the portal uses + // Amazon Web Services SSO. // // SsoApplicationId is a required field SsoApplicationId *string `locationName:"ssoApplicationId" min:"1" type:"string" required:"true"` @@ -10027,8 +10239,8 @@ type CreateProjectInput struct { ProjectName *string `locationName:"projectName" min:"1" type:"string" required:"true"` // A list of key-value pairs that contain metadata for the project. For more - // information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -10142,6 +10354,70 @@ func (s *CreateProjectOutput) SetProjectId(v string) *CreateProjectOutput { return s } +// Contains information about a customer managed Amazon S3 bucket. +type CustomerManagedS3Storage struct { + _ struct{} `type:"structure"` + + // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of the Identity and Access Management role that allows IoT SiteWise to send + // data to Amazon S3. + // + // RoleArn is a required field + RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"` + + // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // of the Amazon S3 object. For more information about how to find the ARN for + // an Amazon S3 object, see Amazon S3 resources (https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-arn-format.html) + // in the Amazon Simple Storage Service User Guide. + // + // S3ResourceArn is a required field + S3ResourceArn *string `locationName:"s3ResourceArn" min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s CustomerManagedS3Storage) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s CustomerManagedS3Storage) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CustomerManagedS3Storage) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CustomerManagedS3Storage"} + if s.RoleArn == nil { + invalidParams.Add(request.NewErrParamRequired("RoleArn")) + } + if s.RoleArn != nil && len(*s.RoleArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("RoleArn", 1)) + } + if s.S3ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("S3ResourceArn")) + } + if s.S3ResourceArn != nil && len(*s.S3ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("S3ResourceArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetRoleArn sets the RoleArn field's value. +func (s *CustomerManagedS3Storage) SetRoleArn(v string) *CustomerManagedS3Storage { + s.RoleArn = &v + return s +} + +// SetS3ResourceArn sets the S3ResourceArn field's value. +func (s *CustomerManagedS3Storage) SetS3ResourceArn(v string) *CustomerManagedS3Storage { + s.S3ResourceArn = &v + return s +} + // Contains a dashboard summary. type DashboardSummary struct { _ struct{} `type:"structure"` @@ -10773,8 +11049,8 @@ type DescribeAccessPolicyOutput struct { // AccessPolicyId is a required field AccessPolicyId *string `locationName:"accessPolicyId" min:"36" type:"string" required:"true"` - // The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access - // policy applies. + // The identity (Amazon Web Services SSO user, Amazon Web Services SSO group, + // or IAM user) to which this access policy applies. // // AccessPolicyIdentity is a required field AccessPolicyIdentity *Identity `locationName:"accessPolicyIdentity" type:"structure" required:"true"` @@ -10790,7 +11066,7 @@ type DescribeAccessPolicyOutput struct { // AccessPolicyPermission is a required field AccessPolicyPermission *string `locationName:"accessPolicyPermission" type:"string" required:"true" enum:"Permission"` - // The AWS IoT SiteWise Monitor resource (portal or project) to which this access + // The IoT SiteWise Monitor resource (portal or project) to which this access // policy provides access. // // AccessPolicyResource is a required field @@ -11379,7 +11655,7 @@ type DescribeDashboardOutput struct { // The dashboard's definition JSON literal. For detailed information, see Creating // dashboards (CLI) (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/create-dashboards-using-aws-cli.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // DashboardDefinition is a required field DashboardDefinition *string `locationName:"dashboardDefinition" type:"string" required:"true"` @@ -11494,8 +11770,8 @@ type DescribeDefaultEncryptionConfigurationOutput struct { // EncryptionType is a required field EncryptionType *string `locationName:"encryptionType" type:"string" required:"true" enum:"EncryptionType"` - // The key ARN of the customer managed customer master key (CMK) used for AWS - // KMS encryption if you use KMS_BASED_ENCRYPTION. + // The key ARN of the customer managed customer master key (CMK) used for KMS + // encryption if you use KMS_BASED_ENCRYPTION. KmsKeyArn *string `locationName:"kmsKeyArn" min:"1" type:"string"` } @@ -11531,9 +11807,9 @@ type DescribeGatewayCapabilityConfigurationInput struct { _ struct{} `type:"structure"` // The namespace of the capability configuration. For example, if you configure - // OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability - // configuration has the namespace iotsitewise:opcuacollector:version, where - // version is a number such as 1. + // OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration + // has the namespace iotsitewise:opcuacollector:version, where version is a + // number such as 1. // // CapabilityNamespace is a required field CapabilityNamespace *string `location:"uri" locationName:"capabilityNamespace" min:"1" type:"string" required:"true"` @@ -11593,7 +11869,7 @@ type DescribeGatewayCapabilityConfigurationOutput struct { // The JSON document that defines the gateway capability's configuration. For // more information, see Configuring data sources (CLI) (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/configure-sources.html#configure-source-cli) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // CapabilityConfiguration is a required field CapabilityConfiguration *string `locationName:"capabilityConfiguration" min:"1" type:"string" required:"true"` @@ -11874,7 +12150,7 @@ func (s *DescribePortalInput) SetPortalId(v string) *DescribePortalInput { type DescribePortalOutput struct { _ struct{} `type:"structure"` - // Contains the configuration information of an alarm created in a AWS IoT SiteWise + // Contains the configuration information of an alarm created in an IoT SiteWise // Monitor portal. Alarms *Alarms `locationName:"alarms" type:"structure"` @@ -11892,14 +12168,14 @@ type DescribePortalOutput struct { // The service to use to authenticate users to the portal. PortalAuthMode *string `locationName:"portalAuthMode" type:"string" enum:"AuthMode"` - // The AWS SSO application generated client ID (used with AWS SSO APIs). AWS - // IoT SiteWise includes portalClientId for only portals that use AWS SSO to - // authenticate users. + // The Amazon Web Services SSO application generated client ID (used with Amazon + // Web Services SSO APIs). IoT SiteWise includes portalClientId for only portals + // that use Amazon Web Services SSO to authenticate users. // // PortalClientId is a required field PortalClientId *string `locationName:"portalClientId" min:"1" type:"string" required:"true"` - // The AWS administrator's contact email address. + // The Amazon Web Services administrator's contact email address. // // PortalContactEmail is a required field PortalContactEmail *string `locationName:"portalContactEmail" min:"1" type:"string" required:"true"` @@ -11930,10 +12206,10 @@ type DescribePortalOutput struct { // PortalName is a required field PortalName *string `locationName:"portalName" min:"1" type:"string" required:"true"` - // The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to - // access portals that use AWS SSO for authentication. For portals that use - // IAM for authentication, you must use the AWS IoT SiteWise console to get - // a URL that you can use to access the portal. + // The URL for the IoT SiteWise Monitor portal. You can use this URL to access + // portals that use Amazon Web Services SSO for authentication. For portals + // that use IAM for authentication, you must use the IoT SiteWise console to + // get a URL that you can use to access the portal. // // PortalStartUrl is a required field PortalStartUrl *string `locationName:"portalStartUrl" min:"1" type:"string" required:"true"` @@ -11944,10 +12220,10 @@ type DescribePortalOutput struct { PortalStatus *PortalStatus `locationName:"portalStatus" type:"structure" required:"true"` // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of the service role that allows the portal's users to access your AWS IoT - // SiteWise resources on your behalf. For more information, see Using service - // roles for AWS IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) - // in the AWS IoT SiteWise User Guide. + // of the service role that allows the portal's users to access your IoT SiteWise + // resources on your behalf. For more information, see Using service roles for + // IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) + // in the IoT SiteWise User Guide. RoleArn *string `locationName:"roleArn" min:"1" type:"string"` } @@ -12184,6 +12460,82 @@ func (s *DescribeProjectOutput) SetProjectName(v string) *DescribeProjectOutput return s } +type DescribeStorageConfigurationInput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s DescribeStorageConfigurationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeStorageConfigurationInput) GoString() string { + return s.String() +} + +type DescribeStorageConfigurationOutput struct { + _ struct{} `type:"structure"` + + // Contains current status information for the configuration. + // + // ConfigurationStatus is a required field + ConfigurationStatus *ConfigurationStatus `locationName:"configurationStatus" type:"structure" required:"true"` + + // The date the storage configuration was last updated, in Unix epoch time. + LastUpdateDate *time.Time `locationName:"lastUpdateDate" type:"timestamp"` + + // Contains information about the storage destination. + MultiLayerStorage *MultiLayerStorage `locationName:"multiLayerStorage" type:"structure"` + + // The type of storage that you specified for your data. The storage type can + // be one of the following values: + // + // * SITEWISE_DEFAULT_STORAGE – IoT SiteWise replicates your data into + // a service managed database. + // + // * MULTI_LAYER_STORAGE – IoT SiteWise replicates your data into a service + // managed database and saves a copy of your raw data and metadata in an + // Amazon S3 object that you specified. + // + // StorageType is a required field + StorageType *string `locationName:"storageType" type:"string" required:"true" enum:"StorageType"` +} + +// String returns the string representation +func (s DescribeStorageConfigurationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s DescribeStorageConfigurationOutput) GoString() string { + return s.String() +} + +// SetConfigurationStatus sets the ConfigurationStatus field's value. +func (s *DescribeStorageConfigurationOutput) SetConfigurationStatus(v *ConfigurationStatus) *DescribeStorageConfigurationOutput { + s.ConfigurationStatus = v + return s +} + +// SetLastUpdateDate sets the LastUpdateDate field's value. +func (s *DescribeStorageConfigurationOutput) SetLastUpdateDate(v time.Time) *DescribeStorageConfigurationOutput { + s.LastUpdateDate = &v + return s +} + +// SetMultiLayerStorage sets the MultiLayerStorage field's value. +func (s *DescribeStorageConfigurationOutput) SetMultiLayerStorage(v *MultiLayerStorage) *DescribeStorageConfigurationOutput { + s.MultiLayerStorage = v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *DescribeStorageConfigurationOutput) SetStorageType(v string) *DescribeStorageConfigurationOutput { + s.StorageType = &v + return s +} + type DisassociateAssetsInput struct { _ struct{} `type:"structure"` @@ -12206,7 +12558,7 @@ type DisassociateAssetsInput struct { // groupings of assets to be formed that all come from the same asset model. // You can use the hierarchy ID to identify the correct asset to disassociate. // For more information, see Asset hierarchies (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-hierarchies.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // HierarchyId is a required field HierarchyId *string `locationName:"hierarchyId" min:"36" type:"string" required:"true"` @@ -12291,7 +12643,7 @@ func (s DisassociateAssetsOutput) GoString() string { return s.String() } -// Contains the details of an AWS IoT SiteWise error. +// Contains the details of an IoT SiteWise error. type ErrorDetails struct { _ struct{} `type:"structure"` @@ -12394,9 +12746,9 @@ type GatewayCapabilitySummary struct { _ struct{} `type:"structure"` // The namespace of the capability configuration. For example, if you configure - // OPC-UA sources from the AWS IoT SiteWise console, your OPC-UA capability - // configuration has the namespace iotsitewise:opcuacollector:version, where - // version is a number such as 1. + // OPC-UA sources from the IoT SiteWise console, your OPC-UA capability configuration + // has the namespace iotsitewise:opcuacollector:version, where version is a + // number such as 1. // // CapabilityNamespace is a required field CapabilityNamespace *string `locationName:"capabilityNamespace" min:"1" type:"string" required:"true"` @@ -12440,7 +12792,7 @@ func (s *GatewayCapabilitySummary) SetCapabilitySyncStatus(v string) *GatewayCap type GatewayPlatform struct { _ struct{} `type:"structure"` - // A gateway that runs on AWS IoT Greengrass. + // A gateway that runs on IoT Greengrass. // // Greengrass is a required field Greengrass *Greengrass `locationName:"greengrass" type:"structure" required:"true"` @@ -12568,7 +12920,7 @@ type GetAssetPropertyAggregatesInput struct { // EndDate is a required field EndDate *time.Time `location:"querystring" locationName:"endDate" type:"timestamp" required:"true"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 100 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -12576,11 +12928,10 @@ type GetAssetPropertyAggregatesInput struct { // The token to be used for the next set of paginated results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. PropertyAlias *string `location:"querystring" locationName:"propertyAlias" min:"1" type:"string"` // The ID of the asset property. @@ -12773,7 +13124,7 @@ type GetAssetPropertyValueHistoryInput struct { // in seconds in Unix epoch time. EndDate *time.Time `location:"querystring" locationName:"endDate" type:"timestamp"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 100 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -12781,11 +13132,10 @@ type GetAssetPropertyValueHistoryInput struct { // The token to be used for the next set of paginated results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. PropertyAlias *string `location:"querystring" locationName:"propertyAlias" min:"1" type:"string"` // The ID of the asset property. @@ -12937,11 +13287,10 @@ type GetAssetPropertyValueInput struct { // The ID of the asset. AssetId *string `location:"querystring" locationName:"assetId" min:"36" type:"string"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. PropertyAlias *string `location:"querystring" locationName:"propertyAlias" min:"1" type:"string"` // The ID of the asset property. @@ -13039,18 +13388,17 @@ type GetInterpolatedAssetPropertyValuesInput struct { // IntervalInSeconds is a required field IntervalInSeconds *int64 `location:"querystring" locationName:"intervalInSeconds" min:"1" type:"long" required:"true"` - // The maximum number of results to be returned per paginated request. If not + // The maximum number of results to return for each paginated request. If not // specified, the default value is 10. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` // The token to be used for the next set of paginated results. NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. PropertyAlias *string `location:"querystring" locationName:"propertyAlias" min:"1" type:"string"` // The ID of the asset property. @@ -13248,12 +13596,12 @@ func (s *GetInterpolatedAssetPropertyValuesOutput) SetNextToken(v string) *GetIn return s } -// Contains details for a gateway that runs on AWS IoT Greengrass. To create -// a gateway that runs on AWS IoT Greengrass, you must add the IoT SiteWise -// connector to a Greengrass group and deploy it. Your Greengrass group must -// also have permissions to upload data to AWS IoT SiteWise. For more information, -// see Ingesting data using a gateway (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/gateway-connector.html) -// in the AWS IoT SiteWise User Guide. +// Contains details for a gateway that runs on IoT Greengrass. To create a gateway +// that runs on IoT Greengrass, you must add the IoT SiteWise connector to a +// Greengrass group and deploy it. Your Greengrass group must also have permissions +// to upload data to IoT SiteWise. For more information, see Ingesting data +// using a gateway (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/gateway-connector.html) +// in the IoT SiteWise User Guide. type Greengrass struct { _ struct{} `type:"structure"` @@ -13261,7 +13609,7 @@ type Greengrass struct { // of the Greengrass group. For more information about how to find a group's // ARN, see ListGroups (https://docs.aws.amazon.com/greengrass/latest/apireference/listgroups-get.html) // and GetGroup (https://docs.aws.amazon.com/greengrass/latest/apireference/getgroup-get.html) - // in the AWS IoT Greengrass API Reference. + // in the IoT Greengrass API Reference. // // GroupArn is a required field GroupArn *string `locationName:"groupArn" min:"1" type:"string" required:"true"` @@ -13303,7 +13651,7 @@ func (s *Greengrass) SetGroupArn(v string) *Greengrass { type GroupIdentity struct { _ struct{} `type:"structure"` - // The AWS SSO ID of the group. + // The Amazon Web Services SSO ID of the group. // // Id is a required field Id *string `locationName:"id" min:"1" type:"string" required:"true"` @@ -13341,8 +13689,8 @@ func (s *GroupIdentity) SetId(v string) *GroupIdentity { return s } -// Contains information about an AWS Identity and Access Management (IAM) role. -// For more information, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) +// Contains information about an Identity and Access Management role. For more +// information, see IAM roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) // in the IAM User Guide. type IAMRoleIdentity struct { _ struct{} `type:"structure"` @@ -13386,7 +13734,7 @@ func (s *IAMRoleIdentity) SetArn(v string) *IAMRoleIdentity { return s } -// Contains information about an AWS Identity and Access Management (IAM) user. +// Contains information about an Identity and Access Management user. type IAMUserIdentity struct { _ struct{} `type:"structure"` @@ -13433,15 +13781,16 @@ func (s *IAMUserIdentity) SetArn(v string) *IAMUserIdentity { return s } -// Contains an identity that can access an AWS IoT SiteWise Monitor resource. +// Contains an identity that can access an IoT SiteWise Monitor resource. // -// Currently, you can't use AWS APIs to retrieve AWS SSO identity IDs. You can -// find the AWS SSO identity IDs in the URL of user and group pages in the AWS -// SSO console (https://console.aws.amazon.com/singlesignon). +// Currently, you can't use Amazon Web Services APIs to retrieve Amazon Web +// Services SSO identity IDs. You can find the Amazon Web Services SSO identity +// IDs in the URL of user and group pages in the Amazon Web Services SSO console +// (https://console.aws.amazon.com/singlesignon). type Identity struct { _ struct{} `type:"structure"` - // An AWS SSO group identity. + // An Amazon Web Services SSO group identity. Group *GroupIdentity `locationName:"group" type:"structure"` // An IAM role identity. @@ -13450,7 +13799,7 @@ type Identity struct { // An IAM user identity. IamUser *IAMUserIdentity `locationName:"iamUser" type:"structure"` - // An AWS SSO user identity. + // An Amazon Web Services SSO user identity. User *UserIdentity `locationName:"user" type:"structure"` } @@ -13633,8 +13982,7 @@ func (s *ImageFile) SetType(v string) *ImageFile { return s } -// Contains an image that is uploaded to AWS IoT SiteWise and available at a -// URL. +// Contains an image that is uploaded to IoT SiteWise and available at a URL. type ImageLocation struct { _ struct{} `type:"structure"` @@ -13672,7 +14020,7 @@ func (s *ImageLocation) SetUrl(v string) *ImageLocation { return s } -// AWS IoT SiteWise can't process your request right now. Try again later. +// IoT SiteWise can't process your request right now. Try again later. type InternalFailureException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -13827,7 +14175,7 @@ func (s *InvalidRequestException) RequestID() string { // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type LimitExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -13895,11 +14243,11 @@ type ListAccessPoliciesInput struct { // GROUP for identityType. IdentityId *string `location:"querystring" locationName:"identityId" min:"1" type:"string"` - // The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter - // is required if you specify identityId. + // The type of identity (Amazon Web Services SSO user, Amazon Web Services SSO + // group, or IAM user). This parameter is required if you specify identityId. IdentityType *string `location:"querystring" locationName:"identityType" type:"string" enum:"IdentityType"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14030,7 +14378,7 @@ func (s *ListAccessPoliciesOutput) SetNextToken(v string) *ListAccessPoliciesOut type ListAssetModelsInput struct { _ struct{} `type:"structure"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14120,7 +14468,7 @@ type ListAssetRelationshipsInput struct { // AssetId is a required field AssetId *string `location:"uri" locationName:"assetId" min:"36" type:"string" required:"true"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` // The token to be used for the next set of paginated results. @@ -14250,7 +14598,7 @@ type ListAssetsInput struct { // Default: ALL Filter *string `location:"querystring" locationName:"filter" type:"string" enum:"ListAssetsFilter"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14361,10 +14709,10 @@ type ListAssociatedAssetsInput struct { // operations. This parameter is required if you choose CHILD for traversalDirection. // // For more information, see Asset hierarchies (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-hierarchies.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. HierarchyId *string `location:"querystring" locationName:"hierarchyId" min:"36" type:"string"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14486,7 +14834,7 @@ func (s *ListAssociatedAssetsOutput) SetNextToken(v string) *ListAssociatedAsset type ListDashboardsInput struct { _ struct{} `type:"structure"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14588,7 +14936,7 @@ func (s *ListDashboardsOutput) SetNextToken(v string) *ListDashboardsOutput { type ListGatewaysInput struct { _ struct{} `type:"structure"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14673,7 +15021,7 @@ func (s *ListGatewaysOutput) SetNextToken(v string) *ListGatewaysOutput { type ListPortalsInput struct { _ struct{} `type:"structure"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14756,7 +15104,7 @@ func (s *ListPortalsOutput) SetPortalSummaries(v []*PortalSummary) *ListPortalsO type ListProjectAssetsInput struct { _ struct{} `type:"structure"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -14858,7 +15206,7 @@ func (s *ListProjectAssetsOutput) SetNextToken(v string) *ListProjectAssetsOutpu type ListProjectsInput struct { _ struct{} `type:"structure"` - // The maximum number of results to be returned per paginated request. + // The maximum number of results to return for each paginated request. // // Default: 50 MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"` @@ -15003,8 +15351,8 @@ type ListTagsForResourceOutput struct { _ struct{} `type:"structure"` // The list of key-value pairs that contain metadata for the resource. For more - // information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. Tags map[string]*string `locationName:"tags" min:"1" type:"map"` } @@ -15028,7 +15376,7 @@ func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForRe type LoggingOptions struct { _ struct{} `type:"structure"` - // The AWS IoT SiteWise logging verbosity level. + // The IoT SiteWise logging verbosity level. // // Level is a required field Level *string `locationName:"level" type:"string" required:"true" enum:"LoggingLevel"` @@ -15065,7 +15413,7 @@ func (s *LoggingOptions) SetLevel(v string) *LoggingOptions { // Contains an asset measurement property. For more information, see Measurements // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-properties.html#measurements) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type Measurement struct { _ struct{} `type:"structure"` } @@ -15092,7 +15440,7 @@ func (s Measurement) GoString() string { // DOUBLE. // // For more information, see Metrics (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-properties.html#metrics) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type Metric struct { _ struct{} `type:"structure"` @@ -15101,7 +15449,7 @@ type Metric struct { // 10 functions per expression. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // Expression is a required field Expression *string `locationName:"expression" min:"1" type:"string" required:"true"` @@ -15111,8 +15459,8 @@ type Metric struct { // Variables is a required field Variables []*ExpressionVariable `locationName:"variables" type:"list" required:"true"` - // The window (time interval) over which AWS IoT SiteWise computes the metric's - // aggregation expression. AWS IoT SiteWise computes one data point per window. + // The window (time interval) over which IoT SiteWise computes the metric's + // aggregation expression. IoT SiteWise computes one data point per window. // // Window is a required field Window *MetricWindow `locationName:"window" type:"structure" required:"true"` @@ -15223,7 +15571,7 @@ func (s *MetricWindow) SetTumbling(v *TumblingWindow) *MetricWindow { return s } -// Contains AWS IoT SiteWise Monitor error details. +// Contains IoT SiteWise Monitor error details. type MonitorErrorDetails struct { _ struct{} `type:"structure"` @@ -15256,7 +15604,51 @@ func (s *MonitorErrorDetails) SetMessage(v string) *MonitorErrorDetails { return s } -// Identifies an AWS IoT SiteWise Monitor portal. +// Contains information about the storage destination. +type MultiLayerStorage struct { + _ struct{} `type:"structure"` + + // Contains information about a customer managed Amazon S3 bucket. + // + // CustomerManagedS3Storage is a required field + CustomerManagedS3Storage *CustomerManagedS3Storage `locationName:"customerManagedS3Storage" type:"structure" required:"true"` +} + +// String returns the string representation +func (s MultiLayerStorage) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s MultiLayerStorage) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *MultiLayerStorage) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "MultiLayerStorage"} + if s.CustomerManagedS3Storage == nil { + invalidParams.Add(request.NewErrParamRequired("CustomerManagedS3Storage")) + } + if s.CustomerManagedS3Storage != nil { + if err := s.CustomerManagedS3Storage.Validate(); err != nil { + invalidParams.AddNested("CustomerManagedS3Storage", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCustomerManagedS3Storage sets the CustomerManagedS3Storage field's value. +func (s *MultiLayerStorage) SetCustomerManagedS3Storage(v *CustomerManagedS3Storage) *MultiLayerStorage { + s.CustomerManagedS3Storage = v + return s +} + +// Identifies an IoT SiteWise Monitor portal. type PortalResource struct { _ struct{} `type:"structure"` @@ -15357,16 +15749,16 @@ type PortalSummary struct { Name *string `locationName:"name" min:"1" type:"string" required:"true"` // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of the service role that allows the portal's users to access your AWS IoT - // SiteWise resources on your behalf. For more information, see Using service - // roles for AWS IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) - // in the AWS IoT SiteWise User Guide. + // of the service role that allows the portal's users to access your IoT SiteWise + // resources on your behalf. For more information, see Using service roles for + // IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) + // in the IoT SiteWise User Guide. RoleArn *string `locationName:"roleArn" min:"1" type:"string"` - // The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to - // access portals that use AWS SSO for authentication. For portals that use - // IAM for authentication, you must use the AWS IoT SiteWise console to get - // a URL that you can use to access the portal. + // The URL for the IoT SiteWise Monitor portal. You can use this URL to access + // portals that use Amazon Web Services SSO for authentication. For portals + // that use IAM for authentication, you must use the IoT SiteWise console to + // get a URL that you can use to access the portal. // // StartUrl is a required field StartUrl *string `locationName:"startUrl" min:"1" type:"string" required:"true"` @@ -15435,7 +15827,7 @@ func (s *PortalSummary) SetStatus(v *PortalStatus) *PortalSummary { return s } -// Identifies a specific AWS IoT SiteWise Monitor project. +// Identifies a specific IoT SiteWise Monitor project. type ProjectResource struct { _ struct{} `type:"structure"` @@ -15545,11 +15937,10 @@ func (s *ProjectSummary) SetName(v string) *ProjectSummary { type Property struct { _ struct{} `type:"structure"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. Alias *string `locationName:"alias" min:"1" type:"string"` // The property data type. @@ -15631,10 +16022,9 @@ func (s *Property) SetUnit(v string) *Property { } // Contains asset property value notification information. When the notification -// state is enabled, AWS IoT SiteWise publishes property value updates to a -// unique MQTT topic. For more information, see Interacting with other services -// (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/interact-with-other-services.html) -// in the AWS IoT SiteWise User Guide. +// state is enabled, IoT SiteWise publishes property value updates to a unique +// MQTT topic. For more information, see Interacting with other services (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/interact-with-other-services.html) +// in the IoT SiteWise User Guide. type PropertyNotification struct { _ struct{} `type:"structure"` @@ -15643,8 +16033,7 @@ type PropertyNotification struct { // State is a required field State *string `locationName:"state" type:"string" required:"true" enum:"PropertyNotificationState"` - // The MQTT topic to which AWS IoT SiteWise publishes property value update - // notifications. + // The MQTT