A map of tags assigned to a resource. A tag is a string-to-string map of key-value pairs.
" } + }, + "State": { + "target": "com.amazonaws.chatbot#ResourceState", + "traits": { + "smithy.api#documentation": "Either ENABLED or DISABLED. The resource returns DISABLED if the organization's AWS Chatbot policy has explicitly denied that configuration.\n\t For example, if Amazon Chime is disabled.
Provided if State is DISABLED. Provides context as to why the resource is disabled.
The name of the Microsoft Teams Team.
" } + }, + "State": { + "target": "com.amazonaws.chatbot#ResourceState", + "traits": { + "smithy.api#documentation": "Either ENABLED or DISABLED. The resource returns DISABLED if the organization's AWS Chatbot policy has explicitly denied that configuration.\n\t For example, if Amazon Chime is disabled.
Provided if State is DISABLED. Provides context as to why the resource is disabled.
A map of tags assigned to a resource. A tag is a string-to-string map of key-value pairs.
" } + }, + "State": { + "target": "com.amazonaws.chatbot#ResourceState", + "traits": { + "smithy.api#documentation": "Either ENABLED or DISABLED. The resource returns DISABLED if the organization's AWS Chatbot policy has explicitly denied that configuration.\n\t For example, if Amazon Chime is disabled.
Provided if State is DISABLED. Provides context as to why the resource is disabled.
The name of the Slack workspace.
", "smithy.api#required": {} } + }, + "State": { + "target": "com.amazonaws.chatbot#ResourceState", + "traits": { + "smithy.api#documentation": "Either ENABLED or DISABLED. The resource returns DISABLED if the organization's AWS Chatbot policy has explicitly denied that configuration.\n\t For example, if Amazon Chime is disabled.
Provided if State is DISABLED. Provides context as to why the resource is disabled.
A map of tags assigned to a resource. A tag is a string-to-string map of key-value pairs.
" } + }, + "State": { + "target": "com.amazonaws.chatbot#ResourceState", + "traits": { + "smithy.api#documentation": "Either ENABLED or DISABLED. The resource returns DISABLED if the organization's AWS Chatbot policy has explicitly denied that configuration.\n\t For example, if Amazon Chime is disabled.
Provided if State is DISABLED. Provides context as to why the resource is disabled.
Grants a principal \n permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict\n access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name\n (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies\n to version $LATEST.
\nTo grant permission to another account, specify the account ID as the Principal. To grant\n permission to an organization defined in Organizations, specify the organization ID as the\n PrincipalOrgID. For Amazon Web Servicesservices, the principal is a domain-style identifier that\n the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Servicesservices, you can also specify the ARN of the associated resource as the SourceArn. If\n you grant permission to a service principal without specifying the source, other accounts could potentially\n configure resources in their account to invoke your Lambda function.
This operation adds a statement to a resource-based permissions policy for the function. For more information\n about function policies, see Using resource-based policies for Lambda.
", + "smithy.api#documentation": "Grants a principal \n permission to use a function. You can apply the policy at the function level, or specify a qualifier to restrict\n access to a single version or alias. If you use a qualifier, the invoker must use the full Amazon Resource Name\n (ARN) of that version or alias to invoke the function. Note: Lambda does not support adding policies\n to version $LATEST.
\nTo grant permission to another account, specify the account ID as the Principal. To grant\n permission to an organization defined in Organizations, specify the organization ID as the\n PrincipalOrgID. For Amazon Web Services services, the principal is a domain-style identifier that\n the service defines, such as s3.amazonaws.com or sns.amazonaws.com. For Amazon Web Services services, you can also specify the ARN of the associated resource as the SourceArn. If\n you grant permission to a service principal without specifying the source, other accounts could potentially\n configure resources in their account to invoke your Lambda function.
This operation adds a statement to a resource-based permissions policy for the function. For more information\n about function policies, see Using resource-based policies for Lambda.
", "smithy.api#examples": [ { "title": "To grant Amazon S3 permission to invoke a function", @@ -1854,20 +1836,20 @@ "Principal": { "target": "com.amazonaws.lambda#Principal", "traits": { - "smithy.api#documentation": "The Amazon Web Servicesservice, Amazon Web Services account, IAM user, or IAM role that invokes the function. If you specify a\n service, use SourceArn or SourceAccount to limit who can invoke the function through\n that service.
