From 1f88422051125aee6a38362ffe14a843a9e095c1 Mon Sep 17 00:00:00 2001 From: awssdkgo Date: Tue, 2 Feb 2021 19:14:37 +0000 Subject: [PATCH] Release v1.37.2 (2021-02-02) === ### Service Client Updates * `service/application-autoscaling`: Updates service API and documentation * `service/appmesh`: Updates service API and documentation * `service/iotwireless`: Updates service API and documentation * `service/location`: Updates service documentation * `service/lookoutvision`: Updates service API and documentation * `service/medialive`: Updates service API and documentation * AWS Elemental MediaLive now supports Image Media Playlists on HLS outputs, version 0.4 (trick-mode). * `service/organizations`: Updates service documentation * Documentation updates for AWS Organizations. * `service/rds-data`: Updates service API and documentation * `service/route53`: Updates service documentation * Documentation updates for Route 53 * `service/s3control`: Updates service API and documentation * Amazon S3 Batch Operations now supports Delete Object Tagging ### SDK Enhancements * `service/s3`: Amazon S3 now supports AWS PrivateLink, providing direct access to S3 via a private endpoint within your virtual private network. ### SDK Bugs * `aws/session`: Fixed a bug that prevented credentials from being sourced from the environment if the loaded shared config profile contained partial SSO configuration. ([#3769](https://github.com/aws/aws-sdk-go/pull/3769)) * Fixes ([#3768](https://github.com/aws/aws-sdk-go/issues/3768)) --- CHANGELOG.md | 26 + CHANGELOG_PENDING.md | 3 - aws/version.go | 2 +- .../2016-02-06/api-2.json | 5 +- .../2016-02-06/docs-2.json | 52 +- models/apis/appmesh/2019-01-25/api-2.json | 123 ++- models/apis/appmesh/2019-01-25/docs-2.json | 131 ++- models/apis/iotwireless/2020-11-22/api-2.json | 8 +- .../apis/iotwireless/2020-11-22/docs-2.json | 7 +- models/apis/location/2020-11-19/docs-2.json | 2 +- .../apis/lookoutvision/2020-11-20/api-2.json | 158 +++- .../apis/lookoutvision/2020-11-20/docs-2.json | 112 ++- models/apis/medialive/2017-10-14/api-2.json | 14 +- models/apis/medialive/2017-10-14/docs-2.json | 6 + .../apis/organizations/2016-11-28/docs-2.json | 26 +- models/apis/rds-data/2018-08-01/api-2.json | 19 +- models/apis/rds-data/2018-08-01/docs-2.json | 6 +- models/apis/route53/2013-04-01/docs-2.json | 82 +- models/apis/s3control/2018-08-20/api-2.json | 10 + models/apis/s3control/2018-08-20/docs-2.json | 26 +- service/applicationautoscaling/api.go | 126 ++- service/applicationautoscaling/doc.go | 2 +- service/applicationautoscaling/errors.go | 2 +- service/appmesh/api.go | 793 +++++++++++++++++- service/iotwireless/api.go | 19 +- service/locationservice/api.go | 5 +- service/lookoutforvision/api.go | 729 ++++++++++++++-- .../lookoutforvisioniface/interface.go | 12 + service/medialive/api.go | 31 +- service/organizations/api.go | 94 ++- service/rdsdataservice/api.go | 49 +- service/rdsdataservice/doc.go | 3 - service/route53/api.go | 209 +++-- service/route53/errors.go | 18 +- service/s3control/api.go | 69 +- 35 files changed, 2532 insertions(+), 447 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9a7a67f0de..041b05fb8f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,29 @@ +Release v1.37.2 (2021-02-02) +=== + +### Service Client Updates +* `service/application-autoscaling`: Updates service API and documentation +* `service/appmesh`: Updates service API and documentation +* `service/iotwireless`: Updates service API and documentation +* `service/location`: Updates service documentation +* `service/lookoutvision`: Updates service API and documentation +* `service/medialive`: Updates service API and documentation + * AWS Elemental MediaLive now supports Image Media Playlists on HLS outputs, version 0.4 (trick-mode). +* `service/organizations`: Updates service documentation + * Documentation updates for AWS Organizations. +* `service/rds-data`: Updates service API and documentation +* `service/route53`: Updates service documentation + * Documentation updates for Route 53 +* `service/s3control`: Updates service API and documentation + * Amazon S3 Batch Operations now supports Delete Object Tagging + +### SDK Enhancements +* `service/s3`: Amazon S3 now supports AWS PrivateLink, providing direct access to S3 via a private endpoint within your virtual private network. + +### SDK Bugs +* `aws/session`: Fixed a bug that prevented credentials from being sourced from the environment if the loaded shared config profile contained partial SSO configuration. ([#3769](https://github.com/aws/aws-sdk-go/pull/3769)) + * Fixes ([#3768](https://github.com/aws/aws-sdk-go/issues/3768)) + Release v1.37.1 (2021-01-29) === diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index 222221926ac..8a1927a39ca 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -1,8 +1,5 @@ ### SDK Features ### SDK Enhancements -* `service/s3`: Amazon S3 now supports AWS PrivateLink, providing direct access to S3 via a private endpoint within your virtual private network. ### SDK Bugs -* `aws/session`: Fixed a bug that prevented credentials from being sourced from the environment if the loaded shared config profile contained partial SSO configuration. ([#3769](https://github.com/aws/aws-sdk-go/pull/3769)) - * Fixes ([#3768](https://github.com/aws/aws-sdk-go/issues/3768)) diff --git a/aws/version.go b/aws/version.go index 9514f518930..8b7316872ed 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.37.1" +const SDKVersion = "1.37.2" diff --git a/models/apis/application-autoscaling/2016-02-06/api-2.json b/models/apis/application-autoscaling/2016-02-06/api-2.json index 37eeea3e950..e834fdedddc 100644 --- a/models/apis/application-autoscaling/2016-02-06/api-2.json +++ b/models/apis/application-autoscaling/2016-02-06/api-2.json @@ -505,6 +505,7 @@ "members":{ "ServiceNamespace":{"shape":"ServiceNamespace"}, "Schedule":{"shape":"ResourceIdMaxLen1600"}, + "Timezone":{"shape":"ResourceIdMaxLen1600"}, "ScheduledActionName":{"shape":"ScheduledActionName"}, "ResourceId":{"shape":"ResourceIdMaxLen1600"}, "ScalableDimension":{"shape":"ScalableDimension"}, @@ -553,7 +554,8 @@ }, "ResourceIdsMaxLen1600":{ "type":"list", - "member":{"shape":"ResourceIdMaxLen1600"} + "member":{"shape":"ResourceIdMaxLen1600"}, + "max":50 }, "ResourceLabel":{ "type":"string", @@ -701,6 +703,7 @@ "ScheduledActionARN":{"shape":"ResourceIdMaxLen1600"}, "ServiceNamespace":{"shape":"ServiceNamespace"}, "Schedule":{"shape":"ResourceIdMaxLen1600"}, + "Timezone":{"shape":"ResourceIdMaxLen1600"}, "ResourceId":{"shape":"ResourceIdMaxLen1600"}, "ScalableDimension":{"shape":"ScalableDimension"}, "StartTime":{"shape":"TimestampType"}, diff --git a/models/apis/application-autoscaling/2016-02-06/docs-2.json b/models/apis/application-autoscaling/2016-02-06/docs-2.json index ed7ce08cc19..84d4f2150f4 100644 --- a/models/apis/application-autoscaling/2016-02-06/docs-2.json +++ b/models/apis/application-autoscaling/2016-02-06/docs-2.json @@ -1,16 +1,16 @@ { "version": "2.0", - "service": "

With Application Auto Scaling, you can configure automatic scaling for the following resources:

API Summary

The Application Auto Scaling service API includes three key sets of actions:

To learn more about Application Auto Scaling, including information about granting IAM users required permissions for Application Auto Scaling actions, see the Application Auto Scaling User Guide.

", + "service": "

With Application Auto Scaling, you can configure automatic scaling for the following resources:

API Summary

The Application Auto Scaling service API includes three key sets of actions:

To learn more about Application Auto Scaling, including information about granting IAM users required permissions for Application Auto Scaling actions, see the Application Auto Scaling User Guide.

", "operations": { - "DeleteScalingPolicy": "

Deletes the specified scaling policy for an Application Auto Scaling scalable target.

Deleting a step scaling policy deletes the underlying alarm action, but does not delete the CloudWatch alarm associated with the scaling policy, even if it no longer has an associated action.

For more information, see Delete a Step Scaling Policy and Delete a Target Tracking Scaling Policy in the Application Auto Scaling User Guide.

", - "DeleteScheduledAction": "

Deletes the specified scheduled action for an Application Auto Scaling scalable target.

For more information, see Delete a Scheduled Action in the Application Auto Scaling User Guide.

", + "DeleteScalingPolicy": "

Deletes the specified scaling policy for an Application Auto Scaling scalable target.

Deleting a step scaling policy deletes the underlying alarm action, but does not delete the CloudWatch alarm associated with the scaling policy, even if it no longer has an associated action.

For more information, see Delete a step scaling policy and Delete a target tracking scaling policy in the Application Auto Scaling User Guide.

", + "DeleteScheduledAction": "

Deletes the specified scheduled action for an Application Auto Scaling scalable target.

For more information, see Delete a scheduled action in the Application Auto Scaling User Guide.

", "DeregisterScalableTarget": "

Deregisters an Application Auto Scaling scalable target when you have finished using it. To see which resources have been registered, use DescribeScalableTargets.

Deregistering a scalable target deletes the scaling policies and the scheduled actions that are associated with it.

", "DescribeScalableTargets": "

Gets information about the scalable targets in the specified namespace.

You can filter the results using ResourceIds and ScalableDimension.

", "DescribeScalingActivities": "

Provides descriptive information about the scaling activities in the specified namespace from the previous six weeks.

You can filter the results using ResourceId and ScalableDimension.

", - "DescribeScalingPolicies": "

Describes the Application Auto Scaling scaling policies for the specified service namespace.

You can filter the results using ResourceId, ScalableDimension, and PolicyNames.

For more information, see Target Tracking Scaling Policies and Step Scaling Policies in the Application Auto Scaling User Guide.

", - "DescribeScheduledActions": "

Describes the Application Auto Scaling scheduled actions for the specified service namespace.

You can filter the results using the ResourceId, ScalableDimension, and ScheduledActionNames parameters.

For more information, see Scheduled Scaling in the Application Auto Scaling User Guide.

", - "PutScalingPolicy": "

Creates or updates a scaling policy for an Application Auto Scaling scalable target.

Each scalable target is identified by a service namespace, resource ID, and scalable dimension. A scaling policy applies to the scalable target identified by those three attributes. You cannot create a scaling policy until you have registered the resource as a scalable target.

Multiple scaling policies can be in force at the same time for the same scalable target. You can have one or more target tracking scaling policies, one or more step scaling policies, or both. However, there is a chance that multiple policies could conflict, instructing the scalable target to scale out or in at the same time. Application Auto Scaling gives precedence to the policy that provides the largest capacity for both scale out and scale in. For example, if one policy increases capacity by 3, another policy increases capacity by 200 percent, and the current capacity is 10, Application Auto Scaling uses the policy with the highest calculated capacity (200% of 10 = 20) and scales out to 30.

We recommend caution, however, when using target tracking scaling policies with step scaling policies because conflicts between these policies can cause undesirable behavior. For example, if the step scaling policy initiates a scale-in activity before the target tracking policy is ready to scale in, the scale-in activity will not be blocked. After the scale-in activity completes, the target tracking policy could instruct the scalable target to scale out again.

For more information, see Target Tracking Scaling Policies and Step Scaling Policies in the Application Auto Scaling User Guide.

If a scalable target is deregistered, the scalable target is no longer available to execute scaling policies. Any scaling policies that were specified for the scalable target are deleted.

", - "PutScheduledAction": "

Creates or updates a scheduled action for an Application Auto Scaling scalable target.

Each scalable target is identified by a service namespace, resource ID, and scalable dimension. A scheduled action applies to the scalable target identified by those three attributes. You cannot create a scheduled action until you have registered the resource as a scalable target.

When start and end times are specified with a recurring schedule using a cron expression or rates, they form the boundaries of when the recurring action starts and stops.

To update a scheduled action, specify the parameters that you want to change. If you don't specify start and end times, the old values are deleted.

For more information, see Scheduled Scaling in the Application Auto Scaling User Guide.

If a scalable target is deregistered, the scalable target is no longer available to run scheduled actions. Any scheduled actions that were specified for the scalable target are deleted.

", + "DescribeScalingPolicies": "

Describes the Application Auto Scaling scaling policies for the specified service namespace.

You can filter the results using ResourceId, ScalableDimension, and PolicyNames.

For more information, see Target tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide.

", + "DescribeScheduledActions": "

Describes the Application Auto Scaling scheduled actions for the specified service namespace.

You can filter the results using the ResourceId, ScalableDimension, and ScheduledActionNames parameters.

For more information, see Scheduled scaling and Managing scheduled scaling in the Application Auto Scaling User Guide.

", + "PutScalingPolicy": "

Creates or updates a scaling policy for an Application Auto Scaling scalable target.

Each scalable target is identified by a service namespace, resource ID, and scalable dimension. A scaling policy applies to the scalable target identified by those three attributes. You cannot create a scaling policy until you have registered the resource as a scalable target.

Multiple scaling policies can be in force at the same time for the same scalable target. You can have one or more target tracking scaling policies, one or more step scaling policies, or both. However, there is a chance that multiple policies could conflict, instructing the scalable target to scale out or in at the same time. Application Auto Scaling gives precedence to the policy that provides the largest capacity for both scale out and scale in. For example, if one policy increases capacity by 3, another policy increases capacity by 200 percent, and the current capacity is 10, Application Auto Scaling uses the policy with the highest calculated capacity (200% of 10 = 20) and scales out to 30.

We recommend caution, however, when using target tracking scaling policies with step scaling policies because conflicts between these policies can cause undesirable behavior. For example, if the step scaling policy initiates a scale-in activity before the target tracking policy is ready to scale in, the scale-in activity will not be blocked. After the scale-in activity completes, the target tracking policy could instruct the scalable target to scale out again.

For more information, see Target tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide.

If a scalable target is deregistered, the scalable target is no longer available to execute scaling policies. Any scaling policies that were specified for the scalable target are deleted.

", + "PutScheduledAction": "

Creates or updates a scheduled action for an Application Auto Scaling scalable target.

Each scalable target is identified by a service namespace, resource ID, and scalable dimension. A scheduled action applies to the scalable target identified by those three attributes. You cannot create a scheduled action until you have registered the resource as a scalable target.

When start and end times are specified with a recurring schedule using a cron expression or rates, they form the boundaries for when the recurring action starts and stops.

To update a scheduled action, specify the parameters that you want to change. If you don't specify start and end times, the old values are deleted.

For more information, see Scheduled scaling in the Application Auto Scaling User Guide.

If a scalable target is deregistered, the scalable target is no longer available to run scheduled actions. Any scheduled actions that were specified for the scalable target are deleted.

", "RegisterScalableTarget": "

Registers or updates a scalable target.

A scalable target is a resource that Application Auto Scaling can scale out and scale in. Scalable targets are uniquely identified by the combination of resource ID, scalable dimension, and namespace.

When you register a new scalable target, you must specify values for minimum and maximum capacity. Current capacity will be adjusted within the specified range when scaling starts. Application Auto Scaling scaling policies will not scale capacity to values that are outside of this range.

After you register a scalable target, you do not need to register it again to use other Application Auto Scaling operations. To see which resources have been registered, use DescribeScalableTargets. You can also view the scaling policies for a service namespace by using DescribeScalableTargets. If you no longer need a scalable target, you can deregister it by using DeregisterScalableTarget.

To update a scalable target, specify the parameters that you want to change. Include the parameters that identify the scalable target: resource ID, scalable dimension, and namespace. Any parameters that you don't specify are not changed by this update request.

" }, "shapes": { @@ -41,9 +41,9 @@ "Cooldown": { "base": null, "refs": { - "StepScalingPolicyConfiguration$Cooldown": "

The amount of time, in seconds, to wait for a previous scaling activity to take effect.

