Indicates whether the connector profile applies to a sandbox or production environment.
", "RedshiftConnectorProfileProperties$isRedshiftServerless": "Indicates whether the connector profile defines a connection to an Amazon Redshift Serverless data warehouse.
", "SalesforceConnectorProfileProperties$isSandboxEnvironment": "Indicates whether the connector profile applies to a sandbox or production environment.
", + "SalesforceConnectorProfileProperties$usePrivateLinkForMetadataAndAuthorization": "If the connection mode for the connector profile is private, this parameter sets whether Amazon AppFlow uses the private network to send metadata and authorization calls to Salesforce. Amazon AppFlow sends private calls through Amazon Web Services PrivateLink. These calls travel through Amazon Web Services infrastructure without being exposed to the public internet.
Set either of the following values:
Amazon AppFlow sends all calls to Salesforce over the private network.
These private calls are:
Calls to get metadata about your Salesforce records. This metadata describes your Salesforce objects and their fields.
Calls to get or refresh access tokens that allow Amazon AppFlow to access your Salesforce records.
Calls to transfer your Salesforce records as part of a flow run.
The default value. Amazon AppFlow sends some calls to Salesforce privately and other calls over the public internet.
The public calls are:
Calls to get metadata about your Salesforce records.
Calls to get or refresh access tokens.
The private calls are:
Calls to transfer your Salesforce records as part of a flow run.
The flag that enables dynamic fetching of new (recently added) fields in the Salesforce objects while running a flow.
", "SalesforceSourceProperties$includeDeletedRecords": "Indicates whether Amazon AppFlow includes deleted files in the flow run.
", "SourceFieldProperties$isRetrievable": "Indicates whether the field can be returned in a search result.
", diff --git a/models/apis/appflow/2020-08-23/endpoint-rule-set-1.json b/models/apis/appflow/2020-08-23/endpoint-rule-set-1.json index 01706fd6796..02056ce3eb5 100644 --- a/models/apis/appflow/2020-08-23/endpoint-rule-set-1.json +++ b/models/apis/appflow/2020-08-23/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,90 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsFIPS" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://appflow-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://appflow-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://appflow-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://appflow.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -222,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://appflow-fips.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://appflow.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -231,74 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://appflow.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://appflow.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/appflow/2020-08-23/endpoint-tests-1.json b/models/apis/appflow/2020-08-23/endpoint-tests-1.json index 45e1b7d9c2e..f502b5b25a3 100644 --- a/models/apis/appflow/2020-08-23/endpoint-tests-1.json +++ b/models/apis/appflow/2020-08-23/endpoint-tests-1.json @@ -1,42 +1,42 @@ { "testCases": [ { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-south-1.api.aws" + "url": "https://appflow.af-south-1.amazonaws.com" } }, "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-south-1" + "UseDualStack": false, + "UseFIPS": false, + "Region": "af-south-1" } }, { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-south-1.amazonaws.com" + "url": "https://appflow.ap-northeast-1.amazonaws.com" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-south-1" + "UseFIPS": false, + "Region": "ap-northeast-1" } }, { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.ap-south-1.api.aws" + "url": "https://appflow.ap-northeast-2.amazonaws.com" } }, "params": { - "UseDualStack": true, + "UseDualStack": false, "UseFIPS": false, - "Region": "ap-south-1" + "Region": "ap-northeast-2" } }, { @@ -53,42 +53,29 @@ } }, { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.ca-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ca-central-1.amazonaws.com" + "url": "https://appflow.ap-southeast-1.amazonaws.com" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "ca-central-1" + "UseFIPS": false, + "Region": "ap-southeast-1" } }, { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.ca-central-1.api.aws" + "url": "https://appflow.ap-southeast-2.amazonaws.com" } }, "params": { - "UseDualStack": true, + "UseDualStack": false, "UseFIPS": false, - "Region": "ca-central-1" + "Region": "ap-southeast-2" } }, { @@ -104,45 +91,6 @@ "Region": "ca-central-1" } }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.eu-central-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-central-1" - } - }, { "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { @@ -157,198 +105,29 @@ } }, { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-west-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.af-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.af-south-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.af-south-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.af-south-1.amazonaws.com" + "url": "https://appflow.eu-west-1.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.eu-west-3.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-3" + "Region": "eu-west-1" } }, { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.eu-west-3.amazonaws.com" + "url": "https://appflow.eu-west-2.amazonaws.com" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.eu-west-3.api.aws" - } - }, - "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "eu-west-3" + "Region": "eu-west-2" } }, { @@ -365,475 +144,281 @@ } }, { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.eu-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.eu-west-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.eu-west-2.amazonaws.com" + "url": "https://appflow.sa-east-1.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "eu-west-1" + "Region": "sa-east-1" } }, { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.eu-west-1.amazonaws.com" + "url": "https://appflow.us-east-1.amazonaws.com" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.eu-west-1.api.aws" - } - }, - "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "eu-west-1" + "Region": "us-east-1" } }, { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.eu-west-1.amazonaws.com" + "url": "https://appflow.us-east-2.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.ap-northeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-northeast-2" + "Region": "us-east-2" } }, { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-northeast-2.amazonaws.com" + "url": "https://appflow.us-west-1.amazonaws.com" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.ap-northeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "ap-northeast-2" + "Region": "us-west-1" } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.ap-northeast-2.amazonaws.com" + "url": "https://appflow.us-west-2.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "ap-northeast-2" + "Region": "us-west-2" } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-northeast-1.api.aws" + "url": "https://appflow-fips.us-east-1.api.aws" } }, "params": { "UseDualStack": true, "UseFIPS": true, - "Region": "ap-northeast-1" + "Region": "us-east-1" } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-northeast-1.amazonaws.com" + "url": "https://appflow-fips.us-east-1.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "ap-northeast-1" + "Region": "us-east-1" } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://appflow.ap-northeast-1.api.aws" + "url": "https://appflow.us-east-1.api.aws" } }, "params": { "UseDualStack": true, "UseFIPS": false, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow.ap-northeast-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "ap-northeast-1" + "Region": "us-east-1" } }, { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://appflow-fips.sa-east-1.api.aws" + "url": "https://appflow-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { "UseDualStack": true, "UseFIPS": true, - "Region": "sa-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.sa-east-1.amazonaws.com" + "url": "https://appflow-fips.cn-north-1.amazonaws.com.cn" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "sa-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://appflow.sa-east-1.api.aws" + "url": "https://appflow.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { "UseDualStack": true, "UseFIPS": false, - "Region": "sa-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.sa-east-1.amazonaws.com" + "url": "https://appflow.cn-north-1.amazonaws.com.cn" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "sa-east-1" + "Region": "cn-north-1" } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-southeast-1.api.aws" + "url": "https://appflow-fips.us-gov-east-1.api.aws" } }, "params": { "UseDualStack": true, "UseFIPS": true, - "Region": "ap-southeast-1" + "Region": "us-gov-east-1" } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-southeast-1.amazonaws.com" + "url": "https://appflow-fips.us-gov-east-1.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "ap-southeast-1" + "Region": "us-gov-east-1" } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://appflow.ap-southeast-1.api.aws" + "url": "https://appflow.us-gov-east-1.api.aws" } }, "params": { "UseDualStack": true, "UseFIPS": false, - "Region": "ap-southeast-1" + "Region": "us-gov-east-1" } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.ap-southeast-1.amazonaws.com" + "url": "https://appflow.us-gov-east-1.amazonaws.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "ap-southeast-1" - } - }, - { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.ap-southeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "ap-southeast-2" + "Region": "us-gov-east-1" } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.ap-southeast-2.amazonaws.com" + "url": "https://appflow-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "ap-southeast-2" + "Region": "us-iso-east-1" } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow.ap-southeast-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "ap-southeast-2" - } - }, - { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow.ap-southeast-2.amazonaws.com" + "url": "https://appflow.us-iso-east-1.c2s.ic.gov" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "ap-southeast-2" + "Region": "us-iso-east-1" } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.us-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.us-east-1.amazonaws.com" + "url": "https://appflow-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { "UseDualStack": false, "UseFIPS": true, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-east-1.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": false, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-east-1.amazonaws.com" - } - }, - "params": { - "UseDualStack": false, - "UseFIPS": false, - "Region": "us-east-1" - } - }, - { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow-fips.us-east-2.api.aws" - } - }, - "params": { - "UseDualStack": true, - "UseFIPS": true, - "Region": "us-east-2" + "Region": "us-isob-east-1" } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://appflow-fips.us-east-2.amazonaws.com" + "url": "https://appflow.us-isob-east-1.sc2s.sgov.gov" } }, "params": { "UseDualStack": false, - "UseFIPS": true, - "Region": "us-east-2" - } - }, - { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://appflow.us-east-2.api.aws" - } - }, - "params": { - "UseDualStack": true, "UseFIPS": false, - "Region": "us-east-2" + "Region": "us-isob-east-1" } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://appflow.us-east-2.amazonaws.com" + "url": "https://example.com" } }, "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-2" + "Region": "us-east-1", + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" @@ -842,7 +427,6 @@ "params": { "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, diff --git a/models/apis/ecs/2014-11-13/api-2.json b/models/apis/ecs/2014-11-13/api-2.json index 3bd83edf2bd..6881c28a5c3 100644 --- a/models/apis/ecs/2014-11-13/api-2.json +++ b/models/apis/ecs/2014-11-13/api-2.json @@ -162,6 +162,21 @@ {"shape":"ServiceNotFoundException"} ] }, + "DeleteTaskDefinitions":{ + "name":"DeleteTaskDefinitions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteTaskDefinitionsRequest"}, + "output":{"shape":"DeleteTaskDefinitionsResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ClientException"}, + {"shape":"InvalidParameterException"}, + {"shape":"ServerException"} + ] + }, "DeleteTaskSet":{ "name":"DeleteTaskSet", "http":{ @@ -1556,6 +1571,20 @@ "service":{"shape":"Service"} } }, + "DeleteTaskDefinitionsRequest":{ + "type":"structure", + "required":["taskDefinitions"], + "members":{ + "taskDefinitions":{"shape":"StringList"} + } + }, + "DeleteTaskDefinitionsResponse":{ + "type":"structure", + "members":{ + "taskDefinitions":{"shape":"TaskDefinitionList"}, + "failures":{"shape":"Failures"} + } + }, "DeleteTaskSetRequest":{ "type":"structure", "required":[ @@ -3417,6 +3446,10 @@ "type":"list", "member":{"shape":"TaskDefinitionField"} }, + "TaskDefinitionList":{ + "type":"list", + "member":{"shape":"TaskDefinition"} + }, "TaskDefinitionPlacementConstraint":{ "type":"structure", "members":{ @@ -3436,7 +3469,8 @@ "type":"string", "enum":[ "ACTIVE", - "INACTIVE" + "INACTIVE", + "DELETE_IN_PROGRESS" ] }, "TaskField":{ diff --git a/models/apis/ecs/2014-11-13/docs-2.json b/models/apis/ecs/2014-11-13/docs-2.json index fb986d99955..5cb615fda28 100644 --- a/models/apis/ecs/2014-11-13/docs-2.json +++ b/models/apis/ecs/2014-11-13/docs-2.json @@ -3,17 +3,18 @@ "service": "Amazon Elastic Container Service (Amazon ECS) is a highly scalable, fast, container management service. It makes it easy to run, stop, and manage Docker containers. You can host your cluster on a serverless infrastructure that's managed by Amazon ECS by launching your services or tasks on Fargate. For more control, you can host your tasks on a cluster of Amazon Elastic Compute Cloud (Amazon EC2) or External (on-premises) instances that you manage.
Amazon ECS makes it easy to launch and stop container-based applications with simple API calls. This makes it easy to get the state of your cluster from a centralized service, and gives you access to many familiar Amazon EC2 features.
You can use Amazon ECS to schedule the placement of containers across your cluster based on your resource needs, isolation policies, and availability requirements. With Amazon ECS, you don't need to operate your own cluster management and configuration management systems. You also don't need to worry about scaling your management infrastructure.
", "operations": { "CreateCapacityProvider": "Creates a new capacity provider. Capacity providers are associated with an Amazon ECS cluster and are used in capacity provider strategies to facilitate cluster auto scaling.
Only capacity providers that use an Auto Scaling group can be created. Amazon ECS tasks on Fargate use the FARGATE and FARGATE_SPOT capacity providers. These providers are available to all accounts in the Amazon Web Services Regions that Fargate supports.
Creates a new Amazon ECS cluster. By default, your account receives a default cluster when you launch your first container instance. However, you can create your own cluster with a unique name with the CreateCluster action.
When you call the CreateCluster API operation, Amazon ECS attempts to create the Amazon ECS service-linked role for your account. This is so that it can manage required resources in other Amazon Web Services services on your behalf. However, if the IAM user that makes the call doesn't have permissions to create the service-linked role, it isn't created. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Creates a new Amazon ECS cluster. By default, your account receives a default cluster when you launch your first container instance. However, you can create your own cluster with a unique name with the CreateCluster action.
When you call the CreateCluster API operation, Amazon ECS attempts to create the Amazon ECS service-linked role for your account. This is so that it can manage required resources in other Amazon Web Services services on your behalf. However, if the user that makes the call doesn't have permissions to create the service-linked role, it isn't created. For more information, see Using service-linked roles for Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Runs and maintains your desired number of tasks from a specified task definition. If the number of tasks running in a service drops below the desiredCount, Amazon ECS runs another copy of the task in the specified cluster. To update an existing service, see the UpdateService action.
In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind one or more load balancers. The load balancers distribute traffic across the tasks that are associated with the service. For more information, see Service load balancing in the Amazon Elastic Container Service Developer Guide.
Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
There are two service scheduler strategies available:
REPLICA - The replica scheduling strategy places and maintains your desired number of tasks across your cluster. By default, the service scheduler spreads tasks across Availability Zones. You can use task placement strategies and constraints to customize task placement decisions. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
DAEMON - The daemon scheduling strategy deploys exactly one task on each active container instance that meets all of the task placement constraints that you specify in your cluster. The service scheduler also evaluates the task placement constraints for running tasks. It also stops tasks that don't meet the placement constraints. When using this strategy, you don't need to specify a desired number of tasks, a task placement strategy, or use Service Auto Scaling policies. For more information, see Service scheduler concepts in the Amazon Elastic Container Service Developer Guide.
You can optionally specify a deployment configuration for your service. The deployment is initiated by changing properties. For example, the deployment might be initiated by the task definition or by your desired count of a service. This is done with an UpdateService operation. The default value for a replica service for minimumHealthyPercent is 100%. The default value for a daemon service for minimumHealthyPercent is 0%.
If a service uses the ECS deployment controller, the minimum healthy percent represents a lower limit on the number of tasks in a service that must remain in the RUNNING state during a deployment. Specifically, it represents it as a percentage of your desired number of tasks (rounded up to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can deploy without using additional cluster capacity. For example, if you set your service to have desired number of four tasks and a minimum healthy percent of 50%, the scheduler might stop two existing tasks to free up cluster capacity before starting two new tasks. If they're in the RUNNING state, tasks for services that don't use a load balancer are considered healthy . If they're in the RUNNING state and reported as healthy by the load balancer, tasks for services that do use a load balancer are considered healthy . The default value for minimum healthy percent is 100%.
If a service uses the ECS deployment controller, the maximum percent parameter represents an upper limit on the number of tasks in a service that are allowed in the RUNNING or PENDING state during a deployment. Specifically, it represents it as a percentage of the desired number of tasks (rounded down to the nearest integer). This happens when any of your container instances are in the DRAINING state if the service contains tasks using the EC2 launch type. Using this parameter, you can define the deployment batch size. For example, if your service has a desired number of four tasks and a maximum percent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default value for maximum percent is 200%.
If a service uses either the CODE_DEPLOY or EXTERNAL deployment controller types and tasks that use the EC2 launch type, the minimum healthy percent and maximum percent values are used only to define the lower and upper limit on the number of the tasks in the service that remain in the RUNNING state. This is while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the minimum healthy percent and maximum percent values aren't used. This is the case even if they're currently visible when describing your service.
When creating a service that uses the EXTERNAL deployment controller, you can specify only parameters that aren't controlled at the task set level. The only required parameter is the service name. You control your services using the CreateTaskSet operation. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
When the service scheduler launches new tasks, it determines task placement. For information about task placement and task placement strategies, see Amazon ECS task placement in the Amazon Elastic Container Service Developer Guide.
", "CreateTaskSet": "Create a task set in the specified cluster and service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
Disables an account setting for a specified IAM user, IAM role, or the root user for an account.
", + "DeleteAccountSetting": "Disables an account setting for a specified user, role, or the root user for an account.
", "DeleteAttributes": "Deletes one or more custom attributes from an Amazon ECS resource.
", "DeleteCapacityProvider": "Deletes the specified capacity provider.
The FARGATE and FARGATE_SPOT capacity providers are reserved and can't be deleted. You can disassociate them from a cluster using either the PutClusterCapacityProviders API or by deleting the cluster.
Prior to a capacity provider being deleted, the capacity provider must be removed from the capacity provider strategy from all services. The UpdateService API can be used to remove a capacity provider from a service's capacity provider strategy. When updating a service, the forceNewDeployment option can be used to ensure that any tasks using the Amazon EC2 instance capacity provided by the capacity provider are transitioned to use the capacity from the remaining capacity providers. Only capacity providers that aren't associated with a cluster can be deleted. To remove a capacity provider from a cluster, you can either use PutClusterCapacityProviders or delete the cluster.
Deletes the specified cluster. The cluster transitions to the INACTIVE state. Clusters with an INACTIVE status might remain discoverable in your account for a period of time. However, this behavior is subject to change in the future. We don't recommend that you rely on INACTIVE clusters persisting.
You must deregister all container instances from this cluster before you may delete it. You can list the container instances in a cluster with ListContainerInstances and deregister them with DeregisterContainerInstance.
", "DeleteService": "Deletes a specified service within a cluster. You can delete a service if you have no running tasks in it and the desired task count is zero. If the service is actively maintaining tasks, you can't delete it, and you must update the service to a desired task count of zero. For more information, see UpdateService.
When you delete a service, if there are still running tasks that require cleanup, the service status moves from ACTIVE to DRAINING, and the service is no longer visible in the console or in the ListServices API operation. After all tasks have transitioned to either STOPPING or STOPPED status, the service status moves from DRAINING to INACTIVE. Services in the DRAINING or INACTIVE status can still be viewed with the DescribeServices API operation. However, in the future, INACTIVE services may be cleaned up and purged from Amazon ECS record keeping, and DescribeServices calls on those services return a ServiceNotFoundException error.
If you attempt to create a new service with the same name as an existing service in either ACTIVE or DRAINING status, you receive an error.
Deletes one or more task definitions.
You must deregister a task definition revision before you delete it. For more information, see DeregisterTaskDefinition.
When you delete a task definition revision, it is immediately transitions from the INACTIVE to DELETE_IN_PROGRESS. Existing tasks and services that reference a DELETE_IN_PROGRESS task definition revision continue to run without disruption. Existing services that reference a DELETE_IN_PROGRESS task definition revision can still scale up or down by modifying the service's desired count.
You can't use a DELETE_IN_PROGRESS task definition revision to run new tasks or create new services. You also can't update an existing service to reference a DELETE_IN_PROGRESS task definition revision.
A task definition revision will stay in DELETE_IN_PROGRESS status until all the associated tasks and services have been terminated.
Deletes a specified task set within a service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see Amazon ECS deployment types in the Amazon Elastic Container Service Developer Guide.
Deregisters an Amazon ECS container instance from the specified cluster. This instance is no longer available to run tasks.
If you intend to use the container instance for some other purpose after deregistration, we recommend that you stop all of the tasks running on the container instance before deregistration. That prevents any orphaned tasks from consuming resources.
Deregistering a container instance removes the instance from a cluster, but it doesn't terminate the EC2 instance. If you are finished using the instance, be sure to terminate it in the Amazon EC2 console to stop billing.
If you terminate a running container instance, Amazon ECS automatically deregisters the instance from your cluster (stopped container instances or instances with disconnected agents aren't automatically deregistered when terminated).
Deregisters the specified task definition by family and revision. Upon deregistration, the task definition is marked as INACTIVE. Existing tasks and services that reference an INACTIVE task definition continue to run without disruption. Existing services that reference an INACTIVE task definition can still scale up or down by modifying the service's desired count.
You can't use an INACTIVE task definition to run new tasks or create new services, and you can't update an existing service to reference an INACTIVE task definition. However, there may be up to a 10-minute window following deregistration where these restrictions have not yet taken effect.
At this time, INACTIVE task definitions remain discoverable in your account indefinitely. However, this behavior is subject to change in the future. We don't recommend that you rely on INACTIVE task definitions persisting beyond the lifecycle of any associated tasks and services.
Deregisters the specified task definition by family and revision. Upon deregistration, the task definition is marked as INACTIVE. Existing tasks and services that reference an INACTIVE task definition continue to run without disruption. Existing services that reference an INACTIVE task definition can still scale up or down by modifying the service's desired count. If you want to delete a task definition revision, you must first deregister the task definition revision.
You can't use an INACTIVE task definition to run new tasks or create new services, and you can't update an existing service to reference an INACTIVE task definition. However, there may be up to a 10-minute window following deregistration where these restrictions have not yet taken effect.
At this time, INACTIVE task definitions remain discoverable in your account indefinitely. However, this behavior is subject to change in the future. We don't recommend that you rely on INACTIVE task definitions persisting beyond the lifecycle of any associated tasks and services.
You must deregister a task definition revision before you delete it. For more information, see DeleteTaskDefinitions.
", "DescribeCapacityProviders": "Describes one or more of your capacity providers.
", "DescribeClusters": "Describes one or more of your clusters.
", "DescribeContainerInstances": "Describes one or more container instances. Returns metadata about each container instance requested.
", @@ -34,12 +35,12 @@ "ListTaskDefinitionFamilies": "Returns a list of task definition families that are registered to your account. This list includes task definition families that no longer have any ACTIVE task definition revisions.
You can filter out task definition families that don't contain any ACTIVE task definition revisions by setting the status parameter to ACTIVE. You can also filter the results with the familyPrefix parameter.
Returns a list of task definitions that are registered to your account. You can filter the results by family name with the familyPrefix parameter or by status with the status parameter.
Returns a list of tasks. You can filter the results by cluster, task definition family, container instance, launch type, what IAM principal started the task, or by the desired status of the task.
Recently stopped tasks might appear in the returned results. Currently, stopped tasks appear in the returned results for at least one hour.
", - "PutAccountSetting": "Modifies an account setting. Account settings are set on a per-Region basis.
If you change the account setting for the root user, the default settings for all of the IAM users and roles that no individual account setting was specified are reset for. For more information, see Account Settings in the Amazon Elastic Container Service Developer Guide.
When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified IAM user, IAM role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the IAM user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
When awsvpcTrunking is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is enabled, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
When containerInsights is specified, the default setting indicating whether CloudWatch Container Insights is enabled for your clusters is changed. If containerInsights is enabled, any new clusters that are created will have Container Insights enabled unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
Modifies an account setting for all IAM users on an account for whom no individual account setting has been specified. Account settings are set on a per-Region basis.
", + "PutAccountSetting": "Modifies an account setting. Account settings are set on a per-Region basis.
If you change the account setting for the root user, the default settings for all of the users and roles that no individual account setting was specified are reset for. For more information, see Account Settings in the Amazon Elastic Container Service Developer Guide.
When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.
When awsvpcTrunking is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is enabled, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.
When containerInsights is specified, the default setting indicating whether CloudWatch Container Insights is enabled for your clusters is changed. If containerInsights is enabled, any new clusters that are created will have Container Insights enabled unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.
Modifies an account setting for all users on an account for whom no individual account setting has been specified. Account settings are set on a per-Region basis.
", "PutAttributes": "Create or update an attribute on an Amazon ECS resource. If the attribute doesn't exist, it's created. If the attribute exists, its value is replaced with the specified value. To delete an attribute, use DeleteAttributes. For more information, see Attributes in the Amazon Elastic Container Service Developer Guide.
", "PutClusterCapacityProviders": "Modifies the available capacity providers and the default capacity provider strategy for a cluster.
You must specify both the available capacity providers and a default capacity provider strategy for the cluster. If the specified cluster has existing capacity providers associated with it, you must specify all existing capacity providers in addition to any new ones you want to add. Any existing capacity providers that are associated with a cluster that are omitted from a PutClusterCapacityProviders API call will be disassociated with the cluster. You can only disassociate an existing capacity provider from a cluster if it's not being used by any existing tasks.
When creating a service or running a task on a cluster, if no capacity provider or launch type is specified, then the cluster's default capacity provider strategy is used. We recommend that you define a default capacity provider strategy for your cluster. However, you must specify an empty array ([]) to bypass defining a default strategy.
This action is only used by the Amazon ECS agent, and it is not intended for use outside of the agent.
Registers an EC2 instance into the specified cluster. This instance becomes available to place containers on.
", - "RegisterTaskDefinition": "Registers a new task definition from the supplied family and containerDefinitions. Optionally, you can add data volumes to your containers with the volumes parameter. For more information about task definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide.
You can specify an IAM role for your task with the taskRoleArn parameter. When you specify an IAM role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the Amazon Web Services services that are specified in the IAM policy that's associated with the role. For more information, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide.
You can specify a Docker networking mode for the containers in your task definition with the networkMode parameter. The available network modes correspond to those described in Network settings in the Docker run reference. If you specify the awsvpc network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.
Registers a new task definition from the supplied family and containerDefinitions. Optionally, you can add data volumes to your containers with the volumes parameter. For more information about task definition parameters and defaults, see Amazon ECS Task Definitions in the Amazon Elastic Container Service Developer Guide.
You can specify a role for your task with the taskRoleArn parameter. When you specify a role for a task, its containers can then use the latest versions of the CLI or SDKs to make API requests to the Amazon Web Services services that are specified in the policy that's associated with the role. For more information, see IAM Roles for Tasks in the Amazon Elastic Container Service Developer Guide.
You can specify a Docker networking mode for the containers in your task definition with the networkMode parameter. The available network modes correspond to those described in Network settings in the Docker run reference. If you specify the awsvpc network mode, the task is allocated an elastic network interface, and you must specify a NetworkConfiguration when you create a service or run a task with the task definition. For more information, see Task Networking in the Amazon Elastic Container Service Developer Guide.
Starts a new task using the specified task definition.
You can allow Amazon ECS to place tasks for you, or you can customize how Amazon ECS places tasks using placement constraints and placement strategies. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
Alternatively, you can use StartTask to use your own scheduler or place tasks manually on specific container instances.
The Amazon ECS API follows an eventual consistency model. This is because of the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your Amazon ECS resources might not be immediately visible to all subsequent commands you run. Keep this in mind when you carry out an API command that immediately follows a previous API command.
To manage eventual consistency, you can do the following:
Confirm the state of the resource before you run a command to modify it. Run the DescribeTasks command using an exponential backoff algorithm to ensure that you allow enough time for the previous command to propagate through the system. To do this, run the DescribeTasks command repeatedly, starting with a couple of seconds of wait time and increasing gradually up to five minutes of wait time.
Add wait time between subsequent commands, even if the DescribeTasks command returns an accurate response. Apply an exponential backoff algorithm starting with a couple of seconds of wait time, and increase gradually up to about five minutes of wait time.
Starts a new task from the specified task definition on the specified container instance or instances.
Alternatively, you can use RunTask to place tasks for you. For more information, see Scheduling Tasks in the Amazon Elastic Container Service Developer Guide.
", "StopTask": "Stops a running task. Any tags associated with the task will be deleted.
When StopTask is called on a task, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM value and a default 30-second timeout, after which the SIGKILL value is sent and the containers are forcibly stopped. If the container handles the SIGTERM value gracefully and exits within 30 seconds from receiving it, no SIGKILL value is sent.
The default 30-second timeout can be configured on the Amazon ECS container agent with the ECS_CONTAINER_STOP_TIMEOUT variable. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.
Modifies the settings to use for a cluster.
", "UpdateContainerAgent": "Updates the Amazon ECS container agent on a specified container instance. Updating the Amazon ECS container agent doesn't interrupt running tasks or services on the container instance. The process for updating the agent differs depending on whether your container instance was launched with the Amazon ECS-optimized AMI or another operating system.
The UpdateContainerAgent API isn't supported for container instances using the Amazon ECS-optimized Amazon Linux 2 (arm64) AMI. To update the container agent, you can update the ecs-init package. This updates the agent. For more information, see Updating the Amazon ECS container agent in the Amazon Elastic Container Service Developer Guide.
Agent updates with the UpdateContainerAgent API operation do not apply to Windows container instances. We recommend that you launch new container instances to update the agent version in your Windows clusters.
The UpdateContainerAgent API requires an Amazon ECS-optimized AMI or Amazon Linux AMI with the ecs-init service installed and running. For help updating the Amazon ECS container agent on other operating systems, see Manually updating the Amazon ECS container agent in the Amazon Elastic Container Service Developer Guide.
Modifies the status of an Amazon ECS container instance.
Once a container instance has reached an ACTIVE state, you can change the status of a container instance to DRAINING to manually remove an instance from a cluster, for example to perform system updates, update the Docker daemon, or scale down the cluster size.
A container instance can't be changed to DRAINING until it has reached an ACTIVE status. If the instance is in any other status, an error will be received.
When you set a container instance to DRAINING, Amazon ECS prevents new tasks from being scheduled for placement on the container instance and replacement service tasks are started on other container instances in the cluster if the resources are available. Service tasks on the container instance that are in the PENDING state are stopped immediately.
Service tasks on the container instance that are in the RUNNING state are stopped and replaced according to the service's deployment configuration parameters, minimumHealthyPercent and maximumPercent. You can change the deployment configuration of your service using UpdateService.
If minimumHealthyPercent is below 100%, the scheduler can ignore desiredCount temporarily during task replacement. For example, desiredCount is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. If the minimum is 100%, the service scheduler can't remove existing tasks until the replacement tasks are considered healthy. Tasks for services that do not use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
The maximumPercent parameter represents an upper limit on the number of running tasks during task replacement. You can use this to define the replacement batch size. For example, if desiredCount is four tasks, a maximum of 200% starts four new tasks before stopping the four tasks to be drained, provided that the cluster resources required to do this are available. If the maximum is 100%, then replacement tasks can't start until the draining tasks have stopped.
Any PENDING or RUNNING tasks that do not belong to a service aren't affected. You must wait for them to finish or stop them manually.
A container instance has completed draining when it has no more RUNNING tasks. You can verify this using ListTasks.
When a container instance has been drained, you can set a container instance to ACTIVE status and once it has reached that status the Amazon ECS scheduler can begin scheduling tasks on the instance again.
Modifies the parameters of a service.
For services using the rolling update (ECS) you can update the desired count, deployment configuration, network configuration, load balancers, service registries, enable ECS managed tags option, propagate tags option, task placement constraints and strategies, and task definition. When you update any of these parameters, Amazon ECS starts new tasks with the new configuration.
For services using the blue/green (CODE_DEPLOY) deployment controller, only the desired count, deployment configuration, health check grace period, task placement constraints and strategies, enable ECS managed tags option, and propagate tags can be updated using this API. If the network configuration, platform version, task definition, or load balancer need to be updated, create a new CodeDeploy deployment. For more information, see CreateDeployment in the CodeDeploy API Reference.
For services using an external deployment controller, you can update only the desired count, task placement constraints and strategies, health check grace period, enable ECS managed tags option, and propagate tags option, using this API. If the launch type, load balancer, network configuration, platform version, or task definition need to be updated, create a new task set For more information, see CreateTaskSet.
You can add to or subtract from the number of instantiations of a task definition in a service by specifying the cluster that the service is running in and a new desiredCount parameter.
If you have updated the Docker image of your application, you can create a new task definition with that image and deploy it to your service. The service scheduler uses the minimum healthy percent and maximum percent parameters (in the service's deployment configuration) to determine the deployment strategy.
If your updated Docker image uses the same tag as what is in the existing task definition for your service (for example, my_image:latest), you don't need to create a new revision of your task definition. You can update the service using the forceNewDeployment option. The new tasks launched by the deployment pull the current image/tag combination from your repository when they start.
You can also update the deployment configuration of a service. When a deployment is triggered by updating the task definition of a service, the service scheduler uses the deployment configuration parameters, minimumHealthyPercent and maximumPercent, to determine the deployment strategy.
If minimumHealthyPercent is below 100%, the scheduler can ignore desiredCount temporarily during a deployment. For example, if desiredCount is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
The maximumPercent parameter represents an upper limit on the number of running tasks during a deployment. You can use it to define the deployment batch size. For example, if desiredCount is four tasks, a maximum of 200% starts four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available).
When UpdateService stops a task during a deployment, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM and a 30-second timeout. After this, SIGKILL is sent and the containers are forcibly stopped. If the container handles the SIGTERM gracefully and exits within 30 seconds from receiving it, no SIGKILL is sent.
When the service scheduler launches new tasks, it determines task placement in your cluster with the following logic.
Determine which of the container instances in your cluster can support your service's task definition. For example, they have the required CPU, memory, ports, and container instance attributes.
By default, the service scheduler attempts to balance tasks across Availability Zones in this manner even though you can choose a different placement strategy.
Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.
Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.
When the service scheduler stops running tasks, it attempts to maintain balance across the Availability Zones in your cluster using the following logic:
Sort the container instances by the largest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have two, container instances in either zone B or C are considered optimal for termination.
Stop the task on a container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the largest number of running tasks for this service.
You must have a service-linked role when you update any of the following service properties. If you specified a custom IAM role when you created the service, Amazon ECS automatically replaces the roleARN associated with the service with the ARN of your service-linked role. For more information, see Service-linked roles in the Amazon Elastic Container Service Developer Guide.
loadBalancers,
serviceRegistries
Modifies the parameters of a service.
For services using the rolling update (ECS) you can update the desired count, deployment configuration, network configuration, load balancers, service registries, enable ECS managed tags option, propagate tags option, task placement constraints and strategies, and task definition. When you update any of these parameters, Amazon ECS starts new tasks with the new configuration.
For services using the blue/green (CODE_DEPLOY) deployment controller, only the desired count, deployment configuration, health check grace period, task placement constraints and strategies, enable ECS managed tags option, and propagate tags can be updated using this API. If the network configuration, platform version, task definition, or load balancer need to be updated, create a new CodeDeploy deployment. For more information, see CreateDeployment in the CodeDeploy API Reference.
For services using an external deployment controller, you can update only the desired count, task placement constraints and strategies, health check grace period, enable ECS managed tags option, and propagate tags option, using this API. If the launch type, load balancer, network configuration, platform version, or task definition need to be updated, create a new task set For more information, see CreateTaskSet.
You can add to or subtract from the number of instantiations of a task definition in a service by specifying the cluster that the service is running in and a new desiredCount parameter.
If you have updated the Docker image of your application, you can create a new task definition with that image and deploy it to your service. The service scheduler uses the minimum healthy percent and maximum percent parameters (in the service's deployment configuration) to determine the deployment strategy.
If your updated Docker image uses the same tag as what is in the existing task definition for your service (for example, my_image:latest), you don't need to create a new revision of your task definition. You can update the service using the forceNewDeployment option. The new tasks launched by the deployment pull the current image/tag combination from your repository when they start.
You can also update the deployment configuration of a service. When a deployment is triggered by updating the task definition of a service, the service scheduler uses the deployment configuration parameters, minimumHealthyPercent and maximumPercent, to determine the deployment strategy.
If minimumHealthyPercent is below 100%, the scheduler can ignore desiredCount temporarily during a deployment. For example, if desiredCount is four tasks, a minimum of 50% allows the scheduler to stop two existing tasks before starting two new tasks. Tasks for services that don't use a load balancer are considered healthy if they're in the RUNNING state. Tasks for services that use a load balancer are considered healthy if they're in the RUNNING state and are reported as healthy by the load balancer.
The maximumPercent parameter represents an upper limit on the number of running tasks during a deployment. You can use it to define the deployment batch size. For example, if desiredCount is four tasks, a maximum of 200% starts four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available).
When UpdateService stops a task during a deployment, the equivalent of docker stop is issued to the containers running in the task. This results in a SIGTERM and a 30-second timeout. After this, SIGKILL is sent and the containers are forcibly stopped. If the container handles the SIGTERM gracefully and exits within 30 seconds from receiving it, no SIGKILL is sent.
When the service scheduler launches new tasks, it determines task placement in your cluster with the following logic.
Determine which of the container instances in your cluster can support your service's task definition. For example, they have the required CPU, memory, ports, and container instance attributes.
By default, the service scheduler attempts to balance tasks across Availability Zones in this manner even though you can choose a different placement strategy.
Sort the valid container instances by the fewest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have zero, valid container instances in either zone B or C are considered optimal for placement.
Place the new service task on a valid container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the fewest number of running tasks for this service.
When the service scheduler stops running tasks, it attempts to maintain balance across the Availability Zones in your cluster using the following logic:
Sort the container instances by the largest number of running tasks for this service in the same Availability Zone as the instance. For example, if zone A has one running service task and zones B and C each have two, container instances in either zone B or C are considered optimal for termination.
Stop the task on a container instance in an optimal Availability Zone (based on the previous steps), favoring container instances with the largest number of running tasks for this service.
You must have a service-linked role when you update any of the following service properties. If you specified a custom role when you created the service, Amazon ECS automatically replaces the roleARN associated with the service with the ARN of your service-linked role. For more information, see Service-linked roles in the Amazon Elastic Container Service Developer Guide.
loadBalancers,
serviceRegistries
Modifies which task set in a service is the primary task set. Any parameters that are updated on the primary task set in a service will transition to the service. This is used when a service uses the EXTERNAL deployment controller type. For more information, see Amazon ECS Deployment Types in the Amazon Elastic Container Service Developer Guide.
Updates the protection status of a task. You can set protectionEnabled to true to protect your task from termination during scale-in events from Service Autoscaling or deployments.
Task-protection, by default, expires after 2 hours at which point Amazon ECS unsets the protectionEnabled property making the task eligible for termination by a subsequent scale-in event.
You can specify a custom expiration period for task protection from 1 minute to up to 2,880 minutes (48 hours). To specify the custom expiration period, set the expiresInMinutes property. The expiresInMinutes property is always reset when you invoke this operation for a task that already has protectionEnabled set to true. You can keep extending the protection expiration period of a task by invoking this operation repeatedly.
To learn more about Amazon ECS task protection, see Task scale-in protection in the Amazon Elastic Container Service Developer Guide .
This operation is only supported for tasks belonging to an Amazon ECS service. Invoking this operation for a standalone task will result in an TASK_NOT_VALID failure. For more information, see API failure reasons.
If you prefer to set task protection from within the container, we recommend using the Task scale-in protection endpoint.
Modifies a task set. This is used when a service uses the EXTERNAL deployment controller type. For more information, see Amazon ECS Deployment Types in the Amazon Elastic Container Service Developer Guide.
Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is used, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
", "DeploymentCircuitBreaker$enable": "Determines whether to use the deployment circuit breaker logic for the service.
", "DeploymentCircuitBreaker$rollback": "Determines whether to configure Amazon ECS to roll back the service if a service deployment fails. If rollback is on, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
", - "ExecuteCommandLogConfiguration$cloudWatchEncryptionEnabled": "Determines whether to use encryption on the CloudWatch logs. If not specified, encryption will be disabled.
", + "ExecuteCommandLogConfiguration$cloudWatchEncryptionEnabled": "Determines whether to use encryption on the CloudWatch logs. If not specified, encryption will be off.
", "ExecuteCommandLogConfiguration$s3EncryptionEnabled": "Determines whether to use encryption on the S3 logs. If not specified, encryption is not used.
", "ExecuteCommandRequest$interactive": "Use this flag to run your command in interactive mode.
", "ExecuteCommandResponse$interactive": "Determines whether the execute command session is running in interactive mode. Amazon ECS only supports initiating interactive sessions, so you must specify true for this value.
Determines whether to return the effective settings. If true, the account settings for the root user or the default setting for the principalArn are returned. If false, the account settings for the principalArn are returned if they're set. Otherwise, no account settings are returned.
The protection status of the task. If scale-in protection is enabled for a task, the value is true. Otherwise, it is false.
The protection status of the task. If scale-in protection is on for a task, the value is true. Otherwise, it is false.
Specifies whether to use Amazon ECS managed tags for the task. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.
", "RunTaskRequest$enableExecuteCommand": "Determines whether to use the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
If true, then the task definition must have a task role, or you must provide one as an override.
Determines whether to use Amazon ECS managed tags for the tasks in the service. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.
", @@ -196,7 +197,7 @@ "base": null, "refs": { "ContainerDefinition$essential": "If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped. If the essential parameter of a container is marked as false, its failure doesn't affect the rest of the containers in a task. If this parameter is omitted, a container is assumed to be essential.
All tasks must have at least one essential container. If you have an application that's composed of multiple containers, group containers that are used for a common purpose into components, and separate the different components into multiple task definitions. For more information, see Application Architecture in the Amazon Elastic Container Service Developer Guide.
", - "ContainerDefinition$disableNetworking": "When this parameter is true, networking is disabled within the container. This parameter maps to NetworkDisabled in the Create a container section of the Docker Remote API.
This parameter is not supported for Windows containers.
When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled in the Create a container section of the Docker Remote API.
This parameter is not supported for Windows containers.
When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the Create a container section of the Docker Remote API and the --privileged option to docker run.
This parameter is not supported for Windows containers or tasks run on Fargate.
When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the Create a container section of the Docker Remote API and the --read-only option to docker run.
This parameter is not supported for Windows containers.
When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the Create a container section of the Docker Remote API and the --interactive option to docker run.
The time period in seconds between each health check execution. You may specify between 5 and 300 seconds. The default value is 30 seconds.
", "HealthCheck$timeout": "The time period in seconds to wait for a health check to succeed before it is considered a failure. You may specify between 2 and 60 seconds. The default value is 5.
", "HealthCheck$retries": "The number of times to retry a failed health check before the container is considered unhealthy. You may specify between 1 and 10 retries. The default value is 3.
", - "HealthCheck$startPeriod": "The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is disabled.
If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
The optional grace period to provide containers time to bootstrap before failed health checks count towards the maximum number of retries. You can specify between 0 and 300 seconds. By default, the startPeriod is off.
If a health check succeeds within the startPeriod, then the container is considered healthy and any subsequent failures count toward the maximum number of retries.
The value for the size (in MiB) of the /dev/shm volume. This parameter maps to the --shm-size option to docker run.
If you are using tasks that use the Fargate launch type, the sharedMemorySize parameter is not supported.
The total amount of swap memory (in MiB) a container can use. This parameter will be translated to the --memory-swap option to docker run where the value would be the sum of the container memory plus the maxSwap value.
If a maxSwap value of 0 is specified, the container will not use swap. Accepted values are 0 or any positive integer. If the maxSwap parameter is omitted, the container will use the swap configuration for the container instance it is running on. A maxSwap value must be set for the swappiness parameter to be used.
If you're using tasks that use the Fargate launch type, the maxSwap parameter isn't supported.
This allows you to tune a container's memory swappiness behavior. A swappiness value of 0 will cause swapping to not happen unless absolutely necessary. A swappiness value of 100 will cause pages to be swapped very aggressively. Accepted values are whole numbers between 0 and 100. If the swappiness parameter is not specified, a default value of 60 is used. If a value is not specified for maxSwap then this parameter is ignored. This parameter maps to the --memory-swappiness option to docker run.
If you're using tasks that use the Fargate launch type, the swappiness parameter isn't supported.
The default capacity provider strategy for the cluster. When services or tasks are run in the cluster with no launch type or capacity provider strategy specified, the default capacity provider strategy is used.
", - "CreateClusterRequest$defaultCapacityProviderStrategy": "The capacity provider strategy to set as the default for the cluster. After a default capacity provider strategy is set for a cluster, when you call the RunTask or CreateService APIs with no capacity provider strategy or launch type specified, the default capacity provider strategy for the cluster is used.
If a default capacity provider strategy isn't defined for a cluster when it was created, it can be defined later with the PutClusterCapacityProviders API operation.
", + "CreateClusterRequest$defaultCapacityProviderStrategy": "The capacity provider strategy to set as the default for the cluster. After a default capacity provider strategy is set for a cluster, when you call the CreateService or RunTask APIs with no capacity provider strategy or launch type specified, the default capacity provider strategy for the cluster is used.
If a default capacity provider strategy isn't defined for a cluster when it was created, it can be defined later with the PutClusterCapacityProviders API operation.
", "CreateServiceRequest$capacityProviderStrategy": "The capacity provider strategy to use for the service.
If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.
A capacity provider strategy may contain a maximum of 6 capacity providers.
", "CreateTaskSetRequest$capacityProviderStrategy": "The capacity provider strategy to use for the task set.
A capacity provider strategy consists of one or more capacity providers along with the base and weight to assign to them. A capacity provider must be associated with the cluster to be used in a capacity provider strategy. The PutClusterCapacityProviders API is used to associate a capacity provider with a cluster. Only capacity providers with an ACTIVE or UPDATING status can be used.
If a capacityProviderStrategy is specified, the launchType parameter must be omitted. If no capacityProviderStrategy or launchType is specified, the defaultCapacityProviderStrategy for the cluster is used.
If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must already be created. New capacity providers can be created with the CreateCapacityProvider API operation.
To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.
The PutClusterCapacityProviders API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
", "Deployment$capacityProviderStrategy": "The capacity provider strategy that the deployment is using.
", @@ -422,7 +423,7 @@ "ClusterSettings": { "base": null, "refs": { - "Cluster$settings": "The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is enabled or disabled for a cluster.
", + "Cluster$settings": "The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is on or off for a cluster.
", "CreateClusterRequest$settings": "The setting to use when creating a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster. If this value is specified, it overrides the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.
The cluster settings for your cluster.
", "UpdateClusterSettingsRequest$settings": "The setting to use by default for a cluster. This parameter is used to turn on CloudWatch Container Insights for a cluster. If this value is specified, it overrides the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.
Currently, if you delete an existing cluster that does not have Container Insights turned on, and then create a new cluster with the same name with Container Insights tuned on, Container Insights will not actually be turned on. If you want to preserve the same name for your existing cluster and turn on Container Insights, you must wait 7 days before you can re-create it.
The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type that aren't behind a Classic Load Balancer.
The deployment circuit breaker determines whether a service deployment will fail if the service can't reach a steady state. If enabled, a service deployment will transition to a failed state and stop launching new tasks. You can also configure Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see Rolling update in the Amazon Elastic Container Service Developer Guide.
", + "base": "The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type.
The deployment circuit breaker determines whether a service deployment will fail if the service can't reach a steady state. If enabled, a service deployment will transition to a failed state and stop launching new tasks. You can also configure Amazon ECS to roll back your service to the last completed deployment after a failure. For more information, see Rolling update in the Amazon Elastic Container Service Developer Guide.
", "refs": { - "DeploymentConfiguration$deploymentCircuitBreaker": "The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type.
The deployment circuit breaker determines whether a service deployment will fail if the service can't reach a steady state. If deployment circuit breaker is enabled, a service deployment will transition to a failed state and stop launching new tasks. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.
" + "DeploymentConfiguration$deploymentCircuitBreaker": "The deployment circuit breaker can only be used for services using the rolling update (ECS) deployment type.
The deployment circuit breaker determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see Rolling update in the Amazon Elastic Container Service Developer Guide
" } }, "DeploymentConfiguration": { @@ -871,7 +882,7 @@ "EFSAuthorizationConfigIAM": { "base": null, "refs": { - "EFSAuthorizationConfig$iam": "Determines whether to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. If this parameter is omitted, the default value of DISABLED is used. For more information, see Using Amazon EFS access points in the Amazon Elastic Container Service Developer Guide.
Determines whether to use the Amazon ECS task role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. If this parameter is omitted, the default value of DISABLED is used. For more information, see Using Amazon EFS access points in the Amazon Elastic Container Service Developer Guide.
Any failures associated with the call.
", "DescribeCapacityProvidersResponse$failures": "Any failures associated with the call.
", "DescribeClustersResponse$failures": "Any failures associated with the call.
", "DescribeContainerInstancesResponse$failures": "Any failures associated with the call.
", @@ -1355,7 +1367,7 @@ } }, "ManagedScaling": { - "base": "The managed scaling settings for the Auto Scaling group capacity provider.
