feat(client-shield): AWS Shield Advanced now supports filtering for L…

…istProtections and ListProtectionGroups.
aws · Jul 29, 2022 · d907155 · d907155
1 parent 31f2a30
commit d907155
Show file tree

Hide file tree

Showing 13 changed files with 438 additions and 82 deletions.
diff --git a/clients/client-shield/src/Shield.ts b/clients/client-shield/src/Shield.ts
@@ -184,7 +184,7 @@ import { ShieldClient } from "./ShieldClient";
 export class Shield extends ShieldClient {
   /**
    * <p>Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.</p>
-   *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+   *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
    */
   public associateDRTLogBucket(
     args: AssociateDRTLogBucketCommandInput,
@@ -223,7 +223,7 @@ export class Shield extends ShieldClient {
    *
    *          <p>The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.</p>
    *          <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html">Granting a user permissions to pass a role to an Amazon Web Services service</a>. </p>
-   *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+   *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
    */
   public associateDRTRole(
     args: AssociateDRTRoleCommandInput,
@@ -325,7 +325,7 @@ export class Shield extends ShieldClient {
   }
 
   /**
-   * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.</p>
+   * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.</p>
    *          <p>You can add protection to only a single resource with each <code>CreateProtection</code> request. You can add protection to multiple resources
    *           at once through the Shield Advanced console at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>.
    *               For more information see
@@ -395,8 +395,11 @@ export class Shield extends ShieldClient {
 
   /**
    * <p>Activates Shield Advanced for an account.</p>
-   *
-   *          <p>When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
+   *          <note>
+   *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+   *               regardless of whether the payer account itself is subscribed. </p>
+   *          </note>
+   *          <p>When you initially create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
    */
   public createSubscription(
     args: CreateSubscriptionCommandInput,
@@ -752,7 +755,7 @@ export class Shield extends ShieldClient {
   }
 
   /**
-   * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the resource. This
+   * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the protected resource. This
    *        stops Shield Advanced from creating, verifying, and applying WAF rules for attacks that it detects for the resource. </p>
    */
   public disableApplicationLayerAutomaticResponse(
@@ -916,19 +919,20 @@ export class Shield extends ShieldClient {
   }
 
   /**
-   * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the resource. </p>
+   * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the protected resource. </p>
    *          <note>
-   *             <p>This feature is available for Amazon CloudFront distributions only.</p>
+   *             <p>This feature is available for Amazon CloudFront distributions and Application Load Balancers only.</p>
    *          </note>
    *          <p>This causes Shield Advanced to create, verify, and apply WAF rules for DDoS attacks that it detects for the
    *        resource. Shield Advanced applies the rules in a Shield rule group inside the web ACL that you've associated
    *            with the resource. For information about how automatic mitigation works and the requirements for using it, see
    *    <a href="https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html">Shield Advanced automatic application layer DDoS mitigation</a>.</p>
-   *          <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+   *          <note>
+   *             <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+   *          </note>
    *          <p>To use this feature, you must associate a web ACL with the protected resource. The web ACL must be created using the latest version of WAF (v2). You can associate the web ACL through the Shield Advanced console
    *            at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>. For more information,
-   *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>.</p>
-   *          <p>You can also do this through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
+   *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>. You can also associate the web ACL to the resource through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
    *        <a href="https://docs.aws.amazon.com/waf/latest/developerguide/">WAF Developer Guide</a>.</p>
    */
   public enableApplicationLayerAutomaticResponse(
@@ -1054,7 +1058,8 @@ export class Shield extends ShieldClient {
   }
 
   /**
-   * <p>Retrieves the <a>ProtectionGroup</a> objects for the account.</p>
+   * <p>Retrieves <a>ProtectionGroup</a> objects for the account. You can retrieve all protection groups or you can provide
+   *        filtering criteria and retrieve just the subset of protection groups that match the criteria. </p>
    */
   public listProtectionGroups(
     args: ListProtectionGroupsCommandInput,
@@ -1086,7 +1091,8 @@ export class Shield extends ShieldClient {
   }
 