With scale-out policies, the intention is to continuously (but not excessively) scale out. After Application Auto Scaling successfully scales out using a step scaling policy, it starts to calculate the cooldown time. The scaling policy won't increase the desired capacity again unless either a larger scale out is triggered or the cooldown period ends. While the cooldown period is in effect, capacity added by the initiating scale-out activity is calculated as part of the desired capacity for the next scale-out activity. For example, when an alarm triggers a step scaling policy to increase the capacity by 2, the scaling activity completes successfully, and a cooldown period starts. If the alarm triggers again during the cooldown period but at a more aggressive step adjustment of 3, the previous increase of 2 is considered part of the current capacity. Therefore, only 1 is added to the capacity.

With scale-in policies, the intention is to scale in conservatively to protect your application’s availability, so scale-in activities are blocked until the cooldown period has expired. However, if another alarm triggers a scale-out activity during the cooldown period after a scale-in activity, Application Auto Scaling scales out the target immediately. In this case, the cooldown period for the scale-in activity stops and doesn't complete.

Application Auto Scaling provides a default value of 300 for the following scalable targets:

For all other scalable targets, the default value is 0:

", - "TargetTrackingScalingPolicyConfiguration$ScaleOutCooldown": "

The amount of time, in seconds, to wait for a previous scale-out activity to take effect.

With the scale-out cooldown period, the intention is to continuously (but not excessively) scale out. After Application Auto Scaling successfully scales out using a target tracking scaling policy, it starts to calculate the cooldown time. The scaling policy won't increase the desired capacity again unless either a larger scale out is triggered or the cooldown period ends. While the cooldown period is in effect, the capacity added by the initiating scale-out activity is calculated as part of the desired capacity for the next scale-out activity.

Application Auto Scaling provides a default value of 300 for the following scalable targets:

For all other scalable targets, the default value is 0:

", - "TargetTrackingScalingPolicyConfiguration$ScaleInCooldown": "

The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start.

With the scale-in cooldown period, the intention is to scale in conservatively to protect your application’s availability, so scale-in activities are blocked until the cooldown period has expired. However, if another alarm triggers a scale-out activity during the scale-in cooldown period, Application Auto Scaling scales out the target immediately. In this case, the scale-in cooldown period stops and doesn't complete.

Application Auto Scaling provides a default value of 300 for the following scalable targets:

For all other scalable targets, the default value is 0:

" + "StepScalingPolicyConfiguration$Cooldown": "

The amount of time, in seconds, to wait for a previous scaling activity to take effect.

With scale-out policies, the intention is to continuously (but not excessively) scale out. After Application Auto Scaling successfully scales out using a step scaling policy, it starts to calculate the cooldown time. The scaling policy won't increase the desired capacity again unless either a larger scale out is triggered or the cooldown period ends. While the cooldown period is in effect, capacity added by the initiating scale-out activity is calculated as part of the desired capacity for the next scale-out activity. For example, when an alarm triggers a step scaling policy to increase the capacity by 2, the scaling activity completes successfully, and a cooldown period starts. If the alarm triggers again during the cooldown period but at a more aggressive step adjustment of 3, the previous increase of 2 is considered part of the current capacity. Therefore, only 1 is added to the capacity.

With scale-in policies, the intention is to scale in conservatively to protect your application’s availability, so scale-in activities are blocked until the cooldown period has expired. However, if another alarm triggers a scale-out activity during the cooldown period after a scale-in activity, Application Auto Scaling scales out the target immediately. In this case, the cooldown period for the scale-in activity stops and doesn't complete.

Application Auto Scaling provides a default value of 300 for the following scalable targets:

For all other scalable targets, the default value is 0:

", + "TargetTrackingScalingPolicyConfiguration$ScaleOutCooldown": "

The amount of time, in seconds, to wait for a previous scale-out activity to take effect.

With the scale-out cooldown period, the intention is to continuously (but not excessively) scale out. After Application Auto Scaling successfully scales out using a target tracking scaling policy, it starts to calculate the cooldown time. The scaling policy won't increase the desired capacity again unless either a larger scale out is triggered or the cooldown period ends. While the cooldown period is in effect, the capacity added by the initiating scale-out activity is calculated as part of the desired capacity for the next scale-out activity.

Application Auto Scaling provides a default value of 300 for the following scalable targets:

For all other scalable targets, the default value is 0:

", + "TargetTrackingScalingPolicyConfiguration$ScaleInCooldown": "

The amount of time, in seconds, after a scale-in activity completes before another scale-in activity can start.

With the scale-in cooldown period, the intention is to scale in conservatively to protect your application’s availability, so scale-in activities are blocked until the cooldown period has expired. However, if another alarm triggers a scale-out activity during the scale-in cooldown period, Application Auto Scaling scales out the target immediately. In this case, the scale-in cooldown period stops and doesn't complete.

Application Auto Scaling provides a default value of 300 for the following scalable targets:

For all other scalable targets, the default value is 0:

" } }, "CustomizedMetricSpecification": { @@ -156,7 +156,7 @@ } }, "LimitExceededException": { - "base": "

A per-account resource limit is exceeded. For more information, see Application Auto Scaling Limits.

", + "base": "

A per-account resource limit is exceeded. For more information, see Application Auto Scaling service quotas.

", "refs": { } }, @@ -258,12 +258,12 @@ "PolicyType": { "base": null, "refs": { - "PutScalingPolicyRequest$PolicyType": "

The policy type. This parameter is required if you are creating a scaling policy.

The following policy types are supported:

TargetTrackingScaling—Not supported for Amazon EMR

StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces (for Apache Cassandra), or Amazon MSK.

For more information, see Target Tracking Scaling Policies and Step Scaling Policies in the Application Auto Scaling User Guide.

", + "PutScalingPolicyRequest$PolicyType": "

The policy type. This parameter is required if you are creating a scaling policy.

The following policy types are supported:

TargetTrackingScaling—Not supported for Amazon EMR

StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon Keyspaces (for Apache Cassandra), or Amazon MSK.

For more information, see Target tracking scaling policies and Step scaling policies in the Application Auto Scaling User Guide.

", "ScalingPolicy$PolicyType": "

The scaling policy type.

" } }, "PredefinedMetricSpecification": { - "base": "

Represents a predefined metric for a target tracking scaling policy to use with Application Auto Scaling.

Only the AWS services that you're using send metrics to Amazon CloudWatch. To determine whether a desired metric already exists by looking up its namespace and dimension using the CloudWatch metrics dashboard in the console, follow the procedure in Building Dashboards with CloudWatch in the Application Auto Scaling User Guide.

", + "base": "

Represents a predefined metric for a target tracking scaling policy to use with Application Auto Scaling.

Only the AWS services that you're using send metrics to Amazon CloudWatch. To determine whether a desired metric already exists by looking up its namespace and dimension using the CloudWatch metrics dashboard in the console, follow the procedure in Building dashboards with CloudWatch in the Application Auto Scaling User Guide.

", "refs": { "TargetTrackingScalingPolicyConfiguration$PredefinedMetricSpecification": "

A predefined metric. You can specify either a predefined metric or a customized metric.

" } @@ -325,15 +325,16 @@ "DeleteScheduledActionRequest$ScheduledActionName": "

The name of the scheduled action.

", "DeleteScheduledActionRequest$ResourceId": "

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

", "DeregisterScalableTargetRequest$ResourceId": "

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

", - "DescribeScalingActivitiesRequest$ResourceId": "

The identifier of the resource associated with the scaling activity. This string consists of the resource type and unique identifier. If you specify a scalable dimension, you must also specify a resource ID.

", - "DescribeScalingPoliciesRequest$ResourceId": "

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier. If you specify a scalable dimension, you must also specify a resource ID.

", - "DescribeScheduledActionsRequest$ResourceId": "

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier. If you specify a scalable dimension, you must also specify a resource ID.

", + "DescribeScalingActivitiesRequest$ResourceId": "

The identifier of the resource associated with the scaling activity. This string consists of the resource type and unique identifier.

", + "DescribeScalingPoliciesRequest$ResourceId": "

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

", + "DescribeScheduledActionsRequest$ResourceId": "

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

", "PutScalingPolicyRequest$ResourceId": "

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

", "PutScalingPolicyResponse$PolicyARN": "

The Amazon Resource Name (ARN) of the resulting scaling policy.

", - "PutScheduledActionRequest$Schedule": "

The schedule for this action. The following formats are supported:

At expressions are useful for one-time schedules. Specify the time in UTC.

For rate expressions, value is a positive integer and unit is minute | minutes | hour | hours | day | days.

For cron expressions, fields is a cron expression. The supported cron format consists of six fields separated by white spaces: [Minutes] [Hours] [Day_of_Month] [Month] [Day_of_Week] [Year].

For more information and examples, see Scheduled Scaling in the Application Auto Scaling User Guide.

", + "PutScheduledActionRequest$Schedule": "

The schedule for this action. The following formats are supported:

At expressions are useful for one-time schedules. Cron expressions are useful for scheduled actions that run periodically at a specified date and time, and rate expressions are useful for scheduled actions that run at a regular interval.

At and cron expressions use Universal Coordinated Time (UTC) by default.

The cron format consists of six fields separated by white spaces: [Minutes] [Hours] [Day_of_Month] [Month] [Day_of_Week] [Year].

For rate expressions, value is a positive integer and unit is minute | minutes | hour | hours | day | days.

For more information and examples, see Example scheduled actions for Application Auto Scaling in the Application Auto Scaling User Guide.

", + "PutScheduledActionRequest$Timezone": "

Specifies the time zone used when setting a scheduled action by using an at or cron expression. If a time zone is not provided, UTC is used by default.

Valid values are the canonical names of the IANA time zones supported by Joda-Time (such as Etc/GMT+9 or Pacific/Tahiti). For more information, see https://www.joda.org/joda-time/timezones.html.

", "PutScheduledActionRequest$ResourceId": "

The identifier of the resource associated with the scheduled action. This string consists of the resource type and unique identifier.

", "RegisterScalableTargetRequest$ResourceId": "

The identifier of the resource that is associated with the scalable target. This string consists of the resource type and unique identifier.

", - "RegisterScalableTargetRequest$RoleARN": "

This parameter is required for services that do not support service-linked roles (such as Amazon EMR), and it must specify the ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf.

If the service supports service-linked roles, Application Auto Scaling uses a service-linked role, which it creates if it does not yet exist. For more information, see Application Auto Scaling IAM Roles.

", + "RegisterScalableTargetRequest$RoleARN": "

This parameter is required for services that do not support service-linked roles (such as Amazon EMR), and it must specify the ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf.

If the service supports service-linked roles, Application Auto Scaling uses a service-linked role, which it creates if it does not yet exist. For more information, see Application Auto Scaling IAM roles.

", "ResourceIdsMaxLen1600$member": null, "ScalableTarget$ResourceId": "

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

", "ScalableTarget$RoleARN": "

The ARN of an IAM role that allows Application Auto Scaling to modify the scalable target on your behalf.

", @@ -341,14 +342,15 @@ "ScalingPolicy$PolicyARN": "

The Amazon Resource Name (ARN) of the scaling policy.

", "ScalingPolicy$ResourceId": "

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

", "ScheduledAction$ScheduledActionARN": "

The Amazon Resource Name (ARN) of the scheduled action.

", - "ScheduledAction$Schedule": "

The schedule for this action. The following formats are supported:

At expressions are useful for one-time schedules. Specify the time in UTC.

For rate expressions, value is a positive integer and unit is minute | minutes | hour | hours | day | days.

For cron expressions, fields is a cron expression. The supported cron format consists of six fields separated by white spaces: [Minutes] [Hours] [Day_of_Month] [Month] [Day_of_Week] [Year].

For more information and examples, see Scheduled Scaling in the Application Auto Scaling User Guide.

", + "ScheduledAction$Schedule": "

The schedule for this action. The following formats are supported:

At expressions are useful for one-time schedules. Cron expressions are useful for scheduled actions that run periodically at a specified date and time, and rate expressions are useful for scheduled actions that run at a regular interval.

At and cron expressions use Universal Coordinated Time (UTC) by default.

The cron format consists of six fields separated by white spaces: [Minutes] [Hours] [Day_of_Month] [Month] [Day_of_Week] [Year].

For rate expressions, value is a positive integer and unit is minute | minutes | hour | hours | day | days.

For more information and examples, see Example scheduled actions for Application Auto Scaling in the Application Auto Scaling User Guide.

", + "ScheduledAction$Timezone": "

The time zone used when referring to the date and time of a scheduled action, when the scheduled action uses an at or cron expression.

", "ScheduledAction$ResourceId": "

The identifier of the resource associated with the scaling policy. This string consists of the resource type and unique identifier.

" } }, "ResourceIdsMaxLen1600": { "base": null, "refs": { - "DescribeScalableTargetsRequest$ResourceIds": "

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier. If you specify a scalable dimension, you must also specify a resource ID.

", + "DescribeScalableTargetsRequest$ResourceIds": "

The identifier of the resource associated with the scalable target. This string consists of the resource type and unique identifier.

", "DescribeScalingPoliciesRequest$PolicyNames": "

The names of the scaling policies to describe.

", "DescribeScheduledActionsRequest$ScheduledActionNames": "

The names of the scheduled actions to describe.

" } @@ -501,7 +503,7 @@ "SuspendedState": { "base": "

Specifies whether the scaling activities for a scalable target are in a suspended state.

", "refs": { - "RegisterScalableTargetRequest$SuspendedState": "

An embedded object that contains attributes and attribute values that are used to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities.

Suspension Outcomes

For more information, see Suspending and Resuming Scaling in the Application Auto Scaling User Guide.

", + "RegisterScalableTargetRequest$SuspendedState": "

An embedded object that contains attributes and attribute values that are used to suspend and resume automatic scaling. Setting the value of an attribute to true suspends the specified scaling activities. Setting it to false (default) resumes the specified scaling activities.

Suspension Outcomes

For more information, see Suspending and resuming scaling in the Application Auto Scaling User Guide.

", "ScalableTarget$SuspendedState": null } }, @@ -515,14 +517,14 @@ "TimestampType": { "base": null, "refs": { - "PutScheduledActionRequest$StartTime": "

The date and time for this scheduled action to start.

", - "PutScheduledActionRequest$EndTime": "

The date and time for the recurring schedule to end.

", + "PutScheduledActionRequest$StartTime": "

The date and time for this scheduled action to start, in UTC.

", + "PutScheduledActionRequest$EndTime": "

The date and time for the recurring schedule to end, in UTC.

", "ScalableTarget$CreationTime": "

The Unix timestamp for when the scalable target was created.

", "ScalingActivity$StartTime": "

The Unix timestamp for when the scaling activity began.

", "ScalingActivity$EndTime": "

The Unix timestamp for when the scaling activity ended.

", "ScalingPolicy$CreationTime": "

The Unix timestamp for when the scaling policy was created.

", - "ScheduledAction$StartTime": "

The date and time that the action is scheduled to begin.

", - "ScheduledAction$EndTime": "

The date and time that the action is scheduled to end.

", + "ScheduledAction$StartTime": "

The date and time that the action is scheduled to begin, in UTC.

", + "ScheduledAction$EndTime": "

The date and time that the action is scheduled to end, in UTC.

", "ScheduledAction$CreationTime": "

The date and time that the scheduled action was created.