The Amazon Web Services service, Amazon Web Services account, IAM user, or IAM role that invokes the function. If you specify a\n service, use SourceArn or SourceAccount to limit who can invoke the function through\n that service.
For Amazon Web Servicesservices, the ARN of the Amazon Web Services resource that invokes the function. For\n example, an Amazon S3 bucket or Amazon SNS topic.
\nNote that Lambda configures the comparison using the StringLike operator.
For Amazon Web Services services, the ARN of the Amazon Web Services resource that invokes the function. For\n example, an Amazon S3 bucket or Amazon SNS topic.
\nNote that Lambda configures the comparison using the StringLike operator.
For Amazon Web Servicesservice, the ID of the Amazon Web Services account that owns the resource. Use this\n together with SourceArn to ensure that the specified account owns the resource. It is possible for an\n Amazon S3 bucket to be deleted by its owner and recreated by another account.
For Amazon Web Services service, the ID of the Amazon Web Services account that owns the resource. Use this\n together with SourceArn to ensure that the specified account owns the resource. It is possible for an\n Amazon S3 bucket to be deleted by its owner and recreated by another account.
Creates a Lambda function. To create a function, you need a deployment package and an execution role. The\n deployment package is a .zip file archive or container image that contains your function code. The execution role\n grants the function permission to use Amazon Web Servicesservices, such as Amazon CloudWatch Logs for log\n streaming and X-Ray for request tracing.
\nIf the deployment package is a container\n image, then you set the package type to Image. For a container image, the code property\n must include the URI of a container image in the Amazon ECR registry. You do not need to specify the\n handler and runtime properties.
If the deployment package is a .zip file archive, then\n you set the package type to Zip. For a .zip file archive, the code property specifies the location of\n the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must\n be compatible with the target instruction set architecture of the function (x86-64 or\n arm64). If you do not specify the architecture, then the default value is\n x86-64.
When you create a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't\n invoke or modify the function. The State, StateReason, and StateReasonCode\n fields in the response from GetFunctionConfiguration indicate when the function is ready to\n invoke. For more information, see Lambda function states.
A function has an unpublished version, and can have published versions and aliases. The unpublished version\n changes when you update your function's code and configuration. A published version is a snapshot of your function\n code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be\n changed to map to a different version. Use the Publish parameter to create version 1 of\n your function from its initial configuration.
The other parameters let you configure version-specific and function-level settings. You can modify\n version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply\n to both the unpublished and published versions of the function, and include tags (TagResource)\n and per-function concurrency limits (PutFunctionConcurrency).
\nYou can use code signing if your deployment package is a .zip file archive. To enable code signing for this\n function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with\n UpdateFunctionCode, Lambda checks that the code package has a valid signature from\n a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted\n publishers for this function.
\nIf another Amazon Web Services account or an Amazon Web Servicesservice invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.
\nTo invoke your function directly, use Invoke. To invoke your function in response to events\n in other Amazon Web Servicesservices, create an event source mapping (CreateEventSourceMapping),\n or configure a function trigger in the other service. For more information, see Invoking Lambda\n functions.
", + "smithy.api#documentation": "Creates a Lambda function. To create a function, you need a deployment package and an execution role. The\n deployment package is a .zip file archive or container image that contains your function code. The execution role\n grants the function permission to use Amazon Web Services services, such as Amazon CloudWatch Logs for log\n streaming and X-Ray for request tracing.
\nIf the deployment package is a container\n image, then you set the package type to Image. For a container image, the code property\n must include the URI of a container image in the Amazon ECR registry. You do not need to specify the\n handler and runtime properties.
If the deployment package is a .zip file archive, then\n you set the package type to Zip. For a .zip file archive, the code property specifies the location of\n the .zip file. You must also specify the handler and runtime properties. The code in the deployment package must\n be compatible with the target instruction set architecture of the function (x86-64 or\n arm64). If you do not specify the architecture, then the default value is\n x86-64.
When you create a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute or so. During this time, you can't\n invoke or modify the function. The State, StateReason, and StateReasonCode\n fields in the response from GetFunctionConfiguration indicate when the function is ready to\n invoke. For more information, see Lambda function states.
A function has an unpublished version, and can have published versions and aliases. The unpublished version\n changes when you update your function's code and configuration. A published version is a snapshot of your function\n code and configuration that can't be changed. An alias is a named resource that maps to a version, and can be\n changed to map to a different version. Use the Publish parameter to create version 1 of\n your function from its initial configuration.