   /**
-   * <p>Lists all <a>Protection</a> objects for the account.</p>
+   * <p>Retrieves <a>Protection</a> objects for the account. You can retrieve all protections or you can provide
+   *        filtering criteria and retrieve just the subset of protections that match the criteria. </p>
    */
   public listProtections(
     args: ListProtectionsCommandInput,
@@ -1339,6 +1345,10 @@ export class Shield extends ShieldClient {
 
   /**
    * <p>Updates the details of an existing subscription. Only enter values for parameters you want to change. Empty parameters are not updated.</p>
+   *          <note>
+   *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+   *               regardless of whether the payer account itself is subscribed. </p>
+   *          </note>
    */
   public updateSubscription(
     args: UpdateSubscriptionCommandInput,

diff --git a/clients/client-shield/src/commands/AssociateDRTLogBucketCommand.ts b/clients/client-shield/src/commands/AssociateDRTLogBucketCommand.ts
@@ -29,7 +29,7 @@ export interface AssociateDRTLogBucketCommandOutput extends AssociateDRTLogBucke
 
 /**
  * <p>Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.</p>
- *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+ *          <p>To use the services of the SRT and make an <code>AssociateDRTLogBucket</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-shield/src/commands/AssociateDRTRoleCommand.ts b/clients/client-shield/src/commands/AssociateDRTRoleCommand.ts
@@ -35,7 +35,7 @@ export interface AssociateDRTRoleCommandOutput extends AssociateDRTRoleResponse,
  *
  *          <p>The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.</p>
  *          <p>You must have the <code>iam:PassRole</code> permission to make an <code>AssociateDRTRole</code> request. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_passrole.html">Granting a user permissions to pass a role to an Amazon Web Services service</a>. </p>
- *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="https://docs.aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="https://docs.aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
+ *          <p>To use the services of the SRT and make an <code>AssociateDRTRole</code> request, you must be subscribed to the <a href="http://aws.amazon.com/premiumsupport/business-support/">Business Support plan</a> or the <a href="http://aws.amazon.com/premiumsupport/enterprise-support/">Enterprise Support plan</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-shield/src/commands/CreateProtectionCommand.ts b/clients/client-shield/src/commands/CreateProtectionCommand.ts
@@ -28,7 +28,7 @@ export interface CreateProtectionCommandInput extends CreateProtectionRequest {}
 export interface CreateProtectionCommandOutput extends CreateProtectionResponse, __MetadataBearer {}
 
 /**
- * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.</p>
+ * <p>Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.</p>
  *          <p>You can add protection to only a single resource with each <code>CreateProtection</code> request. You can add protection to multiple resources
  *           at once through the Shield Advanced console at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>.
  *               For more information see

diff --git a/clients/client-shield/src/commands/CreateSubscriptionCommand.ts b/clients/client-shield/src/commands/CreateSubscriptionCommand.ts
@@ -29,8 +29,11 @@ export interface CreateSubscriptionCommandOutput extends CreateSubscriptionRespo
 
 /**
  * <p>Activates Shield Advanced for an account.</p>
- *
- *          <p>When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
+ *          <note>
+ *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+ *               regardless of whether the payer account itself is subscribed. </p>
+ *          </note>
+ *          <p>When you initially create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period.  You can change this by submitting an <code>UpdateSubscription</code> request. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-shield/src/commands/DisableApplicationLayerAutomaticResponseCommand.ts b/clients/client-shield/src/commands/DisableApplicationLayerAutomaticResponseCommand.ts
@@ -31,7 +31,7 @@ export interface DisableApplicationLayerAutomaticResponseCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the resource. This
+ * <p>Disable the Shield Advanced automatic application layer DDoS mitigation feature for the protected resource. This
  *        stops Shield Advanced from creating, verifying, and applying WAF rules for attacks that it detects for the resource. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