" } }, diff --git a/models/apis/appmesh/2019-01-25/api-2.json b/models/apis/appmesh/2019-01-25/api-2.json index 42a5084faea..d9579ce99d0 100644 --- a/models/apis/appmesh/2019-01-25/api-2.json +++ b/models/apis/appmesh/2019-01-25/api-2.json @@ -861,6 +861,7 @@ "type":"structure", "required":["validation"], "members":{ + "certificate":{"shape":"ClientTlsCertificate"}, "enforce":{ "shape":"Boolean", "box":true @@ -869,6 +870,14 @@ "validation":{"shape":"TlsValidationContext"} } }, + "ClientTlsCertificate":{ + "type":"structure", + "members":{ + "file":{"shape":"ListenerTlsFileCertificate"}, + "sds":{"shape":"ListenerTlsSdsCertificate"} + }, + "union":true + }, "ConflictException":{ "type":"structure", "members":{ @@ -2382,7 +2391,8 @@ ], "members":{ "certificate":{"shape":"ListenerTlsCertificate"}, - "mode":{"shape":"ListenerTlsMode"} + "mode":{"shape":"ListenerTlsMode"}, + "validation":{"shape":"ListenerTlsValidationContext"} } }, "ListenerTlsAcmCertificate":{ @@ -2396,7 +2406,8 @@ "type":"structure", "members":{ "acm":{"shape":"ListenerTlsAcmCertificate"}, - "file":{"shape":"ListenerTlsFileCertificate"} + "file":{"shape":"ListenerTlsFileCertificate"}, + "sds":{"shape":"ListenerTlsSdsCertificate"} }, "union":true }, @@ -2419,6 +2430,29 @@ "DISABLED" ] }, + "ListenerTlsSdsCertificate":{ + "type":"structure", + "required":["secretName"], + "members":{ + "secretName":{"shape":"SdsSecretName"} + } + }, + "ListenerTlsValidationContext":{ + "type":"structure", + "required":["trust"], + "members":{ + "subjectAlternativeNames":{"shape":"SubjectAlternativeNames"}, + "trust":{"shape":"ListenerTlsValidationContextTrust"} + } + }, + "ListenerTlsValidationContextTrust":{ + "type":"structure", + "members":{ + "file":{"shape":"TlsValidationContextFileTrust"}, + "sds":{"shape":"TlsValidationContextSdsTrust"} + }, + "union":true + }, "Listeners":{ "type":"list", "member":{"shape":"Listener"}, @@ -2715,6 +2749,7 @@ "DELETED" ] }, + "SdsSecretName":{"type":"string"}, "ServiceDiscovery":{ "type":"structure", "members":{ @@ -2735,6 +2770,29 @@ "retryable":{"throttling":false} }, "String":{"type":"string"}, + "SubjectAlternativeName":{ + "type":"string", + "max":254, + "min":1 + }, + "SubjectAlternativeNameList":{ + "type":"list", + "member":{"shape":"SubjectAlternativeName"} + }, + "SubjectAlternativeNameMatchers":{ + "type":"structure", + "required":["exact"], + "members":{ + "exact":{"shape":"SubjectAlternativeNameList"} + } + }, + "SubjectAlternativeNames":{ + "type":"structure", + "required":["match"], + "members":{ + "match":{"shape":"SubjectAlternativeNameMatchers"} + } + }, "TagKey":{ "type":"string", "max":128, @@ -2830,6 +2888,7 @@ "type":"structure", "required":["trust"], "members":{ + "subjectAlternativeNames":{"shape":"SubjectAlternativeNames"}, "trust":{"shape":"TlsValidationContextTrust"} } }, @@ -2847,11 +2906,19 @@ "certificateChain":{"shape":"FilePath"} } }, + "TlsValidationContextSdsTrust":{ + "type":"structure", + "required":["secretName"], + "members":{ + "secretName":{"shape":"SdsSecretName"} + } + }, "TlsValidationContextTrust":{ "type":"structure", "members":{ "acm":{"shape":"TlsValidationContextAcmTrust"}, - "file":{"shape":"TlsValidationContextFileTrust"} + "file":{"shape":"TlsValidationContextFileTrust"}, + "sds":{"shape":"TlsValidationContextSdsTrust"} }, "union":true }, @@ -3191,6 +3258,7 @@ "type":"structure", "required":["validation"], "members":{ + "certificate":{"shape":"VirtualGatewayClientTlsCertificate"}, "enforce":{ "shape":"Boolean", "box":true @@ -3199,6 +3267,14 @@ "validation":{"shape":"VirtualGatewayTlsValidationContext"} } }, + "VirtualGatewayClientTlsCertificate":{ + "type":"structure", + "members":{ + "file":{"shape":"VirtualGatewayListenerTlsFileCertificate"}, + "sds":{"shape":"VirtualGatewayListenerTlsSdsCertificate"} + }, + "union":true + }, "VirtualGatewayConnectionPool":{ "type":"structure", "members":{ @@ -3315,7 +3391,8 @@ ], "members":{ "certificate":{"shape":"VirtualGatewayListenerTlsCertificate"}, - "mode":{"shape":"VirtualGatewayListenerTlsMode"} + "mode":{"shape":"VirtualGatewayListenerTlsMode"}, + "validation":{"shape":"VirtualGatewayListenerTlsValidationContext"} } }, "VirtualGatewayListenerTlsAcmCertificate":{ @@ -3329,7 +3406,8 @@ "type":"structure", "members":{ "acm":{"shape":"VirtualGatewayListenerTlsAcmCertificate"}, - "file":{"shape":"VirtualGatewayListenerTlsFileCertificate"} + "file":{"shape":"VirtualGatewayListenerTlsFileCertificate"}, + "sds":{"shape":"VirtualGatewayListenerTlsSdsCertificate"} }, "union":true }, @@ -3352,6 +3430,29 @@ "DISABLED" ] }, + "VirtualGatewayListenerTlsSdsCertificate":{ + "type":"structure", + "required":["secretName"], + "members":{ + "secretName":{"shape":"VirtualGatewaySdsSecretName"} + } + }, + "VirtualGatewayListenerTlsValidationContext":{ + "type":"structure", + "required":["trust"], + "members":{ + "subjectAlternativeNames":{"shape":"SubjectAlternativeNames"}, + "trust":{"shape":"VirtualGatewayListenerTlsValidationContextTrust"} + } + }, + "VirtualGatewayListenerTlsValidationContextTrust":{ + "type":"structure", + "members":{ + "file":{"shape":"VirtualGatewayTlsValidationContextFileTrust"}, + "sds":{"shape":"VirtualGatewayTlsValidationContextSdsTrust"} + }, + "union":true + }, "VirtualGatewayListeners":{ "type":"list", "member":{"shape":"VirtualGatewayListener"}, @@ -3406,6 +3507,7 @@ "virtualGatewayName":{"shape":"ResourceName"} } }, + "VirtualGatewaySdsSecretName":{"type":"string"}, "VirtualGatewaySpec":{ "type":"structure", "required":["listeners"], @@ -3434,6 +3536,7 @@ "type":"structure", "required":["trust"], "members":{ + "subjectAlternativeNames":{"shape":"SubjectAlternativeNames"}, "trust":{"shape":"VirtualGatewayTlsValidationContextTrust"} } }, @@ -3451,11 +3554,19 @@ "certificateChain":{"shape":"FilePath"} } }, + "VirtualGatewayTlsValidationContextSdsTrust":{ + "type":"structure", + "required":["secretName"], + "members":{ + "secretName":{"shape":"VirtualGatewaySdsSecretName"} + } + }, "VirtualGatewayTlsValidationContextTrust":{ "type":"structure", "members":{ "acm":{"shape":"VirtualGatewayTlsValidationContextAcmTrust"}, - "file":{"shape":"VirtualGatewayTlsValidationContextFileTrust"} + "file":{"shape":"VirtualGatewayTlsValidationContextFileTrust"}, + "sds":{"shape":"VirtualGatewayTlsValidationContextSdsTrust"} }, "union":true }, diff --git a/models/apis/appmesh/2019-01-25/docs-2.json b/models/apis/appmesh/2019-01-25/docs-2.json index 2ca0762b8a2..3dcaf5e0cbd 100644 --- a/models/apis/appmesh/2019-01-25/docs-2.json +++ b/models/apis/appmesh/2019-01-25/docs-2.json @@ -208,6 +208,12 @@ "ClientPolicy$tls": "

A reference to an object that represents a Transport Layer Security (TLS) client policy.

" } }, + "ClientTlsCertificate": { + "base": "

An object that represents the client's certificate.

", + "refs": { + "ClientPolicyTls$certificate": "

A reference to an object that represents a client's TLS certificate.

" + } + }, "ConflictException": { "base": "

The request contains a client token that was used for a previous update resource call with different specifications. Try the request again with a new client token.

", "refs": { @@ -929,12 +935,13 @@ "ListenerTlsCertificate": { "base": "

An object that represents a listener's Transport Layer Security (TLS) certificate.

", "refs": { - "ListenerTls$certificate": "

A reference to an object that represents a listener's TLS certificate.

" + "ListenerTls$certificate": "

A reference to an object that represents a listener's Transport Layer Security (TLS) certificate.

" } }, "ListenerTlsFileCertificate": { "base": "

An object that represents a local file certificate. The certificate must meet specific requirements and you must have proxy authorization enabled. For more information, see Transport Layer Security (TLS).

", "refs": { + "ClientTlsCertificate$file": null, "ListenerTlsCertificate$file": "

A reference to an object that represents a local file certificate.

" } }, @@ -944,6 +951,25 @@ "ListenerTls$mode": "

Specify one of the following modes.

" } }, + "ListenerTlsSdsCertificate": { + "base": "

An object that represents the listener's Secret Discovery Service certificate. The proxy must be configured with a local SDS provider via a Unix Domain Socket. See App Mesh TLS documentation for more info.

", + "refs": { + "ClientTlsCertificate$sds": "

A reference to an object that represents a client's TLS Secret Discovery Service certificate.

", + "ListenerTlsCertificate$sds": "

A reference to an object that represents a listener's Secret Discovery Service certificate.

" + } + }, + "ListenerTlsValidationContext": { + "base": "

An object that represents a listener's Transport Layer Security (TLS) validation context.

", + "refs": { + "ListenerTls$validation": "

A reference to an object that represents a listener's Transport Layer Security (TLS) validation context.

" + } + }, + "ListenerTlsValidationContextTrust": { + "base": "

An object that represents a listener's Transport Layer Security (TLS) validation context trust.

", + "refs": { + "ListenerTlsValidationContext$trust": "

A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

" + } + }, "Listeners": { "base": null, "refs": { @@ -1281,6 +1307,13 @@ "RouteStatus$status": "

The current status for the route.

" } }, + "SdsSecretName": { + "base": null, + "refs": { + "ListenerTlsSdsCertificate$secretName": "

A reference to an object that represents the name of the secret requested from the Secret Discovery Service provider representing Transport Layer Security (TLS) materials like a certificate or certificate chain.

", + "TlsValidationContextSdsTrust$secretName": "

A reference to an object that represents the name of the secret for a Transport Layer Security (TLS) Secret Discovery Service validation context trust.

" + } + }, "ServiceDiscovery": { "base": "

An object that represents the service discovery information for a virtual node.

", "refs": { @@ -1356,6 +1389,33 @@ "VirtualGatewayHealthCheckPolicy$path": "

The destination path for the health check request. This value is only used if the specified protocol is HTTP or HTTP/2. For any other protocol, this value is ignored.

" } }, + "SubjectAlternativeName": { + "base": null, + "refs": { + "SubjectAlternativeNameList$member": null + } + }, + "SubjectAlternativeNameList": { + "base": null, + "refs": { + "SubjectAlternativeNameMatchers$exact": "

The values sent must match the specified values exactly.

" + } + }, + "SubjectAlternativeNameMatchers": { + "base": "

An object that represents the methods by which a subject alternative name on a peer Transport Layer Security (TLS) certificate can be matched.

", + "refs": { + "SubjectAlternativeNames$match": "

An object that represents the criteria for determining a SANs match.

" + } + }, + "SubjectAlternativeNames": { + "base": "

An object that represents the subject alternative names secured by the certificate.

", + "refs": { + "ListenerTlsValidationContext$subjectAlternativeNames": "

A reference to an object that represents the SANs for a listener's Transport Layer Security (TLS) validation context.

", + "TlsValidationContext$subjectAlternativeNames": "

A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context.

", + "VirtualGatewayListenerTlsValidationContext$subjectAlternativeNames": "

A reference to an object that represents the SANs for a virtual gateway listener's Transport Layer Security (TLS) validation context.

", + "VirtualGatewayTlsValidationContext$subjectAlternativeNames": "

A reference to an object that represents the SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context.

" + } + }, "TagKey": { "base": null, "refs": { @@ -1465,27 +1525,35 @@ } }, "TlsValidationContext": { - "base": "

An object that represents a Transport Layer Security (TLS) validation context.

", + "base": "

An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.

", "refs": { "ClientPolicyTls$validation": "

A reference to an object that represents a TLS validation context.

" } }, "TlsValidationContextAcmTrust": { - "base": "

An object that represents a TLS validation context trust for an AWS Certicate Manager (ACM) certificate.

", + "base": "

An object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certicate Manager (ACM) certificate.

", "refs": { - "TlsValidationContextTrust$acm": "

A reference to an object that represents a TLS validation context trust for an AWS Certicate Manager (ACM) certificate.

" + "TlsValidationContextTrust$acm": "

A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certicate Manager (ACM) certificate.

" } }, "TlsValidationContextFileTrust": { "base": "

An object that represents a Transport Layer Security (TLS) validation context trust for a local file.

", "refs": { - "TlsValidationContextTrust$file": "

An object that represents a TLS validation context trust for a local file.

" + "ListenerTlsValidationContextTrust$file": null, + "TlsValidationContextTrust$file": "

An object that represents a Transport Layer Security (TLS) validation context trust for a local file.

" + } + }, + "TlsValidationContextSdsTrust": { + "base": "

An object that represents a Transport Layer Security (TLS) Secret Discovery Service validation context trust. The proxy must be configured with a local SDS provider via a Unix Domain Socket. See App Mesh TLS documentation for more info.

", + "refs": { + "ListenerTlsValidationContextTrust$sds": "

A reference to an object that represents a listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust.

", + "TlsValidationContextTrust$sds": "

A reference to an object that represents a Transport Layer Security (TLS) Secret Discovery Service validation context trust.

" } }, "TlsValidationContextTrust": { "base": "

An object that represents a Transport Layer Security (TLS) validation context trust.

", "refs": { - "TlsValidationContext$trust": "

A reference to an object that represents a TLS validation context trust.

" + "TlsValidationContext$trust": "

A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

" } }, "TooManyRequestsException": { @@ -1608,6 +1676,12 @@ "VirtualGatewayClientPolicy$tls": "

A reference to an object that represents a Transport Layer Security (TLS) client policy.

" } }, + "VirtualGatewayClientTlsCertificate": { + "base": "

An object that represents the virtual gateway's client's Transport Layer Security (TLS) certificate.

", + "refs": { + "VirtualGatewayClientPolicyTls$certificate": "

A reference to an object that represents a virtual gateway's client's Transport Layer Security (TLS) certificate.

" + } + }, "VirtualGatewayConnectionPool": { "base": "

An object that represents the type of virtual gateway connection pool.

Only one protocol is used at a time and should be the same protocol as the one chosen under port mapping.

If not present the default value for maxPendingRequests is 2147483647.

", "refs": { @@ -1705,6 +1779,7 @@ "VirtualGatewayListenerTlsFileCertificate": { "base": "

An object that represents a local file certificate. The certificate must meet specific requirements and you must have proxy authorization enabled. For more information, see Transport Layer Security (TLS).

", "refs": { + "VirtualGatewayClientTlsCertificate$file": null, "VirtualGatewayListenerTlsCertificate$file": "

A reference to an object that represents a local file certificate.

" } }, @@ -1714,6 +1789,25 @@ "VirtualGatewayListenerTls$mode": "

Specify one of the following modes.

  • STRICT – Listener only accepts connections with TLS enabled.

  • PERMISSIVE – Listener accepts connections with or without TLS enabled.

  • DISABLED – Listener only accepts connections without TLS.

" } }, + "VirtualGatewayListenerTlsSdsCertificate": { + "base": "

An object that represents the virtual gateway's listener's Secret Discovery Service certificate.The proxy must be configured with a local SDS provider via a Unix Domain Socket. See App Mesh TLS documentation for more info.

", + "refs": { + "VirtualGatewayClientTlsCertificate$sds": "

A reference to an object that represents a virtual gateway's client's Secret Discovery Service certificate.

", + "VirtualGatewayListenerTlsCertificate$sds": "

A reference to an object that represents a virtual gateway's listener's Secret Discovery Service certificate.

" + } + }, + "VirtualGatewayListenerTlsValidationContext": { + "base": "

An object that represents a virtual gateway's listener's Transport Layer Security (TLS) validation context.