The other parameters let you configure version-specific and function-level settings. You can modify\n version-specific settings later with UpdateFunctionConfiguration. Function-level settings apply\n to both the unpublished and published versions of the function, and include tags (TagResource)\n and per-function concurrency limits (PutFunctionConcurrency).
\nYou can use code signing if your deployment package is a .zip file archive. To enable code signing for this\n function, specify the ARN of a code-signing configuration. When a user attempts to deploy a code package with\n UpdateFunctionCode, Lambda checks that the code package has a valid signature from\n a trusted publisher. The code-signing configuration includes set of signing profiles, which define the trusted\n publishers for this function.
\nIf another Amazon Web Services account or an Amazon Web Services service invokes your function, use AddPermission to grant permission by creating a resource-based Identity and Access Management (IAM) policy. You can grant permissions at the function level, on a version, or on an alias.
\nTo invoke your function directly, use Invoke. To invoke your function in response to events\n in other Amazon Web Services services, create an event source mapping (CreateEventSourceMapping),\n or configure a function trigger in the other service. For more information, see Invoking Lambda\n functions.
", "smithy.api#examples": [ { "title": "To create a function", @@ -3409,7 +3391,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter.\n Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit\n permissions for DeleteAlias.
To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Servicesservices and resources that invoke your function\n directly, delete the trigger in the service where you originally configured it.
", + "smithy.api#documentation": "Deletes a Lambda function. To delete a specific function version, use the Qualifier parameter.\n Otherwise, all versions and aliases are deleted. This doesn't require the user to have explicit\n permissions for DeleteAlias.
To delete Lambda event source mappings that invoke a function, use DeleteEventSourceMapping. For Amazon Web Services services and resources that invoke your function\n directly, delete the trigger in the service where you originally configured it.
", "smithy.api#examples": [ { "title": "To delete a version of a Lambda function", @@ -3811,66 +3793,6 @@ "smithy.api#input": {} } }, - "com.amazonaws.lambda#DeleteResourcePolicy": { - "type": "operation", - "input": { - "target": "com.amazonaws.lambda#DeleteResourcePolicyRequest" - }, - "output": { - "target": "smithy.api#Unit" - }, - "errors": [ - { - "target": "com.amazonaws.lambda#InvalidParameterValueException" - }, - { - "target": "com.amazonaws.lambda#PreconditionFailedException" - }, - { - "target": "com.amazonaws.lambda#ResourceConflictException" - }, - { - "target": "com.amazonaws.lambda#ResourceNotFoundException" - }, - { - "target": "com.amazonaws.lambda#ServiceException" - }, - { - "target": "com.amazonaws.lambda#TooManyRequestsException" - } - ], - "traits": { - "smithy.api#documentation": "The option to create and modify full JSON resource-based policies, and to use the PutResourcePolicy, GetResourcePolicy, and DeleteResourcePolicy APIs, won't be \n available in all Amazon Web Services Regions until September 30, 2024.
\nDeletes a resource-based policy from a function.
", - "smithy.api#http": { - "method": "DELETE", - "uri": "/2024-09-16/resource-policy/{ResourceArn}", - "code": 204 - } - } - }, - "com.amazonaws.lambda#DeleteResourcePolicyRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "target": "com.amazonaws.lambda#PolicyResourceArn", - "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - }, - "RevisionId": { - "target": "com.amazonaws.lambda#RevisionId", - "traits": { - "smithy.api#documentation": "Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached \n to your function, use the GetResourcePolicy action.
", - "smithy.api#httpQuery": "RevisionId" - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, "com.amazonaws.lambda#Description": { "type": "string", "traits": { @@ -6639,134 +6561,6 @@ "smithy.api#output": {} } }, - "com.amazonaws.lambda#GetPublicAccessBlockConfig": { - "type": "operation", - "input": { - "target": "com.amazonaws.lambda#GetPublicAccessBlockConfigRequest" - }, - "output": { - "target": "com.amazonaws.lambda#GetPublicAccessBlockConfigResponse" - }, - "errors": [ - { - "target": "com.amazonaws.lambda#InvalidParameterValueException" - }, - { - "target": "com.amazonaws.lambda#ResourceNotFoundException" - }, - { - "target": "com.amazonaws.lambda#ServiceException" - }, - { - "target": "com.amazonaws.lambda#TooManyRequestsException" - } - ], - "traits": { - "smithy.api#documentation": "The option to configure public-access settings, and to use the PutPublicAccessBlock and GetPublicAccessBlock APIs, won't be \n available in all Amazon Web Services Regions until September 30, 2024.
