Skip to content

Commit

Permalink
docs(client-keyspaces): Amazon Keyspaces: adding the list of IAM acti…
Browse files Browse the repository at this point in the history 
…ons required by the UpdateKeyspace API.
  • Loading branch information
awstools committed Dec 9, 2024
1 parent 4adf1d4 commit a4233c3
Show file tree
Hide file tree
Showing 2 changed files with 98 additions and 6 deletions.
102 changes: 97 additions & 5 deletions clients/client-keyspaces/src/commands/UpdateKeyspaceCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,13 +30,105 @@ export interface UpdateKeyspaceCommandOutput extends UpdateKeyspaceResponse, __M
/**
* <p>
* Adds a new Amazon Web Services Region to the keyspace. You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.
* The new replica Region is applied to all tables in the keyspace. For more information, see <a href="https://docs.aws.amazon.com/keyspaces/latest/devguide/keyspaces-multi-region-add-replica.html">Add an Amazon Web Services Region to a keyspace in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer
* Guide</i>.
* </p>
* <p>To change a single-Region to a multi-Region keyspace, you have to enable client-side timestamps
* for all tables in the keyspace. For more information, see
* Amazon Keyspaces is going to replicate all tables in the keyspace to the new Region. To successfully replicate all tables to the new Region, they
* must use client-side timestamps for conflict resolution. To enable client-side timestamps, specify <code>clientSideTimestamps.status = enabled</code>
* when invoking the API. For more information about client-side timestamps, see
* <a href="https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer
* Guide</i>.</p>
* <p>To add a Region to a keyspace using the <code>UpdateKeyspace</code> API, the IAM principal needs permissions for the following IAM actions:</p>
* <ul>
* <li>
* <p>
* <code>cassandra:Alter</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:AlterMultiRegionResource</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:Create</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:CreateMultiRegionResource</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:Select</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:SelectMultiRegionResource</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:Modify</code>
* </p>
* </li>
* <li>
* <p>
* <code>cassandra:ModifyMultiRegionResource</code>
* </p>
* </li>
* </ul>
* <p>If the keyspace contains a table that is configured in provisioned mode with auto scaling enabled,
* the following additional IAM actions need to be allowed.</p>
* <ul>
* <li>
* <p>
* <code>application-autoscaling:RegisterScalableTarget</code>
* </p>
* </li>
* <li>
* <p>
* <code>application-autoscaling:DeregisterScalableTarget</code>
* </p>
* </li>
* <li>
* <p>
* <code>application-autoscaling:DescribeScalableTargets</code>
* </p>
* </li>
* <li>
* <p>
* <code>application-autoscaling:PutScalingPolicy</code>
* </p>
* </li>
* <li>
* <p>
* <code>application-autoscaling:DescribeScalingPolicies</code>
* </p>
* </li>
* </ul>
* <p>To use the <code>UpdateKeyspace</code> API, the IAM principal also needs permissions to
* create a service-linked role with the following elements:</p>
* <ul>
* <li>
* <p>
* <code>iam:CreateServiceLinkedRole</code> - The <b>action</b> the principal can perform.</p>
* </li>
* <li>
* <p>
* <code>arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication</code>
* - The <b>resource</b> that the action can be
* performed on. </p>
* </li>
* <li>
* <p>
* <code>iam:AWSServiceName: replication.cassandra.amazonaws.com</code>
* - The only Amazon Web Services service that this role can be attached to is Amazon Keyspaces.</p>
* </li>
* </ul>
* <p>For more information, see <a href="https://docs.aws.amazon.com/keyspaces/latest/devguide/howitworks_replication_permissions_addReplica.html">Configure the IAM permissions
* required to add an Amazon Web Services Region to a keyspace</a>
* in the <i>Amazon Keyspaces Developer Guide</i>.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
Expand Down
2 changes: 1 addition & 1 deletion codegen/sdk-codegen/aws-models/keyspaces.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3584,7 +3584,7 @@
}
],
"traits": {
"smithy.api#documentation": "<p>\n Adds a new Amazon Web Services Region to the keyspace. You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.\n The new replica Region is applied to all tables in the keyspace. For more information, see <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/keyspaces-multi-region-add-replica.html\">Add an Amazon Web Services Region to a keyspace in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n Guide</i>.\n </p>\n <p>To change a single-Region to a multi-Region keyspace, you have to enable client-side timestamps\n for all tables in the keyspace. For more information, see\n <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html\">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n Guide</i>.</p>"
"smithy.api#documentation": "<p>\n Adds a new Amazon Web Services Region to the keyspace. You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.\n Amazon Keyspaces is going to replicate all tables in the keyspace to the new Region. To successfully replicate all tables to the new Region, they\n must use client-side timestamps for conflict resolution. To enable client-side timestamps, specify <code>clientSideTimestamps.status = enabled</code>\n when invoking the API. For more information about client-side timestamps, see\n <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html\">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n Guide</i>.</p>\n <p>To add a Region to a keyspace using the <code>UpdateKeyspace</code> API, the IAM principal needs permissions for the following IAM actions:</p>\n <ul>\n <li>\n <p>\n <code>cassandra:Alter</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:AlterMultiRegionResource</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:Create</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:CreateMultiRegionResource</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:Select</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:SelectMultiRegionResource</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:Modify</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:ModifyMultiRegionResource</code>\n </p>\n </li>\n </ul>\n <p>If the keyspace contains a table that is configured in provisioned mode with auto scaling enabled, \n the following additional IAM actions need to be allowed.</p>\n <ul>\n <li>\n <p>\n <code>application-autoscaling:RegisterScalableTarget</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:DeregisterScalableTarget</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:DescribeScalableTargets</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:PutScalingPolicy</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:DescribeScalingPolicies</code>\n </p>\n </li>\n </ul>\n <p>To use the <code>UpdateKeyspace</code> API, the IAM principal also needs permissions to\n create a service-linked role with the following elements:</p>\n <ul>\n <li>\n <p>\n <code>iam:CreateServiceLinkedRole</code> - The <b>action</b> the principal can perform.</p>\n </li>\n <li>\n <p>\n <code>arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication</code>\n - The <b>resource</b> that the action can be\n performed on. </p>\n </li>\n <li>\n <p>\n <code>iam:AWSServiceName: replication.cassandra.amazonaws.com</code>\n - The only Amazon Web Services service that this role can be attached to is Amazon Keyspaces.</p>\n </li>\n </ul>\n <p>For more information, see <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/howitworks_replication_permissions_addReplica.html\">Configure the IAM permissions\n required to add an Amazon Web Services Region to a keyspace</a>\n in the <i>Amazon Keyspaces Developer Guide</i>.</p>"
}
},
"com.amazonaws.keyspaces#UpdateKeyspaceRequest": {
Expand Down

0 comments on commit a4233c3

Please sign in to comment.