", + "refs": { + "VirtualGatewayListenerTls$validation": "

A reference to an object that represents a virtual gateway's listener's Transport Layer Security (TLS) validation context.

" + } + }, + "VirtualGatewayListenerTlsValidationContextTrust": { + "base": "

An object that represents a virtual gateway's listener's Transport Layer Security (TLS) validation context trust.

", + "refs": { + "VirtualGatewayListenerTlsValidationContext$trust": "

A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

" + } + }, "VirtualGatewayListeners": { "base": null, "refs": { @@ -1745,6 +1839,13 @@ "VirtualGatewayList$member": null } }, + "VirtualGatewaySdsSecretName": { + "base": null, + "refs": { + "VirtualGatewayListenerTlsSdsCertificate$secretName": "

A reference to an object that represents the name of the secret secret requested from the Secret Discovery Service provider representing Transport Layer Security (TLS) materials like a certificate or certificate chain.

", + "VirtualGatewayTlsValidationContextSdsTrust$secretName": "

A reference to an object that represents the name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.

" + } + }, "VirtualGatewaySpec": { "base": "

An object that represents the specification of a service mesh resource.

", "refs": { @@ -1768,25 +1869,33 @@ "VirtualGatewayTlsValidationContext": { "base": "

An object that represents a Transport Layer Security (TLS) validation context.

", "refs": { - "VirtualGatewayClientPolicyTls$validation": "

A reference to an object that represents a TLS validation context.

" + "VirtualGatewayClientPolicyTls$validation": "

A reference to an object that represents a Transport Layer Security (TLS) validation context.

" } }, "VirtualGatewayTlsValidationContextAcmTrust": { - "base": "

An object that represents a TLS validation context trust for an AWS Certicate Manager (ACM) certificate.

", + "base": "

An object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certicate Manager (ACM) certificate.

", "refs": { - "VirtualGatewayTlsValidationContextTrust$acm": "

A reference to an object that represents a TLS validation context trust for an AWS Certicate Manager (ACM) certificate.

" + "VirtualGatewayTlsValidationContextTrust$acm": "

A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certicate Manager (ACM) certificate.

" } }, "VirtualGatewayTlsValidationContextFileTrust": { "base": "

An object that represents a Transport Layer Security (TLS) validation context trust for a local file.

", "refs": { - "VirtualGatewayTlsValidationContextTrust$file": "

An object that represents a TLS validation context trust for a local file.

" + "VirtualGatewayListenerTlsValidationContextTrust$file": null, + "VirtualGatewayTlsValidationContextTrust$file": "

An object that represents a Transport Layer Security (TLS) validation context trust for a local file.

" + } + }, + "VirtualGatewayTlsValidationContextSdsTrust": { + "base": "

An object that represents a virtual gateway's listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust. The proxy must be configured with a local SDS provider via a Unix Domain Socket. See App Mesh TLS documentation for more info.

", + "refs": { + "VirtualGatewayListenerTlsValidationContextTrust$sds": "

A reference to an object that represents a virtual gateway's listener's Transport Layer Security (TLS) Secret Discovery Service validation context trust.

", + "VirtualGatewayTlsValidationContextTrust$sds": "

A reference to an object that represents a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.

" } }, "VirtualGatewayTlsValidationContextTrust": { "base": "

An object that represents a Transport Layer Security (TLS) validation context trust.

", "refs": { - "VirtualGatewayTlsValidationContext$trust": "

A reference to an object that represents a TLS validation context trust.

" + "VirtualGatewayTlsValidationContext$trust": "

A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.

" } }, "VirtualNodeConnectionPool": { diff --git a/models/apis/iotwireless/2020-11-22/api-2.json b/models/apis/iotwireless/2020-11-22/api-2.json index ecc4078cf2d..1cdeccbbfed 100644 --- a/models/apis/iotwireless/2020-11-22/api-2.json +++ b/models/apis/iotwireless/2020-11-22/api-2.json @@ -1464,7 +1464,10 @@ }, "ExpressionType":{ "type":"string", - "enum":["RuleName"] + "enum":[ + "RuleName", + "MqttTopic" + ] }, "FNwkSIntKey":{ "type":"string", @@ -1664,7 +1667,8 @@ "GetWirelessGatewayCertificateResponse":{ "type":"structure", "members":{ - "IotCertificateId":{"shape":"IotCertificateId"} + "IotCertificateId":{"shape":"IotCertificateId"}, + "LoRaWANNetworkServerCertificateId":{"shape":"IotCertificateId"} } }, "GetWirelessGatewayFirmwareInformationRequest":{ diff --git a/models/apis/iotwireless/2020-11-22/docs-2.json b/models/apis/iotwireless/2020-11-22/docs-2.json index 7402ac65ba2..821c5a0a8ac 100644 --- a/models/apis/iotwireless/2020-11-22/docs-2.json +++ b/models/apis/iotwireless/2020-11-22/docs-2.json @@ -600,7 +600,7 @@ "Fingerprint": { "base": null, "refs": { - "SidewalkAccountInfoWithFingerprint$Fingerprint": "

Fingerprint for Sidewalk application server private key.

" + "SidewalkAccountInfoWithFingerprint$Fingerprint": "

The fingerprint of the Sidewalk application server private key.

" } }, "GatewayEui": { @@ -783,7 +783,8 @@ "refs": { "AssociateWirelessGatewayWithCertificateRequest$IotCertificateId": "

The ID of the certificate to associate with the wireless gateway.

", "AssociateWirelessGatewayWithCertificateResponse$IotCertificateId": "

The ID of the certificate associated with the wireless gateway.

", - "GetWirelessGatewayCertificateResponse$IotCertificateId": "

The ID of the certificate associated with the wireless gateway.

" + "GetWirelessGatewayCertificateResponse$IotCertificateId": "

The ID of the certificate associated with the wireless gateway.

", + "GetWirelessGatewayCertificateResponse$LoRaWANNetworkServerCertificateId": "

The ID of the certificate associated with the wireless gateway and used for LoRaWANNetworkServer endpoint.

" } }, "JoinEui": { @@ -1466,7 +1467,7 @@ "TransmitMode": { "base": null, "refs": { - "SendDataToWirelessDeviceRequest$TransmitMode": "

The transmit mode to use to send data to the wireless device. Can be: 0 for UM (unacknowledge mode), 1 for AM (acknowledge mode), or 2 for (TM) transparent mode.

" + "SendDataToWirelessDeviceRequest$TransmitMode": "

The transmit mode to use to send data to the wireless device. Can be: 0 for UM (unacknowledge mode) or 1 for AM (acknowledge mode).

" } }, "UlBucketSize": { diff --git a/models/apis/location/2020-11-19/docs-2.json b/models/apis/location/2020-11-19/docs-2.json index 5d488319906..e3794ac6a80 100644 --- a/models/apis/location/2020-11-19/docs-2.json +++ b/models/apis/location/2020-11-19/docs-2.json @@ -771,7 +771,7 @@ "MapStyle": { "base": null, "refs": { - "MapConfiguration$Style": "

Specifies the map style selected from an available data provider.

Valid styles: VectorEsriLightGrayCanvas, VectorEsriLight, VectorEsriStreets, VectorEsriNavigation, VectorEsriDarkGrayCanvas, VectorEsriLightGrayCanvas, VectorHereBerlin

When using HERE as your data provider, and selecting the Style VectorHereBerlin, you may not use HERE Maps for Asset Management. See the AWS Service Terms for Amazon Location Service.

" + "MapConfiguration$Style": "

Specifies the map style selected from an available data provider.

Valid styles: VectorEsriStreets, VectorEsriTopographic, VectorEsriNavigation, VectorEsriDarkGrayCanvas, VectorEsriLightGrayCanvas, VectorHereBerlin.

When using HERE as your data provider, and selecting the Style VectorHereBerlin, you may not use HERE Maps for Asset Management. See the AWS Service Terms for Amazon Location Service.

" } }, "Place": { diff --git a/models/apis/lookoutvision/2020-11-20/api-2.json b/models/apis/lookoutvision/2020-11-20/api-2.json index 7fbaf244739..8de89f80ef1 100644 --- a/models/apis/lookoutvision/2020-11-20/api-2.json +++ b/models/apis/lookoutvision/2020-11-20/api-2.json @@ -240,6 +240,23 @@ {"shape":"ThrottlingException"} ] }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/2020-11-20/tags/{resourceArn}" + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ] + }, "StartModel":{ "name":"StartModel", "http":{ @@ -277,6 +294,41 @@ {"shape":"ThrottlingException"} ] }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/2020-11-20/tags/{resourceArn}" + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"} + ] + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"DELETE", + "requestUri":"/2020-11-20/tags/{resourceArn}" + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InternalServerException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"} + ] + }, "UpdateDatasetEntries":{ "name":"UpdateDatasetEntries", "http":{ @@ -380,7 +432,7 @@ "location":"uri", "locationName":"projectName" }, - "Description":{"shape":"ModelDescription"}, + "Description":{"shape":"ModelDescriptionMessage"}, "ClientToken":{ "shape":"ClientToken", "idempotencyToken":true, @@ -388,7 +440,8 @@ "locationName":"X-Amzn-Client-Token" }, "OutputConfig":{"shape":"OutputConfig"}, - "KmsKeyId":{"shape":"KmsKeyId"} + "KmsKeyId":{"shape":"KmsKeyId"}, + "Tags":{"shape":"TagList"} } }, "CreateModelResponse":{ @@ -855,6 +908,23 @@ "NextToken":{"shape":"PaginationToken"} } }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"TagArn", + "location":"uri", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "Tags":{"shape":"TagList"} + } + }, "ModelArn":{"type":"string"}, "ModelDescription":{ "type":"structure", @@ -1137,6 +1207,66 @@ "requiresLength":true, "streaming":true }, + "Tag":{ + "type":"structure", + "required":[ + "Key", + "Value" + ], + "members":{ + "Key":{"shape":"TagKey"}, + "Value":{"shape":"TagValue"} + } + }, + "TagArn":{ + "type":"string", + "max":1011, + "min":1 + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":200, + "min":0 + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"}, + "max":200, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Tags" + ], + "members":{ + "ResourceArn":{ + "shape":"TagArn", + "location":"uri", + "locationName":"resourceArn" + }, + "Tags":{"shape":"TagList"} + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" + }, "ThrottlingException":{ "type":"structure", "required":["Message"], @@ -1153,6 +1283,30 @@ "error":{"httpStatusCode":429}, "exception":true }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "TagKeys" + ], + "members":{ + "ResourceArn":{ + "shape":"TagArn", + "location":"uri", + "locationName":"resourceArn" + }, + "TagKeys":{ + "shape":"TagKeyList", + "location":"querystring", + "locationName":"tagKeys" + } + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + } + }, "UpdateDatasetEntriesRequest":{ "type":"structure", "required":[ diff --git a/models/apis/lookoutvision/2020-11-20/docs-2.json b/models/apis/lookoutvision/2020-11-20/docs-2.json index 4da462dcb78..799fb60118c 100644 --- a/models/apis/lookoutvision/2020-11-20/docs-2.json +++ b/models/apis/lookoutvision/2020-11-20/docs-2.json @@ -2,22 +2,25 @@ "version": "2.0", "service": "

This is the Amazon Lookout for Vision API Reference. It provides descriptions of actions, data types, common parameters, and common errors.

Amazon Lookout for Vision enables you to find visual defects in industrial products, accurately and at scale. It uses computer vision to identify missing components in an industrial product, damage to vehicles or structures, irregularities in production lines, and even minuscule defects in silicon wafers — or any other physical item where quality is important such as a missing capacitor on printed circuit boards.

", "operations": { - "CreateDataset": "

Creates a new dataset in an Amazon Lookout for Vision project. CreateDataset can create a training or a test dataset from a valid dataset source (DatasetSource).

If you want a single dataset project, specify train for the value of DatasetType.

To have a project with separate training and test datasets, call CreateDataset twice. On the first call, specify train for the value of DatasetType. On the second call, specify test for the value of DatasetType. of dataset with

", - "CreateModel": "

Creates a new version of a model within an an Amazon Lookout for Vision project. CreateModel is an asynchronous operation in which Amazon Lookout for Vision trains, tests, and evaluates a new version of a model.

To get the current status, check the Status field returned in the response from DescribeModel.

If the project has a single dataset, Amazon Lookout for Vision internally splits the dataset to create a training and a test dataset. If the project has a training and a test dataset, Lookout for Vision uses the respective datasets to train and test the model.

After training completes, the evaluation metrics are stored at the location specified in OutputConfig.

", - "CreateProject": "

Creates an empty Amazon Lookout for Vision project. After you create the project, add a dataset by calling CreateDataset.

", - "DeleteDataset": "

Deletes an existing Amazon Lookout for Vision dataset.

If your the project has a single dataset, you must create a new dataset before you can create a model.

If you project has a training dataset and a test dataset consider the following.

  • If you delete the test dataset, your project reverts to a single dataset project. If you then train the model, Amazon Lookout for Vision internally splits the remaining dataset into a training and test dataset.

  • If you delete the training dataset, you must create a training dataset before you can create a model.

It might take a while to delete the dataset. To check the current status, check the Status field in the response from a call to DescribeDataset.

", - "DeleteModel": "

Deletes an Amazon Lookout for Vision model. You can't delete a running model. To stop a running model, use the StopModel operation.

", - "DeleteProject": "

Deletes an Amazon Lookout for Vision project.

To delete a project, you must first delete each version of the model associated with the project. To delete a model use the DeleteModel operation.

The training and test datasets are deleted automatically for you. The images referenced by the training and test datasets aren't deleted.

", - "DescribeDataset": "

Describe an Amazon Lookout for Vision dataset.

", - "DescribeModel": "

Describes a version of an Amazon Lookout for Vision model.

", - "DescribeProject": "

Describes an Amazon Lookout for Vision project.

", - "DetectAnomalies": "

Detects anomalies in an image that you supply.

The response from DetectAnomalies includes a boolean prediction that the image contains one or more anomalies and a confidence value for the prediction.

Before calling DetectAnomalies, you must first start your model with the StartModel operation. You are charged for the amount of time, in minutes, that a model runs and for the number of anomaly detection units that your model uses. If you are not using a model, use the StopModel operation to stop your model.

", - "ListDatasetEntries": "

Lists the JSON Lines within a dataset. An Amazon Lookout for Vision JSON Line contains the anomaly information for a single image, including the image location and the assigned label.

", - "ListModels": "

Lists the versions of a model in an Amazon Lookout for Vision project.

", - "ListProjects": "

Lists the Amazon Lookout for Vision projects in your AWS account.

", - "StartModel": "

Starts the running of the version of an Amazon Lookout for Vision model. Starting a model takes a while to complete. To check the current state of the model, use DescribeModel.

Once the model is running, you can detect custom labels in new images by calling DetectAnomalies.

You are charged for the amount of time that the model is running. To stop a running model, call StopModel.

", - "StopModel": "

Stops a running model. The operation might take a while to complete. To check the current status, call DescribeModel.

", - "UpdateDatasetEntries": "

Adds one or more JSON Line entries to a dataset. A JSON Line includes information about an image used for training or testing an Amazon Lookout for Vision model. The following is an example JSON Line.

Updating a dataset might take a while to complete. To check the current status, call DescribeDataset and check the Status field in the response.

" + "CreateDataset": "

Creates a new dataset in an Amazon Lookout for Vision project. CreateDataset can create a training or a test dataset from a valid dataset source (DatasetSource).

If you want a single dataset project, specify train for the value of DatasetType.

To have a project with separate training and test datasets, call CreateDataset twice. On the first call, specify train for the value of DatasetType. On the second call, specify test for the value of DatasetType.

This operation requires permissions to perform the lookoutvision:CreateDataset operation.

", + "CreateModel": "

Creates a new version of a model within an an Amazon Lookout for Vision project. CreateModel is an asynchronous operation in which Amazon Lookout for Vision trains, tests, and evaluates a new version of a model.

To get the current status, check the Status field returned in the response from DescribeModel.

If the project has a single dataset, Amazon Lookout for Vision internally splits the dataset to create a training and a test dataset. If the project has a training and a test dataset, Lookout for Vision uses the respective datasets to train and test the model.