\nRetrieve the public-access settings for a function.
", - "smithy.api#http": { - "method": "GET", - "uri": "/2024-09-16/public-access-block/{ResourceArn}", - "code": 200 - } - } - }, - "com.amazonaws.lambda#GetPublicAccessBlockConfigRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "target": "com.amazonaws.lambda#PublicAccessBlockResourceArn", - "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.lambda#GetPublicAccessBlockConfigResponse": { - "type": "structure", - "members": { - "PublicAccessBlockConfig": { - "target": "com.amazonaws.lambda#PublicAccessBlockConfig", - "traits": { - "smithy.api#documentation": "The public-access settings configured for the function you specified
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.lambda#GetResourcePolicy": { - "type": "operation", - "input": { - "target": "com.amazonaws.lambda#GetResourcePolicyRequest" - }, - "output": { - "target": "com.amazonaws.lambda#GetResourcePolicyResponse" - }, - "errors": [ - { - "target": "com.amazonaws.lambda#InvalidParameterValueException" - }, - { - "target": "com.amazonaws.lambda#ResourceNotFoundException" - }, - { - "target": "com.amazonaws.lambda#ServiceException" - }, - { - "target": "com.amazonaws.lambda#TooManyRequestsException" - } - ], - "traits": { - "smithy.api#documentation": "The option to create and modify full JSON resource-based policies, and to use the PutResourcePolicy, GetResourcePolicy, and DeleteResourcePolicy APIs, won't be \n available in all Amazon Web Services Regions until September 30, 2024.
\nRetrieves the resource-based policy attached to a function.
", - "smithy.api#http": { - "method": "GET", - "uri": "/2024-09-16/resource-policy/{ResourceArn}", - "code": 200 - } - } - }, - "com.amazonaws.lambda#GetResourcePolicyRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "target": "com.amazonaws.lambda#PolicyResourceArn", - "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.lambda#GetResourcePolicyResponse": { - "type": "structure", - "members": { - "Policy": { - "target": "com.amazonaws.lambda#ResourcePolicy", - "traits": { - "smithy.api#documentation": "The resource-based policy attached to the function you specified.
" - } - }, - "RevisionId": { - "target": "com.amazonaws.lambda#RevisionId", - "traits": { - "smithy.api#documentation": "The revision ID of the policy.
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, "com.amazonaws.lambda#GetRuntimeManagementConfig": { "type": "operation", "input": { @@ -9326,7 +9120,7 @@ } ], "traits": { - "smithy.api#documentation": "Returns a function, event source mapping, or code signing configuration's tags. You can\n also view funciton tags with GetFunction.
", + "smithy.api#documentation": "Returns a function, event source mapping, or code signing configuration's tags. You can\n also view function tags with GetFunction.
", "smithy.api#examples": [ { "title": "To retrieve the list of tags for a Lambda function", @@ -9891,16 +9685,6 @@ "smithy.api#httpError": 400 } }, - "com.amazonaws.lambda#PolicyResourceArn": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 0, - "max": 256 - }, - "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_])+)?$" - } - }, "com.amazonaws.lambda#PositiveInteger": { "type": "integer", "traits": { @@ -10042,55 +9826,6 @@ } } }, - "com.amazonaws.lambda#PublicAccessBlockConfig": { - "type": "structure", - "members": { - "BlockPublicPolicy": { - "target": "com.amazonaws.lambda#NullableBoolean", - "traits": { - "smithy.api#documentation": "To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to false.
To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To \n allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.
An object that defines the public-access settings for a function.
" - } - }, - "com.amazonaws.lambda#PublicAccessBlockResourceArn": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 0, - "max": 170 - }, - "smithy.api#pattern": "^arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+$" - } - }, - "com.amazonaws.lambda#PublicPolicyException": { - "type": "structure", - "members": { - "Type": { - "target": "com.amazonaws.lambda#String", - "traits": { - "smithy.api#documentation": "The exception type.
" - } - }, - "Message": { - "target": "com.amazonaws.lambda#String" - } - }, - "traits": { - "smithy.api#documentation": "Lambda prevented your policy from being created because it would grant public access to your function. If you intended to \n create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings \n to allow public policies.
