feat(client-global-accelerator): AWS Global Accelerator now supports …

…cross-account sharing for bring your own IP addresses.
aws · Mar 25, 2024 · 39e810c · 39e810c
1 parent 4901f59
commit 39e810c
Show file tree

Hide file tree

Showing 9 changed files with 163 additions and 107 deletions.
diff --git a/clients/client-global-accelerator/src/commands/CreateCrossAccountAttachmentCommand.ts b/clients/client-global-accelerator/src/commands/CreateCrossAccountAttachmentCommand.ts
@@ -37,14 +37,23 @@ export interface CreateCrossAccountAttachmentCommandOutput
 
 /**
  * <p>Create a cross-account attachment in Global Accelerator. You create a cross-account attachment to
- * 			specify the <i>principals</i> who have permission to add to accelerators in their own
- * 			account the resources in your account that you also list in the attachment.</p>
+ * 			specify the <i>principals</i> who have permission to work with <i>resources</i>
+ * 			in accelerators in their own account. You specify, in the same attachment, the resources that are shared.</p>
  *          <p>A principal can be an Amazon Web Services account number or the Amazon Resource Name (ARN) for an
- * 			accelerator. For account numbers that are listed as principals, to add a resource listed in the attachment to an accelerator,
- * 			you must sign in to an account specified as a principal. Then you can add the resources that are listed
- * 			to any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal,
- * 			anyone with permission to make updates to the accelerator can add as endpoints resources that are listed in the
+ * 			accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment,
+ * 			you must sign in to an account specified as a principal. Then, you can work with resources that are listed,
+ * 			with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal,
+ * 			anyone with permission to make updates to the accelerator can work with resources that are listed in the
  * 			attachment. </p>
+ *          <p>Specify each principal and resource separately. To specify two CIDR address pools, list
+ * 			them individually under <code>Resources</code>, and so on. For a command line operation, for example,
+ * 			you might use a statement like the following:</p>
+ *          <p>
+ *             <code> "Resources": [\{"Cidr": "169.254.60.0/24"\},\{"Cidr": "169.254.59.0/24"\}]</code>
+ *          </p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html">
+ * 			Working with cross-account attachments and resources in Global Accelerator</a> in the <i>
+ * 				Global Accelerator Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -58,7 +67,8 @@ export interface CreateCrossAccountAttachmentCommandOutput
  *   ],
  *   Resources: [ // Resources
  *     { // Resource
- *       EndpointId: "STRING_VALUE", // required
+ *       EndpointId: "STRING_VALUE",
+ *       Cidr: "STRING_VALUE",
  *       Region: "STRING_VALUE",
  *     },
  *   ],
@@ -81,7 +91,8 @@ export interface CreateCrossAccountAttachmentCommandOutput
  * //     ],
  * //     Resources: [ // Resources
  * //       { // Resource
- * //         EndpointId: "STRING_VALUE", // required
+ * //         EndpointId: "STRING_VALUE",
+ * //         Cidr: "STRING_VALUE",
  * //         Region: "STRING_VALUE",
  * //       },
  * //     ],

diff --git a/clients/client-global-accelerator/src/commands/DeleteCrossAccountAttachmentCommand.ts b/clients/client-global-accelerator/src/commands/DeleteCrossAccountAttachmentCommand.ts
@@ -36,22 +36,10 @@ export interface DeleteCrossAccountAttachmentCommandOutput extends __MetadataBea
 /**
  * <p>Delete a cross-account attachment. When you delete an attachment, Global Accelerator revokes the permission
  * 			to use the resources in the attachment from all principals in the list of principals. Global Accelerator
- * 			revokes the permission for specific resources by doing the following:</p>
- *          <ul>
- *             <li>
- *                <p>If the principal is an account ID, Global Accelerator reviews every accelerator in the account
- * 			and removes cross-account endpoints from all accelerators.</p>
- *             </li>
- *             <li>
- *                <p>If the principal is an accelerator, Global Accelerator reviews just that accelerator
- * 			and removes cross-account endpoints from it.</p>
- *             </li>
- *          </ul>
- *          <p>If there are overlapping permissions provided by multiple cross-account attachments,
- * 		Global Accelerator only removes endpoints if there are no current cross-account attachments that provide
- * 		access permission. For example, if you delete a cross-account attachment that lists an
- * 		accelerator as a principal, but another cross-account attachment includes the account ID
- * 		that owns that accelerator, endpoints will not be removed from the accelerator.</p>
+ * 			revokes the permission for specific resources.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html">
+ * 			Working with cross-account attachments and resources in Global Accelerator</a> in the <i>
+ * 				Global Accelerator Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-global-accelerator/src/commands/DescribeCrossAccountAttachmentCommand.ts b/clients/client-global-accelerator/src/commands/DescribeCrossAccountAttachmentCommand.ts
@@ -57,7 +57,8 @@ export interface DescribeCrossAccountAttachmentCommandOutput
  * //     ],
  * //     Resources: [ // Resources
  * //       { // Resource
- * //         EndpointId: "STRING_VALUE", // required
+ * //         EndpointId: "STRING_VALUE",
+ * //         Cidr: "STRING_VALUE",
  * //         Region: "STRING_VALUE",
  * //       },
  * //     ],