After training completes, the evaluation metrics are stored at the location specified in OutputConfig.

This operation requires permissions to perform the lookoutvision:CreateModel operation. If you want to tag your model, you also require permission to the lookoutvision:TagResource operation.

", + "CreateProject": "

Creates an empty Amazon Lookout for Vision project. After you create the project, add a dataset by calling CreateDataset.

This operation requires permissions to perform the lookoutvision:CreateProject operation.

", + "DeleteDataset": "

Deletes an existing Amazon Lookout for Vision dataset.

If your the project has a single dataset, you must create a new dataset before you can create a model.

If you project has a training dataset and a test dataset consider the following.

  • If you delete the test dataset, your project reverts to a single dataset project. If you then train the model, Amazon Lookout for Vision internally splits the remaining dataset into a training and test dataset.

  • If you delete the training dataset, you must create a training dataset before you can create a model.

It might take a while to delete the dataset. To check the current status, check the Status field in the response from a call to DescribeDataset.

This operation requires permissions to perform the lookoutvision:DeleteDataset operation.

", + "DeleteModel": "

Deletes an Amazon Lookout for Vision model. You can't delete a running model. To stop a running model, use the StopModel operation.

This operation requires permissions to perform the lookoutvision:DeleteModel operation.

", + "DeleteProject": "

Deletes an Amazon Lookout for Vision project.

To delete a project, you must first delete each version of the model associated with the project. To delete a model use the DeleteModel operation.

You also have to delete the dataset(s) associated with the model. For more information, see DeleteDataset. The images referenced by the training and test datasets aren't deleted.

This operation requires permissions to perform the lookoutvision:DeleteProject operation.

", + "DescribeDataset": "

Describe an Amazon Lookout for Vision dataset.

This operation requires permissions to perform the lookoutvision:DescribeDataset operation.

", + "DescribeModel": "

Describes a version of an Amazon Lookout for Vision model.

This operation requires permissions to perform the lookoutvision:DescribeModel operation.

", + "DescribeProject": "

Describes an Amazon Lookout for Vision project.

This operation requires permissions to perform the lookoutvision:DescribeProject operation.

", + "DetectAnomalies": "

Detects anomalies in an image that you supply.

The response from DetectAnomalies includes a boolean prediction that the image contains one or more anomalies and a confidence value for the prediction.

Before calling DetectAnomalies, you must first start your model with the StartModel operation. You are charged for the amount of time, in minutes, that a model runs and for the number of anomaly detection units that your model uses. If you are not using a model, use the StopModel operation to stop your model.

This operation requires permissions to perform the lookoutvision:DetectAnomalies operation.

", + "ListDatasetEntries": "

Lists the JSON Lines within a dataset. An Amazon Lookout for Vision JSON Line contains the anomaly information for a single image, including the image location and the assigned label.

This operation requires permissions to perform the lookoutvision:ListDatasetEntries operation.

", + "ListModels": "

Lists the versions of a model in an Amazon Lookout for Vision project.

This operation requires permissions to perform the lookoutvision:ListModels operation.

", + "ListProjects": "

Lists the Amazon Lookout for Vision projects in your AWS account.

This operation requires permissions to perform the lookoutvision:ListProjects operation.

", + "ListTagsForResource": "

Returns a list of tags attached to the specified Amazon Lookout for Vision model.

This operation requires permissions to perform the lookoutvision:ListTagsForResource operation.

", + "StartModel": "

Starts the running of the version of an Amazon Lookout for Vision model. Starting a model takes a while to complete. To check the current state of the model, use DescribeModel.

Once the model is running, you can detect custom labels in new images by calling DetectAnomalies.

You are charged for the amount of time that the model is running. To stop a running model, call StopModel.

This operation requires permissions to perform the lookoutvision:StartModel operation.

", + "StopModel": "

Stops a running model. The operation might take a while to complete. To check the current status, call DescribeModel.

This operation requires permissions to perform the lookoutvision:StopModel operation.

", + "TagResource": "

Adds one or more key-value tags to an Amazon Lookout for Vision model. For more information, see Tagging a model in the Amazon Lookout for Vision Developer Guide.

This operation requires permissions to perform the lookoutvision:TagResource operation.

", + "UntagResource": "

Removes one or more tags from an Amazon Lookout for Vision model. For more information, see Tagging a model in the Amazon Lookout for Vision Developer Guide.

This operation requires permissions to perform the lookoutvision:UntagResource operation.

", + "UpdateDatasetEntries": "

Adds one or more JSON Line entries to a dataset. A JSON Line includes information about an image used for training or testing an Amazon Lookout for Vision model. The following is an example JSON Line.

Updating a dataset might take a while to complete. To check the current status, call DescribeDataset and check the Status field in the response.

This operation requires permissions to perform the lookoutvision:UpdateDatasetEntries operation.

" }, "shapes": { "AccessDeniedException": { @@ -374,6 +377,16 @@ "refs": { } }, + "ListTagsForResourceRequest": { + "base": null, + "refs": { + } + }, + "ListTagsForResourceResponse": { + "base": null, + "refs": { + } + }, "ModelArn": { "base": null, "refs": { @@ -385,13 +398,13 @@ "ModelDescription": { "base": "

Describes an Amazon Lookout for Vision model.

", "refs": { - "CreateModelRequest$Description": "

A description for the version of the model.

", "DescribeModelResponse$ModelDescription": "

Contains the description of the model.

" } }, "ModelDescriptionMessage": { "base": null, "refs": { + "CreateModelRequest$Description": "

A description for the version of the model.

", "ModelDescription$Description": "

The description for the model.

", "ModelMetadata$Description": "

The description for the model.

" } @@ -420,7 +433,7 @@ "base": "

Information about the evaluation performance of a trained model.

", "refs": { "ModelDescription$Performance": "

Performance metrics for the model. Created during training.

", - "ModelMetadata$Performance": "

Performance metrics for the model. Created during training.

" + "ModelMetadata$Performance": "

Performance metrics for the model. Not available until training has successfully completed.

" } }, "ModelStatus": { @@ -514,7 +527,7 @@ "refs": { "CreateDatasetRequest$ProjectName": "

The name of the project in which you want to create a dataset.

", "CreateModelRequest$ProjectName": "

The name of the project in which you want to create a model version.

", - "CreateProjectRequest$ProjectName": "

S nsme for the project.

", + "CreateProjectRequest$ProjectName": "

The name for the project.

", "DatasetDescription$ProjectName": "

The name of the project that contains the dataset.

", "DeleteDatasetRequest$ProjectName": "

The name of the project that contains the dataset that you want to delete.

", "DeleteModelRequest$ProjectName": "

The name of the project that contains the model that you want to delete.

", @@ -622,11 +635,72 @@ "DetectAnomaliesRequest$Body": "

The unencrypted image bytes that you want to analyze.

" } }, + "Tag": { + "base": "

A key and value pair that is attached to the specified Amazon Lookout for Vision model.

", + "refs": { + "TagList$member": null + } + }, + "TagArn": { + "base": null, + "refs": { + "ListTagsForResourceRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the model for which you want to list tags.

", + "TagResourceRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the model to assign the tags.

", + "UntagResourceRequest$ResourceArn": "

The Amazon Resource Name (ARN) of the model from which you want to remove tags.

" + } + }, + "TagKey": { + "base": null, + "refs": { + "Tag$Key": "

The key of the tag that is attached to the specified model.

", + "TagKeyList$member": null + } + }, + "TagKeyList": { + "base": null, + "refs": { + "UntagResourceRequest$TagKeys": "

A list of the keys of the tags that you want to remove.

" + } + }, + "TagList": { + "base": null, + "refs": { + "CreateModelRequest$Tags": "

A set of tags (key-value pairs) that you want to attach to the model.

", + "ListTagsForResourceResponse$Tags": "

A map of tag keys and values attached to the specified model.

", + "TagResourceRequest$Tags": "

The key-value tags to assign to the model.

" + } + }, + "TagResourceRequest": { + "base": null, + "refs": { + } + }, + "TagResourceResponse": { + "base": null, + "refs": { + } + }, + "TagValue": { + "base": null, + "refs": { + "Tag$Value": "

The value of the tag that is attached to the specified model.

" + } + }, "ThrottlingException": { "base": "

Amazon Lookout for Vision is temporarily unable to process the request. Try your call again.

", "refs": { } }, + "UntagResourceRequest": { + "base": null, + "refs": { + } + }, + "UntagResourceResponse": { + "base": null, + "refs": { + } + }, "UpdateDatasetEntriesRequest": { "base": null, "refs": { diff --git a/models/apis/medialive/2017-10-14/api-2.json b/models/apis/medialive/2017-10-14/api-2.json index 5b75e21fa37..2ea343218c9 100644 --- a/models/apis/medialive/2017-10-14/api-2.json +++ b/models/apis/medialive/2017-10-14/api-2.json @@ -5751,6 +5751,11 @@ "Destination" ] }, + "FrameCaptureHlsSettings": { + "type": "structure", + "members": { + } + }, "FrameCaptureIntervalUnit": { "type": "string", "enum": [ @@ -5778,10 +5783,7 @@ "shape": "FrameCaptureIntervalUnit", "locationName": "captureIntervalUnits" } - }, - "required": [ - "CaptureInterval" - ] + } }, "GatewayTimeoutException": { "type": "structure", @@ -6991,6 +6993,10 @@ "shape": "Fmp4HlsSettings", "locationName": "fmp4HlsSettings" }, + "FrameCaptureHlsSettings": { + "shape": "FrameCaptureHlsSettings", + "locationName": "frameCaptureHlsSettings" + }, "StandardHlsSettings": { "shape": "StandardHlsSettings", "locationName": "standardHlsSettings" diff --git a/models/apis/medialive/2017-10-14/docs-2.json b/models/apis/medialive/2017-10-14/docs-2.json index 63fa81de0c0..4a4ed354151 100644 --- a/models/apis/medialive/2017-10-14/docs-2.json +++ b/models/apis/medialive/2017-10-14/docs-2.json @@ -965,6 +965,12 @@ "OutputGroupSettings$FrameCaptureGroupSettings": null } }, + "FrameCaptureHlsSettings": { + "base": "Frame Capture Hls Settings", + "refs": { + "HlsSettings$FrameCaptureHlsSettings": null + } + }, "FrameCaptureIntervalUnit": { "base": "Frame Capture Interval Unit", "refs": { diff --git a/models/apis/organizations/2016-11-28/docs-2.json b/models/apis/organizations/2016-11-28/docs-2.json index 8ad39f3116f..3c21a7852a1 100644 --- a/models/apis/organizations/2016-11-28/docs-2.json +++ b/models/apis/organizations/2016-11-28/docs-2.json @@ -14,7 +14,7 @@ "DeleteOrganization": "

Deletes the organization. You can delete an organization only by using credentials from the management account. The organization must be empty of member accounts.

", "DeleteOrganizationalUnit": "

Deletes an organizational unit (OU) from a root or another OU. You must first remove all accounts and child OUs from the OU that you want to delete.

This operation can be called only from the organization's management account.

", "DeletePolicy": "

Deletes the specified policy from your organization. Before you perform this operation, you must first detach the policy from all organizational units (OUs), roots, and accounts.

This operation can be called only from the organization's management account.

", - "DeregisterDelegatedAdministrator": "

Removes the specified member AWS account as a delegated administrator for the specified AWS service.

Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled AWS service. See the documentation for the enabled service before you deregister a delegated administrator so that you understand any potential impacts.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the AWS Organizations User Guide.

This operation can be called only from the organization's management account.

", + "DeregisterDelegatedAdministrator": "

Removes the specified member AWS account as a delegated administrator for the specified AWS service.

Deregistering a delegated administrator can have unintended impacts on the functionality of the enabled AWS service. See the documentation for the enabled service before you deregister a delegated administrator so that you understand any potential impacts.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the AWS Organizations User Guide.

This operation can be called only from the organization's management account.

", "DescribeAccount": "

Retrieves AWS Organizations-related information about the specified account.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "DescribeCreateAccountStatus": "

Retrieves the current status of an asynchronous request to create an account.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "DescribeEffectivePolicy": "

Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.

This operation applies only to policy types other than service control policies (SCPs).

For more information about policy inheritance, see How Policy Inheritance Works in the AWS Organizations User Guide.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", @@ -23,13 +23,13 @@ "DescribeOrganizationalUnit": "

Retrieves information about an organizational unit (OU).

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "DescribePolicy": "

Retrieves information about a policy.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "DetachPolicy": "

Detaches a policy from a target root, organizational unit (OU), or account.

If the policy being detached is a service control policy (SCP), the changes to permissions for AWS Identity and Access Management (IAM) users and roles in affected accounts are immediate.

Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".

This operation can be called only from the organization's management account.

", - "DisableAWSServiceAccess": "

Disables the integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from AWS Organizations.

We recommend that you disable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other AWS service.

After you perform the DisableAWSServiceAccess operation, the specified service can no longer perform operations in your organization's accounts unless the operations are explicitly permitted by the IAM policies that are attached to your roles.

For more information about integrating other services with AWS Organizations, including the list of services that work with Organizations, see Integrating AWS Organizations with Other AWS Services in the AWS Organizations User Guide.

This operation can be called only from the organization's management account.

", + "DisableAWSServiceAccess": "

Disables the integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations. When you disable integration, the specified service no longer can create a service-linked role in new accounts in your organization. This means the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from AWS Organizations.

We strongly recommend that you don't use this command to disable integration between AWS Organizations and the specified AWS service. Instead, use the console or commands that are provided by the specified service. This lets the trusted service perform any required initialization when enabling trusted access, such as creating any required resources and any required clean up of resources when disabling trusted access.

For information about how to disable trusted service access to your organization using the trusted service, see the Learn more link under the Supports Trusted Access column at AWS services that you can use with AWS Organizations. on this page.

If you disable access by using this command, it causes the following actions to occur:

  • The service can no longer create a service-linked role in the accounts in your organization. This means that the service can't perform operations on your behalf on any new accounts in your organization. The service can still perform operations in older accounts until the service completes its clean-up from AWS Organizations.

  • The service can no longer perform tasks in the member accounts in the organization, unless those operations are explicitly permitted by the IAM policies that are attached to your roles. This includes any data aggregation from the member accounts to the management account, or to a delegated administrator account, where relevant.

  • Some services detect this and clean up any remaining data or resources related to the integration, while other services stop accessing the organization but leave any historical data and configuration in place to support a possible re-enabling of the integration.

Using the other service's console or commands to disable the integration ensures that the other service is aware that it can clean up any resources that are required only for the integration. How the service cleans up its resources in the organization's accounts depends on that service. For more information, see the documentation for the other AWS service.

After you perform the DisableAWSServiceAccess operation, the specified service can no longer perform operations in your organization's accounts

For more information about integrating other services with AWS Organizations, including the list of services that work with Organizations, see Integrating AWS Organizations with Other AWS Services in the AWS Organizations User Guide.

This operation can be called only from the organization's management account.

", "DisablePolicyType": "

Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.

This is an asynchronous request that AWS performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.

This operation can be called only from the organization's management account.

To view the status of available policy types in the organization, use DescribeOrganization.

", "EnableAWSServiceAccess": "

Enables the integration of an AWS service (the service that is specified by ServicePrincipal) with AWS Organizations. When you enable integration, you allow the specified service to create a service-linked role in all the accounts in your organization. This allows the service to perform operations on your behalf in your organization and its accounts.

We recommend that you enable integration between AWS Organizations and the specified AWS service by using the console or commands that are provided by the specified service. Doing so ensures that the service is aware that it can create the resources that are required for the integration. How the service creates those resources in the organization's accounts depends on that service. For more information, see the documentation for the other AWS service.

For more information about enabling services to integrate with AWS Organizations, see Integrating AWS Organizations with Other AWS Services in the AWS Organizations User Guide.

This operation can be called only from the organization's management account and only if the organization has enabled all features.

", "EnableAllFeatures": "

Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that AWS Organizations supports. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.

This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.

After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.

After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains \"Action\": \"ENABLE_ALL_FEATURES\". This completes the change.

After you enable all features in your organization, the management account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The management account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.