", - "smithy.api#error": "client", - "smithy.api#httpError": 400 - } - }, "com.amazonaws.lambda#PublishLayerVersion": { "type": "operation", "input": { @@ -10807,169 +10542,6 @@ "smithy.api#output": {} } }, - "com.amazonaws.lambda#PutPublicAccessBlockConfig": { - "type": "operation", - "input": { - "target": "com.amazonaws.lambda#PutPublicAccessBlockConfigRequest" - }, - "output": { - "target": "com.amazonaws.lambda#PutPublicAccessBlockConfigResponse" - }, - "errors": [ - { - "target": "com.amazonaws.lambda#InvalidParameterValueException" - }, - { - "target": "com.amazonaws.lambda#ResourceConflictException" - }, - { - "target": "com.amazonaws.lambda#ResourceNotFoundException" - }, - { - "target": "com.amazonaws.lambda#ServiceException" - }, - { - "target": "com.amazonaws.lambda#TooManyRequestsException" - } - ], - "traits": { - "smithy.api#documentation": "The option to configure public-access settings, and to use the PutPublicAccessBlock and GetPublicAccessBlock APIs, won't be \n available in all Amazon Web Services Regions until September 30, 2024.
\nConfigure your function's public-access settings.
\nTo control public access to a Lambda function, you can choose whether to allow the creation of \n resource-based policies that \n allow public access to that function. You can also block public access to a function, even if it has an existing resource-based \n policy that allows it.
", - "smithy.api#http": { - "method": "PUT", - "uri": "/2024-09-16/public-access-block/{ResourceArn}", - "code": 200 - } - } - }, - "com.amazonaws.lambda#PutPublicAccessBlockConfigRequest": { - "type": "structure", - "members": { - "ResourceArn": { - "target": "com.amazonaws.lambda#PublicAccessBlockResourceArn", - "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings \n are applied at the function level, so you can't apply different settings to function versions or aliases.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - }, - "PublicAccessBlockConfig": { - "target": "com.amazonaws.lambda#PublicAccessBlockConfig", - "traits": { - "smithy.api#documentation": "An object defining the public-access settings you want to apply.
\nTo block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy \n to false.
To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To \n allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.
The default setting for both BlockPublicPolicy and RestrictPublicResource is true.
The public-access settings Lambda applied to your function.
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, - "com.amazonaws.lambda#PutResourcePolicy": { - "type": "operation", - "input": { - "target": "com.amazonaws.lambda#PutResourcePolicyRequest" - }, - "output": { - "target": "com.amazonaws.lambda#PutResourcePolicyResponse" - }, - "errors": [ - { - "target": "com.amazonaws.lambda#InvalidParameterValueException" - }, - { - "target": "com.amazonaws.lambda#PolicyLengthExceededException" - }, - { - "target": "com.amazonaws.lambda#PreconditionFailedException" - }, - { - "target": "com.amazonaws.lambda#PublicPolicyException" - }, - { - "target": "com.amazonaws.lambda#ResourceConflictException" - }, - { - "target": "com.amazonaws.lambda#ResourceNotFoundException" - }, - { - "target": "com.amazonaws.lambda#ServiceException" - }, - { - "target": "com.amazonaws.lambda#TooManyRequestsException" - } - ], - "traits": { - "smithy.api#documentation": "The option to create and modify full JSON resource-based policies, and to use the PutResourcePolicy, GetResourcePolicy, and DeleteResourcePolicy APIs, won't be \n available in all Amazon Web Services Regions until September 30, 2024.
\nAdds a resource-based policy \n to a function. You can use resource-based policies to grant access to other \n Amazon Web Services accounts, \n organizations, or \n services. Resource-based policies \n apply to a single function, version, or alias.
\nAdding a resource-based policy using this API action replaces any existing policy you've previously created. This means that if \n you've previously added resource-based permissions to a function using the AddPermission action, those \n permissions will be overwritten by your new policy.
\nThe Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, \n but the value you specify must be a complete ARN and wildcard characters are not accepted.
", - "smithy.api#httpLabel": {}, - "smithy.api#required": {} - } - }, - "Policy": { - "target": "com.amazonaws.lambda#ResourcePolicy", - "traits": { - "smithy.api#documentation": "The JSON resource-based policy you want to add to your function.
\nTo learn more about creating resource-based policies for controlling access to \n Lambda, see Working with resource-based IAM policies in Lambda in the \n Lambda Developer Guide.