topic to which IoT SiteWise publishes property value update notifications. // // Topic is a required field Topic *string `locationName:"topic" type:"string" required:"true"` @@ -15773,11 +16162,10 @@ type PutAssetPropertyValueEntry struct { // EntryId is a required field EntryId *string `locationName:"entryId" min:"1" type:"string" required:"true"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. PropertyAlias *string `locationName:"propertyAlias" min:"1" type:"string"` // The ID of the asset property for this entry. @@ -15876,8 +16264,8 @@ type PutDefaultEncryptionConfigurationInput struct { // EncryptionType is a required field EncryptionType *string `locationName:"encryptionType" type:"string" required:"true" enum:"EncryptionType"` - // The Key ID of the customer managed customer master key (CMK) used for AWS - // KMS encryption. This is required if you use KMS_BASED_ENCRYPTION. + // The Key ID of the customer managed customer master key (CMK) used for KMS + // encryption. This is required if you use KMS_BASED_ENCRYPTION. KmsKeyId *string `locationName:"kmsKeyId" min:"1" type:"string"` } @@ -15933,7 +16321,7 @@ type PutDefaultEncryptionConfigurationOutput struct { // EncryptionType is a required field EncryptionType *string `locationName:"encryptionType" type:"string" required:"true" enum:"EncryptionType"` - // The Key ARN of the AWS KMS CMK used for AWS KMS encryption if you use KMS_BASED_ENCRYPTION. + // The Key ARN of the KMS CMK used for KMS encryption if you use KMS_BASED_ENCRYPTION. KmsKeyArn *string `locationName:"kmsKeyArn" min:"1" type:"string"` } @@ -16022,7 +16410,121 @@ func (s PutLoggingOptionsOutput) GoString() string { return s.String() } -// Contains an AWS IoT SiteWise Monitor resource ID for a portal or project. +type PutStorageConfigurationInput struct { + _ struct{} `type:"structure"` + + // Identifies a storage destination. If you specified MULTI_LAYER_STORAGE for + // the storage type, you must specify a MultiLayerStorage object. + MultiLayerStorage *MultiLayerStorage `locationName:"multiLayerStorage" type:"structure"` + + // The type of storage that you specified for your data. The storage type can + // be one of the following values: + // + // * SITEWISE_DEFAULT_STORAGE – IoT SiteWise replicates your data into + // a service managed database. + // + // * MULTI_LAYER_STORAGE – IoT SiteWise replicates your data into a service + // managed database and saves a copy of your raw data and metadata in an + // Amazon S3 object that you specified. + // + // StorageType is a required field + StorageType *string `locationName:"storageType" type:"string" required:"true" enum:"StorageType"` +} + +// String returns the string representation +func (s PutStorageConfigurationInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutStorageConfigurationInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *PutStorageConfigurationInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "PutStorageConfigurationInput"} + if s.StorageType == nil { + invalidParams.Add(request.NewErrParamRequired("StorageType")) + } + if s.MultiLayerStorage != nil { + if err := s.MultiLayerStorage.Validate(); err != nil { + invalidParams.AddNested("MultiLayerStorage", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMultiLayerStorage sets the MultiLayerStorage field's value. +func (s *PutStorageConfigurationInput) SetMultiLayerStorage(v *MultiLayerStorage) *PutStorageConfigurationInput { + s.MultiLayerStorage = v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *PutStorageConfigurationInput) SetStorageType(v string) *PutStorageConfigurationInput { + s.StorageType = &v + return s +} + +type PutStorageConfigurationOutput struct { + _ struct{} `type:"structure"` + + // Contains current status information for the configuration. + // + // ConfigurationStatus is a required field + ConfigurationStatus *ConfigurationStatus `locationName:"configurationStatus" type:"structure" required:"true"` + + // Contains information about the storage destination. + MultiLayerStorage *MultiLayerStorage `locationName:"multiLayerStorage" type:"structure"` + + // The type of storage that you specified for your data. The storage type can + // be one of the following values: + // + // * SITEWISE_DEFAULT_STORAGE – IoT SiteWise replicates your data into + // a service managed database. + // + // * MULTI_LAYER_STORAGE – IoT SiteWise replicates your data into a service + // managed database and saves a copy of your raw data and metadata in an + // Amazon S3 object that you specified. + // + // StorageType is a required field + StorageType *string `locationName:"storageType" type:"string" required:"true" enum:"StorageType"` +} + +// String returns the string representation +func (s PutStorageConfigurationOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s PutStorageConfigurationOutput) GoString() string { + return s.String() +} + +// SetConfigurationStatus sets the ConfigurationStatus field's value. +func (s *PutStorageConfigurationOutput) SetConfigurationStatus(v *ConfigurationStatus) *PutStorageConfigurationOutput { + s.ConfigurationStatus = v + return s +} + +// SetMultiLayerStorage sets the MultiLayerStorage field's value. +func (s *PutStorageConfigurationOutput) SetMultiLayerStorage(v *MultiLayerStorage) *PutStorageConfigurationOutput { + s.MultiLayerStorage = v + return s +} + +// SetStorageType sets the StorageType field's value. +func (s *PutStorageConfigurationOutput) SetStorageType(v string) *PutStorageConfigurationOutput { + s.StorageType = &v + return s +} + +// Contains an IoT SiteWise Monitor resource ID for a portal or project. type Resource struct { _ struct{} `type:"structure"` @@ -16263,8 +16765,8 @@ type TagResourceInput struct { ResourceArn *string `location:"querystring" locationName:"resourceArn" min:"1" type:"string" required:"true"` // A list of key-value pairs that contain metadata for the resource. For more - // information, see Tagging your AWS IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) - // in the AWS IoT SiteWise User Guide. + // information, see Tagging your IoT SiteWise resources (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/tag-resources.html) + // in the IoT SiteWise User Guide. // // Tags is a required field Tags map[string]*string `locationName:"tags" min:"1" type:"map" required:"true"` @@ -16329,11 +16831,11 @@ func (s TagResourceOutput) GoString() string { } // Your request exceeded a rate limit. For example, you might have exceeded -// the number of AWS IoT SiteWise assets that can be created per second, the -// allowed number of messages per second, and so on. +// the number of IoT SiteWise assets that can be created per second, the allowed +// number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type ThrottlingException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -16443,7 +16945,7 @@ func (s *TimeInNanos) SetTimeInSeconds(v int64) *TimeInNanos { // You've reached the limit for the number of tags allowed for a resource. For // more information, see Tag naming limits and requirements (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html#tag-conventions) -// in the AWS General Reference. +// in the Amazon Web Services General Reference. type TooManyTagsException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -16510,7 +17012,7 @@ func (s *TooManyTagsException) RequestID() string { // data types of INTEGER or DOUBLE. // // For more information, see Transforms (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-properties.html#transforms) -// in the AWS IoT SiteWise User Guide. +// in the IoT SiteWise User Guide. type Transform struct { _ struct{} `type:"structure"` @@ -16519,7 +17021,7 @@ type Transform struct { // per expression. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // Expression is a required field Expression *string `locationName:"expression" min:"1" type:"string" required:"true"` @@ -16588,14 +17090,14 @@ type TumblingWindow struct { _ struct{} `type:"structure"` // The time interval for the tumbling window. Note that w represents weeks, - // d represents days, h represents hours, and m represents minutes. AWS IoT - // SiteWise computes the 1w interval the end of Sunday at midnight each week - // (UTC), the 1d interval at the end of each day at midnight (UTC), the 1h interval - // at the end of each hour, and so on. + // d represents days, h represents hours, and m represents minutes. IoT SiteWise + // computes the 1w interval the end of Sunday at midnight each week (UTC), the + // 1d interval at the end of each day at midnight (UTC), the 1h interval at + // the end of each hour, and so on. // - // When AWS IoT SiteWise aggregates data points for metric computations, the - // start of each interval is exclusive and the end of each interval is inclusive. - // AWS IoT SiteWise places the computed data point at the end of the interval. + // When IoT SiteWise aggregates data points for metric computations, the start + // of each interval is exclusive and the end of each interval is inclusive. + // IoT SiteWise places the computed data point at the end of the interval. // // Interval is a required field Interval *string `locationName:"interval" min:"2" type:"string" required:"true"` @@ -16767,8 +17269,8 @@ type UpdateAccessPolicyInput struct { // AccessPolicyId is a required field AccessPolicyId *string `location:"uri" locationName:"accessPolicyId" min:"36" type:"string" required:"true"` - // The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, - // or an IAM user. + // The identity for this access policy. Choose an Amazon Web Services SSO user, + // an Amazon Web Services SSO group, or an IAM user. // // AccessPolicyIdentity is a required field AccessPolicyIdentity *Identity `locationName:"accessPolicyIdentity" type:"structure" required:"true"` @@ -16779,8 +17281,8 @@ type UpdateAccessPolicyInput struct { // AccessPolicyPermission is a required field AccessPolicyPermission *string `locationName:"accessPolicyPermission" type:"string" required:"true" enum:"Permission"` - // The AWS IoT SiteWise Monitor resource for this access policy. Choose either - // a portal or a project. + // The IoT SiteWise Monitor resource for this access policy. Choose either a + // portal or a project. // // AccessPolicyResource is a required field AccessPolicyResource *Resource `locationName:"accessPolicyResource" type:"structure" required:"true"` @@ -16970,11 +17472,11 @@ type UpdateAssetModelInput struct { // The updated hierarchy definitions of the asset model. Each hierarchy specifies // an asset model whose assets can be children of any other assets created from // this asset model. For more information, see Asset hierarchies (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-hierarchies.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // You can specify up to 10 hierarchies per asset model. For more information, // see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. AssetModelHierarchies []*AssetModelHierarchy `locationName:"assetModelHierarchies" type:"list"` // The ID of the asset model to update. @@ -16989,11 +17491,11 @@ type UpdateAssetModelInput struct { // The updated property definitions of the asset model. For more information, // see Asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-properties.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // You can specify up to 200 properties per asset model. For more information, // see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. AssetModelProperties []*AssetModelProperty `locationName:"assetModelProperties" type:"list"` // A unique case-sensitive identifier that you can provide to ensure the idempotency @@ -17177,11 +17679,10 @@ type UpdateAssetPropertyInput struct { // is required. ClientToken *string `locationName:"clientToken" min:"36" type:"string" idempotencyToken:"true"` - // The property alias that identifies the property, such as an OPC-UA server - // data stream path (for example, /company/windfarm/3/turbine/7/temperature). - // For more information, see Mapping industrial data streams to asset properties - // (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) - // in the AWS IoT SiteWise User Guide. + // The alias that identifies the property, such as an OPC-UA server data stream + // path (for example, /company/windfarm/3/turbine/7/temperature). For more information, + // see Mapping industrial data streams to asset properties (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/connect-data-streams.html) + // in the IoT SiteWise User Guide. // // If you omit this parameter, the alias is removed from the property. PropertyAlias *string `locationName:"propertyAlias" min:"1" type:"string"` @@ -17192,10 +17693,10 @@ type UpdateAssetPropertyInput struct { PropertyId *string `location:"uri" locationName:"propertyId" min:"36" type:"string" required:"true"` // The MQTT notification state (enabled or disabled) for this asset property. - // When the notification state is enabled, AWS IoT SiteWise publishes property - // value updates to a unique MQTT topic. For more information, see Interacting - // with other services (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/interact-with-other-services.html) - // in the AWS IoT SiteWise User Guide. + // When the notification state is enabled, IoT SiteWise publishes property value + // updates to a unique MQTT topic. For more information, see Interacting with + // other services (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/interact-with-other-services.html) + // in the IoT SiteWise User Guide. // // If you omit this parameter, the notification state is set to DISABLED. PropertyNotificationState *string `locationName:"propertyNotificationState" type:"string" enum:"PropertyNotificationState"` @@ -17293,7 +17794,7 @@ type UpdateDashboardInput struct { // The new dashboard definition, as specified in a JSON literal. For detailed // information, see Creating dashboards (CLI) (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/create-dashboards-using-aws-cli.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // DashboardDefinition is a required field DashboardDefinition *string `locationName:"dashboardDefinition" type:"string" required:"true"` @@ -17402,14 +17903,14 @@ type UpdateGatewayCapabilityConfigurationInput struct { // The JSON document that defines the configuration for the gateway capability. // For more information, see Configuring data sources (CLI) (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/configure-sources.html#configure-source-cli) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. // // CapabilityConfiguration is a required field CapabilityConfiguration *string `locationName:"capabilityConfiguration" min:"1" type:"string" required:"true"` // The namespace of the gateway capability configuration to be updated. For - // example, if you configure OPC-UA sources from the AWS IoT SiteWise console, - // your OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, + // example, if you configure OPC-UA sources from the IoT SiteWise console, your + // OPC-UA capability configuration has the namespace iotsitewise:opcuacollector:version, // where version is a number such as 1. // // CapabilityNamespace is a required field @@ -17598,10 +18099,11 @@ func (s UpdateGatewayOutput) GoString() string { type UpdatePortalInput struct { _ struct{} `type:"structure"` - // Contains the configuration information of an alarm created in an AWS IoT - // SiteWise Monitor portal. You can use the alarm to monitor an asset property - // and get notified when the asset property value is outside a specified range. - // For more information, see . + // Contains the configuration information of an alarm created in an IoT SiteWise + // Monitor portal. You can use the alarm to monitor an asset property and get + // notified when the asset property value is outside a specified range. For + // more information, see Monitoring with alarms (https://docs.aws.amazon.com/iot-sitewise/latest/appguide/monitor-alarms.html) + // in the IoT SiteWise Application Guide. Alarms *Alarms `locationName:"alarms" type:"structure"` // A unique case-sensitive identifier that you can provide to ensure the idempotency @@ -17612,7 +18114,7 @@ type UpdatePortalInput struct { // The email address that sends alarm notifications. NotificationSenderEmail *string `locationName:"notificationSenderEmail" min:"1" type:"string"` - // The AWS administrator's contact email address. + // The Amazon Web Services administrator's contact email address. // // PortalContactEmail is a required field PortalContactEmail *string `locationName:"portalContactEmail" min:"1" type:"string" required:"true"` @@ -17639,10 +18141,10 @@ type UpdatePortalInput struct { PortalName *string `locationName:"portalName" min:"1" type:"string" required:"true"` // The ARN (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // of a service role that allows the portal's users to access your AWS IoT SiteWise + // of a service role that allows the portal's users to access your IoT SiteWise // resources on your behalf. For more information, see Using service roles for - // AWS IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) - // in the AWS IoT SiteWise User Guide. + // IoT SiteWise Monitor (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/monitor-service-role.html) + // in the IoT SiteWise User Guide. // // RoleArn is a required field RoleArn *string `locationName:"roleArn" min:"1" type:"string" required:"true"` @@ -17893,7 +18395,7 @@ func (s UpdateProjectOutput) GoString() string { type UserIdentity struct { _ struct{} `type:"structure"` - // The AWS SSO ID of the user. + // The Amazon Web Services SSO ID of the user. // // Id is a required field Id *string `locationName:"id" min:"1" type:"string" required:"true"` @@ -17942,7 +18444,7 @@ type VariableValue struct { // hierarchies using the same model and therefore the same propertyId. For example, // you might have separately grouped assets that come from the same asset model. // For more information, see Asset hierarchies (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/asset-hierarchies.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. HierarchyId *string `locationName:"hierarchyId" min:"1" type:"string"` // The ID of the property to use as the variable. You can use the property name @@ -18504,6 +19006,22 @@ func ResourceType_Values() []string { } } +const ( + // StorageTypeSitewiseDefaultStorage is a StorageType enum value + StorageTypeSitewiseDefaultStorage = "SITEWISE_DEFAULT_STORAGE" + + // StorageTypeMultiLayerStorage is a StorageType enum value + StorageTypeMultiLayerStorage = "MULTI_LAYER_STORAGE" +) + +// StorageType_Values returns all elements of the StorageType enum +func StorageType_Values() []string { + return []string{ + StorageTypeSitewiseDefaultStorage, + StorageTypeMultiLayerStorage, + } +} + const ( // TimeOrderingAscending is a TimeOrdering enum value TimeOrderingAscending = "ASCENDING" diff --git a/service/iotsitewise/doc.go b/service/iotsitewise/doc.go index d5ffcbde75e..2b9761fdefc 100644 --- a/service/iotsitewise/doc.go +++ b/service/iotsitewise/doc.go @@ -3,12 +3,12 @@ // Package iotsitewise provides the client and types for making API // requests to AWS IoT SiteWise. // -// Welcome to the AWS IoT SiteWise API Reference. AWS IoT SiteWise is an AWS -// service that connects Industrial Internet of Things (IIoT) (https://en.wikipedia.org/wiki/Internet_of_things#Industrial_applications) -// devices to the power of the AWS Cloud. For more information, see the AWS -// IoT SiteWise User Guide (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/). -// For information about AWS IoT SiteWise quotas, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) -// in the AWS IoT SiteWise User Guide. +// Welcome to the IoT SiteWise API Reference. IoT SiteWise is an Amazon Web +// Services service that connects Industrial Internet of Things (IIoT) (https://en.wikipedia.org/wiki/Internet_of_things#Industrial_applications) +// devices to the power of the Amazon Web Services Cloud. For more information, +// see the IoT SiteWise User Guide (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/). +// For information about IoT SiteWise quotas, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) +// in the IoT SiteWise User Guide. // // See https://docs.aws.amazon.com/goto/WebAPI/iotsitewise-2019-12-02 for more information on this service. // diff --git a/service/iotsitewise/errors.go b/service/iotsitewise/errors.go index 3e84bfef710..d083cdc6f9a 100644 --- a/service/iotsitewise/errors.go +++ b/service/iotsitewise/errors.go @@ -18,7 +18,7 @@ const ( // ErrCodeInternalFailureException for service response error code // "InternalFailureException". // - // AWS IoT SiteWise can't process your request right now. Try again later. + // IoT SiteWise can't process your request right now. Try again later. ErrCodeInternalFailureException = "InternalFailureException" // ErrCodeInvalidRequestException for service response error code @@ -36,7 +36,7 @@ const ( // to create more than the allowed number of properties for an asset model. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. ErrCodeLimitExceededException = "LimitExceededException" // ErrCodeResourceAlreadyExistsException for service response error code @@ -61,11 +61,11 @@ const ( // "ThrottlingException". // // Your request exceeded a rate limit. For example, you might have exceeded - // the number of AWS IoT SiteWise assets that can be created per second, the - // allowed number of messages per second, and so on. + // the number of IoT SiteWise assets that can be created per second, the allowed + // number of messages per second, and so on. // // For more information, see Quotas (https://docs.aws.amazon.com/iot-sitewise/latest/userguide/quotas.html) - // in the AWS IoT SiteWise User Guide. + // in the IoT SiteWise User Guide. ErrCodeThrottlingException = "ThrottlingException" // ErrCodeTooManyTagsException for service response error code @@ -73,7 +73,7 @@ const ( // // You've reached the limit for the number of tags allowed for a resource. For // more information, see Tag naming limits and requirements (https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html#tag-conventions) - // in the AWS General Reference. + // in the Amazon Web Services General Reference. ErrCodeTooManyTagsException = "TooManyTagsException" // ErrCodeUnauthorizedException for service response error code diff --git a/service/iotsitewise/iotsitewiseiface/interface.go b/service/iotsitewise/iotsitewiseiface/interface.go index 48210a0ab7a..c48e5c3315e 100644 --- a/service/iotsitewise/iotsitewiseiface/interface.go +++ b/service/iotsitewise/iotsitewiseiface/interface.go @@ -176,6 +176,10 @@ type IoTSiteWiseAPI interface { DescribeProjectWithContext(aws.Context, *iotsitewise.DescribeProjectInput, ...request.Option) (*iotsitewise.DescribeProjectOutput, error) DescribeProjectRequest(*iotsitewise.DescribeProjectInput) (*request.Request, *iotsitewise.DescribeProjectOutput) + DescribeStorageConfiguration(*iotsitewise.DescribeStorageConfigurationInput) (*iotsitewise.DescribeStorageConfigurationOutput, error) + DescribeStorageConfigurationWithContext(aws.Context, *iotsitewise.DescribeStorageConfigurationInput, ...request.Option) (*iotsitewise.DescribeStorageConfigurationOutput, error) + DescribeStorageConfigurationRequest(*iotsitewise.DescribeStorageConfigurationInput) (*request.Request, *iotsitewise.DescribeStorageConfigurationOutput) + DisassociateAssets(*iotsitewise.DisassociateAssetsInput) (*iotsitewise.DisassociateAssetsOutput, error) DisassociateAssetsWithContext(aws.Context, *iotsitewise.DisassociateAssetsInput, ...request.Option) (*iotsitewise.DisassociateAssetsOutput, error) DisassociateAssetsRequest(*iotsitewise.DisassociateAssetsInput) (*request.Request, *iotsitewise.DisassociateAssetsOutput) @@ -287,6 +291,10 @@ type IoTSiteWiseAPI interface { PutLoggingOptionsWithContext(aws.Context, *iotsitewise.PutLoggingOptionsInput, ...request.Option) (*iotsitewise.PutLoggingOptionsOutput, error) PutLoggingOptionsRequest(*iotsitewise.PutLoggingOptionsInput) (*request.Request, *iotsitewise.PutLoggingOptionsOutput) + PutStorageConfiguration(*iotsitewise.PutStorageConfigurationInput) (*iotsitewise.PutStorageConfigurationOutput, error) + PutStorageConfigurationWithContext(aws.Context, *iotsitewise.PutStorageConfigurationInput, ...request.Option) (*iotsitewise.PutStorageConfigurationOutput, error) + PutStorageConfigurationRequest(*iotsitewise.PutStorageConfigurationInput) (*request.Request, *iotsitewise.PutStorageConfigurationOutput) + TagResource(*iotsitewise.TagResourceInput) (*iotsitewise.TagResourceOutput, error) TagResourceWithContext(aws.Context, *iotsitewise.TagResourceInput, ...request.Option) (*iotsitewise.TagResourceOutput, error) TagResourceRequest(*iotsitewise.TagResourceInput) (*request.Request, *iotsitewise.TagResourceOutput) diff --git a/service/mq/api.go b/service/mq/api.go index 7a0fb4aed78..711635e9730 100644 --- a/service/mq/api.go +++ b/service/mq/api.go @@ -59,6 +59,40 @@ func (c *MQ) CreateBrokerRequest(input *CreateBrokerRequest) (req *request.Reque // // Creates a broker. Note: This API is asynchronous. // +// To create a broker, you must either use the AmazonMQFullAccess IAM policy +// or include the following EC2 permissions in your IAM policy. +// +// * ec2:CreateNetworkInterface This permission is required to allow Amazon +// MQ to create an elastic network interface (ENI) on behalf of your account. +// +// * ec2:CreateNetworkInterfacePermission This permission is required to +// attach the ENI to the broker instance. +// +// * ec2:DeleteNetworkInterface +// +// * ec2:DeleteNetworkInterfacePermission +// +// * ec2:DetachNetworkInterface +// +// * ec2:DescribeInternetGateways +// +// * ec2:DescribeNetworkInterfaces +// +// * ec2:DescribeNetworkInterfacePermissions +// +// * ec2:DescribeRouteTables +// +// * ec2:DescribeSecurityGroups +// +// * ec2:DescribeSubnets +// +// * ec2:DescribeVpcs +// +// For more information, see Create an IAM User and Get Your AWS Credentials +// (https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/amazon-mq-setting-up.html#create-iam-user) +// and Never Modify or Delete the Amazon MQ Elastic Network Interface (https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/connecting-to-amazon-mq.html#never-modify-delete-elastic-network-interface) +// in the Amazon MQ Developer Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2103,7 +2137,7 @@ func (s *BadRequestException) RequestID() string { type BrokerEngineType struct { _ struct{} `type:"structure"` - // The type of broker engine. + // The broker's engine type. EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` // The list of engine versions. @@ -2136,14 +2170,14 @@ func (s *BrokerEngineType) SetEngineVersions(v []*EngineVersion) *BrokerEngineTy type BrokerInstance struct { _ struct{} `type:"structure"` - // The URL of the broker's Web Console. + // The brokers web console URL. ConsoleURL *string `locationName:"consoleURL" type:"string"` // The broker's wire-level protocol endpoints. Endpoints []*string `locationName:"endpoints" type:"list"` // The IP address of the Elastic Network Interface (ENI) attached to the broker. - // Does not apply to RabbitMQ brokers + // Does not apply to RabbitMQ brokers. IpAddress *string `locationName:"ipAddress" type:"string"` } @@ -2182,10 +2216,10 @@ type BrokerInstanceOption struct { // The list of available az. AvailabilityZones []*AvailabilityZone `locationName:"availabilityZones" type:"list"` - // The type of broker engine. + // The broker's engine type. EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` - // The type of broker instance. + // The broker's instance type. HostInstanceType *string `locationName:"hostInstanceType" type:"string"` // The broker's storage type. @@ -2244,33 +2278,37 @@ func (s *BrokerInstanceOption) SetSupportedEngineVersions(v []*string) *BrokerIn return s } -// The Amazon Resource Name (ARN) of the broker. +// Returns information about all brokers. type BrokerSummary struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the broker. + // The broker's Amazon Resource Name (ARN). BrokerArn *string `locationName:"brokerArn" type:"string"` // The unique ID that Amazon MQ generates for the broker. BrokerId *string `locationName:"brokerId" type:"string"` - // The name of the broker. This value must be unique in your AWS account, 1-50 - // characters long, must contain only letters, numbers, dashes, and underscores, - // and must not contain whitespaces, brackets, wildcard characters, or special + // The broker's name. This value is unique in your AWS account, 1-50 characters + // long, and containing only letters, numbers, dashes, and underscores, and + // must not contain white spaces, brackets, wildcard characters, or special // characters. BrokerName *string `locationName:"brokerName" type:"string"` - // The status of the broker. + // The broker's status. BrokerState *string `locationName:"brokerState" type:"string" enum:"BrokerState"` // The time when the broker was created. Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601"` - // Required. The deployment mode of the broker. - DeploymentMode *string `locationName:"deploymentMode" type:"string" enum:"DeploymentMode"` + // The broker's deployment mode. + // + // DeploymentMode is a required field + DeploymentMode *string `locationName:"deploymentMode" type:"string" required:"true" enum:"DeploymentMode"` - // Required. The type of broker engine. - EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` + // The type of broker engine. + // + // EngineType is a required field + EngineType *string `locationName:"engineType" type:"string" required:"true" enum:"EngineType"` // The broker's instance type. HostInstanceType *string `locationName:"hostInstanceType" type:"string"` @@ -2339,35 +2377,54 @@ type Configuration struct { _ struct{} `type:"structure"` // Required. The ARN of the configuration. - Arn *string `locationName:"arn" type:"string"` + // + // Arn is a required field + Arn *string `locationName:"arn" type:"string" required:"true"` - // The authentication strategy associated with the configuration. - AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` + // Optional. The authentication strategy associated with the configuration. + // The default is SIMPLE. + // + // AuthenticationStrategy is a required field + AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" required:"true" enum:"AuthenticationStrategy"` // Required. The date and time of the configuration revision. - Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601"` + // + // Created is a required field + Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601" required:"true"` // Required. The description of the configuration. - Description *string `locationName:"description" type:"string"` + // + // Description is a required field + Description *string `locationName:"description" type:"string" required:"true"` - // Required. The type of broker engine. Note: Currently, Amazon MQ supports - // ACTIVEMQ and RABBITMQ. - EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` + // Required. The type of broker engine. Currently, Amazon MQ supports ACTIVEMQ + // and RABBITMQ. + // + // EngineType is a required field + EngineType *string `locationName:"engineType" type:"string" required:"true" enum:"EngineType"` - // Required. The version of the broker engine. For a list of supported engine - // versions, see https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html - EngineVersion *string `locationName:"engineVersion" type:"string"` + // Required. The broker engine's version. For a list of supported engine versions, + // see, Supported engines (https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/broker-engine.html). + // + // EngineVersion is a required field + EngineVersion *string `locationName:"engineVersion" type:"string" required:"true"` // Required. The unique ID that Amazon MQ generates for the configuration. - Id *string `locationName:"id" type:"string"` + // + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` // Required. The latest revision of the configuration. - LatestRevision *ConfigurationRevision `locationName:"latestRevision" type:"structure"` + // + // LatestRevision is a required field + LatestRevision *ConfigurationRevision `locationName:"latestRevision" type:"structure" required:"true"` // Required. The name of the configuration. This value can contain only alphanumeric // characters, dashes, periods, underscores, and tildes (- . _ ~). This value // must be 1-150 characters long. - Name *string `locationName:"name" type:"string"` + // + // Name is a required field + Name *string `locationName:"name" type:"string" required:"true"` // The list of all tags associated with this configuration. Tags map[string]*string `locationName:"tags" type:"map"` @@ -2443,13 +2500,16 @@ func (s *Configuration) SetTags(v map[string]*string) *Configuration { return s } -// A list of information about the configuration. Does not apply to RabbitMQ -// brokers. +// A list of information about the configuration. +// +// Does not apply to RabbitMQ brokers. type ConfigurationId struct { _ struct{} `type:"structure"` // Required. The unique ID that Amazon MQ generates for the configuration. - Id *string `locationName:"id" type:"string"` + // + // Id is a required field + Id *string `locationName:"id" type:"string" required:"true"` // The revision number of the configuration. Revision *int64 `locationName:"revision" type:"integer"` @@ -2465,6 +2525,19 @@ func (s ConfigurationId) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *ConfigurationId) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ConfigurationId"} + if s.Id == nil { + invalidParams.Add(request.NewErrParamRequired("Id")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetId sets the Id field's value. func (s *ConfigurationId) SetId(v string) *ConfigurationId { s.Id = &v @@ -2482,13 +2555,17 @@ type ConfigurationRevision struct { _ struct{} `type:"structure"` // Required. The date and time of the configuration revision. - Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601"` + // + // Created is a required field + Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601" required:"true"` // The description of the configuration revision. Description *string `locationName:"description" type:"string"` // Required. The revision number of the configuration. - Revision *int64 `locationName:"revision" type:"integer"` + // + // Revision is a required field + Revision *int64 `locationName:"revision" type:"integer" required:"true"` } // String returns the string representation @@ -2523,13 +2600,13 @@ func (s *ConfigurationRevision) SetRevision(v int64) *ConfigurationRevision { type Configurations struct { _ struct{} `type:"structure"` - // The current configuration of the broker. + // The broker's current configuration. Current *ConfigurationId `locationName:"current" type:"structure"` // The history of configurations applied to the broker. History []*ConfigurationId `locationName:"history" type:"list"` - // The pending configuration of the broker. + // The broker's pending configuration. Pending *ConfigurationId `locationName:"pending" type:"structure"` } @@ -2622,35 +2699,48 @@ func (s *ConflictException) RequestID() string { type CreateBrokerRequest struct { _ struct{} `type:"structure"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` - AutoMinorVersionUpgrade *bool `locationName:"autoMinorVersionUpgrade" type:"boolean"` + // AutoMinorVersionUpgrade is a required field + AutoMinorVersionUpgrade *bool `locationName:"autoMinorVersionUpgrade" type:"boolean" required:"true"` - BrokerName *string `locationName:"brokerName" type:"string"` + // BrokerName is a required field + BrokerName *string `locationName:"brokerName" type:"string" required:"true"` - // A list of information about the configuration. Does not apply to RabbitMQ - // brokers. + // A list of information about the configuration. + // + // Does not apply to RabbitMQ brokers. Configuration *ConfigurationId `locationName:"configuration" type:"structure"` CreatorRequestId *string `locationName:"creatorRequestId" type:"string" idempotencyToken:"true"` - // The deployment mode of the broker. - DeploymentMode *string `locationName:"deploymentMode" type:"string" enum:"DeploymentMode"` + // The broker's deployment mode. + // + // DeploymentMode is a required field + DeploymentMode *string `locationName:"deploymentMode" type:"string" required:"true" enum:"DeploymentMode"` + // Does not apply to RabbitMQ brokers. + // // Encryption options for the broker. EncryptionOptions *EncryptionOptions `locationName:"encryptionOptions" type:"structure"` - // The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and - // RabbitMQ. - EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` + // The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ. + // + // EngineType is a required field + EngineType *string `locationName:"engineType" type:"string" required:"true" enum:"EngineType"` - EngineVersion *string `locationName:"engineVersion" type:"string"` + // EngineVersion is a required field + EngineVersion *string `locationName:"engineVersion" type:"string" required:"true"` - HostInstanceType *string `locationName:"hostInstanceType" type:"string"` + // HostInstanceType is a required field + HostInstanceType *string `locationName:"hostInstanceType" type:"string" required:"true"` - // The metadata of the LDAP server used to authenticate and authorize connections - // to the broker. Currently not supported for RabbitMQ engine type. + // Optional. The metadata of the LDAP server used to authenticate and authorize + // connections to the broker. + // + // Does not apply to RabbitMQ brokers. LdapServerMetadata *LdapServerMetadataInput `locationName:"ldapServerMetadata" type:"structure"` // The list of information about logs to be enabled for the specified broker. @@ -2660,19 +2750,22 @@ type CreateBrokerRequest struct { // apply pending updates or patches to the broker. MaintenanceWindowStartTime *WeeklyStartTime `locationName:"maintenanceWindowStartTime" type:"structure"` - PubliclyAccessible *bool `locationName:"publiclyAccessible" type:"boolean"` + // PubliclyAccessible is a required field + PubliclyAccessible *bool `locationName:"publiclyAccessible" type:"boolean" required:"true"` SecurityGroups []*string `locationName:"securityGroups" type:"list"` - // The storage type of the broker. EFS is currently not Supported for RabbitMQ - // engine type. + // The broker's storage type. + // + // EFS is not supported for RabbitMQ engine type. StorageType *string `locationName:"storageType" type:"string" enum:"BrokerStorageType"` SubnetIds []*string `locationName:"subnetIds" type:"list"` Tags map[string]*string `locationName:"tags" type:"map"` - Users []*User `locationName:"users" type:"list"` + // Users is a required field + Users []*User `locationName:"users" type:"list" required:"true"` } // String returns the string representation @@ -2688,11 +2781,60 @@ func (s CreateBrokerRequest) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateBrokerRequest) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateBrokerRequest"} + if s.AutoMinorVersionUpgrade == nil { + invalidParams.Add(request.NewErrParamRequired("AutoMinorVersionUpgrade")) + } + if s.BrokerName == nil { + invalidParams.Add(request.NewErrParamRequired("BrokerName")) + } + if s.DeploymentMode == nil { + invalidParams.Add(request.NewErrParamRequired("DeploymentMode")) + } + if s.EngineType == nil { + invalidParams.Add(request.NewErrParamRequired("EngineType")) + } + if s.EngineVersion == nil { + invalidParams.Add(request.NewErrParamRequired("EngineVersion")) + } + if s.HostInstanceType == nil { + invalidParams.Add(request.NewErrParamRequired("HostInstanceType")) + } + if s.PubliclyAccessible == nil { + invalidParams.Add(request.NewErrParamRequired("PubliclyAccessible")) + } + if s.Users == nil { + invalidParams.Add(request.NewErrParamRequired("Users")) + } + if s.Configuration != nil { + if err := s.Configuration.Validate(); err != nil { + invalidParams.AddNested("Configuration", err.(request.ErrInvalidParams)) + } + } if s.EncryptionOptions != nil { if err := s.EncryptionOptions.Validate(); err != nil { invalidParams.AddNested("EncryptionOptions", err.(request.ErrInvalidParams)) } } + if s.LdapServerMetadata != nil { + if err := s.LdapServerMetadata.Validate(); err != nil { + invalidParams.AddNested("LdapServerMetadata", err.(request.ErrInvalidParams)) + } + } + if s.MaintenanceWindowStartTime != nil { + if err := s.MaintenanceWindowStartTime.Validate(); err != nil { + invalidParams.AddNested("MaintenanceWindowStartTime", err.(request.ErrInvalidParams)) + } + } + if s.Users != nil { + for i, v := range s.Users { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Users", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -2847,16 +2989,20 @@ func (s *CreateBrokerResponse) SetBrokerId(v string) *CreateBrokerResponse { type CreateConfigurationRequest struct { _ struct{} `type:"structure"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` - // The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and - // RabbitMQ. - EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` + // The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ. + // + // EngineType is a required field + EngineType *string `locationName:"engineType" type:"string" required:"true" enum:"EngineType"` - EngineVersion *string `locationName:"engineVersion" type:"string"` + // EngineVersion is a required field + EngineVersion *string `locationName:"engineVersion" type:"string" required:"true"` - Name *string `locationName:"name" type:"string"` + // Name is a required field + Name *string `locationName:"name" type:"string" required:"true"` Tags map[string]*string `locationName:"tags" type:"map"` } @@ -2871,6 +3017,25 @@ func (s CreateConfigurationRequest) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateConfigurationRequest) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateConfigurationRequest"} + if s.EngineType == nil { + invalidParams.Add(request.NewErrParamRequired("EngineType")) + } + if s.EngineVersion == nil { + invalidParams.Add(request.NewErrParamRequired("EngineVersion")) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetAuthenticationStrategy sets the AuthenticationStrategy field's value. func (s *CreateConfigurationRequest) SetAuthenticationStrategy(v string) *CreateConfigurationRequest { s.AuthenticationStrategy = &v @@ -2906,7 +3071,8 @@ type CreateConfigurationResponse struct { Arn *string `locationName:"arn" type:"string"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601"` @@ -3050,7 +3216,8 @@ type CreateUserRequest struct { Groups []*string `locationName:"groups" type:"list"` - Password *string `locationName:"password" type:"string"` + // Password is a required field + Password *string `locationName:"password" type:"string" required:"true"` // Username is a required field Username *string `location:"uri" locationName:"username" type:"string" required:"true"` @@ -3075,6 +3242,9 @@ func (s *CreateUserRequest) Validate() error { if s.BrokerId != nil && len(*s.BrokerId) < 1 { invalidParams.Add(request.NewErrParamMinLen("BrokerId", 1)) } + if s.Password == nil { + invalidParams.Add(request.NewErrParamRequired("Password")) + } if s.Username == nil { invalidParams.Add(request.NewErrParamRequired("Username")) } @@ -3548,7 +3718,8 @@ func (s *DescribeBrokerInstanceOptionsOutput) SetNextToken(v string) *DescribeBr type DescribeBrokerResponse struct { _ struct{} `type:"structure"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` AutoMinorVersionUpgrade *bool `locationName:"autoMinorVersionUpgrade" type:"boolean"` @@ -3561,7 +3732,7 @@ type DescribeBrokerResponse struct { BrokerName *string `locationName:"brokerName" type:"string"` - // The status of the broker. + // The broker's status. BrokerState *string `locationName:"brokerState" type:"string" enum:"BrokerState"` // Broker configuration information @@ -3569,22 +3740,23 @@ type DescribeBrokerResponse struct { Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601"` - // The deployment mode of the broker. + // The broker's deployment mode. DeploymentMode *string `locationName:"deploymentMode" type:"string" enum:"DeploymentMode"` + // Does not apply to RabbitMQ brokers. + // // Encryption options for the broker. EncryptionOptions *EncryptionOptions `locationName:"encryptionOptions" type:"structure"` - // The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and - // RabbitMQ. + // The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ. EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` EngineVersion *string `locationName:"engineVersion" type:"string"` HostInstanceType *string `locationName:"hostInstanceType" type:"string"` - // The metadata of the LDAP server used to authenticate and authorize connections - // to the broker. + // Optional. The metadata of the LDAP server used to authenticate and authorize + // connections to the broker. LdapServerMetadata *LdapServerMetadataOutput `locationName:"ldapServerMetadata" type:"structure"` // The list of information about logs currently enabled and pending to be deployed @@ -3595,15 +3767,16 @@ type DescribeBrokerResponse struct { // apply pending updates or patches to the broker. MaintenanceWindowStartTime *WeeklyStartTime `locationName:"maintenanceWindowStartTime" type:"structure"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. PendingAuthenticationStrategy *string `locationName:"pendingAuthenticationStrategy" type:"string" enum:"AuthenticationStrategy"` PendingEngineVersion *string `locationName:"pendingEngineVersion" type:"string"` PendingHostInstanceType *string `locationName:"pendingHostInstanceType" type:"string"` - // The metadata of the LDAP server used to authenticate and authorize connections - // to the broker. + // Optional. The metadata of the LDAP server used to authenticate and authorize + // connections to the broker. PendingLdapServerMetadata *LdapServerMetadataOutput `locationName:"pendingLdapServerMetadata" type:"structure"` PendingSecurityGroups []*string `locationName:"pendingSecurityGroups" type:"list"` @@ -3612,8 +3785,9 @@ type DescribeBrokerResponse struct { SecurityGroups []*string `locationName:"securityGroups" type:"list"` - // The storage type of the broker. EFS is currently not Supported for RabbitMQ - // engine type. + // The broker's storage type. + // + // EFS is not supported for RabbitMQ engine type. StorageType *string `locationName:"storageType" type:"string" enum:"BrokerStorageType"` SubnetIds []*string `locationName:"subnetIds" type:"list"` @@ -3845,15 +4019,15 @@ type DescribeConfigurationOutput struct { Arn *string `locationName:"arn" type:"string"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` Created *time.Time `locationName:"created" type:"timestamp" timestampFormat:"iso8601"` Description *string `locationName:"description" type:"string"` - // The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and - // RabbitMQ. + // The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ. EngineType *string `locationName:"engineType" type:"string" enum:"EngineType"` EngineVersion *string `locationName:"engineVersion" type:"string"` @@ -4148,16 +4322,20 @@ func (s *DescribeUserResponse) SetUsername(v string) *DescribeUserResponse { return s } +// Does not apply to RabbitMQ brokers. +// // Encryption options for the broker. type EncryptionOptions struct { _ struct{} `type:"structure"` - // The symmetric customer master key (CMK) to use for the AWS Key Management - // Service (KMS). This key is used to encrypt your data at rest. If not provided, - // Amazon MQ will use a default CMK to encrypt your data. + // The customer master key (CMK) to use for the AWS Key Management Service (KMS). + // This key is used to encrypt your data at rest. If not provided, Amazon MQ + // will use a default CMK to encrypt your data. KmsKeyId *string `locationName:"kmsKeyId" type:"string"` // Enables the use of an AWS owned CMK using AWS Key Management Service (KMS). + // Set to true by default, if no value is provided, for example, for RabbitMQ + // brokers. // // UseAwsOwnedKey is a required field UseAwsOwnedKey *bool `locationName:"useAwsOwnedKey" type:"boolean" required:"true"` @@ -4338,45 +4516,83 @@ func (s *InternalServerErrorException) RequestID() string { return s.RespMetadata.RequestID } -// The metadata of the LDAP server used to authenticate and authorize connections -// to the broker. Currently not supported for RabbitMQ engine type. +// Optional. The metadata of the LDAP server used to authenticate and authorize +// connections to the broker. +// +// Does not apply to RabbitMQ brokers. type LdapServerMetadataInput struct { _ struct{} `type:"structure"` - // Fully qualified domain name of the LDAP server. Optional failover server. - Hosts []*string `locationName:"hosts" type:"list"` + // Specifies the location of the LDAP server such as AWS Directory Service for + // Microsoft Active Directory . Optional failover server. + // + // Hosts is a required field + Hosts []*string `locationName:"hosts" type:"list" required:"true"` - // Fully qualified name of the directory to search for a user’s groups. - RoleBase *string `locationName:"roleBase" type:"string"` + // The distinguished name of the node in the directory information tree (DIT) + // to search for roles or groups. For example, ou=group, ou=corp, dc=corp, dc=example, + // dc=com. + // + // RoleBase is a required field + RoleBase *string `locationName:"roleBase" type:"string" required:"true"` // Specifies the LDAP attribute that identifies the group name attribute in // the object returned from the group membership query. RoleName *string `locationName:"roleName" type:"string"` - // The search criteria for groups. - RoleSearchMatching *string `locationName:"roleSearchMatching" type:"string"` + // The LDAP search filter used to find roles within the roleBase. The distinguished + // name of the user matched by userSearchMatching is substituted into the {0} + // placeholder in the search filter. The client's username is substituted into + // the {1} placeholder. For example, if you set this option to (member=uid={1})for + // the user janedoe, the search filter becomes (member=uid=janedoe) after string + // substitution. It matches all role entries that have a member attribute equal + // to uid=janedoe under the subtree selected by the roleBase. + // + // RoleSearchMatching is a required field + RoleSearchMatching *string `locationName:"roleSearchMatching" type:"string" required:"true"` // The directory search scope for the role. If set to true, scope is to search - // the entire sub-tree. + // the entire subtree. RoleSearchSubtree *bool `locationName:"roleSearchSubtree" type:"boolean"` - // Service account password. - ServiceAccountPassword *string `locationName:"serviceAccountPassword" type:"string"` - - // Service account username. - ServiceAccountUsername *string `locationName:"serviceAccountUsername" type:"string"` + // Service account password. A service account is an account in your LDAP server + // that has access to initiate a connection. For example, cn=admin,dc=corp, + // dc=example, dc=com. + // + // ServiceAccountPassword is a required field + ServiceAccountPassword *string `locationName:"serviceAccountPassword" type:"string" required:"true"` - // Fully qualified name of the directory where you want to search for users. - UserBase *string `locationName:"userBase" type:"string"` + // Service account username. A service account is an account in your LDAP server + // that has access to initiate a connection. For example, cn=admin,dc=corp, + // dc=example, dc=com. + // + // ServiceAccountUsername is a required field + ServiceAccountUsername *string `locationName:"serviceAccountUsername" type:"string" required:"true"` + + // Select a particular subtree of the directory information tree (DIT) to search + // for user entries. The subtree is specified by a DN, which specifies the base + // node of the subtree. For example, by setting this option to ou=Users,ou=corp, + // dc=corp, dc=example, dc=com, the search for user entries is restricted to + // the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com. + // + // UserBase is a required field + UserBase *string `locationName:"userBase" type:"string" required:"true"` // Specifies the name of the LDAP attribute for the user group membership. UserRoleName *string `locationName:"userRoleName" type:"string"` - // The search criteria for users. - UserSearchMatching *string `locationName:"userSearchMatching" type:"string"` + // The LDAP search filter used to find users within the userBase. The client's + // username is substituted into the {0} placeholder in the search filter. For + // example, if this option is set to (uid={0}) and the received username is + // janedoe, the search filter becomes (uid=janedoe) after string substitution. + // It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, + // dc=example, dc=com. + // + // UserSearchMatching is a required field + UserSearchMatching *string `locationName:"userSearchMatching" type:"string" required:"true"` // The directory search scope for the user. If set to true, scope is to search - // the entire sub-tree. + // the entire subtree. UserSearchSubtree *bool `locationName:"userSearchSubtree" type:"boolean"` } @@ -4390,6 +4606,37 @@ func (s LdapServerMetadataInput) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *LdapServerMetadataInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "LdapServerMetadataInput"} + if s.Hosts == nil { + invalidParams.Add(request.NewErrParamRequired("Hosts")) + } + if s.RoleBase == nil { + invalidParams.Add(request.NewErrParamRequired("RoleBase")) + } + if s.RoleSearchMatching == nil { + invalidParams.Add(request.NewErrParamRequired("RoleSearchMatching")) + } + if s.ServiceAccountPassword == nil { + invalidParams.Add(request.NewErrParamRequired("ServiceAccountPassword")) + } + if s.ServiceAccountUsername == nil { + invalidParams.Add(request.NewErrParamRequired("ServiceAccountUsername")) + } + if s.UserBase == nil { + invalidParams.Add(request.NewErrParamRequired("UserBase")) + } + if s.UserSearchMatching == nil { + invalidParams.Add(request.NewErrParamRequired("UserSearchMatching")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetHosts sets the Hosts field's value. func (s *LdapServerMetadataInput) SetHosts(v []*string) *LdapServerMetadataInput { s.Hosts = v @@ -4456,42 +4703,74 @@ func (s *LdapServerMetadataInput) SetUserSearchSubtree(v bool) *LdapServerMetada return s } -// The metadata of the LDAP server used to authenticate and authorize connections -// to the broker. +// Optional. The metadata of the LDAP server used to authenticate and authorize +// connections to the broker. type LdapServerMetadataOutput struct { _ struct{} `type:"structure"` - // Fully qualified domain name of the LDAP server. Optional failover server. - Hosts []*string `locationName:"hosts" type:"list"` + // Specifies the location of the LDAP server such as AWS Directory Service for + // Microsoft Active Directory . Optional failover server. + // + // Hosts is a required field + Hosts []*string `locationName:"hosts" type:"list" required:"true"` - // Fully qualified name of the directory to search for a user’s groups. - RoleBase *string `locationName:"roleBase" type:"string"` + // The distinguished name of the node in the directory information tree (DIT) + // to search for roles or groups. For example, ou=group, ou=corp, dc=corp, dc=example, + // dc=com. + // + // RoleBase is a required field + RoleBase *string `locationName:"roleBase" type:"string" required:"true"` // Specifies the LDAP attribute that identifies the group name attribute in // the object returned from the group membership query. RoleName *string `locationName:"roleName" type:"string"` - // The search criteria for groups. - RoleSearchMatching *string `locationName:"roleSearchMatching" type:"string"` + // The LDAP search filter used to find roles within the roleBase. The distinguished + // name of the user matched by userSearchMatching is substituted into the {0} + // placeholder in the search filter. The client's username is substituted into + // the {1} placeholder. For example, if you set this option to (member=uid={1})for + // the user janedoe, the search filter becomes (member=uid=janedoe) after string + // substitution. It matches all role entries that have a member attribute equal + // to uid=janedoe under the subtree selected by the roleBase. + // + // RoleSearchMatching is a required field + RoleSearchMatching *string `locationName:"roleSearchMatching" type:"string" required:"true"` // The directory search scope for the role. If set to true, scope is to search - // the entire sub-tree. + // the entire subtree. RoleSearchSubtree *bool `locationName:"roleSearchSubtree" type:"boolean"` - // Service account username. - ServiceAccountUsername *string `locationName:"serviceAccountUsername" type:"string"` - - // Fully qualified name of the directory where you want to search for users. - UserBase *string `locationName:"userBase" type:"string"` + // Service account username. A service account is an account in your LDAP server + // that has access to initiate a connection. For example, cn=admin,dc=corp, + // dc=example, dc=com. + // + // ServiceAccountUsername is a required field + ServiceAccountUsername *string `locationName:"serviceAccountUsername" type:"string" required:"true"` + + // Select a particular subtree of the directory information tree (DIT) to search + // for user entries. The subtree is specified by a DN, which specifies the base + // node of the subtree. For example, by setting this option to ou=Users,ou=corp, + // dc=corp, dc=example, dc=com, the search for user entries is restricted to + // the subtree beneath ou=Users, ou=corp, dc=corp, dc=example, dc=com. + // + // UserBase is a required field + UserBase *string `locationName:"userBase" type:"string" required:"true"` // Specifies the name of the LDAP attribute for the user group membership. UserRoleName *string `locationName:"userRoleName" type:"string"` - // The search criteria for users. - UserSearchMatching *string `locationName:"userSearchMatching" type:"string"` + // The LDAP search filter used to find users within the userBase. The client's + // username is substituted into the {0} placeholder in the search filter. For + // example, if this option is set to (uid={0}) and the received username is + // janedoe, the search filter becomes (uid=janedoe) after string substitution. + // It will result in matching an entry like uid=janedoe, ou=Users,ou=corp, dc=corp, + // dc=example, dc=com. + // + // UserSearchMatching is a required field + UserSearchMatching *string `locationName:"userSearchMatching" type:"string" required:"true"` // The directory search scope for the user. If set to true, scope is to search - // the entire sub-tree. + // the entire subtree. UserSearchSubtree *bool `locationName:"userSearchSubtree" type:"boolean"` } @@ -5035,10 +5314,14 @@ type LogsSummary struct { AuditLogGroup *string `locationName:"auditLogGroup" type:"string"` // Enables general logging. - General *bool `locationName:"general" type:"boolean"` + // + // General is a required field + General *bool `locationName:"general" type:"boolean" required:"true"` // The location of the CloudWatch Logs log group where general logs are sent. - GeneralLogGroup *string `locationName:"generalLogGroup" type:"string"` + // + // GeneralLogGroup is a required field + GeneralLogGroup *string `locationName:"generalLogGroup" type:"string" required:"true"` // The list of information about logs pending to be deployed for the specified // broker. @@ -5242,7 +5525,9 @@ type SanitizationWarning struct { ElementName *string `locationName:"elementName" type:"string"` // Required. The reason for which the XML elements or attributes were sanitized. - Reason *string `locationName:"reason" type:"string" enum:"SanitizationWarningReason"` + // + // Reason is a required field + Reason *string `locationName:"reason" type:"string" required:"true" enum:"SanitizationWarningReason"` } // String returns the string representation @@ -5334,7 +5619,8 @@ func (s *UnauthorizedException) RequestID() string { type UpdateBrokerRequest struct { _ struct{} `type:"structure"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` AutoMinorVersionUpgrade *bool `locationName:"autoMinorVersionUpgrade" type:"boolean"` @@ -5342,21 +5628,28 @@ type UpdateBrokerRequest struct { // BrokerId is a required field BrokerId *string `location:"uri" locationName:"broker-id" type:"string" required:"true"` - // A list of information about the configuration. Does not apply to RabbitMQ - // brokers. + // A list of information about the configuration. + // + // Does not apply to RabbitMQ brokers. Configuration *ConfigurationId `locationName:"configuration" type:"structure"` EngineVersion *string `locationName:"engineVersion" type:"string"` HostInstanceType *string `locationName:"hostInstanceType" type:"string"` - // The metadata of the LDAP server used to authenticate and authorize connections - // to the broker. Currently not supported for RabbitMQ engine type. + // Optional. The metadata of the LDAP server used to authenticate and authorize + // connections to the broker. + // + // Does not apply to RabbitMQ brokers. LdapServerMetadata *LdapServerMetadataInput `locationName:"ldapServerMetadata" type:"structure"` // The list of information about logs to be enabled for the specified broker. Logs *Logs `locationName:"logs" type:"structure"` + // The scheduled time period relative to UTC during which Amazon MQ begins to + // apply pending updates or patches to the broker. + MaintenanceWindowStartTime *WeeklyStartTime `locationName:"maintenanceWindowStartTime" type:"structure"` + SecurityGroups []*string `locationName:"securityGroups" type:"list"` } @@ -5379,6 +5672,21 @@ func (s *UpdateBrokerRequest) Validate() error { if s.BrokerId != nil && len(*s.BrokerId) < 1 { invalidParams.Add(request.NewErrParamMinLen("BrokerId", 1)) } + if s.Configuration != nil { + if err := s.Configuration.Validate(); err != nil { + invalidParams.AddNested("Configuration", err.