When managed scaling is enabled, Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling policy using an Amazon ECS managed CloudWatch metric with the specified targetCapacity value as the target value for the metric. For more information, see Using managed scaling in the Amazon Elastic Container Service Developer Guide.
If managed scaling is disabled, the user must manage the scaling of the Auto Scaling group.
", + "base": "The managed scaling settings for the Auto Scaling group capacity provider.
When managed scaling is enabled, Amazon ECS manages the scale-in and scale-out actions of the Auto Scaling group. Amazon ECS manages a target tracking scaling policy using an Amazon ECS managed CloudWatch metric with the specified targetCapacity value as the target value for the metric. For more information, see Using managed scaling in the Amazon Elastic Container Service Developer Guide.
If managed scaling is off, the user must manage the scaling of the Auto Scaling group.
", "refs": { "AutoScalingGroupProvider$managedScaling": "The managed scaling settings for the Auto Scaling group capacity provider.
", "AutoScalingGroupProviderUpdate$managedScaling": "The managed scaling settings for the Auto Scaling group capacity provider.
" @@ -1389,8 +1401,8 @@ "ManagedTerminationProtection": { "base": null, "refs": { - "AutoScalingGroupProvider$managedTerminationProtection": "The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is disabled.
When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.
When managed termination protection is enabled, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled as well. For more information, see Instance Protection in the Auto Scaling User Guide.
When managed termination protection is disabled, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.
", - "AutoScalingGroupProviderUpdate$managedTerminationProtection": "The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection.
When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.
When managed termination protection is enabled, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled. For more information, see Instance Protection in the Auto Scaling User Guide.
When managed termination protection is disabled, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.
" + "AutoScalingGroupProvider$managedTerminationProtection": "The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is off.
When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.
When managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions enabled as well. For more information, see Instance Protection in the Auto Scaling User Guide.
When managed termination protection is off, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.
", + "AutoScalingGroupProviderUpdate$managedTerminationProtection": "The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection.
When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work.
When managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions on. For more information, see Instance Protection in the Auto Scaling User Guide.
When managed termination protection is off, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in.
" } }, "MissingVersionException": { @@ -1430,7 +1442,7 @@ } }, "NetworkConfiguration": { - "base": "An object representing the network configuration for a task or service.
", + "base": "The network configuration for a task or service.
", "refs": { "CreateServiceRequest$networkConfiguration": "The network configuration for the service. This parameter is required for task definitions that use the awsvpc network mode to receive their own elastic network interface, and it isn't supported for other network modes. For more information, see Task networking in the Amazon Elastic Container Service Developer Guide.
An object representing the network configuration for a task set.
", @@ -1995,7 +2007,7 @@ "Cluster$attachmentsStatus": "The status of the capacity providers associated with the cluster. The following are the states that are returned.
The available capacity providers for the cluster are updating.
The capacity providers have successfully updated.
The capacity provider updates failed.
The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace. When you create a service and don't specify a Service Connect configuration, this namespace is used.
", "ClusterServiceConnectDefaultsRequest$namespace": "The namespace name or full Amazon Resource Name (ARN) of the Cloud Map namespace that's used when you create a service and don't specify a Service Connect configuration. The namespace name can include up to 1024 characters. The name is case-sensitive. The name can't include hyphens (-), tilde (~), greater than (>), less than (<), or slash (/).
If you enter an existing namespace name or ARN, then that namespace will be used. Any namespace type is supported. The namespace must be in this account and this Amazon Web Services Region.
If you enter a new name, a Cloud Map namespace will be created. Amazon ECS creates a Cloud Map namespace with the \"API calls\" method of instance discovery only. This instance discovery method is the \"HTTP\" namespace type in the Command Line Interface. Other types of instance discovery aren't used by Service Connect.
If you update the service with an empty string \"\" for the namespace name, the cluster configuration for Service Connect is removed. Note that the namespace will remain in Cloud Map and must be deleted separately.
For more information about Cloud Map, see Working with Services in the Cloud Map Developer Guide.
", - "ClusterSetting$value": "The value to set for the cluster setting. The supported values are enabled and disabled. If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be disabled unless the containerInsights account setting is enabled. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.
The value to set for the cluster setting. The supported values are enabled and disabled. If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be off unless the containerInsights account setting is turned on. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.
The Amazon Resource Name (ARN) of the container.
", "Container$taskArn": "The ARN of the task.
", "Container$name": "The name of the container.
", @@ -2038,7 +2050,7 @@ "CreateTaskSetRequest$taskDefinition": "The task definition for the tasks in the task set to use.
", "CreateTaskSetRequest$platformVersion": "The platform version that the tasks in the task set uses. A platform version is specified only for tasks using the Fargate launch type. If one isn't specified, the LATEST platform version is used.
The identifier that you provide to ensure the idempotency of the request. It's case sensitive and must be unique. It can be up to 32 ASCII characters are allowed.
", - "DeleteAccountSettingRequest$principalArn": "The Amazon Resource Name (ARN) of the principal. It can be an IAM user, IAM role, or the root user. If you specify the root user, it disables the account setting for all IAM users, IAM roles, and the root user of the account unless an IAM user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.
", + "DeleteAccountSettingRequest$principalArn": "The Amazon Resource Name (ARN) of the principal. It can be an user, role, or the root user. If you specify the root user, it disables the account setting for all users, roles, and the root user of the account unless a user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.
", "DeleteAttributesRequest$cluster": "The short name or full Amazon Resource Name (ARN) of the cluster that contains the resource to delete attributes. If you do not specify a cluster, the default cluster is assumed.
", "DeleteCapacityProviderRequest$capacityProvider": "The short name or full Amazon Resource Name (ARN) of the capacity provider to delete.
", "DeleteClusterRequest$cluster": "The short name or full Amazon Resource Name (ARN) of the cluster to delete.
", @@ -2111,7 +2123,7 @@ "KeyValuePair$name": "The name of the key-value pair. For environment variables, this is the name of the environment variable.
", "KeyValuePair$value": "The value of the key-value pair. For environment variables, this is the value of the environment variable.
", "ListAccountSettingsRequest$value": "The value of the account settings to filter results with. You must also specify an account setting name to use this parameter.
", - "ListAccountSettingsRequest$principalArn": "The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the account settings are listed only for the authenticated user.
Federated users assume the account setting of the root user and can't have explicit account settings set for them.
The ARN of the principal, which can be a user, role, or the root user. If this field is omitted, the account settings are listed only for the authenticated user.
Federated users assume the account setting of the root user and can't have explicit account settings set for them.
The nextToken value returned from a ListAccountSettings request indicating that more results are available to fulfill the request and further calls will be needed. If maxResults was provided, it's possible the number of results to be fewer than maxResults.
This token should be treated as an opaque identifier that is only used to retrieve the next items in a list and not for other programmatic purposes.
The nextToken value to include in a future ListAccountSettings request. When the results of a ListAccountSettings request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.
The short name or full Amazon Resource Name (ARN) of the cluster to list attributes. If you do not specify a cluster, the default cluster is assumed.
", @@ -2167,12 +2179,12 @@ "PlacementStrategy$field": "The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that's applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are cpu and memory. For the random placement strategy, this field is not used.
The ID for the GPUs on the container instance. The available GPU IDs can also be obtained on the container instance in the /var/lib/ecs/gpu/nvidia_gpu_info.json file.
The name that's used for the port mapping. This parameter only applies to Service Connect. This parameter is the name that you use in the serviceConnectConfiguration of a service. The name can include up to 64 characters. The characters can include lowercase letters, numbers, underscores (_), and hyphens (-). The name can't start with a hyphen.
For more information, see Service Connect in the Amazon Elastic Container Service Developer Guide.
", - "PortMapping$containerPortRange": "The port number range on the container that's bound to the dynamically mapped host port range.
The following rules apply when you specify a containerPortRange:
You must use either the bridge network mode or the awsvpc network mode.
This parameter is available for both the EC2 and Fargate launch types.
This parameter is available for both the Linux and Windows operating systems.
The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ecs-init package
You can specify a maximum of 100 port ranges per container.
You do not specify a hostPortRange. The value of the hostPortRange is set as follows:
For containers in a task with the awsvpc network mode, the hostPort is set to the same value as the containerPort. This is a static mapping strategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.
The containerPortRange valid values are between 1 and 65535.
A port can only be included in one port mapping per container.
You cannot specify overlapping port ranges.
The first port in the range must be less than last port in the range.
Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
For more information, see Issue #11185 on the Github website.
For information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.
You can call DescribeTasks to view the hostPortRange which are the host ports that are bound to the container ports.
The port number range on the container that's bound to the dynamically mapped host port range.
The following rules apply when you specify a containerPortRange:
You must use either the bridge network mode or the awsvpc network mode.
This parameter is available for both the EC2 and Fargate launch types.
This parameter is available for both the Linux and Windows operating systems.
The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ecs-init package
You can specify a maximum of 100 port ranges per container.
You do not specify a hostPortRange. The value of the hostPortRange is set as follows:
For containers in a task with the awsvpc network mode, the hostPort is set to the same value as the containerPort. This is a static mapping strategy.
For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.
The containerPortRange valid values are between 1 and 65535.
A port can only be included in one port mapping per container.
You cannot specify overlapping port ranges.
The first port in the range must be less than last port in the range.
Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.
For more information, see Issue #11185 on the Github website.
For information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.
You can call DescribeTasks to view the hostPortRange which are the host ports that are bound to the container ports.
The task ARN.
", "ProxyConfiguration$containerName": "The name of the container that will serve as the App Mesh proxy.
", "PutAccountSettingDefaultRequest$value": "The account setting value for the specified principal ARN. Accepted values are enabled and disabled.
The account setting value for the specified principal ARN. Accepted values are enabled and disabled.
The ARN of the principal, which can be an IAM user, IAM role, or the root user. If you specify the root user, it modifies the account setting for all IAM users, IAM roles, and the root user of the account unless an IAM user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.
Federated users assume the account setting of the root user and can't have explicit account settings set for them.
The ARN of the principal, which can be a user, role, or the root user. If you specify the root user, it modifies the account setting for all users, roles, and the root user of the account unless a user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.
Federated users assume the account setting of the root user and can't have explicit account settings set for them.
The short name or full Amazon Resource Name (ARN) of the cluster that contains the resource to apply attributes. If you do not specify a cluster, the default cluster is assumed.
", "PutClusterCapacityProvidersRequest$cluster": "The short name or full Amazon Resource Name (ARN) of the cluster to modify the capacity provider settings for. If you don't specify a cluster, the default cluster is assumed.
", "RegisterContainerInstanceRequest$cluster": "The short name or full Amazon Resource Name (ARN) of the cluster to register your container instance with. If you do not specify a cluster, the default cluster is assumed.
", @@ -2193,7 +2205,7 @@ "RunTaskRequest$platformVersion": "The platform version the task uses. A platform version is only specified for tasks hosted on Fargate. If one isn't specified, the LATEST platform version is used. For more information, see Fargate platform versions in the Amazon Elastic Container Service Developer Guide.
The reference ID to use for the task. The reference ID can have a maximum length of 1024 characters.
", "RunTaskRequest$startedBy": "An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the startedBy parameter. You can then identify which tasks belong to that job by filtering the results of a ListTasks call with the startedBy value. Up to 36 letters (uppercase and lowercase), numbers, hyphens (-), and underscores (_) are allowed.
If a task is started by an Amazon ECS service, then the startedBy parameter contains the deployment ID of the service that starts it.
The family and revision (family:revision) or full ARN of the task definition to run. If a revision isn't specified, the latest ACTIVE revision is used.
When you create an IAM policy for run-task, you can set the resource to be the latest task definition revision, or a specific revision.
The full ARN value must match the value that you specified as the Resource of the IAM principal's permissions policy.
When you specify the policy resource as the latest task definition version (by setting the Resource in the policy to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName), then set this value to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName.
When you specify the policy resource as a specific task definition version (by setting the Resource in the policy to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:1 or arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:*), then set this value to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:1.
For more information, see Policy Resources for Amazon ECS in the Amazon Elastic Container Service developer Guide.
", + "RunTaskRequest$taskDefinition": "The family and revision (family:revision) or full ARN of the task definition to run. If a revision isn't specified, the latest ACTIVE revision is used.
When you create a policy for run-task, you can set the resource to be the latest task definition revision, or a specific revision.
The full ARN value must match the value that you specified as the Resource of the principal's permissions policy.
When you specify the policy resource as the latest task definition version (by setting the Resource in the policy to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName), then set this value to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName.
When you specify the policy resource as a specific task definition version (by setting the Resource in the policy to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:1 or arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:*), then set this value to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName:1.
For more information, see Policy Resources for Amazon ECS in the Amazon Elastic Container Service developer Guide.
", "Secret$name": "The name of the secret.
", "Secret$valueFrom": "The secret to expose to the container. The supported values are either the full ARN of the Secrets Manager secret or the full ARN of the parameter in the SSM Parameter Store.
For information about the require Identity and Access Management permissions, see Required IAM permissions for Amazon ECS secrets (for Secrets Manager) or Required IAM permissions for Amazon ECS secrets (for Systems Manager Parameter store) in the Amazon Elastic Container Service Developer Guide.
If the SSM Parameter Store parameter exists in the same Region as the task you're launching, then you can use either the full ARN or name of the parameter. If the parameter exists in a different Region, then the full ARN must be specified.
The container name value to be used for your service discovery service. It's already specified in the task definition. If the task definition that your service task specifies uses the bridge or host network mode, you must specify a containerName and containerPort combination from the task definition. If the task definition that your service task specifies uses the awsvpc network mode and a type SRV DNS record is used, you must specify either a containerName and containerPort combination or a port value. However, you can't specify both.
The ID of the execute command session.
", "Session$streamUrl": "A URL to the managed agent on the container that the SSM Session Manager client uses to send commands and receive output from the container.
", - "Setting$value": "Determines whether the account setting is enabled or disabled for the specified resource.
", - "Setting$principalArn": "The ARN of the principal. It can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.
", + "Setting$value": "Determines whether the account setting is on or off for the specified resource.
", + "Setting$principalArn": "The ARN of the principal. It can be a user, role, or the root user. If this field is omitted, the authenticated user is assumed.
", "StartTaskRequest$cluster": "The short name or full Amazon Resource Name (ARN) of the cluster where to start your task. If you do not specify a cluster, the default cluster is assumed.
", "StartTaskRequest$group": "The name of the task group to associate with the task. The default value is the family name of the task definition (for example, family:my-family-name).
", "StartTaskRequest$referenceId": "The reference ID to use for the task.
", "StartTaskRequest$startedBy": "An optional tag specified when a task is started. For example, if you automatically trigger a task to run a batch process job, you could apply a unique identifier for that job to your task with the startedBy parameter. You can then identify which tasks belong to that job by filtering the results of a ListTasks call with the startedBy value. Up to 36 letters (uppercase and lowercase), numbers, hyphens (-), and underscores (_) are allowed.
If a task is started by an Amazon ECS service, the startedBy parameter contains the deployment ID of the service that starts it.
The family and revision (family:revision) or full ARN of the task definition to start. If a revision isn't specified, the latest ACTIVE revision is used.
The short name or full Amazon Resource Name (ARN) of the cluster that hosts the task to stop. If you do not specify a cluster, the default cluster is assumed.
", - "StopTaskRequest$task": "The task ID or full Amazon Resource Name (ARN) of the task to stop.
", + "StopTaskRequest$task": "The task ID of the task to stop.
", "StopTaskRequest$reason": "An optional message specified when a task is stopped. For example, if you're using a custom scheduler, you can use this parameter to specify the reason for stopping the task here, and the message appears in subsequent DescribeTasks API operations on this task. Up to 255 characters are allowed in this message.
", "StringList$member": null, "StringMap$key": null, @@ -2272,9 +2284,9 @@ "TaskDefinition$registeredBy": "The principal that registered the task definition.
", "TaskDefinitionPlacementConstraint$expression": "A cluster query language expression to apply to the constraint. For more information, see Cluster query language in the Amazon Elastic Container Service Developer Guide.
", "TaskOverride$cpu": "The CPU override for the task.
", - "TaskOverride$executionRoleArn": "The Amazon Resource Name (ARN) of the task execution IAM role override for the task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide.
", + "TaskOverride$executionRoleArn": "The Amazon Resource Name (ARN) of the task execution role override for the task. For more information, see Amazon ECS task execution IAM role in the Amazon Elastic Container Service Developer Guide.
", "TaskOverride$memory": "The memory override for the task.
", - "TaskOverride$taskRoleArn": "The Amazon Resource Name (ARN) of the IAM role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role. For more information, see IAM Role for Tasks in the Amazon Elastic Container Service Developer Guide.
", + "TaskOverride$taskRoleArn": "The Amazon Resource Name (ARN) of the role that containers in this task can assume. All containers in this task are granted the permissions that are specified in this role. For more information, see IAM Role for Tasks in the Amazon Elastic Container Service Developer Guide.
", "TaskSet$id": "The ID of the task set.
", "TaskSet$taskSetArn": "The Amazon Resource Name (ARN) of the task set.
", "TaskSet$serviceArn": "The Amazon Resource Name (ARN) of the service the task set exists in.
", @@ -2324,7 +2336,8 @@ "ContainerDefinition$dnsSearchDomains": "A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch in the Create a container section of the Docker Remote API and the --dns-search option to docker run.
This parameter is not supported for Windows containers.
A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems. This field isn't valid for containers in tasks using the Fargate launch type.
With Windows containers, this parameter can be used to reference a credential spec file when configuring a container for Active Directory authentication. For more information, see Using gMSAs for Windows Containers in the Amazon Elastic Container Service Developer Guide.
This parameter maps to SecurityOpt in the Create a container section of the Docker Remote API and the --security-opt option to docker run.
The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.
For more information about valid values, see Docker Run Security Configuration.
Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"
", "ContainerOverride$command": "The command to send to the container that overrides the default command from the Docker image or the task definition. You must also specify a container name.
", - "CreateClusterRequest$capacityProviders": "The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the CreateService or RunTask actions.
If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the CreateCapacityProvider API operation.
To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.
The PutClusterCapacityProviders API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
", + "CreateClusterRequest$capacityProviders": "The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the CreateService or RunTask actions.
If specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the CreateCapacityProvider API operation.
To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT capacity providers. The Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.
The PutCapacityProvider API operation is used to update the list of available capacity providers for a cluster after the cluster is created.
", + "DeleteTaskDefinitionsRequest$taskDefinitions": "The family and revision (family:revision) or full Amazon Resource Name (ARN) of the task definition to delete. You must specify a revision.
You can specify up to 10 task definitions as a comma separated list.
", "DeploymentAlarms$alarmNames": "One or more CloudWatch alarm names. Use a \",\" to separate the alarms.
", "DescribeCapacityProvidersRequest$capacityProviders": "The short name or full Amazon Resource Name (ARN) of one or more capacity providers. Up to 100 capacity providers can be described in an action.
A list of up to 100 cluster names or full cluster Amazon Resource Name (ARN) entries. If you do not specify a cluster, the default cluster is assumed.
", @@ -2333,7 +2346,7 @@ "DescribeTaskSetsRequest$taskSets": "The ID or full Amazon Resource Name (ARN) of task sets to describe.
", "DescribeTasksRequest$tasks": "A list of up to 100 task IDs or full ARN entries.
", "GetTaskProtectionRequest$tasks": "A list of up to 100 task IDs or full ARN entries.
", - "HealthCheck$command": "A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.
When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in brackets.
[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]
You don't need to include the brackets when you use the Amazon Web Services Management Console.
\"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\"
An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the Create a container section of the Docker Remote API.
A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.
When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in double quotes and brackets.
[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]
You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.
CMD-SHELL, curl -f http://localhost/ || exit 1
An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the Create a container section of the Docker Remote API.
The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the Create a container section of the Docker Remote API and the --cap-add option to docker run.
Tasks launched on Fargate only support adding the SYS_PTRACE kernel capability.
Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"
The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the Create a container section of the Docker Remote API and the --cap-drop option to docker run.
Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"
The list of full Amazon Resource Name (ARN) entries for each cluster that's associated with your account.
", @@ -2487,7 +2500,8 @@ "refs": { "DeregisterTaskDefinitionResponse$taskDefinition": "The full description of the deregistered task.
", "DescribeTaskDefinitionResponse$taskDefinition": "The full task definition description.
", - "RegisterTaskDefinitionResponse$taskDefinition": "The full description of the registered task definition.
" + "RegisterTaskDefinitionResponse$taskDefinition": "The full description of the registered task definition.
", + "TaskDefinitionList$member": null } }, "TaskDefinitionFamilyStatus": { @@ -2508,6 +2522,12 @@ "DescribeTaskDefinitionRequest$include": "Determines whether to see the resource tags for the task definition. If TAGS is specified, the tags are included in the response. If this field is omitted, tags aren't included in the response.
The list of deleted task definitions.
" + } + }, "TaskDefinitionPlacementConstraint": { "base": "An object representing a constraint on task placement in the task definition. For more information, see Task placement constraints in the Amazon Elastic Container Service Developer Guide.
Task placement constraints aren't supported for tasks run on Fargate.
The ulimit settings to pass to the container.
Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 1024 and hard limit is 4096.
The ulimit settings to pass to the container.
Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 1024 and the default hard limit is 4096.
You can specify the ulimit settings for a container in a task definition.
A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in the Create a container section of the Docker Remote API and the --ulimit option to docker run. Valid naming values are displayed in the Ulimit data type.
Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 1024 and hard limit is 4096.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
This parameter is not supported for Windows containers.
A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in the Create a container section of the Docker Remote API and the --ulimit option to docker run. Valid naming values are displayed in the Ulimit data type.
Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 1024 and the default hard limit is 4096.
This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'
This parameter is not supported for Windows containers.
The UntagResource operation removes the association of the tag with the Amazon Managed Grafana resource.
Updates which users in a workspace have the Grafana Admin or Editor roles.
Modifies an existing Amazon Managed Grafana workspace. If you use this operation and omit any optional parameters, the existing values of those parameters are not changed.
To modify the user authentication methods that the workspace uses, such as SAML or IAM Identity Center, use UpdateWorkspaceAuthentication.
To modify which users in the workspace have the Admin and Editor Grafana roles, use UpdatePermissions.
Use this operation to define the identity provider (IdP) that this workspace authenticates users from, using SAML. You can also map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.
Use this operation to define the identity provider (IdP) that this workspace authenticates users from, using SAML. You can also map SAML assertion attributes to workspace user information and define which groups in the assertion attribute are to have the Admin and Editor roles in the workspace.
Changes to the authentication method for a workspace may take a few minutes to take effect.
Updates the configuration string for the given workspace
" }, "shapes": { @@ -178,9 +178,9 @@ "DataSourceTypesList": { "base": null, "refs": { - "CreateWorkspaceRequest$workspaceDataSources": "Specify the Amazon Web Services data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.
If you don't specify a data source here, you can still add it as a data source in the workspace console later. However, you will then have to manually configure permissions for it.
", - "UpdateWorkspaceRequest$workspaceDataSources": "Specify the Amazon Web Services data sources that you want to be queried in this workspace. Specifying these data sources here enables Amazon Managed Grafana to create IAM roles and permissions that allow Amazon Managed Grafana to read data from these sources. You must still add them as data sources in the Grafana console in the workspace.
If you don't specify a data source here, you can still add it as a data source later in the workspace console. However, you will then have to manually configure permissions for it.
", - "WorkspaceDescription$dataSources": "Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.
" + "CreateWorkspaceRequest$workspaceDataSources": "This parameter is for internal use only, and should not be used.
", + "UpdateWorkspaceRequest$workspaceDataSources": "This parameter is for internal use only, and should not be used.
", + "WorkspaceDescription$dataSources": "Specifies the Amazon Web Services data sources that have been configured to have IAM roles and permissions created to allow Amazon Managed Grafana to read data from these sources.
This list is only used when the workspace was created through the Amazon Web Services console, and the permissionType is SERVICE_MANAGED.
The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. If you already have a role that you want to use, specify it here. The permission type should be set to CUSTOMER_MANAGED.
The workspace needs an IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. If you already have a role that you want to use, specify it here. If you omit this field and you specify some Amazon Web Services resources in workspaceDataSources or workspaceNotificationDestinations, a new IAM role with the necessary permissions is automatically created.
Specified the IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from, including both data sources and notification channels. You are responsible for managing the permissions for this role as new data sources or notification channels are added.
", + "UpdateWorkspaceRequest$workspaceRoleArn": "Specifies an IAM role that grants permissions to Amazon Web Services resources that the workspace accesses, such as data sources and notification channels. If this workspace has permissionType CUSTOMER_MANAGED, then this role is required.
The IAM role that grants permissions to the Amazon Web Services resources that the workspace will view data from. This role must already exist.
" } }, @@ -381,7 +381,7 @@ "base": null, "refs": { "CreateWorkspaceRequest$organizationRoleName": "The name of an IAM role that already exists to use with Organizations to access Amazon Web Services data sources and notification channels in other accounts in an organization.
", - "UpdateWorkspaceRequest$organizationRoleName": "The name of an IAM role that already exists to use to access resources through Organizations.
", + "UpdateWorkspaceRequest$organizationRoleName": "The name of an IAM role that already exists to use to access resources through Organizations. This can only be used with a workspace that has the permissionType set to CUSTOMER_MANAGED.
The name of the IAM role that is used to access resources through Organizations.
" } }, @@ -431,9 +431,9 @@ "PermissionType": { "base": null, "refs": { - "CreateWorkspaceRequest$permissionType": "If you specify SERVICE_MANAGED on AWS Grafana console, Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels. In the CLI mode, the permissionType SERVICE_MANAGED will not create the IAM role for you. The ability for the Amazon Managed Grafana to create the IAM role on behalf of the user is supported only in the Amazon Managed Grafana AWS console. Use only the CUSTOMER_MANAGED permission type when creating a workspace in the CLI.
If you specify CUSTOMER_MANAGED, you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization that is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED.
For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels.
", - "UpdateWorkspaceRequest$permissionType": "If you specify SERVICE_MANAGED, Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.
If you specify CUSTOMER_MANAGED, you will manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED.
For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels
", - "WorkspaceDescription$permissionType": "If this is SERVICE_MANAGED, Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.
If this is CUSTOMER_MANAGED, you manage those roles and permissions yourself. If you are creating this workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED.
For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels
" + "CreateWorkspaceRequest$permissionType": "When creating a workspace through the Amazon Web Services API, CLI or Amazon Web Services CloudFormation, you must manage IAM roles and provision the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.
You must also specify a workspaceRoleArn for a role that you will manage for the workspace to use when accessing those datasources and notification channels.
The ability for Amazon Managed Grafana to create and update IAM roles on behalf of the user is supported only in the Amazon Managed Grafana console, where this value may be set to SERVICE_MANAGED.
Use only the CUSTOMER_MANAGED permission type when creating a workspace with the API, CLI or Amazon Web Services CloudFormation.
For more information, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels.
", + "UpdateWorkspaceRequest$permissionType": "Use this parameter if you want to change a workspace from SERVICE_MANAGED to CUSTOMER_MANAGED. This allows you to manage the permissions that the workspace uses to access datasources and notification channels. If the workspace is in a member Amazon Web Services account of an organization, and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, you must choose CUSTOMER_MANAGED.
If you specify this as CUSTOMER_MANAGED, you must also specify a workspaceRoleArn that the workspace will use for accessing Amazon Web Services resources.
For more information on the role and permissions needed, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels
Do not use this to convert a CUSTOMER_MANAGED workspace to SERVICE_MANAGED. Do not include this parameter if you want to leave the workspace as SERVICE_MANAGED.
You can convert a CUSTOMER_MANAGED workspace to SERVICE_MANAGED using the Amazon Managed Grafana console. For more information, see Managing permissions for data sources and notification channels.
If this is SERVICE_MANAGED, and the workplace was created through the Amazon Managed Grafana console, then Amazon Managed Grafana automatically creates the IAM roles and provisions the permissions that the workspace needs to use Amazon Web Services data sources and notification channels.
If this is CUSTOMER_MANAGED, you must manage those roles and permissions yourself.
If you are working with a workspace in a member account of an organization and that account is not a delegated administrator account, and you want the workspace to access data sources in other Amazon Web Services accounts in the organization, this parameter must be set to CUSTOMER_MANAGED.
For more information about converting between customer and service managed, see Managing permissions for data sources and notification channels. For more information about the roles and permissions that must be managed for customer managed workspaces, see Amazon Managed Grafana permissions and policies for Amazon Web Services data sources and notification channels
" } }, "PrefixListId": { diff --git a/models/apis/grafana/2020-08-18/endpoint-tests-1.json b/models/apis/grafana/2020-08-18/endpoint-tests-1.json index c2602a63774..83d5051c2d0 100644 --- a/models/apis/grafana/2020-08-18/endpoint-tests-1.json +++ b/models/apis/grafana/2020-08-18/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "Region": "ap-northeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-1" } }, { @@ -21,9 +21,9 @@ } }, "params": { - "Region": "ap-northeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-2" } }, { @@ -34,9 +34,9 @@ } }, "params": { - "Region": "ap-southeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-1" } }, { @@ -47,9 +47,9 @@ } }, "params": { - "Region": "ap-southeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-2" } }, { @@ -60,9 +60,9 @@ } }, "params": { - "Region": "eu-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-central-1" } }, { @@ -73,9 +73,9 @@ } }, "params": { - "Region": "eu-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-1" } }, { @@ -86,9 +86,9 @@ } }, "params": { - "Region": "eu-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-2" } }, { @@ -99,9 +99,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -112,9 +112,9 @@ } }, "params": { - "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-2" } }, { @@ -125,9 +125,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-2" } }, { @@ -138,9 +138,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -151,9 +151,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -164,9 +164,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -177,9 +177,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -190,9 +190,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -203,9 +203,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -216,9 +216,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -229,9 +229,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -242,9 +242,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -255,9 +255,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -268,9 +268,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -281,9 +281,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-iso-east-1" } }, { @@ -294,9 +294,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-iso-east-1" } }, { @@ -307,9 +307,9 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-isob-east-1" } }, { @@ -320,9 +320,9 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-isob-east-1" } }, { @@ -333,9 +333,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -358,9 +358,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": false, "UseFIPS": true, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -370,9 +370,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": true, "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/models/apis/guardduty/2017-11-28/docs-2.json b/models/apis/guardduty/2017-11-28/docs-2.json index 71529849ecb..0c0ab785b23 100644 --- a/models/apis/guardduty/2017-11-28/docs-2.json +++ b/models/apis/guardduty/2017-11-28/docs-2.json @@ -5,12 +5,12 @@ "AcceptAdministratorInvitation": "Accepts the invitation to be a member account and get monitored by a GuardDuty administrator account that sent the invitation.
", "AcceptInvitation": "Accepts the invitation to be monitored by a GuardDuty administrator account.
", "ArchiveFindings": "Archives GuardDuty findings that are specified by the list of finding IDs.
Only the administrator account can archive findings. Member accounts don't have permission to archive findings from their accounts.
Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
", + "CreateDetector": "Creates a single Amazon GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "CreateFilter": "Creates a filter using the specified finding criteria.
", "CreateIPSet": "Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
", - "CreateMembers": "Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.
If you are adding accounts by invitation use this action after GuardDuty has been enabled in potential member accounts and before using Invite Members .
Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
When using Create Members as an organizations delegated administrator this action will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account, which must enable GuardDuty prior to being added as a member.
If you are adding accounts by invitation, use this action after GuardDuty has bee enabled in potential member accounts and before using InviteMembers.
", "CreatePublishingDestination": "Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
", - "CreateSampleFindings": "Generates example findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates example findings of all supported finding types.
Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.
Creates a new ThreatIntelSet. ThreatIntelSets consist of known malicious IP addresses. GuardDuty generates findings based on ThreatIntelSets. Only users of the administrator account can use this operation.
", "DeclineInvitations": "Declines invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
", "DeleteDetector": "Deletes an Amazon GuardDuty detector that is specified by the detector ID.
", @@ -20,8 +20,8 @@ "DeleteMembers": "Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
", "DeletePublishingDestination": "Deletes the publishing definition with the specified destinationId.
Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
", - "DescribeMalwareScans": "Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.
", - "DescribeOrganizationConfiguration": "Returns information about the account selected as the delegated administrator for GuardDuty.
", + "DescribeMalwareScans": "Returns a list of malware scans. Each member account can view the malware scans for their own accounts. An administrator can view the malware scans for all the member accounts.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "DescribeOrganizationConfiguration": "Returns information about the account selected as the delegated administrator for GuardDuty.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "DescribePublishingDestination": "Returns information about the publishing destination specified by the provided destinationId.
Disables an Amazon Web Services account within the Organization as the GuardDuty delegated administrator.
", "DisassociateFromAdministratorAccount": "Disassociates the current GuardDuty member account from its administrator account.
", @@ -29,15 +29,15 @@ "DisassociateMembers": "Disassociates GuardDuty member accounts (to the current administrator account) specified by the account IDs.
", "EnableOrganizationAdminAccount": "Enables an Amazon Web Services account within the organization as the GuardDuty delegated administrator.
", "GetAdministratorAccount": "Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
", - "GetDetector": "Retrieves an Amazon GuardDuty detector specified by the detectorId.
", + "GetDetector": "Retrieves an Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "GetFilter": "Returns the details of the filter specified by the filter name.
", "GetFindings": "Describes Amazon GuardDuty findings specified by finding IDs.
", "GetFindingsStatistics": "Lists Amazon GuardDuty findings statistics for the specified detector ID.
", "GetIPSet": "Retrieves the IPSet specified by the ipSetId.
Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
", - "GetMalwareScanSettings": "Returns the details of the malware scan settings.
", + "GetMalwareScanSettings": "Returns the details of the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "GetMasterAccount": "Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
", - "GetMemberDetectors": "Describes which data sources are enabled for the member account's detector.
", + "GetMemberDetectors": "Describes which data sources are enabled for the member account's detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "GetMembers": "Retrieves GuardDuty member accounts (of the current GuardDuty administrator account) specified by the account IDs.
", "GetRemainingFreeTrialDays": "Provides the number of days left for each data source used in the free trial period.
", "GetThreatIntelSet": "Retrieves the ThreatIntelSet that is specified by the ThreatIntelSet ID.
", @@ -58,13 +58,13 @@ "TagResource": "Adds tags to a resource.
", "UnarchiveFindings": "Unarchives GuardDuty findings specified by the findingIds.
Removes tags from a resource.
", - "UpdateDetector": "Updates the Amazon GuardDuty detector specified by the detectorId.
", + "UpdateDetector": "Updates the Amazon GuardDuty detector specified by the detectorId.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "UpdateFilter": "Updates the filter specified by the filter name.
", "UpdateFindingsFeedback": "Marks the specified GuardDuty findings as useful or not useful.
", "UpdateIPSet": "Updates the IPSet specified by the IPSet ID.
", - "UpdateMalwareScanSettings": "Updates the malware scan settings.
", - "UpdateMemberDetectors": "Contains information on member accounts to be updated.
", - "UpdateOrganizationConfiguration": "Updates the delegated administrator account with the values provided.
", + "UpdateMalwareScanSettings": "Updates the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "UpdateMemberDetectors": "Contains information on member accounts to be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "UpdateOrganizationConfiguration": "Updates the delegated administrator account with the values provided.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "UpdatePublishingDestination": "Updates information about the publishing destination specified by the destinationId.
Updates the ThreatIntelSet specified by the ThreatIntelSet ID.
" }, @@ -98,7 +98,7 @@ "AccessKeyDetails": { "base": "Contains information about the access keys.
", "refs": { - "Resource$AccessKeyDetails": "The IAM access key details (IAM user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
" + "Resource$AccessKeyDetails": "The IAM access key details (user information) of a user that engaged in the activity that prompted GuardDuty to generate a finding.
" } }, "AccountDetail": { @@ -431,8 +431,8 @@ "DataSourceConfigurations": { "base": "Contains information about which data sources are enabled.
", "refs": { - "CreateDetectorRequest$DataSources": "Describes which data sources will be enabled for the detector.
", - "UpdateDetectorRequest$DataSources": "Describes which data sources will be updated.
", + "CreateDetectorRequest$DataSources": "Describes which data sources will be enabled for the detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", + "UpdateDetectorRequest$DataSources": "Describes which data sources will be updated.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
", "UpdateMemberDetectorsRequest$DataSources": "Describes which data sources will be updated.
" } }, @@ -883,9 +883,9 @@ "FilterDescription": { "base": null, "refs": { - "CreateFilterRequest$Description": "The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.
", + "CreateFilterRequest$Description": "The description of the filter. Valid characters include alphanumeric characters, and special characters such as -, ., :, { }, [ ], ( ), /, \\t, \\n, \\x0B, \\f, \\r, _, and whitespace.
The description of the filter.
", - "UpdateFilterRequest$Description": "The description of the filter. Valid special characters include period (.), underscore (_), dash (-), and whitespace. The new line character is considered to be an invalid input for description.
" + "UpdateFilterRequest$Description": "The description of the filter. Valid characters include alphanumeric characters, and special characters such as hyphen, period, colon, underscore, parentheses ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, form feed, return, and whitespace.
Contains information about the criteria used for querying findings.
", "refs": { - "CreateFilterRequest$FindingCriteria": "Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.outpostArn
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.userAgent
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
resource.s3BucketDetails.publicAccess.effectivePermissions
resource.s3BucketDetails.name
resource.s3BucketDetails.tags.key
resource.s3BucketDetails.tags.value
resource.s3BucketDetails.type
service.archived
When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
Represents the criteria to be used in the filter for querying findings.
You can only use the following attributes to query findings:
accountId
region
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.outpostArn
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.errorCode
service.action.awsApiCallAction.userAgent
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.localIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.city.cityName
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
resource.s3BucketDetails.publicAccess.effectivePermissions
resource.s3BucketDetails.name
resource.s3BucketDetails.tags.key
resource.s3BucketDetails.tags.value
resource.s3BucketDetails.type
service.resourceRole
severity
type
updatedAt
Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.
Represents the criteria to be used in the filter for querying findings.
", "GetFindingsStatisticsRequest$FindingCriteria": "Represents the criteria that is used for querying findings.
", "ListFindingsRequest$FindingCriteria": "Represents the criteria used for querying findings. Valid values include:
JSON field name
accountId
region
confidence
id
resource.accessKeyDetails.accessKeyId
resource.accessKeyDetails.principalId
resource.accessKeyDetails.userName
resource.accessKeyDetails.userType
resource.instanceDetails.iamInstanceProfile.id
resource.instanceDetails.imageId
resource.instanceDetails.instanceId
resource.instanceDetails.networkInterfaces.ipv6Addresses
resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
resource.instanceDetails.networkInterfaces.publicDnsName
resource.instanceDetails.networkInterfaces.publicIp
resource.instanceDetails.networkInterfaces.securityGroups.groupId
resource.instanceDetails.networkInterfaces.securityGroups.groupName
resource.instanceDetails.networkInterfaces.subnetId
resource.instanceDetails.networkInterfaces.vpcId
resource.instanceDetails.tags.key
resource.instanceDetails.tags.value
resource.resourceType
service.action.actionType
service.action.awsApiCallAction.api
service.action.awsApiCallAction.callerType
service.action.awsApiCallAction.remoteIpDetails.city.cityName
service.action.awsApiCallAction.remoteIpDetails.country.countryName
service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
service.action.awsApiCallAction.remoteIpDetails.organization.asn
service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
service.action.awsApiCallAction.serviceName
service.action.dnsRequestAction.domain
service.action.networkConnectionAction.blocked
service.action.networkConnectionAction.connectionDirection
service.action.networkConnectionAction.localPortDetails.port
service.action.networkConnectionAction.protocol
service.action.networkConnectionAction.remoteIpDetails.country.countryName
service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
service.action.networkConnectionAction.remoteIpDetails.organization.asn
service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
service.action.networkConnectionAction.remotePortDetails.port
service.additionalInfo.threatListName
service.archived
When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.
service.resourceRole
severity
type
updatedAt
Type: Timestamp in Unix Epoch millisecond format: 1486685375000
The user-friendly name to identify the IPSet.
Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).
", + "CreateIPSetRequest$Name": "The user-friendly name to identify the IPSet.
Allowed characters are alphanumeric, whitespace, dash (-), and underscores (_).
", "CreateThreatIntelSetRequest$Name": "A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
", "GetIPSetResponse$Name": "The user-friendly name for the IPSet.
", "GetThreatIntelSetResponse$Name": "A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.
", @@ -1579,7 +1579,7 @@ "FilterCondition$EqualsValue": "Represents an equal condition to be applied to a single field when querying for scan entries.
", "Scan$ScanId": "The unique scan ID associated with a scan entry.
", "Scan$FailureReason": "Represents the reason for FAILED scan status.
", - "TriggerDetails$GuardDutyFindingId": "The ID of the GuardDuty finding that triggered the BirdDog scan.
", + "TriggerDetails$GuardDutyFindingId": "The ID of the GuardDuty finding that triggered the malware scan.
", "TriggerDetails$Description": "The description of the scan trigger.
" } }, @@ -1959,7 +1959,7 @@ "SortCriteria": { "base": "Contains information about the criteria used for sorting findings.
", "refs": { - "DescribeMalwareScansRequest$SortCriteria": "Represents the criteria used for sorting scan entries.
", + "DescribeMalwareScansRequest$SortCriteria": "Represents the criteria used for sorting scan entries. The attributeName is required and it must be scanStartTime.
Represents the criteria used for sorting findings.
", "ListFindingsRequest$SortCriteria": "Represents the criteria used for sorting findings.
" } @@ -2197,7 +2197,7 @@ "Service$FeatureName": "The name of the feature that generated a finding.
", "ServiceAdditionalInfo$Value": "This field specifies the value of the additional information.
", "ServiceAdditionalInfo$Type": "Describes the type of the additional information.
", - "SortCriteria$AttributeName": "Represents the finding attribute (for example, accountId) to sort findings by.
", + "SortCriteria$AttributeName": "Represents the finding attribute, such as accountId, that sorts the findings.
The EC2 instance tag key.