", - "smithy.api#required": {} - } - }, - "RevisionId": { - "target": "com.amazonaws.lambda#RevisionId", - "traits": { - "smithy.api#documentation": "Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached \n to your function, use the GetResourcePolicy action.
" - } - } - }, - "traits": { - "smithy.api#input": {} - } - }, - "com.amazonaws.lambda#PutResourcePolicyResponse": { - "type": "structure", - "members": { - "Policy": { - "target": "com.amazonaws.lambda#ResourcePolicy", - "traits": { - "smithy.api#documentation": "The policy Lambda added to your function.
" - } - }, - "RevisionId": { - "target": "com.amazonaws.lambda#RevisionId", - "traits": { - "smithy.api#documentation": "The revision ID of the policy Lambda added to your function.
" - } - } - }, - "traits": { - "smithy.api#output": {} - } - }, "com.amazonaws.lambda#PutRuntimeManagementConfig": { "type": "operation", "input": { @@ -11239,9 +10811,6 @@ { "target": "com.amazonaws.lambda#PreconditionFailedException" }, - { - "target": "com.amazonaws.lambda#PublicPolicyException" - }, { "target": "com.amazonaws.lambda#ResourceNotFoundException" }, @@ -11253,7 +10822,7 @@ } ], "traits": { - "smithy.api#documentation": "Revokes function-use permission from an Amazon Web Servicesservice or another Amazon Web Services account. You\n can get the ID of the statement from the output of GetPolicy.
", + "smithy.api#documentation": "Revokes function-use permission from an Amazon Web Services service or another Amazon Web Services account. You\n can get the ID of the statement from the output of GetPolicy.
", "smithy.api#examples": [ { "title": "To remove a Lambda function's permissions", @@ -11416,16 +10985,6 @@ "smithy.api#httpError": 502 } }, - "com.amazonaws.lambda#ResourcePolicy": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 1, - "max": 20480 - }, - "smithy.api#pattern": "^[\\s\\S]+$" - } - }, "com.amazonaws.lambda#ResponseStreamingInvocationType": { "type": "enum", "members": { @@ -11443,16 +11002,6 @@ } } }, - "com.amazonaws.lambda#RevisionId": { - "type": "string", - "traits": { - "smithy.api#length": { - "min": 36, - "max": 36 - }, - "smithy.api#pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$" - } - }, "com.amazonaws.lambda#RoleArn": { "type": "string", "traits": { @@ -13227,7 +12776,7 @@ } ], "traits": { - "smithy.api#documentation": "Modify the version-specific settings of a Lambda function.
\nWhen you update a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify\n the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason,\n and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration\n indicate when the update is complete and the function is processing events with the new configuration. For more\n information, see Lambda\n function states.
These settings can vary between versions of a function and are locked when you publish a version. You can't\n modify the configuration of a published version, only the unpublished version.
\nTo configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions\n to an Amazon Web Services account or Amazon Web Servicesservice, use AddPermission.
", + "smithy.api#documentation": "Modify the version-specific settings of a Lambda function.
\nWhen you update a function, Lambda provisions an instance of the function and its supporting\n resources. If your function connects to a VPC, this process can take a minute. During this time, you can't modify\n the function, but you can still invoke it. The LastUpdateStatus, LastUpdateStatusReason,\n and LastUpdateStatusReasonCode fields in the response from GetFunctionConfiguration\n indicate when the update is complete and the function is processing events with the new configuration. For more\n information, see Lambda\n function states.
These settings can vary between versions of a function and are locked when you publish a version. You can't\n modify the configuration of a published version, only the unpublished version.
\nTo configure function concurrency, use PutFunctionConcurrency. To grant invoke permissions\n to an Amazon Web Services account or Amazon Web Services service, use AddPermission.
", "smithy.api#examples": [ { "title": "To update a Lambda function's configuration", diff --git a/codegen/sdk-codegen/aws-models/organizations.json b/codegen/sdk-codegen/aws-models/organizations.json index c2b0af0ddb8..9efaec2e810 100644 --- a/codegen/sdk-codegen/aws-models/organizations.json +++ b/codegen/sdk-codegen/aws-models/organizations.json @@ -1902,7 +1902,7 @@ } ], "traits": { - "smithy.api#documentation": "Attaches a policy to a root, an organizational unit (OU), or an individual account.\n How the policy affects accounts depends on the type of policy. Refer to the\n Organizations User Guide for information about each policy type:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nThis operation can be called only from the organization's\nmanagement account or by a member account that is a delegated administrator for an Amazon Web Services service.