(request.ErrInvalidParams)) + } + } + if s.LdapServerMetadata != nil { + if err := s.LdapServerMetadata.Validate(); err != nil { + invalidParams.AddNested("LdapServerMetadata", err.(request.ErrInvalidParams)) + } + } + if s.MaintenanceWindowStartTime != nil { + if err := s.MaintenanceWindowStartTime.Validate(); err != nil { + invalidParams.AddNested("MaintenanceWindowStartTime", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -5434,6 +5742,12 @@ func (s *UpdateBrokerRequest) SetLogs(v *Logs) *UpdateBrokerRequest { return s } +// SetMaintenanceWindowStartTime sets the MaintenanceWindowStartTime field's value. +func (s *UpdateBrokerRequest) SetMaintenanceWindowStartTime(v *WeeklyStartTime) *UpdateBrokerRequest { + s.MaintenanceWindowStartTime = v + return s +} + // SetSecurityGroups sets the SecurityGroups field's value. func (s *UpdateBrokerRequest) SetSecurityGroups(v []*string) *UpdateBrokerRequest { s.SecurityGroups = v @@ -5443,28 +5757,34 @@ func (s *UpdateBrokerRequest) SetSecurityGroups(v []*string) *UpdateBrokerReques type UpdateBrokerResponse struct { _ struct{} `type:"structure"` - // The authentication strategy used to secure the broker. + // Optional. The authentication strategy used to secure the broker. The default + // is SIMPLE. AuthenticationStrategy *string `locationName:"authenticationStrategy" type:"string" enum:"AuthenticationStrategy"` AutoMinorVersionUpgrade *bool `locationName:"autoMinorVersionUpgrade" type:"boolean"` BrokerId *string `locationName:"brokerId" type:"string"` - // A list of information about the configuration. Does not apply to RabbitMQ - // brokers. + // A list of information about the configuration. + // + // Does not apply to RabbitMQ brokers. Configuration *ConfigurationId `locationName:"configuration" type:"structure"` EngineVersion *string `locationName:"engineVersion" type:"string"` HostInstanceType *string `locationName:"hostInstanceType" type:"string"` - // The metadata of the LDAP server used to authenticate and authorize connections - // to the broker. + // Optional. The metadata of the LDAP server used to authenticate and authorize + // connections to the broker. LdapServerMetadata *LdapServerMetadataOutput `locationName:"ldapServerMetadata" type:"structure"` // The list of information about logs to be enabled for the specified broker. Logs *Logs `locationName:"logs" type:"structure"` + // The scheduled time period relative to UTC during which Amazon MQ begins to + // apply pending updates or patches to the broker. + MaintenanceWindowStartTime *WeeklyStartTime `locationName:"maintenanceWindowStartTime" type:"structure"` + SecurityGroups []*string `locationName:"securityGroups" type:"list"` } @@ -5526,6 +5846,12 @@ func (s *UpdateBrokerResponse) SetLogs(v *Logs) *UpdateBrokerResponse { return s } +// SetMaintenanceWindowStartTime sets the MaintenanceWindowStartTime field's value. +func (s *UpdateBrokerResponse) SetMaintenanceWindowStartTime(v *WeeklyStartTime) *UpdateBrokerResponse { + s.MaintenanceWindowStartTime = v + return s +} + // SetSecurityGroups sets the SecurityGroups field's value. func (s *UpdateBrokerResponse) SetSecurityGroups(v []*string) *UpdateBrokerResponse { s.SecurityGroups = v @@ -5538,7 +5864,8 @@ type UpdateConfigurationRequest struct { // ConfigurationId is a required field ConfigurationId *string `location:"uri" locationName:"configuration-id" type:"string" required:"true"` - Data *string `locationName:"data" type:"string"` + // Data is a required field + Data *string `locationName:"data" type:"string" required:"true"` Description *string `locationName:"description" type:"string"` } @@ -5562,6 +5889,9 @@ func (s *UpdateConfigurationRequest) Validate() error { if s.ConfigurationId != nil && len(*s.ConfigurationId) < 1 { invalidParams.Add(request.NewErrParamMinLen("ConfigurationId", 1)) } + if s.Data == nil { + invalidParams.Add(request.NewErrParamRequired("Data")) + } if invalidParams.Len() > 0 { return invalidParams @@ -5742,28 +6072,41 @@ func (s *UpdateUserRequest) SetUsername(v string) *UpdateUserRequest { return s } -// A user associated with the broker. +// A user associated with the broker. For RabbitMQ brokers, one and only one +// administrative user is accepted and created when a broker is first provisioned. +// All subsequent broker users are created by making RabbitMQ API calls directly +// to brokers or via the RabbitMQ web console. type User struct { _ struct{} `type:"structure"` - // Enables access to the ActiveMQ Web Console for the ActiveMQ user (Does not - // apply to RabbitMQ brokers). + // Enables access to the ActiveMQ Web Console for the ActiveMQ user. Does not + // apply to RabbitMQ brokers. ConsoleAccess *bool `locationName:"consoleAccess" type:"boolean"` // The list of groups (20 maximum) to which the ActiveMQ user belongs. This // value can contain only alphanumeric characters, dashes, periods, underscores, - // and tildes (- . _ ~). This value must be 2-100 characters long. + // and tildes (- . _ ~). This value must be 2-100 characters long. Does not + // apply to RabbitMQ brokers. Groups []*string `locationName:"groups" type:"list"` - // Required. The password of the broker user. This value must be at least 12 - // characters long, must contain at least 4 unique characters, and must not - // contain commas. - Password *string `locationName:"password" type:"string"` - - // Required. The username of the broker user. This value can contain only alphanumeric - // characters, dashes, periods, underscores, and tildes (- . _ ~). This value + // Required. The password of the user. This value must be at least 12 characters + // long, must contain at least 4 unique characters, and must not contain commas, + // colons, or equal signs (,:=). + // + // Password is a required field + Password *string `locationName:"password" type:"string" required:"true"` + + // important>Amazon MQ for ActiveMQ For ActiveMQ brokers, this value can contain + // only alphanumeric characters, dashes, periods, underscores, and tildes (- + // . _ ~). This value must be 2-100 characters long./important> Amazon MQ for + // RabbitMQ + // For RabbitMQ brokers, this value can contain only alphanumeric characters, + // dashes, periods, underscores (- . _). This value must not contain a tilde + // (~) character. Amazon MQ prohibts using guest as a valid usename. This value // must be 2-100 characters long. - Username *string `locationName:"username" type:"string"` + // + // Username is a required field + Username *string `locationName:"username" type:"string" required:"true"` } // String returns the string representation @@ -5776,6 +6119,22 @@ func (s User) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *User) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "User"} + if s.Password == nil { + invalidParams.Add(request.NewErrParamRequired("Password")) + } + if s.Username == nil { + invalidParams.Add(request.NewErrParamRequired("Username")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetConsoleAccess sets the ConsoleAccess field's value. func (s *User) SetConsoleAccess(v bool) *User { s.ConsoleAccess = &v @@ -5814,7 +6173,9 @@ type UserPendingChanges struct { Groups []*string `locationName:"groups" type:"list"` // Required. The type of change pending for the ActiveMQ user. - PendingChange *string `locationName:"pendingChange" type:"string" enum:"ChangeType"` + // + // PendingChange is a required field + PendingChange *string `locationName:"pendingChange" type:"string" required:"true" enum:"ChangeType"` } // String returns the string representation @@ -5845,7 +6206,7 @@ func (s *UserPendingChanges) SetPendingChange(v string) *UserPendingChanges { return s } -// Returns a list of all broker users. +// Returns a list of all broker users. Does not apply to RabbitMQ brokers. type UserSummary struct { _ struct{} `type:"structure"` @@ -5855,7 +6216,9 @@ type UserSummary struct { // Required. The username of the broker user. This value can contain only alphanumeric // characters, dashes, periods, underscores, and tildes (- . _ ~). This value // must be 2-100 characters long. - Username *string `locationName:"username" type:"string"` + // + // Username is a required field + Username *string `locationName:"username" type:"string" required:"true"` } // String returns the string representation @@ -5886,10 +6249,14 @@ type WeeklyStartTime struct { _ struct{} `type:"structure"` // Required. The day of the week. - DayOfWeek *string `locationName:"dayOfWeek" type:"string" enum:"DayOfWeek"` + // + // DayOfWeek is a required field + DayOfWeek *string `locationName:"dayOfWeek" type:"string" required:"true" enum:"DayOfWeek"` // Required. The time, in 24-hour format. - TimeOfDay *string `locationName:"timeOfDay" type:"string"` + // + // TimeOfDay is a required field + TimeOfDay *string `locationName:"timeOfDay" type:"string" required:"true"` // The time zone, UTC by default, in either the Country/City format, or the // UTC offset format. @@ -5906,6 +6273,22 @@ func (s WeeklyStartTime) GoString() string { return s.String() } +// Validate inspects the fields of the type to determine if they are valid. +func (s *WeeklyStartTime) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "WeeklyStartTime"} + if s.DayOfWeek == nil { + invalidParams.Add(request.NewErrParamRequired("DayOfWeek")) + } + if s.TimeOfDay == nil { + invalidParams.Add(request.NewErrParamRequired("TimeOfDay")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + // SetDayOfWeek sets the DayOfWeek field's value. func (s *WeeklyStartTime) SetDayOfWeek(v string) *WeeklyStartTime { s.DayOfWeek = &v @@ -5924,7 +6307,8 @@ func (s *WeeklyStartTime) SetTimeZone(v string) *WeeklyStartTime { return s } -// The authentication strategy used to secure the broker. +// Optional. The authentication strategy used to secure the broker. The default +// is SIMPLE. const ( // AuthenticationStrategySimple is a AuthenticationStrategy enum value AuthenticationStrategySimple = "SIMPLE" @@ -5941,7 +6325,7 @@ func AuthenticationStrategy_Values() []string { } } -// The status of the broker. +// The broker's status. const ( // BrokerStateCreationInProgress is a BrokerState enum value BrokerStateCreationInProgress = "CREATION_IN_PROGRESS" @@ -5970,8 +6354,9 @@ func BrokerState_Values() []string { } } -// The storage type of the broker. EFS is currently not Supported for RabbitMQ -// engine type. +// The broker's storage type. +// +// EFS is not supported for RabbitMQ engine type. const ( // BrokerStorageTypeEbs is a BrokerStorageType enum value BrokerStorageTypeEbs = "EBS" @@ -6045,7 +6430,7 @@ func DayOfWeek_Values() []string { } } -// The deployment mode of the broker. +// The broker's deployment mode. const ( // DeploymentModeSingleInstance is a DeploymentMode enum value DeploymentModeSingleInstance = "SINGLE_INSTANCE" @@ -6066,8 +6451,7 @@ func DeploymentMode_Values() []string { } } -// The type of broker engine. Note: Currently, Amazon MQ supports ActiveMQ and -// RabbitMQ. +// The type of broker engine. Amazon MQ supports ActiveMQ and RabbitMQ. const ( // EngineTypeActivemq is a EngineType enum value EngineTypeActivemq = "ACTIVEMQ" diff --git a/service/storagegateway/api.go b/service/storagegateway/api.go index c0286abd8e1..c79039f0d51 100644 --- a/service/storagegateway/api.go +++ b/service/storagegateway/api.go @@ -57,9 +57,9 @@ func (c *StorageGateway) ActivateGatewayRequest(input *ActivateGatewayInput) (re // ActivateGateway API operation for AWS Storage Gateway. // // Activates the gateway you previously deployed on your host. In the activation -// process, you specify information such as the AWS Region that you want to -// use for storing snapshots or tapes, the time zone for scheduled snapshots -// the gateway snapshot schedule window, an activation key, and a name for your +// process, you specify information such as the Region that you want to use +// for storing snapshots or tapes, the time zone for scheduled snapshots the +// gateway snapshot schedule window, an activation key, and a name for your // gateway. The activation process also associates your gateway with your account. // For more information, see UpdateGatewayInformation. // @@ -149,7 +149,7 @@ func (c *StorageGateway) AddCacheRequest(input *AddCacheInput) (req *request.Req // // Configures one or more gateway local disks as cache for a gateway. This operation // is only supported in the cached volume, tape, and file gateway type (see -// How AWS Storage Gateway works (architecture) (https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html). +// How Storage Gateway works (architecture) (https://docs.aws.amazon.com/storagegateway/latest/userguide/StorageGatewayConcepts.html). // // In the request, you specify the gateway Amazon Resource Name (ARN) to which // you want to add cache, and one or more disk IDs that you want to configure @@ -241,7 +241,7 @@ func (c *StorageGateway) AddTagsToResourceRequest(input *AddTagsToResourceInput) // to resources, which you can use to categorize these resources. For example, // you can categorize resources by purpose, owner, environment, or team. Each // tag consists of a key and a value, which you define. You can add tags to -// the following AWS Storage Gateway resources: +// the following Storage Gateway resources: // // * Storage gateways of all types // @@ -251,6 +251,8 @@ func (c *StorageGateway) AddTagsToResourceRequest(input *AddTagsToResourceInput) // // * NFS and SMB file shares // +// * File System associations +// // You can create a maximum of 50 tags for each resource. Virtual tapes and // storage volumes that are recovered to a new gateway maintain their tags. // @@ -610,10 +612,10 @@ func (c *StorageGateway) AssociateFileSystemRequest(input *AssociateFileSystemIn // AssociateFileSystem API operation for AWS Storage Gateway. // -// Associate an Amazon FSx file system with the Amazon FSx file gateway. After -// the association process is complete, the file shares on the Amazon FSx file -// system are available for access through the gateway. This operation only -// supports the Amazon FSx file gateway type. +// Associate an Amazon FSx file system with the FSx File Gateway. After the +// association process is complete, the file shares on the Amazon FSx file system +// are available for access through the gateway. This operation only supports +// the FSx File Gateway type. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1057,19 +1059,20 @@ func (c *StorageGateway) CreateNFSFileShareRequest(input *CreateNFSFileShareInpu // CreateNFSFileShare API operation for AWS Storage Gateway. // -// Creates a Network File System (NFS) file share on an existing file gateway. +// Creates a Network File System (NFS) file share on an existing S3 File Gateway. // In Storage Gateway, a file share is a file system mount point backed by Amazon // S3 cloud storage. Storage Gateway exposes file shares using an NFS interface. -// This operation is only supported for file gateways. +// This operation is only supported for S3 File Gateways. // -// File gateway requires AWS Security Token Service (AWS STS) to be activated -// to enable you to create a file share. Make sure AWS STS is activated in the -// AWS Region you are creating your file gateway in. If AWS STS is not activated -// in the AWS Region, activate it. For information about how to activate AWS -// STS, see Activating and deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the AWS Identity and Access Management User Guide. +// S3 File gateway requires Security Token Service (STS) to be activated to +// enable you to create a file share. Make sure STS is activated in the Region +// you are creating your S3 File Gateway in. If STS is not activated in the +// Region, activate it. For information about how to activate STS, see Activating +// and deactivating STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the Identity and Access Management User Guide. // -// File gateway does not support creating hard or symbolic links on a file share. +// S3 File Gateways do not support creating hard or symbolic links on a file +// share. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1153,17 +1156,17 @@ func (c *StorageGateway) CreateSMBFileShareRequest(input *CreateSMBFileShareInpu // CreateSMBFileShare API operation for AWS Storage Gateway. // -// Creates a Server Message Block (SMB) file share on an existing file gateway. +// Creates a Server Message Block (SMB) file share on an existing S3 File Gateway. // In Storage Gateway, a file share is a file system mount point backed by Amazon // S3 cloud storage. Storage Gateway exposes file shares using an SMB interface. -// This operation is only supported for file gateways. +// This operation is only supported for S3 File Gateways. // -// File gateways require AWS Security Token Service (AWS STS) to be activated -// to enable you to create a file share. Make sure that AWS STS is activated -// in the AWS Region you are creating your file gateway in. If AWS STS is not -// activated in this AWS Region, activate it. For information about how to activate -// AWS STS, see Activating and deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the AWS Identity and Access Management User Guide. +// S3 File Gateways require Security Token Service (STS) to be activated to +// enable you to create a file share. Make sure that STS is activated in the +// Region you are creating your S3 File Gateway in. If STS is not activated +// in this Region, activate it. For information about how to activate STS, see +// Activating and deactivating STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the Identity and Access Management User Guide. // // File gateways don't support creating hard or symbolic links on a file share. // @@ -1251,8 +1254,8 @@ func (c *StorageGateway) CreateSnapshotRequest(input *CreateSnapshotInput) (req // // Initiates a snapshot of a volume. // -// AWS Storage Gateway provides the ability to back up point-in-time snapshots -// of your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, +// Storage Gateway provides the ability to back up point-in-time snapshots of +// your data to Amazon Simple Storage (Amazon S3) for durable off-site recovery, // and also import the data to an Amazon Elastic Block Store (EBS) volume in // Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gateway // volume on a scheduled or ad hoc basis. This API enables you to take an ad @@ -1260,12 +1263,12 @@ func (c *StorageGateway) CreateSnapshotRequest(input *CreateSnapshotInput) (req // // In the CreateSnapshot request, you identify the volume by providing its Amazon // Resource Name (ARN). You must also provide description for the snapshot. -// When AWS Storage Gateway takes the snapshot of specified volume, the snapshot -// and description appears in the AWS Storage Gateway console. In response, -// AWS Storage Gateway returns you a snapshot ID. You can use this snapshot -// ID to check the snapshot progress or later use it when you want to create -// a volume from a snapshot. This operation is only supported in stored and -// cached volume gateway type. +// When Storage Gateway takes the snapshot of specified volume, the snapshot +// and description appears in the Storage Gateway console. In response, Storage +// Gateway returns you a snapshot ID. You can use this snapshot ID to check +// the snapshot progress or later use it when you want to create a volume from +// a snapshot. This operation is only supported in stored and cached volume +// gateway type. // // To list or delete a snapshot, you must use the Amazon EC2 API. For more information, // see DescribeSnapshots (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSnapshots.html) @@ -1372,8 +1375,8 @@ func (c *StorageGateway) CreateSnapshotFromVolumeRecoveryPointRequest(input *Cre // In the CreateSnapshotFromVolumeRecoveryPoint request, you identify the volume // by providing its Amazon Resource Name (ARN). You must also provide a description // for the snapshot. When the gateway takes a snapshot of the specified volume, -// the snapshot and its description appear in the AWS Storage Gateway console. -// In response, the gateway returns you a snapshot ID. You can use this snapshot +// the snapshot and its description appear in the Storage Gateway console. In +// response, the gateway returns you a snapshot ID. You can use this snapshot // ID to check the snapshot progress or later use it when you want to create // a volume from a snapshot. // @@ -2089,8 +2092,8 @@ func (c *StorageGateway) DeleteFileShareRequest(input *DeleteFileShareInput) (re // DeleteFileShare API operation for AWS Storage Gateway. // -// Deletes a file share from a file gateway. This operation is only supported -// for file gateways. +// Deletes a file share from an S3 File Gateway. This operation is only supported +// for S3 File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2189,7 +2192,7 @@ func (c *StorageGateway) DeleteGatewayRequest(input *DeleteGatewayInput) (req *r // for these snapshots. You can choose to remove all remaining Amazon EBS snapshots // by canceling your Amazon EC2 subscription. If you prefer not to cancel your // Amazon EC2 subscription, you can delete your snapshots using the Amazon EC2 -// console. For more information, see the AWS Storage Gateway detail page (http://aws.amazon.com/storagegateway). +// console. For more information, see the Storage Gateway detail page (http://aws.amazon.com/storagegateway). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3092,8 +3095,8 @@ func (c *StorageGateway) DescribeCachediSCSIVolumesRequest(input *DescribeCached // operation is only supported in the cached volume gateway types. // // The list of gateway volumes in the request must be from one gateway. In the -// response, AWS Storage Gateway returns volume information sorted by volume -// Amazon Resource Name (ARN). +// response, Storage Gateway returns volume information sorted by volume Amazon +// Resource Name (ARN). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3264,7 +3267,7 @@ func (c *StorageGateway) DescribeFileSystemAssociationsRequest(input *DescribeFi // DescribeFileSystemAssociations API operation for AWS Storage Gateway. // // Gets the file system association information. This operation is only supported -// for Amazon FSx file gateways. +// for FSx File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3521,7 +3524,7 @@ func (c *StorageGateway) DescribeNFSFileSharesRequest(input *DescribeNFSFileShar // DescribeNFSFileShares API operation for AWS Storage Gateway. // // Gets a description for one or more Network File System (NFS) file shares -// from a file gateway. This operation is only supported for file gateways. +// from an S3 File Gateway. This operation is only supported for S3 File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3606,7 +3609,7 @@ func (c *StorageGateway) DescribeSMBFileSharesRequest(input *DescribeSMBFileShar // DescribeSMBFileShares API operation for AWS Storage Gateway. // // Gets a description for one or more Server Message Block (SMB) file shares -// from a file gateway. This operation is only supported for file gateways. +// from a S3 File Gateway. This operation is only supported for S3 File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3864,8 +3867,8 @@ func (c *StorageGateway) DescribeStorediSCSIVolumesRequest(input *DescribeStored // // Returns the description of the gateway volumes specified in the request. // The list of gateway volumes in the request must be from one gateway. In the -// response, AWS Storage Gateway returns volume information sorted by volume -// ARNs. This operation is only supported in stored volume gateway type. +// response, Storage Gateway returns volume information sorted by volume ARNs. +// This operation is only supported in stored volume gateway type. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3958,7 +3961,7 @@ func (c *StorageGateway) DescribeTapeArchivesRequest(input *DescribeTapeArchives // Returns a description of specified virtual tapes in the virtual tape shelf // (VTS). This operation is only supported in the tape gateway type. // -// If a specific TapeARN is not specified, AWS Storage Gateway returns a description +// If a specific TapeARN is not specified, Storage Gateway returns a description // of all virtual tapes found in the VTS associated with your account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -4483,7 +4486,7 @@ func (c *StorageGateway) DescribeVTLDevicesRequest(input *DescribeVTLDevicesInpu // DescribeVTLDevices API operation for AWS Storage Gateway. // // Returns a description of virtual tape library (VTL) devices for the specified -// tape gateway. In the response, AWS Storage Gateway returns VTL device information. +// tape gateway. In the response, Storage Gateway returns VTL device information. // // This operation is only supported in the tape gateway type. // @@ -4895,8 +4898,8 @@ func (c *StorageGateway) DisassociateFileSystemRequest(input *DisassociateFileSy // // Disassociates an Amazon FSx file system from the specified gateway. After // the disassociation process finishes, the gateway can no longer access the -// Amazon FSx file system. This operation is only supported in the Amazon FSx -// file gateway type. +// Amazon FSx file system. This operation is only supported in the FSx File +// Gateway type. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5158,9 +5161,9 @@ func (c *StorageGateway) ListFileSharesRequest(input *ListFileSharesInput) (req // ListFileShares API operation for AWS Storage Gateway. // -// Gets a list of the file shares for a specific file gateway, or the list of -// file shares that belong to the calling user account. This operation is only -// supported for file gateways. +// Gets a list of the file shares for a specific S3 File Gateway, or the list +// of file shares that belong to the calling user account. This operation is +// only supported for S3 File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5304,7 +5307,7 @@ func (c *StorageGateway) ListFileSystemAssociationsRequest(input *ListFileSystem // // Gets a list of FileSystemAssociationSummary objects. Each object contains // a summary of a file system association. This operation is only supported -// for Amazon FSx file gateways. +// for FSx File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5446,8 +5449,8 @@ func (c *StorageGateway) ListGatewaysRequest(input *ListGatewaysInput) (req *req // ListGateways API operation for AWS Storage Gateway. // -// Lists gateways owned by an AWS account in an AWS Region specified in the -// request. The returned list is ordered by gateway Amazon Resource Name (ARN). +// Lists gateways owned by an account in an Region specified in the request. +// The returned list is ordered by gateway Amazon Resource Name (ARN). // // By default, the operation returns a maximum of 100 gateways. This operation // supports pagination that allows you to optionally reduce the number of gateways @@ -6463,17 +6466,17 @@ func (c *StorageGateway) NotifyWhenUploadedRequest(input *NotifyWhenUploadedInpu // Sends you notification through CloudWatch Events when all files written to // your file share have been uploaded to Amazon S3. // -// AWS Storage Gateway can send a notification through Amazon CloudWatch Events +// Storage Gateway can send a notification through Amazon CloudWatch Events // when all files written to your file share up to that point in time have been // uploaded to Amazon S3. These files include files written to the file share // up to the time that you make a request for notification. When the upload // is done, Storage Gateway sends you notification through an Amazon CloudWatch // Event. You can configure CloudWatch Events to send the notification through -// event targets such as Amazon SNS or AWS Lambda function. This operation is -// only supported for file gateways. +// event targets such as Amazon SNS or Lambda function. This operation is only +// supported for S3 File Gateways. // // For more information, see Getting file upload notification (https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-upload-notification) -// in the AWS Storage Gateway User Guide. +// in the Storage Gateway User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6560,13 +6563,16 @@ func (c *StorageGateway) RefreshCacheRequest(input *RefreshCacheInput) (req *req // Refreshes the cached inventory of objects for the specified file share. This // operation finds objects in the Amazon S3 bucket that were added, removed, // or replaced since the gateway last listed the bucket's contents and cached -// the results. This operation does not import files into the file gateway cache -// storage. It only updates the cached inventory to reflect changes in the inventory -// of the objects in the S3 bucket. This operation is only supported in the -// file gateway type. You can subscribe to be notified through an Amazon CloudWatch -// event when your RefreshCache operation completes. For more information, see -// Getting notified about file operations (https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification) -// in the AWS Storage Gateway User Guide. +// the results. This operation does not import files into the S3 File Gateway +// cache storage. It only updates the cached inventory to reflect changes in +// the inventory of the objects in the S3 bucket. This operation is only supported +// in the S3 File Gateway types. +// +// You can subscribe to be notified through an Amazon CloudWatch event when +// your RefreshCache operation completes. For more information, see Getting +// notified about file operations (https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification) +// in the Storage Gateway User Guide. This operation is Only supported for S3 +// File Gateways. // // When this API is called, it only initiates the refresh operation. When the // API call completes and returns a success code, it doesn't necessarily mean @@ -6579,14 +6585,14 @@ func (c *StorageGateway) RefreshCacheRequest(input *RefreshCacheInput) (req *req // than two refreshes at any time. We recommend using the refresh-complete CloudWatch // event notification before issuing additional requests. For more information, // see Getting notified about file operations (https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification) -// in the AWS Storage Gateway User Guide. +// in the Storage Gateway User Guide. // // If you invoke the RefreshCache API when two requests are already being processed, // any new request will cause an InvalidGatewayRequestException error because // too many requests were sent to the server. // // For more information, see Getting notified about file operations (https://docs.aws.amazon.com/storagegateway/latest/userguide/monitoring-file-gateway.html#get-notification) -// in the AWS Storage Gateway User Guide. +// in the Storage Gateway User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7125,6 +7131,7 @@ func (c *StorageGateway) SetSMBGuestPasswordRequest(input *SetSMBGuestPasswordIn // // Sets the password for the guest user smbguest. The smbguest user is the user // when the authentication method for the file share is set to GuestAccess. +// This operation only supported for S3 File Gateways // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7860,7 +7867,7 @@ func (c *StorageGateway) UpdateFileSystemAssociationRequest(input *UpdateFileSys // UpdateFileSystemAssociation API operation for AWS Storage Gateway. // // Updates a file system association. This operation is only supported in the -// Amazon FSx file gateway type. +// FSx File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8219,7 +8226,7 @@ func (c *StorageGateway) UpdateNFSFileShareRequest(input *UpdateNFSFileShareInpu // UpdateNFSFileShare API operation for AWS Storage Gateway. // // Updates a Network File System (NFS) file share. This operation is only supported -// in the file gateway type. +// in S3 File Gateways. // // To leave a file share field unchanged, set the corresponding input field // to null. @@ -8319,17 +8326,17 @@ func (c *StorageGateway) UpdateSMBFileShareRequest(input *UpdateSMBFileShareInpu // UpdateSMBFileShare API operation for AWS Storage Gateway. // // Updates a Server Message Block (SMB) file share. This operation is only supported -// for file gateways. +// for S3 File Gateways. // // To leave a file share field unchanged, set the corresponding input field // to null. // -// File gateways require AWS Security Token Service (AWS STS) to be activated -// to enable you to create a file share. Make sure that AWS STS is activated -// in the AWS Region you are creating your file gateway in. If AWS STS is not -// activated in this AWS Region, activate it. For information about how to activate -// AWS STS, see Activating and deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) -// in the AWS Identity and Access Management User Guide. +// File gateways require Security Token Service (STS) to be activated to enable +// you to create a file share. Make sure that STS is activated in the Region +// you are creating your file gateway in. If STS is not activated in this Region, +// activate it. For information about how to activate STS, see Activating and +// deactivating STS in an Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// in the Identity and Access Management User Guide. // // File gateways don't support creating hard or symbolic links on a file share. // @@ -8415,8 +8422,8 @@ func (c *StorageGateway) UpdateSMBFileShareVisibilityRequest(input *UpdateSMBFil // UpdateSMBFileShareVisibility API operation for AWS Storage Gateway. // -// Controls whether the shares on a gateway are visible in a net view or browse -// list. +// Controls whether the shares on an S3 File Gateway are visible in a net view +// or browse list. The operation is only supported for S3 File Gateways. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8753,7 +8760,7 @@ type ActivateGatewayInput struct { // the actual configuration of your gateway. // // For more information, see Getting activation key (https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html) - // in the AWS Storage Gateway User Guide. + // in the Storage Gateway User Guide. // // ActivationKey is a required field ActivationKey *string `min:"1" type:"string" required:"true"` @@ -8763,15 +8770,14 @@ type ActivateGatewayInput struct { // GatewayName is a required field GatewayName *string `min:"2" type:"string" required:"true"` - // A value that indicates the AWS Region where you want to store your data. - // The gateway AWS Region specified must be the same AWS Region as the AWS Region - // in your Host header in the request. For more information about available - // AWS Regions and endpoints for AWS Storage Gateway, see AWS Storage Gateway - // endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sg.html) - // in the AWS General Reference. + // A value that indicates the Region where you want to store your data. The + // gateway Region specified must be the same Region as the Region in your Host + // header in the request. For more information about available Regions and endpoints + // for Storage Gateway, see Storage Gateway endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sg.html) + // in the Amazon Web Services General Reference. // - // Valid Values: See AWS Storage Gateway endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sg.html) - // in the AWS General Reference. + // Valid Values: See Storage Gateway endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sg.html) + // in the Amazon Web Services General Reference. // // GatewayRegion is a required field GatewayRegion *string `min:"1" type:"string" required:"true"` @@ -8789,7 +8795,7 @@ type ActivateGatewayInput struct { // is critical to all later functions of the gateway and cannot be changed after // activation. The default value is CACHED. // - // Valid Values: STORED | CACHED | VTL | FILE_S3 + // Valid Values: STORED | CACHED | VTL | FILE_S3 | FILE_FSX_SMB| GatewayType *string `min:"2" type:"string"` // The value that indicates the type of medium changer to use for tape gateway. @@ -8925,10 +8931,10 @@ func (s *ActivateGatewayInput) SetTapeDriveType(v string) *ActivateGatewayInput return s } -// AWS Storage Gateway returns the Amazon Resource Name (ARN) of the activated -// gateway. It is a string made of information such as your account, gateway -// name, and AWS Region. This ARN is used to reference the gateway in other -// API operations as well as resource-based authorization. +// Storage Gateway returns the Amazon Resource Name (ARN) of the activated gateway. +// It is a string made of information such as your account, gateway name, and +// Region. This ARN is used to reference the gateway in other API operations +// as well as resource-based authorization. // // For gateways activated prior to September 02, 2015, the gateway ARN contains // the gateway name rather than the gateway ID. Changing the name of the gateway @@ -8937,7 +8943,7 @@ type ActivateGatewayOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -8968,7 +8974,7 @@ type AddCacheInput struct { DiskIds []*string `type:"list" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -9019,7 +9025,7 @@ type AddCacheOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -9146,7 +9152,7 @@ type AddUploadBufferInput struct { DiskIds []*string `type:"list" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -9197,7 +9203,7 @@ type AddUploadBufferOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -9231,7 +9237,7 @@ type AddWorkingStorageInput struct { DiskIds []*string `type:"list" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -9284,7 +9290,7 @@ type AddWorkingStorageOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -9414,23 +9420,30 @@ type AssociateFileSystemInput struct { // The Amazon Resource Name (ARN) of the storage used for the audit logs. AuditDestinationARN *string `type:"string"` - // The refresh cache information for the file share. + // The refresh cache information for the file share or FSx file systems. CacheAttributes *CacheAttributes `type:"structure"` - // A unique string value that you supply that is used by the file gateway to - // ensure idempotent file system association creation. + // A unique string value that you supply that is used by the FSx File Gateway + // to ensure idempotent file system association creation. // // ClientToken is a required field ClientToken *string `min:"5" type:"string" required:"true"` + // Specifies the network configuration information for the gateway associated + // with the Amazon FSx file system. + // + // If multiple file systems are associated with this gateway, this parameter's + // IpAddresses field is required. + EndpointNetworkConfiguration *EndpointNetworkConfiguration `type:"structure"` + // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` // The Amazon Resource Name (ARN) of the Amazon FSx file system to associate - // with the Amazon FSx file gateway. + // with the FSx File Gateway. // // LocationARN is a required field LocationARN *string `min:"8" type:"string" required:"true"` @@ -9530,6 +9543,12 @@ func (s *AssociateFileSystemInput) SetClientToken(v string) *AssociateFileSystem return s } +// SetEndpointNetworkConfiguration sets the EndpointNetworkConfiguration field's value. +func (s *AssociateFileSystemInput) SetEndpointNetworkConfiguration(v *EndpointNetworkConfiguration) *AssociateFileSystemInput { + s.EndpointNetworkConfiguration = v + return s +} + // SetGatewayARN sets the GatewayARN field's value. func (s *AssociateFileSystemInput) SetGatewayARN(v string) *AssociateFileSystemInput { s.GatewayARN = &v @@ -9738,7 +9757,7 @@ type AutomaticTapeCreationPolicyInfo struct { AutomaticTapeCreationRules []*AutomaticTapeCreationRule `min:"1" type:"list"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -10017,7 +10036,7 @@ func (s *BandwidthRateLimitInterval) SetStartMinuteOfHour(v int64) *BandwidthRat return s } -// The refresh cache information for the file share. +// The refresh cache information for the file share or FSx file systems. type CacheAttributes struct { _ struct{} `type:"structure"` @@ -10026,7 +10045,7 @@ type CacheAttributes struct { // cause the file gateway to first refresh that directory's contents from the // Amazon S3 bucket or Amazon FSx file system. The TTL duration is in seconds. // - // Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days) + // Valid Values:0, 300 to 2,592,000 seconds (5 minutes to 30 days) CacheStaleTimeoutInSeconds *int64 `type:"integer"` } @@ -10206,7 +10225,7 @@ type CancelArchivalInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -10292,7 +10311,7 @@ type CancelRetrievalInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -10440,13 +10459,13 @@ type CreateCachediSCSIVolumeInput struct { ClientToken *string `min:"5" type:"string" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -10661,21 +10680,28 @@ func (s *CreateCachediSCSIVolumeOutput) SetVolumeARN(v string) *CreateCachediSCS type CreateNFSFileShareInput struct { _ struct{} `type:"structure"` + // Specifies the Region of the S3 bucket where the NFS file share stores files. + // + // This parameter is required for NFS file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + BucketRegion *string `min:"1" type:"string"` + // Specifies refresh cache information for the file share. CacheAttributes *CacheAttributes `type:"structure"` - // The list of clients that are allowed to access the file gateway. The list + // The list of clients that are allowed to access the S3 File Gateway. The list // must contain either valid IP addresses or valid CIDR blocks. ClientList []*string `min:"1" type:"list"` - // A unique string value that you supply that is used by file gateway to ensure - // idempotent file share creation. + // A unique string value that you supply that is used by S3 File Gateway to + // ensure idempotent file share creation. // // ClientToken is a required field ClientToken *string `min:"5" type:"string" required:"true"` // The default storage class for objects put into an Amazon S3 bucket by the - // file gateway. The default value is S3_INTELLIGENT_TIERING. Optional. + // S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional. // // Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA DefaultStorageClass *string `min:"5" type:"string"` @@ -10685,8 +10711,8 @@ type CreateNFSFileShareInput struct { // FileShareName must be set if an S3 prefix name is set in LocationARN. FileShareName *string `min:"1" type:"string"` - // The Amazon Resource Name (ARN) of the file gateway on which you want to create - // a file share. + // The Amazon Resource Name (ARN) of the S3 File Gateway on which you want to + // create a file share. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -10698,8 +10724,8 @@ type CreateNFSFileShareInput struct { // Valid Values: true | false GuessMIMETypeEnabled *bool `type:"boolean"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -10712,6 +10738,16 @@ type CreateNFSFileShareInput struct { // The ARN of the backend storage used for storing file data. A prefix name // can be added to the S3 bucket name. It must end with a "/". // + // You can specify a bucket attached to an access point using a complete ARN + // that includes the bucket region as shown: + // + // arn:aws:s3:region:account-id:accesspoint/access-point-name + // + // If you specify a bucket attached to an access point, the bucket policy must + // be configured to delegate access control to the access point. For information, + // see Delegating access control to access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies.html#access-points-delegating-control) + // in the Amazon S3 User Guide. + // // LocationARN is a required field LocationARN *string `min:"16" type:"string" required:"true"` @@ -10739,8 +10775,8 @@ type CreateNFSFileShareInput struct { NotificationPolicy *string `min:"2" type:"string"` // A value that sets the access control list (ACL) permission for objects in - // the S3 bucket that a file gateway puts objects into. The default value is - // private. + // the S3 bucket that a S3 File Gateway puts objects into. The default value + // is private. ObjectACL *string `type:"string" enum:"ObjectACL"` // A value that sets the write status of a file share. Set this value to true @@ -10761,8 +10797,8 @@ type CreateNFSFileShareInput struct { // Valid Values: true | false RequesterPays *bool `type:"boolean"` - // The ARN of the AWS Identity and Access Management (IAM) role that a file - // gateway assumes when it accesses the underlying storage. + // The ARN of the Identity and Access Management (IAM) role that an S3 File + // Gateway assumes when it accesses the underlying storage. // // Role is a required field Role *string `min:"20" type:"string" required:"true"` @@ -10786,6 +10822,14 @@ type CreateNFSFileShareInput struct { // maximum length of a tag's key is 128 characters, and the maximum length for // a tag's value is 256. Tags []*Tag `type:"list"` + + // Specifies the DNS name for the VPC endpoint that the NFS file share uses + // to connect to Amazon S3. + // + // This parameter is required for NFS file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + VPCEndpointDNSName *string `min:"1" type:"string"` } // String returns the string representation @@ -10801,6 +10845,9 @@ func (s CreateNFSFileShareInput) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *CreateNFSFileShareInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateNFSFileShareInput"} + if s.BucketRegion != nil && len(*s.BucketRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BucketRegion", 1)) + } if s.ClientList != nil && len(s.ClientList) < 1 { invalidParams.Add(request.NewErrParamMinLen("ClientList", 1)) } @@ -10843,6 +10890,9 @@ func (s *CreateNFSFileShareInput) Validate() error { if s.Squash != nil && len(*s.Squash) < 5 { invalidParams.Add(request.NewErrParamMinLen("Squash", 5)) } + if s.VPCEndpointDNSName != nil && len(*s.VPCEndpointDNSName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VPCEndpointDNSName", 1)) + } if s.NFSFileShareDefaults != nil { if err := s.NFSFileShareDefaults.Validate(); err != nil { invalidParams.AddNested("NFSFileShareDefaults", err.(request.ErrInvalidParams)) @@ -10865,6 +10915,12 @@ func (s *CreateNFSFileShareInput) Validate() error { return nil } +// SetBucketRegion sets the BucketRegion field's value. +func (s *CreateNFSFileShareInput) SetBucketRegion(v string) *CreateNFSFileShareInput { + s.BucketRegion = &v + return s +} + // SetCacheAttributes sets the CacheAttributes field's value. func (s *CreateNFSFileShareInput) SetCacheAttributes(v *CacheAttributes) *CreateNFSFileShareInput { s.CacheAttributes = v @@ -10973,6 +11029,12 @@ func (s *CreateNFSFileShareInput) SetTags(v []*Tag) *CreateNFSFileShareInput { return s } +// SetVPCEndpointDNSName sets the VPCEndpointDNSName field's value. +func (s *CreateNFSFileShareInput) SetVPCEndpointDNSName(v string) *CreateNFSFileShareInput { + s.VPCEndpointDNSName = &v + return s +} + // CreateNFSFileShareOutput type CreateNFSFileShareOutput struct { _ struct{} `type:"structure"` @@ -11023,6 +11085,13 @@ type CreateSMBFileShareInput struct { // Valid Values: ActiveDirectory | GuestAccess Authentication *string `min:"5" type:"string"` + // Specifies the Region of the S3 bucket where the SMB file share stores files. + // + // This parameter is required for SMB file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + BucketRegion *string `min:"1" type:"string"` + // Specifies refresh cache information for the file share. CacheAttributes *CacheAttributes `type:"structure"` @@ -11031,14 +11100,14 @@ type CreateSMBFileShareInput struct { // the case sensitivity. The default value is ClientSpecified. CaseSensitivity *string `type:"string" enum:"CaseSensitivity"` - // A unique string value that you supply that is used by file gateway to ensure - // idempotent file share creation. + // A unique string value that you supply that is used by S3 File Gateway to + // ensure idempotent file share creation. // // ClientToken is a required field ClientToken *string `min:"5" type:"string" required:"true"` // The default storage class for objects put into an Amazon S3 bucket by the - // file gateway. The default value is S3_INTELLIGENT_TIERING. Optional. + // S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional. // // Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA DefaultStorageClass *string `min:"5" type:"string"` @@ -11048,7 +11117,7 @@ type CreateSMBFileShareInput struct { // FileShareName must be set if an S3 prefix name is set in LocationARN. FileShareName *string `min:"1" type:"string"` - // The ARN of the file gateway on which you want to create a file share. + // The ARN of the S3 File Gateway on which you want to create a file share. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -11066,8 +11135,8 @@ type CreateSMBFileShareInput struct { // be set if Authentication is set to ActiveDirectory. InvalidUserList []*string `type:"list"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -11080,6 +11149,16 @@ type CreateSMBFileShareInput struct { // The ARN of the backend storage used for storing file data. A prefix name // can be added to the S3 bucket name. It must end with a "/". // + // You can specify a bucket attached to an access point using a complete ARN + // that includes the bucket region as shown: + // + // arn:aws:s3:region:account-id:accesspoint/access-point-name + // + // If you specify a bucket attached to an access point, the bucket policy must + // be configured to delegate access control to the access point. For information, + // see Delegating access control to access points (https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points-policies.html#access-points-delegating-control) + // in the Amazon S3 User Guide. + // // LocationARN is a required field LocationARN *string `min:"16" type:"string" required:"true"` @@ -11104,10 +11183,19 @@ type CreateSMBFileShareInput struct { NotificationPolicy *string `min:"2" type:"string"` // A value that sets the access control list (ACL) permission for objects in - // the S3 bucket that a file gateway puts objects into. The default value is - // private. + // the S3 bucket that a S3 File Gateway puts objects into. The default value + // is private. ObjectACL *string `type:"string" enum:"ObjectACL"` + // Specifies whether opportunistic locking is enabled for the SMB file share. + // + // Enabling opportunistic locking on case-sensitive shares is not recommended + // for workloads that involve access to files with the same name in different + // case. + // + // Valid Values: true | false + OplocksEnabled *bool `type:"boolean"` + // A value that sets the write status of a file share. Set this value to true // to set the write status to read-only, otherwise set to false. // @@ -11126,8 +11214,8 @@ type CreateSMBFileShareInput struct { // Valid Values: true | false RequesterPays *bool `type:"boolean"` - // The ARN of the AWS Identity and Access Management (IAM) role that a file - // gateway assumes when it accesses the underlying storage. + // The ARN of the Identity and Access Management (IAM) role that an S3 File + // Gateway assumes when it accesses the underlying storage. // // Role is a required field Role *string `min:"20" type:"string" required:"true"` @@ -11138,7 +11226,7 @@ type CreateSMBFileShareInput struct { // // For more information, see Using Microsoft Windows ACLs to control access // to an SMB file share (https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html) - // in the AWS Storage Gateway User Guide. + // in the Storage Gateway User Guide. // // Valid Values: true | false SMBACLEnabled *bool `type:"boolean"` @@ -11152,6 +11240,14 @@ type CreateSMBFileShareInput struct { // a tag's value is 256. Tags []*Tag `type:"list"` + // Specifies the DNS name for the VPC endpoint that the SMB file share uses + // to connect to Amazon S3. + // + // This parameter is required for SMB file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + VPCEndpointDNSName *string `min:"1" type:"string"` + // A list of users or groups in the Active Directory that are allowed to access // the file share. A group must be prefixed with the @ character. Acceptable // formats include: DOMAIN\User1, user1, @group1, and @DOMAIN\group1. Can only @@ -11175,6 +11271,9 @@ func (s *CreateSMBFileShareInput) Validate() error { if s.Authentication != nil && len(*s.Authentication) < 5 { invalidParams.Add(request.NewErrParamMinLen("Authentication", 5)) } + if s.BucketRegion != nil && len(*s.BucketRegion) < 1 { + invalidParams.Add(request.NewErrParamMinLen("BucketRegion", 1)) + } if s.ClientToken == nil { invalidParams.Add(request.NewErrParamRequired("ClientToken")) } @@ -11211,6 +11310,9 @@ func (s *CreateSMBFileShareInput) Validate() error { if s.Role != nil && len(*s.Role) < 20 { invalidParams.Add(request.NewErrParamMinLen("Role", 20)) } + if s.VPCEndpointDNSName != nil && len(*s.VPCEndpointDNSName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("VPCEndpointDNSName", 1)) + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -11252,6 +11354,12 @@ func (s *CreateSMBFileShareInput) SetAuthentication(v string) *CreateSMBFileShar return s } +// SetBucketRegion sets the BucketRegion field's value. +func (s *CreateSMBFileShareInput) SetBucketRegion(v string) *CreateSMBFileShareInput { + s.BucketRegion = &v + return s +} + // SetCacheAttributes sets the CacheAttributes field's value. func (s *CreateSMBFileShareInput) SetCacheAttributes(v *CacheAttributes) *CreateSMBFileShareInput { s.CacheAttributes = v @@ -11330,6 +11438,12 @@ func (s *CreateSMBFileShareInput) SetObjectACL(v string) *CreateSMBFileShareInpu return s } +// SetOplocksEnabled sets the OplocksEnabled field's value. +func (s *CreateSMBFileShareInput) SetOplocksEnabled(v bool) *CreateSMBFileShareInput { + s.OplocksEnabled = &v + return s +} + // SetReadOnly sets the ReadOnly field's value. func (s *CreateSMBFileShareInput) SetReadOnly(v bool) *CreateSMBFileShareInput { s.ReadOnly = &v @@ -11360,6 +11474,12 @@ func (s *CreateSMBFileShareInput) SetTags(v []*Tag) *CreateSMBFileShareInput { return s } +// SetVPCEndpointDNSName sets the VPCEndpointDNSName field's value. +func (s *CreateSMBFileShareInput) SetVPCEndpointDNSName(v string) *CreateSMBFileShareInput { + s.VPCEndpointDNSName = &v + return s +} + // SetValidUserList sets the ValidUserList field's value. func (s *CreateSMBFileShareInput) SetValidUserList(v []*string) *CreateSMBFileShareInput { s.ValidUserList = v @@ -11395,7 +11515,7 @@ type CreateSnapshotFromVolumeRecoveryPointInput struct { // Textual description of the snapshot that appears in the Amazon EC2 console, // Elastic Block Store snapshots panel in the Description field, and in the - // AWS Storage Gateway snapshot Details pane, Description field. + // Storage Gateway snapshot Details pane, Description field. // // SnapshotDescription is a required field SnapshotDescription *string `min:"1" type:"string" required:"true"` @@ -11528,7 +11648,7 @@ type CreateSnapshotInput struct { // Textual description of the snapshot that appears in the Amazon EC2 console, // Elastic Block Store snapshots panel in the Description field, and in the - // AWS Storage Gateway snapshot Details pane, Description field. + // Storage Gateway snapshot Details pane, Description field. // // SnapshotDescription is a required field SnapshotDescription *string `min:"1" type:"string" required:"true"` @@ -11666,13 +11786,13 @@ type CreateStorediSCSIVolumeInput struct { DiskId *string `min:"1" type:"string" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -11894,10 +12014,10 @@ type CreateTapePoolInput struct { RetentionLockTimeInDays *int64 `type:"integer"` // Tape retention lock can be configured in two modes. When configured in governance - // mode, AWS accounts with specific IAM permissions are authorized to remove - // the tape retention lock from archived virtual tapes. When configured in compliance + // mode, accounts with specific IAM permissions are authorized to remove the + // tape retention lock from archived virtual tapes. When configured in compliance // mode, the tape retention lock cannot be removed by any user, including the - // root AWS account. + // root account. RetentionLockType *string `type:"string" enum:"RetentionLockType"` // The storage class that is associated with the new custom pool. When you use @@ -11992,7 +12112,7 @@ type CreateTapePoolOutput struct { // The unique Amazon Resource Name (ARN) that represents the custom tape pool. // Use the ListTapePools operation to return a list of tape pools for your account - // and AWS Region. + // and Region. PoolARN *string `min:"50" type:"string"` } @@ -12018,13 +12138,13 @@ type CreateTapeWithBarcodeInput struct { // The unique Amazon Resource Name (ARN) that represents the gateway to associate // the virtual tape with. Use the ListGateways operation to return a list of - // gateways for your account and AWS Region. + // gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -12210,13 +12330,13 @@ type CreateTapesInput struct { // The unique Amazon Resource Name (ARN) that represents the gateway to associate // the virtual tapes with. Use the ListGateways operation to return a list of - // gateways for your account and AWS Region. + // gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -12422,7 +12542,7 @@ type DeleteAutomaticTapeCreationPolicyInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -12464,7 +12584,7 @@ type DeleteAutomaticTapeCreationPolicyOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -12499,7 +12619,7 @@ type DeleteBandwidthRateLimitInput struct { BandwidthType *string `min:"3" type:"string" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -12555,7 +12675,7 @@ type DeleteBandwidthRateLimitOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -12682,9 +12802,10 @@ type DeleteFileShareInput struct { FileShareARN *string `min:"50" type:"string" required:"true"` // If this value is set to true, the operation deletes a file share immediately - // and aborts all data uploads to AWS. Otherwise, the file share is not deleted - // until all data is uploaded to AWS. This process aborts the data upload process, - // and the file share enters the FORCE_DELETING status. + // and aborts all data uploads to Amazon Web Services. Otherwise, the file share + // is not deleted until all data is uploaded to Amazon Web Services. This process + // aborts the data upload process, and the file share enters the FORCE_DELETING + // status. // // Valid Values: true | false ForceDelete *bool `type:"boolean"` @@ -12757,7 +12878,7 @@ type DeleteGatewayInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -12800,7 +12921,7 @@ type DeleteGatewayOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -12976,7 +13097,7 @@ type DeleteTapeInput struct { // The unique Amazon Resource Name (ARN) of the gateway that the virtual tape // to delete is associated with. Use the ListGateways operation to return a - // list of gateways for your account and AWS Region. + // list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -13198,7 +13319,7 @@ type DescribeAvailabilityMonitorTestInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -13240,7 +13361,7 @@ type DescribeAvailabilityMonitorTestOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The time the high availability monitoring test was started. If a test hasn't @@ -13285,7 +13406,7 @@ type DescribeBandwidthRateLimitInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -13336,7 +13457,7 @@ type DescribeBandwidthRateLimitOutput struct { AverageUploadRateLimitInBitsPerSec *int64 `min:"51200" type:"long"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -13372,7 +13493,7 @@ type DescribeBandwidthRateLimitScheduleInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -13418,7 +13539,7 @@ type DescribeBandwidthRateLimitScheduleOutput struct { BandwidthRateLimitIntervals []*BandwidthRateLimitInterval `type:"list"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -13448,7 +13569,7 @@ type DescribeCacheInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -13493,8 +13614,8 @@ type DescribeCacheOutput struct { CacheAllocatedInBytes *int64 `type:"long"` // The file share's contribution to the overall percentage of the gateway's - // cache that has not been persisted to AWS. The sample is taken at the end - // of the reporting period. + // cache that has not been persisted to Amazon Web Services. The sample is taken + // at the end of the reporting period. CacheDirtyPercentage *float64 `type:"double"` // Percent of application read operations from the file shares that are served @@ -13516,7 +13637,7 @@ type DescribeCacheOutput struct { DiskIds []*string `type:"list"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -13790,7 +13911,7 @@ type DescribeGatewayInformationInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -13843,7 +13964,7 @@ type DescribeGatewayInformationOutput