diff --git a/clients/client-shield/src/commands/EnableApplicationLayerAutomaticResponseCommand.ts b/clients/client-shield/src/commands/EnableApplicationLayerAutomaticResponseCommand.ts
@@ -31,19 +31,20 @@ export interface EnableApplicationLayerAutomaticResponseCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the resource. </p>
+ * <p>Enable the Shield Advanced automatic application layer DDoS mitigation for the protected resource. </p>
  *          <note>
- *             <p>This feature is available for Amazon CloudFront distributions only.</p>
+ *             <p>This feature is available for Amazon CloudFront distributions and Application Load Balancers only.</p>
  *          </note>
  *          <p>This causes Shield Advanced to create, verify, and apply WAF rules for DDoS attacks that it detects for the
  *        resource. Shield Advanced applies the rules in a Shield rule group inside the web ACL that you've associated
  *            with the resource. For information about how automatic mitigation works and the requirements for using it, see
  *    <a href="https://docs.aws.amazon.com/waf/latest/developerguide/ddos-advanced-automatic-app-layer-response.html">Shield Advanced automatic application layer DDoS mitigation</a>.</p>
- *          <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+ *          <note>
+ *             <p>Don't use this action to make changes to automatic mitigation settings when it's already enabled for a resource. Instead, use <a>UpdateApplicationLayerAutomaticResponse</a>.</p>
+ *          </note>
  *          <p>To use this feature, you must associate a web ACL with the protected resource. The web ACL must be created using the latest version of WAF (v2). You can associate the web ACL through the Shield Advanced console
  *            at <a href="https://console.aws.amazon.com/wafv2/shieldv2#/">https://console.aws.amazon.com/wafv2/shieldv2#/</a>. For more information,
- *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>.</p>
- *          <p>You can also do this through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
+ *                see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/getting-started-ddos.html">Getting Started with Shield Advanced</a>. You can also associate the web ACL to the resource through the WAF console or the WAF API, but you must manage Shield Advanced automatic mitigation through Shield Advanced. For information about WAF, see
  *        <a href="https://docs.aws.amazon.com/waf/latest/developerguide/">WAF Developer Guide</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

diff --git a/clients/client-shield/src/commands/ListProtectionGroupsCommand.ts b/clients/client-shield/src/commands/ListProtectionGroupsCommand.ts
@@ -28,7 +28,8 @@ export interface ListProtectionGroupsCommandInput extends ListProtectionGroupsRe
 export interface ListProtectionGroupsCommandOutput extends ListProtectionGroupsResponse, __MetadataBearer {}
 
 /**
- * <p>Retrieves the <a>ProtectionGroup</a> objects for the account.</p>
+ * <p>Retrieves <a>ProtectionGroup</a> objects for the account. You can retrieve all protection groups or you can provide
+ *        filtering criteria and retrieve just the subset of protection groups that match the criteria. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-shield/src/commands/ListProtectionsCommand.ts b/clients/client-shield/src/commands/ListProtectionsCommand.ts
@@ -28,7 +28,8 @@ export interface ListProtectionsCommandInput extends ListProtectionsRequest {}
 export interface ListProtectionsCommandOutput extends ListProtectionsResponse, __MetadataBearer {}
 
 /**
- * <p>Lists all <a>Protection</a> objects for the account.</p>
+ * <p>Retrieves <a>Protection</a> objects for the account. You can retrieve all protections or you can provide
+ *        filtering criteria and retrieve just the subset of protections that match the criteria. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-shield/src/commands/UpdateSubscriptionCommand.ts b/clients/client-shield/src/commands/UpdateSubscriptionCommand.ts
@@ -29,6 +29,10 @@ export interface UpdateSubscriptionCommandOutput extends UpdateSubscriptionRespo
 
 /**
  * <p>Updates the details of an existing subscription. Only enter values for parameters you want to change. Empty parameters are not updated.</p>
+ *          <note>
+ *             <p>For accounts that are members of an Organizations organization, Shield Advanced subscriptions are billed against the organization's payer account,
+ *               regardless of whether the payer account itself is subscribed. </p>
+ *          </note>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript