feat(client-ecs): This release supports the Account Setting "TagResou…

…rceAuthorization" that allows for enhanced Tagging security controls.
aws · Apr 19, 2023 · 9bac5ad · 9bac5ad
1 parent cb060d6
commit 9bac5ad
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 14 deletions.
diff --git a/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts b/clients/client-ecs/src/commands/DeleteAccountSettingCommand.ts
@@ -41,7 +41,7 @@ export interface DeleteAccountSettingCommandOutput extends DeleteAccountSettingR
  * // const { ECSClient, DeleteAccountSettingCommand } = require("@aws-sdk/client-ecs"); // CommonJS import
  * const client = new ECSClient(config);
  * const input = { // DeleteAccountSettingRequest
- *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode", // required
+ *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required
  *   principalArn: "STRING_VALUE",
  * };
  * const command = new DeleteAccountSettingCommand(input);

diff --git a/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts b/clients/client-ecs/src/commands/ListAccountSettingsCommand.ts
@@ -40,7 +40,7 @@ export interface ListAccountSettingsCommandOutput extends ListAccountSettingsRes
  * // const { ECSClient, ListAccountSettingsCommand } = require("@aws-sdk/client-ecs"); // CommonJS import
  * const client = new ECSClient(config);
  * const input = { // ListAccountSettingsRequest
- *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode",
+ *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization",
  *   value: "STRING_VALUE",
  *   principalArn: "STRING_VALUE",
  *   effectiveSettings: true || false,

diff --git a/clients/client-ecs/src/commands/PutAccountSettingCommand.ts b/clients/client-ecs/src/commands/PutAccountSettingCommand.ts
@@ -56,14 +56,22 @@ export interface PutAccountSettingCommandOutput extends PutAccountSettingRespons
  * 			have Container Insights turned on unless you disable it during cluster creation. For
  * 			more information, see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cloudwatch-container-insights.html">CloudWatch
  * 				Container Insights</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>
+ *          <p>Amazon ECS is introducing tagging authorization for resource creation. Users must have
+ * 			permissions for actions that create the resource, such as <code>ecsCreateCluster</code>.
+ * 			If tags are specified when you create a resource, Amazon Web Services performs additional
+ * 			authorization to verify if users or roles have permissions to create tags. Therefore,
+ * 			you must grant explicit permissions to use the <code>ecs:TagResource</code> action. For
+ * 			more information, see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/supported-iam-actions-tagging.html">Grant
+ * 				permission to tag resources on creation</a> in the <i>Amazon ECS Developer
+ * 					Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
  * import { ECSClient, PutAccountSettingCommand } from "@aws-sdk/client-ecs"; // ES Modules import
  * // const { ECSClient, PutAccountSettingCommand } = require("@aws-sdk/client-ecs"); // CommonJS import
  * const client = new ECSClient(config);
  * const input = { // PutAccountSettingRequest
- *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode", // required
+ *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required
  *   value: "STRING_VALUE", // required
  *   principalArn: "STRING_VALUE",
  * };

diff --git a/clients/client-ecs/src/commands/PutAccountSettingDefaultCommand.ts b/clients/client-ecs/src/commands/PutAccountSettingDefaultCommand.ts
@@ -42,7 +42,7 @@ export interface PutAccountSettingDefaultCommandOutput extends PutAccountSetting
  * // const { ECSClient, PutAccountSettingDefaultCommand } = require("@aws-sdk/client-ecs"); // CommonJS import
  * const client = new ECSClient(config);
  * const input = { // PutAccountSettingDefaultRequest
- *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode", // required
+ *   name: "serviceLongArnFormat" || "taskLongArnFormat" || "containerInstanceLongArnFormat" || "awsvpcTrunking" || "containerInsights" || "fargateFIPSMode" || "tagResourceAuthorization", // required
  *   value: "STRING_VALUE", // required
  * };
  * const command = new PutAccountSettingDefaultCommand(input);