struct { // The ID of the Amazon EC2 instance that was used to launch the gateway. Ec2InstanceId *string `type:"string"` - // The AWS Region where the Amazon EC2 instance is located. + // The Region where the Amazon EC2 instance is located. Ec2InstanceRegion *string `type:"string"` // The type of endpoint for your gateway. @@ -13852,9 +13973,12 @@ type DescribeGatewayInformationOutput struct { EndpointType *string `min:"4" type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` + // Specifies the size of the gateway's metadata cache. + GatewayCapacity *string `type:"string" enum:"GatewayCapacity"` + // The unique identifier assigned to your gateway during activation. This ID // becomes part of the gateway Amazon Resource Name (ARN), which you use as // input for other operations. @@ -13892,6 +14016,10 @@ type DescribeGatewayInformationOutput struct { // Date after which this gateway will not receive software updates for new features. SoftwareUpdatesEndDate *string `min:"1" type:"string"` + // A list of the metadata cache sizes that the gateway can support based on + // its current hardware specifications. + SupportedGatewayCapacities []*string `type:"list"` + // A list of up to 50 tags assigned to the gateway, sorted alphabetically by // key name. Each tag is a key-value pair. For a gateway with more than 10 tags // assigned, you can view all tags using the ListTagsForResource API operation. @@ -13948,6 +14076,12 @@ func (s *DescribeGatewayInformationOutput) SetGatewayARN(v string) *DescribeGate return s } +// SetGatewayCapacity sets the GatewayCapacity field's value. +func (s *DescribeGatewayInformationOutput) SetGatewayCapacity(v string) *DescribeGatewayInformationOutput { + s.GatewayCapacity = &v + return s +} + // SetGatewayId sets the GatewayId field's value. func (s *DescribeGatewayInformationOutput) SetGatewayId(v string) *DescribeGatewayInformationOutput { s.GatewayId = &v @@ -14008,6 +14142,12 @@ func (s *DescribeGatewayInformationOutput) SetSoftwareUpdatesEndDate(v string) * return s } +// SetSupportedGatewayCapacities sets the SupportedGatewayCapacities field's value. +func (s *DescribeGatewayInformationOutput) SetSupportedGatewayCapacities(v []*string) *DescribeGatewayInformationOutput { + s.SupportedGatewayCapacities = v + return s +} + // SetTags sets the Tags field's value. func (s *DescribeGatewayInformationOutput) SetTags(v []*Tag) *DescribeGatewayInformationOutput { s.Tags = v @@ -14025,7 +14165,7 @@ type DescribeMaintenanceStartTimeInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -14088,7 +14228,7 @@ type DescribeMaintenanceStartTimeOutput struct { DayOfWeek *int64 `type:"integer"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The hour component of the maintenance start time represented as hh, where @@ -14290,7 +14430,7 @@ type DescribeSMBSettingsInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -14356,15 +14496,16 @@ type DescribeSMBSettingsOutput struct { // The name of the domain that the gateway is joined to. DomainName *string `min:"1" type:"string"` - // The shares on this gateway appear when listing shares. + // The shares on this gateway appear when listing shares. Only supported for + // S3 File Gateways. FileSharesVisible *bool `type:"boolean"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // This value is true if a password for the guest user smbguest is set, otherwise - // false. + // false. Only supported for S3 File Gateways. // // Valid Values: true | false SMBGuestPasswordSet *bool `type:"boolean"` @@ -14374,6 +14515,7 @@ type DescribeSMBSettingsOutput struct { // * ClientSpecified: If you use this option, requests are established based // on what is negotiated by the client. This option is recommended when you // want to maximize compatibility across different clients in your environment. + // Only supported for S3 File Gateways. // // * MandatorySigning: If you use this option, file gateway only allows connections // from SMBv2 or SMBv3 clients that have signing enabled. This option works @@ -14765,7 +14907,7 @@ type DescribeTapeRecoveryPointsInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -14834,7 +14976,7 @@ type DescribeTapeRecoveryPointsOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // An opaque string that indicates the position at which the virtual tape recovery @@ -14882,7 +15024,7 @@ type DescribeTapesInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -15003,7 +15145,7 @@ type DescribeUploadBufferInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -15051,7 +15193,7 @@ type DescribeUploadBufferOutput struct { DiskIds []*string `type:"list"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The total number of bytes allocated in the gateway's as upload buffer. @@ -15100,7 +15242,7 @@ type DescribeVTLDevicesInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -15183,7 +15325,7 @@ type DescribeVTLDevicesOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // An opaque string that indicates the position at which the VTL devices that @@ -15230,7 +15372,7 @@ type DescribeWorkingStorageInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -15279,7 +15421,7 @@ type DescribeWorkingStorageOutput struct { DiskIds []*string `type:"list"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The total working storage in bytes allocated for the gateway. If no working @@ -15461,7 +15603,7 @@ type DisableGatewayInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -15693,6 +15835,35 @@ func (s *Disk) SetDiskStatus(v string) *Disk { return s } +// Specifies network configuration information for the gateway associated with +// the Amazon FSx file system. +type EndpointNetworkConfiguration struct { + _ struct{} `type:"structure"` + + // A list of gateway IP addresses on which the associated Amazon FSx file system + // is available. + // + // If multiple file systems are associated with this gateway, this field is + // required. + IpAddresses []*string `type:"list"` +} + +// String returns the string representation +func (s EndpointNetworkConfiguration) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s EndpointNetworkConfiguration) GoString() string { + return s.String() +} + +// SetIpAddresses sets the IpAddresses field's value. +func (s *EndpointNetworkConfiguration) SetIpAddresses(v []*string) *EndpointNetworkConfiguration { + s.IpAddresses = v + return s +} + // Provides additional information about an error that was returned by the service. // See the errorCode and errorDetails members for more information about the // error. @@ -15728,7 +15899,7 @@ func (s *Error) SetErrorDetails(v map[string]*string) *Error { return s } -// Describes a file share. +// Describes a file share. Only supported S3 File Gateway. type FileShareInfo struct { _ struct{} `type:"structure"` @@ -15747,7 +15918,7 @@ type FileShareInfo struct { FileShareType *string `type:"string" enum:"FileShareType"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -15799,18 +15970,25 @@ type FileSystemAssociationInfo struct { // The Amazon Resource Name (ARN) of the storage used for the audit logs. AuditDestinationARN *string `type:"string"` - // The refresh cache information for the file share. + // The refresh cache information for the file share or FSx file systems. CacheAttributes *CacheAttributes `type:"structure"` + // Specifies network configuration information for the gateway associated with + // the Amazon FSx file system. + // + // If multiple file systems are associated with this gateway, this parameter's + // IpAddresses field is required. + EndpointNetworkConfiguration *EndpointNetworkConfiguration `type:"structure"` + // The Amazon Resource Name (ARN) of the file system association. FileSystemAssociationARN *string `min:"50" type:"string"` // The status of the file system association. Valid Values: AVAILABLE | CREATING - // | DELETING | FORCE_DELETING | MISCONFIGURED | UPDATING | UNAVAILABLE + // | DELETING | FORCE_DELETING | UPDATING | ERROR FileSystemAssociationStatus *string `min:"3" type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The ARN of the backend Amazon FSx file system used for storing file data. @@ -15845,6 +16023,12 @@ func (s *FileSystemAssociationInfo) SetCacheAttributes(v *CacheAttributes) *File return s } +// SetEndpointNetworkConfiguration sets the EndpointNetworkConfiguration field's value. +func (s *FileSystemAssociationInfo) SetEndpointNetworkConfiguration(v *EndpointNetworkConfiguration) *FileSystemAssociationInfo { + s.EndpointNetworkConfiguration = v + return s +} + // SetFileSystemAssociationARN sets the FileSystemAssociationARN field's value. func (s *FileSystemAssociationInfo) SetFileSystemAssociationARN(v string) *FileSystemAssociationInfo { s.FileSystemAssociationARN = &v @@ -15887,11 +16071,11 @@ type FileSystemAssociationSummary struct { FileSystemAssociationId *string `min:"10" type:"string"` // The status of the file share. Valid Values: AVAILABLE | CREATING | DELETING - // | FORCE_DELETING | MISCONFIGURED | UPDATING | UNAVAILABLE + // | FORCE_DELETING | UPDATING | ERROR FileSystemAssociationStatus *string `min:"3" type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -15936,11 +16120,11 @@ type GatewayInfo struct { // The ID of the Amazon EC2 instance that was used to launch the gateway. Ec2InstanceId *string `type:"string"` - // The AWS Region where the Amazon EC2 instance is located. + // The Region where the Amazon EC2 instance is located. Ec2InstanceRegion *string `type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The unique identifier assigned to your gateway during activation. This ID @@ -16150,7 +16334,7 @@ type JoinDomainInput struct { DomainName *string `min:"1" type:"string" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -16323,7 +16507,7 @@ type ListAutomaticTapeCreationPoliciesInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -16451,7 +16635,7 @@ func (s *ListFileSharesInput) SetMarker(v string) *ListFileSharesInput { type ListFileSharesOutput struct { _ struct{} `type:"structure"` - // An array of information about the file gateway's file shares. + // An array of information about the S3 File Gateway's file shares. FileShareInfoList []*FileShareInfo `type:"list"` // If the request includes Marker, the response returns that value in this field. @@ -16495,7 +16679,7 @@ type ListFileSystemAssociationsInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The maximum number of file system associations to return in the response. @@ -16692,7 +16876,7 @@ type ListLocalDisksInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -16739,7 +16923,7 @@ type ListLocalDisksOutput struct { Disks []*Disk `type:"list"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -17156,7 +17340,7 @@ type ListVolumeRecoveryPointsInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -17198,7 +17382,7 @@ type ListVolumeRecoveryPointsOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // An array of VolumeRecoveryPointInfo objects. @@ -17236,7 +17420,7 @@ type ListVolumesInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // Specifies that the list of volumes returned be limited to the specified number @@ -17305,7 +17489,7 @@ type ListVolumesOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // Use the marker in your next request to continue pagination of iSCSI volumes. @@ -17351,8 +17535,8 @@ func (s *ListVolumesOutput) SetVolumeInfos(v []*VolumeInfo) *ListVolumesOutput { // folders stored as Amazon S3 objects in S3 buckets don't, by default, have // Unix file permissions assigned to them. Upon discovery in an S3 bucket by // Storage Gateway, the S3 objects that represent files and folders are assigned -// these default Unix permissions. This operation is only supported for file -// gateways. +// these default Unix permissions. This operation is only supported for S3 File +// Gateways. type NFSFileShareDefaults struct { _ struct{} `type:"structure"` @@ -17425,20 +17609,27 @@ func (s *NFSFileShareDefaults) SetOwnerId(v int64) *NFSFileShareDefaults { } // The Unix file permissions and ownership information assigned, by default, -// to native S3 objects when file gateway discovers them in S3 buckets. This -// operation is only supported in file gateways. +// to native S3 objects when an S3 File Gateway discovers them in S3 buckets. +// This operation is only supported in S3 File Gateways. type NFSFileShareInfo struct { _ struct{} `type:"structure"` + // Specifies the Region of the S3 bucket where the NFS file share stores files. + // + // This parameter is required for NFS file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + BucketRegion *string `min:"1" type:"string"` + // Refresh cache information for the file share. CacheAttributes *CacheAttributes `type:"structure"` - // The list of clients that are allowed to access the file gateway. The list + // The list of clients that are allowed to access the S3 File Gateway. The list // must contain either valid IP addresses or valid CIDR blocks. ClientList []*string `min:"1" type:"list"` // The default storage class for objects put into an Amazon S3 bucket by the - // file gateway. The default value is S3_INTELLIGENT_TIERING. Optional. + // S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional. // // Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA DefaultStorageClass *string `min:"5" type:"string"` @@ -17460,7 +17651,7 @@ type NFSFileShareInfo struct { FileShareStatus *string `min:"3" type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // A value that enables guessing of the MIME type for uploaded objects based @@ -17470,8 +17661,8 @@ type NFSFileShareInfo struct { // Valid Values: true | false GuessMIMETypeEnabled *bool `type:"boolean"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -17489,8 +17680,8 @@ type NFSFileShareInfo struct { // folders stored as Amazon S3 objects in S3 buckets don't, by default, have // Unix file permissions assigned to them. Upon discovery in an S3 bucket by // Storage Gateway, the S3 objects that represent files and folders are assigned - // these default Unix permissions. This operation is only supported for file - // gateways. + // these default Unix permissions. This operation is only supported for S3 File + // Gateways. NFSFileShareDefaults *NFSFileShareDefaults `type:"structure"` // The notification policy of the file share. SettlingTimeInSeconds controls @@ -17514,8 +17705,8 @@ type NFSFileShareInfo struct { NotificationPolicy *string `min:"2" type:"string"` // A value that sets the access control list (ACL) permission for objects in - // the S3 bucket that a file gateway puts objects into. The default value is - // private. + // the S3 bucket that an S3 File Gateway puts objects into. The default value + // is private. ObjectACL *string `type:"string" enum:"ObjectACL"` // The file share path used by the NFS client to identify the mount point. @@ -17539,8 +17730,8 @@ type NFSFileShareInfo struct { // Valid Values: true | false RequesterPays *bool `type:"boolean"` - // The ARN of the IAM role that file gateway assumes when it accesses the underlying - // storage. + // The ARN of the IAM role that an S3 File Gateway assumes when it accesses + // the underlying storage. Role *string `min:"20" type:"string"` // The user mapped to anonymous user. Valid options are the following: @@ -17556,6 +17747,14 @@ type NFSFileShareInfo struct { // by key name. Each tag is a key-value pair. For a gateway with more than 10 // tags assigned, you can view all tags using the ListTagsForResource API operation. Tags []*Tag `type:"list"` + + // Specifies the DNS name for the VPC endpoint that the NFS file share uses + // to connect to Amazon S3. + // + // This parameter is required for NFS file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + VPCEndpointDNSName *string `min:"1" type:"string"` } // String returns the string representation @@ -17568,6 +17767,12 @@ func (s NFSFileShareInfo) GoString() string { return s.String() } +// SetBucketRegion sets the BucketRegion field's value. +func (s *NFSFileShareInfo) SetBucketRegion(v string) *NFSFileShareInfo { + s.BucketRegion = &v + return s +} + // SetCacheAttributes sets the CacheAttributes field's value. func (s *NFSFileShareInfo) SetCacheAttributes(v *CacheAttributes) *NFSFileShareInfo { s.CacheAttributes = v @@ -17694,6 +17899,12 @@ func (s *NFSFileShareInfo) SetTags(v []*Tag) *NFSFileShareInfo { return s } +// SetVPCEndpointDNSName sets the VPCEndpointDNSName field's value. +func (s *NFSFileShareInfo) SetVPCEndpointDNSName(v string) *NFSFileShareInfo { + s.VPCEndpointDNSName = &v + return s +} + // Describes a gateway's network interface. type NetworkInterface struct { _ struct{} `type:"structure"` @@ -17818,8 +18029,7 @@ type PoolInfo struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the custom tape pool. Use the ListTapePools - // operation to return a list of custom tape pools for your account and AWS - // Region. + // operation to return a list of custom tape pools for your account and Region. PoolARN *string `min:"50" type:"string"` // The name of the custom tape pool. PoolName can use all ASCII characters, @@ -17834,10 +18044,10 @@ type PoolInfo struct { RetentionLockTimeInDays *int64 `type:"integer"` // Tape retention lock type, which can be configured in two modes. When configured - // in governance mode, AWS accounts with specific IAM permissions are authorized + // in governance mode, accounts with specific IAM permissions are authorized // to remove the tape retention lock from archived virtual tapes. When configured // in compliance mode, the tape retention lock cannot be removed by any user, - // including the root AWS account. + // including the root account. RetentionLockType *string `type:"string" enum:"RetentionLockType"` // The storage class that is associated with the custom pool. When you use your @@ -18088,7 +18298,7 @@ type ResetCacheInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -18130,7 +18340,7 @@ type ResetCacheOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -18156,7 +18366,7 @@ type RetrieveTapeArchiveInput struct { // The Amazon Resource Name (ARN) of the gateway you want to retrieve the virtual // tape to. Use the ListGateways operation to return a list of gateways for - // your account and AWS Region. + // your account and Region. // // You retrieve archived virtual tapes to only one gateway and the gateway must // be a tape gateway. @@ -18244,7 +18454,7 @@ type RetrieveTapeRecoveryPointInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -18326,8 +18536,8 @@ func (s *RetrieveTapeRecoveryPointOutput) SetTapeARN(v string) *RetrieveTapeReco } // The Windows file permissions and ownership information assigned, by default, -// to native S3 objects when file gateway discovers them in S3 buckets. This -// operation is only supported for file gateways. +// to native S3 objects when S3 File Gateway discovers them in S3 buckets. This +// operation is only supported for S3 File Gateways. type SMBFileShareInfo struct { _ struct{} `type:"structure"` @@ -18348,6 +18558,13 @@ type SMBFileShareInfo struct { // Valid Values: ActiveDirectory | GuestAccess Authentication *string `min:"5" type:"string"` + // Specifies the Region of the S3 bucket where the SMB file share stores files. + // + // This parameter is required for SMB file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + BucketRegion *string `min:"1" type:"string"` + // Refresh cache information for the file share. CacheAttributes *CacheAttributes `type:"structure"` @@ -18357,7 +18574,7 @@ type SMBFileShareInfo struct { CaseSensitivity *string `type:"string" enum:"CaseSensitivity"` // The default storage class for objects put into an Amazon S3 bucket by the - // file gateway. The default value is S3_INTELLIGENT_TIERING. Optional. + // S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional. // // Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA DefaultStorageClass *string `min:"5" type:"string"` @@ -18379,7 +18596,7 @@ type SMBFileShareInfo struct { FileShareStatus *string `min:"3" type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // A value that enables guessing of the MIME type for uploaded objects based @@ -18395,8 +18612,8 @@ type SMBFileShareInfo struct { // be set if Authentication is set to ActiveDirectory. InvalidUserList []*string `type:"list"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -18431,10 +18648,19 @@ type SMBFileShareInfo struct { NotificationPolicy *string `min:"2" type:"string"` // A value that sets the access control list (ACL) permission for objects in - // the S3 bucket that a file gateway puts objects into. The default value is - // private. + // the S3 bucket that an S3 File Gateway puts objects into. The default value + // is private. ObjectACL *string `type:"string" enum:"ObjectACL"` + // Specifies whether opportunistic locking is enabled for the SMB file share. + // + // Enabling opportunistic locking on case-sensitive shares is not recommended + // for workloads that involve access to files with the same name in different + // case. + // + // Valid Values: true | false + OplocksEnabled *bool `type:"boolean"` + // The file share path used by the SMB client to identify the mount point. Path *string `type:"string"` @@ -18456,8 +18682,8 @@ type SMBFileShareInfo struct { // Valid Values: true | false RequesterPays *bool `type:"boolean"` - // The ARN of the IAM role that file gateway assumes when it accesses the underlying - // storage. + // The ARN of the IAM role that an S3 File Gateway assumes when it accesses + // the underlying storage. Role *string `min:"20" type:"string"` // If this value is set to true, it indicates that access control list (ACL) @@ -18466,7 +18692,7 @@ type SMBFileShareInfo struct { // // For more information, see Using Microsoft Windows ACLs to control access // to an SMB file share (https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html) - // in the AWS Storage Gateway User Guide. + // in the Storage Gateway User Guide. SMBACLEnabled *bool `type:"boolean"` // A list of up to 50 tags assigned to the SMB file share, sorted alphabetically @@ -18474,6 +18700,14 @@ type SMBFileShareInfo struct { // tags assigned, you can view all tags using the ListTagsForResource API operation. Tags []*Tag `type:"list"` + // Specifies the DNS name for the VPC endpoint that the SMB file share uses + // to connect to Amazon S3. + // + // This parameter is required for SMB file shares that connect to Amazon S3 + // through a VPC endpoint, a VPC access point, or an access point alias that + // points to a VPC access point. + VPCEndpointDNSName *string `min:"1" type:"string"` + // A list of users or groups in the Active Directory that are allowed to access // the file share. A group must be prefixed with the @ character. Acceptable // formats include: DOMAIN\User1, user1, @group1, and @DOMAIN\group1. Can only @@ -18515,6 +18749,12 @@ func (s *SMBFileShareInfo) SetAuthentication(v string) *SMBFileShareInfo { return s } +// SetBucketRegion sets the BucketRegion field's value. +func (s *SMBFileShareInfo) SetBucketRegion(v string) *SMBFileShareInfo { + s.BucketRegion = &v + return s +} + // SetCacheAttributes sets the CacheAttributes field's value. func (s *SMBFileShareInfo) SetCacheAttributes(v *CacheAttributes) *SMBFileShareInfo { s.CacheAttributes = v @@ -18605,6 +18845,12 @@ func (s *SMBFileShareInfo) SetObjectACL(v string) *SMBFileShareInfo { return s } +// SetOplocksEnabled sets the OplocksEnabled field's value. +func (s *SMBFileShareInfo) SetOplocksEnabled(v bool) *SMBFileShareInfo { + s.OplocksEnabled = &v + return s +} + // SetPath sets the Path field's value. func (s *SMBFileShareInfo) SetPath(v string) *SMBFileShareInfo { s.Path = &v @@ -18641,6 +18887,12 @@ func (s *SMBFileShareInfo) SetTags(v []*Tag) *SMBFileShareInfo { return s } +// SetVPCEndpointDNSName sets the VPCEndpointDNSName field's value. +func (s *SMBFileShareInfo) SetVPCEndpointDNSName(v string) *SMBFileShareInfo { + s.VPCEndpointDNSName = &v + return s +} + // SetValidUserList sets the ValidUserList field's value. func (s *SMBFileShareInfo) SetValidUserList(v []*string) *SMBFileShareInfo { s.ValidUserList = v @@ -18714,7 +18966,7 @@ type SetLocalConsolePasswordInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -18773,7 +19025,7 @@ type SetLocalConsolePasswordOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -18797,8 +19049,8 @@ func (s *SetLocalConsolePasswordOutput) SetGatewayARN(v string) *SetLocalConsole type SetSMBGuestPasswordInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) of the file gateway the SMB file share is - // associated with. + // The Amazon Resource Name (ARN) of the S3 File Gateway the SMB file share + // is associated with. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -18857,7 +19109,7 @@ type SetSMBGuestPasswordOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -18883,7 +19135,7 @@ type ShutdownGatewayInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -18927,7 +19179,7 @@ type ShutdownGatewayOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -18951,7 +19203,7 @@ type StartAvailabilityMonitorTestInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -18993,7 +19245,7 @@ type StartAvailabilityMonitorTestOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -19019,7 +19271,7 @@ type StartGatewayInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -19063,7 +19315,7 @@ type StartGatewayOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -19618,7 +19870,7 @@ type TapeInfo struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The date that the tape entered the custom tape pool with tape retention lock @@ -19773,7 +20025,7 @@ type UpdateAutomaticTapeCreationPolicyInput struct { AutomaticTapeCreationRules []*AutomaticTapeCreationRule `min:"1" type:"list" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -19837,7 +20089,7 @@ type UpdateAutomaticTapeCreationPolicyOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -19872,7 +20124,7 @@ type UpdateBandwidthRateLimitInput struct { AverageUploadRateLimitInBitsPerSec *int64 `min:"51200" type:"long"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -19934,7 +20186,7 @@ type UpdateBandwidthRateLimitOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -19965,7 +20217,7 @@ type UpdateBandwidthRateLimitScheduleInput struct { BandwidthRateLimitIntervals []*BandwidthRateLimitInterval `type:"list" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -20026,7 +20278,7 @@ type UpdateBandwidthRateLimitScheduleOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -20192,7 +20444,7 @@ type UpdateFileSystemAssociationInput struct { // The Amazon Resource Name (ARN) of the storage used for the audit logs. AuditDestinationARN *string `type:"string"` - // The refresh cache information for the file share. + // The refresh cache information for the file share or FSx file systems. CacheAttributes *CacheAttributes `type:"structure"` // The Amazon Resource Name (ARN) of the file system association that you want @@ -20305,11 +20557,14 @@ type UpdateGatewayInformationInput struct { CloudWatchLogGroupARN *string `type:"string"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` + // Specifies the size of the gateway's metadata cache. + GatewayCapacity *string `type:"string" enum:"GatewayCapacity"` + // The name you configured for your gateway. GatewayName *string `min:"2" type:"string"` @@ -20361,6 +20616,12 @@ func (s *UpdateGatewayInformationInput) SetGatewayARN(v string) *UpdateGatewayIn return s } +// SetGatewayCapacity sets the GatewayCapacity field's value. +func (s *UpdateGatewayInformationInput) SetGatewayCapacity(v string) *UpdateGatewayInformationInput { + s.GatewayCapacity = &v + return s +} + // SetGatewayName sets the GatewayName field's value. func (s *UpdateGatewayInformationInput) SetGatewayName(v string) *UpdateGatewayInformationInput { s.GatewayName = &v @@ -20379,7 +20640,7 @@ type UpdateGatewayInformationOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The name you configured for your gateway. @@ -20414,7 +20675,7 @@ type UpdateGatewaySoftwareNowInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -20458,7 +20719,7 @@ type UpdateGatewaySoftwareNowOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -20500,7 +20761,7 @@ type UpdateMaintenanceStartTimeInput struct { DayOfWeek *int64 `type:"integer"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -20591,7 +20852,7 @@ type UpdateMaintenanceStartTimeOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -20618,12 +20879,12 @@ type UpdateNFSFileShareInput struct { // specifies refresh cache information for the file share. CacheAttributes *CacheAttributes `type:"structure"` - // The list of clients that are allowed to access the file gateway. The list + // The list of clients that are allowed to access the S3 File Gateway. The list // must contain either valid IP addresses or valid CIDR blocks. ClientList []*string `min:"1" type:"list"` // The default storage class for objects put into an Amazon S3 bucket by the - // file gateway. The default value is S3_INTELLIGENT_TIERING. Optional. + // S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional. // // Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA DefaultStorageClass *string `min:"5" type:"string"` @@ -20645,8 +20906,8 @@ type UpdateNFSFileShareInput struct { // Valid Values: true | false GuessMIMETypeEnabled *bool `type:"boolean"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -20680,8 +20941,8 @@ type UpdateNFSFileShareInput struct { NotificationPolicy *string `min:"2" type:"string"` // A value that sets the access control list (ACL) permission for objects in - // the S3 bucket that a file gateway puts objects into. The default value is - // private. + // the S3 bucket that a S3 File Gateway puts objects into. The default value + // is private. ObjectACL *string `type:"string" enum:"ObjectACL"` // A value that sets the write status of a file share. Set this value to true @@ -20897,7 +21158,7 @@ type UpdateSMBFileShareInput struct { CaseSensitivity *string `type:"string" enum:"CaseSensitivity"` // The default storage class for objects put into an Amazon S3 bucket by the - // file gateway. The default value is S3_INTELLIGENT_TIERING. Optional. + // S3 File Gateway. The default value is S3_INTELLIGENT_TIERING. Optional. // // Valid Values: S3_STANDARD | S3_INTELLIGENT_TIERING | S3_STANDARD_IA | S3_ONEZONE_IA DefaultStorageClass *string `min:"5" type:"string"` @@ -20925,8 +21186,8 @@ type UpdateSMBFileShareInput struct { // be set if Authentication is set to ActiveDirectory. InvalidUserList []*string `type:"list"` - // Set to true to use Amazon S3 server-side encryption with your own AWS KMS - // key, or false to use a key managed by Amazon S3. Optional. + // Set to true to use Amazon S3 server-side encryption with your own KMS key, + // or false to use a key managed by Amazon