", diff --git a/models/apis/guardduty/2017-11-28/endpoint-rule-set-1.json b/models/apis/guardduty/2017-11-28/endpoint-rule-set-1.json index 90f83fd3902..bd3e1c6f766 100644 --- a/models/apis/guardduty/2017-11-28/endpoint-rule-set-1.json +++ b/models/apis/guardduty/2017-11-28/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,199 +111,263 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsDualStack" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://guardduty-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://guardduty-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-us-gov", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] } ] } ], - "endpoint": { - "url": "https://guardduty.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://guardduty.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://guardduty-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] }, { "conditions": [], - "endpoint": { - "url": "https://guardduty-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://guardduty.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], - "endpoint": { - "url": "https://guardduty.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://guardduty.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://guardduty.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/guardduty/2017-11-28/endpoint-tests-1.json b/models/apis/guardduty/2017-11-28/endpoint-tests-1.json index 75c66c71b9a..514a0597591 100644 --- a/models/apis/guardduty/2017-11-28/endpoint-tests-1.json +++ b/models/apis/guardduty/2017-11-28/endpoint-tests-1.json @@ -1,1518 +1,536 @@ { "testCases": [ { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-south-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.us-gov-east-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-gov-east-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-gov-east-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "us-gov-east-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.me-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "me-central-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.me-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "me-central-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.me-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "me-central-1" - } - }, - { - "documentation": "For region me-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.me-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "me-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ca-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ca-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ca-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-central-1" - } - }, - { - "documentation": "For region eu-central-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-central-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region eu-central-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-central-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region eu-central-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-central-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region eu-central-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-central-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-central-2" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.us-west-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-west-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "us-west-1" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.us-west-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-west-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "us-west-2" - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.us-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "us-west-2" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.af-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.af-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.af-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "af-south-1" - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.af-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "af-south-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-north-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-north-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-north-1" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-west-3.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-west-3.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-west-3" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-west-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-west-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-west-2" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-west-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-west-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "eu-west-1" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-northeast-3.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-northeast-3.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-northeast-3.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-northeast-3.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-northeast-3" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-northeast-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-northeast-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-northeast-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-northeast-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-northeast-2" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-northeast-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.ap-northeast-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-northeast-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.ap-northeast-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-northeast-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.me-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "me-south-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.me-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "me-south-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty.me-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "me-south-1" - } - }, - { - "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://guardduty.me-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "me-south-1" - } - }, - { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://guardduty-fips.sa-east-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "sa-east-1" - } - }, - { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.sa-east-1.amazonaws.com" + "url": "https://guardduty.af-south-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "sa-east-1" + "Region": "af-south-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.sa-east-1.api.aws" + "url": "https://guardduty.ap-east-1.amazonaws.com" } }, "params": { + "Region": "ap-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "sa-east-1" + "UseDualStack": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.sa-east-1.amazonaws.com" + "url": "https://guardduty.ap-northeast-1.amazonaws.com" } }, "params": { + "Region": "ap-northeast-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "sa-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-east-1.api.aws" + "url": "https://guardduty.ap-northeast-2.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-east-1" + "Region": "ap-northeast-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-east-1.amazonaws.com" + "url": "https://guardduty.ap-northeast-3.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-east-1" + "Region": "ap-northeast-3", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-east-1.api.aws" + "url": "https://guardduty.ap-south-1.amazonaws.com" } }, "params": { + "Region": "ap-south-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-east-1.amazonaws.com" + "url": "https://guardduty.ap-southeast-1.amazonaws.com" } }, "params": { + "Region": "ap-southeast-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-east-1" + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://guardduty.ap-southeast-2.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "cn-north-1" + "Region": "ap-southeast-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.cn-north-1.amazonaws.com.cn" + "url": "https://guardduty.ap-southeast-3.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "cn-north-1" + "Region": "ap-southeast-3", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.cn-north-1.api.amazonwebservices.com.cn" + "url": "https://guardduty.ca-central-1.amazonaws.com" } }, "params": { + "Region": "ca-central-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "cn-north-1" + "UseDualStack": false } }, { - "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.cn-north-1.amazonaws.com.cn" + "url": "https://guardduty.eu-central-1.amazonaws.com" } }, "params": { + "Region": "eu-central-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "cn-north-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.us-gov-west-1.api.aws" + "url": "https://guardduty.eu-north-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-gov-west-1" + "Region": "eu-north-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-gov-west-1.amazonaws.com" + "url": "https://guardduty.eu-south-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "us-gov-west-1" + "Region": "eu-south-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack enabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-gov-west-1.api.aws" + "url": "https://guardduty.eu-west-1.amazonaws.com" } }, "params": { + "Region": "eu-west-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-gov-west-1.amazonaws.com" + "url": "https://guardduty.eu-west-2.amazonaws.com" } }, "params": { + "Region": "eu-west-2", "UseFIPS": false, - "UseDualStack": false, - "Region": "us-gov-west-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-southeast-1.api.aws" + "url": "https://guardduty.eu-west-3.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-southeast-1" + "Region": "eu-west-3", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region me-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-southeast-1.amazonaws.com" + "url": "https://guardduty.me-south-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-southeast-1" + "Region": "me-south-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-southeast-1.api.aws" + "url": "https://guardduty.sa-east-1.amazonaws.com" } }, "params": { + "Region": "sa-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-southeast-1.amazonaws.com" + "url": "https://guardduty.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-southeast-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-southeast-2.api.aws" + "url": "https://guardduty-fips.us-east-1.amazonaws.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-southeast-2" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-southeast-2.amazonaws.com" + "url": "https://guardduty.us-east-2.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-southeast-2" + "Region": "us-east-2", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-southeast-2.api.aws" + "url": "https://guardduty-fips.us-east-2.amazonaws.com" } }, "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-southeast-2" + "Region": "us-east-2", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-southeast-2.amazonaws.com" + "url": "https://guardduty.us-west-1.amazonaws.com" } }, "params": { + "Region": "us-west-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-southeast-2" + "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "error": "FIPS and DualStack are enabled, but this partition does not support one or both" - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-iso-east-1" - } - }, - { - "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.us-iso-east-1.c2s.ic.gov" + "url": "https://guardduty-fips.us-west-1.amazonaws.com" } }, "params": { + "Region": "us-west-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "us-iso-east-1" - } - }, - { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", - "expect": { - "error": "DualStack is enabled but this partition does not support DualStack" - }, - "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "us-iso-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-iso-east-1.c2s.ic.gov" + "url": "https://guardduty.us-west-2.amazonaws.com" } }, "params": { + "Region": "us-west-2", "UseFIPS": false, - "UseDualStack": false, - "Region": "us-iso-east-1" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack enabled", + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-southeast-3.api.aws" + "url": "https://guardduty-fips.us-west-2.amazonaws.com" } }, "params": { + "Region": "us-west-2", "UseFIPS": true, - "UseDualStack": true, - "Region": "ap-southeast-3" + "UseDualStack": false } }, { - "documentation": "For region ap-southeast-3 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.ap-southeast-3.amazonaws.com" + "url": "https://guardduty-fips.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "ap-southeast-3" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-southeast-3.api.aws" + "url": "https://guardduty.us-east-1.api.aws" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "ap-southeast-3" + "UseDualStack": true } }, { - "documentation": "For region ap-southeast-3 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.ap-southeast-3.amazonaws.com" + "url": "https://guardduty.cn-north-1.amazonaws.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "ap-southeast-3" + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.us-east-1.api.aws" + "url": "https://guardduty.cn-northwest-1.amazonaws.com.cn" } }, "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-east-1" + "Region": "cn-northwest-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.us-east-1.amazonaws.com" + "url": "https://guardduty-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "us-east-1" + "UseDualStack": true } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-east-1.api.aws" + "url": "https://guardduty-fips.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "us-east-1" + "Region": "cn-north-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://guardduty.us-east-1.amazonaws.com" + "url": "https://guardduty.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { + "Region": "cn-north-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "us-east-1" + "UseDualStack": true } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.us-east-2.api.aws" + "url": "https://guardduty.us-gov-east-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-east-2" + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.us-east-2.amazonaws.com" + "url": "https://guardduty.us-gov-east-1.amazonaws.com" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "us-east-2" + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-east-2.api.aws" + "url": "https://guardduty.us-gov-west-1.amazonaws.com" } }, "params": { + "Region": "us-gov-west-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "us-east-2" + "UseDualStack": false } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-east-2.amazonaws.com" + "url": "https://guardduty.us-gov-west-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "UseDualStack": false, - "Region": "us-east-2" + "Region": "us-gov-west-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.cn-northwest-1.api.amazonwebservices.com.cn" + "url": "https://guardduty-fips.us-gov-east-1.api.aws" } }, "params": { + "Region": "us-gov-east-1", "UseFIPS": true, - "UseDualStack": true, - "Region": "cn-northwest-1" + "UseDualStack": true } }, { - "documentation": "For region cn-northwest-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://guardduty-fips.cn-northwest-1.amazonaws.com.cn" + "url": "https://guardduty.us-gov-east-1.api.aws" } }, "params": { - "UseFIPS": true, - "UseDualStack": false, - "Region": "cn-northwest-1" + "Region": "us-gov-east-1", + "UseFIPS": false, + "UseDualStack": true } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.cn-northwest-1.api.amazonwebservices.com.cn" + "url": "https://guardduty-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseFIPS": false, - "UseDualStack": true, - "Region": "cn-northwest-1" + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": false } }, { - "documentation": "For region cn-northwest-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://guardduty.cn-northwest-1.amazonaws.com.cn" + "url": "https://guardduty.us-iso-east-1.c2s.ic.gov" } }, "params": { + "Region": "us-iso-east-1", "UseFIPS": false, - "UseDualStack": false, - "Region": "cn-northwest-1" - } - }, - { - "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", - "expect": { - "error": "FIPS and DualStack are enabled, but this partition does not support one or both" - }, - "params": { - "UseFIPS": true, - "UseDualStack": true, - "Region": "us-isob-east-1" + "UseDualStack": false } }, { @@ -1523,37 +541,40 @@ } }, "params": { + "Region": "us-isob-east-1", "UseFIPS": true, - "UseDualStack": false, - "Region": "us-isob-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { - "error": "DualStack is enabled but this partition does not support DualStack" + "endpoint": { + "url": "https://guardduty.us-isob-east-1.sc2s.sgov.gov" + } }, "params": { + "Region": "us-isob-east-1", "UseFIPS": false, - "UseDualStack": true, - "Region": "us-isob-east-1" + "UseDualStack": false } }, { - "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://guardduty.us-isob-east-1.sc2s.sgov.gov" + "url": "https://example.com" } }, "params": { + "Region": "us-east-1", "UseFIPS": false, "UseDualStack": false, - "Region": "us-isob-east-1" + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" @@ -1562,7 +583,6 @@ "params": { "UseFIPS": false, "UseDualStack": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -1572,9 +592,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { + "Region": "us-east-1", "UseFIPS": true, "UseDualStack": false, - "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -1584,9 +604,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { + "Region": "us-east-1", "UseFIPS": false, "UseDualStack": true, - "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/models/apis/iotwireless/2020-11-22/api-2.json b/models/apis/iotwireless/2020-11-22/api-2.json index 822817cafa5..191d2fb848c 100644 --- a/models/apis/iotwireless/2020-11-22/api-2.json +++ b/models/apis/iotwireless/2020-11-22/api-2.json @@ -2233,7 +2233,10 @@ "LoRaWAN":{"shape":"LoRaWANFuotaTask"}, "FirmwareUpdateImage":{"shape":"FirmwareUpdateImage"}, "FirmwareUpdateRole":{"shape":"FirmwareUpdateRole"}, - "Tags":{"shape":"TagList"} + "Tags":{"shape":"TagList"}, + "RedundancyPercent":{"shape":"RedundancyPercent"}, + "FragmentSizeBytes":{"shape":"FragmentSizeBytes"}, + "FragmentIntervalMS":{"shape":"FragmentIntervalMS"} } }, "CreateFuotaTaskResponse":{ @@ -3021,6 +3024,14 @@ "max":2048, "min":1 }, + "FragmentIntervalMS":{ + "type":"integer", + "min":1 + }, + "FragmentSizeBytes":{ + "type":"integer", + "min":1 + }, "FuotaDeviceStatus":{ "type":"string", "enum":[ @@ -3180,7 +3191,10 @@ "LoRaWAN":{"shape":"LoRaWANFuotaTaskGetInfo"}, "FirmwareUpdateImage":{"shape":"FirmwareUpdateImage"}, "FirmwareUpdateRole":{"shape":"FirmwareUpdateRole"}, - "CreatedAt":{"shape":"CreatedAt"} + "CreatedAt":{"shape":"CreatedAt"}, + "RedundancyPercent":{"shape":"RedundancyPercent"}, + "FragmentSizeBytes":{"shape":"FragmentSizeBytes"}, + "FragmentIntervalMS":{"shape":"FragmentIntervalMS"} } }, "GetLogLevelsByResourceTypesRequest":{ @@ -4984,6 +4998,11 @@ "min":-128 }, "RaAllowed":{"type":"boolean"}, + "RedundancyPercent":{ + "type":"integer", + "max":100, + "min":0 + }, "RegParamsRevision":{ "type":"string", "max":64 @@ -5700,7 +5719,10 @@ "Description":{"shape":"Description"}, "LoRaWAN":{"shape":"LoRaWANFuotaTask"}, "FirmwareUpdateImage":{"shape":"FirmwareUpdateImage"}, - "FirmwareUpdateRole":{"shape":"FirmwareUpdateRole"} + "FirmwareUpdateRole":{"shape":"FirmwareUpdateRole"}, + "RedundancyPercent":{"shape":"RedundancyPercent"}, + "FragmentSizeBytes":{"shape":"FragmentSizeBytes"}, + "FragmentIntervalMS":{"shape":"FragmentIntervalMS"} } }, "UpdateFuotaTaskResponse":{ diff --git a/models/apis/iotwireless/2020-11-22/docs-2.json b/models/apis/iotwireless/2020-11-22/docs-2.json index 8612d818cda..5380f57d4f2 100644 --- a/models/apis/iotwireless/2020-11-22/docs-2.json +++ b/models/apis/iotwireless/2020-11-22/docs-2.json @@ -52,7 +52,7 @@ "GetPositionEstimate": "Get estimated position information as a payload in GeoJSON format. The payload measurement data is resolved using solvers that are provided by third-party vendors.
", "GetResourceEventConfiguration": "Get the event configuration for a particular resource identifier.
", "GetResourceLogLevel": "Fetches the log-level override, if any, for a given resource-ID and resource-type. It can be used for a wireless device or a wireless gateway.
", - "GetResourcePosition": "Get the position information for a given wireless device or a wireless gateway resource. The postion information uses the World Geodetic System (WGS84).
", + "GetResourcePosition": "Get the position information for a given wireless device or a wireless gateway resource. The position information uses the World Geodetic System (WGS84).
", "GetServiceEndpoint": "Gets the account-specific endpoint for Configuration and Update Server (CUPS) protocol or LoRaWAN Network Server (LNS) connections.
", "GetServiceProfile": "Gets information about a service profile.
", "GetWirelessDevice": "Gets information about a wireless device.
", @@ -100,7 +100,7 @@ "UpdatePartnerAccount": "Updates properties of a partner account.
", "UpdatePosition": "Update the position information of a resource.
This action is no longer supported. Calls to update the position information should use the UpdateResourcePosition API operation instead.
Update the event configuration for a particular resource identifier.
", - "UpdateResourcePosition": "Update the position information of a given wireless device or a wireless gateway resource. The postion coordinates are based on the World Geodetic System (WGS84).
", + "UpdateResourcePosition": "Update the position information of a given wireless device or a wireless gateway resource. The position coordinates are based on the World Geodetic System (WGS84).
", "UpdateWirelessDevice": "Updates properties of a wireless device.
", "UpdateWirelessGateway": "Updates properties of a wireless gateway.
" }, @@ -214,7 +214,7 @@ "AssistPosition": { "base": null, "refs": { - "Gnss$AssistPosition": "Optional assistance position information, specified using latitude and longitude values in degrees. The co-ordinates are inside the WGS84 reference frame.
" + "Gnss$AssistPosition": "Optional assistance position information, specified using latitude and longitude values in degrees. The coordinates are inside the WGS84 reference frame.
" } }, "AssociateAwsAccountWithPartnerAccountRequest": { @@ -317,7 +317,7 @@ "BaseLng": { "base": null, "refs": { - "CdmaObj$BaseLng": "CDMA base station longtitude in degrees.
" + "CdmaObj$BaseLng": "CDMA base station longitude in degrees.
" } }, "BaseStationId": { @@ -623,7 +623,7 @@ "CreationDate": { "base": null, "refs": { - "GetPositionEstimateRequest$Timestamp": "Optional information that specifies the time when the position information will be resolved. It uses the UNIX timestamp format. If not specified, the time at which the request was received will be used.
" + "GetPositionEstimateRequest$Timestamp": "Optional information that specifies the time when the position information will be resolved. It uses the Unix timestamp format. If not specified, the time at which the request was received will be used.
" } }, "DeleteDestinationRequest": { @@ -1209,6 +1209,22 @@ "UpdateFuotaTaskRequest$FirmwareUpdateRole": null } }, + "FragmentIntervalMS": { + "base": "The interval of sending fragments in milliseconds. Currently the interval will be rounded to the nearest second. Note that this interval only controls the timing when the cloud sends the fragments down. The actual delay of receiving fragments at device side depends on the device's class and the communication delay with the cloud.
", + "refs": { + "CreateFuotaTaskRequest$FragmentIntervalMS": null, + "GetFuotaTaskResponse$FragmentIntervalMS": null, + "UpdateFuotaTaskRequest$FragmentIntervalMS": null + } + }, + "FragmentSizeBytes": { + "base": "The size of each fragment in bytes. Currently only supported in fuota tasks with multicast groups.
", + "refs": { + "CreateFuotaTaskRequest$FragmentSizeBytes": null, + "GetFuotaTaskResponse$FragmentSizeBytes": null, + "UpdateFuotaTaskRequest$FragmentSizeBytes": null + } + }, "FuotaDeviceStatus": { "base": "The status of a wireless device in a FUOTA task.
", "refs": { @@ -2596,11 +2612,11 @@ "refs": { "GetPositionConfigurationRequest$ResourceIdentifier": "Resource identifier used in a position configuration.
", "GetPositionRequest$ResourceIdentifier": "Resource identifier used to retrieve the position information.
", - "GetResourcePositionRequest$ResourceIdentifier": "The identifier of the resource for which position information is retrieved. It can be the wireless device ID or the wireless gateway ID depending on the resource type.
", + "GetResourcePositionRequest$ResourceIdentifier": "The identifier of the resource for which position information is retrieved. It can be the wireless device ID or the wireless gateway ID, depending on the resource type.
", "PositionConfigurationItem$ResourceIdentifier": "Resource identifier for the position configuration.
", "PutPositionConfigurationRequest$ResourceIdentifier": "Resource identifier used to update the position configuration.
", "UpdatePositionRequest$ResourceIdentifier": "Resource identifier of the resource for which position is updated.
", - "UpdateResourcePositionRequest$ResourceIdentifier": "The identifier of the resource for which position information is updated. It can be the wireless device ID or the wireless gateway ID depending on the resource type.
" + "UpdateResourcePositionRequest$ResourceIdentifier": "The identifier of the resource for which position information is updated. It can be the wireless device ID or the wireless gateway ID, depending on the resource type.
" } }, "PositionResourceType": { @@ -2753,6 +2769,14 @@ "LoRaWANGetServiceProfileInfo$RaAllowed": "The RAAllowed value that describes whether roaming activation is allowed.
" } }, + "RedundancyPercent": { + "base": "The percentage of added redundant fragments. For example, if firmware file is 100 bytes and fragment size is 10 bytes, with RedundancyPercent set to 50(%), the final number of encoded fragments is (100 / 10) + (100 / 10 * 50%) = 15.
Calculates a route given the following required parameters: DeparturePosition and DestinationPosition. Requires that you first create a route calculator resource.
By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating the route.
Additional options include:
Specifying a departure time using either DepartureTime or DepartNow. This calculates a route based on predictive traffic data at the given time.
You can't specify both DepartureTime and DepartNow in a single request. Specifying both parameters returns a validation error.
Specifying a travel mode using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in CarModeOptions if traveling by Car, or TruckModeOptions if traveling by Truck.
If you specify walking for the travel mode and your data provider is Esri, the start and destination must be within 40km.
Calculates a route matrix given the following required parameters: DeparturePositions and DestinationPositions. CalculateRouteMatrix calculates routes and returns the travel time and travel distance from each departure position to each destination position in the request. For example, given departure positions A and B, and destination positions X and Y, CalculateRouteMatrix will return time and distance for routes from A to X, A to Y, B to X, and B to Y (in that order). The number of results returned (and routes calculated) will be the number of DeparturePositions times the number of DestinationPositions.
Your account is charged for each route calculated, not the number of requests.
Requires that you first create a route calculator resource.
By default, a request that doesn't specify a departure time uses the best time of day to travel with the best traffic conditions when calculating routes.
Additional options include:
Specifying a departure time using either DepartureTime or DepartNow. This calculates routes based on predictive traffic data at the given time.
You can't specify both DepartureTime and DepartNow in a single request. Specifying both parameters returns a validation error.
Specifying a travel mode using TravelMode sets the transportation mode used to calculate the routes. This also lets you specify additional route preferences in CarModeOptions if traveling by Car, or TruckModeOptions if traveling by Truck.
Creates a geofence collection, which manages and stores geofences.
", - "CreateMap": "Creates a map resource in your AWS account, which provides map tiles of different styles sourced from global location data providers.
If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the AWS service terms for more details.
Creates a place index resource in your AWS account. Use a place index resource to geocode addresses and other text queries by using the SearchPlaceIndexForText operation, and reverse geocode coordinates by using the SearchPlaceIndexForPosition operation, and enable autosuggestions by using the SearchPlaceIndexForSuggestions operation.
If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the AWS service terms for more details.
Creates a route calculator resource in your AWS account.
You can send requests to a route calculator resource to estimate travel time, distance, and get directions. A route calculator sources traffic and road network data from your chosen data provider.
If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the AWS service terms for more details.
Creates a tracker resource in your AWS account, which lets you retrieve current and historical location of devices.
", - "DeleteGeofenceCollection": "Deletes a geofence collection from your AWS account.
This operation deletes the resource permanently. If the geofence collection is the target of a tracker resource, the devices will no longer be monitored.
Deletes a map resource from your AWS account.
This operation deletes the resource permanently. If the map is being used in an application, the map may not render.
Deletes a place index resource from your AWS account.
This operation deletes the resource permanently.
Deletes a route calculator resource from your AWS account.
This operation deletes the resource permanently.
Deletes a tracker resource from your AWS account.
This operation deletes the resource permanently. If the tracker resource is in use, you may encounter an error. Make sure that the target resource isn't a dependency for your applications.
Creates an API key resource in your Amazon Web Services account, which lets you grant geo:GetMap* actions for Amazon Location Map resources to the API key bearer.
The API keys feature is in preview. We may add, change, or remove features before announcing general availability. For more information, see Using API keys.
Creates a map resource in your Amazon Web Services account, which provides map tiles of different styles sourced from global location data providers.
If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.
Creates a place index resource in your Amazon Web Services account. Use a place index resource to geocode addresses and other text queries by using the SearchPlaceIndexForText operation, and reverse geocode coordinates by using the SearchPlaceIndexForPosition operation, and enable autosuggestions by using the SearchPlaceIndexForSuggestions operation.
If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.
Creates a route calculator resource in your Amazon Web Services account.
You can send requests to a route calculator resource to estimate travel time, distance, and get directions. A route calculator sources traffic and road network data from your chosen data provider.
If your application is tracking or routing assets you use in your business, such as delivery vehicles or employees, you must not use Esri as your geolocation provider. See section 82 of the Amazon Web Services service terms for more details.
Creates a tracker resource in your Amazon Web Services account, which lets you retrieve current and historical location of devices.
", + "DeleteGeofenceCollection": "Deletes a geofence collection from your Amazon Web Services account.
This operation deletes the resource permanently. If the geofence collection is the target of a tracker resource, the devices will no longer be monitored.
Deletes the specified API key. The API key must have been deactivated more than 90 days previously.
", + "DeleteMap": "Deletes a map resource from your Amazon Web Services account.
This operation deletes the resource permanently. If the map is being used in an application, the map may not render.
Deletes a place index resource from your Amazon Web Services account.
This operation deletes the resource permanently.
Deletes a route calculator resource from your Amazon Web Services account.
This operation deletes the resource permanently.
Deletes a tracker resource from your Amazon Web Services account.
This operation deletes the resource permanently. If the tracker resource is in use, you may encounter an error. Make sure that the target resource isn't a dependency for your applications.
Retrieves the geofence collection details.
", + "DescribeKey": "Retrieves the API key resource details.
The API keys feature is in preview. We may add, change, or remove features before announcing general availability. For more information, see Using API keys.
Retrieves the map resource details.
", "DescribePlaceIndex": "Retrieves the place index resource details.
", "DescribeRouteCalculator": "Retrieves the route calculator resource details.
", @@ -34,16 +37,17 @@ "GetMapSprites": "Retrieves the sprite sheet corresponding to a map resource. The sprite sheet is a PNG image paired with a JSON document describing the offsets of individual icons that will be displayed on a rendered map.
", "GetMapStyleDescriptor": "Retrieves the map style descriptor from a map resource.
The style descriptor contains specifications on how features render on a map. For example, what data to display, what order to display the data in, and the style for the data. Style descriptors follow the Mapbox Style Specification.
", "GetMapTile": "Retrieves a vector data tile from the map resource. Map tiles are used by clients to render a map. they're addressed using a grid arrangement with an X coordinate, Y coordinate, and Z (zoom) level.
The origin (0, 0) is the top left of the map. Increasing the zoom level by 1 doubles both the X and Y dimensions, so a tile containing data for the entire world at (0/0/0) will be split into 4 tiles at zoom 1 (1/0/0, 1/0/1, 1/1/0, 1/1/1).
", - "GetPlace": "Finds a place by its unique ID. A PlaceId is returned by other search operations.
A PlaceId is valid only if all of the following are the same in the original search request and the call to GetPlace.
Customer AWS account
AWS Region
Data provider specified in the place index resource
Finds a place by its unique ID. A PlaceId is returned by other search operations.
A PlaceId is valid only if all of the following are the same in the original search request and the call to GetPlace.
Customer Amazon Web Services account
Amazon Web Services Region
Data provider specified in the place index resource
A batch request to retrieve all device positions.
", - "ListGeofenceCollections": "Lists geofence collections in your AWS account.
", + "ListGeofenceCollections": "Lists geofence collections in your Amazon Web Services account.
", "ListGeofences": "Lists geofences stored in a given geofence collection.
", - "ListMaps": "Lists map resources in your AWS account.
", - "ListPlaceIndexes": "Lists place index resources in your AWS account.
", - "ListRouteCalculators": "Lists route calculator resources in your AWS account.
", + "ListKeys": "Lists API key resources in your Amazon Web Services account.
The API keys feature is in preview. We may add, change, or remove features before announcing general availability. For more information, see Using API keys.
Lists map resources in your Amazon Web Services account.
", + "ListPlaceIndexes": "Lists place index resources in your Amazon Web Services account.
", + "ListRouteCalculators": "Lists route calculator resources in your Amazon Web Services account.
", "ListTagsForResource": "Returns a list of tags that are applied to the specified Amazon Location resource.
", "ListTrackerConsumers": "Lists geofence collections currently associated to the given tracker resource.
", - "ListTrackers": "Lists tracker resources in your AWS account.
", + "ListTrackers": "Lists tracker resources in your Amazon Web Services account.
", "PutGeofence": "Stores a geofence geometry in a given geofence collection, or updates the geometry of an existing geofence if a geofence ID is included in the request.
", "SearchPlaceIndexForPosition": "Reverse geocodes a given coordinate and returns a legible address. Allows you to search for Places or points of interest near a given position.
", "SearchPlaceIndexForSuggestions": "Generates suggestions for addresses and points of interest based on partial or misspelled free-form text. This operation is also known as autocomplete, autosuggest, or fuzzy matching.
Optional parameters let you narrow your search results by bounding box or country, or bias your search toward a specific position on the globe.
You can search for suggested place names near a specified position by using BiasPosition, or filter results within a bounding box by using FilterBBox. These parameters are mutually exclusive; using both BiasPosition and FilterBBox in the same command returns an error.
Assigns one or more tags (key-value pairs) to the specified Amazon Location Service resource.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values.
You can use the TagResource operation with an Amazon Location Service resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the tags already associated with the resource. If you specify a tag key that's already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate up to 50 tags with a resource.
", "UntagResource": "Removes one or more tags from the specified Amazon Location resource.
", "UpdateGeofenceCollection": "Updates the specified properties of a given geofence collection.
", + "UpdateKey": "Updates the specified properties of a given API key resource.
The API keys feature is in preview. We may add, change, or remove features before announcing general availability. For more information, see Using API keys.
Updates the specified properties of a given map resource.
", "UpdatePlaceIndex": "Updates the specified properties of a given place index resource.
", "UpdateRouteCalculator": "Updates the specified properties for a given route calculator resource.
", @@ -62,25 +67,78 @@ "refs": { } }, + "ApiKey": { + "base": null, + "refs": { + "CreateKeyResponse$Key": "The key value/string of an API key. This value is used when making API calls to authorize the call. For example, see GetMapGlyphs.
", + "DescribeKeyResponse$Key": "The key value/string of an API key.
", + "GetMapGlyphsRequest$Key": "The optional API key to authorize the request.
", + "GetMapSpritesRequest$Key": "The optional API key to authorize the request.
", + "GetMapStyleDescriptorRequest$Key": "The optional API key to authorize the request.
", + "GetMapTileRequest$Key": "The optional API key to authorize the request.
" + } + }, + "ApiKeyAction": { + "base": null, + "refs": { + "ApiKeyRestrictionsAllowActionsList$member": null + } + }, + "ApiKeyFilter": { + "base": "Options for filtering API keys.
", + "refs": { + "ListKeysRequest$Filter": "Optionally filter the list to only Active or Expired API keys.
API Restrictions on the allowed actions, resources, and referers for an API key resource.
", + "refs": { + "CreateKeyRequest$Restrictions": "The API key restrictions for the API key resource.
", + "DescribeKeyResponse$Restrictions": null, + "ListKeysResponseEntry$Restrictions": null, + "UpdateKeyRequest$Restrictions": "Updates the API key restrictions for the API key resource.
" + } + }, + "ApiKeyRestrictionsAllowActionsList": { + "base": null, + "refs": { + "ApiKeyRestrictions$AllowActions": "A list of allowed actions that an API key resource grants permissions to perform
Currently, the only valid action is geo:GetMap* as an input to the list. For example, [\"geo:GetMap*\"] is valid but [\"geo:GetMapTile\"] is not.
An optional list of allowed HTTP referers for which requests must originate from. Requests using this API key from other domains will not be allowed.
Requirements:
Contain only alphanumeric characters (A–Z, a–z, 0–9) or any symbols in this list $\\-._+!*`(),;/?:@=&
May contain a percent (%) if followed by 2 hexadecimal digits (A-F, a-f, 0-9); this is used for URL encoding purposes.
May contain wildcard characters question mark (?) and asterisk (*).
Question mark (?) will replace any single character (including hexadecimal digits).
Asterisk (*) will replace any multiple characters (including multiple hexadecimal digits).
No spaces allowed. For example, https://example.com.
A list of allowed resource ARNs that a API key bearer can perform actions on
For more information about ARN format, see Amazon Resource Names (ARNs).
In this preview, you can allow only map resources.
Requirements:
Must be prefixed with arn.
partition and service must not be empty and should begin with only alphanumeric characters (A–Z, a–z, 0–9) and contain only alphanumeric numbers, hyphens (-) and periods (.).
region and account-id can be empty or should begin with only alphanumeric characters (A–Z, a–z, 0–9) and contain only alphanumeric numbers, hyphens (-) and periods (.).
resource-id can begin with any character except for forward slash (/) and contain any characters after, including forward slashes to form a path.
resource-id can also include wildcard characters, denoted by an asterisk (*).
arn, partition, service, region, account-id and resource-id must be delimited by a colon (:).
No spaces allowed. For example, arn:aws:geo:region:account-id:map/ExampleMap*.
The Amazon Resource Name (ARN) for the geofence collection to be associated to tracker resource. Used when you need to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer
The Amazon Resource Name (ARN) for the geofence collection resource. Used when you need to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection
The Amazon Resource Name (ARN) for the place index resource. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:place-index/ExamplePlaceIndex
The Amazon Resource Name (ARN) for the route calculator resource. Use the ARN when you specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:route-calculator/ExampleCalculator
The Amazon Resource Name (ARN) for the tracker resource. Used when you need to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker
The Amazon Resource Name (ARN) for the geofence collection resource. Used when you need to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection
The Amazon Resource Name (ARN) for the place index resource. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:place-index/ExamplePlaceIndex
The Amazon Resource Name (ARN) for the Route calculator resource. Use the ARN when you specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:route-calculator/ExampleCalculator
The Amazon Resource Name (ARN) for the tracker resource. Used when you need to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker
The Amazon Resource Name (ARN) for the geofence collection to be disassociated from the tracker resource. Used when you need to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer
The Amazon Resource Name (ARN) for the geofence collection to be associated to tracker resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer
The Amazon Resource Name (ARN) for the geofence collection resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection
The Amazon Resource Name (ARN) for the API key resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:key/ExampleKey
The Amazon Resource Name (ARN) for the place index resource. Used to specify a resource across Amazon Web Services.
Format example: arn:aws:geo:region:account-id:place-index/ExamplePlaceIndex
The Amazon Resource Name (ARN) for the route calculator resource. Use the ARN when you specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:route-calculator/ExampleCalculator
The Amazon Resource Name (ARN) for the tracker resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker
The Amazon Resource Name (ARN) for the geofence collection resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection
The Amazon Resource Name (ARN) for the API key resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:key/ExampleKey
The Amazon Resource Name (ARN) for the place index resource. Used to specify a resource across Amazon Web Services.
Format example: arn:aws:geo:region:account-id:place-index/ExamplePlaceIndex
The Amazon Resource Name (ARN) for the Route calculator resource. Use the ARN when you specify a resource across Amazon Web Services.
Format example: arn:aws:geo:region:account-id:route-calculator/ExampleCalculator
The Amazon Resource Name (ARN) for the tracker resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker
The Amazon Resource Name (ARN) for the geofence collection to be disassociated from the tracker resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer
The Amazon Resource Name (ARN) of the resource whose tags you want to retrieve.
Format example: arn:aws:geo:region:account-id:resourcetype/ExampleResource
The Amazon Resource Name (ARN) of the resource whose tags you want to update.
Format example: arn:aws:geo:region:account-id:resourcetype/ExampleResource
The Amazon Resource Name (ARN) of the resource from which you want to remove tags.
Format example: arn:aws:geo:region:account-id:resourcetype/ExampleResource
The Amazon Resource Name (ARN) of the updated geofence collection. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection
The Amazon Resource Name (ARN) of the upated place index resource. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:place- index/ExamplePlaceIndex
The Amazon Resource Name (ARN) of the updated geofence collection. Used to specify a resource across Amazon Web Services.
Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection
The Amazon Resource Name (ARN) for the API key resource. Used when you need to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:key/ExampleKey
The Amazon Resource Name (ARN) of the upated place index resource. Used to specify a resource across Amazon Web Services.
Format example: arn:aws:geo:region:account-id:place- index/ExamplePlaceIndex
The Amazon Resource Name (ARN) of the updated route calculator resource. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:route- calculator/ExampleCalculator
The Amazon Resource Name (ARN) of the updated tracker resource. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker
The blob's content type.
", + "GetMapGlyphsResponse$Blob": "The glyph, as binary blob.
", "GetMapSpritesResponse$Blob": "Contains the body of the sprite sheet or JSON offset file.
", "GetMapStyleDescriptorResponse$Blob": "Contains the body of the style descriptor.
", "GetMapTileResponse$Blob": "Contains Mapbox Vector Tile (MVT) data.
" @@ -329,7 +387,10 @@ "CalculateRouteRequest$IncludeLegGeometry": "Set to include the geometry details in the result for each path between a pair of positions.
Default Value: false
Valid Values: false | true
Avoids ferries when calculating routes.
Default Value: false
Valid Values: false | true
Avoids tolls when calculating routes.
Default Value: false
Valid Values: false | true
True if the result is interpolated from other known places.
False if the Place is a known place.
Not returned when the partner does not provide the information.
For example, returns False for an address location that is found in the partner data, but returns True if an address does not exist in the partner data and its location is calculated by interpolating between other known addresses.
Optionally set to true to set no expiration time for the API key. One of NoExpiry or ExpireTime must be set.
True if the result is interpolated from other known places.
False if the Place is a known place.
Not returned when the partner does not provide the information.
For example, returns False for an address location that is found in the partner data, but returns True if an address does not exist in the partner data and its location is calculated by interpolating between other known addresses.
The boolean flag to be included for updating ExpireTime or Restrictions details.
Must be set to true to update an API key resource that has been used in the past 7 days.
False if force update is not preferred
Default value: False
Whether the API key should expire. Set to true to set the API key to have no expiration time.
The Amazon Resource Name (ARN) for the map resource. Used to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:map/ExampleMap
The Amazon Resource Name (ARN) for the map resource. Used to specify a resource across all AWS.
Format example: arn:aws:geo:region:account-id:map/ExampleMap
The Amazon Resource Name (ARN) for the map resource. Used to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:map/ExampleMap
The Amazon Resource Name (ARN) for the map resource. Used to specify a resource across all Amazon Web Services.
Format example: arn:aws:geo:region:account-id:map/ExampleMap
The Amazon Resource Name (ARN) of the updated map resource. Used to specify a resource across AWS.
Format example: arn:aws:geo:region:account-id:map/ExampleMap
A key identifier for an AWS KMS customer managed key. Enter a key ID, key ARN, alias name, or alias ARN.
", - "CreateTrackerRequest$KmsKeyId": "A key identifier for an AWS KMS customer managed key. Enter a key ID, key ARN, alias name, or alias ARN.
", - "DescribeGeofenceCollectionResponse$KmsKeyId": "A key identifier for an AWS KMS customer managed key assigned to the Amazon Location resource
", - "DescribeTrackerResponse$KmsKeyId": "A key identifier for an AWS KMS customer managed key assigned to the Amazon Location resource.
" + "CreateGeofenceCollectionRequest$KmsKeyId": "A key identifier for an Amazon Web Services KMS customer managed key. Enter a key ID, key ARN, alias name, or alias ARN.
", + "CreateTrackerRequest$KmsKeyId": "A key identifier for an Amazon Web Services KMS customer managed key. Enter a key ID, key ARN, alias name, or alias ARN.
", + "DescribeGeofenceCollectionResponse$KmsKeyId": "A key identifier for an Amazon Web Services KMS customer managed key assigned to the Amazon Location resource
", + "DescribeTrackerResponse$KmsKeyId": "A key identifier for an Amazon Web Services KMS customer managed key assigned to the Amazon Location resource.
" } }, "LanguageTag": { @@ -980,7 +1072,7 @@ "ListGeofenceCollectionsResponseEntryList": { "base": null, "refs": { - "ListGeofenceCollectionsResponse$Entries": "Lists the geofence collections that exist in your AWS account.
" + "ListGeofenceCollectionsResponse$Entries": "Lists the geofence collections that exist in your Amazon Web Services account.
" } }, "ListGeofenceResponseEntry": { @@ -1011,6 +1103,34 @@ "refs": { } }, + "ListKeysRequest": { + "base": null, + "refs": { + } + }, + "ListKeysRequestMaxResultsInteger": { + "base": null, + "refs": { + "ListKeysRequest$MaxResults": "An optional limit for the number of resources returned in a single call.
Default value: 100
An API key resource listed in your Amazon Web Services account.
", + "refs": { + "ListKeysResponseEntryList$member": null + } + }, + "ListKeysResponseEntryList": { + "base": null, + "refs": { + "ListKeysResponse$Entries": "Contains API key resources in your Amazon Web Services account. Details include API key name, allowed referers and timestamp for when the API key will expire.
" + } + }, "ListMapsRequest": { "base": null, "refs": { @@ -1028,7 +1148,7 @@ } }, "ListMapsResponseEntry": { - "base": "Contains details of an existing map resource in your AWS account.
", + "base": "Contains details of an existing map resource in your Amazon Web Services account.
", "refs": { "ListMapsResponseEntryList$member": null } @@ -1036,7 +1156,7 @@ "ListMapsResponseEntryList": { "base": null, "refs": { - "ListMapsResponse$Entries": "Contains a list of maps in your AWS account
" + "ListMapsResponse$Entries": "Contains a list of maps in your Amazon Web Services account
" } }, "ListPlaceIndexesRequest": { @@ -1056,7 +1176,7 @@ } }, "ListPlaceIndexesResponseEntry": { - "base": "A place index resource listed in your AWS account.
", + "base": "A place index resource listed in your Amazon Web Services account.
", "refs": { "ListPlaceIndexesResponseEntryList$member": null } @@ -1064,7 +1184,7 @@ "ListPlaceIndexesResponseEntryList": { "base": null, "refs": { - "ListPlaceIndexesResponse$Entries": "Lists the place index resources that exist in your AWS account
" + "ListPlaceIndexesResponse$Entries": "Lists the place index resources that exist in your Amazon Web Services account
" } }, "ListRouteCalculatorsRequest": { @@ -1084,7 +1204,7 @@ } }, "ListRouteCalculatorsResponseEntry": { - "base": "A route calculator resource listed in your AWS account.
", + "base": "A route calculator resource listed in your Amazon Web Services account.
", "refs": { "ListRouteCalculatorsResponseEntryList$member": null } @@ -1092,7 +1212,7 @@ "ListRouteCalculatorsResponseEntryList": { "base": null, "refs": { - "ListRouteCalculatorsResponse$Entries": "Lists the route calculator resources that exist in your AWS account
" + "ListRouteCalculatorsResponse$Entries": "Lists the route calculator resources that exist in your Amazon Web Services account
" } }, "ListTagsForResourceRequest": { @@ -1146,7 +1266,7 @@ "ListTrackersResponseEntryList": { "base": null, "refs": { - "ListTrackersResponse$Entries": "Contains tracker resources in your AWS account. Details include tracker name, description and timestamps for when the tracker was created and last updated.
" + "ListTrackersResponse$Entries": "Contains tracker resources in your Amazon Web Services account. Details include tracker name, description and timestamps for when the tracker was created and last updated.
" } }, "MapConfiguration": { @@ -1303,25 +1423,35 @@ "refs": { } }, + "RefererPattern": { + "base": null, + "refs": { + "ApiKeyRestrictionsAllowReferersList$member": null + } + }, "ResourceDescription": { "base": null, "refs": { "CreateGeofenceCollectionRequest$Description": "An optional description for the geofence collection.
", + "CreateKeyRequest$Description": "An optional description for the API key resource.
", "CreateMapRequest$Description": "An optional description for the map resource.
", "CreatePlaceIndexRequest$Description": "The optional description for the place index resource.
", "CreateRouteCalculatorRequest$Description": "The optional description for the route calculator resource.
", "CreateTrackerRequest$Description": "An optional description for the tracker resource.
", "DescribeGeofenceCollectionResponse$Description": "The optional description for the geofence collection.
", + "DescribeKeyResponse$Description": "The optional description for the API key resource.
", "DescribeMapResponse$Description": "The optional description for the map resource.
", "DescribePlaceIndexResponse$Description": "The optional description for the place index resource.
", "DescribeRouteCalculatorResponse$Description": "The optional description of the route calculator resource.
", "DescribeTrackerResponse$Description": "The optional description for the tracker resource.
", "ListGeofenceCollectionsResponseEntry$Description": "The description for the geofence collection
", + "ListKeysResponseEntry$Description": "The optional description for the API key resource.
", "ListMapsResponseEntry$Description": "The description for the map resource.
", "ListPlaceIndexesResponseEntry$Description": "The optional description for the place index resource.
", "ListRouteCalculatorsResponseEntry$Description": "The optional description of the route calculator resource.
", "ListTrackersResponseEntry$Description": "The description for the tracker resource.
", "UpdateGeofenceCollectionRequest$Description": "Updates the description for the geofence collection.
", + "UpdateKeyRequest$Description": "Updates the description for the API key resource.
", "UpdateMapRequest$Description": "Updates the description for the map resource.
", "UpdatePlaceIndexRequest$Description": "Updates the description for the place index resource.
", "UpdateRouteCalculatorRequest$Description": "Updates the description for the route calculator resource.
", @@ -1341,6 +1471,8 @@ "CalculateRouteRequest$CalculatorName": "The name of the route calculator resource that you want to use to calculate the route.
", "CreateGeofenceCollectionRequest$CollectionName": "A custom name for the geofence collection.
Requirements:
Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).
Must be a unique geofence collection name.
No spaces allowed. For example, ExampleGeofenceCollection.
The name for the geofence collection.
", + "CreateKeyRequest$KeyName": "A custom name for the API key resource.
Requirements:
Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).
Must be a unique API key name.
No spaces allowed. For example, ExampleAPIKey.
The name of the API key resource.
", "CreateMapRequest$MapName": "The name for the map resource.
Requirements:
Must contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).
Must be a unique map resource name.
No spaces allowed. For example, ExampleMap.
The name of the map resource.
", "CreatePlaceIndexRequest$IndexName": "The name of the place index resource.
Requirements:
Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens (-), periods (.), and underscores (_).
Must be a unique place index resource name.
No spaces allowed. For example, ExamplePlaceIndex.
The name for the tracker resource.
Requirements:
Contain only alphanumeric characters (A-Z, a-z, 0-9) , hyphens (-), periods (.), and underscores (_).
Must be a unique tracker resource name.
No spaces allowed. For example, ExampleTracker.
The name of the tracker resource.
", "DeleteGeofenceCollectionRequest$CollectionName": "The name of the geofence collection to be deleted.
", + "DeleteKeyRequest$KeyName": "The name of the API key to delete.
", "DeleteMapRequest$MapName": "The name of the map resource to be deleted.
", "DeletePlaceIndexRequest$IndexName": "The name of the place index resource to be deleted.
", "DeleteRouteCalculatorRequest$CalculatorName": "The name of the route calculator resource to be deleted.
", "DeleteTrackerRequest$TrackerName": "The name of the tracker resource to be deleted.
", "DescribeGeofenceCollectionRequest$CollectionName": "The name of the geofence collection.
", "DescribeGeofenceCollectionResponse$CollectionName": "The name of the geofence collection.
", + "DescribeKeyRequest$KeyName": "The name of the API key resource.
", + "DescribeKeyResponse$KeyName": "The name of the API key resource.
", "DescribeMapRequest$MapName": "The name of the map resource.
", "DescribeMapResponse$MapName": "The map style selected from an available provider.
", "DescribePlaceIndexRequest$IndexName": "The name of the place index resource.
", @@ -1376,6 +1511,7 @@ "ListDevicePositionsRequest$TrackerName": "The tracker resource containing the requested devices.
", "ListGeofenceCollectionsResponseEntry$CollectionName": "The name of the geofence collection.
", "ListGeofencesRequest$CollectionName": "The name of the geofence collection storing the list of geofences.
", + "ListKeysResponseEntry$KeyName": "The name of the API key resource.
", "ListMapsResponseEntry$MapName": "The name of the associated map resource.
", "ListPlaceIndexesResponseEntry$IndexName": "The name of the place index resource.
", "ListRouteCalculatorsResponseEntry$CalculatorName": "The name of the route calculator resource.
", @@ -1387,6 +1523,8 @@ "SearchPlaceIndexForTextRequest$IndexName": "The name of the place index resource you want to use for the search.
", "UpdateGeofenceCollectionRequest$CollectionName": "The name of the geofence collection to update.
", "UpdateGeofenceCollectionResponse$CollectionName": "The name of the updated geofence collection.
", + "UpdateKeyRequest$KeyName": "The name of the API key resource to update.
", + "UpdateKeyResponse$KeyName": "The name of the API key resource.
", "UpdateMapRequest$MapName": "The name of the map resource to update.
", "UpdateMapResponse$MapName": "The name of the updated map resource.
", "UpdatePlaceIndexRequest$IndexName": "The name of the place index resource to update.
", @@ -1576,6 +1714,12 @@ "refs": { } }, + "Status": { + "base": null, + "refs": { + "ApiKeyFilter$KeyStatus": "Filter on Active or Expired API keys.
Represents an element of a leg within a route. A step contains instructions for how to move to the next step in the leg.
", "refs": { @@ -1615,7 +1759,7 @@ "CalculateRouteSummary$DataSource": "The data provider of traffic and road network data used to calculate the route. Indicates one of the available providers:
Esri
Grab
Here
For more information about data providers, see Amazon Location Service data providers.
", "ConflictException$Message": null, "CreateGeofenceCollectionRequest$PricingPlanDataSource": "This parameter is no longer used.
", - "CreatePlaceIndexRequest$DataSource": "Specifies the geospatial data provider for the new place index.
This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.
Valid values include:
Esri – For additional information about Esri's coverage in your region of interest, see Esri details on geocoding coverage.
Grab – Grab provides place index functionality for Southeast Asia. For additional information about GrabMaps' coverage, see GrabMaps countries and areas covered.
Here – For additional information about HERE Technologies' coverage in your region of interest, see HERE details on goecoding coverage.
If you specify HERE Technologies (Here) as the data provider, you may not store results for locations in Japan. For more information, see the AWS Service Terms for Amazon Location Service.
For additional information , see Data providers on the Amazon Location Service Developer Guide.
", + "CreatePlaceIndexRequest$DataSource": "Specifies the geospatial data provider for the new place index.
This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.
Valid values include:
Esri – For additional information about Esri's coverage in your region of interest, see Esri details on geocoding coverage.
Grab – Grab provides place index functionality for Southeast Asia. For additional information about GrabMaps' coverage, see GrabMaps countries and areas covered.
Here – For additional information about HERE Technologies' coverage in your region of interest, see HERE details on goecoding coverage.
If you specify HERE Technologies (Here) as the data provider, you may not store results for locations in Japan. For more information, see the Amazon Web Services Service Terms for Amazon Location Service.
For additional information , see Data providers on the Amazon Location Service Developer Guide.
", "CreateRouteCalculatorRequest$DataSource": "Specifies the data provider of traffic and road network data.
This field is case-sensitive. Enter the valid values as shown. For example, entering HERE returns an error.
Valid values include:
Esri – For additional information about Esri's coverage in your region of interest, see Esri details on street networks and traffic coverage.
Route calculators that use Esri as a data source only calculate routes that are shorter than 400 km.
Grab – Grab provides routing functionality for Southeast Asia. For additional information about GrabMaps' coverage, see GrabMaps countries and areas covered.
Here – For additional information about HERE Technologies' coverage in your region of interest, see HERE car routing coverage and HERE truck routing coverage.
For additional information , see Data providers on the Amazon Location Service Developer Guide.
", "CreateTrackerRequest$PricingPlanDataSource": "This parameter is no longer used.
", "DescribeGeofenceCollectionResponse$PricingPlanDataSource": "No longer used. Always returns an empty string.
", @@ -1625,9 +1769,13 @@ "DescribeTrackerResponse$PricingPlanDataSource": "No longer used. Always returns an empty string.
", "GetGeofenceResponse$Status": "Identifies the state of the geofence. A geofence will hold one of the following states:
ACTIVE — The geofence has been indexed by the system.
PENDING — The geofence is being processed by the system.
FAILED — The geofence failed to be indexed by the system.
DELETED — The geofence has been deleted from the system index.
DELETING — The geofence is being deleted from the system index.
A comma-separated list of fonts to load glyphs from in order of preference. For example, Noto Sans Regular, Arial Unicode.
Valid fonts stacks for Esri styles:
VectorEsriDarkGrayCanvas – Ubuntu Medium Italic | Ubuntu Medium | Ubuntu Italic | Ubuntu Regular | Ubuntu Bold
VectorEsriLightGrayCanvas – Ubuntu Italic | Ubuntu Regular | Ubuntu Light | Ubuntu Bold
VectorEsriTopographic – Noto Sans Italic | Noto Sans Regular | Noto Sans Bold | Noto Serif Regular | Roboto Condensed Light Italic
VectorEsriStreets – Arial Regular | Arial Italic | Arial Bold
VectorEsriNavigation – Arial Regular | Arial Italic | Arial Bold
Valid font stacks for HERE Technologies styles:
VectorHereContrast – Fira GO Regular | Fira GO Bold
VectorHereExplore, VectorHereExploreTruck, HybridHereExploreSatellite – Fira GO Italic | Fira GO Map | Fira GO Map Bold | Noto Sans CJK JP Bold | Noto Sans CJK JP Light | Noto Sans CJK JP Regular
Valid font stacks for GrabMaps styles:
VectorGrabStandardLight, VectorGrabStandardDark – Noto Sans Regular | Noto Sans Medium | Noto Sans Bold
Valid font stacks for Open Data (Preview) styles:
VectorOpenDataStandardLight – Amazon Ember Regular,Noto Sans Regular | Amazon Ember Bold,Noto Sans Bold | Amazon Ember Medium,Noto Sans Medium | Amazon Ember Regular Italic,Noto Sans Italic | Amazon Ember Condensed RC Regular,Noto Sans Regular | Amazon Ember Condensed RC Bold,Noto Sans Bold
The fonts used by VectorOpenDataStandardLight are combined fonts that use Amazon Ember for most glyphs but Noto Sans for glyphs unsupported by Amazon Ember.
The HTTP Cache-Control directive for the value.
", "GetMapGlyphsResponse$ContentType": "The map glyph content type. For example, application/octet-stream.
The HTTP Cache-Control directive for the value.
", "GetMapSpritesResponse$ContentType": "The content type of the sprite sheet and offsets. For example, the sprite sheet content type is image/png, and the sprite offset JSON document is application/json.
The HTTP Cache-Control directive for the value.
", "GetMapStyleDescriptorResponse$ContentType": "The style descriptor's content type. For example, application/json.
The HTTP Cache-Control directive for the value.
", "GetMapTileResponse$ContentType": "The map tile's content type. For example, application/vnd.mapbox-vector-tile.
No longer used. Always returns an empty string.