", + "smithy.api#documentation": "Attaches a policy to a root, an organizational unit (OU), or an individual account.\n How the policy affects accounts depends on the type of policy. Refer to the\n Organizations User Guide for information about each policy type:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nThis operation can be called only from the organization's\nmanagement account or by a member account that is a delegated administrator for an Amazon Web Services service.
", "smithy.api#examples": [ { "title": "To attach a policy to an account", @@ -3129,7 +3129,7 @@ "Type": { "target": "com.amazonaws.organizations#PolicyType", "traits": { - "smithy.api#documentation": "The type of policy to create. You can specify one of the following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nThe type of policy to create. You can specify one of the following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nThe type of policy that you want information about. You can specify one of the\n following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nThe type of policy that you want information about. You can specify one of the\n following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nThe policy type that you want to disable in this root. You can specify one of the\n following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nThe policy type that you want to disable in this root. You can specify one of the\n following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nThe policy type that you want to enable. You can specify one of the following\n values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nThe policy type that you want to enable. You can specify one of the following\n values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nThe type of policy that you want to include in the returned list. You must specify one\n of the following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nThe type of policy that you want to include in the returned list. You must specify one\n of the following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nSpecifies the type of policy that you want to include in the response. You must\n specify one of the following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\nSpecifies the type of policy that you want to include in the response. You must\n specify one of the following values:
\n\n BACKUP_POLICY\n
\n\n TAG_POLICY\n
\n\n CHATBOT_POLICY\n
\nThe Amazon Resource Name (ARN) of the \n IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have\n pcs:RegisterComputeNodeGroupInstance permissions attached to provision instances\n correctly.
The Amazon Resource Name (ARN) of the IAM instance \n profile used to pass an IAM role when launching EC2 instances. The role contained \n in your instance profile must have the pcs:RegisterComputeNodeGroupInstance\n permission. The resource identifier of the ARN must start with \n AWSPCS or it must have /aws-pcs/ in its path.
\n Examples\n
\n\n arn:aws:iam::111122223333:instance-profile/AWSPCS-example-role-1\n
\n arn:aws:iam::111122223333:instance-profile/aws-pcs/example-role-2\n
The Amazon Resource Name (ARN) of the \n IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have\n pcs:RegisterComputeNodeGroupInstance permissions attached in order to\n provision instances correctly. The resource identifier of the ARN must start with \n AWSPCS. For example, arn:aws:iam:123456789012:instance-profile/AWSPCSMyComputeNodeInstanceProfile.\n
The Amazon Resource Name (ARN) of the IAM instance \n profile used to pass an IAM role when launching EC2 instances. The role contained \n in your instance profile must have the pcs:RegisterComputeNodeGroupInstance\n permission. The resource identifier of the ARN must start with \n AWSPCS or it must have /aws-pcs/ in its path.
\n Examples\n
\n\n arn:aws:iam::111122223333:instance-profile/AWSPCS-example-role-1\n
\n arn:aws:iam::111122223333:instance-profile/aws-pcs/example-role-2\n
Amazon Web Services PCS supports configuration of the following Slurm parameters: \n Prolog\n , \n Epilog\n , and \n SelectTypeParameters\n .
Amazon Web Services PCS supports configuration of the following Slurm parameters:
\nFor clusters\n
\n\n \n Prolog\n \n
\n \n Epilog\n \n
For compute node groups\n
\n\n \n Weight\n \n
\n \n RealMemory\n \n
The Amazon Resource Name (ARN) of the \n IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have\n pcs:RegisterComputeNodeGroupInstance permissions attached to provision instances\n correctly.
The Amazon Resource Name (ARN) of the IAM instance \n profile used to pass an IAM role when launching EC2 instances. The role contained \n in your instance profile must have the pcs:RegisterComputeNodeGroupInstance\n permission. The resource identifier of the ARN must start with \n AWSPCS or it must have /aws-pcs/ in its path.
\n Examples\n
\n\n arn:aws:iam::111122223333:instance-profile/AWSPCS-example-role-1\n
\n arn:aws:iam::111122223333:instance-profile/aws-pcs/example-role-2\n
Starts a SQL transaction.
\nA transaction can run for a maximum of 24 hours. A transaction is terminated and rolled back automatically after 24\n hours.
\nA transaction times out if no calls use its transaction ID in three minutes. If a transaction times out before it's\n committed, it's rolled back automatically.