diff --git a/clients/client-ecs/src/models/models_0.ts b/clients/client-ecs/src/models/models_0.ts
@@ -3326,6 +3326,7 @@ export const SettingName = {
   CONTAINER_INSTANCE_LONG_ARN_FORMAT: "containerInstanceLongArnFormat",
   FARGATE_FIPS_MODE: "fargateFIPSMode",
   SERVICE_LONG_ARN_FORMAT: "serviceLongArnFormat",
+  TAG_RESOURCE_AUTHORIZATION: "tagResourceAuthorization",
   TASK_LONG_ARN_FORMAT: "taskLongArnFormat",
 } as const;
 
@@ -5306,6 +5307,9 @@ export interface ContainerDefinition {
  *                <li>
  *                   <p>Linux platform version <code>1.4.0</code> or later.</p>
  *                </li>
+ *                <li>
+ *                   <p>Windows platform version <code>1.0.0</code> or later.</p>
+ *                </li>
  *             </ul>
  *          </note>
  */
@@ -8888,7 +8892,10 @@ export interface PutAccountSettingRequest {
    * 			for your Amazon ECS container instances is affected. If <code>containerInsights</code> is
    * 			specified, the default setting for Amazon Web Services CloudWatch Container Insights for your clusters is
    * 			affected. If <code>fargateFIPSMode</code> is specified, Fargate FIPS 140 compliance is
-   * 			affected.</p>
+   * 			affected.  If <code>tagResourceAuthorization</code> is specified, the opt-in option for
+   * 			tagging resources on creation is affected. For information about the opt-in timeline,
+   * 			see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#tag-resources">Tagging authorization timeline</a> in the <i>Amazon ECS Developer
+   * 					Guide</i>.</p>
    */
   name: SettingName | string | undefined;
 
@@ -8934,9 +8941,12 @@ export interface PutAccountSettingDefaultRequest {
    * 			specified, the ARN and resource ID for your Amazon ECS container instances is affected. If
    * 				<code>awsvpcTrunking</code> is specified, the ENI limit for your Amazon ECS container
    * 			instances is affected. If <code>containerInsights</code> is specified, the default
-   * 			setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. </p>
+   * 			setting for Amazon Web Services CloudWatch Container Insights for your clusters is affected. If
+   * 				<code>tagResourceAuthorization</code> is specified, the opt-in option for tagging
+   * 			resources on creation is affected. For information about the opt-in timeline, see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html#tag-resources">Tagging authorization timeline</a> in the <i>Amazon ECS Developer
+   * 				Guide</i>.</p>
    *          <p>When you specify <code>fargateFIPSMode</code> for the <code>name</code> and
-   * 				<code>enabled</code> for the <code>value</code>, Fargate uses FIPS-140 compliant
+   * 			<code>enabled</code> for the <code>value</code>, Fargate uses FIPS-140 compliant
    * 			cryptographic algorithms on your tasks. For more information about FIPS-140 compliance
    * 			with Fargate, see <a href="https://docs.aws.amazon.com/AWSEC2ContainerServiceDocs/build/server-root/AmazonECS/latest/developerguide/ecs-fips-compliance.html"> Amazon Web Services Fargate Federal Information Processing Standard (FIPS) 140-2
    * 				compliance</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>
@@ -9517,6 +9527,9 @@ export interface RegisterTaskDefinitionRequest {
    *                <li>
    *                   <p>Linux platform version <code>1.4.0</code> or later.</p>
    *                </li>
+   *                <li>
+   *                   <p>Windows platform version <code>1.0.0</code> or later.</p>
+   *                </li>
    *             </ul>
    *          </note>
    */
@@ -9812,7 +9825,7 @@ export interface StartTaskRequest {
 
   /**
    * <p>Whether or not the execute command functionality is turned on for the task. If
-   * 				<code>true</code>, this enables execute command functionality on all containers in
+   * 				<code>true</code>, this turns on the execute command functionality on all containers in
    * 			the task.</p>
    */
   enableExecuteCommand?: boolean;