", @@ -1680,11 +1828,13 @@ "base": null, "refs": { "CreateGeofenceCollectionRequest$Tags": "Applies one or more tags to the geofence collection. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.
Format: \"key\" : \"value\"
Restrictions:
Maximum 50 tags per resource
Each resource tag must be unique with a maximum of one value.
Maximum key length: 128 Unicode characters in UTF-8
Maximum value length: 256 Unicode characters in UTF-8
Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.
Cannot use \"aws:\" as a prefix for a key.
Applies one or more tags to the map resource. A tag is a key-value pair that helps manage, identify, search, and filter your resources by labelling them.
Format: \"key\" : \"value\"
Restrictions:
Maximum 50 tags per resource
Each resource tag must be unique with a maximum of one value.
Maximum key length: 128 Unicode characters in UTF-8
Maximum value length: 256 Unicode characters in UTF-8
Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.
Cannot use \"aws:\" as a prefix for a key.
Applies one or more tags to the map resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.
Format: \"key\" : \"value\"
Restrictions:
Maximum 50 tags per resource
Each resource tag must be unique with a maximum of one value.
Maximum key length: 128 Unicode characters in UTF-8
Maximum value length: 256 Unicode characters in UTF-8
Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.
Cannot use \"aws:\" as a prefix for a key.
Applies one or more tags to the place index resource. A tag is a key-value pair that helps you manage, identify, search, and filter your resources.
Format: \"key\" : \"value\"
Restrictions:
Maximum 50 tags per resource.
Each tag key must be unique and must have exactly one associated value.
Maximum key length: 128 Unicode characters in UTF-8.
Maximum value length: 256 Unicode characters in UTF-8.
Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @
Cannot use \"aws:\" as a prefix for a key.
Applies one or more tags to the route calculator resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.
For example: { \"tag1\" : \"value1\", \"tag2\" : \"value2\"}
Format: \"key\" : \"value\"
Restrictions:
Maximum 50 tags per resource
Each resource tag must be unique with a maximum of one value.
Maximum key length: 128 Unicode characters in UTF-8
Maximum value length: 256 Unicode characters in UTF-8
Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.
Cannot use \"aws:\" as a prefix for a key.
Applies one or more tags to the tracker resource. A tag is a key-value pair helps manage, identify, search, and filter your resources by labelling them.
Format: \"key\" : \"value\"
Restrictions:
Maximum 50 tags per resource
Each resource tag must be unique with a maximum of one value.
Maximum key length: 128 Unicode characters in UTF-8
Maximum value length: 256 Unicode characters in UTF-8
Can use alphanumeric characters (A–Z, a–z, 0–9), and the following characters: + - = . _ : / @.
Cannot use \"aws:\" as a prefix for a key.
Displays the key, value pairs of tags associated with this resource.
", + "DescribeKeyResponse$Tags": "Tags associated with the API key resource.
", "DescribeMapResponse$Tags": "Tags associated with the map resource.
", "DescribePlaceIndexResponse$Tags": "Tags associated with place index resource.
", "DescribeRouteCalculatorResponse$Tags": "Tags associated with route calculator resource.
", @@ -1730,12 +1880,17 @@ "CalculateRouteMatrixRequest$DepartureTime": "Specifies the desired time of departure. Uses the given time to calculate the route matrix. You can't set both DepartureTime and DepartNow. If neither is set, the best time of day to travel with the best traffic conditions is used to calculate the route matrix.
Setting a departure time in the past returns a 400 ValidationException error.
In ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ. For example, 2020–07-2T12:15:20.000Z+01:00
Specifies the desired time of departure. Uses the given time to calculate the route. Otherwise, the best time of day to travel with the best traffic conditions is used to calculate the route.
Setting a departure time in the past returns a 400 ValidationException error.
In ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ. For example, 2020–07-2T12:15:20.000Z+01:00
The timestamp for when the geofence collection was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The optional timestamp for when the API key resource will expire in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ. One of NoExpiry or ExpireTime must be set.
The timestamp for when the API key resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the map resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the place index resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp when the route calculator resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
For example, 2020–07-2T12:15:20.000Z+01:00
The timestamp for when the tracker resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the geofence resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The timestamp for when the geofence collection was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The timestamp for when the API key resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the API key resource will expire in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the API key resource was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the map resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the map resource was last update in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the place index resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
Specifies a timestamp for when the resource was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The timestamp for when the geofence was stored in a geofence collection in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The timestamp for when the geofence was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The timestamp of when the API key was created, in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the API key resource will expire, in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp of when the API key was last updated, in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the map resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the map resource was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the place index resource was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the geofence was created in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The timestamp for when the geofence was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
The time when the geofence collection was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ
Updates the timestamp for when the API key resource will expire in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the API key resource was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the map resource was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the place index resource was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
The timestamp for when the route calculator was last updated in ISO 8601 format: YYYY-MM-DDThh:mm:ss.sssZ.
A pagination token indicating there are additional pages available. You can use the token in a following request to fetch the next set of results.
", "ListGeofencesRequest$NextToken": "The pagination token specifying which page of results to return in the response. If no token is provided, the default page is the first page.
Default value: null
A pagination token indicating there are additional pages available. You can use the token in a following request to fetch the next set of results.
", + "ListKeysRequest$NextToken": "The pagination token specifying which page of results to return in the response. If no token is provided, the default page is the first page.
Default value: null
A pagination token indicating there are additional pages available. You can use the token in a following request to fetch the next set of results.
", "ListMapsRequest$NextToken": "The pagination token specifying which page of results to return in the response. If no token is provided, the default page is the first page.
Default value: null
A pagination token indicating there are additional pages available. You can use the token in a following request to fetch the next set of results.
", "ListPlaceIndexesRequest$NextToken": "The pagination token specifying which page of results to return in the response. If no token is provided, the default page is the first page.
Default value: null
Provides information about the number of S3 buckets that are publicly accessible based on a combination of permissions settings for each bucket.
", + "base" : "Provides information about the number of S3 buckets that are publicly accessible due to a combination of permissions settings for each bucket.
", "refs" : { - "GetBucketStatisticsResponse$BucketCountByEffectivePermission" : "The total number of buckets that are publicly accessible based on a combination of permissions settings for each bucket.
" + "GetBucketStatisticsResponse$BucketCountByEffectivePermission" : "The total number of buckets that are publicly accessible due to a combination of permissions settings for each bucket.
" } }, "BucketCountByEncryptionType" : { @@ -225,9 +225,9 @@ } }, "BucketCountBySharedAccessType" : { - "base" : "Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts.
", + "base" : "Provides information about the number of S3 buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs). In this data, an Amazon Macie organization is defined as a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
", "refs" : { - "GetBucketStatisticsResponse$BucketCountBySharedAccessType" : "The total number of buckets that are or aren't shared with another Amazon Web Services account.
" + "GetBucketStatisticsResponse$BucketCountBySharedAccessType" : "The total number of buckets that are or aren't shared with other Amazon Web Services accounts, Amazon CloudFront origin access identities (OAIs), or CloudFront origin access controls (OACs).
" } }, "BucketCountPolicyAllowsUnencryptedObjectUploads" : { @@ -255,7 +255,7 @@ } }, "BucketMetadata" : { - "base" : "Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. If an error occurs when Macie attempts to retrieve and process metadata from Amazon S3 for the bucket and the bucket's objects, the value for the versioning property is false and the value for most other properties is null. Key exceptions are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause of the error, refer to the errorCode and errorMessage values.
", + "base" : "Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.
If an error occurs when Macie attempts to retrieve and process metadata from Amazon S3 for the bucket or the bucket's objects, the value for the versioning property is false and the value for most other properties is null. Key exceptions are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify the cause of the error, refer to the errorCode and errorMessage values.
", "refs" : { "__listOfBucketMetadata$member" : null } @@ -263,8 +263,8 @@ "BucketMetadataErrorCode" : { "base" : "The error code for an error that prevented Amazon Macie from retrieving and processing metadata from Amazon S3 for an S3 bucket and the bucket's objects.
", "refs" : { - "BucketMetadata$ErrorCode" : "Specifies the error code for an error that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. If this value is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. If this value is null, Macie was able to retrieve and process the information.
", - "MatchingBucket$ErrorCode" : "Specifies the error code for an error that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. If this value is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. If this value is null, Macie was able to retrieve and process the information.
" + "BucketMetadata$ErrorCode" : "The error code for an error that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. If this value is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. If this value is null, Macie was able to retrieve and process the information.
", + "MatchingBucket$ErrorCode" : "The error code for an error that prevented Amazon Macie from retrieving and processing information about the bucket and the bucket's objects. If this value is ACCESS_DENIED, Macie doesn't have permission to retrieve the information. For example, the bucket has a restrictive bucket policy and Amazon S3 denied the request. If this value is null, Macie was able to retrieve and process the information.
" } }, "BucketPermissionConfiguration" : { @@ -353,8 +353,8 @@ "ClassificationScopeName" : { "base" : "The name of the classification scope.
", "refs" : { - "ClassificationScopeSummary$Name" : "The name of the classification scope.
", - "GetClassificationScopeResponse$Name" : "The name of the classification scope.
" + "ClassificationScopeSummary$Name" : "The name of the classification scope: automated-sensitive-data-discovery.
", + "GetClassificationScopeResponse$Name" : "The name of the classification scope: automated-sensitive-data-discovery.
" } }, "ClassificationScopeSummary" : { @@ -703,7 +703,7 @@ "refs" : { } }, "GetBucketStatisticsResponse" : { - "base" : "Provides the results of a query that retrieved aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes for your account.
", + "base" : "Provides the results of a query that retrieved aggregated statistical data for all the S3 buckets that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.
", "refs" : { } }, "GetClassificationExportConfigurationResponse" : { @@ -1073,7 +1073,7 @@ } }, "MatchingBucket" : { - "base" : "Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. If an error occurs when Macie attempts to retrieve and process information about the bucket or the bucket's objects, the value for most of these properties is null. Key exceptions are accountId and bucketName. To identify the cause of the error, refer to the errorCode and errorMessage values.
", + "base" : "Provides statistical data and other information about an S3 bucket that Amazon Macie monitors and analyzes for your account. By default, object count and storage size values include data for object parts that are the result of incomplete multipart uploads. For more information, see How Macie monitors Amazon S3 data security in the Amazon Macie User Guide.
If an error occurs when Macie attempts to retrieve and process information about the bucket or the bucket's objects, the value for most of these properties is null. Key exceptions are accountId and bucketName. To identify the cause of the error, refer to the errorCode and errorMessage values.
", "refs" : { "MatchingResource$MatchingBucket" : "The details of an S3 bucket that Amazon Macie monitors and analyzes.
" } @@ -1105,7 +1105,7 @@ "ObjectCountByEncryptionType" : { "base" : "Provides information about the number of objects that are in an S3 bucket and use certain types of server-side encryption, use client-side encryption, or aren't encrypted.
", "refs" : { - "BucketMetadata$ObjectCountByEncryptionType" : "The total number of objects that are in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
", + "BucketMetadata$ObjectCountByEncryptionType" : "The total number of objects in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
", "MatchingBucket$ObjectCountByEncryptionType" : "The total number of objects in the bucket, grouped by server-side encryption type. This includes a grouping that reports the total number of objects that aren't encrypted or use client-side encryption.
" } }, @@ -1175,7 +1175,7 @@ "refs" : { } }, "Range" : { - "base" : "Specifies the location of an occurrence of sensitive data in a non-binary text file, such as an HTML, TXT, or XML file.
", + "base" : "Specifies the location of an occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file.
", "refs" : { "Page$LineRange" : "Reserved for future use.
", "Page$OffsetRange" : "Reserved for future use.
", @@ -1185,7 +1185,7 @@ "Ranges" : { "base" : "Specifies the locations of occurrences of sensitive data in a non-binary text file.
", "refs" : { - "Occurrences$LineRanges" : "An array of objects, one for each occurrence of sensitive data in a non-binary text file, such as an HTML, TXT, or XML file. Each Range object specifies a line or inclusive range of lines that contains the sensitive data, and the position of the data on the specified line or lines.
This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptions are the location of sensitive data in: unstructured sections of an otherwise structured file, such as a comment in a file; a malformed file that Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column names that contain sensitive data.
", + "Occurrences$LineRanges" : "An array of objects, one for each occurrence of sensitive data in an email message or a non-binary text file such as an HTML, TXT, or XML file. Each Range object specifies a line or inclusive range of lines that contains the sensitive data, and the position of the data on the specified line or lines.
This value is often null for file types that are supported by Cell, Page, or Record objects. Exceptions are the location of sensitive data in: unstructured sections of an otherwise structured file, such as a comment in a file; a malformed file that Amazon Macie analyzes as plain text; and, a CSV or TSV file that has any column names that contain sensitive data.
", "Occurrences$OffsetRanges" : "Reserved for future use.
" } }, @@ -1456,7 +1456,7 @@ "refs" : { "BucketStatisticsBySensitivity$ClassificationError" : "The aggregated statistical data for all buckets that have a sensitivity score of -1.
", "BucketStatisticsBySensitivity$NotClassified" : "The aggregated statistical data for all buckets that have a sensitivity score of 50.
", - "BucketStatisticsBySensitivity$NotSensitive" : "The aggregated statistical data for all buckets that have a sensitivity score of 0-49.
", + "BucketStatisticsBySensitivity$NotSensitive" : "The aggregated statistical data for all buckets that have a sensitivity score of 1-49.
", "BucketStatisticsBySensitivity$Sensitive" : "The aggregated statistical data for all buckets that have a sensitivity score of 51-100.
" } }, @@ -1551,7 +1551,7 @@ "SharedAccess" : { "base" : null, "refs" : { - "BucketMetadata$SharedAccess" : "Specifies whether the bucket is shared with another Amazon Web Services account. Possible values are:
EXTERNAL - The bucket is shared with an Amazon Web Services account that isn't part of the same Amazon Macie organization.
INTERNAL - The bucket is shared with an Amazon Web Services account that's part of the same Amazon Macie organization.
NOT_SHARED - The bucket isn't shared with other Amazon Web Services accounts.
UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.
Specifies whether the bucket is shared with another Amazon Web Services account, an Amazon CloudFront origin access identity (OAI), or a CloudFront origin access control (OAC). Possible values are:
EXTERNAL - The bucket is shared with one or more of the following or any combination of the following: an Amazon Web Services account that isn't part of your Amazon Macie organization, a CloudFront OAI, or a CloudFront OAC.
INTERNAL - The bucket is shared with one or more Amazon Web Services accounts that are part of your Amazon Macie organization. It isn't shared with a CloudFront OAI or OAC.
NOT_SHARED - The bucket isn't shared with another Amazon Web Services account, a CloudFront OAI, or a CloudFront OAC.
UNKNOWN - Amazon Macie wasn't able to evaluate the shared access settings for the bucket.
An Amazon Macie organization is a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
" } }, "SimpleCriterionForJob" : { @@ -1889,7 +1889,7 @@ "GetCustomDataIdentifierResponse$Deleted" : "Specifies whether the custom data identifier was deleted. If you delete a custom data identifier, Amazon Macie doesn't delete it permanently. Instead, it soft deletes the identifier.
", "GetResourceProfileResponse$SensitivityScoreOverridden" : "Specifies whether the bucket's current sensitivity score was set manually. If this value is true, the score was manually changed to 100. If this value is false, the score was calculated automatically by Amazon Macie.
", "ReplicationDetails$Replicated" : "Specifies whether the bucket is configured to replicate one or more objects to any destination.
", - "ReplicationDetails$ReplicatedExternally" : "Specifies whether the bucket is configured to replicate one or more objects to an Amazon Web Services account that isn't part of the same Amazon Macie organization.
", + "ReplicationDetails$ReplicatedExternally" : "Specifies whether the bucket is configured to replicate one or more objects to a bucket for an Amazon Web Services account that isn't part of your Amazon Macie organization. An Amazon Macie organization is a set of Macie accounts that are centrally managed as a group of related accounts through Organizations or by Macie invitation.
", "ResourceProfileArtifact$Sensitive" : "Specifies whether Amazon Macie found sensitive data in the object.
", "S3Object$PublicAccess" : "Specifies whether the object is publicly accessible due to the combination of permissions settings that apply to the object.
", "SecurityHubConfiguration$PublishClassificationFindings" : "Specifies whether to publish sensitive data findings to Security Hub. If you set this value to true, Amazon Macie automatically publishes all sensitive data findings that weren't suppressed by a findings filter. The default value is false.
", @@ -1911,7 +1911,7 @@ "__integer" : { "base" : null, "refs" : { - "BucketMetadata$SensitivityScore" : "The sensitivity score for the bucket, ranging from -1 (no analysis due to an error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.
", + "BucketMetadata$SensitivityScore" : "The sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.
", "CreateClassificationJobRequest$SamplingPercentage" : "The sampling depth, as a percentage, for the job to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.
", "CreateCustomDataIdentifierRequest$MaximumMatchDistance" : "The maximum number of characters that can exist between the end of at least one complete character sequence specified by the keywords array and the end of the text that matches the regex pattern. If a complete keyword precedes all the text that matches the pattern and the keyword is within the specified distance, Amazon Macie includes the result. The distance can be 1-300 characters. The default value is 50.
", "CreateFindingsFilterRequest$Position" : "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
", @@ -1920,12 +1920,12 @@ "GetCustomDataIdentifierResponse$MaximumMatchDistance" : "The maximum number of characters that can exist between the end of at least one complete character sequence specified by the keywords array and the end of the text that matches the regex pattern. If a complete keyword precedes all the text that matches the pattern and the keyword is within the specified distance, Amazon Macie includes the result. Otherwise, Macie excludes the result.
", "GetFindingStatisticsRequest$Size" : "The maximum number of items to include in each page of the response.
", "GetFindingsFilterResponse$Position" : "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.
", - "GetResourceProfileResponse$SensitivityScore" : "The current sensitivity score for the bucket, ranging from -1 (no analysis due to an error) to 100 (sensitive). By default, this score is calculated automatically based on the amount of data that Amazon Macie has analyzed in the bucket and the amount of sensitive data that Macie has found in the bucket.
", + "GetResourceProfileResponse$SensitivityScore" : "The current sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). By default, this score is calculated automatically based on the amount of data that Amazon Macie has analyzed in the bucket and the amount of sensitive data that Macie has found in the bucket.
", "GetUsageStatisticsRequest$MaxResults" : "The maximum number of items to include in each page of the response.
", "ListClassificationJobsRequest$MaxResults" : "The maximum number of items to include in each page of the response.
", "ListCustomDataIdentifiersRequest$MaxResults" : "The maximum number of items to include in each page of the response.
", "ListFindingsRequest$MaxResults" : "The maximum number of items to include in each page of the response.
", - "MatchingBucket$SensitivityScore" : "The current sensitivity score for the bucket, ranging from -1 (no analysis due to an error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.
", + "MatchingBucket$SensitivityScore" : "The current sensitivity score for the bucket, ranging from -1 (classification error) to 100 (sensitive). This value is null if automated sensitive data discovery is currently disabled for your account.
", "MonthlySchedule$DayOfMonth" : "The numeric day of the month when Amazon Macie runs the job. This value can be an integer from 1 through 31.
If this value exceeds the number of days in a certain month, Macie doesn't run the job that month. Macie runs the job only during months that have the specified day. For example, if this value is 31 and a month has only 30 days, Macie doesn't run the job that month. To run the job every month, specify a value that's less than 29.
", "SearchResourcesRequest$MaxResults" : "The maximum number of items to include in each page of the response. The default value is 50.
", "TestCustomDataIdentifierRequest$MaximumMatchDistance" : "The maximum number of characters that can exist between the end of at least one complete character sequence specified by the keywords array and the end of the text that matches the regex pattern. If a complete keyword precedes all the text that matches the pattern and the keyword is within the specified distance, Amazon Macie includes the result. The distance can be 1-300 characters. The default value is 50.
", @@ -2064,7 +2064,7 @@ "__listOfResourceProfileArtifact" : { "base" : null, "refs" : { - "ListResourceProfileArtifactsResponse$Artifacts" : "An array of objects, one for each S3 object that Amazon Macie selected for analysis.
" + "ListResourceProfileArtifactsResponse$Artifacts" : "An array of objects, one for each of 1-100 S3 objects that Amazon Macie selected for analysis.
If Macie has analyzed more than 100 objects in the bucket, Macie populates the array based on the value for the ResourceProfileArtifact.sensitive field for an object: true (sensitive), followed by false (not sensitive). Macie then populates any remaining items in the array with information about objects where the value for the ResourceProfileArtifact.classificationResultStatus field is SKIPPED.
" } }, "__listOfS3BucketDefinitionForJob" : { @@ -2181,7 +2181,7 @@ "GetFindingsRequest$FindingIds" : "An array of strings that lists the unique identifiers for the findings to retrieve. You can specify as many as 50 unique identifiers in this array.
", "ListFindingsResponse$FindingIds" : "An array of strings, where each string is the unique identifier for a finding that matches the filter criteria specified in the request.
", "ListJobsFilterTerm$Values" : "An array that lists one or more values to use to filter the results.
", - "ReplicationDetails$ReplicationAccounts" : "An array of Amazon Web Services account IDs, one for each Amazon Web Services account that the bucket is configured to replicate one or more objects to.
", + "ReplicationDetails$ReplicationAccounts" : "An array of Amazon Web Services account IDs, one for each Amazon Web Services account that owns a bucket that the bucket is configured to replicate one or more objects to.
", "S3BucketDefinitionForJob$Buckets" : "An array that lists the names of the buckets.
", "SearchResourcesSimpleCriterion$Values" : "An array that lists one or more values to use in the condition. If you specify multiple values, Amazon Macie uses OR logic to join the values. Valid values for each supported property (key) are:
ACCOUNT_ID - A string that represents the unique identifier for the Amazon Web Services account that owns the resource.
S3_BUCKET_EFFECTIVE_PERMISSION - A string that represents an enumerated value that Macie defines for the BucketPublicAccess.effectivePermission property of an S3 bucket.
S3_BUCKET_NAME - A string that represents the name of an S3 bucket.
S3_BUCKET_SHARED_ACCESS - A string that represents an enumerated value that Macie defines for the BucketMetadata.sharedAccess property of an S3 bucket.
Values are case sensitive. Also, Macie doesn't support use of partial values or wildcard characters in values.
", "SensitivityInspectionTemplateExcludes$ManagedDataIdentifierIds" : "An array of unique identifiers, one for each managed data identifier to exclude. To retrieve a list of valid values, use the ListManagedDataIdentifiers operation.
", @@ -2206,10 +2206,10 @@ "BucketCountByEncryptionType$S3Managed" : "The total number of buckets that use an Amazon S3 managed key to encrypt new objects by default. These buckets use Amazon S3 managed encryption (SSE-S3) by default.
", "BucketCountByEncryptionType$Unencrypted" : "The total number of buckets that don't encrypt new objects by default. Default encryption is disabled for these buckets.
", "BucketCountByEncryptionType$Unknown" : "The total number of buckets that Amazon Macie doesn't have current encryption metadata for. Macie can't provide current data about the default encryption settings for these buckets.
", - "BucketCountBySharedAccessType$External" : "The total number of buckets that are shared with an Amazon Web Services account that isn't part of the same Amazon Macie organization.
", - "BucketCountBySharedAccessType$Internal" : "The total number of buckets that are shared with an Amazon Web Services account that's part of the same Amazon Macie organization.
", - "BucketCountBySharedAccessType$NotShared" : "The total number of buckets that aren't shared with other Amazon Web Services accounts.
", - "BucketCountBySharedAccessType$Unknown" : "The total number of buckets that Amazon Macie wasn't able to evaluate shared access settings for. Macie can't determine whether these buckets are shared with other Amazon Web Services accounts.
", + "BucketCountBySharedAccessType$External" : "The total number of buckets that are shared with one or more of the following or any combination of the following: an Amazon Web Services account that isn't in the same Amazon Macie organization, an Amazon CloudFront OAI, or a CloudFront OAC.
", + "BucketCountBySharedAccessType$Internal" : "The total number of buckets that are shared with one or more Amazon Web Services accounts in the same Amazon Macie organization. These buckets aren't shared with Amazon CloudFront OAIs or OACs.
", + "BucketCountBySharedAccessType$NotShared" : "The total number of buckets that aren't shared with other Amazon Web Services accounts, Amazon CloudFront OAIs, or CloudFront OACs.
", + "BucketCountBySharedAccessType$Unknown" : "The total number of buckets that Amazon Macie wasn't able to evaluate shared access settings for. Macie can't determine whether these buckets are shared with other Amazon Web Services accounts, Amazon CloudFront OAIs, or CloudFront OACs.
", "BucketCountPolicyAllowsUnencryptedObjectUploads$AllowsUnencryptedObjectUploads" : "The total number of buckets that don't have a bucket policy or have a bucket policy that doesn't require server-side encryption of new objects. If a bucket policy exists, the policy doesn't require PutObject requests to include a valid server-side encryption header: the x-amz-server-side-encryption header with a value of AES256 or aws:kms, or the x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
", "BucketCountPolicyAllowsUnencryptedObjectUploads$DeniesUnencryptedObjectUploads" : "The total number of buckets whose bucket policies require server-side encryption of new objects. PutObject requests for these buckets must include a valid server-side encryption header: the x-amz-server-side-encryption header with a value of AES256 or aws:kms, or the x-amz-server-side-encryption-customer-algorithm header with a value of AES256.
", "BucketCountPolicyAllowsUnencryptedObjectUploads$Unknown" : "The total number of buckets that Amazon Macie wasn't able to evaluate server-side encryption requirements for. Macie can't determine whether the bucket policies for these buckets require server-side encryption of new objects.
", @@ -2272,7 +2272,7 @@ "S3Object$Size" : "The total storage size, in bytes, of the object.
", "SensitiveDataItem$TotalCount" : "The total number of occurrences of the sensitive data that was detected.
", "SensitivityAggregations$ClassifiableSizeInBytes" : "The total storage size, in bytes, of all the objects that Amazon Macie can analyze in the buckets. These objects use a supported storage class and have a file name extension for a supported file or storage format.
If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each applicable object in the buckets. This value doesn't reflect the storage size of all versions of all applicable objects in the buckets.
", - "SensitivityAggregations$PubliclyAccessibleCount" : "The total number of buckets that are publicly accessible based on a combination of permissions settings for each bucket.
", + "SensitivityAggregations$PubliclyAccessibleCount" : "The total number of buckets that are publicly accessible due to a combination of permissions settings for each bucket.
", "SensitivityAggregations$TotalCount" : "The total number of buckets.
", "SensitivityAggregations$TotalSizeInBytes" : "The total storage size, in bytes, of the buckets.
If versioning is enabled for any of the buckets, this value is based on the size of the latest version of each object in the buckets. This value doesn't reflect the storage size of all versions of the objects in the buckets.
", "ServiceLimit$Value" : "The value for the metric specified by the UsageByAccount.type field in the response.
", @@ -2318,7 +2318,7 @@ "ClassificationDetails$JobId" : "The unique identifier for the classification job that produced the finding. This value is null if the origin of the finding (originType) is AUTOMATED_SENSITIVE_DATA_DISCOVERY.
", "ClassificationResult$MimeType" : "The type of content, as a MIME type, that the finding applies to. For example, application/gzip, for a GNU Gzip compressed archive file, or application/pdf, for an Adobe Portable Document Format file.
", "ClassificationResultStatus$Code" : "The status of the finding. Possible values are:
COMPLETE - Amazon Macie successfully completed its analysis of the S3 object that the finding applies to.
PARTIAL - Macie analyzed only a subset of the data in the S3 object that the finding applies to. For example, the object is an archive file that contains files in an unsupported format.
SKIPPED - Macie wasn't able to analyze the S3 object that the finding applies to. For example, the object is a file that uses an unsupported format.
A brief description of the status of the finding. This value is null if the status (code) of the finding is COMPLETE.
Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding and the affected S3 object. Possible values are:
ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and Macie extracted and analyzed only some or none of the files in the archive. To determine which files Macie analyzed, if any, you can refer to the corresponding sensitive data discovery result for the finding (ClassificationDetails.detailedResultsLocation).
ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total storage size exceeds the size quota for this type of archive.
ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose nested depth exceeds the quota for the maximum number of nested levels that Macie analyzes for this type of archive.
ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file that exceeds the quota for the maximum amount of data that Macie extracts and analyzes for this type of archive.
ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive file that contains more than the maximum number of files that Macie extracts and analyzes for this type of archive.
FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size quota for this type of file.
INVALID_ENCRYPTION - The object is encrypted using server-side encryption but Macie isn’t allowed to use the key. Macie can’t decrypt and analyze the object.
INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled or is being deleted. Macie can’t decrypt and analyze the object.
INVALID_OBJECT_STATE - The object doesn’t use a supported Amazon S3 storage class. For more information, see Discovering sensitive data in the Amazon Macie User Guide.
JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the nested depth of the data exceeds the quota for the number of nested levels that Macie analyzes for this type of file.
MALFORMED_FILE - The object is a malformed or corrupted file. An error occurred when Macie attempted to detect the file’s type or extract data from the file.
OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing it.
NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted shortly before or when Macie attempted to analyze the object.
MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office file that is malformed or exceeds the size quota for this type of file. If the file is malformed, an error occurred when Macie attempted to extract data from the file.
OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML file that exceeds the size quota for this type of file.
OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML file whose compression ratio exceeds the compression quota for this type of file.
PERMISSION_DENIED - Macie isn’t allowed to access the object. The object’s permissions settings prevent Macie from analyzing the object.
SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before or when Macie attempted to analyze it.
UNABLE_TO_PARSE_FILE - The object is a file that contains structured data and an error occurred when Macie attempted to parse the data.
UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an unsupported file or storage format. For more information, see Supported file and storage formats in the Amazon Macie User Guide.
For information about sensitive data discovery quotas for files, see Amazon Macie quotas in the Amazon Macie User Guide.
", + "ClassificationResultStatus$Reason" : "A brief description of the status of the finding. This value is null if the status (code) of the finding is COMPLETE.
Amazon Macie uses this value to notify you of any errors, warnings, or considerations that might impact your analysis of the finding and the affected S3 object. Possible values are:
ARCHIVE_CONTAINS_UNPROCESSED_FILES - The object is an archive file and Macie extracted and analyzed only some or none of the files in the archive. To determine which files Macie analyzed, if any, refer to the corresponding sensitive data discovery result for the finding (ClassificationDetails.detailedResultsLocation).
ARCHIVE_EXCEEDS_SIZE_LIMIT - The object is an archive file whose total storage size exceeds the size quota for this type of archive.
ARCHIVE_NESTING_LEVEL_OVER_LIMIT - The object is an archive file whose nested depth exceeds the quota for the maximum number of nested levels that Macie analyzes for this type of archive.
ARCHIVE_TOTAL_BYTES_EXTRACTED_OVER_LIMIT - The object is an archive file that exceeds the quota for the maximum amount of data that Macie extracts and analyzes for this type of archive.
ARCHIVE_TOTAL_DOCUMENTS_PROCESSED_OVER_LIMIT - The object is an archive file that contains more than the maximum number of files that Macie extracts and analyzes for this type of archive.
FILE_EXCEEDS_SIZE_LIMIT - The storage size of the object exceeds the size quota for this type of file.
INVALID_ENCRYPTION - The object is encrypted using server-side encryption but Macie isn’t allowed to use the key. Macie can’t decrypt and analyze the object.
INVALID_KMS_KEY - The object is encrypted with an KMS key that was disabled or is being deleted. Macie can’t decrypt and analyze the object.
INVALID_OBJECT_STATE - The object doesn’t use a supported Amazon S3 storage class.
JSON_NESTING_LEVEL_OVER_LIMIT - The object contains JSON data and the nested depth of the data exceeds the quota for the number of nested levels that Macie analyzes for this type of file.
MALFORMED_FILE - The object is a malformed or corrupted file. An error occurred when Macie attempted to detect the file’s type or extract data from the file.
MALFORMED_OR_FILE_SIZE_EXCEEDS_LIMIT - The object is a Microsoft Office file that is malformed or exceeds the size quota for this type of file. If the file is malformed, an error occurred when Macie attempted to extract data from the file.
NO_SUCH_BUCKET_AVAILABLE - The object was in a bucket that was deleted shortly before or when Macie attempted to analyze the object.
OBJECT_VERSION_MISMATCH - The object was changed while Macie was analyzing it.
OOXML_UNCOMPRESSED_RATIO_EXCEEDS_LIMIT - The object is an Office Open XML file whose compression ratio exceeds the compression quota for this type of file.
OOXML_UNCOMPRESSED_SIZE_EXCEEDS_LIMIT - The object is an Office Open XML file that exceeds the size quota for this type of file.
PERMISSION_DENIED - Macie isn’t allowed to access the object. The object’s permissions settings prevent Macie from analyzing the object.
SOURCE_OBJECT_NO_LONGER_AVAILABLE - The object was deleted shortly before or when Macie attempted to analyze it.
TIME_CUT_OFF_REACHED - Macie started analyzing the object but additional analysis would exceed the time quota for analyzing an object.
UNABLE_TO_PARSE_FILE - The object is a file that contains structured data and an error occurred when Macie attempted to parse the data.
UNSUPPORTED_FILE_TYPE_EXCEPTION - The object is a file that uses an unsupported file or storage format.
For information about quotas, supported storage classes, and supported file and storage formats, see Quotas and Supported storage classes and formats in the Amazon Macie User Guide.
", "ConflictException$Message" : "The explanation of the error that occurred.
", "CreateAllowListRequest$ClientToken" : "A unique, case-sensitive token that you provide to ensure the idempotency of the request.
", "CreateClassificationJobRequest$ClientToken" : "A unique, case-sensitive token that you provide to ensure the idempotency of the request.
", @@ -2342,7 +2342,7 @@ "CustomDataIdentifierSummary$Description" : "The custom description of the custom data identifier.
", "CustomDataIdentifierSummary$Id" : "The unique identifier for the custom data identifier.
", "CustomDataIdentifierSummary$Name" : "The custom name of the custom data identifier.
", - "CustomDetection$Arn" : "The Amazon Resource Name (ARN) of the custom data identifier.
", + "CustomDetection$Arn" : "The unique identifier for the custom data identifier.
", "CustomDetection$Name" : "The name of the custom data identifier.
", "DefaultDetection$Type" : "The type of sensitive data that was detected. For example, AWS_CREDENTIALS, PHONE_NUMBER, or ADDRESS.
", "DescribeBucketsRequest$NextToken" : "The nextToken string that specifies which page of results to return in a paginated response.
", @@ -2387,11 +2387,11 @@ "GetMemberResponse$AccountId" : "The Amazon Web Services account ID for the account.
", "GetMemberResponse$AdministratorAccountId" : "The Amazon Web Services account ID for the administrator account.
", "GetMemberResponse$Arn" : "The Amazon Resource Name (ARN) of the account.
", - "GetMemberResponse$Email" : "The email address for the account.
", + "GetMemberResponse$Email" : "The email address for the account. This value is null if the account is associated with the administrator account through Organizations.
", "GetMemberResponse$MasterAccountId" : "(Deprecated) The Amazon Web Services account ID for the administrator account. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.
", "GetSensitiveDataOccurrencesResponse$Error" : "If an error occurred when Amazon Macie attempted to retrieve occurrences of sensitive data reported by the finding, a description of the error that occurred. This value is null if the status (status) of the request is PROCESSING or SUCCESS.
", "GetSensitivityInspectionTemplateResponse$Description" : "The custom description of the template.
", - "GetSensitivityInspectionTemplateResponse$Name" : "The name of the template.
", + "GetSensitivityInspectionTemplateResponse$Name" : "The name of the template: automated-sensitive-data-discovery.
", "GetUsageStatisticsRequest$NextToken" : "The nextToken string that specifies which page of results to return in a paginated response.
", "GetUsageStatisticsResponse$NextToken" : "The string to use in a subsequent request to get the next page of results in a paginated response. This value is null if there are no additional pages.
", "GroupCount$GroupKey" : "The name of the property that defines the group in the query results, as specified by the groupBy property in the query request.
", @@ -2438,7 +2438,7 @@ "Member$AccountId" : "The Amazon Web Services account ID for the account.
", "Member$AdministratorAccountId" : "The Amazon Web Services account ID for the administrator account.
", "Member$Arn" : "The Amazon Resource Name (ARN) of the account.
", - "Member$Email" : "The email address for the account.
", + "Member$Email" : "The email address for the account. This value is null if the account is associated with the administrator account through Organizations.
", "Member$MasterAccountId" : "(Deprecated) The Amazon Web Services account ID for the administrator account. This property has been replaced by the administratorAccountId property and is retained only for backward compatibility.
", "PutFindingsPublicationConfigurationRequest$ClientToken" : "A unique, case-sensitive token that you provide to ensure the idempotency of the request.
", "Record$JsonPath" : "The path, as a JSONPath expression, to the sensitive data. For an Avro object container or Parquet file, this is the path to the field in the record (recordIndex) that contains the data. For a JSON or JSON Lines file, this is the path to the field or array that contains the data. If the data is a value in an array, the path also indicates which value contains the data.
If Amazon Macie detects sensitive data in the name of any element in the path, Macie omits this field. If the name of an element exceeds 20 characters, Macie truncates the name by removing characters from the beginning of the name. If the resulting full path exceeds 250 characters, Macie also truncates the path, starting with the first element in the path, until the path contains 250 or fewer characters.
", @@ -2464,11 +2464,11 @@ "SearchResourcesTagCriterionPair$Key" : "The value for the tag key to use in the condition.
", "SearchResourcesTagCriterionPair$Value" : "The tag value to use in the condition.
", "SensitivityInspectionTemplatesEntry$Id" : "The unique identifier for the sensitivity inspection template for the account.
", - "SensitivityInspectionTemplatesEntry$Name" : "The name of the sensitivity inspection template for the account.
", + "SensitivityInspectionTemplatesEntry$Name" : "The name of the sensitivity inspection template for the account: automated-sensitive-data-discovery.
", "ServerSideEncryption$KmsMasterKeyId" : "The Amazon Resource Name (ARN) or unique identifier (key ID) for the KMS key that's used to encrypt data in the bucket or the object. This value is null if an KMS key isn't used to encrypt the data.
", "ServiceQuotaExceededException$Message" : "The explanation of the error that occurred.
", "SessionIssuer$AccountId" : "The unique identifier for the Amazon Web Services account that owns the entity that was used to get the credentials.
", - "SessionIssuer$Arn" : "The Amazon Resource Name (ARN) of the source account, IAM user, or role that was used to get the credentials.
", + "SessionIssuer$Arn" : "The Amazon Resource Name (ARN) of the source account, Identity and Access Management (IAM) user, or role that was used to get the credentials.
", "SessionIssuer$PrincipalId" : "The unique identifier for the entity that was used to get the credentials.
", "SessionIssuer$Type" : "The source of the temporary security credentials, such as Root, IAMUser, or Role.
", "SessionIssuer$UserName" : "The name or alias of the user or role that issued the session. This value is null if the credentials were obtained from a root account that doesn't have an alias.
", @@ -2487,11 +2487,11 @@ "UnprocessedAccount$AccountId" : "The Amazon Web Services account ID for the account that the request applies to.
", "UnprocessedAccount$ErrorMessage" : "The reason why the request hasn't been processed.
", "UpdateFindingsFilterRequest$ClientToken" : "A unique, case-sensitive token that you provide to ensure the idempotency of the request.
", - "UpdateFindingsFilterRequest$Description" : "A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.
", - "UpdateFindingsFilterRequest$Name" : "A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.
", + "UpdateFindingsFilterRequest$Description" : "A custom description of the filter. The description can contain as many as 512 characters.
We strongly recommend that you avoid including any sensitive data in the description of a filter. Other users of your account might be able to see this description, depending on the actions that they're allowed to perform in Amazon Macie.
", + "UpdateFindingsFilterRequest$Name" : "A custom name for the filter. The name must contain at least 3 characters and can contain as many as 64 characters.
We strongly recommend that you avoid including any sensitive data in the name of a filter. Other users of your account might be able to see this name, depending on the actions that they're allowed to perform in Amazon Macie.
", "UpdateFindingsFilterResponse$Arn" : "The Amazon Resource Name (ARN) of the filter that was updated.
", "UpdateFindingsFilterResponse$Id" : "The unique identifier for the filter that was updated.
", - "UpdateSensitivityInspectionTemplateRequest$Description" : "A custom description of the template.
", + "UpdateSensitivityInspectionTemplateRequest$Description" : "A custom description of the template. The description can contain as many as 200 characters.
", "UsageByAccount$EstimatedCost" : "The estimated value for the metric.
", "UsageRecord$AccountId" : "The unique identifier for the Amazon Web Services account that the data applies to.
", "UsageTotal$EstimatedCost" : "The estimated value for the metric.
", @@ -2573,9 +2573,9 @@ "ApiCallDetails$FirstSeen" : "The first date and time, in UTC and extended ISO 8601 format, when any operation was invoked and produced the finding.
", "ApiCallDetails$LastSeen" : "The most recent date and time, in UTC and extended ISO 8601 format, when the specified operation (api) was invoked and produced the finding.
", "BatchGetCustomDataIdentifierSummary$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
", - "BucketMetadata$BucketCreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the bucket was created, or changes such as edits to the bucket's policy were most recently made to the bucket.
", - "BucketMetadata$LastAutomatedDiscoveryTime" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently performed automated sensitive data discovery for the bucket. This value is null if automated sensitive data discovery is currently disabled for your account.
", - "BucketMetadata$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved both bucket and object metadata from Amazon S3 for the bucket.
", + "BucketMetadata$BucketCreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket.
", + "BucketMetadata$LastAutomatedDiscoveryTime" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.
", + "BucketMetadata$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved bucket or object metadata from Amazon S3 for the bucket.
", "CustomDataIdentifierSummary$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
", "DescribeClassificationJobResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the job was created.
", "DescribeClassificationJobResponse$LastRunTime" : "The date and time, in UTC and extended ISO 8601 format, when the job started. If the job is a recurring job, this value indicates when the most recent run started or, if the job hasn't run yet, when the job was created.
", @@ -2583,20 +2583,20 @@ "Finding$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie last updated the finding. For sensitive data findings, this value is the same as the value for the createdAt property. All sensitive data findings are considered new.
", "GetAllowListResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the allow list was created in Amazon Macie.
", "GetAllowListResponse$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the allow list's settings were most recently changed in Amazon Macie.
", - "GetBucketStatisticsResponse$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved both bucket and object metadata from Amazon S3 for the buckets.
", + "GetBucketStatisticsResponse$LastUpdated" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently retrieved bucket or object metadata from Amazon S3 for the buckets.
", "GetCustomDataIdentifierResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the custom data identifier was created.
", "GetMacieSessionResponse$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the Amazon Macie account was created.
", "GetMacieSessionResponse$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the Amazon Macie account.
", - "GetMemberResponse$InvitedAt" : "The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if an invitation hasn't been sent to the account.
", + "GetMemberResponse$InvitedAt" : "The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie membership invitation hasn't been sent to the account.
", "GetMemberResponse$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the relationship between the account and the administrator account.
", "GetResourceProfileResponse$ProfileUpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently recalculated sensitive data discovery statistics and details for the bucket. If the bucket's sensitivity score is calculated automatically, this includes the score.
", "Invitation$InvitedAt" : "The date and time, in UTC and extended ISO 8601 format, when the invitation was sent.
", "JobDetails$LastJobRunTime" : "The date and time, in UTC and extended ISO 8601 format, when the job (lastJobId) started. If the job is a recurring job, this value indicates when the most recent run started.
This value is typically null if the value for the isDefinedInJob property is FALSE or UNKNOWN.
", "JobSummary$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the job was created.
", - "MatchingBucket$LastAutomatedDiscoveryTime" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently performed automated sensitive data discovery for the bucket. This value is null if automated sensitive data discovery is currently disabled for your account.
", - "Member$InvitedAt" : "The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if an invitation hasn't been sent to the account.
", + "MatchingBucket$LastAutomatedDiscoveryTime" : "The date and time, in UTC and extended ISO 8601 format, when Amazon Macie most recently analyzed data in the bucket while performing automated sensitive data discovery for your account. This value is null if automated sensitive data discovery is currently disabled for your account.
", + "Member$InvitedAt" : "The date and time, in UTC and extended ISO 8601 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie membership invitation hasn't been sent to the account.
", "Member$UpdatedAt" : "The date and time, in UTC and extended ISO 8601 format, of the most recent change to the status of the relationship between the account and the administrator account.
", - "S3Bucket$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the bucket was created.
", + "S3Bucket$CreatedAt" : "The date and time, in UTC and extended ISO 8601 format, when the bucket was created. This value can also indicate when changes such as edits to the bucket's policy were most recently made to the bucket, relative to when the finding was created or last updated.
", "S3Object$LastModified" : "The date and time, in UTC and extended ISO 8601 format, when the object was last modified.
", "SessionContextAttributes$CreationDate" : "The date and time, in UTC and ISO 8601 format, when the credentials were issued.
", "UsageRecord$AutomatedDiscoveryFreeTrialStartDate" : "The date and time, in UTC and extended ISO 8601 format, when the free trial of automated sensitive data discovery started for the account. If the account is a member account in an organization, this value is the same as the value for the organization's Amazon Macie administrator account.