This operation can be called only from the organization's management account.

", "EnablePolicyType": "

Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.

This is an asynchronous request that AWS performs in the background. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.

This operation can be called only from the organization's management account.

You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.

", "InviteAccountToOrganization": "

Sends an invitation to another account to join your organization as a member account. AWS Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.

  • You can invite AWS accounts only from the same seller as the management account. For example, if your organization's management account was created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and AWS or from any other AWS seller. For more information, see Consolidated Billing in India.

  • If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact AWS Support.

If the request includes tags, then the requester must have the organizations:TagResource permission.

This operation can be called only from the organization's management account.

", - "LeaveOrganization": "

Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.

This operation can be called only from a member account in the organization.

  • The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.

  • You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.

    • Choose a support plan

    • Provide and verify the required contact information

    • Provide a current payment method

    AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.

  • You can leave an organization only after you enable IAM user access to billing in your account. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.

  • After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. AWS accounts outside of an organization do not support tags.

", + "LeaveOrganization": "

Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the management account, use RemoveAccountFromOrganization instead.

This operation can be called only from a member account in the organization.

  • The management account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.

  • You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.

    • Choose a support plan

    • Provide and verify the required contact information

    • Provide a current payment method

    AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.

  • The account that you want to leave must not be a delegated administrator account for any AWS service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.

  • You can leave an organization only after you enable IAM user access to billing in your account. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.

  • After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. AWS accounts outside of an organization do not support tags.

", "ListAWSServiceAccessForOrganization": "

Returns a list of the AWS services that you enabled to integrate with your organization. After a service on this list creates the resources that it requires for the integration, it can perform operations on your organization and its accounts.

For more information about integrating other services with AWS Organizations, including the list of services that currently work with Organizations, see Integrating AWS Organizations with Other AWS Services in the AWS Organizations User Guide.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "ListAccounts": "

Lists all the accounts in the organization. To request only the accounts in a specified root or organizational unit (OU), use the ListAccountsForParent operation instead.

Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "ListAccountsForParent": "

Lists the accounts in an organization that are contained by the specified target root or organizational unit (OU). If you specify the root, you get a list of all the accounts that aren't in any OU. If you specify an OU, you get a list of all the accounts in only that OU and not in any child OUs. To get a list of all accounts in the organization, use the ListAccounts operation.

Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", @@ -47,8 +47,8 @@ "ListTagsForResource": "

Lists tags that are attached to the specified resource.

You can attach tags to the following resources in AWS Organizations.

  • AWS account

  • Organization root

  • Organizational unit (OU)

  • Policy (any type)

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "ListTargetsForPolicy": "

Lists all the roots, organizational units (OUs), and accounts that the specified policy is attached to.

Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an AWS service.

", "MoveAccount": "

Moves an account from its current source parent root or organizational unit (OU) to the specified destination parent root or OU.

This operation can be called only from the organization's management account.

", - "RegisterDelegatedAdministrator": "

Enables the specified member account to administer the Organizations features of the specified AWS service. It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the AWS Organizations User Guide.

This operation can be called only from the organization's management account.

", - "RemoveAccountFromOrganization": "

Removes the specified account from the organization.

The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's management account is no longer charged for any expenses accrued by the member account after it's removed from the organization.

This operation can be called only from the organization's management account. Member accounts can remove themselves with LeaveOrganization instead.

  • You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For an account that you want to make standalone, you must choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. To remove an account that doesn't yet have this information, you must sign in as the member account and follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.

  • After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. AWS accounts outside of an organization do not support tags.

", + "RegisterDelegatedAdministrator": "

Enables the specified member account to administer the Organizations features of the specified AWS service. It grants read-only access to AWS Organizations service data. The account still requires IAM permissions to access and administer the AWS service.

You can run this action only for AWS services that support this feature. For a current list of services that support it, see the column Supports Delegated Administrator in the table at AWS Services that you can use with AWS Organizations in the AWS Organizations User Guide.

This operation can be called only from the organization's management account.

", + "RemoveAccountFromOrganization": "

Removes the specified account from the organization.

The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's management account is no longer charged for any expenses accrued by the member account after it's removed from the organization.

This operation can be called only from the organization's management account. Member accounts can remove themselves with LeaveOrganization instead.

  • You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For an account that you want to make standalone, you must choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. To remove an account that doesn't yet have this information, you must sign in as the member account and follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.

  • The account that you want to leave must not be a delegated administrator account for any AWS service enabled for your organization. If the account is a delegated administrator, you must first change the delegated administrator account to another account that is remaining in the organization.

  • After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. AWS accounts outside of an organization do not support tags.

", "TagResource": "

Adds one or more tags to the specified resource.

Currently, you can attach tags to the following resources in AWS Organizations.

  • AWS account

  • Organization root

  • Organizational unit (OU)

  • Policy (any type)

This operation can be called only from the organization's management account.

", "UntagResource": "

Removes any tags with the specified keys from the specified resource.

You can attach tags to the following resources in AWS Organizations.

  • AWS account

  • Organization root

  • Organizational unit (OU)

  • Policy (any type)

This operation can be called only from the organization's management account.

", "UpdateOrganizationalUnit": "

Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.

This operation can be called only from the organization's management account.

", @@ -101,9 +101,9 @@ "AccountArn": { "base": null, "refs": { - "Account$Arn": "

The Amazon Resource Name (ARN) of the account.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

", + "Account$Arn": "

The Amazon Resource Name (ARN) of the account.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

", "DelegatedAdministrator$Arn": "

The Amazon Resource Name (ARN) of the delegated administrator's account.

", - "Organization$MasterAccountArn": "

The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "Organization$MasterAccountArn": "

The Amazon Resource Name (ARN) of the account that is designated as the management account for the organization.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "AccountId": { @@ -636,7 +636,7 @@ "GenericArn": { "base": null, "refs": { - "PolicyTargetSummary$Arn": "

The Amazon Resource Name (ARN) of the policy target.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "PolicyTargetSummary$Arn": "

The Amazon Resource Name (ARN) of the policy target.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "Handshake": { @@ -659,7 +659,7 @@ "HandshakeArn": { "base": null, "refs": { - "Handshake$Arn": "

The Amazon Resource Name (ARN) of a handshake.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "Handshake$Arn": "

The Amazon Resource Name (ARN) of a handshake.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "HandshakeConstraintViolationException": { @@ -1040,7 +1040,7 @@ "OrganizationArn": { "base": null, "refs": { - "Organization$Arn": "

The Amazon Resource Name (ARN) of an organization.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "Organization$Arn": "

The Amazon Resource Name (ARN) of an organization.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "OrganizationFeatureSet": { @@ -1073,7 +1073,7 @@ "OrganizationalUnitArn": { "base": null, "refs": { - "OrganizationalUnit$Arn": "

The Amazon Resource Name (ARN) of this OU.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "OrganizationalUnit$Arn": "

The Amazon Resource Name (ARN) of this OU.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "OrganizationalUnitId": { @@ -1162,7 +1162,7 @@ "PolicyArn": { "base": null, "refs": { - "PolicySummary$Arn": "

The Amazon Resource Name (ARN) of the policy.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "PolicySummary$Arn": "

The Amazon Resource Name (ARN) of the policy.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "PolicyChangesInProgressException": { @@ -1326,7 +1326,7 @@ "RootArn": { "base": null, "refs": { - "Root$Arn": "

The Amazon Resource Name (ARN) of the root.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Organizations User Guide.

" + "Root$Arn": "

The Amazon Resource Name (ARN) of the root.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference.

" } }, "RootId": { diff --git a/models/apis/rds-data/2018-08-01/api-2.json b/models/apis/rds-data/2018-08-01/api-2.json index a67b698fd99..ce713d50622 100644 --- a/models/apis/rds-data/2018-08-01/api-2.json +++ b/models/apis/rds-data/2018-08-01/api-2.json @@ -136,7 +136,8 @@ "doubleValues":{"shape":"DoubleArray"}, "longValues":{"shape":"LongArray"}, "stringValues":{"shape":"StringArray"} - } + }, + "union":true }, "ArrayValueList":{ "type":"list", @@ -267,8 +268,8 @@ "DecimalReturnType":{ "type":"string", "enum":[ - "DOUBLE_OR_LONG", - "STRING" + "STRING", + "DOUBLE_OR_LONG" ] }, "DoubleArray":{ @@ -336,7 +337,8 @@ "isNull":{"shape":"BoxedBoolean"}, "longValue":{"shape":"BoxedLong"}, "stringValue":{"shape":"String"} - } + }, + "union":true }, "FieldList":{ "type":"list", @@ -517,10 +519,12 @@ "TypeHint":{ "type":"string", "enum":[ + "JSON", + "UUID", + "TIMESTAMP", "DATE", - "DECIMAL", "TIME", - "TIMESTAMP" + "DECIMAL" ] }, "UpdateResult":{ @@ -546,7 +550,8 @@ "realValue":{"shape":"BoxedFloat"}, "stringValue":{"shape":"String"}, "structValue":{"shape":"StructValue"} - } + }, + "union":true } } } diff --git a/models/apis/rds-data/2018-08-01/docs-2.json b/models/apis/rds-data/2018-08-01/docs-2.json index 8dd51b6fe5e..8a9ca92f750 100644 --- a/models/apis/rds-data/2018-08-01/docs-2.json +++ b/models/apis/rds-data/2018-08-01/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "

Amazon RDS Data Service

Amazon RDS provides an HTTP endpoint to run SQL statements on an Amazon Aurora Serverless DB cluster. To run these statements, you work with the Data Service API.

For more information about the Data Service API, see Using the Data API for Aurora Serverless in the Amazon Aurora User Guide.

If you have questions or comments related to the Data API, send email to Rds-data-api-feedback@amazon.com.

", + "service": "

Amazon RDS Data Service

Amazon RDS provides an HTTP endpoint to run SQL statements on an Amazon Aurora Serverless DB cluster. To run these statements, you work with the Data Service API.

For more information about the Data Service API, see Using the Data API for Aurora Serverless in the Amazon Aurora User Guide.

", "operations": { "BatchExecuteStatement": "

Runs a batch SQL statement over an array of data.

You can run bulk update and insert operations for multiple records using a DML statement with different parameter sets. Bulk operations can provide a significant performance improvement over individual insert and update operations.

If a call isn't part of a transaction because it doesn't include the transactionID parameter, changes that result from the call are committed automatically.

", "BeginTransaction": "

Starts a SQL transaction.

 <important> <p>A transaction can run for a maximum of 24 hours. A transaction is terminated and rolled back automatically after 24 hours.</p> <p>A transaction times out if no calls use its transaction ID in three minutes. If a transaction times out before it's committed, it's rolled back automatically.</p> <p>DDL statements inside a transaction cause an implicit commit. We recommend that you run each DDL statement in a separate <code>ExecuteStatement</code> call with <code>continueAfterTimeout</code> enabled.</p> </important>
", @@ -160,7 +160,7 @@ "ExecuteSqlRequest$database": "

The name of the database.

", "ExecuteSqlRequest$schema": "

The name of the database schema.

", "ExecuteStatementRequest$database": "

The name of the database.

", - "ExecuteStatementRequest$schema": "

The name of the database schema.

" + "ExecuteStatementRequest$schema": "

The name of the database schema.

Currently, the schema parameter isn't supported.

" } }, "DecimalReturnType": { @@ -423,7 +423,7 @@ "TypeHint": { "base": null, "refs": { - "SqlParameter$typeHint": "

A hint that specifies the correct object type for data type mapping.

Values:

  • DECIMAL - The corresponding String parameter value is sent as an object of DECIMAL type to the database.

  • TIMESTAMP - The corresponding String parameter value is sent as an object of TIMESTAMP type to the database. The accepted format is YYYY-MM-DD HH:MM:SS[.FFF].

  • TIME - The corresponding String parameter value is sent as an object of TIME type to the database. The accepted format is HH:MM:SS[.FFF].

  • DATE - The corresponding String parameter value is sent as an object of DATE type to the database. The accepted format is YYYY-MM-DD.

" + "SqlParameter$typeHint": "

A hint that specifies the correct object type for data type mapping. Possible values are as follows:

  • DATE - The corresponding String parameter value is sent as an object of DATE type to the database. The accepted format is YYYY-MM-DD.

  • DECIMAL - The corresponding String parameter value is sent as an object of DECIMAL type to the database.

  • JSON - The corresponding String parameter value is sent as an object of JSON type to the database.

  • TIME - The corresponding String parameter value is sent as an object of TIME type to the database. The accepted format is HH:MM:SS[.FFF].

  • TIMESTAMP - The corresponding String parameter value is sent as an object of TIMESTAMP type to the database. The accepted format is YYYY-MM-DD HH:MM:SS[.FFF].

  • UUID - The corresponding String parameter value is sent as an object of UUID type to the database.

" } }, "UpdateResult": { diff --git a/models/apis/route53/2013-04-01/docs-2.json b/models/apis/route53/2013-04-01/docs-2.json index aeeb63f6436..74955608785 100644 --- a/models/apis/route53/2013-04-01/docs-2.json +++ b/models/apis/route53/2013-04-01/docs-2.json @@ -2,36 +2,36 @@ "version": "2.0", "service": "

Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.

", "operations": { - "ActivateKeySigningKey": "

Activates a key signing key (KSK) so that it can be used for signing by DNSSEC. This operation changes the KSK status to ACTIVE.

", + "ActivateKeySigningKey": "

Activates a key-signing key (KSK) so that it can be used for signing by DNSSEC. This operation changes the KSK status to ACTIVE.

", "AssociateVPCWithHostedZone": "

Associates an Amazon VPC with a private hosted zone.

To perform the association, the VPC and the private hosted zone must already exist. You can't convert a public hosted zone into a private hosted zone.

If you want to associate a VPC that was created by using one AWS account with a private hosted zone that was created by using a different account, the AWS account that created the private hosted zone must first submit a CreateVPCAssociationAuthorization request. Then the account that created the VPC must submit an AssociateVPCWithHostedZone request.

", "ChangeResourceRecordSets": "

Creates, changes, or deletes a resource record set, which contains authoritative DNS information for a specified domain name or subdomain name. For example, you can use ChangeResourceRecordSets to create a resource record set that routes traffic for test.example.com to a web server that has an IP address of 192.0.2.44.

Deleting Resource Record Sets

To delete a resource record set, you must specify all the same values that you specified when you created it.

Change Batches and Transactional Changes

The request body must include a document with a ChangeResourceRecordSetsRequest element. The request body contains a list of change items, known as a change batch. Change batches are considered transactional changes. Route 53 validates the changes in the request and then either makes all or none of the changes in the change batch request. This ensures that DNS routing isn't adversely affected by partial changes to the resource record sets in a hosted zone.

For example, suppose a change batch request contains two changes: it deletes the CNAME resource record set for www.example.com and creates an alias resource record set for www.example.com. If validation for both records succeeds, Route 53 deletes the first resource record set and creates the second resource record set in a single operation. If validation for either the DELETE or the CREATE action fails, then the request is canceled, and the original CNAME record continues to exist.

If you try to delete the same resource record set more than once in a single change batch, Route 53 returns an InvalidChangeBatch error.

Traffic Flow

To create resource record sets for complex routing configurations, use either the traffic flow visual editor in the Route 53 console or the API actions for traffic policies and traffic policy instances. Save the configuration as a traffic policy, then associate the traffic policy with one or more domain names (such as example.com) or subdomain names (such as www.example.com), in the same hosted zone or in multiple hosted zones. You can roll back the updates if the new configuration isn't performing as expected. For more information, see Using Traffic Flow to Route DNS Traffic in the Amazon Route 53 Developer Guide.

Create, Delete, and Upsert

Use ChangeResourceRecordsSetsRequest to perform the following actions:

  • CREATE: Creates a resource record set that has the specified values.

  • DELETE: Deletes an existing resource record set that has the specified values.

  • UPSERT: If a resource record set does not already exist, AWS creates it. If a resource set does exist, Route 53 updates it with the values in the request.

Syntaxes for Creating, Updating, and Deleting Resource Record Sets

The syntax for a request depends on the type of resource record set that you want to create, delete, or update, such as weighted, alias, or failover. The XML elements in your request must appear in the order listed in the syntax.