S3. Optional. // // Valid Values: true | false KMSEncrypted *bool `type:"boolean"` @@ -20957,10 +21218,19 @@ type UpdateSMBFileShareInput struct { NotificationPolicy *string `min:"2" type:"string"` // A value that sets the access control list (ACL) permission for objects in - // the S3 bucket that a file gateway puts objects into. The default value is - // private. + // the S3 bucket that a S3 File Gateway puts objects into. The default value + // is private. ObjectACL *string `type:"string" enum:"ObjectACL"` + // Specifies whether opportunistic locking is enabled for the SMB file share. + // + // Enabling opportunistic locking on case-sensitive shares is not recommended + // for workloads that involve access to files with the same name in different + // case. + // + // Valid Values: true | false + OplocksEnabled *bool `type:"boolean"` + // A value that sets the write status of a file share. Set this value to true // to set write status to read-only, otherwise set to false. // @@ -20985,7 +21255,7 @@ type UpdateSMBFileShareInput struct { // // For more information, see Using Microsoft Windows ACLs to control access // to an SMB file share (https://docs.aws.amazon.com/storagegateway/latest/userguide/smb-acl.html) - // in the AWS Storage Gateway User Guide. + // in the Storage Gateway User Guide. // // Valid Values: true | false SMBACLEnabled *bool `type:"boolean"` @@ -21119,6 +21389,12 @@ func (s *UpdateSMBFileShareInput) SetObjectACL(v string) *UpdateSMBFileShareInpu return s } +// SetOplocksEnabled sets the OplocksEnabled field's value. +func (s *UpdateSMBFileShareInput) SetOplocksEnabled(v bool) *UpdateSMBFileShareInput { + s.OplocksEnabled = &v + return s +} + // SetReadOnly sets the ReadOnly field's value. func (s *UpdateSMBFileShareInput) SetReadOnly(v bool) *UpdateSMBFileShareInput { s.ReadOnly = &v @@ -21176,7 +21452,7 @@ type UpdateSMBFileShareVisibilityInput struct { FileSharesVisible *bool `type:"boolean" required:"true"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -21227,7 +21503,7 @@ type UpdateSMBFileShareVisibilityOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -21251,7 +21527,7 @@ type UpdateSMBSecurityStrategyInput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. // // GatewayARN is a required field GatewayARN *string `min:"50" type:"string" required:"true"` @@ -21260,7 +21536,8 @@ type UpdateSMBSecurityStrategyInput struct { // // ClientSpecified: if you use this option, requests are established based on // what is negotiated by the client. This option is recommended when you want - // to maximize compatibility across different clients in your environment. + // to maximize compatibility across different clients in your environment. Supported + // only in S3 File Gateway. // // MandatorySigning: if you use this option, file gateway only allows connections // from SMBv2 or SMBv3 clients that have signing enabled. This option works @@ -21320,7 +21597,7 @@ type UpdateSMBSecurityStrategyOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` } @@ -21637,7 +21914,7 @@ type VolumeInfo struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the gateway. Use the ListGateways operation - // to return a list of gateways for your account and AWS Region. + // to return a list of gateways for your account and Region. GatewayARN *string `min:"50" type:"string"` // The unique identifier assigned to your gateway during activation. This ID @@ -22188,6 +22465,26 @@ func FileShareType_Values() []string { } } +const ( + // GatewayCapacitySmall is a GatewayCapacity enum value + GatewayCapacitySmall = "Small" + + // GatewayCapacityMedium is a GatewayCapacity enum value + GatewayCapacityMedium = "Medium" + + // GatewayCapacityLarge is a GatewayCapacity enum value + GatewayCapacityLarge = "Large" +) + +// GatewayCapacity_Values returns all elements of the GatewayCapacity enum +func GatewayCapacity_Values() []string { + return []string{ + GatewayCapacitySmall, + GatewayCapacityMedium, + GatewayCapacityLarge, + } +} + const ( // HostEnvironmentVmware is a HostEnvironment enum value HostEnvironmentVmware = "VMWARE" @@ -22217,8 +22514,8 @@ func HostEnvironment_Values() []string { } // A value that sets the access control list (ACL) permission for objects in -// the S3 bucket that a file gateway puts objects into. The default value is -// private. +// the S3 bucket that an S3 File Gateway puts objects into. The default value +// is private. const ( // ObjectACLPrivate is a ObjectACL enum value ObjectACLPrivate = "private" diff --git a/service/storagegateway/doc.go b/service/storagegateway/doc.go index a6a9f896d9b..12cd4f87fc5 100644 --- a/service/storagegateway/doc.go +++ b/service/storagegateway/doc.go @@ -3,36 +3,36 @@ // Package storagegateway provides the client and types for making API // requests to AWS Storage Gateway. // -// AWS Storage Gateway is the service that connects an on-premises software -// appliance with cloud-based storage to provide seamless and secure integration -// between an organization's on-premises IT environment and the AWS storage -// infrastructure. The service enables you to securely upload data to the AWS -// Cloud for cost effective backup and rapid disaster recovery. +// Storage Gateway is the service that connects an on-premises software appliance +// with cloud-based storage to provide seamless and secure integration between +// an organization's on-premises IT environment and the Amazon Web Services +// storage infrastructure. The service enables you to securely upload data to +// the Cloud for cost effective backup and rapid disaster recovery. // -// Use the following links to get started using the AWS Storage Gateway Service +// Use the following links to get started using the Storage Gateway Service // API Reference: // -// * AWS Storage Gateway required request headers (https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewayHTTPRequestsHeaders): +// * Storage Gateway required request headers (https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewayHTTPRequestsHeaders): // Describes the required headers that you must send with every POST request -// to AWS Storage Gateway. +// to Storage Gateway. // // * Signing requests (https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#AWSStorageGatewaySigningRequests): -// AWS Storage Gateway requires that you authenticate every request you send; +// Storage Gateway requires that you authenticate every request you send; // this topic describes how sign such a request. // // * Error responses (https://docs.aws.amazon.com/storagegateway/latest/userguide/AWSStorageGatewayAPI.html#APIErrorResponses): -// Provides reference information about AWS Storage Gateway errors. +// Provides reference information about Storage Gateway errors. // -// * Operations in AWS Storage Gateway (https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_Operations.html): -// Contains detailed descriptions of all AWS Storage Gateway operations, -// their request parameters, response elements, possible errors, and examples -// of requests and responses. +// * Operations in Storage Gateway (https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_Operations.html): +// Contains detailed descriptions of all Storage Gateway operations, their +// request parameters, response elements, possible errors, and examples of +// requests and responses. // -// * AWS Storage Gateway endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sg.html): -// Provides a list of each AWS Region and the endpoints available for use -// with AWS Storage Gateway. +// * Storage Gateway endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/sg.html): +// Provides a list of each Region and the endpoints available for use with +// Storage Gateway. // -// AWS Storage Gateway resource IDs are in uppercase. When you use these resource +// Storage Gateway resource IDs are in uppercase. When you use these resource // IDs with the Amazon EC2 API, EC2 expects resource IDs in lowercase. You must // change your resource ID to lowercase to use it with the EC2 API. For example, // in Storage Gateway the ID for a volume might be vol-AA22BB012345DAF670. When @@ -53,7 +53,7 @@ // // A snapshot ID with the longer ID format looks like the following: snap-78e226633445566ee. // -// For more information, see Announcement: Heads-up – Longer AWS Storage Gateway +// For more information, see Announcement: Heads-up – Longer Storage Gateway // volume and snapshot IDs coming in 2016 (http://forums.aws.amazon.com/ann.jspa?annID=3557). // // See https://docs.aws.amazon.com/goto/WebAPI/storagegateway-2013-06-30 for more information on this service. diff --git a/service/sts/api.go b/service/sts/api.go index 17c46378899..3cffd533d91 100644 --- a/service/sts/api.go +++ b/service/sts/api.go @@ -57,19 +57,20 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // AssumeRole API operation for AWS Security Token Service. // // Returns a set of temporary security credentials that you can use to access -// AWS resources that you might not normally have access to. These temporary -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use AssumeRole within your account or for cross-account -// access. For a comparison of AssumeRole with other API operations that produce -// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Amazon Web Services resources that you might not normally have access to. +// These temporary credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use AssumeRole within your account +// or for cross-account access. For a comparison of AssumeRole with other API +// operations that produce temporary credentials, see Requesting Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // Permissions // // The temporary security credentials created by AssumeRole can be used to make -// API calls to any AWS service with the following exception: You cannot call -// the AWS STS GetFederationToken or GetSessionToken API operations. +// API calls to any Amazon Web Services service with the following exception: +// You cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -79,15 +80,15 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// To assume a role from a different account, your AWS account must be trusted -// by the role. The trust relationship is defined in the role's trust policy -// when the role is created. That trust policy states which accounts are allowed +// To assume a role from a different account, your account must be trusted by +// the role. The trust relationship is defined in the role's trust policy when +// the role is created. That trust policy states which accounts are allowed // to delegate that access to users in the account. // // A user who wants to access a role in a different account must also have permissions @@ -129,12 +130,12 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // // (Optional) You can include multi-factor authentication (MFA) information // when you call AssumeRole. This is useful for cross-account scenarios to ensure -// that the user that assumes the role has been authenticated with an AWS MFA -// device. In that scenario, the trust policy of the role being assumed includes -// a condition that tests for MFA authentication. If the caller does not include -// valid MFA information, the request to assume the role is denied. The condition -// in a trust policy that tests for MFA authentication might look like the following -// example. +// that the user that assumes the role has been authenticated with an Amazon +// Web Services MFA device. In that scenario, the trust policy of the role being +// assumed includes a condition that tests for MFA authentication. If the caller +// does not include valid MFA information, the request to assume the role is +// denied. The condition in a trust policy that tests for MFA authentication +// might look like the following example. // // "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} // @@ -160,11 +161,11 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -176,7 +177,8 @@ func (c *STS) AssumeRoleRequest(input *AssumeRoleInput) (req *request.Request, o // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // * ErrCodeExpiredTokenException "ExpiredTokenException" @@ -252,16 +254,17 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // Returns a set of temporary security credentials for users who have been authenticated // via a SAML authentication response. This operation provides a mechanism for -// tying an enterprise identity store or directory to role-based AWS access -// without user-specific credentials or configuration. For a comparison of AssumeRoleWithSAML -// with the other API operations that produce temporary credentials, see Requesting -// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// tying an enterprise identity store or directory to role-based Amazon Web +// Services access without user-specific credentials or configuration. For a +// comparison of AssumeRoleWithSAML with the other API operations that produce +// temporary credentials, see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this operation consist of // an access key ID, a secret access key, and a security token. Applications -// can use these temporary security credentials to sign calls to AWS services. +// can use these temporary security credentials to sign calls to Amazon Web +// Services services. // // Session Duration // @@ -281,19 +284,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // in the IAM User Guide. // // Role chaining (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#iam-term-role-chaining) -// limits your AWS CLI or AWS API role session to a maximum of one hour. When -// you use the AssumeRole API operation to assume a role, you can specify the -// duration of your role session with the DurationSeconds parameter. You can -// specify a parameter value of up to 43200 seconds (12 hours), depending on -// the maximum session duration setting for your role. However, if you assume +// limits your CLI or Amazon Web Services API role session to a maximum of one +// hour. When you use the AssumeRole API operation to assume a role, you can +// specify the duration of your role session with the DurationSeconds parameter. +// You can specify a parameter value of up to 43200 seconds (12 hours), depending +// on the maximum session duration setting for your role. However, if you assume // a role using role chaining and provide a DurationSeconds parameter value // greater than one hour, the operation fails. // // Permissions // // The temporary security credentials created by AssumeRoleWithSAML can be used -// to make API calls to any AWS service with the following exception: you cannot -// call the STS GetFederationToken or GetSessionToken API operations. +// to make API calls to any Amazon Web Services service with the following exception: +// you cannot call the STS GetFederationToken or GetSessionToken API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -303,18 +306,19 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // -// Calling AssumeRoleWithSAML does not require the use of AWS security credentials. -// The identity of the caller is validated by using keys in the metadata document -// that is uploaded for the SAML provider entity for your identity provider. +// Calling AssumeRoleWithSAML does not require the use of Amazon Web Services +// security credentials. The identity of the caller is validated by using keys +// in the metadata document that is uploaded for the SAML provider entity for +// your identity provider. // -// Calling AssumeRoleWithSAML can result in an entry in your AWS CloudTrail -// logs. The entry includes the value in the NameID element of the SAML assertion. +// Calling AssumeRoleWithSAML can result in an entry in your CloudTrail logs. +// The entry includes the value in the NameID element of the SAML assertion. // We recommend that you use a NameIDType that is not associated with any personally // identifiable information (PII). For example, you could instead use the persistent // identifier (urn:oasis:names:tc:SAML:2.0:nameid-format:persistent). @@ -332,11 +336,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plaintext meets the other requirements. The PackedPolicySize -// response element indicates by percentage how close the policies and tags -// for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed session policies +// and session tags into a packed binary format that has a separate limit. Your +// request can fail for this limit even if your plaintext meets the other requirements. +// The PackedPolicySize response element indicates by percentage how close the +// policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, session tags override the role's tags with the same @@ -356,10 +360,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // SAML Configuration // // Before your application can call AssumeRoleWithSAML, you must configure your -// SAML identity provider (IdP) to issue the claims required by AWS. Additionally, -// you must use AWS Identity and Access Management (IAM) to create a SAML provider -// entity in your AWS account that represents your identity provider. You must -// also create an IAM role that specifies this SAML provider in its trust policy. +// SAML identity provider (IdP) to issue the claims required by Amazon Web Services. +// Additionally, you must use Identity and Access Management (IAM) to create +// a SAML provider entity in your Amazon Web Services account that represents +// your identity provider. You must also create an IAM role that specifies this +// SAML provider in its trust policy. // // For more information, see the following resources: // @@ -389,11 +394,11 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -409,8 +414,9 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // can also mean that the claim has expired or has been explicitly revoked. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. // // * ErrCodeExpiredTokenException "ExpiredTokenException" // The web identity token that was passed is expired or is not valid. Get a @@ -420,7 +426,8 @@ func (c *STS) AssumeRoleWithSAMLRequest(input *AssumeRoleWithSAMLInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithSAML @@ -496,30 +503,33 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // Connect-compatible identity provider. // // For mobile applications, we recommend that you use Amazon Cognito. You can -// use Amazon Cognito with the AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) -// and the AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/) -// to uniquely identify a user. You can also supply the user with a consistent -// identity throughout the lifetime of an application. +// use Amazon Cognito with the Amazon Web Services SDK for iOS Developer Guide +// (http://aws.amazon.com/sdkforios/) and the Amazon Web Services SDK for Android +// Developer Guide (http://aws.amazon.com/sdkforandroid/) to uniquely identify +// a user. You can also supply the user with a consistent identity throughout +// the lifetime of an application. // // To learn more about Amazon Cognito, see Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforandroid/developerguide/cognito-auth.html#d0e840) -// in AWS SDK for Android Developer Guide and Amazon Cognito Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) -// in the AWS SDK for iOS Developer Guide. -// -// Calling AssumeRoleWithWebIdentity does not require the use of AWS security -// credentials. Therefore, you can distribute an application (for example, on -// mobile devices) that requests temporary security credentials without including -// long-term AWS credentials in the application. You also don't need to deploy -// server-based proxy services that use long-term AWS credentials. Instead, -// the identity of the caller is validated by using a token from the web identity -// provider. For a comparison of AssumeRoleWithWebIdentity with the other API -// operations that produce temporary credentials, see Requesting Temporary Security -// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// in Amazon Web Services SDK for Android Developer Guide and Amazon Cognito +// Overview (https://docs.aws.amazon.com/mobile/sdkforios/developerguide/cognito-auth.html#d0e664) +// in the Amazon Web Services SDK for iOS Developer Guide. +// +// Calling AssumeRoleWithWebIdentity does not require the use of Amazon Web +// Services security credentials. Therefore, you can distribute an application +// (for example, on mobile devices) that requests temporary security credentials +// without including long-term Amazon Web Services credentials in the application. +// You also don't need to deploy server-based proxy services that use long-term +// Amazon Web Services credentials. Instead, the identity of the caller is validated +// by using a token from the web identity provider. For a comparison of AssumeRoleWithWebIdentity +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // The temporary security credentials returned by this API consist of an access // key ID, a secret access key, and a security token. Applications can use these -// temporary security credentials to sign calls to AWS service API operations. +// temporary security credentials to sign calls to Amazon Web Services service +// API operations. // // Session Duration // @@ -539,8 +549,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // Permissions // // The temporary security credentials created by AssumeRoleWithWebIdentity can -// be used to make API calls to any AWS service with the following exception: -// you cannot call the STS GetFederationToken or GetSessionToken API operations. +// be used to make API calls to any Amazon Web Services service with the following +// exception: you cannot call the STS GetFederationToken or GetSessionToken +// API operations. // // (Optional) You can pass inline or managed session policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // to this operation. You can pass a single JSON policy document to use as an @@ -550,10 +561,10 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // to this operation returns new temporary credentials. The resulting session's // permissions are the intersection of the role's identity-based policy and // the session policies. You can use the role's temporary credentials in subsequent -// AWS API calls to access resources in the account that owns the role. You -// cannot use session policies to grant more permissions than those allowed -// by the identity-based policy of the role that is being assumed. For more -// information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) +// Amazon Web Services API calls to access resources in the account that owns +// the role. You cannot use session policies to grant more permissions than +// those allowed by the identity-based policy of the role that is being assumed. +// For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // Tags @@ -569,11 +580,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // and additional limits, see IAM and STS Character Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // -// An AWS conversion compresses the passed session policies and session tags -// into a packed binary format that has a separate limit. Your request can fail -// for this limit even if your plaintext meets the other requirements. The PackedPolicySize -// response element indicates by percentage how close the policies and tags -// for your request are to the upper size limit. +// An Amazon Web Services conversion compresses the passed session policies +// and session tags into a packed binary format that has a separate limit. Your +// request can fail for this limit even if your plaintext meets the other requirements. +// The PackedPolicySize response element indicates by percentage how close the +// policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is attached to // the role. When you do, the session tag overrides the role tag with the same @@ -598,7 +609,7 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // the identity provider that is associated with the identity token. In other // words, the identity provider must be specified in the role's trust policy. // -// Calling AssumeRoleWithWebIdentity can result in an entry in your AWS CloudTrail +// Calling AssumeRoleWithWebIdentity can result in an entry in your CloudTrail // logs. The entry includes the Subject (http://openid.net/specs/openid-connect-core-1_0.html#Claims) // of the provided web identity token. We recommend that you avoid using any // personally identifiable information (PII) in this field. For example, you @@ -614,10 +625,10 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // * Web Identity Federation Playground (https://aws.amazon.com/blogs/aws/the-aws-web-identity-federation-playground/). // Walk through the process of authenticating through Login with Amazon, // Facebook, or Google, getting temporary security credentials, and then -// using those credentials to make a request to AWS. +// using those credentials to make a request to Amazon Web Services. // -// * AWS SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) and -// AWS SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). +// * Amazon Web Services SDK for iOS Developer Guide (http://aws.amazon.com/sdkforios/) +// and Amazon Web Services SDK for Android Developer Guide (http://aws.amazon.com/sdkforandroid/). // These toolkits contain sample apps that show how to invoke the identity // providers. The toolkits then show how to use the information from these // providers to get and use temporary security credentials. @@ -641,11 +652,11 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -668,8 +679,9 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // error persists, the identity provider might be down or not responding. // // * ErrCodeInvalidIdentityTokenException "InvalidIdentityToken" -// The web identity token that was passed could not be validated by AWS. Get -// a new identity token from the identity provider and then retry the request. +// The web identity token that was passed could not be validated by Amazon Web +// Services. Get a new identity token from the identity provider and then retry +// the request. // // * ErrCodeExpiredTokenException "ExpiredTokenException" // The web identity token that was passed is expired or is not valid. Get a @@ -679,7 +691,8 @@ func (c *STS) AssumeRoleWithWebIdentityRequest(input *AssumeRoleWithWebIdentityI // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/AssumeRoleWithWebIdentity @@ -749,16 +762,18 @@ func (c *STS) DecodeAuthorizationMessageRequest(input *DecodeAuthorizationMessag // DecodeAuthorizationMessage API operation for AWS Security Token Service. // // Decodes additional information about the authorization status of a request -// from an encoded message returned in response to an AWS request. +// from an encoded message returned in response to an Amazon Web Services request. // // For example, if a user is not authorized to perform an operation that he // or she has requested, the request returns a Client.UnauthorizedOperation -// response (an HTTP 403 response). Some AWS operations additionally return -// an encoded message that can provide details about this authorization failure. +// response (an HTTP 403 response). Some Amazon Web Services operations additionally +// return an encoded message that can provide details about this authorization +// failure. // -// Only certain AWS operations return an encoded authorization message. The -// documentation for an individual operation indicates whether that operation -// returns an encoded message in addition to returning an HTTP code. +// Only certain Amazon Web Services operations return an encoded authorization +// message. The documentation for an individual operation indicates whether +// that operation returns an encoded message in addition to returning an HTTP +// code. // // The message is encoded because the details of the authorization status can // constitute privileged information that the user who requested the operation @@ -869,12 +884,12 @@ func (c *STS) GetAccessKeyInfoRequest(input *GetAccessKeyInfoInput) (req *reques // in the IAM User Guide. // // When you pass an access key ID to this operation, it returns the ID of the -// AWS account to which the keys belong. Access key IDs beginning with AKIA -// are long-term credentials for an IAM user or the AWS account root user. Access -// key IDs beginning with ASIA are temporary credentials that are created using -// STS operations. If the account in the response belongs to you, you can sign -// in as the root user and review your root user access keys. Then, you can -// pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) +// Amazon Web Services account to which the keys belong. Access key IDs beginning +// with AKIA are long-term credentials for an IAM user or the Amazon Web Services +// account root user. Access key IDs beginning with ASIA are temporary credentials +// that are created using STS operations. If the account in the response belongs +// to you, you can sign in as the root user and review your root user access +// keys. Then, you can pull a credentials report (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.html) // to learn which IAM user owns the keys. To learn who requested the temporary // credentials for an ASIA access key, view the STS events in your CloudTrail // logs (https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html) @@ -1050,7 +1065,7 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // For a comparison of GetFederationToken with the other API operations that // produce temporary credentials, see Requesting Temporary Security Credentials // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // You can create a mobile-based or browser-based app that can authenticate @@ -1062,11 +1077,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// Amazon Web Services account root user, but we do not recommend it. Instead, +// we recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only +// the actions and resources that they need to access. For more information, +// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // // Session duration @@ -1074,15 +1089,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// are obtained by using Amazon Web Services account root user credentials have +// a maximum duration of 3,600 seconds (1 hour). // // Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service except the following: // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// * You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. // // * You cannot call any STS operations except GetCallerIdentity. // @@ -1126,11 +1142,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // in the IAM User