", diff --git a/models/apis/macie2/2020-01-01/endpoint-rule-set-1.json b/models/apis/macie2/2020-01-01/endpoint-rule-set-1.json index 2366ba3ed8c..cca5913612c 100644 --- a/models/apis/macie2/2020-01-01/endpoint-rule-set-1.json +++ b/models/apis/macie2/2020-01-01/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,90 +111,215 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] }, - "supportsFIPS" + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://macie2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] }, { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://macie2-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://macie2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsFIPS" + true + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://macie2.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -222,7 +327,7 @@ { "conditions": [], "endpoint": { - "url": "https://macie2-fips.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://macie2.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -231,74 +336,13 @@ ] } ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://macie2.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "endpoint": { - "url": "https://macie2.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/models/apis/macie2/2020-01-01/endpoint-tests-1.json b/models/apis/macie2/2020-01-01/endpoint-tests-1.json index 04c290b5e71..5954a322a0c 100644 --- a/models/apis/macie2/2020-01-01/endpoint-tests-1.json +++ b/models/apis/macie2/2020-01-01/endpoint-tests-1.json @@ -1,614 +1,55 @@ { "testCases": [ { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.ap-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "ap-south-1", - "UseDualStack": true - } - }, - { - "documentation": "For region ap-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "ap-south-1", - "UseDualStack": false - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.ap-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "ap-south-1", - "UseDualStack": true - } - }, - { - "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.ap-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "ap-south-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-south-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-south-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-south-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-south-1", - "UseDualStack": false - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.ca-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "ca-central-1", - "UseDualStack": true - } - }, - { - "documentation": "For region ca-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "ca-central-1", - "UseDualStack": false - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.ca-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "ca-central-1", - "UseDualStack": true - } - }, - { - "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.ca-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "ca-central-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-central-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-central-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-central-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-central-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-central-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-central-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-central-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-central-1", - "UseDualStack": false - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.us-west-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "us-west-1", - "UseDualStack": true - } - }, - { - "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.us-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "us-west-1", - "UseDualStack": false - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.us-west-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "us-west-1", - "UseDualStack": true - } - }, - { - "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.us-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "us-west-1", - "UseDualStack": false - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.us-west-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "us-west-2", - "UseDualStack": true - } - }, - { - "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.us-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "us-west-2", - "UseDualStack": false - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.us-west-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "us-west-2", - "UseDualStack": true - } - }, - { - "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.us-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "us-west-2", - "UseDualStack": false - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.af-south-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "af-south-1", - "UseDualStack": true - } - }, - { - "documentation": "For region af-south-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.af-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "af-south-1", - "UseDualStack": false - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.af-south-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "af-south-1", - "UseDualStack": true - } - }, - { - "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.af-south-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "af-south-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-north-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-north-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-north-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-north-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-north-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-north-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-north-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-north-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-west-3.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-west-3", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-west-3 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-west-3", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-west-3.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-west-3", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-west-3.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-west-3", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-west-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-west-2", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-west-2 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-west-2", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-west-2.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-west-2", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-west-2.amazonaws.com" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-west-2", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-west-1.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-west-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-west-1 with FIPS enabled and DualStack disabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.eu-west-1.amazonaws.com" - } - }, - "params": { - "UseFIPS": true, - "Region": "eu-west-1", - "UseDualStack": false - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2.eu-west-1.api.aws" - } - }, - "params": { - "UseFIPS": false, - "Region": "eu-west-1", - "UseDualStack": true - } - }, - { - "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", + "documentation": "For region af-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.eu-west-1.amazonaws.com" + "url": "https://macie2.af-south-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "eu-west-1", - "UseDualStack": false + "Region": "af-south-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack enabled", + "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-northeast-3.api.aws" + "url": "https://macie2.ap-east-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-northeast-3", - "UseDualStack": true + "Region": "ap-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-3 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-northeast-3.amazonaws.com" + "url": "https://macie2.ap-northeast-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-northeast-3", - "UseDualStack": false + "Region": "ap-northeast-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-3 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-northeast-3.api.aws" + "url": "https://macie2.ap-northeast-2.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-northeast-3", - "UseDualStack": true + "Region": "ap-northeast-2", + "UseDualStack": false, + "UseFIPS": false } }, { @@ -619,152 +60,139 @@ } }, "params": { - "UseFIPS": false, "Region": "ap-northeast-3", - "UseDualStack": false - } - }, - { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack enabled", - "expect": { - "endpoint": { - "url": "https://macie2-fips.ap-northeast-2.api.aws" - } - }, - "params": { - "UseFIPS": true, - "Region": "ap-northeast-2", - "UseDualStack": true + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region ap-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-northeast-2.amazonaws.com" + "url": "https://macie2.ap-south-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-northeast-2", - "UseDualStack": false + "Region": "ap-south-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-northeast-2.api.aws" + "url": "https://macie2.ap-southeast-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-northeast-2", - "UseDualStack": true + "Region": "ap-southeast-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-northeast-2.amazonaws.com" + "url": "https://macie2.ap-southeast-2.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-northeast-2", - "UseDualStack": false + "Region": "ap-southeast-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region ca-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-northeast-1.api.aws" + "url": "https://macie2.ca-central-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-northeast-1", - "UseDualStack": true + "Region": "ca-central-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-central-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-northeast-1.amazonaws.com" + "url": "https://macie2.eu-central-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-northeast-1", - "UseDualStack": false + "Region": "eu-central-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region eu-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-northeast-1.api.aws" + "url": "https://macie2.eu-north-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-northeast-1", - "UseDualStack": true + "Region": "eu-north-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-northeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region eu-south-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-northeast-1.amazonaws.com" + "url": "https://macie2.eu-south-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-northeast-1", - "UseDualStack": false + "Region": "eu-south-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region me-south-1 with FIPS enabled and DualStack enabled", + "documentation": "For region eu-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.me-south-1.api.aws" + "url": "https://macie2.eu-west-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "me-south-1", - "UseDualStack": true + "Region": "eu-west-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region me-south-1 with FIPS enabled and DualStack disabled", + "documentation": "For region eu-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.me-south-1.amazonaws.com" + "url": "https://macie2.eu-west-2.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "me-south-1", - "UseDualStack": false + "Region": "eu-west-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region me-south-1 with FIPS disabled and DualStack enabled", + "documentation": "For region eu-west-3 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.me-south-1.api.aws" + "url": "https://macie2.eu-west-3.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "me-south-1", - "UseDualStack": true + "Region": "eu-west-3", + "UseDualStack": false, + "UseFIPS": false } }, { @@ -775,334 +203,334 @@ } }, "params": { - "UseFIPS": false, "Region": "me-south-1", - "UseDualStack": false + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.sa-east-1.api.aws" + "url": "https://macie2.sa-east-1.amazonaws.com" } }, "params": { - "UseFIPS": true, "Region": "sa-east-1", - "UseDualStack": true + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.sa-east-1.amazonaws.com" + "url": "https://macie2.us-east-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "sa-east-1", - "UseDualStack": false + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.sa-east-1.api.aws" + "url": "https://macie2-fips.us-east-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "sa-east-1", - "UseDualStack": true + "Region": "us-east-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region sa-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.sa-east-1.amazonaws.com" + "url": "https://macie2.us-east-2.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "sa-east-1", - "UseDualStack": false + "Region": "us-east-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-east-1.api.aws" + "url": "https://macie2-fips.us-east-2.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-east-1", - "UseDualStack": true + "Region": "us-east-2", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region ap-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-west-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-east-1.amazonaws.com" + "url": "https://macie2.us-west-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-east-1", - "UseDualStack": false + "Region": "us-west-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-west-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-east-1.api.aws" + "url": "https://macie2-fips.us-west-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-east-1", - "UseDualStack": true + "Region": "us-west-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region ap-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-west-2 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-east-1.amazonaws.com" + "url": "https://macie2.us-west-2.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "ap-east-1", - "UseDualStack": false + "Region": "us-west-2", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-west-2 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-southeast-1.api.aws" + "url": "https://macie2-fips.us-west-2.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "ap-southeast-1", - "UseDualStack": true + "Region": "us-west-2", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-southeast-1.amazonaws.com" + "url": "https://macie2-fips.us-east-1.api.aws" } }, "params": { - "UseFIPS": true, - "Region": "ap-southeast-1", - "UseDualStack": false + "Region": "us-east-1", + "UseDualStack": true, + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://macie2.ap-southeast-1.api.aws" + "url": "https://macie2.us-east-1.api.aws" } }, "params": { - "UseFIPS": false, - "Region": "ap-southeast-1", - "UseDualStack": true + "Region": "us-east-1", + "UseDualStack": true, + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-1 with FIPS disabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://macie2.ap-southeast-1.amazonaws.com" + "url": "https://macie2-fips.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseFIPS": false, - "Region": "ap-southeast-1", - "UseDualStack": false + "Region": "cn-north-1", + "UseDualStack": true, + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-southeast-2.api.aws" + "url": "https://macie2-fips.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseFIPS": true, - "Region": "ap-southeast-2", - "UseDualStack": true + "Region": "cn-north-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region ap-southeast-2 with FIPS enabled and DualStack disabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://macie2-fips.ap-southeast-2.amazonaws.com" + "url": "https://macie2.cn-north-1.api.amazonwebservices.com.cn" } }, "params": { - "UseFIPS": true, - "Region": "ap-southeast-2", - "UseDualStack": false + "Region": "cn-north-1", + "UseDualStack": true, + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack enabled", + "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.ap-southeast-2.api.aws" + "url": "https://macie2.cn-north-1.amazonaws.com.cn" } }, "params": { - "UseFIPS": false, - "Region": "ap-southeast-2", - "UseDualStack": true + "Region": "cn-north-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region ap-southeast-2 with FIPS disabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://macie2.ap-southeast-2.amazonaws.com" + "url": "https://macie2-fips.us-gov-east-1.api.aws" } }, "params": { - "UseFIPS": false, - "Region": "ap-southeast-2", - "UseDualStack": false + "Region": "us-gov-east-1", + "UseDualStack": true, + "UseFIPS": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.us-east-1.api.aws" + "url": "https://macie2-fips.us-gov-east-1.amazonaws.com" } }, "params": { - "UseFIPS": true, - "Region": "us-east-1", - "UseDualStack": true + "Region": "us-gov-east-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled", "expect": { "endpoint": { - "url": "https://macie2-fips.us-east-1.amazonaws.com" + "url": "https://macie2.us-gov-east-1.api.aws" } }, "params": { - "UseFIPS": true, - "Region": "us-east-1", - "UseDualStack": false + "Region": "us-gov-east-1", + "UseDualStack": true, + "UseFIPS": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled", + "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.us-east-1.api.aws" + "url": "https://macie2.us-gov-east-1.amazonaws.com" } }, "params": { - "UseFIPS": false, - "Region": "us-east-1", - "UseDualStack": true + "Region": "us-gov-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled", + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.us-east-1.amazonaws.com" + "url": "https://macie2-fips.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseFIPS": false, - "Region": "us-east-1", - "UseDualStack": false + "Region": "us-iso-east-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack enabled", + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.us-east-2.api.aws" + "url": "https://macie2.us-iso-east-1.c2s.ic.gov" } }, "params": { - "UseFIPS": true, - "Region": "us-east-2", - "UseDualStack": true + "Region": "us-iso-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region us-east-2 with FIPS enabled and DualStack disabled", + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2-fips.us-east-2.amazonaws.com" + "url": "https://macie2-fips.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseFIPS": true, - "Region": "us-east-2", - "UseDualStack": false + "Region": "us-isob-east-1", + "UseDualStack": false, + "UseFIPS": true } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack enabled", + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { "endpoint": { - "url": "https://macie2.us-east-2.api.aws" + "url": "https://macie2.us-isob-east-1.sc2s.sgov.gov" } }, "params": { - "UseFIPS": false, - "Region": "us-east-2", - "UseDualStack": true + "Region": "us-isob-east-1", + "UseDualStack": false, + "UseFIPS": false } }, { - "documentation": "For region us-east-2 with FIPS disabled and DualStack disabled", + "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { "endpoint": { - "url": "https://macie2.us-east-2.amazonaws.com" + "url": "https://example.com" } }, "params": { + "Region": "us-east-1", + "UseDualStack": false, "UseFIPS": false, - "Region": "us-east-2", - "UseDualStack": false + "Endpoint": "https://example.com" } }, { - "documentation": "For custom endpoint with fips disabled and dualstack disabled", + "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled", "expect": { "endpoint": { "url": "https://example.com" } }, "params": { - "UseFIPS": false, - "Region": "us-east-1", "UseDualStack": false, + "UseFIPS": false, "Endpoint": "https://example.com" } }, @@ -1112,9 +540,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "UseFIPS": true, "Region": "us-east-1", "UseDualStack": false, + "UseFIPS": true, "Endpoint": "https://example.com" } }, @@ -1124,9 +552,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "UseFIPS": false, "Region": "us-east-1", "UseDualStack": true, + "UseFIPS": false, "Endpoint": "https://example.com" } } diff --git a/models/apis/wafv2/2019-07-29/api-2.json b/models/apis/wafv2/2019-07-29/api-2.json index d96f94c5234..d50e7906fcc 100755 --- a/models/apis/wafv2/2019-07-29/api-2.json +++ b/models/apis/wafv2/2019-07-29/api-2.json @@ -2997,7 +2997,8 @@ "APPLICATION_LOAD_BALANCER", "API_GATEWAY", "APPSYNC", - "COGNITO_USER_POOL" + "COGNITO_USER_POOL", + "APP_RUNNER_SERVICE" ] }, "ResponseCode":{"type":"integer"}, diff --git a/models/apis/wafv2/2019-07-29/docs-2.json b/models/apis/wafv2/2019-07-29/docs-2.json index 2ca39860d46..347f3064b13 100755 --- a/models/apis/wafv2/2019-07-29/docs-2.json +++ b/models/apis/wafv2/2019-07-29/docs-2.json @@ -1,13 +1,13 @@ { "version": "2.0", - "service": "This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like \"V2\" or \"v2\", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.
If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. You can access your old rules, web ACLs, and other WAF resources only through the WAF Classic APIs. The WAF Classic APIs have retained the prior names, endpoints, and namespaces.
For information, including how to migrate your WAF resources to this version, see the WAF Developer Guide.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.
This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.
You can make calls using the endpoints listed in WAF endpoints and quotas.
For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
We currently provide two versions of the WAF API: this API and the prior versions, the classic WAF APIs. This new API provides the same functionality as the older versions, with the following major improvements:
You use one API for both global and regional applications. Where you need to distinguish the scope, you specify a Scope parameter and set it to CLOUDFRONT or REGIONAL.
You can define a web ACL or rule group with a single call, and update it with a single call. You define all rule specifications in JSON format, and pass them to your rule group or web ACL calls.
The limits WAF places on the use of rules more closely reflects the cost of running each type of rule. Rule groups include capacity settings, so you know the maximum cost of a rule group when you use it.
This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like \"V2\" or \"v2\", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.
If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. You can access your old rules, web ACLs, and other WAF resources only through the WAF Classic APIs. The WAF Classic APIs have retained the prior names, endpoints, and namespaces.
For information, including how to migrate your WAF resources to this version, see the WAF Developer Guide.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, or App Runner service. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.
This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.
You can make calls using the endpoints listed in WAF endpoints and quotas.
For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
We currently provide two versions of the WAF API: this API and the prior versions, the classic WAF APIs. This new API provides the same functionality as the older versions, with the following major improvements:
You use one API for both global and regional applications. Where you need to distinguish the scope, you specify a Scope parameter and set it to CLOUDFRONT or REGIONAL.
You can define a web ACL or rule group with a single call, and update it with a single call. You define all rule specifications in JSON format, and pass them to your rule group or web ACL calls.
The limits WAF places on the use of rules more closely reflects the cost of running each type of rule. Rule groups include capacity settings, so you know the maximum cost of a rule group when you use it.
Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", + "AssociateWebACL": "Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", "CheckCapacity": "Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL.
WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
", "CreateIPSet": "Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure WAF to block them using an IPSet that lists those IP addresses.
", "CreateRegexPatternSet": "Creates a RegexPatternSet, which you reference in a RegexPatternSetReferenceStatement, to have WAF inspect a web request component for the specified patterns.
", "CreateRuleGroup": "Creates a RuleGroup per the specifications provided.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
", - "CreateWebACL": "Creates a WebACL per the specifications provided.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool.
", + "CreateWebACL": "Creates a WebACL per the specifications provided.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
", "DeleteFirewallManagerRuleGroups": "Deletes all rule groups that are managed by Firewall Manager for the specified web ACL.
You can only use this if ManagedByFirewallManager is false in the specified WebACL.
Deletes the specified IPSet.
", "DeleteLoggingConfiguration": "Deletes the LoggingConfiguration from the specified web ACL.
", @@ -16,7 +16,7 @@ "DeleteRuleGroup": "Deletes the specified RuleGroup.
", "DeleteWebACL": "Deletes the specified WebACL.
You can only use this if ManagedByFirewallManager is false in the specified WebACL.
Before deleting any web ACL, first disassociate it from all resources.
To retrieve a list of the resources that are associated with a web ACL, use the following calls:
For regional resources, call ListResourcesForWebACL.
For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId.
To disassociate a resource from a web ACL, use the following calls:
For regional resources, call DisassociateWebACL.
For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.
Provides high-level information for a managed rule group, including descriptions of the rules.
", - "DisassociateWebACL": "Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.
Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.
Generates a presigned download URL for the specified release of the mobile SDK.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "GetIPSet": "Retrieves the specified IPSet.
", "GetLoggingConfiguration": "Returns the LoggingConfiguration for the specified web ACL.
", @@ -49,13 +49,13 @@ "UpdateManagedRuleSetVersionExpiryDate": "Updates the expiration information for your managed rule set. Use this to initiate the expiration of a managed rule group version. After you initiate expiration for a version, WAF excludes it from the response to ListAvailableManagedRuleGroupVersions for the managed rule group.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
Updates the specified RegexPatternSet.
This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call.
To modify a regex pattern set, do the following:
Retrieve it by calling GetRegexPatternSet
Update its settings as needed
Provide the complete regex pattern set specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", "UpdateRuleGroup": "Updates the specified RuleGroup.
This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call.
To modify a rule group, do the following:
Retrieve it by calling GetRuleGroup
Update its settings as needed
Provide the complete rule group specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
", - "UpdateWebACL": "Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool.
" + "UpdateWebACL": "Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
" }, "shapes": { "AWSManagedRulesATPRuleSet": { "base": "Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.
Additional configuration for using the account takeover prevention (ATP) managed rule group, AWSManagedRulesATPRuleSet. Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
This configuration replaces the individual configuration fields in ManagedRuleGroupConfig and provides additional feature configuration.
For information about using the ATP managed rule group, see WAF Fraud Control account takeover prevention (ATP) rule group and WAF Fraud Control account takeover prevention (ATP) in the WAF Developer Guide.
" + "ManagedRuleGroupConfig$AWSManagedRulesATPRuleSet": "Additional configuration for using the account takeover prevention (ATP) managed rule group, AWSManagedRulesATPRuleSet. Use this to provide login request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to login requests.
This configuration replaces the individual configuration fields in ManagedRuleGroupConfig and provides additional feature configuration.
For information about using the ATP managed rule group, see WAF Fraud Control account takeover prevention (ATP) rule group and WAF Fraud Control account takeover prevention (ATP) in the WAF Developer Guide.
" } }, "AWSManagedRulesBotControlRuleSet": { @@ -1586,7 +1586,7 @@ "RedactedFields": { "base": null, "refs": { - "LoggingConfiguration$RedactedFields": "The parts of the request that you want to keep out of the logs. For example, if you redact the SingleHeader field, the HEADER field in the logs will be xxx.
You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, Method, and JsonBody.
The parts of the request that you want to keep out of the logs. For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED.
You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, Method, and JsonBody.
The Amazon Resource Name (ARN) of the web ACL that you want to associate with the resource.
", - "AssociateWebACLRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource to associate with the web ACL.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
The Amazon Resource Name (ARN) of the resource to associate with the web ACL.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
The Amazon Resource Name (ARN) of the web ACL.
", "DeleteLoggingConfigurationRequest$ResourceArn": "The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.
", "DeletePermissionPolicyRequest$ResourceArn": "The Amazon Resource Name (ARN) of the rule group from which you want to delete the policy.
You must be the owner of the rule group to perform this operation.
", "DescribeManagedRuleGroupResponse$SnsTopicArn": "The Amazon resource name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide.
", - "DisassociateWebACLRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
The Amazon Resource Name (ARN) of the web ACL for which you want to get the LoggingConfiguration.
", "GetPermissionPolicyRequest$ResourceArn": "The Amazon Resource Name (ARN) of the rule group for which you want to get the policy.
", "GetRuleGroupRequest$ARN": "The Amazon Resource Name (ARN) of the entity.
", "GetSampledRequestsRequest$WebAclArn": "The Amazon resource name (ARN) of the WebACL for which you want a sample of requests.
The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve.
The ARN must be in one of the following formats:
For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
The Amazon Resource Name (ARN) of the entity.
", "IPSetReferenceStatement$ARN": "The Amazon Resource Name (ARN) of the IPSet that this statement references.
", "IPSetSummary$ARN": "The Amazon Resource Name (ARN) of the entity.
", @@ -1715,7 +1715,7 @@ "ResourceType": { "base": null, "refs": { - "ListResourcesForWebACLRequest$ResourceType": "Used for web ACLs that are scoped for regional applications. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER.
Default: APPLICATION_LOAD_BALANCER
Used for web ACLs that are scoped for regional applications. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER.
Default: APPLICATION_LOAD_BALANCER
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that submit too many failed login attempts in a short amount of time.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
Enable login response inspection by configuring exactly one component of the response to inspect. You can't configure more than one. If you don't configure any of the response inspection options, response inspection is disabled.
", + "base": "The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that submit too many failed login attempts in a short amount of time.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
Enable login response inspection by configuring exactly one component of the response to inspect. You can't configure more than one. If you don't configure any of the response inspection options, response inspection is disabled.
", "refs": { - "AWSManagedRulesATPRuleSet$ResponseInspection": "The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that submit too many failed login attempts in a short amount of time.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that submit too many failed login attempts in a short amount of time.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
Configures inspection of the response body. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
Configures inspection of the response body. WAF can inspect the first 65,536 bytes (64 KB) of the response body. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
Configures inspection of the response body.
" + "ResponseInspection$BodyContains": "Configures inspection of the response body. WAF can inspect the first 65,536 bytes (64 KB) of the response body.
" } }, "ResponseInspectionBodyContainsFailureStrings": { @@ -1762,7 +1762,7 @@ } }, "ResponseInspectionHeader": { - "base": "Configures inspection of the response header. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
Configures inspection of the response header. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
Configures inspection of the response header.
" } @@ -1786,9 +1786,9 @@ } }, "ResponseInspectionJson": { - "base": "Configures inspection of the response JSON. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
Configures inspection of the response JSON. WAF can inspect the first 65,536 bytes (64 KB) of the response JSON. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
Configures inspection of the response JSON.
" + "ResponseInspection$Json": "Configures inspection of the response JSON. WAF can inspect the first 65,536 bytes (64 KB) of the response JSON.
" } }, "ResponseInspectionJsonFailureValues": { @@ -1804,7 +1804,7 @@ } }, "ResponseInspectionStatusCode": { - "base": "Configures inspection of the response status code. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible to configure response inspection through the APIs, but ATP response inspection will not be enabled. You can only use the response inspection capabilities of the ATP managed rule group in web ACLs that protect CloudFront distributions.
Configures inspection of the response status code. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
Configures inspection of the response status code.
" } @@ -1933,37 +1933,37 @@ "Scope": { "base": null, "refs": { - "CheckCapacityRequest$Scope": "Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.
API and SDKs - For all calls, use the Region endpoint us-east-1.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool.
", + "base": "A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
", "refs": { "GetWebACLForResourceResponse$WebACL": "The web ACL that is associated with the resource. If there is no associated resource, WAF returns a null web ACL.
", "GetWebACLResponse$WebACL": "The web ACL specification. You can modify the settings in this web ACL and use it to update this web ACL or create a new one.
" diff --git a/models/apis/wafv2/2019-07-29/endpoint-tests-1.json b/models/apis/wafv2/2019-07-29/endpoint-tests-1.json index 5023fce35c1..e4b72ecc828 100644 --- a/models/apis/wafv2/2019-07-29/endpoint-tests-1.json +++ b/models/apis/wafv2/2019-07-29/endpoint-tests-1.json @@ -8,9 +8,9 @@ } }, "params": { - "Region": "af-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "af-south-1" } }, { @@ -21,9 +21,9 @@ } }, "params": { - "Region": "af-south-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "af-south-1" } }, { @@ -34,9 +34,9 @@ } }, "params": { - "Region": "ap-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-east-1" } }, { @@ -47,9 +47,9 @@ } }, "params": { - "Region": "ap-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-east-1" } }, { @@ -60,9 +60,9 @@ } }, "params": { - "Region": "ap-northeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-1" } }, { @@ -73,9 +73,9 @@ } }, "params": { - "Region": "ap-northeast-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-northeast-1" } }, { @@ -86,9 +86,9 @@ } }, "params": { - "Region": "ap-northeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-2" } }, { @@ -99,9 +99,9 @@ } }, "params": { - "Region": "ap-northeast-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-northeast-2" } }, { @@ -112,9 +112,9 @@ } }, "params": { - "Region": "ap-northeast-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-northeast-3" } }, { @@ -125,9 +125,9 @@ } }, "params": { - "Region": "ap-northeast-3", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-northeast-3" } }, { @@ -138,9 +138,9 @@ } }, "params": { - "Region": "ap-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-south-1" } }, { @@ -151,9 +151,9 @@ } }, "params": { - "Region": "ap-south-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-south-1" } }, { @@ -164,9 +164,9 @@ } }, "params": { - "Region": "ap-southeast-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-1" } }, { @@ -177,9 +177,9 @@ } }, "params": { - "Region": "ap-southeast-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-southeast-1" } }, { @@ -190,9 +190,9 @@ } }, "params": { - "Region": "ap-southeast-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-2" } }, { @@ -203,9 +203,9 @@ } }, "params": { - "Region": "ap-southeast-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-southeast-2" } }, { @@ -216,9 +216,9 @@ } }, "params": { - "Region": "ap-southeast-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ap-southeast-3" } }, { @@ -229,9 +229,9 @@ } }, "params": { - "Region": "ap-southeast-3", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ap-southeast-3" } }, { @@ -242,9 +242,9 @@ } }, "params": { - "Region": "ca-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "ca-central-1" } }, { @@ -255,9 +255,9 @@ } }, "params": { - "Region": "ca-central-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "ca-central-1" } }, { @@ -268,9 +268,9 @@ } }, "params": { - "Region": "eu-central-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-central-1" } }, { @@ -281,9 +281,9 @@ } }, "params": { - "Region": "eu-central-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "eu-central-1" } }, { @@ -294,9 +294,9 @@ } }, "params": { - "Region": "eu-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-north-1" } }, { @@ -307,9 +307,9 @@ } }, "params": { - "Region": "eu-north-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "eu-north-1" } }, { @@ -320,9 +320,9 @@ } }, "params": { - "Region": "eu-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-south-1" } }, { @@ -333,9 +333,9 @@ } }, "params": { - "Region": "eu-south-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "eu-south-1" } }, { @@ -346,9 +346,9 @@ } }, "params": { - "Region": "eu-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-1" } }, { @@ -359,9 +359,9 @@ } }, "params": { - "Region": "eu-west-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "eu-west-1" } }, { @@ -372,9 +372,9 @@ } }, "params": { - "Region": "eu-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-2" } }, { @@ -385,9 +385,9 @@ } }, "params": { - "Region": "eu-west-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "eu-west-2" } }, { @@ -398,9 +398,9 @@ } }, "params": { - "Region": "eu-west-3", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "eu-west-3" } }, { @@ -411,9 +411,9 @@ } }, "params": { - "Region": "eu-west-3", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "eu-west-3" } }, { @@ -424,9 +424,9 @@ } }, "params": { - "Region": "me-south-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "me-south-1" } }, { @@ -437,9 +437,9 @@ } }, "params": { - "Region": "me-south-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "me-south-1" } }, { @@ -450,9 +450,9 @@ } }, "params": { - "Region": "sa-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "sa-east-1" } }, { @@ -463,9 +463,9 @@ } }, "params": { - "Region": "sa-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "sa-east-1" } }, { @@ -476,9 +476,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -489,9 +489,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -502,9 +502,9 @@ } }, "params": { - "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-2" } }, { @@ -515,9 +515,9 @@ } }, "params": { - "Region": "us-east-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-2" } }, { @@ -528,9 +528,9 @@ } }, "params": { - "Region": "us-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-1" } }, { @@ -541,9 +541,9 @@ } }, "params": { - "Region": "us-west-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-west-1" } }, { @@ -554,9 +554,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-west-2" } }, { @@ -567,9 +567,9 @@ } }, "params": { - "Region": "us-west-2", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-west-2" } }, { @@ -580,9 +580,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-east-1" } }, { @@ -593,9 +593,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-east-1" } }, { @@ -606,9 +606,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -619,9 +619,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -632,9 +632,9 @@ } }, "params": { - "Region": "cn-northwest-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-northwest-1" } }, { @@ -645,9 +645,9 @@ } }, "params": { - "Region": "cn-northwest-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-northwest-1" } }, { @@ -658,9 +658,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "cn-north-1" } }, { @@ -671,9 +671,9 @@ } }, "params": { - "Region": "cn-north-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "cn-north-1" } }, { @@ -684,9 +684,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -697,9 +697,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -710,9 +710,9 @@ } }, "params": { - "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-west-1" } }, { @@ -723,9 +723,9 @@ } }, "params": { - "Region": "us-gov-west-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-west-1" } }, { @@ -736,9 +736,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-gov-east-1" } }, { @@ -749,9 +749,9 @@ } }, "params": { - "Region": "us-gov-east-1", "UseDualStack": true, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-gov-east-1" } }, { @@ -762,9 +762,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-iso-east-1" } }, { @@ -775,9 +775,9 @@ } }, "params": { - "Region": "us-iso-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-iso-east-1" } }, { @@ -788,9 +788,9 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": true + "UseFIPS": true, + "Region": "us-isob-east-1" } }, { @@ -801,9 +801,9 @@ } }, "params": { - "Region": "us-isob-east-1", "UseDualStack": false, - "UseFIPS": false + "UseFIPS": false, + "Region": "us-isob-east-1" } }, { @@ -814,9 +814,9 @@ } }, "params": { - "Region": "us-east-1", "UseDualStack": false, "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -839,9 +839,9 @@ "error": "Invalid Configuration: FIPS and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": false, "UseFIPS": true, + "Region": "us-east-1", "Endpoint": "https://example.com" } }, @@ -851,9 +851,9 @@ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported" }, "params": { - "Region": "us-east-1", "UseDualStack": true, "UseFIPS": false, + "Region": "us-east-1", "Endpoint": "https://example.com" } } diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index c558f717030..96b80bd30ce 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -4398,8 +4398,10 @@ "ap-southeast-4" : { }, "ca-central-1" : { }, "eu-central-1" : { }, + "eu-central-2" : { }, "eu-north-1" : { }, "eu-south-1" : { }, + "eu-south-2" : { }, "eu-west-1" : { }, "eu-west-2" : { }, "eu-west-3" : { }, @@ -8871,6 +8873,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, @@ -18516,7 +18519,19 @@ }, "clouddirectory" : { "endpoints" : { - "us-gov-west-1" : { } + "us-gov-west-1" : { + "variants" : [ { + "hostname" : "clouddirectory.us-gov-west-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "us-gov-west-1-fips" : { + "credentialScope" : { + "region" : "us-gov-west-1" + }, + "deprecated" : true, + "hostname" : "clouddirectory.us-gov-west-1.amazonaws.com" + } } }, "cloudformation" : { @@ -19450,6 +19465,12 @@ } } }, + "emr-containers" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "es" : { "endpoints" : { "fips" : { diff --git a/service/appflow/api.go b/service/appflow/api.go index 7d5847f7d84..f158c24624d 100644 --- a/service/appflow/api.go +++ b/service/appflow/api.go @@ -12033,6 +12033,44 @@ type SalesforceConnectorProfileProperties struct { // Indicates whether the connector profile applies to a sandbox or production // environment. IsSandboxEnvironment *bool `locationName:"isSandboxEnvironment" type:"boolean"` + + // If the connection mode for the connector profile is private, this parameter + // sets whether Amazon AppFlow uses the private network to send metadata and + // authorization calls to Salesforce. Amazon AppFlow sends private calls through + // Amazon Web Services PrivateLink. These calls travel through Amazon Web Services + // infrastructure without being exposed to the public internet. + // + // Set either of the following values: + // + // true + // + // Amazon AppFlow sends all calls to Salesforce over the private network. + // + // These private calls are: + // + // * Calls to get metadata about your Salesforce records. This metadata describes + // your Salesforce objects and their fields. + // + // * Calls to get or refresh access tokens that allow Amazon AppFlow to access + // your Salesforce records. + // + // * Calls to transfer your Salesforce records as part of a flow run. + // + // false + // + // The default value. Amazon AppFlow sends some calls to Salesforce privately + // and other calls over the public internet. + // + // The public calls are: + // + // * Calls to get metadata about your Salesforce records. + // + // * Calls to get or refresh access tokens. + // + // The private calls are: + // + // * Calls to transfer your Salesforce records as part of a flow run. + UsePrivateLinkForMetadataAndAuthorization *bool `locationName:"usePrivateLinkForMetadataAndAuthorization" type:"boolean"` } // String returns the string representation. @@ -12065,6 +12103,12 @@ func (s *SalesforceConnectorProfileProperties) SetIsSandboxEnvironment(v bool) * return s } +// SetUsePrivateLinkForMetadataAndAuthorization sets the UsePrivateLinkForMetadataAndAuthorization field's value. +func (s *SalesforceConnectorProfileProperties) SetUsePrivateLinkForMetadataAndAuthorization(v bool) *SalesforceConnectorProfileProperties { + s.UsePrivateLinkForMetadataAndAuthorization = &v + return s +} + // The properties that are applied when Salesforce is being used as a destination. type SalesforceDestinationProperties struct { _ struct{} `type:"structure"` diff --git a/service/ecs/api.go b/service/ecs/api.go index 7dd17a77464..b52c92aa9b5 100644 --- a/service/ecs/api.go +++ b/service/ecs/api.go @@ -169,9 +169,9 @@ func (c *ECS) CreateClusterRequest(input *CreateClusterInput) (req *request.Requ // When you call the CreateCluster API operation, Amazon ECS attempts to create // the Amazon ECS service-linked role for your account. This is so that it can // manage required resources in other Amazon Web Services services on your behalf. -// However, if the IAM user that makes the call doesn't have permissions to -// create the service-linked role, it isn't created. For more information, see -// Using service-linked roles for Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) +// However, if the user that makes the call doesn't have permissions to create +// the service-linked role, it isn't created. For more information, see Using +// service-linked roles for Amazon ECS (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) // in the Amazon Elastic Container Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -578,8 +578,8 @@ func (c *ECS) DeleteAccountSettingRequest(input *DeleteAccountSettingInput) (req // DeleteAccountSetting API operation for Amazon EC2 Container Service. // -// Disables an account setting for a specified IAM user, IAM role, or the root -// user for an account. +// Disables an account setting for a specified user, role, or the root user +// for an account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1051,6 +1051,114 @@ func (c *ECS) DeleteServiceWithContext(ctx aws.Context, input *DeleteServiceInpu return out, req.Send() } +const opDeleteTaskDefinitions = "DeleteTaskDefinitions" + +// DeleteTaskDefinitionsRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTaskDefinitions operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTaskDefinitions for more information on using the DeleteTaskDefinitions +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteTaskDefinitionsRequest method. +// req, resp := client.DeleteTaskDefinitionsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/DeleteTaskDefinitions +func (c *ECS) DeleteTaskDefinitionsRequest(input *DeleteTaskDefinitionsInput) (req *request.Request, output *DeleteTaskDefinitionsOutput) { + op := &request.Operation{ + Name: opDeleteTaskDefinitions, + HTTPMethod: "POST", + HTTPPath: "/", + } + + if input == nil { + input = &DeleteTaskDefinitionsInput{} + } + + output = &DeleteTaskDefinitionsOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTaskDefinitions API operation for Amazon EC2 Container Service. +// +// Deletes one or more task definitions. +// +// You must deregister a task definition revision before you delete it. For +// more information, see DeregisterTaskDefinition (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeregisterTaskDefinition.html). +// +// When you delete a task definition revision, it is immediately transitions +// from the INACTIVE to DELETE_IN_PROGRESS. Existing tasks and services that +// reference a DELETE_IN_PROGRESS task definition revision continue to run without +// disruption. Existing services that reference a DELETE_IN_PROGRESS task definition +// revision can still scale up or down by modifying the service's desired count. +// +// You can't use a DELETE_IN_PROGRESS task definition revision to run new tasks +// or create new services. You also can't update an existing service to reference +// a DELETE_IN_PROGRESS task definition revision. +// +// A task definition revision will stay in DELETE_IN_PROGRESS status until all +// the associated tasks and services have been terminated. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon EC2 Container Service's +// API operation DeleteTaskDefinitions for usage and error information. +// +// Returned Error Types: +// +// - AccessDeniedException +// You don't have authorization to perform the requested action. +// +// - ClientException +// These errors are usually caused by a client action. This client action might +// be using an action or resource on behalf of a user that doesn't have permissions +// to use the action or resource,. Or, it might be specifying an identifier +// that isn't valid. +// +// - InvalidParameterException +// The specified parameter isn't valid. Review the available parameters for +// the API request. +// +// - ServerException +// These errors are usually caused by a server issue. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/ecs-2014-11-13/DeleteTaskDefinitions +func (c *ECS) DeleteTaskDefinitions(input *DeleteTaskDefinitionsInput) (*DeleteTaskDefinitionsOutput, error) { + req, out := c.DeleteTaskDefinitionsRequest(input) + return out, req.Send() +} + +// DeleteTaskDefinitionsWithContext is the same as DeleteTaskDefinitions with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTaskDefinitions for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *ECS) DeleteTaskDefinitionsWithContext(ctx aws.Context, input *DeleteTaskDefinitionsInput, opts ...request.Option) (*DeleteTaskDefinitionsOutput, error) { + req, out := c.DeleteTaskDefinitionsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteTaskSet = "DeleteTaskSet" // DeleteTaskSetRequest generates a "aws/request.Request" representing the @@ -1320,7 +1428,9 @@ func (c *ECS) DeregisterTaskDefinitionRequest(input *DeregisterTaskDefinitionInp // the task definition is marked as INACTIVE. Existing tasks and services that // reference an INACTIVE task definition continue to run without disruption. // Existing services that reference an INACTIVE task definition can still scale -// up or down by modifying the service's desired count. +// up or down by modifying the service's desired count. If you want to delete +// a task definition revision, you must first deregister the task definition +// revision. // // You can't use an INACTIVE task definition to run new tasks or create new // services, and you can't update an existing service to reference an INACTIVE @@ -1332,6 +1442,9 @@ func (c *ECS) DeregisterTaskDefinitionRequest(input *DeregisterTaskDefinitionInp // We don't recommend that you rely on INACTIVE task definitions persisting // beyond the lifecycle of any associated tasks and services. // +// You must deregister a task definition revision before you delete it. For +// more information, see DeleteTaskDefinitions (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeleteTaskDefinitions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3847,18 +3960,18 @@ func (c *ECS) PutAccountSettingRequest(input *PutAccountSettingInput) (req *requ // Modifies an account setting. Account settings are set on a per-Region basis. // // If you change the account setting for the root user, the default settings -// for all of the IAM users and roles that no individual account setting was -// specified are reset for. For more information, see Account Settings (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html) +// for all of the users and roles that no individual account setting was specified +// are reset for. For more information, see Account Settings (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-account-settings.html) // in the Amazon Elastic Container Service Developer Guide. // // When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat // are specified, the Amazon Resource Name (ARN) and resource ID format of the -// resource type for a specified IAM user, IAM role, or the root user for an -// account is affected. The opt-in and opt-out account setting must be set for -// each Amazon ECS resource separately. The ARN and resource ID format of a -// resource is defined by the opt-in status of the IAM user or role that created -// the resource. You must turn on this setting to use Amazon ECS features such -// as resource tagging. +// resource type for a specified user, role, or the root user for an account +// is affected. The opt-in and opt-out account setting must be set for each +// Amazon ECS resource separately. The ARN and resource ID format of a resource +// is defined by the opt-in status of the user or role that created the resource. +// You must turn on this setting to use Amazon ECS features such as resource +// tagging. // // When awsvpcTrunking is specified, the elastic network interface (ENI) limit // for any new container instances that support the feature is changed. If awsvpcTrunking @@ -3961,7 +4074,7 @@ func (c *ECS) PutAccountSettingDefaultRequest(input *PutAccountSettingDefaultInp // PutAccountSettingDefault API operation for Amazon EC2 Container Service. // -// Modifies an account setting for all IAM users on an account for whom no individual +// Modifies an account setting for all users on an account for whom no individual // account setting has been specified. Account settings are set on a per-Region // basis. // @@ -4368,11 +4481,11 @@ func (c *ECS) RegisterTaskDefinitionRequest(input *RegisterTaskDefinitionInput) // see Amazon ECS Task Definitions (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_defintions.html) // in the Amazon Elastic Container Service Developer Guide. // -// You can specify an IAM role for your task with the taskRoleArn parameter. -// When you specify an IAM role for a task, its containers can then use the -// latest versions of the CLI or SDKs to make API requests to the Amazon Web -// Services services that are specified in the IAM policy that's associated -// with the role. For more information, see IAM Roles for Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) +// You can specify a role for your task with the taskRoleArn parameter. When +// you specify a role for a task, its containers can then use the latest versions +// of the CLI or SDKs to make API requests to the Amazon Web Services services +// that are specified in the policy that's associated with the role. For more +// information, see IAM Roles for Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) // in the Amazon Elastic Container Service Developer Guide. // // You can specify a Docker networking mode for the containers in your task @@ -5932,8 +6045,8 @@ func (c *ECS) UpdateServiceRequest(input *UpdateServiceInput) (req *request.Requ // number of running tasks for this service. // // You must have a service-linked role when you update any of the following -// service properties. If you specified a custom IAM role when you created the -// service, Amazon ECS automatically replaces the roleARN (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Service.html#ECS-Type-Service-roleArn) +// service properties. If you specified a custom role when you created the service, +// Amazon ECS automatically replaces the roleARN (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_Service.html#ECS-Type-Service-roleArn) // associated with the service with the ARN of your service-linked role. For // more information, see Service-linked roles (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using-service-linked-roles.html) // in the Amazon Elastic Container Service Developer Guide. @@ -6719,20 +6832,20 @@ type AutoScalingGroupProvider struct { // The managed termination protection setting to use for the Auto Scaling group // capacity provider. This determines whether the Auto Scaling group has managed - // termination protection. The default is disabled. + // termination protection. The default is off. // // When using managed termination protection, managed scaling must also be used // otherwise managed termination protection doesn't work. // - // When managed termination protection is enabled, Amazon ECS prevents the Amazon + // When managed termination protection is on, Amazon ECS prevents the Amazon // EC2 instances in an Auto Scaling group that contain tasks from being terminated // during a scale-in action. The Auto Scaling group and each instance in the // Auto Scaling group must have instance protection from scale-in actions enabled // as well. For more information, see Instance Protection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) // in the Auto Scaling User Guide. // - // When managed termination protection is disabled, your Amazon EC2 instances - // aren't protected from termination when the Auto Scaling group scales in. + // When managed termination protection is off, your Amazon EC2 instances aren't + // protected from termination when the Auto Scaling group scales in. ManagedTerminationProtection *string `locationName:"managedTerminationProtection" type:"string" enum:"ManagedTerminationProtection"` } @@ -6804,15 +6917,15 @@ type AutoScalingGroupProviderUpdate struct { // When using managed termination protection, managed scaling must also be used // otherwise managed termination protection doesn't work. // - // When managed termination protection is enabled, Amazon ECS prevents the Amazon + // When managed termination protection is on, Amazon ECS prevents the Amazon // EC2 instances in an Auto Scaling group that contain tasks from being terminated // during a scale-in action. The Auto Scaling group and each instance in the - // Auto Scaling group must have instance protection from scale-in actions enabled. + // Auto Scaling group must have instance protection from scale-in actions on. // For more information, see Instance Protection (https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) // in the Auto Scaling User Guide. // - // When managed termination protection is disabled, your Amazon EC2 instances - // aren't protected from termination when the Auto Scaling group scales in. + // When managed termination protection is off, your Amazon EC2 instances aren't + // protected from termination when the Auto Scaling group scales in. ManagedTerminationProtection *string `locationName:"managedTerminationProtection" type:"string" enum:"ManagedTerminationProtection"` } @@ -7376,7 +7489,7 @@ type Cluster struct { ServiceConnectDefaults *ClusterServiceConnectDefaults `locationName:"serviceConnectDefaults" type:"structure"` // The settings for the cluster. This parameter indicates whether CloudWatch - // Container Insights is enabled or disabled for a cluster. + // Container Insights is on or off for a cluster. Settings []*ClusterSetting `locationName:"settings" type:"list"` // Additional information about your clusters that are separated by launch type. @@ -8005,9 +8118,10 @@ type ClusterSetting struct { // The value to set for the cluster setting. The supported values are enabled // and disabled. If enabled is specified, CloudWatch Container Insights will - // be enabled for the cluster, otherwise it will be disabled unless the containerInsights - // account setting is enabled. If a cluster value is specified, it will override - // the containerInsights value set with PutAccountSetting or PutAccountSettingDefault. + // be enabled for the cluster, otherwise it will be off unless the containerInsights + // account setting is turned on. If a cluster value is specified, it will override + // the containerInsights value set with PutAccountSetting (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSetting.html) + // or PutAccountSettingDefault (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutAccountSettingDefault.html). Value *string `locationName:"value" type:"string"` } @@ -8312,8 +8426,8 @@ type ContainerDefinition struct { // * Windows platform version 1.0.0 or later. DependsOn []*ContainerDependency `locationName:"dependsOn" type:"list"` - // When this parameter is true, networking is disabled within the container. - // This parameter maps to NetworkDisabled in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) + // When this parameter is true, networking is off within the container. This + // parameter maps to NetworkDisabled in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) // section of the Docker Remote API (https://docs.docker.com/engine/api/v1.35/). // // This parameter is not supported for Windows containers. @@ -8773,7 +8887,7 @@ type ContainerDefinition struct { // set by the operating system with the exception of the nofile resource limit // parameter which Fargate overrides. The nofile resource limit sets a restriction // on the number of open files that a container can use. The default nofile - // soft limit is 1024 and hard limit is 4096. + // soft limit is 1024 and the default hard limit is 4096. // // This parameter requires version 1.18 of the Docker Remote API or greater // on your container instance. To check the Docker Remote API version on your @@ -9948,20 +10062,23 @@ type CreateClusterInput struct { // The short name of one or more capacity providers to associate with the cluster. // A capacity provider must be associated with a cluster before it can be included // as part of the default capacity provider strategy of the cluster or used - // in a capacity provider strategy when calling the CreateService or RunTask + // in a capacity provider strategy when calling the CreateService (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) + // or RunTask (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) // actions. // // If specifying a capacity provider that uses an Auto Scaling group, the capacity // provider must be created but not associated with another cluster. New Auto // Scaling group capacity providers can be created with the CreateCapacityProvider + // (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html) // API operation. // // To use a Fargate capacity provider, specify either the FARGATE or FARGATE_SPOT // capacity providers. The Fargate capacity providers are available to all accounts // and only need to be associated with a cluster to be used. // - // The PutClusterCapacityProviders API operation is used to update the list - // of available capacity providers for a cluster after the cluster is created. + // The PutCapacityProvider (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) + // API operation is used to update the list of available capacity providers + // for a cluster after the cluster is created. CapacityProviders []*string `locationName:"capacityProviders" type:"list"` // The name of your cluster. If you don't specify a name for your cluster, you @@ -9974,9 +10091,10 @@ type CreateClusterInput struct { // The capacity provider strategy to set as the default for the cluster. After // a default capacity provider strategy is set for a cluster, when you call - // the RunTask or CreateService APIs with no capacity provider strategy or launch - // type specified, the default capacity provider strategy for the cluster is - // used. + // the CreateService (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) + // or RunTask (https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) + // APIs with no capacity provider strategy or launch type specified, the default + // capacity provider strategy for the cluster is used. // // If a default capacity provider strategy isn't defined for a cluster when // it was created, it can be defined later with the PutClusterCapacityProviders @@ -10985,11 +11103,11 @@ type DeleteAccountSettingInput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` - // The Amazon Resource Name (ARN) of the principal. It can be an IAM user, IAM - // role, or the root user. If you specify the root user, it disables the account - // setting for all IAM users, IAM roles, and the root user of the account unless - // an IAM user or role explicitly overrides these settings. If this field is - // omitted, the setting is changed only for the authenticated user. + // The Amazon Resource Name (ARN) of the principal. It can be an user, role, + // or the root user. If you specify the root user, it disables the account setting + // for all users, roles, and the root user of the account unless a user or role + // explicitly overrides these settings. If this field is omitted, the setting + // is changed only for the authenticated user. PrincipalArn *string `locationName:"principalArn" type:"string"` } @@ -11422,6 +11540,95 @@ func (s *DeleteServiceOutput) SetService(v *Service) *DeleteServiceOutput { return s } +type DeleteTaskDefinitionsInput struct { + _ struct{} `type:"structure"` + + // The family and revision (family:revision) or full Amazon Resource Name (ARN) + // of the task definition to delete. You must specify a revision. + // + // You can specify up to 10 task definitions as a comma separated list. + // + // TaskDefinitions is a required field + TaskDefinitions []*string `locationName:"taskDefinitions" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTaskDefinitionsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTaskDefinitionsInput"} + if s.TaskDefinitions == nil { + invalidParams.Add(request.NewErrParamRequired("TaskDefinitions")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTaskDefinitions sets the TaskDefinitions field's value. +func (s *DeleteTaskDefinitionsInput) SetTaskDefinitions(v []*string) *DeleteTaskDefinitionsInput { + s.TaskDefinitions = v + return s +} + +type DeleteTaskDefinitionsOutput struct { + _ struct{} `type:"structure"` + + // Any failures associated with the call. + Failures []*Failure `locationName:"failures" type:"list"` + + // The list of deleted task definitions. + TaskDefinitions []*TaskDefinition `locationName:"taskDefinitions" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTaskDefinitionsOutput) GoString() string { + return s.String() +} + +// SetFailures sets the Failures field's value. +func (s *DeleteTaskDefinitionsOutput) SetFailures(v []*Failure) *DeleteTaskDefinitionsOutput { + s.Failures = v + return s +} + +// SetTaskDefinitions sets the TaskDefinitions field's value. +func (s *DeleteTaskDefinitionsOutput) SetTaskDefinitions(v []*TaskDefinition) *DeleteTaskDefinitionsOutput { + s.TaskDefinitions = v + return s +} + type DeleteTaskSetInput struct { _ struct{} `type:"structure"` @@ -11872,7 +12079,7 @@ func (s *DeploymentAlarms) SetRollback(v bool) *DeploymentAlarms { } // The deployment circuit breaker can only be used for services using the rolling -// update (ECS) deployment type that aren't behind a Classic Load Balancer. +// update (ECS) deployment type. // // The deployment circuit breaker determines whether a service deployment will // fail if the service can't reach a steady state. If enabled, a service deployment @@ -11955,10 +12162,12 @@ type DeploymentConfiguration struct { // update (ECS) deployment type. // // The deployment circuit breaker determines whether a service deployment will - // fail if the service can't reach a steady state. If deployment circuit breaker - // is enabled, a service deployment will transition to a failed state and stop - // launching new tasks. If rollback is enabled, when a service deployment fails, - // the service is rolled back to the last deployment that completed successfully. + // fail if the service can't reach a steady state. If you use the deployment + // circuit breaker, a service deployment will transition to a failed state and + // stop launching new tasks. If you use the rollback option, when a service + // deployment fails, the service is rolled back to the last deployment that + // completed successfully. For more information, see Rolling update (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) + // in the Amazon Elastic Container Service Developer Guide DeploymentCircuitBreaker *DeploymentCircuitBreaker `locationName:"deploymentCircuitBreaker" type:"structure"` // If a service is using the rolling update (ECS) deployment type, the maximumPercent @@ -13412,11 +13621,11 @@ type EFSAuthorizationConfig struct { // in the Amazon Elastic File System User Guide. AccessPointId *string `locationName:"accessPointId" type:"string"` - // Determines whether to use the Amazon ECS task IAM role defined in a task - // definition when mounting the Amazon EFS file system. If enabled, transit - // encryption must be enabled in the EFSVolumeConfiguration. If this parameter - // is omitted, the default value of DISABLED is used. For more information, - // see Using Amazon EFS access points (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) + // Determines whether to use the Amazon ECS task role defined in a task definition + // when mounting the Amazon EFS file system. If enabled, transit encryption + // must be enabled in the EFSVolumeConfiguration. If this parameter is omitted, + // the default value of DISABLED is used. For more information, see Using Amazon + // EFS access points (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/efs-volumes.html#efs-volume-accesspoints) // in the Amazon Elastic Container Service Developer Guide. Iam *string `locationName:"iam" type:"string" enum:"EFSAuthorizationConfigIAM"` } @@ -13854,7 +14063,7 @@ type ExecuteCommandLogConfiguration struct { _ struct{} `type:"structure"` // Determines whether to use encryption on the CloudWatch logs. If not specified, - // encryption will be disabled. + // encryption will be off. CloudWatchEncryptionEnabled *bool `locationName:"cloudWatchEncryptionEnabled" type:"boolean"` // The name of the CloudWatch log group to send logs to. @@ -14451,14 +14660,15 @@ type HealthCheck struct { // default shell. // // When you use the Amazon Web Services Management Console JSON panel, the Command - // Line Interface, or the APIs, enclose the list of commands in brackets. + // Line Interface, or the APIs, enclose the list of commands in double quotes + // and brackets. // // [ "CMD-SHELL", "curl -f http://localhost/ || exit 1" ] // - // You don't need to include the brackets when you use the Amazon Web Services - // Management Console. + // You don't include the double quotes and brackets when you use the Amazon + // Web Services Management Console. // - // "CMD-SHELL", "curl -f http://localhost/ || exit 1" + // CMD-SHELL, curl -f http://localhost/ || exit 1 // // An exit code of 0 indicates success, and non-zero exit code indicates failure. // For more information, see HealthCheck in the Create a container (https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) @@ -14478,7 +14688,7 @@ type HealthCheck struct { // The optional grace period to provide containers time to bootstrap before // failed health checks count towards the maximum number of retries. You can - // specify between 0 and 300 seconds. By default, the startPeriod is disabled. + // specify between 0 and 300 seconds. By default, the startPeriod is off. // // If a health check succeeds within the startPeriod, then the container is // considered healthy and any subsequent failures count toward the maximum number @@ -15264,9 +15474,9 @@ type ListAccountSettingsInput struct { // retrieve the next items in a list and not for other programmatic purposes. NextToken *string `locationName:"nextToken" type:"string"` - // The ARN of the principal, which can be an IAM user, IAM role, or the root - // user. If this field is omitted, the account settings are listed only for - // the authenticated user. + // The ARN of the principal, which can be a user, role, or the root user. If + // this field is omitted, the account settings are listed only for the authenticated + // user. // // Federated users assume the account setting of the root user and can't have // explicit account settings set for them. @@ -16905,8 +17115,8 @@ func (s *ManagedAgentStateChange) SetStatus(v string) *ManagedAgentStateChange { // managed scaling (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/asg-capacity-providers.html#asg-capacity-providers-managed-scaling) // in the Amazon Elastic Container Service Developer Guide. // -// If managed scaling is disabled, the user must manage the scaling of the Auto -// Scaling group. +// If managed scaling is off, the user must manage the scaling of the Auto Scaling +// group. type ManagedScaling struct { _ struct{} `type:"structure"` @@ -17316,7 +17526,7 @@ func (s *NetworkBinding) SetProtocol(v string) *NetworkBinding { return s } -// An object representing the network configuration for a task or service. +// The network configuration for a task or service. type NetworkConfiguration struct { _ struct{} `type:"structure"` @@ -17992,8 +18202,8 @@ type ProtectedTask struct { // The epoch time when protection for the task will expire. ExpirationDate *time.Time `locationName:"expirationDate" type:"timestamp"` - // The protection status of the task. If scale-in protection is enabled for - // a task, the value is true. Otherwise, it is false. + // The protection status of the task. If scale-in protection is on for a task, + // the value is true. Otherwise, it is false. ProtectionEnabled *bool `locationName:"protectionEnabled" type:"boolean"` // The task ARN. @@ -18257,11 +18467,11 @@ type PutAccountSettingInput struct { // Name is a required field Name *string `locationName:"name" type:"string" required:"true" enum:"SettingName"` - // The ARN of the principal, which can be an IAM user, IAM role, or the root - // user. If you specify the root user, it modifies the account setting for all - // IAM users, IAM roles, and the root user of the account unless an IAM user - // or role explicitly overrides these settings. If this field is omitted, the - // setting is changed only for the authenticated user. + // The ARN of the principal, which can be a user, role, or the root user. If + // you specify the root user, it modifies the account setting for all users, + // roles, and the root user of the account unless a user or role explicitly + // overrides these settings. If this field is omitted, the setting is changed + // only for the authenticated user. // // Federated users assume the account setting of the root user and can't have // explicit account settings set for them. @@ -19790,11 +20000,11 @@ type RunTaskInput struct { // The family and revision (family:revision) or full ARN of the task definition // to run. If a revision isn't specified, the latest ACTIVE revision is used. // - // When you create an IAM policy for run-task, you can set the resource to be - // the latest task definition revision, or a specific revision. + // When you create a policy for run-task, you can set the resource to be the + // latest task definition revision, or a specific revision. // // The full ARN value must match the value that you specified as the Resource - // of the IAM principal's permissions policy. + // of the principal's permissions policy. // // When you specify the policy resource as the latest task definition version // (by setting the Resource in the policy to arn:aws:ecs:us-east-1:111122223333:task-definition/TaskFamilyName), @@ -21373,12 +21583,11 @@ type Setting struct { // The Amazon ECS resource name. Name *string `locationName:"name" type:"string" enum:"SettingName"` - // The ARN of the principal. It can be an IAM user, IAM role, or the root user. - // If this field is omitted, the authenticated user is assumed. + // The ARN of the principal. It can be a user, role, or the root user. If this + // field is omitted, the authenticated user is assumed. PrincipalArn *string `locationName:"principalArn" type:"string"` - // Determines whether the account setting is enabled or disabled for the specified - // resource. + // Determines whether the account setting is on or off for the specified resource. Value *string `locationName:"value" type:"string"` } @@ -21697,7 +21906,7 @@ type StopTaskInput struct { // API operations on this task. Up to 255 characters are allowed in this message. Reason *string `locationName:"reason" type:"string"` - // The task ID or full Amazon Resource Name (ARN) of the task to stop. + // The task ID of the task to stop. // // Task is a required field Task *string `locationName:"task" type:"string" required:"true"` @@ -23568,8 +23777,8 @@ type TaskOverride struct { // * Windows platform version 1.0.0 or later. EphemeralStorage *EphemeralStorage `locationName:"ephemeralStorage" type:"structure"` - // The Amazon Resource Name (ARN) of the task execution IAM role override for - // the task. For more information, see Amazon ECS task execution IAM role (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) + // The Amazon Resource Name (ARN) of the task execution role override for the + // task. For more information, see Amazon ECS task execution IAM role (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_execution_IAM_role.html) // in the Amazon Elastic Container Service Developer Guide. ExecutionRoleArn *string `locationName:"executionRoleArn" type:"string"` @@ -23579,10 +23788,9 @@ type TaskOverride struct { // The memory override for the task. Memory *string `locationName:"memory" type:"string"` - // The Amazon Resource Name (ARN) of the IAM role that containers in this task - // can assume. All containers in this task are granted the permissions that - // are specified in this role. For more information, see IAM Role for Tasks - // (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) + // The Amazon Resource Name (ARN) of the role that containers in this task can + // assume. All containers in this task are granted the permissions that are + // specified in this role. For more information, see IAM Role for Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) // in the Amazon Elastic Container Service Developer Guide. TaskRoleArn *string `locationName:"taskRoleArn" type:"string"` } @@ -24140,7 +24348,9 @@ func (s *Tmpfs) SetSize(v int64) *Tmpfs { // set by the operating system with the exception of the nofile resource limit // parameter which Fargate overrides. The nofile resource limit sets a restriction // on the number of open files that a container can use. The default nofile -// soft limit is 1024 and hard limit is 4096. +// soft limit is 1024 and the default hard limit is 4096. +// +// You can specify the ulimit settings for a container in a task definition. type Ulimit struct { _ struct{} `type:"structure"` @@ -26887,6 +27097,9 @@ const ( // TaskDefinitionStatusInactive is a TaskDefinitionStatus enum value TaskDefinitionStatusInactive = "INACTIVE" + + // TaskDefinitionStatusDeleteInProgress is a TaskDefinitionStatus enum value + TaskDefinitionStatusDeleteInProgress = "DELETE_IN_PROGRESS" ) // TaskDefinitionStatus_Values returns all elements of the TaskDefinitionStatus enum @@ -26894,6 +27107,7 @@ func TaskDefinitionStatus_Values() []string { return []string{ TaskDefinitionStatusActive, TaskDefinitionStatusInactive, + TaskDefinitionStatusDeleteInProgress, } } diff --git a/service/ecs/ecsiface/interface.go b/service/ecs/ecsiface/interface.go index 0860bf070a1..356e4a2a7c5 100644 --- a/service/ecs/ecsiface/interface.go +++ b/service/ecs/ecsiface/interface.go @@ -96,6 +96,10 @@ type ECSAPI interface { DeleteServiceWithContext(aws.Context, *ecs.DeleteServiceInput, ...request.Option) (*ecs.DeleteServiceOutput, error) DeleteServiceRequest(*ecs.DeleteServiceInput) (*request.Request, *ecs.DeleteServiceOutput) + DeleteTaskDefinitions(*ecs.DeleteTaskDefinitionsInput) (*ecs.DeleteTaskDefinitionsOutput, error) + DeleteTaskDefinitionsWithContext(aws.Context, *ecs.DeleteTaskDefinitionsInput, ...request.Option) (*ecs.DeleteTaskDefinitionsOutput, error) + DeleteTaskDefinitionsRequest(*ecs.DeleteTaskDefinitionsInput) (*request.Request, *ecs.DeleteTaskDefinitionsOutput) + DeleteTaskSet(*ecs.DeleteTaskSetInput) (*ecs.DeleteTaskSetOutput, error) DeleteTaskSetWithContext(aws.Context, *ecs.DeleteTaskSetInput, ...request.Option) (*ecs.DeleteTaskSetOutput, error) DeleteTaskSetRequest(*ecs.DeleteTaskSetInput) (*request.Request, *ecs.DeleteTaskSetOutput) diff --git a/service/guardduty/api.go b/service/guardduty/api.go index 64c9f34d981..c7fc8ac01bb 100644 --- a/service/guardduty/api.go +++ b/service/guardduty/api.go @@ -324,6 +324,10 @@ func (c *GuardDuty) CreateDetectorRequest(input *CreateDetectorInput) (req *requ // one detector per account per Region. All data sources are enabled in a new // detector by default. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -582,8 +586,8 @@ func (c *GuardDuty) CreateMembersRequest(input *CreateMembersInput) (req *reques // of the organization delegated administrator account, which must enable GuardDuty // prior to being added as a member. // -// If you are adding accounts by invitation use this action after GuardDuty -// has been enabled in potential member accounts and before using Invite Members +// If you are adding accounts by invitation, use this action after GuardDuty +// has bee enabled in potential member accounts and before using InviteMembers // (https://docs.aws.amazon.com/guardduty/latest/APIReference/API_InviteMembers.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -750,8 +754,8 @@ func (c *GuardDuty) CreateSampleFindingsRequest(input *CreateSampleFindingsInput // CreateSampleFindings API operation for Amazon GuardDuty. // -// Generates example findings of types specified by the list of finding types. -// If 'NULL' is specified for findingTypes, the API generates example findings +// Generates sample findings of types specified by the list of finding types. +// If 'NULL' is specified for findingTypes, the API generates sample findings // of all supported finding types. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1593,6 +1597,10 @@ func (c *GuardDuty) DescribeMalwareScansRequest(input *DescribeMalwareScansInput // scans for their own accounts. An administrator can view the malware scans // for all the member accounts. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1727,6 +1735,10 @@ func (c *GuardDuty) DescribeOrganizationConfigurationRequest(input *DescribeOrga // Returns information about the account selected as the delegated administrator // for GuardDuty. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2403,6 +2415,10 @@ func (c *GuardDuty) GetDetectorRequest(input *GetDetectorInput) (req *request.Re // // Retrieves an Amazon GuardDuty detector specified by the detectorId. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2896,6 +2912,10 @@ func (c *GuardDuty) GetMalwareScanSettingsRequest(input *GetMalwareScanSettingsI // // Returns the details of the malware scan settings. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3070,6 +3090,10 @@ func (c *GuardDuty) GetMemberDetectorsRequest(input *GetMemberDetectorsInput) (r // // Describes which data sources are enabled for the member account's detector. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5388,6 +5412,10 @@ func (c *GuardDuty) UpdateDetectorRequest(input *UpdateDetectorInput) (req *requ // // Updates the Amazon GuardDuty detector specified by the detectorId. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5719,6 +5747,10 @@ func (c *GuardDuty) UpdateMalwareScanSettingsRequest(input *UpdateMalwareScanSet // // Updates the malware scan settings. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5801,6 +5833,10 @@ func (c *GuardDuty) UpdateMemberDetectorsRequest(input *UpdateMemberDetectorsInp // // Contains information on member accounts to be updated. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5884,6 +5920,10 @@ func (c *GuardDuty) UpdateOrganizationConfigurationRequest(input *UpdateOrganiza // // Updates the delegated administrator account with the values provided. // +// There might be regional differences because some data sources might not be +// available in all the Amazon Web Services Regions where GuardDuty is presently +// supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7486,6 +7526,10 @@ type CreateDetectorInput struct { ClientToken *string `locationName:"clientToken" type:"string" idempotencyToken:"true"` // Describes which data sources will be enabled for the detector. + // + // There might be regional differences because some data sources might not be + // available in all the Amazon Web Services Regions where GuardDuty is presently + // supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). DataSources *DataSourceConfigurations `locationName:"dataSources" type:"structure"` // A Boolean value that specifies whether the detector is to be enabled. @@ -7620,9 +7664,9 @@ type CreateFilterInput struct { // The idempotency token for the create request. ClientToken *string `locationName:"clientToken" type:"string" idempotencyToken:"true"` - // The description of the filter. Valid special characters include period (.), - // underscore (_), dash (-), and whitespace. The new line character is considered - // to be an invalid input for description. + // The description of the filter. Valid characters include alphanumeric characters, + // and special characters such as -, ., :, { }, [ ], ( ), /, \t, \n, \x0B, \f, + // \r, _, and whitespace. Description *string `locationName:"description" type:"string"` // The ID of the detector belonging to the GuardDuty account that you want to @@ -7639,8 +7683,6 @@ type CreateFilterInput struct { // // * region // - // * confidence - // // * id // // * resource.accessKeyDetails.accessKeyId @@ -7739,10 +7781,6 @@ type CreateFilterInput struct { // // * resource.s3BucketDetails.type // - // * service.archived When this attribute is set to TRUE, only archived findings - // are listed. When it's set to FALSE, only unarchived findings are listed. - // When this attribute is not set, all existing findings are listed. - // // * service.resourceRole // // * severity @@ -7933,7 +7971,7 @@ type CreateIPSetInput struct { // The user-friendly name to identify the IPSet. // - // Allowed characters are alphanumerics, spaces, hyphens (-), and underscores + // Allowed characters are alphanumeric, whitespace, dash (-), and underscores // (_). // // Name is a required field @@ -9625,7 +9663,9 @@ type DescribeMalwareScansInput struct { // from the previous response to continue listing data. NextToken *string `locationName:"nextToken" type:"string"` - // Represents the criteria used for sorting scan entries. + // Represents the criteria used for sorting scan entries. The attributeName + // (https://docs.aws.amazon.com/guardduty/latest/APIReference/API_SortCriteria.html#guardduty-Type-SortCriteria-attributeName) + // is required and it must be scanStartTime. SortCriteria *SortCriteria `locationName:"sortCriteria" type:"structure"` } @@ -16989,8 +17029,8 @@ func (s *RemotePortDetails) SetPortName(v string) *RemotePortDetails { type Resource struct { _ struct{} `type:"structure"` - // The IAM access key details (IAM user information) of a user that engaged - // in the activity that prompted GuardDuty to generate a finding. + // The IAM access key details (user information) of a user that engaged in the + // activity that prompted GuardDuty to generate a finding. AccessKeyDetails *AccessKeyDetails `locationName:"accessKeyDetails" type:"structure"` // Details of a container. @@ -18231,8 +18271,7 @@ func (s *ServiceAdditionalInfo) SetValue(v string) *ServiceAdditionalInfo { type SortCriteria struct { _ struct{} `type:"structure"` - // Represents the finding attribute (for example, accountId) to sort findings - // by. + // Represents the finding attribute, such as accountId, that sorts the findings. AttributeName *string `locationName:"attributeName" type:"string"` // The order by which the sorted findings are to be displayed. @@ -18786,7 +18825,7 @@ type TriggerDetails struct { // The description of the scan trigger. Description *string `locationName:"description" min:"1" type:"string"` - // The ID of the GuardDuty finding that triggered the BirdDog scan. + // The ID of the GuardDuty finding that triggered the malware scan. GuardDutyFindingId *string `locationName:"guardDutyFindingId" min:"1" type:"string"` } @@ -19075,6 +19114,10 @@ type UpdateDetectorInput struct { _ struct{} `type:"structure"` // Describes which data sources will be updated. + // + // There might be regional differences because some data sources might not be + // available in all the Amazon Web Services Regions where GuardDuty is presently + // supported. For more information, see Regions and endpoints (https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_regions.html). DataSources *DataSourceConfigurations `locationName:"dataSources" type:"structure"` // The unique ID of the detector to update. @@ -19182,9 +19225,10 @@ type UpdateFilterInput struct { // filter. Action *string `locationName:"action" min:"1" type:"string" enum:"FilterAction"` - // The description of the filter. Valid special characters include period (.), - // underscore (_), dash (-), and whitespace. The new line character is considered - // to be an invalid input for description. + // The description of the filter. Valid characters include alphanumeric characters, + // and special characters such as hyphen, period, colon, underscore, parentheses + // ({ }, [ ], and ( )), forward slash, horizontal tab, vertical tab, newline, + // form feed, return, and whitespace. Description *string `locationName:"description" type:"string"` // The unique ID of the detector that specifies the GuardDuty service where diff --git a/service/iotwireless/api.go b/service/iotwireless/api.go index d80d9ed8843..52efd13a639 100644 --- a/service/iotwireless/api.go +++ b/service/iotwireless/api.go @@ -4723,7 +4723,7 @@ func (c *IoTWireless) GetResourcePositionRequest(input *GetResourcePositionInput // GetResourcePosition API operation for AWS IoT Wireless. // // Get the position information for a given wireless device or a wireless gateway -// resource. The postion information uses the World Geodetic System (WGS84) +// resource. The position information uses the World Geodetic System (WGS84) // (https://gisgeography.com/wgs84-world-geodetic-system/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -9766,7 +9766,7 @@ func (c *IoTWireless) UpdateResourcePositionRequest(input *UpdateResourcePositio // UpdateResourcePosition API operation for AWS IoT Wireless. // // Update the position information of a given wireless device or a wireless -// gateway resource. The postion coordinates are based on the World Geodetic +// gateway resource. The position coordinates are based on the World Geodetic // System (WGS84) (https://gisgeography.com/wgs84-world-geodetic-system/). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11187,7 +11187,7 @@ type CdmaObj struct { // CDMA base station latitude in degrees. BaseLat *float64 `type:"float"` - // CDMA base station longtitude in degrees. + // CDMA base station longitude in degrees. BaseLng *float64 `type:"float"` // CDMA base station ID (BSID). @@ -12002,12 +12002,29 @@ type CreateFuotaTaskInput struct { // FirmwareUpdateRole is a required field FirmwareUpdateRole *string `min:"1" type:"string" required:"true"` + // The interval of sending fragments in milliseconds. Currently the interval + // will be rounded to the nearest second. Note that this interval only controls + // the timing when the cloud sends the fragments down. The actual delay of receiving + // fragments at device side depends on the device's class and the communication + // delay with the cloud. + FragmentIntervalMS *int64 `min:"1" type:"integer"` + + // The size of each fragment in bytes. Currently only supported in fuota tasks + // with multicast groups. + FragmentSizeBytes *int64 `min:"1" type:"integer"` + // The LoRaWAN information used with a FUOTA task. LoRaWAN *LoRaWANFuotaTask `type:"structure"` // The name of a FUOTA task. Name *string `type:"string"` + // The percentage of added redundant fragments. For example, if firmware file + // is 100 bytes and fragment size is 10 bytes, with RedundancyPercent set to + // 50(%), the final number of encoded fragments is (100 / 10) + (100 / 10 * + // 50%) = 15. + RedundancyPercent *int64 `type:"integer"` + // The tag to attach to the specified resource. Tags are metadata that you can // use to manage a resource. Tags []*Tag `type:"list"` @@ -12049,6 +12066,12 @@ func (s *CreateFuotaTaskInput) Validate() error { if s.FirmwareUpdateRole != nil && len(*s.FirmwareUpdateRole) < 1 { invalidParams.Add(request.NewErrParamMinLen("FirmwareUpdateRole", 1)) } + if s.FragmentIntervalMS != nil && *s.FragmentIntervalMS < 1 { + invalidParams.Add(request.NewErrParamMinValue("FragmentIntervalMS", 1)) + } + if s.FragmentSizeBytes != nil && *s.FragmentSizeBytes < 1 { + invalidParams.Add(request.NewErrParamMinValue("FragmentSizeBytes", 1)) + } if s.Tags != nil { for i, v := range s.Tags { if v == nil { @@ -12090,6 +12113,18 @@ func (s *CreateFuotaTaskInput) SetFirmwareUpdateRole(v string) *CreateFuotaTaskI return s } +// SetFragmentIntervalMS sets the FragmentIntervalMS field's value. +func (s *CreateFuotaTaskInput) SetFragmentIntervalMS(v int64) *CreateFuotaTaskInput { + s.FragmentIntervalMS = &v + return s +} + +// SetFragmentSizeBytes sets the FragmentSizeBytes field's value. +func (s *CreateFuotaTaskInput) SetFragmentSizeBytes(v int64) *CreateFuotaTaskInput { + s.FragmentSizeBytes = &v + return s +} + // SetLoRaWAN sets the LoRaWAN field's value. func (s *CreateFuotaTaskInput) SetLoRaWAN(v *LoRaWANFuotaTask) *CreateFuotaTaskInput { s.LoRaWAN = v @@ -12102,6 +12137,12 @@ func (s *CreateFuotaTaskInput) SetName(v string) *CreateFuotaTaskInput { return s } +// SetRedundancyPercent sets the RedundancyPercent field's value. +func (s *CreateFuotaTaskInput) SetRedundancyPercent(v int64) *CreateFuotaTaskInput { + s.RedundancyPercent = &v + return s +} + // SetTags sets the Tags field's value. func (s *CreateFuotaTaskInput) SetTags(v []*Tag) *CreateFuotaTaskInput { s.Tags = v @@ -15514,6 +15555,17 @@ type GetFuotaTaskOutput struct { // The firmware update role that is to be used with a FUOTA task. FirmwareUpdateRole *string `min:"1" type:"string"` + // The interval of sending fragments in milliseconds. Currently the interval + // will be rounded to the nearest second. Note that this interval only controls + // the timing when the cloud sends the fragments down. The actual delay of receiving + // fragments at device side depends on the device's class and the communication + // delay with the cloud. + FragmentIntervalMS *int64 `min:"1" type:"integer"` + + // The size of each fragment in bytes. Currently only supported in fuota tasks + // with multicast groups. + FragmentSizeBytes *int64 `min:"1" type:"integer"` + // The ID of a FUOTA task. Id *string `type:"string"` @@ -15523,6 +15575,12 @@ type GetFuotaTaskOutput struct { // The name of a FUOTA task. Name *string `type:"string"` + // The percentage of added redundant fragments. For example, if firmware file + // is 100 bytes and fragment size is 10 bytes, with RedundancyPercent set to + // 50(%), the final number of encoded fragments is (100 / 10) + (100 / 10 * + // 50%) = 15. + RedundancyPercent *int64 `type:"integer"` + // The status of a FUOTA task. Status *string `type:"string" enum:"FuotaTaskStatus"` } @@ -15575,6 +15633,18 @@ func (s *GetFuotaTaskOutput) SetFirmwareUpdateRole(v string) *GetFuotaTaskOutput return s } +// SetFragmentIntervalMS sets the FragmentIntervalMS field's value. +func (s *GetFuotaTaskOutput) SetFragmentIntervalMS(v int64) *GetFuotaTaskOutput { + s.FragmentIntervalMS = &v + return s +} + +// SetFragmentSizeBytes sets the FragmentSizeBytes field's value. +func (s *GetFuotaTaskOutput) SetFragmentSizeBytes(v int64) *GetFuotaTaskOutput { + s.FragmentSizeBytes = &v + return s +} + // SetId sets the Id field's value. func (s *GetFuotaTaskOutput) SetId(v string) *GetFuotaTaskOutput { s.Id = &v @@ -15593,6 +15663,12 @@ func (s *GetFuotaTaskOutput) SetName(v string) *GetFuotaTaskOutput { return s } +// SetRedundancyPercent sets the RedundancyPercent field's value. +func (s *GetFuotaTaskOutput) SetRedundancyPercent(v int64) *GetFuotaTaskOutput { + s.RedundancyPercent = &v + return s +} + // SetStatus sets the Status field's value. func (s *GetFuotaTaskOutput) SetStatus(v string) *GetFuotaTaskOutput { s.Status = &v @@ -16241,7 +16317,7 @@ type GetPositionEstimateInput struct { Ip *Ip `type:"structure"` // Optional information that specifies the time when the position information - // will be resolved. It uses the UNIX timestamp format. If not specified, the + // will be resolved. It uses the Unix timestamp format. If not specified, the // time at which the request was received will be used. Timestamp *time.Time `type:"timestamp"` @@ -16750,7 +16826,7 @@ type GetResourcePositionInput struct { _ struct{} `type:"structure" nopayload:"true"` // The identifier of the resource for which position information is retrieved. - // It can be the wireless device ID or the wireless gateway ID depending on + // It can be the wireless device ID or the wireless gateway ID, depending on // the resource type. // // ResourceIdentifier is a required field @@ -18042,7 +18118,7 @@ type Gnss struct { AssistAltitude *float64 `type:"float"` // Optional assistance position information, specified using latitude and longitude - // values in degrees. The co-ordinates are inside the WGS84 reference frame. + // values in degrees. The coordinates are inside the WGS84 reference frame. AssistPosition []*float64 `min:"2" type:"list"` // Optional parameter that gives an estimate of the time when the GNSS scan @@ -25619,6 +25695,17 @@ type UpdateFuotaTaskInput struct { // The firmware update role that is to be used with a FUOTA task. FirmwareUpdateRole *string `min:"1" type:"string"` + // The interval of sending fragments in milliseconds. Currently the interval + // will be rounded to the nearest second. Note that this interval only controls + // the timing when the cloud sends the fragments down. The actual delay of receiving + // fragments at device side depends on the device's class and the communication + // delay with the cloud. + FragmentIntervalMS *int64 `min:"1" type:"integer"` + + // The size of each fragment in bytes. Currently only supported in fuota tasks + // with multicast groups. + FragmentSizeBytes *int64 `min:"1" type:"integer"` + // The ID of a FUOTA task. // // Id is a required field @@ -25629,6 +25716,12 @@ type UpdateFuotaTaskInput struct { // The name of a FUOTA task. Name *string `type:"string"` + + // The percentage of added redundant fragments. For example, if firmware file + // is 100 bytes and fragment size is 10 bytes, with RedundancyPercent set to + // 50(%), the final number of encoded fragments is (100 / 10) + (100 / 10 * + // 50%) = 15. + RedundancyPercent *int64 `type:"integer"` } // String returns the string representation. @@ -25658,6 +25751,12 @@ func (s *UpdateFuotaTaskInput) Validate() error { if s.FirmwareUpdateRole != nil && len(*s.FirmwareUpdateRole) < 1 { invalidParams.Add(request.NewErrParamMinLen("FirmwareUpdateRole", 1)) } + if s.FragmentIntervalMS != nil && *s.FragmentIntervalMS < 1 { + invalidParams.Add(request.NewErrParamMinValue("FragmentIntervalMS", 1)) + } + if s.FragmentSizeBytes != nil && *s.FragmentSizeBytes < 1 { + invalidParams.Add(request.NewErrParamMinValue("FragmentSizeBytes", 1)) + } if s.Id == nil { invalidParams.Add(request.NewErrParamRequired("Id")) } @@ -25689,6 +25788,18 @@ func (s *UpdateFuotaTaskInput) SetFirmwareUpdateRole(v string) *UpdateFuotaTaskI return s } +// SetFragmentIntervalMS sets the FragmentIntervalMS field's value. +func (s *UpdateFuotaTaskInput) SetFragmentIntervalMS(v int64) *UpdateFuotaTaskInput { + s.FragmentIntervalMS = &v + return s +} + +// SetFragmentSizeBytes sets the FragmentSizeBytes field's value. +func (s *UpdateFuotaTaskInput) SetFragmentSizeBytes(v int64) *UpdateFuotaTaskInput { + s.FragmentSizeBytes = &v + return s +} + // SetId sets the Id field's value. func (s *UpdateFuotaTaskInput) SetId(v string) *UpdateFuotaTaskInput { s.Id = &v @@ -25707,6 +25818,12 @@ func (s *UpdateFuotaTaskInput) SetName(v string) *UpdateFuotaTaskInput { return s } +// SetRedundancyPercent sets the RedundancyPercent field's value. +func (s *UpdateFuotaTaskInput) SetRedundancyPercent(v int64) *UpdateFuotaTaskInput { + s.RedundancyPercent = &v + return s +} + type UpdateFuotaTaskOutput struct { _ struct{} `type:"structure"` } @@ -26412,7 +26529,7 @@ type UpdateResourcePositionInput struct { GeoJsonPayload []byte `type:"blob"` // The identifier of the resource for which position information is updated. - // It can be the wireless device ID or the wireless gateway ID depending on + // It can be the wireless device ID or the wireless gateway ID, depending on // the resource type. // // ResourceIdentifier is a required field diff --git a/service/locationservice/api.go b/service/locationservice/api.go index 518b36fe158..6a9010858bd 100644 --- a/service/locationservice/api.go +++ b/service/locationservice/api.go @@ -1081,6 +1081,112 @@ func (c *LocationService) CreateGeofenceCollectionWithContext(ctx aws.Context, i return out, req.Send() } +const opCreateKey = "CreateKey" + +// CreateKeyRequest generates a "aws/request.Request" representing the +// client's request for the CreateKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateKey for more information on using the CreateKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the CreateKeyRequest method. +// req, resp := client.CreateKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/CreateKey +func (c *LocationService) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { + op := &request.Operation{ + Name: opCreateKey, + HTTPMethod: "POST", + HTTPPath: "/metadata/v0/keys", + } + + if input == nil { + input = &CreateKeyInput{} + } + + output = &CreateKeyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("metadata.", nil)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// CreateKey API operation for Amazon Location Service. +// +// Creates an API key resource in your Amazon Web Services account, which lets +// you grant geo:GetMap* actions for Amazon Location Map resources to the API +// key bearer. +// +// The API keys feature is in preview. We may add, change, or remove features +// before announcing general availability. For more information, see Using API +// keys (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Location Service's +// API operation CreateKey for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// The request has failed to process because of an unknown server error, exception, +// or failure. +// +// - ConflictException +// The request was unsuccessful because of a conflict. +// +// - AccessDeniedException +// The request was denied because of insufficient access or permissions. Check +// with an administrator to verify your permissions. +// +// - ValidationException +// The input failed to meet the constraints specified by the AWS service. +// +// - ServiceQuotaExceededException +// The operation was denied because the request would exceed the maximum quota +// (https://docs.aws.amazon.com/location/latest/developerguide/location-quotas.html) +// set for Amazon Location Service. +// +// - ThrottlingException +// The request was denied because of request throttling. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/CreateKey +func (c *LocationService) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { + req, out := c.CreateKeyRequest(input) + return out, req.Send() +} + +// CreateKeyWithContext is the same as CreateKey with the addition of +// the ability to pass a context and additional request options. +// +// See CreateKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LocationService) CreateKeyWithContext(ctx aws.Context, input *CreateKeyInput, opts ...request.Option) (*CreateKeyOutput, error) { + req, out := c.CreateKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateMap = "CreateMap" // CreateMapRequest generates a "aws/request.Request" representing the @@ -1126,12 +1232,12 @@ func (c *LocationService) CreateMapRequest(input *CreateMapInput) (req *request. // CreateMap API operation for Amazon Location Service. // -// Creates a map resource in your AWS account, which provides map tiles of different -// styles sourced from global location data providers. +// Creates a map resource in your Amazon Web Services account, which provides +// map tiles of different styles sourced from global location data providers. // // If your application is tracking or routing assets you use in your business, // such as delivery vehicles or employees, you must not use Esri as your geolocation -// provider. See section 82 of the AWS service terms (http://aws.amazon.com/service-terms) +// provider. See section 82 of the Amazon Web Services service terms (http://aws.amazon.com/service-terms) // for more details. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1232,15 +1338,15 @@ func (c *LocationService) CreatePlaceIndexRequest(input *CreatePlaceIndexInput) // CreatePlaceIndex API operation for Amazon Location Service. // -// Creates a place index resource in your AWS account. Use a place index resource -// to geocode addresses and other text queries by using the SearchPlaceIndexForText -// operation, and reverse geocode coordinates by using the SearchPlaceIndexForPosition -// operation, and enable autosuggestions by using the SearchPlaceIndexForSuggestions -// operation. +// Creates a place index resource in your Amazon Web Services account. Use a +// place index resource to geocode addresses and other text queries by using +// the SearchPlaceIndexForText operation, and reverse geocode coordinates by +// using the SearchPlaceIndexForPosition operation, and enable autosuggestions +// by using the SearchPlaceIndexForSuggestions operation. // // If your application is tracking or routing assets you use in your business, // such as delivery vehicles or employees, you must not use Esri as your geolocation -// provider. See section 82 of the AWS service terms (http://aws.amazon.com/service-terms) +// provider. See section 82 of the Amazon Web Services service terms (http://aws.amazon.com/service-terms) // for more details. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1341,7 +1447,7 @@ func (c *LocationService) CreateRouteCalculatorRequest(input *CreateRouteCalcula // CreateRouteCalculator API operation for Amazon Location Service. // -// Creates a route calculator resource in your AWS account. +// Creates a route calculator resource in your Amazon Web Services account. // // You can send requests to a route calculator resource to estimate travel time, // distance, and get directions. A route calculator sources traffic and road @@ -1349,7 +1455,7 @@ func (c *LocationService) CreateRouteCalculatorRequest(input *CreateRouteCalcula // // If your application is tracking or routing assets you use in your business, // such as delivery vehicles or employees, you must not use Esri as your geolocation -// provider. See section 82 of the AWS service terms (http://aws.amazon.com/service-terms) +// provider. See section 82 of the Amazon Web Services service terms (http://aws.amazon.com/service-terms) // for more details. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1450,8 +1556,8 @@ func (c *LocationService) CreateTrackerRequest(input *CreateTrackerInput) (req * // CreateTracker API operation for Amazon Location Service. // -// Creates a tracker resource in your AWS account, which lets you retrieve current -// and historical location of devices. +// Creates a tracker resource in your Amazon Web Services account, which lets +// you retrieve current and historical location of devices. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1547,7 +1653,7 @@ func (c *LocationService) DeleteGeofenceCollectionRequest(input *DeleteGeofenceC // DeleteGeofenceCollection API operation for Amazon Location Service. // -// Deletes a geofence collection from your AWS account. +// Deletes a geofence collection from your Amazon Web Services account. // // This operation deletes the resource permanently. If the geofence collection // is the target of a tracker resource, the devices will no longer be monitored. @@ -1600,6 +1706,103 @@ func (c *LocationService) DeleteGeofenceCollectionWithContext(ctx aws.Context, i return out, req.Send() } +const opDeleteKey = "DeleteKey" + +// DeleteKeyRequest generates a "aws/request.Request" representing the +// client's request for the DeleteKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteKey for more information on using the DeleteKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DeleteKeyRequest method. +// req, resp := client.DeleteKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/DeleteKey +func (c *LocationService) DeleteKeyRequest(input *DeleteKeyInput) (req *request.Request, output *DeleteKeyOutput) { + op := &request.Operation{ + Name: opDeleteKey, + HTTPMethod: "DELETE", + HTTPPath: "/metadata/v0/keys/{KeyName}", + } + + if input == nil { + input = &DeleteKeyInput{} + } + + output = &DeleteKeyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("metadata.", nil)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// DeleteKey API operation for Amazon Location Service. +// +// Deletes the specified API key. The API key must have been deactivated more +// than 90 days previously. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Location Service's +// API operation DeleteKey for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// The request has failed to process because of an unknown server error, exception, +// or failure. +// +// - ResourceNotFoundException +// The resource that you've entered was not found in your AWS account. +// +// - AccessDeniedException +// The request was denied because of insufficient access or permissions. Check +// with an administrator to verify your permissions. +// +// - ValidationException +// The input failed to meet the constraints specified by the AWS service. +// +// - ThrottlingException +// The request was denied because of request throttling. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/DeleteKey +func (c *LocationService) DeleteKey(input *DeleteKeyInput) (*DeleteKeyOutput, error) { + req, out := c.DeleteKeyRequest(input) + return out, req.Send() +} + +// DeleteKeyWithContext is the same as DeleteKey with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LocationService) DeleteKeyWithContext(ctx aws.Context, input *DeleteKeyInput, opts ...request.Option) (*DeleteKeyOutput, error) { + req, out := c.DeleteKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDeleteMap = "DeleteMap" // DeleteMapRequest generates a "aws/request.Request" representing the @@ -1646,7 +1849,7 @@ func (c *LocationService) DeleteMapRequest(input *DeleteMapInput) (req *request. // DeleteMap API operation for Amazon Location Service. // -// Deletes a map resource from your AWS account. +// Deletes a map resource from your Amazon Web Services account. // // This operation deletes the resource permanently. If the map is being used // in an application, the map may not render. @@ -1745,7 +1948,7 @@ func (c *LocationService) DeletePlaceIndexRequest(input *DeletePlaceIndexInput) // DeletePlaceIndex API operation for Amazon Location Service. // -// Deletes a place index resource from your AWS account. +// Deletes a place index resource from your Amazon Web Services account. // // This operation deletes the resource permanently. // @@ -1843,7 +2046,7 @@ func (c *LocationService) DeleteRouteCalculatorRequest(input *DeleteRouteCalcula // DeleteRouteCalculator API operation for Amazon Location Service. // -// Deletes a route calculator resource from your AWS account. +// Deletes a route calculator resource from your Amazon Web Services account. // // This operation deletes the resource permanently. // @@ -1941,7 +2144,7 @@ func (c *LocationService) DeleteTrackerRequest(input *DeleteTrackerInput) (req * // DeleteTracker API operation for Amazon Location Service. // -// Deletes a tracker resource from your AWS account. +// Deletes a tracker resource from your Amazon Web Services account. // // This operation deletes the resource permanently. If the tracker resource // is in use, you may encounter an error. Make sure that the target resource @@ -2090,6 +2293,105 @@ func (c *LocationService) DescribeGeofenceCollectionWithContext(ctx aws.Context, return out, req.Send() } +const opDescribeKey = "DescribeKey" + +// DescribeKeyRequest generates a "aws/request.Request" representing the +// client's request for the DescribeKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeKey for more information on using the DescribeKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the DescribeKeyRequest method. +// req, resp := client.DescribeKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/DescribeKey +func (c *LocationService) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { + op := &request.Operation{ + Name: opDescribeKey, + HTTPMethod: "GET", + HTTPPath: "/metadata/v0/keys/{KeyName}", + } + + if input == nil { + input = &DescribeKeyInput{} + } + + output = &DescribeKeyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("metadata.", nil)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// DescribeKey API operation for Amazon Location Service. +// +// Retrieves the API key resource details. +// +// The API keys feature is in preview. We may add, change, or remove features +// before announcing general availability. For more information, see Using API +// keys (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Location Service's +// API operation DescribeKey for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// The request has failed to process because of an unknown server error, exception, +// or failure. +// +// - ResourceNotFoundException +// The resource that you've entered was not found in your AWS account. +// +// - AccessDeniedException +// The request was denied because of insufficient access or permissions. Check +// with an administrator to verify your permissions. +// +// - ValidationException +// The input failed to meet the constraints specified by the AWS service. +// +// - ThrottlingException +// The request was denied because of request throttling. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/DescribeKey +func (c *LocationService) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { + req, out := c.DescribeKeyRequest(input) + return out, req.Send() +} + +// DescribeKeyWithContext is the same as DescribeKey with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LocationService) DescribeKeyWithContext(ctx aws.Context, input *DescribeKeyInput, opts ...request.Option) (*DescribeKeyOutput, error) { + req, out := c.DescribeKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeMap = "DescribeMap" // DescribeMapRequest generates a "aws/request.Request" representing the @@ -3359,9 +3661,9 @@ func (c *LocationService) GetPlaceRequest(input *GetPlaceInput) (req *request.Re // A PlaceId is valid only if all of the following are the same in the original // search request and the call to GetPlace. // -// - Customer AWS account +// - Customer Amazon Web Services account // -// - AWS Region +// - Amazon Web Services Region // // - Data provider specified in the place index resource // @@ -3613,7 +3915,7 @@ func (c *LocationService) ListGeofenceCollectionsRequest(input *ListGeofenceColl // ListGeofenceCollections API operation for Amazon Location Service. // -// Lists geofence collections in your AWS account. +// Lists geofence collections in your Amazon Web Services account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3863,36 +4165,36 @@ func (c *LocationService) ListGeofencesPagesWithContext(ctx aws.Context, input * return p.Err() } -const opListMaps = "ListMaps" +const opListKeys = "ListKeys" -// ListMapsRequest generates a "aws/request.Request" representing the -// client's request for the ListMaps operation. The "output" return +// ListKeysRequest generates a "aws/request.Request" representing the +// client's request for the ListKeys operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // -// See ListMaps for more information on using the ListMaps +// See ListKeys for more information on using the ListKeys // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // -// // Example sending a request using the ListMapsRequest method. -// req, resp := client.ListMapsRequest(params) +// // Example sending a request using the ListKeysRequest method. +// req, resp := client.ListKeysRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // -// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/ListMaps -func (c *LocationService) ListMapsRequest(input *ListMapsInput) (req *request.Request, output *ListMapsOutput) { +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/ListKeys +func (c *LocationService) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { op := &request.Operation{ - Name: opListMaps, + Name: opListKeys, HTTPMethod: "POST", - HTTPPath: "/maps/v0/list-maps", + HTTPPath: "/metadata/v0/list-keys", Paginator: &request.Paginator{ InputTokens: []string{"NextToken"}, OutputTokens: []string{"NextToken"}, @@ -3902,26 +4204,30 @@ func (c *LocationService) ListMapsRequest(input *ListMapsInput) (req *request.Re } if input == nil { - input = &ListMapsInput{} + input = &ListKeysInput{} } - output = &ListMapsOutput{} + output = &ListKeysOutput{} req = c.newRequest(op, input, output) - req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("maps.", nil)) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("metadata.", nil)) req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) return } -// ListMaps API operation for Amazon Location Service. +// ListKeys API operation for Amazon Location Service. // -// Lists map resources in your AWS account. +// Lists API key resources in your Amazon Web Services account. +// +// The API keys feature is in preview. We may add, change, or remove features +// before announcing general availability. For more information, see Using API +// keys (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for Amazon Location Service's -// API operation ListMaps for usage and error information. +// API operation ListKeys for usage and error information. // // Returned Error Types: // @@ -3939,40 +4245,189 @@ func (c *LocationService) ListMapsRequest(input *ListMapsInput) (req *request.Re // - ThrottlingException // The request was denied because of request throttling. // -// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/ListMaps -func (c *LocationService) ListMaps(input *ListMapsInput) (*ListMapsOutput, error) { - req, out := c.ListMapsRequest(input) +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/ListKeys +func (c *LocationService) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) return out, req.Send() } -// ListMapsWithContext is the same as ListMaps with the addition of +// ListKeysWithContext is the same as ListKeys with the addition of // the ability to pass a context and additional request options. // -// See ListMaps for details on how to use this API operation. +// See ListKeys for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. -func (c *LocationService) ListMapsWithContext(ctx aws.Context, input *ListMapsInput, opts ...request.Option) (*ListMapsOutput, error) { - req, out := c.ListMapsRequest(input) +func (c *LocationService) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) { + req, out := c.ListKeysRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } -// ListMapsPages iterates over the pages of a ListMaps operation, +// ListKeysPages iterates over the pages of a ListKeys operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // -// See ListMaps method for more information on how to use this operation. +// See ListKeys method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // -// // Example iterating over at most 3 pages of a ListMaps operation. +// // Example iterating over at most 3 pages of a ListKeys operation. // pageNum := 0 -// err := client.ListMapsPages(params, -// func(page *locationservice.ListMapsOutput, lastPage bool) bool { +// err := client.ListKeysPages(params, +// func(page *locationservice.ListKeysOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +func (c *LocationService) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error { + return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListKeysPagesWithContext same as ListKeysPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LocationService) ListKeysPagesWithContext(ctx aws.Context, input *ListKeysInput, fn func(*ListKeysOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListKeysInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListKeysRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListKeysOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListMaps = "ListMaps" + +// ListMapsRequest generates a "aws/request.Request" representing the +// client's request for the ListMaps operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListMaps for more information on using the ListMaps +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListMapsRequest method. +// req, resp := client.ListMapsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/ListMaps +func (c *LocationService) ListMapsRequest(input *ListMapsInput) (req *request.Request, output *ListMapsOutput) { + op := &request.Operation{ + Name: opListMaps, + HTTPMethod: "POST", + HTTPPath: "/maps/v0/list-maps", + Paginator: &request.Paginator{ + InputTokens: []string{"NextToken"}, + OutputTokens: []string{"NextToken"}, + LimitToken: "MaxResults", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListMapsInput{} + } + + output = &ListMapsOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("maps.", nil)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// ListMaps API operation for Amazon Location Service. +// +// Lists map resources in your Amazon Web Services account. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Location Service's +// API operation ListMaps for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// The request has failed to process because of an unknown server error, exception, +// or failure. +// +// - AccessDeniedException +// The request was denied because of insufficient access or permissions. Check +// with an administrator to verify your permissions. +// +// - ValidationException +// The input failed to meet the constraints specified by the AWS service. +// +// - ThrottlingException +// The request was denied because of request throttling. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/ListMaps +func (c *LocationService) ListMaps(input *ListMapsInput) (*ListMapsOutput, error) { + req, out := c.ListMapsRequest(input) + return out, req.Send() +} + +// ListMapsWithContext is the same as ListMaps with the addition of +// the ability to pass a context and additional request options. +// +// See ListMaps for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LocationService) ListMapsWithContext(ctx aws.Context, input *ListMapsInput, opts ...request.Option) (*ListMapsOutput, error) { + req, out := c.ListMapsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListMapsPages iterates over the pages of a ListMaps operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListMaps method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListMaps operation. +// pageNum := 0 +// err := client.ListMapsPages(params, +// func(page *locationservice.ListMapsOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 @@ -4063,7 +4518,7 @@ func (c *LocationService) ListPlaceIndexesRequest(input *ListPlaceIndexesInput) // ListPlaceIndexes API operation for Amazon Location Service. // -// Lists place index resources in your AWS account. +// Lists place index resources in your Amazon Web Services account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4212,7 +4667,7 @@ func (c *LocationService) ListRouteCalculatorsRequest(input *ListRouteCalculator // ListRouteCalculators API operation for Amazon Location Service. // -// Lists route calculator resources in your AWS account. +// Lists route calculator resources in your Amazon Web Services account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4609,7 +5064,7 @@ func (c *LocationService) ListTrackersRequest(input *ListTrackersInput) (req *re // ListTrackers API operation for Amazon Location Service. // -// Lists tracker resources in your AWS account. +// Lists tracker resources in your Amazon Web Services account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5412,6 +5867,105 @@ func (c *LocationService) UpdateGeofenceCollectionWithContext(ctx aws.Context, i return out, req.Send() } +const opUpdateKey = "UpdateKey" + +// UpdateKeyRequest generates a "aws/request.Request" representing the +// client's request for the UpdateKey operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateKey for more information on using the UpdateKey +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UpdateKeyRequest method. +// req, resp := client.UpdateKeyRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/UpdateKey +func (c *LocationService) UpdateKeyRequest(input *UpdateKeyInput) (req *request.Request, output *UpdateKeyOutput) { + op := &request.Operation{ + Name: opUpdateKey, + HTTPMethod: "PATCH", + HTTPPath: "/metadata/v0/keys/{KeyName}", + } + + if input == nil { + input = &UpdateKeyInput{} + } + + output = &UpdateKeyOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Build.PushBackNamed(protocol.NewHostPrefixHandler("metadata.", nil)) + req.Handlers.Build.PushBackNamed(protocol.ValidateEndpointHostHandler) + return +} + +// UpdateKey API operation for Amazon Location Service. +// +// Updates the specified properties of a given API key resource. +// +// The API keys feature is in preview. We may add, change, or remove features +// before announcing general availability. For more information, see Using API +// keys (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html). +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Location Service's +// API operation UpdateKey for usage and error information. +// +// Returned Error Types: +// +// - InternalServerException +// The request has failed to process because of an unknown server error, exception, +// or failure. +// +// - ResourceNotFoundException +// The resource that you've entered was not found in your AWS account. +// +// - AccessDeniedException +// The request was denied because of insufficient access or permissions. Check +// with an administrator to verify your permissions. +// +// - ValidationException +// The input failed to meet the constraints specified by the AWS service. +// +// - ThrottlingException +// The request was denied because of request throttling. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/location-2020-11-19/UpdateKey +func (c *LocationService) UpdateKey(input *UpdateKeyInput) (*UpdateKeyOutput, error) { + req, out := c.UpdateKeyRequest(input) + return out, req.Send() +} + +// UpdateKeyWithContext is the same as UpdateKey with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateKey for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LocationService) UpdateKeyWithContext(ctx aws.Context, input *UpdateKeyInput, opts ...request.Option) (*UpdateKeyOutput, error) { + req, out := c.UpdateKeyRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUpdateMap = "UpdateMap" // UpdateMapRequest generates a "aws/request.Request" representing the @@ -5857,22 +6411,12 @@ func (s *AccessDeniedException) RequestID() string { return s.RespMetadata.RequestID } -type AssociateTrackerConsumerInput struct { +// Options for filtering API keys. +type ApiKeyFilter struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) for the geofence collection to be associated - // to tracker resource. Used when you need to specify a resource across all - // AWS. - // - // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer - // - // ConsumerArn is a required field - ConsumerArn *string `type:"string" required:"true"` - - // The name of the tracker resource to be associated with a geofence collection. - // - // TrackerName is a required field - TrackerName *string `location:"uri" locationName:"TrackerName" min:"1" type:"string" required:"true"` + // Filter on Active or Expired API keys. + KeyStatus *string `type:"string" enum:"Status"` } // String returns the string representation. @@ -5880,7 +6424,7 @@ type AssociateTrackerConsumerInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateTrackerConsumerInput) String() string { +func (s ApiKeyFilter) String() string { return awsutil.Prettify(s) } @@ -5889,39 +6433,208 @@ func (s AssociateTrackerConsumerInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s AssociateTrackerConsumerInput) GoString() string { +func (s ApiKeyFilter) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *AssociateTrackerConsumerInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "AssociateTrackerConsumerInput"} - if s.ConsumerArn == nil { - invalidParams.Add(request.NewErrParamRequired("ConsumerArn")) - } - if s.TrackerName == nil { - invalidParams.Add(request.NewErrParamRequired("TrackerName")) - } - if s.TrackerName != nil && len(*s.TrackerName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("TrackerName", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - -// SetConsumerArn sets the ConsumerArn field's value. -func (s *AssociateTrackerConsumerInput) SetConsumerArn(v string) *AssociateTrackerConsumerInput { - s.ConsumerArn = &v +// SetKeyStatus sets the KeyStatus field's value. +func (s *ApiKeyFilter) SetKeyStatus(v string) *ApiKeyFilter { + s.KeyStatus = &v return s } -// SetTrackerName sets the TrackerName field's value. -func (s *AssociateTrackerConsumerInput) SetTrackerName(v string) *AssociateTrackerConsumerInput { - s.TrackerName = &v - return s +// API Restrictions on the allowed actions, resources, and referers for an API +// key resource. +type ApiKeyRestrictions struct { + _ struct{} `type:"structure"` + + // A list of allowed actions that an API key resource grants permissions to + // perform + // + // Currently, the only valid action is geo:GetMap* as an input to the list. + // For example, ["geo:GetMap*"] is valid but ["geo:GetMapTile"] is not. + // + // AllowActions is a required field + AllowActions []*string `min:"1" type:"list" required:"true"` + + // An optional list of allowed HTTP referers for which requests must originate + // from. Requests using this API key from other domains will not be allowed. + // + // Requirements: + // + // * Contain only alphanumeric characters (A–Z, a–z, 0–9) or any symbols + // in this list $\-._+!*`(),;/?:@=& + // + // * May contain a percent (%) if followed by 2 hexadecimal digits (A-F, + // a-f, 0-9); this is used for URL encoding purposes. + // + // * May contain wildcard characters question mark (?) and asterisk (*). + // Question mark (?) will replace any single character (including hexadecimal + // digits). Asterisk (*) will replace any multiple characters (including + // multiple hexadecimal digits). + // + // * No spaces allowed. For example, https://example.com. + AllowReferers []*string `min:"1" type:"list"` + + // A list of allowed resource ARNs that a API key bearer can perform actions + // on + // + // For more information about ARN format, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html). + // + // In this preview, you can allow only map resources. + // + // Requirements: + // + // * Must be prefixed with arn. + // + // * partition and service must not be empty and should begin with only alphanumeric + // characters (A–Z, a–z, 0–9) and contain only alphanumeric numbers, + // hyphens (-) and periods (.). + // + // * region and account-id can be empty or should begin with only alphanumeric + // characters (A–Z, a–z, 0–9) and contain only alphanumeric numbers, + // hyphens (-) and periods (.). + // + // * resource-id can begin with any character except for forward slash (/) + // and contain any characters after, including forward slashes to form a + // path. resource-id can also include wildcard characters, denoted by an + // asterisk (*). + // + // * arn, partition, service, region, account-id and resource-id must be + // delimited by a colon (:). + // + // * No spaces allowed. For example, arn:aws:geo:region:account-id:map/ExampleMap*. + // + // AllowResources is a required field + AllowResources []*string `min:"1" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ApiKeyRestrictions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ApiKeyRestrictions) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ApiKeyRestrictions) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ApiKeyRestrictions"} + if s.AllowActions == nil { + invalidParams.Add(request.NewErrParamRequired("AllowActions")) + } + if s.AllowActions != nil && len(s.AllowActions) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AllowActions", 1)) + } + if s.AllowReferers != nil && len(s.AllowReferers) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AllowReferers", 1)) + } + if s.AllowResources == nil { + invalidParams.Add(request.NewErrParamRequired("AllowResources")) + } + if s.AllowResources != nil && len(s.AllowResources) < 1 { + invalidParams.Add(request.NewErrParamMinLen("AllowResources", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAllowActions sets the AllowActions field's value. +func (s *ApiKeyRestrictions) SetAllowActions(v []*string) *ApiKeyRestrictions { + s.AllowActions = v + return s +} + +// SetAllowReferers sets the AllowReferers field's value. +func (s *ApiKeyRestrictions) SetAllowReferers(v []*string) *ApiKeyRestrictions { + s.AllowReferers = v + return s +} + +// SetAllowResources sets the AllowResources field's value. +func (s *ApiKeyRestrictions) SetAllowResources(v []*string) *ApiKeyRestrictions { + s.AllowResources = v + return s +} + +type AssociateTrackerConsumerInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the geofence collection to be associated + // to tracker resource. Used when you need to specify a resource across all + // Amazon Web Services. + // + // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer + // + // ConsumerArn is a required field + ConsumerArn *string `type:"string" required:"true"` + + // The name of the tracker resource to be associated with a geofence collection. + // + // TrackerName is a required field + TrackerName *string `location:"uri" locationName:"TrackerName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateTrackerConsumerInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssociateTrackerConsumerInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *AssociateTrackerConsumerInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "AssociateTrackerConsumerInput"} + if s.ConsumerArn == nil { + invalidParams.Add(request.NewErrParamRequired("ConsumerArn")) + } + if s.TrackerName == nil { + invalidParams.Add(request.NewErrParamRequired("TrackerName")) + } + if s.TrackerName != nil && len(*s.TrackerName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TrackerName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConsumerArn sets the ConsumerArn field's value. +func (s *AssociateTrackerConsumerInput) SetConsumerArn(v string) *AssociateTrackerConsumerInput { + s.ConsumerArn = &v + return s +} + +// SetTrackerName sets the TrackerName field's value. +func (s *AssociateTrackerConsumerInput) SetTrackerName(v string) *AssociateTrackerConsumerInput { + s.TrackerName = &v + return s } type AssociateTrackerConsumerOutput struct { @@ -8133,7 +8846,7 @@ type CreateGeofenceCollectionInput struct { // An optional description for the geofence collection. Description *string `type:"string"` - // A key identifier for an AWS KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html). + // A key identifier for an Amazon Web Services KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html). // Enter a key ID, key ARN, alias name, or alias ARN. KmsKeyId *string `min:"1" type:"string"` @@ -8247,7 +8960,7 @@ type CreateGeofenceCollectionOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) for the geofence collection resource. Used - // when you need to specify a resource across all AWS. + // when you need to specify a resource across all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection // @@ -8302,6 +9015,215 @@ func (s *CreateGeofenceCollectionOutput) SetCreateTime(v time.Time) *CreateGeofe return s } +type CreateKeyInput struct { + _ struct{} `type:"structure"` + + // An optional description for the API key resource. + Description *string `type:"string"` + + // The optional timestamp for when the API key resource will expire in ISO 8601 + // (https://www.iso.org/iso-8601-date-and-time-format.html) format: YYYY-MM-DDThh:mm:ss.sssZ. + // One of NoExpiry or ExpireTime must be set. + ExpireTime *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // A custom name for the API key resource. + // + // Requirements: + // + // * Contain only alphanumeric characters (A–Z, a–z, 0–9), hyphens + // (-), periods (.), and underscores (_). + // + // * Must be a unique API key name. + // + // * No spaces allowed. For example, ExampleAPIKey. + // + // KeyName is a required field + KeyName *string `min:"1" type:"string" required:"true"` + + // Optionally set to true to set no expiration time for the API key. One of + // NoExpiry or ExpireTime must be set. + NoExpiry *bool `type:"boolean"` + + // The API key restrictions for the API key resource. + // + // Restrictions is a required field + Restrictions *ApiKeyRestrictions `type:"structure" required:"true"` + + // Applies one or more tags to the map resource. A tag is a key-value pair that + // helps manage, identify, search, and filter your resources by labelling them. + // + // Format: "key" : "value" + // + // Restrictions: + // + // * Maximum 50 tags per resource + // + // * Each resource tag must be unique with a maximum of one value. + // + // * Maximum key length: 128 Unicode characters in UTF-8 + // + // * Maximum value length: 256 Unicode characters in UTF-8 + // + // * Can use alphanumeric characters (A–Z, a–z, 0–9), and the following + // characters: + - = . _ : / @. + // + // * Cannot use "aws:" as a prefix for a key. + Tags map[string]*string `type:"map"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"} + if s.KeyName == nil { + invalidParams.Add(request.NewErrParamRequired("KeyName")) + } + if s.KeyName != nil && len(*s.KeyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyName", 1)) + } + if s.Restrictions == nil { + invalidParams.Add(request.NewErrParamRequired("Restrictions")) + } + if s.Restrictions != nil { + if err := s.Restrictions.Validate(); err != nil { + invalidParams.AddNested("Restrictions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { + s.Description = &v + return s +} + +// SetExpireTime sets the ExpireTime field's value. +func (s *CreateKeyInput) SetExpireTime(v time.Time) *CreateKeyInput { + s.ExpireTime = &v + return s +} + +// SetKeyName sets the KeyName field's value. +func (s *CreateKeyInput) SetKeyName(v string) *CreateKeyInput { + s.KeyName = &v + return s +} + +// SetNoExpiry sets the NoExpiry field's value. +func (s *CreateKeyInput) SetNoExpiry(v bool) *CreateKeyInput { + s.NoExpiry = &v + return s +} + +// SetRestrictions sets the Restrictions field's value. +func (s *CreateKeyInput) SetRestrictions(v *ApiKeyRestrictions) *CreateKeyInput { + s.Restrictions = v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateKeyInput) SetTags(v map[string]*string) *CreateKeyInput { + s.Tags = v + return s +} + +type CreateKeyOutput struct { + _ struct{} `type:"structure"` + + // The timestamp for when the API key resource was created in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ. + // + // CreateTime is a required field + CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The key value/string of an API key. This value is used when making API calls + // to authorize the call. For example, see GetMapGlyphs (https://docs.aws.amazon.com/location/latest/APIReference/API_GetMapGlyphs.html). + // + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateKeyOutput's + // String and GoString methods. + // + // Key is a required field + Key *string `type:"string" required:"true" sensitive:"true"` + + // The Amazon Resource Name (ARN) for the API key resource. Used when you need + // to specify a resource across all Amazon Web Services. + // + // * Format example: arn:aws:geo:region:account-id:key/ExampleKey + // + // KeyArn is a required field + KeyArn *string `type:"string" required:"true"` + + // The name of the API key resource. + // + // KeyName is a required field + KeyName *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateKeyOutput) GoString() string { + return s.String() +} + +// SetCreateTime sets the CreateTime field's value. +func (s *CreateKeyOutput) SetCreateTime(v time.Time) *CreateKeyOutput { + s.CreateTime = &v + return s +} + +// SetKey sets the Key field's value. +func (s *CreateKeyOutput) SetKey(v string) *CreateKeyOutput { + s.Key = &v + return s +} + +// SetKeyArn sets the KeyArn field's value. +func (s *CreateKeyOutput) SetKeyArn(v string) *CreateKeyOutput { + s.KeyArn = &v + return s +} + +// SetKeyName sets the KeyName field's value. +func (s *CreateKeyOutput) SetKeyName(v string) *CreateKeyOutput { + s.KeyName = &v + return s +} + type CreateMapInput struct { _ struct{} `type:"structure"` @@ -8438,7 +9360,7 @@ type CreateMapOutput struct { CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` // The Amazon Resource Name (ARN) for the map resource. Used to specify a resource - // across all AWS. + // across all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:map/ExampleMap // @@ -8510,8 +9432,9 @@ type CreatePlaceIndexInput struct { // (https://developer.here.com/documentation/geocoder/dev_guide/topics/coverage-geocoder.html). // If you specify HERE Technologies (Here) as the data provider, you may // not store results (https://docs.aws.amazon.com/location-places/latest/APIReference/API_DataSourceConfiguration.html) - // for locations in Japan. For more information, see the AWS Service Terms - // (https://aws.amazon.com/service-terms/) for Amazon Location Service. + // for locations in Japan. For more information, see the Amazon Web Services + // Service Terms (http://aws.amazon.com/service-terms/) for Amazon Location + // Service. // // For additional information , see Data providers (https://docs.aws.amazon.com/location/latest/developerguide/what-is-data-provider.html) // on the Amazon Location Service Developer Guide. @@ -8649,7 +9572,7 @@ type CreatePlaceIndexOutput struct { CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` // The Amazon Resource Name (ARN) for the place index resource. Used to specify - // a resource across AWS. + // a resource across Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:place-index/ExamplePlaceIndex // @@ -8846,7 +9769,7 @@ type CreateRouteCalculatorOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) for the route calculator resource. Use the - // ARN when you specify a resource across all AWS. + // ARN when you specify a resource across all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:route-calculator/ExampleCalculator // @@ -8911,7 +9834,7 @@ type CreateTrackerInput struct { // An optional description for the tracker resource. Description *string `type:"string"` - // A key identifier for an AWS KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html). + // A key identifier for an Amazon Web Services KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html). // Enter a key ID, key ARN, alias name, or alias ARN. KmsKeyId *string `min:"1" type:"string"` @@ -9078,7 +10001,7 @@ type CreateTrackerOutput struct { CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` // The Amazon Resource Name (ARN) for the tracker resource. Used when you need - // to specify a resource across all AWS. + // to specify a resource across all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker // @@ -9250,6 +10173,77 @@ func (s DeleteGeofenceCollectionOutput) GoString() string { return s.String() } +type DeleteKeyInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The name of the API key to delete. + // + // KeyName is a required field + KeyName *string `location:"uri" locationName:"KeyName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteKeyInput"} + if s.KeyName == nil { + invalidParams.Add(request.NewErrParamRequired("KeyName")) + } + if s.KeyName != nil && len(*s.KeyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKeyName sets the KeyName field's value. +func (s *DeleteKeyInput) SetKeyName(v string) *DeleteKeyInput { + s.KeyName = &v + return s +} + +type DeleteKeyOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteKeyOutput) GoString() string { + return s.String() +} + type DeleteMapInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -9534,13 +10528,185 @@ func (s DeleteTrackerOutput) GoString() string { return s.String() } -type DescribeGeofenceCollectionInput struct { +type DescribeGeofenceCollectionInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The name of the geofence collection. + // + // CollectionName is a required field + CollectionName *string `location:"uri" locationName:"CollectionName" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeGeofenceCollectionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeGeofenceCollectionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeGeofenceCollectionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeGeofenceCollectionInput"} + if s.CollectionName == nil { + invalidParams.Add(request.NewErrParamRequired("CollectionName")) + } + if s.CollectionName != nil && len(*s.CollectionName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CollectionName", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCollectionName sets the CollectionName field's value. +func (s *DescribeGeofenceCollectionInput) SetCollectionName(v string) *DescribeGeofenceCollectionInput { + s.CollectionName = &v + return s +} + +type DescribeGeofenceCollectionOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the geofence collection resource. Used + // when you need to specify a resource across all Amazon Web Services. + // + // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection + // + // CollectionArn is a required field + CollectionArn *string `type:"string" required:"true"` + + // The name of the geofence collection. + // + // CollectionName is a required field + CollectionName *string `min:"1" type:"string" required:"true"` + + // The timestamp for when the geofence resource was created in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ + // + // CreateTime is a required field + CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The optional description for the geofence collection. + // + // Description is a required field + Description *string `type:"string" required:"true"` + + // A key identifier for an Amazon Web Services KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) + // assigned to the Amazon Location resource + KmsKeyId *string `min:"1" type:"string"` + + // No longer used. Always returns RequestBasedUsage. + // + // Deprecated: Deprecated. Always returns RequestBasedUsage. + PricingPlan *string `deprecated:"true" type:"string" enum:"PricingPlan"` + + // No longer used. Always returns an empty string. + // + // Deprecated: Deprecated. Unused. + PricingPlanDataSource *string `deprecated:"true" type:"string"` + + // Displays the key, value pairs of tags associated with this resource. + Tags map[string]*string `type:"map"` + + // The timestamp for when the geofence collection was last updated in ISO 8601 + // (https://www.iso.org/iso-8601-date-and-time-format.html) format: YYYY-MM-DDThh:mm:ss.sssZ + // + // UpdateTime is a required field + UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeGeofenceCollectionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeGeofenceCollectionOutput) GoString() string { + return s.String() +} + +// SetCollectionArn sets the CollectionArn field's value. +func (s *DescribeGeofenceCollectionOutput) SetCollectionArn(v string) *DescribeGeofenceCollectionOutput { + s.CollectionArn = &v + return s +} + +// SetCollectionName sets the CollectionName field's value. +func (s *DescribeGeofenceCollectionOutput) SetCollectionName(v string) *DescribeGeofenceCollectionOutput { + s.CollectionName = &v + return s +} + +// SetCreateTime sets the CreateTime field's value. +func (s *DescribeGeofenceCollectionOutput) SetCreateTime(v time.Time) *DescribeGeofenceCollectionOutput { + s.CreateTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *DescribeGeofenceCollectionOutput) SetDescription(v string) *DescribeGeofenceCollectionOutput { + s.Description = &v + return s +} + +// SetKmsKeyId sets the KmsKeyId field's value. +func (s *DescribeGeofenceCollectionOutput) SetKmsKeyId(v string) *DescribeGeofenceCollectionOutput { + s.KmsKeyId = &v + return s +} + +// SetPricingPlan sets the PricingPlan field's value. +func (s *DescribeGeofenceCollectionOutput) SetPricingPlan(v string) *DescribeGeofenceCollectionOutput { + s.PricingPlan = &v + return s +} + +// SetPricingPlanDataSource sets the PricingPlanDataSource field's value. +func (s *DescribeGeofenceCollectionOutput) SetPricingPlanDataSource(v string) *DescribeGeofenceCollectionOutput { + s.PricingPlanDataSource = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *DescribeGeofenceCollectionOutput) SetTags(v map[string]*string) *DescribeGeofenceCollectionOutput { + s.Tags = v + return s +} + +// SetUpdateTime sets the UpdateTime field's value. +func (s *DescribeGeofenceCollectionOutput) SetUpdateTime(v time.Time) *DescribeGeofenceCollectionOutput { + s.UpdateTime = &v + return s +} + +type DescribeKeyInput struct { _ struct{} `type:"structure" nopayload:"true"` - // The name of the geofence collection. + // The name of the API key resource. // - // CollectionName is a required field - CollectionName *string `location:"uri" locationName:"CollectionName" min:"1" type:"string" required:"true"` + // KeyName is a required field + KeyName *string `location:"uri" locationName:"KeyName" min:"1" type:"string" required:"true"` } // String returns the string representation. @@ -9548,7 +10714,7 @@ type DescribeGeofenceCollectionInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeGeofenceCollectionInput) String() string { +func (s DescribeKeyInput) String() string { return awsutil.Prettify(s) } @@ -9557,18 +10723,18 @@ func (s DescribeGeofenceCollectionInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeGeofenceCollectionInput) GoString() string { +func (s DescribeKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *DescribeGeofenceCollectionInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "DescribeGeofenceCollectionInput"} - if s.CollectionName == nil { - invalidParams.Add(request.NewErrParamRequired("CollectionName")) +func (s *DescribeKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeKeyInput"} + if s.KeyName == nil { + invalidParams.Add(request.NewErrParamRequired("KeyName")) } - if s.CollectionName != nil && len(*s.CollectionName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("CollectionName", 1)) + if s.KeyName != nil && len(*s.KeyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyName", 1)) } if invalidParams.Len() > 0 { @@ -9577,58 +10743,63 @@ func (s *DescribeGeofenceCollectionInput) Validate() error { return nil } -// SetCollectionName sets the CollectionName field's value. -func (s *DescribeGeofenceCollectionInput) SetCollectionName(v string) *DescribeGeofenceCollectionInput { - s.CollectionName = &v +// SetKeyName sets the KeyName field's value. +func (s *DescribeKeyInput) SetKeyName(v string) *DescribeKeyInput { + s.KeyName = &v return s } -type DescribeGeofenceCollectionOutput struct { +type DescribeKeyOutput struct { _ struct{} `type:"structure"` - // The Amazon Resource Name (ARN) for the geofence collection resource. Used - // when you need to specify a resource across all AWS. - // - // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection + // The timestamp for when the API key resource was created in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ. // - // CollectionArn is a required field - CollectionArn *string `type:"string" required:"true"` + // CreateTime is a required field + CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` - // The name of the geofence collection. - // - // CollectionName is a required field - CollectionName *string `min:"1" type:"string" required:"true"` + // The optional description for the API key resource. + Description *string `type:"string"` - // The timestamp for when the geofence resource was created in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) - // format: YYYY-MM-DDThh:mm:ss.sssZ + // The timestamp for when the API key resource will expire in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ. // - // CreateTime is a required field - CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + // ExpireTime is a required field + ExpireTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` - // The optional description for the geofence collection. + // The key value/string of an API key. // - // Description is a required field - Description *string `type:"string" required:"true"` + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DescribeKeyOutput's + // String and GoString methods. + // + // Key is a required field + Key *string `type:"string" required:"true" sensitive:"true"` - // A key identifier for an AWS KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) - // assigned to the Amazon Location resource - KmsKeyId *string `min:"1" type:"string"` + // The Amazon Resource Name (ARN) for the API key resource. Used when you need + // to specify a resource across all Amazon Web Services. + // + // * Format example: arn:aws:geo:region:account-id:key/ExampleKey + // + // KeyArn is a required field + KeyArn *string `type:"string" required:"true"` - // No longer used. Always returns RequestBasedUsage. + // The name of the API key resource. // - // Deprecated: Deprecated. Always returns RequestBasedUsage. - PricingPlan *string `deprecated:"true" type:"string" enum:"PricingPlan"` + // KeyName is a required field + KeyName *string `min:"1" type:"string" required:"true"` - // No longer used. Always returns an empty string. + // API Restrictions on the allowed actions, resources, and referers for an API + // key resource. // - // Deprecated: Deprecated. Unused. - PricingPlanDataSource *string `deprecated:"true" type:"string"` + // Restrictions is a required field + Restrictions *ApiKeyRestrictions `type:"structure" required:"true"` - // Displays the key, value pairs of tags associated with this resource. + // Tags associated with the API key resource. Tags map[string]*string `type:"map"` - // The timestamp for when the geofence collection was last updated in ISO 8601 - // (https://www.iso.org/iso-8601-date-and-time-format.html) format: YYYY-MM-DDThh:mm:ss.sssZ + // The timestamp for when the API key resource was last updated in ISO 8601 + // (https://www.iso.org/iso-8601-date-and-time-format.html) format: YYYY-MM-DDThh:mm:ss.sssZ. // // UpdateTime is a required field UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` @@ -9639,7 +10810,7 @@ type DescribeGeofenceCollectionOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeGeofenceCollectionOutput) String() string { +func (s DescribeKeyOutput) String() string { return awsutil.Prettify(s) } @@ -9648,60 +10819,60 @@ func (s DescribeGeofenceCollectionOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s DescribeGeofenceCollectionOutput) GoString() string { +func (s DescribeKeyOutput) GoString() string { return s.String() } -// SetCollectionArn sets the CollectionArn field's value. -func (s *DescribeGeofenceCollectionOutput) SetCollectionArn(v string) *DescribeGeofenceCollectionOutput { - s.CollectionArn = &v +// SetCreateTime sets the CreateTime field's value. +func (s *DescribeKeyOutput) SetCreateTime(v time.Time) *DescribeKeyOutput { + s.CreateTime = &v return s } -// SetCollectionName sets the CollectionName field's value. -func (s *DescribeGeofenceCollectionOutput) SetCollectionName(v string) *DescribeGeofenceCollectionOutput { - s.CollectionName = &v +// SetDescription sets the Description field's value. +func (s *DescribeKeyOutput) SetDescription(v string) *DescribeKeyOutput { + s.Description = &v return s } -// SetCreateTime sets the CreateTime field's value. -func (s *DescribeGeofenceCollectionOutput) SetCreateTime(v time.Time) *DescribeGeofenceCollectionOutput { - s.CreateTime = &v +// SetExpireTime sets the ExpireTime field's value. +func (s *DescribeKeyOutput) SetExpireTime(v time.Time) *DescribeKeyOutput { + s.ExpireTime = &v return s } -// SetDescription sets the Description field's value. -func (s *DescribeGeofenceCollectionOutput) SetDescription(v string) *DescribeGeofenceCollectionOutput { - s.Description = &v +// SetKey sets the Key field's value. +func (s *DescribeKeyOutput) SetKey(v string) *DescribeKeyOutput { + s.Key = &v return s } -// SetKmsKeyId sets the KmsKeyId field's value. -func (s *DescribeGeofenceCollectionOutput) SetKmsKeyId(v string) *DescribeGeofenceCollectionOutput { - s.KmsKeyId = &v +// SetKeyArn sets the KeyArn field's value. +func (s *DescribeKeyOutput) SetKeyArn(v string) *DescribeKeyOutput { + s.KeyArn = &v return s } -// SetPricingPlan sets the PricingPlan field's value. -func (s *DescribeGeofenceCollectionOutput) SetPricingPlan(v string) *DescribeGeofenceCollectionOutput { - s.PricingPlan = &v +// SetKeyName sets the KeyName field's value. +func (s *DescribeKeyOutput) SetKeyName(v string) *DescribeKeyOutput { + s.KeyName = &v return s } -// SetPricingPlanDataSource sets the PricingPlanDataSource field's value. -func (s *DescribeGeofenceCollectionOutput) SetPricingPlanDataSource(v string) *DescribeGeofenceCollectionOutput { - s.PricingPlanDataSource = &v +// SetRestrictions sets the Restrictions field's value. +func (s *DescribeKeyOutput) SetRestrictions(v *ApiKeyRestrictions) *DescribeKeyOutput { + s.Restrictions = v return s } // SetTags sets the Tags field's value. -func (s *DescribeGeofenceCollectionOutput) SetTags(v map[string]*string) *DescribeGeofenceCollectionOutput { +func (s *DescribeKeyOutput) SetTags(v map[string]*string) *DescribeKeyOutput { s.Tags = v return s } // SetUpdateTime sets the UpdateTime field's value. -func (s *DescribeGeofenceCollectionOutput) SetUpdateTime(v time.Time) *DescribeGeofenceCollectionOutput { +func (s *DescribeKeyOutput) SetUpdateTime(v time.Time) *DescribeKeyOutput { s.UpdateTime = &v return s } @@ -9780,7 +10951,7 @@ type DescribeMapOutput struct { Description *string `type:"string" required:"true"` // The Amazon Resource Name (ARN) for the map resource. Used to specify a resource - // across all AWS. + // across all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:map/ExampleMap // @@ -9962,7 +11133,7 @@ type DescribePlaceIndexOutput struct { Description *string `type:"string" required:"true"` // The Amazon Resource Name (ARN) for the place index resource. Used to specify - // a resource across AWS. + // a resource across Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:place-index/ExamplePlaceIndex // @@ -10114,7 +11285,7 @@ type DescribeRouteCalculatorOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) for the Route calculator resource. Use the - // ARN when you specify a resource across AWS. + // ARN when you specify a resource across Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:route-calculator/ExampleCalculator // @@ -10300,7 +11471,7 @@ type DescribeTrackerOutput struct { // Description is a required field Description *string `type:"string" required:"true"` - // A key identifier for an AWS KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) + // A key identifier for an Amazon Web Services KMS customer managed key (https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html) // assigned to the Amazon Location resource. KmsKeyId *string `min:"1" type:"string"` @@ -10321,7 +11492,7 @@ type DescribeTrackerOutput struct { Tags map[string]*string `type:"map"` // The Amazon Resource Name (ARN) for the tracker resource. Used when you need - // to specify a resource across all AWS. + // to specify a resource across all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:tracker/ExampleTracker // @@ -10635,7 +11806,7 @@ type DisassociateTrackerConsumerInput struct { // The Amazon Resource Name (ARN) for the geofence collection to be disassociated // from the tracker resource. Used when you need to specify a resource across - // all AWS. + // all Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollectionConsumer // @@ -11350,6 +12521,14 @@ type GetMapGlyphsInput struct { // FontUnicodeRange is a required field FontUnicodeRange *string `location:"uri" locationName:"FontUnicodeRange" type:"string" required:"true"` + // The optional API key (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html) + // to authorize the request. + // + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetMapGlyphsInput's + // String and GoString methods. + Key *string `location:"querystring" locationName:"key" type:"string" sensitive:"true"` + // The map resource associated with the glyph file. // // MapName is a required field @@ -11414,6 +12593,12 @@ func (s *GetMapGlyphsInput) SetFontUnicodeRange(v string) *GetMapGlyphsInput { return s } +// SetKey sets the Key field's value. +func (s *GetMapGlyphsInput) SetKey(v string) *GetMapGlyphsInput { + s.Key = &v + return s +} + // SetMapName sets the MapName field's value. func (s *GetMapGlyphsInput) SetMapName(v string) *GetMapGlyphsInput { s.MapName = &v @@ -11423,9 +12608,12 @@ func (s *GetMapGlyphsInput) SetMapName(v string) *GetMapGlyphsInput { type GetMapGlyphsOutput struct { _ struct{} `type:"structure" payload:"Blob"` - // The blob's content type. + // The glyph, as binary blob. Blob []byte `type:"blob"` + // The HTTP Cache-Control directive for the value. + CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // The map glyph content type. For example, application/octet-stream. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` } @@ -11454,6 +12642,12 @@ func (s *GetMapGlyphsOutput) SetBlob(v []byte) *GetMapGlyphsOutput { return s } +// SetCacheControl sets the CacheControl field's value. +func (s *GetMapGlyphsOutput) SetCacheControl(v string) *GetMapGlyphsOutput { + s.CacheControl = &v + return s +} + // SetContentType sets the ContentType field's value. func (s *GetMapGlyphsOutput) SetContentType(v string) *GetMapGlyphsOutput { s.ContentType = &v @@ -11479,6 +12673,14 @@ type GetMapSpritesInput struct { // FileName is a required field FileName *string `location:"uri" locationName:"FileName" type:"string" required:"true"` + // The optional API key (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html) + // to authorize the request. + // + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetMapSpritesInput's + // String and GoString methods. + Key *string `location:"querystring" locationName:"key" type:"string" sensitive:"true"` + // The map resource associated with the sprite file. // // MapName is a required field @@ -11531,6 +12733,12 @@ func (s *GetMapSpritesInput) SetFileName(v string) *GetMapSpritesInput { return s } +// SetKey sets the Key field's value. +func (s *GetMapSpritesInput) SetKey(v string) *GetMapSpritesInput { + s.Key = &v + return s +} + // SetMapName sets the MapName field's value. func (s *GetMapSpritesInput) SetMapName(v string) *GetMapSpritesInput { s.MapName = &v @@ -11543,6 +12751,9 @@ type GetMapSpritesOutput struct { // Contains the body of the sprite sheet or JSON offset file. Blob []byte `type:"blob"` + // The HTTP Cache-Control directive for the value. + CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // The content type of the sprite sheet and offsets. For example, the sprite // sheet content type is image/png, and the sprite offset JSON document is application/json. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` @@ -11572,6 +12783,12 @@ func (s *GetMapSpritesOutput) SetBlob(v []byte) *GetMapSpritesOutput { return s } +// SetCacheControl sets the CacheControl field's value. +func (s *GetMapSpritesOutput) SetCacheControl(v string) *GetMapSpritesOutput { + s.CacheControl = &v + return s +} + // SetContentType sets the ContentType field's value. func (s *GetMapSpritesOutput) SetContentType(v string) *GetMapSpritesOutput { s.ContentType = &v @@ -11581,6 +12798,14 @@ func (s *GetMapSpritesOutput) SetContentType(v string) *GetMapSpritesOutput { type GetMapStyleDescriptorInput struct { _ struct{} `type:"structure" nopayload:"true"` + // The optional API key (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html) + // to authorize the request. + // + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetMapStyleDescriptorInput's + // String and GoString methods. + Key *string `location:"querystring" locationName:"key" type:"string" sensitive:"true"` + // The map resource to retrieve the style descriptor from. // // MapName is a required field @@ -11621,6 +12846,12 @@ func (s *GetMapStyleDescriptorInput) Validate() error { return nil } +// SetKey sets the Key field's value. +func (s *GetMapStyleDescriptorInput) SetKey(v string) *GetMapStyleDescriptorInput { + s.Key = &v + return s +} + // SetMapName sets the MapName field's value. func (s *GetMapStyleDescriptorInput) SetMapName(v string) *GetMapStyleDescriptorInput { s.MapName = &v @@ -11633,6 +12864,9 @@ type GetMapStyleDescriptorOutput struct { // Contains the body of the style descriptor. Blob []byte `type:"blob"` + // The HTTP Cache-Control directive for the value. + CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // The style descriptor's content type. For example, application/json. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` } @@ -11661,6 +12895,12 @@ func (s *GetMapStyleDescriptorOutput) SetBlob(v []byte) *GetMapStyleDescriptorOu return s } +// SetCacheControl sets the CacheControl field's value. +func (s *GetMapStyleDescriptorOutput) SetCacheControl(v string) *GetMapStyleDescriptorOutput { + s.CacheControl = &v + return s +} + // SetContentType sets the ContentType field's value. func (s *GetMapStyleDescriptorOutput) SetContentType(v string) *GetMapStyleDescriptorOutput { s.ContentType = &v @@ -11670,6 +12910,14 @@ func (s *GetMapStyleDescriptorOutput) SetContentType(v string) *GetMapStyleDescr type GetMapTileInput struct { _ struct{} `type:"structure" nopayload:"true"` + // The optional API key (https://docs.aws.amazon.com/location/latest/developerguide/using-apikeys.html) + // to authorize the request. + // + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GetMapTileInput's + // String and GoString methods. + Key *string `location:"querystring" locationName:"key" type:"string" sensitive:"true"` + // The map resource to retrieve the map tiles from. // // MapName is a required field @@ -11743,6 +12991,12 @@ func (s *GetMapTileInput) Validate() error { return nil } +// SetKey sets the Key field's value. +func (s *GetMapTileInput) SetKey(v string) *GetMapTileInput { + s.Key = &v + return s +} + // SetMapName sets the MapName field's value. func (s *GetMapTileInput) SetMapName(v string) *GetMapTileInput { s.MapName = &v @@ -11773,6 +13027,9 @@ type GetMapTileOutput struct { // Contains Mapbox Vector Tile (MVT) data. Blob []byte `type:"blob"` + // The HTTP Cache-Control directive for the value. + CacheControl *string `location:"header" locationName:"Cache-Control" type:"string"` + // The map tile's content type. For example, application/vnd.mapbox-vector-tile. ContentType *string `location:"header" locationName:"Content-Type" type:"string"` } @@ -11801,6 +13058,12 @@ func (s *GetMapTileOutput) SetBlob(v []byte) *GetMapTileOutput { return s } +// SetCacheControl sets the CacheControl field's value. +func (s *GetMapTileOutput) SetCacheControl(v string) *GetMapTileOutput { + s.CacheControl = &v + return s +} + // SetContentType sets the ContentType field's value. func (s *GetMapTileOutput) SetContentType(v string) *GetMapTileOutput { s.ContentType = &v @@ -12435,7 +13698,7 @@ func (s *ListGeofenceCollectionsInput) SetNextToken(v string) *ListGeofenceColle type ListGeofenceCollectionsOutput struct { _ struct{} `type:"structure"` - // Lists the geofence collections that exist in your AWS account. + // Lists the geofence collections that exist in your Amazon Web Services account. // // Entries is a required field Entries []*ListGeofenceCollectionsResponseEntry `type:"list" required:"true"` @@ -12603,11 +13866,150 @@ type ListGeofenceResponseEntry struct { // Status is a required field Status *string `type:"string" required:"true"` - // The timestamp for when the geofence was last updated in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) - // format: YYYY-MM-DDThh:mm:ss.sssZ + // The timestamp for when the geofence was last updated in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ + // + // UpdateTime is a required field + UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListGeofenceResponseEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListGeofenceResponseEntry) GoString() string { + return s.String() +} + +// SetCreateTime sets the CreateTime field's value. +func (s *ListGeofenceResponseEntry) SetCreateTime(v time.Time) *ListGeofenceResponseEntry { + s.CreateTime = &v + return s +} + +// SetGeofenceId sets the GeofenceId field's value. +func (s *ListGeofenceResponseEntry) SetGeofenceId(v string) *ListGeofenceResponseEntry { + s.GeofenceId = &v + return s +} + +// SetGeometry sets the Geometry field's value. +func (s *ListGeofenceResponseEntry) SetGeometry(v *GeofenceGeometry) *ListGeofenceResponseEntry { + s.Geometry = v + return s +} + +// SetStatus sets the Status field's value. +func (s *ListGeofenceResponseEntry) SetStatus(v string) *ListGeofenceResponseEntry { + s.Status = &v + return s +} + +// SetUpdateTime sets the UpdateTime field's value. +func (s *ListGeofenceResponseEntry) SetUpdateTime(v time.Time) *ListGeofenceResponseEntry { + s.UpdateTime = &v + return s +} + +type ListGeofencesInput struct { + _ struct{} `type:"structure"` + + // The name of the geofence collection storing the list of geofences. + // + // CollectionName is a required field + CollectionName *string `location:"uri" locationName:"CollectionName" min:"1" type:"string" required:"true"` + + // An optional limit for the number of geofences returned in a single call. + // + // Default value: 100 + MaxResults *int64 `min:"1" type:"integer"` + + // The pagination token specifying which page of results to return in the response. + // If no token is provided, the default page is the first page. + // + // Default value: null + NextToken *string `min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListGeofencesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListGeofencesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListGeofencesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListGeofencesInput"} + if s.CollectionName == nil { + invalidParams.Add(request.NewErrParamRequired("CollectionName")) + } + if s.CollectionName != nil && len(*s.CollectionName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CollectionName", 1)) + } + if s.MaxResults != nil && *s.MaxResults < 1 { + invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) + } + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCollectionName sets the CollectionName field's value. +func (s *ListGeofencesInput) SetCollectionName(v string) *ListGeofencesInput { + s.CollectionName = &v + return s +} + +// SetMaxResults sets the MaxResults field's value. +func (s *ListGeofencesInput) SetMaxResults(v int64) *ListGeofencesInput { + s.MaxResults = &v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListGeofencesInput) SetNextToken(v string) *ListGeofencesInput { + s.NextToken = &v + return s +} + +type ListGeofencesOutput struct { + _ struct{} `type:"structure"` + + // Contains a list of geofences stored in the geofence collection. // - // UpdateTime is a required field - UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + // Entries is a required field + Entries []*ListGeofenceResponseEntry `type:"list" required:"true"` + + // A pagination token indicating there are additional pages available. You can + // use the token in a following request to fetch the next set of results. + NextToken *string `min:"1" type:"string"` } // String returns the string representation. @@ -12615,7 +14017,7 @@ type ListGeofenceResponseEntry struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListGeofenceResponseEntry) String() string { +func (s ListGeofencesOutput) String() string { return awsutil.Prettify(s) } @@ -12624,49 +14026,29 @@ func (s ListGeofenceResponseEntry) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListGeofenceResponseEntry) GoString() string { +func (s ListGeofencesOutput) GoString() string { return s.String() } -// SetCreateTime sets the CreateTime field's value. -func (s *ListGeofenceResponseEntry) SetCreateTime(v time.Time) *ListGeofenceResponseEntry { - s.CreateTime = &v - return s -} - -// SetGeofenceId sets the GeofenceId field's value. -func (s *ListGeofenceResponseEntry) SetGeofenceId(v string) *ListGeofenceResponseEntry { - s.GeofenceId = &v - return s -} - -// SetGeometry sets the Geometry field's value. -func (s *ListGeofenceResponseEntry) SetGeometry(v *GeofenceGeometry) *ListGeofenceResponseEntry { - s.Geometry = v - return s -} - -// SetStatus sets the Status field's value. -func (s *ListGeofenceResponseEntry) SetStatus(v string) *ListGeofenceResponseEntry { - s.Status = &v +// SetEntries sets the Entries field's value. +func (s *ListGeofencesOutput) SetEntries(v []*ListGeofenceResponseEntry) *ListGeofencesOutput { + s.Entries = v return s } -// SetUpdateTime sets the UpdateTime field's value. -func (s *ListGeofenceResponseEntry) SetUpdateTime(v time.Time) *ListGeofenceResponseEntry { - s.UpdateTime = &v +// SetNextToken sets the NextToken field's value. +func (s *ListGeofencesOutput) SetNextToken(v string) *ListGeofencesOutput { + s.NextToken = &v return s } -type ListGeofencesInput struct { +type ListKeysInput struct { _ struct{} `type:"structure"` - // The name of the geofence collection storing the list of geofences. - // - // CollectionName is a required field - CollectionName *string `location:"uri" locationName:"CollectionName" min:"1" type:"string" required:"true"` + // Optionally filter the list to only Active or Expired API keys. + Filter *ApiKeyFilter `type:"structure"` - // An optional limit for the number of geofences returned in a single call. + // An optional limit for the number of resources returned in a single call. // // Default value: 100 MaxResults *int64 `min:"1" type:"integer"` @@ -12683,7 +14065,7 @@ type ListGeofencesInput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListGeofencesInput) String() string { +func (s ListKeysInput) String() string { return awsutil.Prettify(s) } @@ -12692,19 +14074,13 @@ func (s ListGeofencesInput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListGeofencesInput) GoString() string { +func (s ListKeysInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. -func (s *ListGeofencesInput) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ListGeofencesInput"} - if s.CollectionName == nil { - invalidParams.Add(request.NewErrParamRequired("CollectionName")) - } - if s.CollectionName != nil && len(*s.CollectionName) < 1 { - invalidParams.Add(request.NewErrParamMinLen("CollectionName", 1)) - } +func (s *ListKeysInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} if s.MaxResults != nil && *s.MaxResults < 1 { invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1)) } @@ -12718,31 +14094,32 @@ func (s *ListGeofencesInput) Validate() error { return nil } -// SetCollectionName sets the CollectionName field's value. -func (s *ListGeofencesInput) SetCollectionName(v string) *ListGeofencesInput { - s.CollectionName = &v +// SetFilter sets the Filter field's value. +func (s *ListKeysInput) SetFilter(v *ApiKeyFilter) *ListKeysInput { + s.Filter = v return s } // SetMaxResults sets the MaxResults field's value. -func (s *ListGeofencesInput) SetMaxResults(v int64) *ListGeofencesInput { +func (s *ListKeysInput) SetMaxResults(v int64) *ListKeysInput { s.MaxResults = &v return s } // SetNextToken sets the NextToken field's value. -func (s *ListGeofencesInput) SetNextToken(v string) *ListGeofencesInput { +func (s *ListKeysInput) SetNextToken(v string) *ListKeysInput { s.NextToken = &v return s } -type ListGeofencesOutput struct { +type ListKeysOutput struct { _ struct{} `type:"structure"` - // Contains a list of geofences stored in the geofence collection. + // Contains API key resources in your Amazon Web Services account. Details include + // API key name, allowed referers and timestamp for when the API key will expire. // // Entries is a required field - Entries []*ListGeofenceResponseEntry `type:"list" required:"true"` + Entries []*ListKeysResponseEntry `type:"list" required:"true"` // A pagination token indicating there are additional pages available. You can // use the token in a following request to fetch the next set of results. @@ -12754,7 +14131,7 @@ type ListGeofencesOutput struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListGeofencesOutput) String() string { +func (s ListKeysOutput) String() string { return awsutil.Prettify(s) } @@ -12763,22 +14140,113 @@ func (s ListGeofencesOutput) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s ListGeofencesOutput) GoString() string { +func (s ListKeysOutput) GoString() string { return s.String() } // SetEntries sets the Entries field's value. -func (s *ListGeofencesOutput) SetEntries(v []*ListGeofenceResponseEntry) *ListGeofencesOutput { +func (s *ListKeysOutput) SetEntries(v []*ListKeysResponseEntry) *ListKeysOutput { s.Entries = v return s } // SetNextToken sets the NextToken field's value. -func (s *ListGeofencesOutput) SetNextToken(v string) *ListGeofencesOutput { +func (s *ListKeysOutput) SetNextToken(v string) *ListKeysOutput { s.NextToken = &v return s } +// An API key resource listed in your Amazon Web Services account. +type ListKeysResponseEntry struct { + _ struct{} `type:"structure"` + + // The timestamp of when the API key was created, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ. + // + // CreateTime is a required field + CreateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The optional description for the API key resource. + Description *string `type:"string"` + + // The timestamp for when the API key resource will expire, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ. + // + // ExpireTime is a required field + ExpireTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` + + // The name of the API key resource. + // + // KeyName is a required field + KeyName *string `min:"1" type:"string" required:"true"` + + // API Restrictions on the allowed actions, resources, and referers for an API + // key resource. + // + // Restrictions is a required field + Restrictions *ApiKeyRestrictions `type:"structure" required:"true"` + + // The timestamp of when the API key was last updated, in ISO 8601 (https://www.iso.org/iso-8601-date-and-time-format.html) + // format: YYYY-MM-DDThh:mm:ss.sssZ. + // + // UpdateTime is a required field + UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysResponseEntry) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListKeysResponseEntry) GoString() string { + return s.String() +} + +// SetCreateTime sets the CreateTime field's value. +func (s *ListKeysResponseEntry) SetCreateTime(v time.Time) *ListKeysResponseEntry { + s.CreateTime = &v + return s +} + +// SetDescription sets the Description field's value. +func (s *ListKeysResponseEntry) SetDescription(v string) *ListKeysResponseEntry { + s.Description = &v + return s +} + +// SetExpireTime sets the ExpireTime field's value. +func (s *ListKeysResponseEntry) SetExpireTime(v time.Time) *ListKeysResponseEntry { + s.ExpireTime = &v + return s +} + +// SetKeyName sets the KeyName field's value. +func (s *ListKeysResponseEntry) SetKeyName(v string) *ListKeysResponseEntry { + s.KeyName = &v + return s +} + +// SetRestrictions sets the Restrictions field's value. +func (s *ListKeysResponseEntry) SetRestrictions(v *ApiKeyRestrictions) *ListKeysResponseEntry { + s.Restrictions = v + return s +} + +// SetUpdateTime sets the UpdateTime field's value. +func (s *ListKeysResponseEntry) SetUpdateTime(v time.Time) *ListKeysResponseEntry { + s.UpdateTime = &v + return s +} + type ListMapsInput struct { _ struct{} `type:"structure"` @@ -12843,7 +14311,7 @@ func (s *ListMapsInput) SetNextToken(v string) *ListMapsInput { type ListMapsOutput struct { _ struct{} `type:"structure"` - // Contains a list of maps in your AWS account + // Contains a list of maps in your Amazon Web Services account // // Entries is a required field Entries []*ListMapsResponseEntry `type:"list" required:"true"` @@ -12883,7 +14351,8 @@ func (s *ListMapsOutput) SetNextToken(v string) *ListMapsOutput { return s } -// Contains details of an existing map resource in your AWS account. +// Contains details of an existing map resource in your Amazon Web Services +// account. type ListMapsResponseEntry struct { _ struct{} `type:"structure"` @@ -13039,7 +14508,7 @@ func (s *ListPlaceIndexesInput) SetNextToken(v string) *ListPlaceIndexesInput { type ListPlaceIndexesOutput struct { _ struct{} `type:"structure"` - // Lists the place index resources that exist in your AWS account + // Lists the place index resources that exist in your Amazon Web Services account // // Entries is a required field Entries []*ListPlaceIndexesResponseEntry `type:"list" required:"true"` @@ -13079,7 +14548,7 @@ func (s *ListPlaceIndexesOutput) SetNextToken(v string) *ListPlaceIndexesOutput return s } -// A place index resource listed in your AWS account. +// A place index resource listed in your Amazon Web Services account. type ListPlaceIndexesResponseEntry struct { _ struct{} `type:"structure"` @@ -13243,7 +14712,8 @@ func (s *ListRouteCalculatorsInput) SetNextToken(v string) *ListRouteCalculators type ListRouteCalculatorsOutput struct { _ struct{} `type:"structure"` - // Lists the route calculator resources that exist in your AWS account + // Lists the route calculator resources that exist in your Amazon Web Services + // account // // Entries is a required field Entries []*ListRouteCalculatorsResponseEntry `type:"list" required:"true"` @@ -13283,7 +14753,7 @@ func (s *ListRouteCalculatorsOutput) SetNextToken(v string) *ListRouteCalculator return s } -// A route calculator resource listed in your AWS account. +// A route calculator resource listed in your Amazon Web Services account. type ListRouteCalculatorsResponseEntry struct { _ struct{} `type:"structure"` @@ -13658,8 +15128,9 @@ func (s *ListTrackersInput) SetNextToken(v string) *ListTrackersInput { type ListTrackersOutput struct { _ struct{} `type:"structure"` - // Contains tracker resources in your AWS account. Details include tracker name, - // description and timestamps for when the tracker was created and last updated. + // Contains tracker resources in your Amazon Web Services account. Details include + // tracker name, description and timestamps for when the tracker was created + // and last updated. // // Entries is a required field Entries []*ListTrackersResponseEntry `type:"list" required:"true"` @@ -16344,7 +17815,7 @@ type UpdateGeofenceCollectionOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the updated geofence collection. Used to - // specify a resource across AWS. + // specify a resource across Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:geofence-collection/ExampleGeofenceCollection // @@ -16399,6 +17870,173 @@ func (s *UpdateGeofenceCollectionOutput) SetUpdateTime(v time.Time) *UpdateGeofe return s } +type UpdateKeyInput struct { + _ struct{} `type:"structure"` + + // Updates the description for the API key resource. + Description *string `type:"string"` + + // Updates the timestamp for when the API key resource will expire in ISO 8601 + // (https://www.iso.org/iso-8601-date-and-time-format.html) format: YYYY-MM-DDThh:mm:ss.sssZ. + ExpireTime *time.Time `type:"timestamp" timestampFormat:"iso8601"` + + // The boolean flag to be included for updating ExpireTime or Restrictions details. + // + // Must be set to true to update an API key resource that has been used in the + // past 7 days. + // + // False if force update is not preferred + // + // Default value: False + ForceUpdate *bool `type:"boolean"` + + // The name of the API key resource to update. + // + // KeyName is a required field + KeyName *string `location:"uri" locationName:"KeyName" min:"1" type:"string" required:"true"` + + // Whether the API key should expire. Set to true to set the API key to have + // no expiration time. + NoExpiry *bool `type:"boolean"` + + // Updates the API key restrictions for the API key resource. + Restrictions *ApiKeyRestrictions `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateKeyInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateKeyInput"} + if s.KeyName == nil { + invalidParams.Add(request.NewErrParamRequired("KeyName")) + } + if s.KeyName != nil && len(*s.KeyName) < 1 { + invalidParams.Add(request.NewErrParamMinLen("KeyName", 1)) + } + if s.Restrictions != nil { + if err := s.Restrictions.Validate(); err != nil { + invalidParams.AddNested("Restrictions", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDescription sets the Description field's value. +func (s *UpdateKeyInput) SetDescription(v string) *UpdateKeyInput { + s.Description = &v + return s +} + +// SetExpireTime sets the ExpireTime field's value. +func (s *UpdateKeyInput) SetExpireTime(v time.Time) *UpdateKeyInput { + s.ExpireTime = &v + return s +} + +// SetForceUpdate sets the ForceUpdate field's value. +func (s *UpdateKeyInput) SetForceUpdate(v bool) *UpdateKeyInput { + s.ForceUpdate = &v + return s +} + +// SetKeyName sets the KeyName field's value. +func (s *UpdateKeyInput) SetKeyName(v string) *UpdateKeyInput { + s.KeyName = &v + return s +} + +// SetNoExpiry sets the NoExpiry field's value. +func (s *UpdateKeyInput) SetNoExpiry(v bool) *UpdateKeyInput { + s.NoExpiry = &v + return s +} + +// SetRestrictions sets the Restrictions field's value. +func (s *UpdateKeyInput) SetRestrictions(v *ApiKeyRestrictions) *UpdateKeyInput { + s.Restrictions = v + return s +} + +type UpdateKeyOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) for the API key resource. Used when you need + // to specify a resource across all Amazon Web Services. + // + // * Format example: arn:aws:geo:region:account-id:key/ExampleKey + // + // KeyArn is a required field + KeyArn *string `type:"string" required:"true"` + + // The name of the API key resource. + // + // KeyName is a required field + KeyName *string `min:"1" type:"string" required:"true"` + + // The timestamp for when the API key resource was last updated in ISO 8601 + // (https://www.iso.org/iso-8601-date-and-time-format.html) format: YYYY-MM-DDThh:mm:ss.sssZ. + // + // UpdateTime is a required field + UpdateTime *time.Time `type:"timestamp" timestampFormat:"iso8601" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateKeyOutput) GoString() string { + return s.String() +} + +// SetKeyArn sets the KeyArn field's value. +func (s *UpdateKeyOutput) SetKeyArn(v string) *UpdateKeyOutput { + s.KeyArn = &v + return s +} + +// SetKeyName sets the KeyName field's value. +func (s *UpdateKeyOutput) SetKeyName(v string) *UpdateKeyOutput { + s.KeyName = &v + return s +} + +// SetUpdateTime sets the UpdateTime field's value. +func (s *UpdateKeyOutput) SetUpdateTime(v time.Time) *UpdateKeyOutput { + s.UpdateTime = &v + return s +} + type UpdateMapInput struct { _ struct{} `type:"structure"` @@ -16609,7 +18247,7 @@ type UpdatePlaceIndexOutput struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the upated place index resource. Used to - // specify a resource across AWS. + // specify a resource across Amazon Web Services. // // * Format example: arn:aws:geo:region:account-id:place- index/ExamplePlaceIndex // @@ -17236,6 +18874,22 @@ func RouteMatrixErrorCode_Values() []string { } } +const ( + // StatusActive is a Status enum value + StatusActive = "Active" + + // StatusExpired is a Status enum value + StatusExpired = "Expired" +) + +// Status_Values returns all elements of the Status enum +func Status_Values() []string { + return []string{ + StatusActive, + StatusExpired, + } +} + const ( // TravelModeCar is a TravelMode enum value TravelModeCar = "Car" diff --git a/service/locationservice/locationserviceiface/interface.go b/service/locationservice/locationserviceiface/interface.go index b82f3b00669..a7fff7a9ae9 100644 --- a/service/locationservice/locationserviceiface/interface.go +++ b/service/locationservice/locationserviceiface/interface.go @@ -100,6 +100,10 @@ type LocationServiceAPI interface { CreateGeofenceCollectionWithContext(aws.Context, *locationservice.CreateGeofenceCollectionInput, ...request.Option) (*locationservice.CreateGeofenceCollectionOutput, error) CreateGeofenceCollectionRequest(*locationservice.CreateGeofenceCollectionInput) (*request.Request, *locationservice.CreateGeofenceCollectionOutput) + CreateKey(*locationservice.CreateKeyInput) (*locationservice.CreateKeyOutput, error) + CreateKeyWithContext(aws.Context, *locationservice.CreateKeyInput, ...request.Option) (*locationservice.CreateKeyOutput, error) + CreateKeyRequest(*locationservice.CreateKeyInput) (*request.Request, *locationservice.CreateKeyOutput) + CreateMap(*locationservice.CreateMapInput) (*locationservice.CreateMapOutput, error) CreateMapWithContext(aws.Context, *locationservice.CreateMapInput, ...request.Option) (*locationservice.CreateMapOutput, error) CreateMapRequest(*locationservice.CreateMapInput) (*request.Request, *locationservice.CreateMapOutput) @@ -120,6 +124,10 @@ type LocationServiceAPI interface { DeleteGeofenceCollectionWithContext(aws.Context, *locationservice.DeleteGeofenceCollectionInput, ...request.Option) (*locationservice.DeleteGeofenceCollectionOutput, error) DeleteGeofenceCollectionRequest(*locationservice.DeleteGeofenceCollectionInput) (*request.Request, *locationservice.DeleteGeofenceCollectionOutput) + DeleteKey(*locationservice.DeleteKeyInput) (*locationservice.DeleteKeyOutput, error) + DeleteKeyWithContext(aws.Context, *locationservice.DeleteKeyInput, ...request.Option) (*locationservice.DeleteKeyOutput, error) + DeleteKeyRequest(*locationservice.DeleteKeyInput) (*request.Request, *locationservice.DeleteKeyOutput) + DeleteMap(*locationservice.DeleteMapInput) (*locationservice.DeleteMapOutput, error) DeleteMapWithContext(aws.Context, *locationservice.DeleteMapInput, ...request.Option) (*locationservice.DeleteMapOutput, error) DeleteMapRequest(*locationservice.DeleteMapInput) (*request.Request, *locationservice.DeleteMapOutput) @@ -140,6 +148,10 @@ type LocationServiceAPI interface { DescribeGeofenceCollectionWithContext(aws.Context, *locationservice.DescribeGeofenceCollectionInput, ...request.Option) (*locationservice.DescribeGeofenceCollectionOutput, error) DescribeGeofenceCollectionRequest(*locationservice.DescribeGeofenceCollectionInput) (*request.Request, *locationservice.DescribeGeofenceCollectionOutput) + DescribeKey(*locationservice.DescribeKeyInput) (*locationservice.DescribeKeyOutput, error) + DescribeKeyWithContext(aws.Context, *locationservice.DescribeKeyInput, ...request.Option) (*locationservice.DescribeKeyOutput, error) + DescribeKeyRequest(*locationservice.DescribeKeyInput) (*request.Request, *locationservice.DescribeKeyOutput) + DescribeMap(*locationservice.DescribeMapInput) (*locationservice.DescribeMapOutput, error) DescribeMapWithContext(aws.Context, *locationservice.DescribeMapInput, ...request.Option) (*locationservice.DescribeMapOutput, error) DescribeMapRequest(*locationservice.DescribeMapInput) (*request.Request, *locationservice.DescribeMapOutput) @@ -216,6 +228,13 @@ type LocationServiceAPI interface { ListGeofencesPages(*locationservice.ListGeofencesInput, func(*locationservice.ListGeofencesOutput, bool) bool) error ListGeofencesPagesWithContext(aws.Context, *locationservice.ListGeofencesInput, func(*locationservice.ListGeofencesOutput, bool) bool, ...request.Option) error + ListKeys(*locationservice.ListKeysInput) (*locationservice.ListKeysOutput, error) + ListKeysWithContext(aws.Context, *locationservice.ListKeysInput, ...request.Option) (*locationservice.ListKeysOutput, error) + ListKeysRequest(*locationservice.ListKeysInput) (*request.Request, *locationservice.ListKeysOutput) + + ListKeysPages(*locationservice.ListKeysInput, func(*locationservice.ListKeysOutput, bool) bool) error + ListKeysPagesWithContext(aws.Context, *locationservice.ListKeysInput, func(*locationservice.ListKeysOutput, bool) bool, ...request.Option) error + ListMaps(*locationservice.ListMapsInput) (*locationservice.ListMapsOutput, error) ListMapsWithContext(aws.Context, *locationservice.ListMapsInput, ...request.Option) (*locationservice.ListMapsOutput, error) ListMapsRequest(*locationservice.ListMapsInput) (*request.Request, *locationservice.ListMapsOutput) @@ -283,6 +302,10 @@ type LocationServiceAPI interface { UpdateGeofenceCollectionWithContext(aws.Context, *locationservice.UpdateGeofenceCollectionInput, ...request.Option) (*locationservice.UpdateGeofenceCollectionOutput, error) UpdateGeofenceCollectionRequest(*locationservice.UpdateGeofenceCollectionInput) (*request.Request, *locationservice.UpdateGeofenceCollectionOutput) + UpdateKey(*locationservice.UpdateKeyInput) (*locationservice.UpdateKeyOutput, error) + UpdateKeyWithContext(aws.Context, *locationservice.UpdateKeyInput, ...request.Option) (*locationservice.UpdateKeyOutput, error) + UpdateKeyRequest(*locationservice.UpdateKeyInput) (*request.Request, *locationservice.UpdateKeyOutput) + UpdateMap(*locationservice.UpdateMapInput) (*locationservice.UpdateMapOutput, error) UpdateMapWithContext(aws.Context, *locationservice.UpdateMapInput, ...request.Option) (*locationservice.UpdateMapOutput, error) UpdateMapRequest(*locationservice.UpdateMapInput) (*request.Request, *locationservice.UpdateMapOutput) diff --git a/service/macie2/api.go b/service/macie2/api.go index 66565d208a2..f67d77a062e 100644 --- a/service/macie2/api.go +++ b/service/macie2/api.go @@ -9804,7 +9804,7 @@ func (s *BlockPublicAccess) SetRestrictPublicBuckets(v bool) *BlockPublicAccess } // Provides information about the number of S3 buckets that are publicly accessible -// based on a combination of permissions settings for each bucket. +// due to a combination of permissions settings for each bucket. type BucketCountByEffectivePermission struct { _ struct{} `type:"structure"` @@ -9919,7 +9919,11 @@ func (s *BucketCountByEncryptionType) SetUnknown(v int64) *BucketCountByEncrypti } // Provides information about the number of S3 buckets that are or aren't shared -// with other Amazon Web Services accounts. +// with other Amazon Web Services accounts, Amazon CloudFront origin access +// identities (OAIs), or CloudFront origin access controls (OACs). In this data, +// an Amazon Macie organization is defined as a set of Macie accounts that are +// centrally managed as a group of related accounts through Organizations or +// by Macie invitation. type BucketCountBySharedAccessType struct { _ struct{} `type:"structure"` @@ -10161,12 +10165,18 @@ func (s *BucketLevelPermissions) SetBucketPolicy(v *BucketPolicy) *BucketLevelPe } // Provides statistical data and other information about an S3 bucket that Amazon -// Macie monitors and analyzes for your account. If an error occurs when Macie -// attempts to retrieve and process metadata from Amazon S3 for the bucket and -// the bucket's objects, the value for the versioning property is false and -// the value for most other properties is null. Key exceptions are accountId, -// bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. To identify -// the cause of the error, refer to the errorCode and errorMessage values. +// Macie monitors and analyzes for your account. By default, object count and +// storage size values include data for object parts that are the result of +// incomplete multipart uploads. For more information, see How Macie monitors +// Amazon S3 data security (https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html) +// in the Amazon Macie User Guide. +// +// If an error occurs when Macie attempts to retrieve and process metadata from +// Amazon S3 for the bucket or the bucket's objects, the value for the versioning +// property is false and the value for most other properties is null. Key exceptions +// are accountId, bucketArn, bucketCreatedAt, bucketName, lastUpdated, and region. +// To identify the cause of the error, refer to the errorCode and errorMessage +// values. type BucketMetadata struct { _ struct{} `type:"structure"` @@ -14693,13 +14703,17 @@ func (s *GetBucketStatisticsInput) SetAccountId(v string) *GetBucketStatisticsIn // Provides the results of a query that retrieved aggregated statistical data // for all the S3 buckets that Amazon Macie monitors and analyzes for your account. +// By default, object count and storage size values include data for object +// parts that are the result of incomplete multipart uploads. For more information, +// see How Macie monitors Amazon S3 data security (https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html) +// in the Amazon Macie User Guide. type GetBucketStatisticsOutput struct { _ struct{} `type:"structure"` BucketCount *int64 `locationName:"bucketCount" type:"long"` // Provides information about the number of S3 buckets that are publicly accessible - // based on a combination of permissions settings for each bucket. + // due to a combination of permissions settings for each bucket. BucketCountByEffectivePermission *BucketCountByEffectivePermission `locationName:"bucketCountByEffectivePermission" type:"structure"` // Provides information about the number of S3 buckets that use certain types @@ -14715,7 +14729,11 @@ type GetBucketStatisticsOutput struct { BucketCountByObjectEncryptionRequirement *BucketCountPolicyAllowsUnencryptedObjectUploads `locationName:"bucketCountByObjectEncryptionRequirement" type:"structure"` // Provides information about the number of S3 buckets that are or aren't shared - // with other Amazon Web Services accounts. + // with other Amazon Web Services accounts, Amazon CloudFront origin access + // identities (OAIs), or CloudFront origin access controls (OACs). In this data, + // an Amazon Macie organization is defined as a set of Macie accounts that are + // centrally managed as a group of related accounts through Organizations or + // by Macie invitation. BucketCountBySharedAccessType *BucketCountBySharedAccessType `locationName:"bucketCountBySharedAccessType" type:"structure"` // Provides aggregated statistical data for sensitive data discovery metrics @@ -18876,11 +18894,16 @@ func (s *ManagedDataIdentifierSummary) SetId(v string) *ManagedDataIdentifierSum } // Provides statistical data and other information about an S3 bucket that Amazon -// Macie monitors and analyzes for your account. If an error occurs when Macie -// attempts to retrieve and process information about the bucket or the bucket's -// objects, the value for most of these properties is null. Key exceptions are -// accountId and bucketName. To identify the cause of the error, refer to the -// errorCode and errorMessage values. +// Macie monitors and analyzes for your account. By default, object count and +// storage size values include data for object parts that are the result of +// incomplete multipart uploads. For more information, see How Macie monitors +// Amazon S3 data security (https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html) +// in the Amazon Macie User Guide. +// +// If an error occurs when Macie attempts to retrieve and process information +// about the bucket or the bucket's objects, the value for most of these properties +// is null. Key exceptions are accountId and bucketName. To identify the cause +// of the error, refer to the errorCode and errorMessage values. type MatchingBucket struct { _ struct{} `type:"structure"` @@ -19049,11 +19072,16 @@ type MatchingResource struct { _ struct{} `type:"structure"` // Provides statistical data and other information about an S3 bucket that Amazon - // Macie monitors and analyzes for your account. If an error occurs when Macie - // attempts to retrieve and process information about the bucket or the bucket's - // objects, the value for most of these properties is null. Key exceptions are - // accountId and bucketName. To identify the cause of the error, refer to the - // errorCode and errorMessage values. + // Macie monitors and analyzes for your account. By default, object count and + // storage size values include data for object parts that are the result of + // incomplete multipart uploads. For more information, see How Macie monitors + // Amazon S3 data security (https://docs.aws.amazon.com/macie/latest/user/monitoring-s3-how-it-works.html) + // in the Amazon Macie User Guide. + // + // If an error occurs when Macie attempts to retrieve and process information + // about the bucket or the bucket's objects, the value for most of these properties + // is null. Key exceptions are accountId and bucketName. To identify the cause + // of the error, refer to the errorCode and errorMessage values. MatchingBucket *MatchingBucket `locationName:"matchingBucket" type:"structure"` } @@ -19409,12 +19437,12 @@ func (s *Occurrences) SetRecords(v []*Record) *Occurrences { type Page struct { _ struct{} `type:"structure"` - // Specifies the location of an occurrence of sensitive data in a non-binary - // text file, such as an HTML, TXT, or XML file. + // Specifies the location of an occurrence of sensitive data in an email message + // or a non-binary text file such as an HTML, TXT, or XML file. LineRange *Range `locationName:"lineRange" type:"structure"` - // Specifies the location of an occurrence of sensitive data in a non-binary - // text file, such as an HTML, TXT, or XML file. + // Specifies the location of an occurrence of sensitive data in an email message + // or a non-binary text file such as an HTML, TXT, or XML file. OffsetRange *Range `locationName:"offsetRange" type:"structure"` PageNumber *int64 `locationName:"pageNumber" type:"long"` @@ -19671,8 +19699,8 @@ func (s PutFindingsPublicationConfigurationOutput) GoString() string { return s.String() } -// Specifies the location of an occurrence of sensitive data in a non-binary -// text file, such as an HTML, TXT, or XML file. +// Specifies the location of an occurrence of sensitive data in an email message +// or a non-binary text file such as an HTML, TXT, or XML file. type Range struct { _ struct{} `type:"structure"` @@ -24988,6 +25016,9 @@ const ( // FindingTypePolicyIamuserS3blockPublicAccessDisabled is a FindingType enum value FindingTypePolicyIamuserS3blockPublicAccessDisabled = "Policy:IAMUser/S3BlockPublicAccessDisabled" + + // FindingTypePolicyIamuserS3bucketSharedWithCloudFront is a FindingType enum value + FindingTypePolicyIamuserS3bucketSharedWithCloudFront = "Policy:IAMUser/S3BucketSharedWithCloudFront" ) // FindingType_Values returns all elements of the FindingType enum @@ -25003,6 +25034,7 @@ func FindingType_Values() []string { FindingTypePolicyIamuserS3bucketReplicatedExternally, FindingTypePolicyIamuserS3bucketEncryptionDisabled, FindingTypePolicyIamuserS3blockPublicAccessDisabled, + FindingTypePolicyIamuserS3bucketSharedWithCloudFront, } } diff --git a/service/managedgrafana/api.go b/service/managedgrafana/api.go index 3a00daa3ebd..09d9d5da2d7 100644 --- a/service/managedgrafana/api.go +++ b/service/managedgrafana/api.go @@ -1676,6 +1676,9 @@ func (c *ManagedGrafana) UpdateWorkspaceAuthenticationRequest(input *UpdateWorks // to workspace user information and define which groups in the assertion attribute // are to have the Admin and Editor roles in the workspace. // +// Changes to the authentication method for a workspace may take a few minutes +// to take effect. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2517,20 +2520,21 @@ type CreateWorkspaceInput struct { // String and GoString methods. OrganizationRoleName *string `locationName:"organizationRoleName" min:"1" type:"string" sensitive:"true"` - // If you specify SERVICE_MANAGED on AWS Grafana console, Amazon Managed Grafana - // automatically creates the IAM roles and provisions the permissions that the - // workspace needs to use Amazon Web Services data sources and notification - // channels. In the CLI mode, the permissionType SERVICE_MANAGED will not create - // the IAM role for you. The ability for the Amazon Managed Grafana to create - // the IAM role on behalf of the user is supported only in the Amazon Managed - // Grafana AWS console. Use only the CUSTOMER_MANAGED permission type when creating - // a workspace in the CLI. - // - // If you specify CUSTOMER_MANAGED, you will manage those roles and permissions - // yourself. If you are creating this workspace in a member account of an organization - // that is not a delegated administrator account, and you want the workspace - // to access data sources in other Amazon Web Services accounts in the organization, - // you must choose CUSTOMER_MANAGED. + // When creating a workspace through the Amazon Web Services API, CLI or Amazon + // Web Services CloudFormation, you must manage IAM roles and provision the + // permissions that the workspace needs to use Amazon Web Services data sources + // and notification channels. + // + // You must also specify a workspaceRoleArn for a role that you will manage + // for the workspace to use when accessing those datasources and notification + // channels. + // + // The ability for Amazon Managed Grafana to create and update IAM roles on + // behalf of the user is supported only in the Amazon Managed Grafana console, + // where this value may be set to SERVICE_MANAGED. + // + // Use only the CUSTOMER_MANAGED permission type when creating a workspace with + // the API, CLI or Amazon Web Services CloudFormation. // // For more information, see Amazon Managed Grafana permissions and policies // for Amazon Web Services data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html). @@ -2549,15 +2553,7 @@ type CreateWorkspaceInput struct { // your Grafana workspace to connect to. VpcConfiguration *VpcConfiguration `locationName:"vpcConfiguration" type:"structure"` - // Specify the Amazon Web Services data sources that you want to be queried - // in this workspace. Specifying these data sources here enables Amazon Managed - // Grafana to create IAM roles and permissions that allow Amazon Managed Grafana - // to read data from these sources. You must still add them as data sources - // in the Grafana console in the workspace. - // - // If you don't specify a data source here, you can still add it as a data source - // in the workspace console later. However, you will then have to manually configure - // permissions for it. + // This parameter is for internal use only, and should not be used. WorkspaceDataSources []*string `locationName:"workspaceDataSources" type:"list" enum:"DataSourceType"` // A description for the workspace. This is used only to help you identify this @@ -2592,10 +2588,10 @@ type CreateWorkspaceInput struct { // String and GoString methods. WorkspaceOrganizationalUnits []*string `locationName:"workspaceOrganizationalUnits" type:"list" sensitive:"true"` - // The workspace needs an IAM role that grants permissions to the Amazon Web - // Services resources that the workspace will view data from. If you already - // have a role that you want to use, specify it here. The permission type should - // be set to CUSTOMER_MANAGED. + // Specified the IAM role that grants permissions to the Amazon Web Services + // resources that the workspace will view data from, including both data sources + // and notification channels. You are responsible for managing the permissions + // for this role as new data sources or notification channels are added. // // WorkspaceRoleArn is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by CreateWorkspaceInput's @@ -4992,25 +4988,35 @@ type UpdateWorkspaceInput struct { NetworkAccessControl *NetworkAccessConfiguration `locationName:"networkAccessControl" type:"structure"` // The name of an IAM role that already exists to use to access resources through - // Organizations. + // Organizations. This can only be used with a workspace that has the permissionType + // set to CUSTOMER_MANAGED. // // OrganizationRoleName is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateWorkspaceInput's // String and GoString methods. OrganizationRoleName *string `locationName:"organizationRoleName" min:"1" type:"string" sensitive:"true"` - // If you specify SERVICE_MANAGED, Amazon Managed Grafana automatically creates - // the IAM roles and provisions the permissions that the workspace needs to - // use Amazon Web Services data sources and notification channels. + // Use this parameter if you want to change a workspace from SERVICE_MANAGED + // to CUSTOMER_MANAGED. This allows you to manage the permissions that the workspace + // uses to access datasources and notification channels. If the workspace is + // in a member Amazon Web Services account of an organization, and that account + // is not a delegated administrator account, and you want the workspace to access + // data sources in other Amazon Web Services accounts in the organization, you + // must choose CUSTOMER_MANAGED. // - // If you specify CUSTOMER_MANAGED, you will manage those roles and permissions - // yourself. If you are creating this workspace in a member account of an organization - // and that account is not a delegated administrator account, and you want the - // workspace to access data sources in other Amazon Web Services accounts in - // the organization, you must choose CUSTOMER_MANAGED. + // If you specify this as CUSTOMER_MANAGED, you must also specify a workspaceRoleArn + // that the workspace will use for accessing Amazon Web Services resources. // - // For more information, see Amazon Managed Grafana permissions and policies - // for Amazon Web Services data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html) + // For more information on the role and permissions needed, see Amazon Managed + // Grafana permissions and policies for Amazon Web Services data sources and + // notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html) + // + // Do not use this to convert a CUSTOMER_MANAGED workspace to SERVICE_MANAGED. + // Do not include this parameter if you want to leave the workspace as SERVICE_MANAGED. + // + // You can convert a CUSTOMER_MANAGED workspace to SERVICE_MANAGED using the + // Amazon Managed Grafana console. For more information, see Managing permissions + // for data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html). PermissionType *string `locationName:"permissionType" type:"string" enum:"PermissionType"` // Whether to remove the network access configuration from the workspace. @@ -5037,15 +5043,7 @@ type UpdateWorkspaceInput struct { // your Grafana workspace to connect to. VpcConfiguration *VpcConfiguration `locationName:"vpcConfiguration" type:"structure"` - // Specify the Amazon Web Services data sources that you want to be queried - // in this workspace. Specifying these data sources here enables Amazon Managed - // Grafana to create IAM roles and permissions that allow Amazon Managed Grafana - // to read data from these sources. You must still add them as data sources - // in the Grafana console in the workspace. - // - // If you don't specify a data source here, you can still add it as a data source - // later in the workspace console. However, you will then have to manually configure - // permissions for it. + // This parameter is for internal use only, and should not be used. WorkspaceDataSources []*string `locationName:"workspaceDataSources" type:"list" enum:"DataSourceType"` // A description for the workspace. This is used only to help you identify this @@ -5083,12 +5081,10 @@ type UpdateWorkspaceInput struct { // String and GoString methods. WorkspaceOrganizationalUnits []*string `locationName:"workspaceOrganizationalUnits" type:"list" sensitive:"true"` - // The workspace needs an IAM role that grants permissions to the Amazon Web - // Services resources that the workspace will view data from. If you already - // have a role that you want to use, specify it here. If you omit this field - // and you specify some Amazon Web Services resources in workspaceDataSources - // or workspaceNotificationDestinations, a new IAM role with the necessary permissions - // is automatically created. + // Specifies an IAM role that grants permissions to Amazon Web Services resources + // that the workspace accesses, such as data sources and notification channels. + // If this workspace has permissionType CUSTOMER_MANAGED, then this role is + // required. // // WorkspaceRoleArn is a sensitive parameter and its value will be // replaced with "sensitive" in string returned by UpdateWorkspaceInput's @@ -5553,6 +5549,9 @@ type WorkspaceDescription struct { // to have IAM roles and permissions created to allow Amazon Managed Grafana // to read data from these sources. // + // This list is only used when the workspace was created through the Amazon + // Web Services console, and the permissionType is SERVICE_MANAGED. + // // DataSources is a required field DataSources []*string `locationName:"dataSources" type:"list" required:"true" enum:"DataSourceType"` @@ -5630,18 +5629,24 @@ type WorkspaceDescription struct { // String and GoString methods. OrganizationalUnits []*string `locationName:"organizationalUnits" type:"list" sensitive:"true"` - // If this is SERVICE_MANAGED, Amazon Managed Grafana automatically creates + // If this is SERVICE_MANAGED, and the workplace was created through the Amazon + // Managed Grafana console, then Amazon Managed Grafana automatically creates // the IAM roles and provisions the permissions that the workspace needs to // use Amazon Web Services data sources and notification channels. // - // If this is CUSTOMER_MANAGED, you manage those roles and permissions yourself. - // If you are creating this workspace in a member account of an organization + // If this is CUSTOMER_MANAGED, you must manage those roles and permissions + // yourself. + // + // If you are working with a workspace in a member account of an organization // and that account is not a delegated administrator account, and you want the // workspace to access data sources in other Amazon Web Services accounts in - // the organization, you must choose CUSTOMER_MANAGED. + // the organization, this parameter must be set to CUSTOMER_MANAGED. // - // For more information, see Amazon Managed Grafana permissions and policies - // for Amazon Web Services data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html) + // For more information about converting between customer and service managed, + // see Managing permissions for data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-datasource-and-notification.html). + // For more information about the roles and permissions that must be managed + // for customer managed workspaces, see Amazon Managed Grafana permissions and + // policies for Amazon Web Services data sources and notification channels (https://docs.aws.amazon.com/grafana/latest/userguide/AMG-manage-permissions.html) PermissionType *string `locationName:"permissionType" type:"string" enum:"PermissionType"` // The name of the CloudFormation stack set that is used to generate IAM roles diff --git a/service/wafv2/api.go b/service/wafv2/api.go index a48cf82ae1f..1a0aaa252f4 100644 --- a/service/wafv2/api.go +++ b/service/wafv2/api.go @@ -59,8 +59,8 @@ func (c *WAFV2) AssociateWebACLRequest(input *AssociateWebACLInput) (req *reques // // Associates a web ACL with a regional application resource, to protect the // resource. A regional application can be an Application Load Balancer (ALB), -// an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito -// user pool. +// an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito +// user pool, or an App Runner service. // // For Amazon CloudFront, don't use this call. Instead, use your CloudFront // distribution configuration. To associate a web ACL, in the CloudFront call @@ -726,7 +726,8 @@ func (c *WAFV2) CreateWebACLRequest(input *CreateWebACLInput) (req *request.Requ // RuleGroup, and managed rule group. You can associate a web ACL with one or // more Amazon Web Services resources to protect. The resources can be an Amazon // CloudFront distribution, an Amazon API Gateway REST API, an Application Load -// Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool. +// Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner +// service. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1830,7 +1831,8 @@ func (c *WAFV2) DisassociateWebACLRequest(input *DisassociateWebACLInput) (req * // Disassociates the specified regional application resource from any existing // web ACL association. A resource can have at most one web ACL association. // A regional application can be an Application Load Balancer (ALB), an Amazon -// API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user pool. +// API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, +// or an App Runner service. // // For Amazon CloudFront, don't use this call. Instead, use your CloudFront // distribution configuration. To disassociate a web ACL, provide an empty web @@ -5662,7 +5664,8 @@ func (c *WAFV2) UpdateWebACLRequest(input *UpdateWebACLInput) (req *request.Requ // RuleGroup, and managed rule group. You can associate a web ACL with one or // more Amazon Web Services resources to protect. The resources can be an Amazon // CloudFront distribution, an Amazon API Gateway REST API, an Application Load -// Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool. +// Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner +// service. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5801,11 +5804,6 @@ type AWSManagedRulesATPRuleSet struct { // // Response inspection is available only in web ACLs that protect Amazon CloudFront // distributions. - // - // For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible - // to configure response inspection through the APIs, but ATP response inspection - // will not be enabled. You can only use the response inspection capabilities - // of the ATP managed rule group in web ACLs that protect CloudFront distributions. ResponseInspection *ResponseInspection `type:"structure"` } @@ -6149,6 +6147,8 @@ type AssociateWebACLInput struct { // // * For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id // + // * For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id + // // ResourceArn is a required field ResourceArn *string `min:"20" type:"string" required:"true"` @@ -6889,8 +6889,8 @@ type CheckCapacityInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -7348,8 +7348,8 @@ type CreateIPSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -7513,8 +7513,8 @@ type CreateRegexPatternSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -7713,8 +7713,8 @@ type CreateRuleGroupInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -7957,8 +7957,8 @@ type CreateWebACLInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -8717,8 +8717,8 @@ type DeleteIPSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -9001,8 +9001,8 @@ type DeleteRegexPatternSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -9141,8 +9141,8 @@ type DeleteRuleGroupInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -9281,8 +9281,8 @@ type DeleteWebACLInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -9402,8 +9402,8 @@ type DescribeManagedRuleGroupInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -9621,6 +9621,8 @@ type DisassociateWebACLInput struct { // // * For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id // + // * For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id + // // ResourceArn is a required field ResourceArn *string `min:"20" type:"string" required:"true"` } @@ -10489,8 +10491,8 @@ type GetIPSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -10719,8 +10721,8 @@ type GetManagedRuleSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -11033,8 +11035,8 @@ type GetRateBasedStatementManagedKeysInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -11199,8 +11201,8 @@ type GetRegexPatternSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -11342,8 +11344,8 @@ type GetRuleGroupInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -11486,8 +11488,8 @@ type GetSampledRequestsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -11677,6 +11679,8 @@ type GetWebACLForResourceInput struct { // // * For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id // + // * For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id + // // ResourceArn is a required field ResourceArn *string `min:"20" type:"string" required:"true"` } @@ -11771,8 +11775,8 @@ type GetWebACLInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -13148,8 +13152,8 @@ type ListAvailableManagedRuleGroupVersionsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -13317,8 +13321,8 @@ type ListAvailableManagedRuleGroupsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -13445,8 +13449,8 @@ type ListIPSetsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -13575,8 +13579,8 @@ type ListLoggingConfigurationsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -13703,8 +13707,8 @@ type ListManagedRuleSetsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -13950,8 +13954,8 @@ type ListRegexPatternSetsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -14067,7 +14071,7 @@ type ListResourcesForWebACLInput struct { // Used for web ACLs that are scoped for regional applications. A regional application // can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, - // an AppSync GraphQL API, or an Amazon Cognito user pool. + // an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. // // If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER. // @@ -14173,8 +14177,8 @@ type ListRuleGroupsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -14422,8 +14426,8 @@ type ListWebACLsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -14592,7 +14596,7 @@ type LoggingConfiguration struct { // The parts of the request that you want to keep out of the logs. For example, // if you redact the SingleHeader field, the HEADER field in the logs will be - // xxx. + // REDACTED. // // You can specify only the following fields for redaction: UriPath, QueryString, // SingleHeader, Method, and JsonBody. @@ -14790,11 +14794,6 @@ type ManagedRuleGroupConfig struct { // distributions, use this to also provide the information about how your distribution // responds to login requests. // - // For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible - // to configure response inspection through the APIs, but ATP response inspection - // will not be enabled. You can only use the response inspection capabilities - // of the ATP managed rule group in web ACLs that protect CloudFront distributions. - // // This configuration replaces the individual configuration fields in ManagedRuleGroupConfig // and provides additional feature configuration. // @@ -16105,8 +16104,8 @@ type PutManagedRuleSetVersionsInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -17172,11 +17171,6 @@ func (s *RequestInspection) SetUsernameField(v *UsernameField) *RequestInspectio // Response inspection is available only in web ACLs that protect Amazon CloudFront // distributions. // -// For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible -// to configure response inspection through the APIs, but ATP response inspection -// will not be enabled. You can only use the response inspection capabilities -// of the ATP managed rule group in web ACLs that protect CloudFront distributions. -// // This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig. // // Enable login response inspection by configuring exactly one component of @@ -17186,13 +17180,15 @@ func (s *RequestInspection) SetUsernameField(v *UsernameField) *RequestInspectio type ResponseInspection struct { _ struct{} `type:"structure"` - // Configures inspection of the response body. + // Configures inspection of the response body. WAF can inspect the first 65,536 + // bytes (64 KB) of the response body. BodyContains *ResponseInspectionBodyContains `type:"structure"` // Configures inspection of the response header. Header *ResponseInspectionHeader `type:"structure"` - // Configures inspection of the response JSON. + // Configures inspection of the response JSON. WAF can inspect the first 65,536 + // bytes (64 KB) of the response JSON. Json *ResponseInspectionJson `type:"structure"` // Configures inspection of the response status code. @@ -17271,16 +17267,12 @@ func (s *ResponseInspection) SetStatusCode(v *ResponseInspectionStatusCode) *Res return s } -// Configures inspection of the response body. This is part of the ResponseInspection +// Configures inspection of the response body. WAF can inspect the first 65,536 +// bytes (64 KB) of the response body. This is part of the ResponseInspection // configuration for AWSManagedRulesATPRuleSet. // // Response inspection is available only in web ACLs that protect Amazon CloudFront // distributions. -// -// For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible -// to configure response inspection through the APIs, but ATP response inspection -// will not be enabled. You can only use the response inspection capabilities -// of the ATP managed rule group in web ACLs that protect CloudFront distributions. type ResponseInspectionBodyContains struct { _ struct{} `type:"structure"` @@ -17363,11 +17355,6 @@ func (s *ResponseInspectionBodyContains) SetSuccessStrings(v []*string) *Respons // // Response inspection is available only in web ACLs that protect Amazon CloudFront // distributions. -// -// For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible -// to configure response inspection through the APIs, but ATP response inspection -// will not be enabled. You can only use the response inspection capabilities -// of the ATP managed rule group in web ACLs that protect CloudFront distributions. type ResponseInspectionHeader struct { _ struct{} `type:"structure"` @@ -17464,16 +17451,12 @@ func (s *ResponseInspectionHeader) SetSuccessValues(v []*string) *ResponseInspec return s } -// Configures inspection of the response JSON. This is part of the ResponseInspection +// Configures inspection of the response JSON. WAF can inspect the first 65,536 +// bytes (64 KB) of the response JSON. This is part of the ResponseInspection // configuration for AWSManagedRulesATPRuleSet. // // Response inspection is available only in web ACLs that protect Amazon CloudFront // distributions. -// -// For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible -// to configure response inspection through the APIs, but ATP response inspection -// will not be enabled. You can only use the response inspection capabilities -// of the ATP managed rule group in web ACLs that protect CloudFront distributions. type ResponseInspectionJson struct { _ struct{} `type:"structure"` @@ -17575,11 +17558,6 @@ func (s *ResponseInspectionJson) SetSuccessValues(v []*string) *ResponseInspecti // // Response inspection is available only in web ACLs that protect Amazon CloudFront // distributions. -// -// For regional web ACLs in Region US East (N. Virginia) us-east-1, it's possible -// to configure response inspection through the APIs, but ATP response inspection -// will not be enabled. You can only use the response inspection capabilities -// of the ATP managed rule group in web ACLs that protect CloudFront distributions. type ResponseInspectionStatusCode struct { _ struct{} `type:"structure"` @@ -19990,8 +19968,8 @@ type UpdateIPSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -20168,8 +20146,8 @@ type UpdateManagedRuleSetVersionExpiryDateInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -20376,8 +20354,8 @@ type UpdateRegexPatternSetInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -20577,8 +20555,8 @@ type UpdateRuleGroupInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -20828,8 +20806,8 @@ type UpdateWebACLInput struct { // Specifies whether this is for an Amazon CloudFront distribution or for a // regional application. A regional application can be an Application Load Balancer - // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon - // Cognito user pool. + // (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito + // user pool, or an App Runner service. // // To work with CloudFront, you must also specify the Region US East (N. Virginia) // as follows: @@ -22537,7 +22515,8 @@ func (s *WAFUnavailableEntityException) RequestID() string { // RuleGroup, and managed rule group. You can associate a web ACL with one or // more Amazon Web Services resources to protect. The resources can be an Amazon // CloudFront distribution, an Amazon API Gateway REST API, an Application Load -// Balancer, an AppSync GraphQL API, or an Amazon Cognito user pool. +// Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner +// service. type WebACL struct { _ struct{} `type:"structure"` @@ -24595,6 +24574,9 @@ const ( // ResourceTypeCognitoUserPool is a ResourceType enum value ResourceTypeCognitoUserPool = "COGNITO_USER_POOL" + + // ResourceTypeAppRunnerService is a ResourceType enum value + ResourceTypeAppRunnerService = "APP_RUNNER_SERVICE" ) // ResourceType_Values returns all elements of the ResourceType enum @@ -24604,6 +24586,7 @@ func ResourceType_Values() []string { ResourceTypeApiGateway, ResourceTypeAppsync, ResourceTypeCognitoUserPool, + ResourceTypeAppRunnerService, } } diff --git a/service/wafv2/doc.go b/service/wafv2/doc.go index 94c2067645e..ab3e6860b57 100644 --- a/service/wafv2/doc.go +++ b/service/wafv2/doc.go @@ -19,13 +19,13 @@ // // WAF is a web application firewall that lets you monitor the HTTP and HTTPS // requests that are forwarded to an Amazon CloudFront distribution, Amazon -// API Gateway REST API, Application Load Balancer, AppSync GraphQL API, or -// Amazon Cognito user pool. WAF also lets you control access to your content, -// to protect the Amazon Web Services resource that WAF is monitoring. Based -// on conditions that you specify, such as the IP addresses that requests originate -// from or the values of query strings, the protected resource responds to requests -// with either the requested content, an HTTP 403 status code (Forbidden), or -// with a custom response. +// API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon +// Cognito user pool, or App Runner service. WAF also lets you control access +// to your content, to protect the Amazon Web Services resource that WAF is +// monitoring. Based on conditions that you specify, such as the IP addresses +// that requests originate from or the values of query strings, the protected +// resource responds to requests with either the requested content, an HTTP +// 403 status code (Forbidden), or with a custom response. // // This API guide is for developers who need detailed information about WAF // API actions, data types, and errors. For detailed information about WAF features @@ -36,8 +36,8 @@ // // - For regional applications, you can use any of the endpoints in the list. // A regional application can be an Application Load Balancer (ALB), an Amazon -// API Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user -// pool. +// API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, +// or an App Runner service. // // - For Amazon CloudFront applications, you must use the API endpoint listed // for US East (N. Virginia): us-east-1.