For an example for each type of resource record set, see \"Examples.\"

Don't refer to the syntax in the \"Parameter Syntax\" section, which includes all of the elements for every kind of resource record set that you can create, delete, or update by using ChangeResourceRecordSets.

Change Propagation to Route 53 DNS Servers

When you submit a ChangeResourceRecordSets request, Route 53 propagates your changes to all of the Route 53 authoritative DNS servers. While your changes are propagating, GetChange returns a status of PENDING. When propagation is complete, GetChange returns a status of INSYNC. Changes generally propagate to all Route 53 name servers within 60 seconds. For more information, see GetChange.

Limits on ChangeResourceRecordSets Requests

For information about the limits on a ChangeResourceRecordSets request, see Limits in the Amazon Route 53 Developer Guide.

", "ChangeTagsForResource": "

Adds, edits, or deletes tags for a health check or a hosted zone.

For information about using tags for cost allocation, see Using Cost Allocation Tags in the AWS Billing and Cost Management User Guide.

", "CreateHealthCheck": "

Creates a new health check.

For information about adding health checks to resource record sets, see HealthCheckId in ChangeResourceRecordSets.

ELB Load Balancers

If you're registering EC2 instances with an Elastic Load Balancing (ELB) load balancer, do not create Amazon Route 53 health checks for the EC2 instances. When you register an EC2 instance with a load balancer, you configure settings for an ELB health check, which performs a similar function to a Route 53 health check.

Private Hosted Zones

You can associate health checks with failover resource record sets in a private hosted zone. Note the following:

  • Route 53 health checkers are outside the VPC. To check the health of an endpoint within a VPC by IP address, you must assign a public IP address to the instance in the VPC.

  • You can configure a health checker to check the health of an external resource that the instance relies on, such as a database server.

  • You can create a CloudWatch metric, associate an alarm with the metric, and then create a health check that is based on the state of the alarm. For example, you might create a CloudWatch metric that checks the status of the Amazon EC2 StatusCheckFailed metric, add an alarm to the metric, and then create a health check that is based on the state of the alarm. For information about creating CloudWatch metrics and alarms by using the CloudWatch console, see the Amazon CloudWatch User Guide.

", "CreateHostedZone": "

Creates a new public or private hosted zone. You create records in a public hosted zone to define how you want to route traffic on the internet for a domain, such as example.com, and its subdomains (apex.example.com, acme.example.com). You create records in a private hosted zone to define how you want to route traffic for a domain and its subdomains within one or more Amazon Virtual Private Clouds (Amazon VPCs).

You can't convert a public hosted zone to a private hosted zone or vice versa. Instead, you must create a new hosted zone with the same name and create new resource record sets.

For more information about charges for hosted zones, see Amazon Route 53 Pricing.

Note the following:

  • You can't create a hosted zone for a top-level domain (TLD) such as .com.

  • For public hosted zones, Route 53 automatically creates a default SOA record and four NS records for the zone. For more information about SOA and NS records, see NS and SOA Records that Route 53 Creates for a Hosted Zone in the Amazon Route 53 Developer Guide.

    If you want to use the same name servers for multiple public hosted zones, you can optionally associate a reusable delegation set with the hosted zone. See the DelegationSetId element.

  • If your domain is registered with a registrar other than Route 53, you must update the name servers with your registrar to make Route 53 the DNS service for the domain. For more information, see Migrating DNS Service for an Existing Domain to Amazon Route 53 in the Amazon Route 53 Developer Guide.

When you submit a CreateHostedZone request, the initial status of the hosted zone is PENDING. For public hosted zones, this means that the NS and SOA records are not yet available on all Route 53 DNS servers. When the NS and SOA records are available, the status of the zone changes to INSYNC.

", - "CreateKeySigningKey": "

Creates a new key signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.

", + "CreateKeySigningKey": "

Creates a new key-signing key (KSK) associated with a hosted zone. You can only have two KSKs per hosted zone.

", "CreateQueryLoggingConfig": "

Creates a configuration for DNS query logging. After you create a query logging configuration, Amazon Route 53 begins to publish log data to an Amazon CloudWatch Logs log group.

DNS query logs contain information about the queries that Route 53 receives for a specified public hosted zone, such as the following:

  • Route 53 edge location that responded to the DNS query

  • Domain or subdomain that was requested

  • DNS record type, such as A or AAAA

  • DNS response code, such as NoError or ServFail

Log Group and Resource Policy

Before you create a query logging configuration, perform the following operations.

If you create a query logging configuration using the Route 53 console, Route 53 performs these operations automatically.

  1. Create a CloudWatch Logs log group, and make note of the ARN, which you specify when you create a query logging configuration. Note the following:

    • You must create the log group in the us-east-1 region.

    • You must use the same AWS account to create the log group and the hosted zone that you want to configure query logging for.

    • When you create log groups for query logging, we recommend that you use a consistent prefix, for example:

      /aws/route53/hosted zone name

      In the next step, you'll create a resource policy, which controls access to one or more log groups and the associated AWS resources, such as Route 53 hosted zones. There's a limit on the number of resource policies that you can create, so we recommend that you use a consistent prefix so you can use the same resource policy for all the log groups that you create for query logging.

  2. Create a CloudWatch Logs resource policy, and give it the permissions that Route 53 needs to create log streams and to send query logs to log streams. For the value of Resource, specify the ARN for the log group that you created in the previous step. To use the same resource policy for all the CloudWatch Logs log groups that you created for query logging configurations, replace the hosted zone name with *, for example:

    arn:aws:logs:us-east-1:123412341234:log-group:/aws/route53/*

    You can't use the CloudWatch console to create or edit a resource policy. You must use the CloudWatch API, one of the AWS SDKs, or the AWS CLI.
Log Streams and Edge Locations

When Route 53 finishes creating the configuration for DNS query logging, it does the following:

  • Creates a log stream for an edge location the first time that the edge location responds to DNS queries for the specified hosted zone. That log stream is used to log all queries that Route 53 responds to for that edge location.

  • Begins to send query logs to the applicable log stream.

The name of each log stream is in the following format:

hosted zone ID/edge location code

The edge location code is a three-letter code and an arbitrarily assigned number, for example, DFW3. The three-letter code typically corresponds with the International Air Transport Association airport code for an airport near the edge location. (These abbreviations might change in the future.) For a list of edge locations, see \"The Route 53 Global Network\" on the Route 53 Product Details page.

Queries That Are Logged

Query logs contain only the queries that DNS resolvers forward to Route 53. If a DNS resolver has already cached the response to a query (such as the IP address for a load balancer for example.com), the resolver will continue to return the cached response. It doesn't forward another query to Route 53 until the TTL for the corresponding resource record set expires. Depending on how many DNS queries are submitted for a resource record set, and depending on the TTL for that resource record set, query logs might contain information about only one query out of every several thousand queries that are submitted to DNS. For more information about how DNS works, see Routing Internet Traffic to Your Website or Web Application in the Amazon Route 53 Developer Guide.

Log File Format

For a list of the values in each query log and the format of each value, see Logging DNS Queries in the Amazon Route 53 Developer Guide.

Pricing

For information about charges for query logs, see Amazon CloudWatch Pricing.

How to Stop Logging

If you want Route 53 to stop sending query logs to CloudWatch Logs, delete the query logging configuration. For more information, see DeleteQueryLoggingConfig.

", "CreateReusableDelegationSet": "

Creates a delegation set (a group of four name servers) that can be reused by multiple hosted zones that were created by the same AWS account.

You can also create a reusable delegation set that uses the four name servers that are associated with an existing hosted zone. Specify the hosted zone ID in the CreateReusableDelegationSet request.

You can't associate a reusable delegation set with a private hosted zone.

For information about using a reusable delegation set to configure white label name servers, see Configuring White Label Name Servers.

The process for migrating existing hosted zones to use a reusable delegation set is comparable to the process for configuring white label name servers. You need to perform the following steps:

  1. Create a reusable delegation set.

  2. Recreate hosted zones, and reduce the TTL to 60 seconds or less.

  3. Recreate resource record sets in the new hosted zones.

  4. Change the registrar's name servers to use the name servers for the new hosted zones.

  5. Monitor traffic for the website or application.

  6. Change TTLs back to their original values.

If you want to migrate existing hosted zones to use a reusable delegation set, the existing hosted zones can't use any of the name servers that are assigned to the reusable delegation set. If one or more hosted zones do use one or more name servers that are assigned to the reusable delegation set, you can do one of the following:

  • For small numbers of hosted zones—up to a few hundred—it's relatively easy to create reusable delegation sets until you get one that has four name servers that don't overlap with any of the name servers in your hosted zones.

  • For larger numbers of hosted zones, the easiest solution is to use more than one reusable delegation set.

  • For larger numbers of hosted zones, you can also migrate hosted zones that have overlapping name servers to hosted zones that don't have overlapping name servers, then migrate the hosted zones again to use the reusable delegation set.

", "CreateTrafficPolicy": "

Creates a traffic policy, which you use to create multiple DNS resource record sets for one domain name (such as example.com) or one subdomain name (such as www.example.com).

", "CreateTrafficPolicyInstance": "

Creates resource record sets in a specified hosted zone based on the settings in a specified traffic policy version. In addition, CreateTrafficPolicyInstance associates the resource record sets with a specified domain name (such as example.com) or subdomain name (such as www.example.com). Amazon Route 53 responds to DNS queries for the domain or subdomain name by using the resource record sets that CreateTrafficPolicyInstance created.

", "CreateTrafficPolicyVersion": "

Creates a new version of an existing traffic policy. When you create a new version of a traffic policy, you specify the ID of the traffic policy that you want to update and a JSON-formatted document that describes the new version. You use traffic policies to create multiple DNS resource record sets for one domain name (such as example.com) or one subdomain name (such as www.example.com). You can create a maximum of 1000 versions of a traffic policy. If you reach the limit and need to create another version, you'll need to start a new traffic policy.

", "CreateVPCAssociationAuthorization": "

Authorizes the AWS account that created a specified VPC to submit an AssociateVPCWithHostedZone request to associate the VPC with a specified hosted zone that was created by a different account. To submit a CreateVPCAssociationAuthorization request, you must use the account that created the hosted zone. After you authorize the association, use the account that created the VPC to submit an AssociateVPCWithHostedZone request.

If you want to associate multiple VPCs that you created by using one account with a hosted zone that you created by using a different account, you must submit one authorization request for each VPC.

", - "DeactivateKeySigningKey": "

Deactivates a key signing key (KSK) so that it will not be used for signing by DNSSEC. This operation changes the KSK status to INACTIVE.

", + "DeactivateKeySigningKey": "

Deactivates a key-signing key (KSK) so that it will not be used for signing by DNSSEC. This operation changes the KSK status to INACTIVE.

", "DeleteHealthCheck": "

Deletes a health check.

Amazon Route 53 does not prevent you from deleting a health check even if the health check is associated with one or more resource record sets. If you delete a health check and you don't update the associated resource record sets, the future status of the health check can't be predicted and may change. This will affect the routing of DNS queries for your DNS failover configuration. For more information, see Replacing and Deleting Health Checks in the Amazon Route 53 Developer Guide.

If you're using AWS Cloud Map and you configured Cloud Map to create a Route 53 health check when you register an instance, you can't use the Route 53 DeleteHealthCheck command to delete the health check. The health check is deleted automatically when you deregister the instance; there can be a delay of several hours before the health check is deleted from Route 53.

", "DeleteHostedZone": "

Deletes a hosted zone.

If the hosted zone was created by another service, such as AWS Cloud Map, see Deleting Public Hosted Zones That Were Created by Another Service in the Amazon Route 53 Developer Guide for information about how to delete it. (The process is the same for public and private hosted zones that were created by another service.)

If you want to keep your domain registration but you want to stop routing internet traffic to your website or web application, we recommend that you delete resource record sets in the hosted zone instead of deleting the hosted zone.

If you delete a hosted zone, you can't undelete it. You must create a new hosted zone and update the name servers for your domain registration, which can require up to 48 hours to take effect. (If you delegated responsibility for a subdomain to a hosted zone and you delete the child hosted zone, you must update the name servers in the parent hosted zone.) In addition, if you delete a hosted zone, someone could hijack the domain and route traffic to their own resources using your domain name.

If you want to avoid the monthly charge for the hosted zone, you can transfer DNS service for the domain to a free DNS service. When you transfer DNS service, you have to update the name servers for the domain registration. If the domain is registered with Route 53, see UpdateDomainNameservers for information about how to replace Route 53 name servers with name servers for the new DNS service. If the domain is registered with another registrar, use the method provided by the registrar to update name servers for the domain registration. For more information, perform an internet search on \"free DNS service.\"

You can delete a hosted zone only if it contains only the default SOA record and NS resource record sets. If the hosted zone contains other resource record sets, you must delete them before you can delete the hosted zone. If you try to delete a hosted zone that contains other resource record sets, the request fails, and Route 53 returns a HostedZoneNotEmpty error. For information about deleting records from your hosted zone, see ChangeResourceRecordSets.

To verify that the hosted zone has been deleted, do one of the following:

  • Use the GetHostedZone action to request information about the hosted zone.

  • Use the ListHostedZones action to get a list of the hosted zones associated with the current AWS account.

", - "DeleteKeySigningKey": "

Deletes a key signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactived before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.

", + "DeleteKeySigningKey": "

Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate it. The KSK must be deactived before you can delete it regardless of whether the hosted zone is enabled for DNSSEC signing.

", "DeleteQueryLoggingConfig": "

Deletes a configuration for DNS query logging. If you delete a configuration, Amazon Route 53 stops sending query logs to CloudWatch Logs. Route 53 doesn't delete any logs that are already in CloudWatch Logs.

For more information about DNS query logs, see CreateQueryLoggingConfig.

", "DeleteReusableDelegationSet": "

Deletes a reusable delegation set.

You can delete a reusable delegation set only if it isn't associated with any hosted zones.

To verify that the reusable delegation set is not associated with any hosted zones, submit a GetReusableDelegationSet request and specify the ID of the reusable delegation set that you want to delete.

", "DeleteTrafficPolicy": "

Deletes a traffic policy.

When you delete a traffic policy, Route 53 sets a flag on the policy to indicate that it has been deleted. However, Route 53 never fully deletes the traffic policy. Note the following:

  • Deleted traffic policies aren't listed if you run ListTrafficPolicies.

  • There's no way to get a list of deleted policies.

  • If you retain the ID of the policy, you can get information about the policy, including the traffic policy document, by running GetTrafficPolicy.

", "DeleteTrafficPolicyInstance": "

Deletes a traffic policy instance and all of the resource record sets that Amazon Route 53 created when you created the instance.

In the Route 53 console, traffic policy instances are known as policy records.

", "DeleteVPCAssociationAuthorization": "

Removes authorization to submit an AssociateVPCWithHostedZone request to associate a specified VPC with a hosted zone that was created by a different account. You must use the account that created the hosted zone to submit a DeleteVPCAssociationAuthorization request.

Sending this request only prevents the AWS account that created the VPC from associating the VPC with the Amazon Route 53 hosted zone in the future. If the VPC is already associated with the hosted zone, DeleteVPCAssociationAuthorization won't disassociate the VPC from the hosted zone. If you want to delete an existing association, use DisassociateVPCFromHostedZone.

", - "DisableHostedZoneDNSSEC": "

Disables DNSSEC signing in a specific hosted zone. This action does not deactivate any key signing keys (KSKs) that are active in the hosted zone.

", + "DisableHostedZoneDNSSEC": "

Disables DNSSEC signing in a specific hosted zone. This action does not deactivate any key-signing keys (KSKs) that are active in the hosted zone.

", "DisassociateVPCFromHostedZone": "

Disassociates an Amazon Virtual Private Cloud (Amazon VPC) from an Amazon Route 53 private hosted zone. Note the following:

  • You can't disassociate the last Amazon VPC from a private hosted zone.

  • You can't convert a private hosted zone into a public hosted zone.

  • You can submit a DisassociateVPCFromHostedZone request using either the account that created the hosted zone or the account that created the Amazon VPC.