diff --git a/clients/client-global-accelerator/src/commands/ListCrossAccountAttachmentsCommand.ts b/clients/client-global-accelerator/src/commands/ListCrossAccountAttachmentsCommand.ts
@@ -56,7 +56,8 @@ export interface ListCrossAccountAttachmentsCommandOutput
  * //       ],
  * //       Resources: [ // Resources
  * //         { // Resource
- * //           EndpointId: "STRING_VALUE", // required
+ * //           EndpointId: "STRING_VALUE",
+ * //           Cidr: "STRING_VALUE",
  * //           Region: "STRING_VALUE",
  * //         },
  * //       ],

diff --git a/clients/client-global-accelerator/src/commands/ListCrossAccountResourceAccountsCommand.ts b/clients/client-global-accelerator/src/commands/ListCrossAccountResourceAccountsCommand.ts
@@ -36,7 +36,10 @@ export interface ListCrossAccountResourceAccountsCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>List the accounts that have cross-account endpoints.</p>
+ * <p>List the accounts that have cross-account resources.</p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html">
+ * 			Working with cross-account attachments and resources in Global Accelerator</a> in the <i>
+ * 				Global Accelerator Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

diff --git a/clients/client-global-accelerator/src/commands/ListCrossAccountResourcesCommand.ts b/clients/client-global-accelerator/src/commands/ListCrossAccountResourcesCommand.ts
@@ -31,7 +31,7 @@ export interface ListCrossAccountResourcesCommandInput extends ListCrossAccountR
 export interface ListCrossAccountResourcesCommandOutput extends ListCrossAccountResourcesResponse, __MetadataBearer {}
 
 /**
- * <p>List the cross-account endpoints available to add to an accelerator.</p>
+ * <p>List the cross-account resources available to work with.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -50,6 +50,7 @@ export interface ListCrossAccountResourcesCommandOutput extends ListCrossAccount
  * //   CrossAccountResources: [ // CrossAccountResources
  * //     { // CrossAccountResource
  * //       EndpointId: "STRING_VALUE",
+ * //       Cidr: "STRING_VALUE",
  * //       AttachmentArn: "STRING_VALUE",
  * //     },
  * //   ],

diff --git a/clients/client-global-accelerator/src/commands/UpdateCrossAccountAttachmentCommand.ts b/clients/client-global-accelerator/src/commands/UpdateCrossAccountAttachmentCommand.ts
@@ -38,22 +38,10 @@ export interface UpdateCrossAccountAttachmentCommandOutput
 /**
  * <p>Update a cross-account attachment to add or remove principals or resources. When you update
  * 			an attachment to remove a principal (account ID or accelerator) or a resource, Global Accelerator
- * 			revokes the permission for specific resources by doing the following:</p>
- *          <ul>
- *             <li>
- *                <p>If the principal is an account ID, Global Accelerator reviews every accelerator in the account
- * 				and removes cross-account endpoints from all accelerators.</p>
- *             </li>
- *             <li>
- *                <p>If the principal is an accelerator, Global Accelerator reviews just that accelerator
- * 				and removes cross-account endpoints from it.</p>
- *             </li>
- *          </ul>
- *          <p>If there are overlapping permissions provided by multiple cross-account attachments,
- * 			Global Accelerator only removes endpoints if there are no current cross-account attachments that provide
- * 			access permission. For example, if you delete a cross-account attachment that lists an
- * 			accelerator as a principal, but another cross-account attachment includes the account ID
- * 			that owns that accelerator, endpoints will not be removed from the accelerator.</p>
+ * 			revokes the permission for specific resources. </p>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/global-accelerator/latest/dg/cross-account-resources.html">
+ * 			Working with cross-account attachments and resources in Global Accelerator</a> in the <i>
+ * 				Global Accelerator Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -71,13 +59,15 @@ export interface UpdateCrossAccountAttachmentCommandOutput
  *   ],
  *   AddResources: [ // Resources
  *     { // Resource
- *       EndpointId: "STRING_VALUE", // required
+ *       EndpointId: "STRING_VALUE",
+ *       Cidr: "STRING_VALUE",
  *       Region: "STRING_VALUE",
  *     },
  *   ],
  *   RemoveResources: [
  *     {
- *       EndpointId: "STRING_VALUE", // required
+ *       EndpointId: "STRING_VALUE",
+ *       Cidr: "STRING_VALUE",
  *       Region: "STRING_VALUE",
  *     },
  *   ],
@@ -93,7 +83,8 @@ export interface UpdateCrossAccountAttachmentCommandOutput
  * //     ],
  * //     Resources: [ // Resources
  * //       { // Resource
- * //         EndpointId: "STRING_VALUE", // required
+ * //         EndpointId: "STRING_VALUE",
+ * //         Cidr: "STRING_VALUE",
  * //         Region: "STRING_VALUE",
  * //       },
  * //     ],