\nDDL statements inside a transaction cause an implicit commit. We recommend that you run each DDL statement in a separate\n ExecuteStatement call with continueAfterTimeout enabled.
Starts a SQL transaction.
\nA transaction can run for a maximum of 24 hours. A transaction is terminated and rolled back automatically after 24\n hours.
\nA transaction times out if no calls use its transaction ID in three minutes. If a transaction times out before it's\n committed, it's rolled back automatically.
\nFor Aurora MySQL, DDL statements inside a transaction cause an implicit commit. We recommend that you run each MySQL DDL statement in a separate\n ExecuteStatement call with continueAfterTimeout enabled.
Runs one or more SQL statements.
\nThis operation isn't supported for Aurora PostgreSQL Serverless v2 and provisioned DB clusters, and for Aurora Serverless v1 DB clusters, \n the operation is deprecated. Use the BatchExecuteStatement or ExecuteStatement operation.
Runs one or more SQL statements.
\nThis operation isn't supported for Aurora Serverless v2 and provisioned DB clusters.\n For Aurora Serverless v1 DB clusters, the operation is deprecated.\n Use the BatchExecuteStatement or ExecuteStatement operation.
Amazon RDS provides an HTTP endpoint to run SQL statements on an Amazon Aurora DB cluster. To run these\n statements, you use the RDS Data API (Data API).
\nData API is available with the following types of Aurora databases:
\nAurora PostgreSQL - Serverless v2, Serverless v1, and provisioned
\nAurora MySQL - Serverless v1 only
\nFor more information about the Data API, see\n Using RDS Data API\n in the Amazon Aurora User Guide.
", + "smithy.api#documentation": "Amazon RDS provides an HTTP endpoint to run SQL statements on an Amazon Aurora DB cluster. To run these\n statements, you use the RDS Data API (Data API).
\nData API is available with the following types of Aurora databases:
\nAurora PostgreSQL - Serverless v2, provisioned, and Serverless v1
\nAurora MySQL - Serverless v2, provisioned, and Serverless v1
\nFor more information about the Data API, see\n Using RDS Data API\n in the Amazon Aurora User Guide.
", "smithy.api#title": "AWS RDS DataService", "smithy.rules#endpointRuleSet": { "version": "1.0", diff --git a/codegen/sdk-codegen/aws-models/sagemaker.json b/codegen/sdk-codegen/aws-models/sagemaker.json index 274f94fe93d..25883e7aeee 100644 --- a/codegen/sdk-codegen/aws-models/sagemaker.json +++ b/codegen/sdk-codegen/aws-models/sagemaker.json @@ -9913,6 +9913,12 @@ "smithy.api#documentation": "The entity that creates and manages the required security groups for inter-app\n communication in VPCOnly mode. Required when\n CreateDomain.AppNetworkAccessType is VPCOnly and\n DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is\n provided. If setting up the domain for use with RStudio, this value must be set to\n Service.
Indicates whether custom tag propagation is supported for the domain. Defaults to DISABLED.
The entity that creates and manages the required security groups for inter-app\n communication in VPCOnly mode. Required when\n CreateDomain.AppNetworkAccessType is VPCOnly and\n DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is\n provided.
Indicates whether custom tag propagation is supported for the domain.
" + } + }, "DefaultSpaceSettings": { "target": "com.amazonaws.sagemaker#DefaultSpaceSettings", "traits": { @@ -62994,6 +63006,23 @@ } } }, + "com.amazonaws.sagemaker#TagPropagation": { + "type": "enum", + "members": { + "ENABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ENABLED" + } + }, + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + } + } + }, "com.amazonaws.sagemaker#TagValue": { "type": "string", "traits": { @@ -68150,6 +68179,12 @@ "traits": { "smithy.api#documentation": "Specifies the VPC used for non-EFS traffic.
\n\n PublicInternetOnly - Non-EFS traffic is through a VPC managed by Amazon SageMaker, which allows direct internet access.
\n VpcOnly - All Studio traffic is through the specified VPC and\n subnets.
This configuration can only be modified if there are no apps in the\n InService, Pending, or Deleting state. The\n configuration cannot be updated if\n DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is already\n set or DomainSettings.RStudioServerProDomainSettings.DomainExecutionRoleArn is\n provided as part of the same request.
Indicates whether custom tag propagation is supported for the domain. Defaults to DISABLED.