Guide. // // You can also call GetFederationToken using the security credentials of an -// AWS account root user, but we do not recommend it. Instead, we recommend -// that you create an IAM user for the purpose of the proxy application. Then -// attach a policy to the IAM user that limits federated users to only the actions -// and resources that they need to access. For more information, see IAM Best -// Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) +// Amazon Web Services account root user, but we do not recommend it. Instead, +// we recommend that you create an IAM user for the purpose of the proxy application. +// Then attach a policy to the IAM user that limits federated users to only +// the actions and resources that they need to access. For more information, +// see IAM Best Practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html) // in the IAM User Guide. // // Session duration @@ -1138,15 +1154,16 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // The temporary credentials are valid for the specified duration, from 900 // seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default // session duration is 43,200 seconds (12 hours). Temporary credentials that -// are obtained by using AWS account root user credentials have a maximum duration -// of 3,600 seconds (1 hour). +// are obtained by using Amazon Web Services account root user credentials have +// a maximum duration of 3,600 seconds (1 hour). // // Permissions // // You can use the temporary credentials created by GetFederationToken in any -// AWS service except the following: +// Amazon Web Services service except the following: // -// * You cannot call any IAM operations using the AWS CLI or the AWS API. +// * You cannot call any IAM operations using the CLI or the Amazon Web Services +// API. // // * You cannot call any STS operations except GetCallerIdentity. // @@ -1208,11 +1225,11 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // // * ErrCodePackedPolicyTooLargeException "PackedPolicyTooLarge" // The request was rejected because the total packed size of the session policies -// and session tags combined was too large. An AWS conversion compresses the -// session policy document, session policy ARNs, and session tags into a packed -// binary format that has a separate limit. The error message indicates by percentage -// how close the policies and tags are to the upper size limit. For more information, -// see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) +// and session tags combined was too large. An Amazon Web Services conversion +// compresses the session policy document, session policy ARNs, and session +// tags into a packed binary format that has a separate limit. The error message +// indicates by percentage how close the policies and tags are to the upper +// size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -1224,7 +1241,8 @@ func (c *STS) GetFederationTokenRequest(input *GetFederationTokenInput) (req *re // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetFederationToken @@ -1293,51 +1311,53 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // GetSessionToken API operation for AWS Security Token Service. // -// Returns a set of temporary credentials for an AWS account or IAM user. The -// credentials consist of an access key ID, a secret access key, and a security -// token. Typically, you use GetSessionToken if you want to use MFA to protect -// programmatic calls to specific AWS API operations like Amazon EC2 StopInstances. -// MFA-enabled IAM users would need to call GetSessionToken and submit an MFA -// code that is associated with their MFA device. Using the temporary security -// credentials that are returned from the call, IAM users can then make programmatic -// calls to API operations that require MFA authentication. If you do not supply -// a correct MFA code, then the API returns an access denied error. For a comparison -// of GetSessionToken with the other API operations that produce temporary credentials, -// see Requesting Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) -// and Comparing the AWS STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) +// Returns a set of temporary credentials for an Amazon Web Services account +// or IAM user. The credentials consist of an access key ID, a secret access +// key, and a security token. Typically, you use GetSessionToken if you want +// to use MFA to protect programmatic calls to specific Amazon Web Services +// API operations like Amazon EC2 StopInstances. MFA-enabled IAM users would +// need to call GetSessionToken and submit an MFA code that is associated with +// their MFA device. Using the temporary security credentials that are returned +// from the call, IAM users can then make programmatic calls to API operations +// that require MFA authentication. If you do not supply a correct MFA code, +// then the API returns an access denied error. For a comparison of GetSessionToken +// with the other API operations that produce temporary credentials, see Requesting +// Temporary Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html) +// and Comparing the STS API operations (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#stsapi_comparison) // in the IAM User Guide. // // Session Duration // -// The GetSessionToken operation must be called by using the long-term AWS security -// credentials of the AWS account root user or an IAM user. Credentials that -// are created by IAM users are valid for the duration that you specify. This -// duration can range from 900 seconds (15 minutes) up to a maximum of 129,600 -// seconds (36 hours), with a default of 43,200 seconds (12 hours). Credentials -// based on account credentials can range from 900 seconds (15 minutes) up to -// 3,600 seconds (1 hour), with a default of 1 hour. +// The GetSessionToken operation must be called by using the long-term Amazon +// Web Services security credentials of the Amazon Web Services account root +// user or an IAM user. Credentials that are created by IAM users are valid +// for the duration that you specify. This duration can range from 900 seconds +// (15 minutes) up to a maximum of 129,600 seconds (36 hours), with a default +// of 43,200 seconds (12 hours). Credentials based on account credentials can +// range from 900 seconds (15 minutes) up to 3,600 seconds (1 hour), with a +// default of 1 hour. // // Permissions // // The temporary security credentials created by GetSessionToken can be used -// to make API calls to any AWS service with the following exceptions: +// to make API calls to any Amazon Web Services service with the following exceptions: // // * You cannot call any IAM API operations unless MFA authentication information // is included in the request. // // * You cannot call any STS API except AssumeRole or GetCallerIdentity. // -// We recommend that you do not call GetSessionToken with AWS account root user -// credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) +// We recommend that you do not call GetSessionToken with Amazon Web Services +// account root user credentials. Instead, follow our best practices (https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html#create-iam-users) // by creating one or more IAM users, giving them the necessary permissions, -// and using IAM users for everyday interaction with AWS. +// and using IAM users for everyday interaction with Amazon Web Services. // // The credentials that are returned by GetSessionToken are based on permissions // associated with the user whose credentials were used to call the operation. -// If GetSessionToken is called using AWS account root user credentials, the -// temporary credentials have root user permissions. Similarly, if GetSessionToken -// is called using the credentials of an IAM user, the temporary credentials -// have the same permissions as the IAM user. +// If GetSessionToken is called using Amazon Web Services account root user +// credentials, the temporary credentials have root user permissions. Similarly, +// if GetSessionToken is called using the credentials of an IAM user, the temporary +// credentials have the same permissions as the IAM user. // // For more information about using GetSessionToken to create temporary credentials, // go to Temporary Credentials for Users in Untrusted Environments (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_getsessiontoken) @@ -1355,7 +1375,8 @@ func (c *STS) GetSessionTokenRequest(input *GetSessionTokenInput) (req *request. // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating -// and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) +// and Deactivating Amazon Web Services STS in an Amazon Web Services Region +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15/GetSessionToken @@ -1401,7 +1422,7 @@ type AssumeRoleInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1413,8 +1434,8 @@ type AssumeRoleInput struct { // of the trusting account might send an external ID to the administrator of // the trusted account. That way, only someone with the ID can assume the role, // rather than everyone in the account. For more information about the external - // ID, see How to Use an External ID When Granting Access to Your AWS Resources - // to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) + // ID, see How to Use an External ID When Granting Access to Your Amazon Web + // Services Resources to a Third Party (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1427,10 +1448,11 @@ type AssumeRoleInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -1439,11 +1461,11 @@ type AssumeRoleInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1453,22 +1475,22 @@ type AssumeRoleInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1485,7 +1507,7 @@ type AssumeRoleInput struct { // account that owns the role. The role session name is also used in the ARN // of the assumed role principal. This means that subsequent cross-account API // requests that use the temporary security credentials will expose the role - // session name to the external account in their AWS CloudTrail logs. + // session name to the external account in their CloudTrail logs. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can @@ -1510,23 +1532,23 @@ type AssumeRoleInput struct { // // You can require users to specify a source identity when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust - // policy. You can use source identity information in AWS CloudTrail logs to - // determine who took actions with a role. You can use the aws:SourceIdentity - // condition key to further control access to AWS resources based on the value - // of source identity. For more information about using source identity, see - // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting // of upper- and lower-case alphanumeric characters with no spaces. You can // also include underscores or any of the following characters: =,.@-. You cannot - // use a value that begins with the text aws:. This prefix is reserved for AWS - // internal use. + // use a value that begins with the text aws:. This prefix is reserved for Amazon + // Web Services internal use. SourceIdentity *string `min:"2" type:"string"` // A list of session tags that you want to pass. Each session tag consists of // a key name and an associated value. For more information about session tags, - // see Tagging AWS STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // see Tagging STS Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // This parameter is optional. You can pass up to 50 session tags. The plaintext @@ -1535,11 +1557,11 @@ type AssumeRoleInput struct { // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the role. When you do, session tags override a role tag with the same @@ -1554,7 +1576,7 @@ type AssumeRoleInput struct { // Additionally, if you used temporary credentials to perform this operation, // the new session inherits any transitive session tags from the calling session. // If you pass a session tag with the same key as an inherited tag, the operation - // fails. To view the inherited tags for a session, see the AWS CloudTrail logs. + // fails. To view the inherited tags for a session, see the CloudTrail logs. // For more information, see Viewing Session Tags in CloudTrail (https://docs.aws.amazon.com/IAM/latest/UserGuide/session-tags.html#id_session-tags_ctlogs) // in the IAM User Guide. Tags []*Tag `type:"list"` @@ -1720,7 +1742,8 @@ func (s *AssumeRoleInput) SetTransitiveTagKeys(v []*string) *AssumeRoleInput { } // Contains the response to a successful AssumeRole request, including temporary -// AWS credentials that can be used to make AWS requests. +// Amazon Web Services credentials that can be used to make Amazon Web Services +// requests. type AssumeRoleOutput struct { _ struct{} `type:"structure"` @@ -1749,11 +1772,11 @@ type AssumeRoleOutput struct { // // You can require users to specify a source identity when they assume a role. // You do this by using the sts:SourceIdentity condition key in a role trust - // policy. You can use source identity information in AWS CloudTrail logs to - // determine who took actions with a role. You can use the aws:SourceIdentity - // condition key to further control access to AWS resources based on the value - // of source identity. For more information about using source identity, see - // Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) + // policy. You can use source identity information in CloudTrail logs to determine + // who took actions with a role. You can use the aws:SourceIdentity condition + // key to further control access to Amazon Web Services resources based on the + // value of source identity. For more information about using source identity, + // see Monitor and control actions taken with assumed roles (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) // in the IAM User Guide. // // The regex used to validate this parameter is a string of characters consisting @@ -1819,7 +1842,7 @@ type AssumeRoleWithSAMLInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -1828,10 +1851,11 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -1840,11 +1864,11 @@ type AssumeRoleWithSAMLInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -1854,22 +1878,22 @@ type AssumeRoleWithSAMLInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -1984,7 +2008,8 @@ func (s *AssumeRoleWithSAMLInput) SetSAMLAssertion(v string) *AssumeRoleWithSAML } // Contains the response to a successful AssumeRoleWithSAML request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type AssumeRoleWithSAMLOutput struct { _ struct{} `type:"structure"` @@ -2010,7 +2035,7 @@ type AssumeRoleWithSAMLOutput struct { // // * The Issuer response value. // - // * The AWS account ID. + // * The Amazon Web Services account ID. // // * The friendly name (the last part of the ARN) of the SAML provider in // IAM. @@ -2148,7 +2173,7 @@ type AssumeRoleWithWebIdentityInput struct { // to the federation endpoint for a console sign-in token takes a SessionDuration // parameter that specifies the maximum length of the console session. For more // information, see Creating a URL that Enables Federated Users to Access the - // AWS Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) + // Management Console (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_enable-console-custom-url.html) // in the IAM User Guide. DurationSeconds *int64 `min:"900" type:"integer"` @@ -2157,10 +2182,11 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. Passing policies to this operation returns new // temporary credentials. The resulting session's permissions are the intersection // of the role's identity-based policy and the session policies. You can use - // the role's temporary credentials in subsequent AWS API calls to access resources - // in the account that owns the role. You cannot use session policies to grant - // more permissions than those allowed by the identity-based policy of the role - // that is being assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // the role's temporary credentials in subsequent Amazon Web Services API calls + // to access resources in the account that owns the role. You cannot use session + // policies to grant more permissions than those allowed by the identity-based + // policy of the role that is being assumed. For more information, see Session + // Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. // // The plaintext that you use for both inline and managed session policies can't @@ -2169,11 +2195,11 @@ type AssumeRoleWithWebIdentityInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2183,22 +2209,22 @@ type AssumeRoleWithWebIdentityInput struct { // This parameter is optional. You can provide up to 10 managed policy ARNs. // However, the plaintext that you use for both inline and managed session policies // can't exceed 2,048 characters. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // Passing policies to this operation returns new temporary credentials. The // resulting session's permissions are the intersection of the role's identity-based // policy and the session policies. You can use the role's temporary credentials - // in subsequent AWS API calls to access resources in the account that owns - // the role. You cannot use session policies to grant more permissions than - // those allowed by the identity-based policy of the role that is being assumed. - // For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) + // in subsequent Amazon Web Services API calls to access resources in the account + // that owns the role. You cannot use session policies to grant more permissions + // than those allowed by the identity-based policy of the role that is being + // assumed. For more information, see Session Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#policies_session) // in the IAM User Guide. PolicyArns []*PolicyDescriptorType `type:"list"` @@ -2338,7 +2364,8 @@ func (s *AssumeRoleWithWebIdentityInput) SetWebIdentityToken(v string) *AssumeRo } // Contains the response to a successful AssumeRoleWithWebIdentity request, -// including temporary AWS credentials that can be used to make AWS requests. +// including temporary Amazon Web Services credentials that can be used to make +// Amazon Web Services requests. type AssumeRoleWithWebIdentityOutput struct { _ struct{} `type:"structure"` @@ -2471,8 +2498,8 @@ type AssumedRoleUser struct { Arn *string `min:"20" type:"string" required:"true"` // A unique identifier that contains the role ID and the role session name of - // the role that is being assumed. The role ID is generated by AWS when the - // role is created. + // the role that is being assumed. The role ID is generated by Amazon Web Services + // when the role is created. // // AssumedRoleId is a required field AssumedRoleId *string `min:"2" type:"string" required:"true"` @@ -2500,7 +2527,7 @@ func (s *AssumedRoleUser) SetAssumedRoleId(v string) *AssumedRoleUser { return s } -// AWS credentials for API authentication. +// Amazon Web Services credentials for API authentication. type Credentials struct { _ struct{} `type:"structure"` @@ -2601,8 +2628,8 @@ func (s *DecodeAuthorizationMessageInput) SetEncodedMessage(v string) *DecodeAut } // A document that contains additional information about the authorization status -// of a request from an encoded message that is returned in response to an AWS -// request. +// of a request from an encoded message that is returned in response to an Amazon +// Web Services request. type DecodeAuthorizationMessageOutput struct { _ struct{} `type:"structure"` @@ -2714,7 +2741,7 @@ func (s *GetAccessKeyInfoInput) SetAccessKeyId(v string) *GetAccessKeyInfoInput type GetAccessKeyInfoOutput struct { _ struct{} `type:"structure"` - // The number used to identify the AWS account. + // The number used to identify the Amazon Web Services account. Account *string `type:"string"` } @@ -2753,11 +2780,11 @@ func (s GetCallerIdentityInput) GoString() string { type GetCallerIdentityOutput struct { _ struct{} `type:"structure"` - // The AWS account ID number of the account that owns or contains the calling - // entity. + // The Amazon Web Services account ID number of the account that owns or contains + // the calling entity. Account *string `type:"string"` - // The AWS ARN associated with the calling entity. + // The Amazon Web Services ARN associated with the calling entity. Arn *string `min:"20" type:"string"` // The unique identifier of the calling entity. The exact value depends on the @@ -2801,9 +2828,10 @@ type GetFederationTokenInput struct { // The duration, in seconds, that the session should last. Acceptable durations // for federation sessions range from 900 seconds (15 minutes) to 129,600 seconds // (36 hours), with 43,200 seconds (12 hours) as the default. Sessions obtained - // using AWS account root user credentials are restricted to a maximum of 3,600 - // seconds (one hour). If the specified duration is longer than one hour, the - // session obtained by using root user credentials defaults to one hour. + // using Amazon Web Services account root user credentials are restricted to + // a maximum of 3,600 seconds (one hour). If the specified duration is longer + // than one hour, the session obtained by using root user credentials defaults + // to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The name of the federated user. The name is used as an identifier for the @@ -2848,11 +2876,11 @@ type GetFederationTokenInput struct { // \u00FF). It can also include the tab (\u0009), linefeed (\u000A), and carriage // return (\u000D) characters. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. Policy *string `min:"1" type:"string"` // The Amazon Resource Names (ARNs) of the IAM managed policies that you want @@ -2865,8 +2893,8 @@ type GetFederationTokenInput struct { // use as managed session policies. The plaintext that you use for both inline // and managed session policies can't exceed 2,048 characters. You can provide // up to 10 managed policy ARNs. For more information about ARNs, see Amazon - // Resource Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Resource Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. // // This parameter is optional. However, if you do not pass any session policies, // then the resulting federated user session has no permissions. @@ -2885,11 +2913,11 @@ type GetFederationTokenInput struct { // by the policy. These permissions are granted in addition to the permissions // that are granted by the session policies. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. PolicyArns []*PolicyDescriptorType `type:"list"` // A list of session tags. Each session tag consists of a key name and an associated @@ -2903,11 +2931,11 @@ type GetFederationTokenInput struct { // Limits (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-limits.html#reference_iam-limits-entity-length) // in the IAM User Guide. // - // An AWS conversion compresses the passed session policies and session tags - // into a packed binary format that has a separate limit. Your request can fail - // for this limit even if your plaintext meets the other requirements. The PackedPolicySize - // response element indicates by percentage how close the policies and tags - // for your request are to the upper size limit. + // An Amazon Web Services conversion compresses the passed session policies + // and session tags into a packed binary format that has a separate limit. Your + // request can fail for this limit even if your plaintext meets the other requirements. + // The PackedPolicySize response element indicates by percentage how close the + // policies and tags for your request are to the upper size limit. // // You can pass a session tag with the same key as a tag that is already attached // to the user you are federating. When you do, session tags override a user @@ -3004,7 +3032,8 @@ func (s *GetFederationTokenInput) SetTags(v []*Tag) *GetFederationTokenInput { } // Contains the response to a successful GetFederationToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetFederationTokenOutput struct { _ struct{} `type:"structure"` @@ -3062,9 +3091,9 @@ type GetSessionTokenInput struct { // The duration, in seconds, that the credentials should remain valid. Acceptable // durations for IAM user sessions range from 900 seconds (15 minutes) to 129,600 // seconds (36 hours), with 43,200 seconds (12 hours) as the default. Sessions - // for AWS account owners are restricted to a maximum of 3,600 seconds (one - // hour). If the duration is longer than one hour, the session for AWS account - // owners defaults to one hour. + // for Amazon Web Services account owners are restricted to a maximum of 3,600 + // seconds (one hour). If the duration is longer than one hour, the session + // for Amazon Web Services account owners defaults to one hour. DurationSeconds *int64 `min:"900" type:"integer"` // The identification number of the MFA device that is associated with the IAM @@ -3072,7 +3101,7 @@ type GetSessionTokenInput struct { // user has a policy that requires MFA authentication. The value is either the // serial number for a hardware device (such as GAHT12345678) or an Amazon Resource // Name (ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user). - // You can find the device for an IAM user by going to the AWS Management Console + // You can find the device for an IAM user by going to the Management Console // and viewing the user's security credentials. // // The regex used to validate this parameter is a string of characters consisting @@ -3139,7 +3168,8 @@ func (s *GetSessionTokenInput) SetTokenCode(v string) *GetSessionTokenInput { } // Contains the response to a successful GetSessionToken request, including -// temporary AWS credentials that can be used to make AWS requests. +// temporary Amazon Web Services credentials that can be used to make Amazon +// Web Services requests. type GetSessionTokenOutput struct { _ struct{} `type:"structure"` @@ -3174,8 +3204,8 @@ type PolicyDescriptorType struct { // The Amazon Resource Name (ARN) of the IAM managed policy to use as a session // policy for the role. For more information about ARNs, see Amazon Resource - // Names (ARNs) and AWS Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) - // in the AWS General Reference. + // Names (ARNs) and Amazon Web Services Service Namespaces (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) + // in the Amazon Web Services General Reference. Arn *string `locationName:"arn" min:"20" type:"string"` } @@ -3210,9 +3240,9 @@ func (s *PolicyDescriptorType) SetArn(v string) *PolicyDescriptorType { // You can pass custom key-value pair attributes when you assume a role or federate // a user. These are called session tags. You can then use the session tags -// to control access to resources. For more information, see Tagging AWS STS -// Sessions (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) -// in the IAM User Guide. +// to control access to resources. For more information, see Tagging STS Sessions +// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) in +// the IAM User Guide. type Tag struct { _ struct{} `type:"structure"` diff --git a/service/sts/doc.go b/service/sts/doc.go index cb1debbaa45..2d98d92353a 100644 --- a/service/sts/doc.go +++ b/service/sts/doc.go @@ -3,11 +3,11 @@ // Package sts provides the client and types for making API // requests to AWS Security Token Service. // -// AWS Security Token Service (STS) enables you to request temporary, limited-privilege -// credentials for AWS Identity and Access Management (IAM) users or for users -// that you authenticate (federated users). This guide provides descriptions -// of the STS API. For more information about using this service, see Temporary -// Security Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). +// Security Token Service (STS) enables you to request temporary, limited-privilege +// credentials for Identity and Access Management (IAM) users or for users that +// you authenticate (federated users). This guide provides descriptions of the +// STS API. For more information about using this service, see Temporary Security +// Credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html). // // See https://docs.aws.amazon.com/goto/WebAPI/sts-2011-06-15 for more information on this service. // diff --git a/service/sts/errors.go b/service/sts/errors.go index a233f542ef2..7897d70c87a 100644 --- a/service/sts/errors.go +++ b/service/sts/errors.go @@ -42,8 +42,9 @@ const ( // ErrCodeInvalidIdentityTokenException for service response error code // "InvalidIdentityToken". // - // The web identity token that was passed could not be validated by AWS. Get - // a new identity token from the identity provider and then retry the request. + // The web identity token that was passed could not be validated by Amazon Web + // Services. Get a new identity token from the identity provider and then retry + // the request. ErrCodeInvalidIdentityTokenException = "InvalidIdentityToken" // ErrCodeMalformedPolicyDocumentException for service response error code @@ -57,11 +58,11 @@ const ( // "PackedPolicyTooLarge". // // The request was rejected because the total packed size of the session policies - // and session tags combined was too large. An AWS conversion compresses the - // session policy document, session policy ARNs, and session tags into a packed - // binary format that has a separate limit. The error message indicates by percentage - // how close the policies and tags are to the upper size limit. For more information, - // see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) + // and session tags combined was too large. An Amazon Web Services conversion + // compresses the session policy document, session policy ARNs, and session + // tags into a packed binary format that has a separate limit. The error message + // indicates by percentage how close the policies and tags are to the upper + // size limit. For more information, see Passing Session Tags in STS (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_session-tags.html) // in the IAM User Guide. // // You could receive this error even though you meet other defined session policy @@ -76,7 +77,8 @@ const ( // STS is not activated in the requested region for the account that is being // asked to generate credentials. The account administrator must use the IAM // console to activate STS in that region. For more information, see Activating - // and Deactivating AWS STS in an AWS Region (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) + // and Deactivating Amazon Web Services STS in an Amazon Web Services Region + // (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html) // in the IAM User Guide. ErrCodeRegionDisabledException = "RegionDisabledException" )