  • Some services, such as AWS Cloud Map and Amazon Elastic File System (Amazon EFS) automatically create hosted zones and associate VPCs with the hosted zones. A service can create a hosted zone using your account or using its own account. You can disassociate a VPC from a hosted zone only if the service created the hosted zone using your account.

    When you run DisassociateVPCFromHostedZone, if the hosted zone has a value for OwningAccount, you can use DisassociateVPCFromHostedZone. If the hosted zone has a value for OwningService, you can't use DisassociateVPCFromHostedZone.

", "EnableHostedZoneDNSSEC": "

Enables DNSSEC signing in a specific hosted zone.

", "GetAccountLimit": "

Gets the specified limit for the current account, for example, the maximum number of health checks that you can create using the account.

For the default limit, see Limits in the Amazon Route 53 Developer Guide. To request a higher limit, open a case.

You can also view account limits in AWS Trusted Advisor. Sign in to the AWS Management Console and open the Trusted Advisor console at https://console.aws.amazon.com/trustedadvisor/. Then choose Service limits in the navigation pane.

", "GetChange": "

Returns the current status of a change batch request. The status is one of the following values:

  • PENDING indicates that the changes in this request have not propagated to all Amazon Route 53 DNS servers. This is the initial status of all change batch requests.

  • INSYNC indicates that the changes have propagated to all Route 53 DNS servers.

", - "GetCheckerIpRanges": "

GetCheckerIpRanges still works, but we recommend that you download ip-ranges.json, which includes IP address ranges for all AWS services. For more information, see IP Address Ranges of Amazon Route 53 Servers in the Amazon Route 53 Developer Guide.

", - "GetDNSSEC": "

Returns information about DNSSEC for a specific hosted zone, including the key signing keys (KSKs) and zone signing keys (ZSKs) in the hosted zone.

", - "GetGeoLocation": "

Gets information about whether a specified geographic location is supported for Amazon Route 53 geolocation resource record sets.

Use the following syntax to determine whether a continent is supported for geolocation:

GET /2013-04-01/geolocation?continentcode=two-letter abbreviation for a continent

Use the following syntax to determine whether a country is supported for geolocation:

GET /2013-04-01/geolocation?countrycode=two-character country code

Use the following syntax to determine whether a subdivision of a country is supported for geolocation:

GET /2013-04-01/geolocation?countrycode=two-character country code&subdivisioncode=subdivision code

", + "GetCheckerIpRanges": "

Route 53 does not perform authorization for this API because it retrieves information that is already available to the public.

GetCheckerIpRanges still works, but we recommend that you download ip-ranges.json, which includes IP address ranges for all AWS services. For more information, see IP Address Ranges of Amazon Route 53 Servers in the Amazon Route 53 Developer Guide.

", + "GetDNSSEC": "

Returns information about DNSSEC for a specific hosted zone, including the key-signing keys (KSKs) in the hosted zone.

", + "GetGeoLocation": "

Gets information about whether a specified geographic location is supported for Amazon Route 53 geolocation resource record sets.

Route 53 does not perform authorization for this API because it retrieves information that is already available to the public.

Use the following syntax to determine whether a continent is supported for geolocation:

GET /2013-04-01/geolocation?continentcode=two-letter abbreviation for a continent

Use the following syntax to determine whether a country is supported for geolocation:

GET /2013-04-01/geolocation?countrycode=two-character country code

Use the following syntax to determine whether a subdivision of a country is supported for geolocation:

GET /2013-04-01/geolocation?countrycode=two-character country code&subdivisioncode=subdivision code

", "GetHealthCheck": "

Gets information about a specified health check.

", "GetHealthCheckCount": "

Retrieves the number of health checks that are associated with the current AWS account.

", "GetHealthCheckLastFailureReason": "

Gets the reason that a specified health check failed most recently.

", @@ -45,7 +45,7 @@ "GetTrafficPolicy": "

Gets information about a specific traffic policy version.

For information about how of deleting a traffic policy affects the response from GetTrafficPolicy, see DeleteTrafficPolicy.

", "GetTrafficPolicyInstance": "

Gets information about a specified traffic policy instance.

After you submit a CreateTrafficPolicyInstance or an UpdateTrafficPolicyInstance request, there's a brief delay while Amazon Route 53 creates the resource record sets that are specified in the traffic policy definition. For more information, see the State response element.

In the Route 53 console, traffic policy instances are known as policy records.

", "GetTrafficPolicyInstanceCount": "

Gets the number of traffic policy instances that are associated with the current AWS account.

", - "ListGeoLocations": "

Retrieves a list of supported geographic locations.

Countries are listed first, and continents are listed last. If Amazon Route 53 supports subdivisions for a country (for example, states or provinces), the subdivisions for that country are listed in alphabetical order immediately after the corresponding country.

For a list of supported geolocation codes, see the GeoLocation data type.

", + "ListGeoLocations": "

Retrieves a list of supported geographic locations.

Countries are listed first, and continents are listed last. If Amazon Route 53 supports subdivisions for a country (for example, states or provinces), the subdivisions for that country are listed in alphabetical order immediately after the corresponding country.

Route 53 does not perform authorization for this API because it retrieves information that is already available to the public.

For a list of supported geolocation codes, see the GeoLocation data type.

", "ListHealthChecks": "

Retrieve a list of the health checks that are associated with the current AWS account.

", "ListHostedZones": "

Retrieves a list of the public and private hosted zones that are associated with the current AWS account. The response includes a HostedZones child element for each hosted zone.

Amazon Route 53 returns a maximum of 100 items in each response. If you have a lot of hosted zones, you can use the maxitems parameter to list them in groups of up to 100.

", "ListHostedZonesByName": "

Retrieves a list of your hosted zones in lexicographic order. The response includes a HostedZones child element for each hosted zone created by the current AWS account.

ListHostedZonesByName sorts hosted zones by name with the labels reversed. For example:

com.example.www.

Note the trailing dot, which can change the sort order in some circumstances.

If the domain name includes escape characters or Punycode, ListHostedZonesByName alphabetizes the domain name using the escaped or Punycoded value, which is the format that Amazon Route 53 saves in its database. For example, to create a hosted zone for exämple.com, you specify ex\\344mple.com for the domain name. ListHostedZonesByName alphabetizes it as:

com.ex\\344mple.

The labels are reversed and alphabetized using the escaped value. For more information about valid domain name formats, including internationalized domain names, see DNS Domain Name Format in the Amazon Route 53 Developer Guide.

Route 53 returns up to 100 items in each response. If you have a lot of hosted zones, use the MaxItems parameter to list them in groups of up to 100. The response includes values that help navigate from one group of MaxItems hosted zones to the next:

  • The DNSName and HostedZoneId elements in the response contain the values, if any, specified for the dnsname and hostedzoneid parameters in the request that produced the current response.

  • The MaxItems element in the response contains the value, if any, that you specified for the maxitems parameter in the request that produced the current response.

  • If the value of IsTruncated in the response is true, there are more hosted zones associated with the current AWS account.

    If IsTruncated is false, this response includes the last hosted zone that is associated with the current account. The NextDNSName element and NextHostedZoneId elements are omitted from the response.

  • The NextDNSName and NextHostedZoneId elements in the response contain the domain name and the hosted zone ID of the next hosted zone that is associated with the current AWS account. If you want to list more hosted zones, make another call to ListHostedZonesByName, and specify the value of NextDNSName and NextHostedZoneId in the dnsname and hostedzoneid parameters, respectively.

", @@ -234,7 +234,7 @@ "CloudWatchRegion": { "base": null, "refs": { - "AlarmIdentifier$Region": "

For the CloudWatch alarm that you want Route 53 health checkers to use to determine whether this health check is healthy, the region that the alarm was created in.

For the current list of CloudWatch regions, see Amazon CloudWatch in the AWS Service Endpoints chapter of the Amazon Web Services General Reference.

" + "AlarmIdentifier$Region": "

For the CloudWatch alarm that you want Route 53 health checkers to use to determine whether this health check is healthy, the region that the alarm was created in.

For the current list of CloudWatch regions, see Amazon CloudWatch endpoints and quotas in the Amazon Web Services General Reference.

" } }, "ComparisonOperator": { @@ -747,8 +747,8 @@ "base": null, "refs": { "GeoLocation$SubdivisionCode": "

For geolocation resource record sets, the two-letter code for a state of the United States. Route 53 doesn't support any other values for SubdivisionCode. For a list of state abbreviations, see Appendix B: Two–Letter State and Possession Abbreviations on the United States Postal Service website.

If you specify subdivisioncode, you must also specify US for CountryCode.

", - "GeoLocationDetails$SubdivisionCode": "

The code for the subdivision. Route 53 currently supports only states in the United States.

", - "GetGeoLocationRequest$SubdivisionCode": "

For SubdivisionCode, Amazon Route 53 supports only states of the United States. For a list of state abbreviations, see Appendix B: Two–Letter State and Possession Abbreviations on the United States Postal Service website.

If you specify subdivisioncode, you must also specify US for CountryCode.

", + "GeoLocationDetails$SubdivisionCode": "

The code for the subdivision, such as a particular state within the United States. For a list of US state abbreviations, see Appendix B: Two–Letter State and Possession Abbreviations on the United States Postal Service website. For a list of all supported subdivision codes, use the ListGeoLocations API.

", + "GetGeoLocationRequest$SubdivisionCode": "

The code for the subdivision, such as a particular state within the United States. For a list of US state abbreviations, see Appendix B: Two–Letter State and Possession Abbreviations on the United States Postal Service website. For a list of all supported subdivision codes, use the ListGeoLocations API.

", "ListGeoLocationsRequest$StartSubdivisionCode": "

The code for the state of the United States with which you want to start listing locations that Amazon Route 53 supports for geolocation. If Route 53 has already returned a page or more of results, if IsTruncated is true, and if NextSubdivisionCode from the previous response has a value, enter that value in startsubdivisioncode to return the next page of results.

To list subdivisions (U.S. states), you must include both startcountrycode and startsubdivisioncode.

", "ListGeoLocationsResponse$NextSubdivisionCode": "

If IsTruncated is true, you can make a follow-up request to display more locations. Enter the value of NextSubdivisionCode in the startsubdivisioncode parameter in another ListGeoLocations request.

" } @@ -974,7 +974,7 @@ "GetHealthCheckLastFailureReasonRequest$HealthCheckId": "

The ID for the health check for which you want the last failure reason. When you created the health check, CreateHealthCheck returned the ID in the response, in the HealthCheckId element.

If you want to get the last failure reason for a calculated health check, you must use the Amazon Route 53 console or the CloudWatch console. You can't use GetHealthCheckLastFailureReason for a calculated health check.

", "GetHealthCheckRequest$HealthCheckId": "

The identifier that Amazon Route 53 assigned to the health check when you created it. When you add or update a resource record set, you use this value to specify which health check to use. The value can be up to 64 characters long.

", "GetHealthCheckStatusRequest$HealthCheckId": "

The ID for the health check that you want the current status for. When you created the health check, CreateHealthCheck returned the ID in the response, in the HealthCheckId element.

If you want to check the status of a calculated health check, you must use the Amazon Route 53 console or the CloudWatch console. You can't use GetHealthCheckStatus to get the status of a calculated health check.

", - "HealthCheck$Id": "

The identifier that Amazon Route 53assigned to the health check when you created it. When you add or update a resource record set, you use this value to specify which health check to use. The value can be up to 64 characters long.

", + "HealthCheck$Id": "

The identifier that Amazon Route 53 assigned to the health check when you created it. When you add or update a resource record set, you use this value to specify which health check to use. The value can be up to 64 characters long.

", "ResourceRecordSet$HealthCheckId": "

If you want Amazon Route 53 to return this resource record set in response to a DNS query only when the status of a health check is healthy, include the HealthCheckId element and specify the ID of the applicable health check.

Route 53 determines whether a resource record set is healthy based on one of the following:

  • By periodically sending a request to the endpoint that is specified in the health check

  • By aggregating the status of a specified group of health checks (calculated health checks)

  • By determining the current state of a CloudWatch alarm (CloudWatch metric health checks)

Route 53 doesn't check the health of the endpoint that is specified in the resource record set, for example, the endpoint specified by the IP address in the Value element. When you add a HealthCheckId element to a resource record set, Route 53 checks the health of the endpoint that you specified in the health check.

For more information, see the following topics in the Amazon Route 53 Developer Guide:

When to Specify HealthCheckId

Specifying a value for HealthCheckId is useful only when Route 53 is choosing between two or more resource record sets to respond to a DNS query, and you want Route 53 to base the choice in part on the status of a health check. Configuring health checks makes sense only in the following configurations:

  • Non-alias resource record sets: You're checking the health of a group of non-alias resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A) and you specify health check IDs for all the resource record sets.

    If the health check status for a resource record set is healthy, Route 53 includes the record among the records that it responds to DNS queries with.

    If the health check status for a resource record set is unhealthy, Route 53 stops responding to DNS queries using the value for that resource record set.

    If the health check status for all resource record sets in the group is unhealthy, Route 53 considers all resource record sets in the group healthy and responds to DNS queries accordingly.

  • Alias resource record sets: You specify the following settings:

    • You set EvaluateTargetHealth to true for an alias resource record set in a group of resource record sets that have the same routing policy, name, and type (such as multiple weighted records named www.example.com with a type of A).

    • You configure the alias resource record set to route traffic to a non-alias resource record set in the same hosted zone.

    • You specify a health check ID for the non-alias resource record set.

    If the health check status is healthy, Route 53 considers the alias resource record set to be healthy and includes the alias record among the records that it responds to DNS queries with.

    If the health check status is unhealthy, Route 53 stops responding to DNS queries using the alias resource record set.

    The alias resource record set can also route traffic to a group of non-alias resource record sets that have the same routing policy, name, and type. In that configuration, associate health checks with all of the resource record sets in the group of non-alias resource record sets.

Geolocation Routing

For geolocation resource record sets, if an endpoint is unhealthy, Route 53 looks for a resource record set for the larger, associated geographic region. For example, suppose you have resource record sets for a state in the United States, for the entire United States, for North America, and a resource record set that has * for CountryCode is *, which applies to all locations. If the endpoint for the state resource record set is unhealthy, Route 53 checks for healthy resource record sets in the following order until it finds a resource record set for which the endpoint is healthy:

  • The United States

  • North America

  • The default resource record set

Specifying the Health Check Endpoint by Domain Name

If your health checks specify the endpoint only by domain name, we recommend that you create a separate health check for each endpoint. For example, create a health check for each HTTP server that is serving content for www.example.com. For the value of FullyQualifiedDomainName, specify the domain name of the server (such as us-east-2-www.example.com), not the name of the resource record sets (www.example.com).

Health check results will be unpredictable if you do the following:

  • Create a health check that has the same value for FullyQualifiedDomainName as the name of a resource record set.

  • Associate that health check with the resource record set.

", "UpdateHealthCheckRequest$HealthCheckId": "

The ID for the health check for which you want detailed information. When you created the health check, CreateHealthCheck returned the ID in the response, in the HealthCheckId element.

" } @@ -1205,12 +1205,12 @@ } }, "InvalidKeySigningKeyName": { - "base": "

The key signing key (KSK) name that you specified isn't a valid name.

", + "base": "

The key-signing key (KSK) name that you specified isn't a valid name.

", "refs": { } }, "InvalidKeySigningKeyStatus": { - "base": "

The key signing key (KSK) status isn't valid or another KSK has the status INTERNAL_FAILURE.

", + "base": "

The key-signing key (KSK) status isn't valid or another KSK has the status INTERNAL_FAILURE.

", "refs": { } }, @@ -1248,36 +1248,36 @@ } }, "KeySigningKey": { - "base": "

A key signing key (KSK) is a complex type that represents a public/private key pair. The private key is used to generate a digital signature for the zone signing key (ZSK). The public key is stored in the DNS and is used to authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot exist by itself.

", + "base": "

A key-signing key (KSK) is a complex type that represents a public/private key pair. The private key is used to generate a digital signature for the zone signing key (ZSK). The public key is stored in the DNS and is used to authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot exist by itself.

", "refs": { - "CreateKeySigningKeyResponse$KeySigningKey": "

The key signing key (KSK) that the request creates.

", + "CreateKeySigningKeyResponse$KeySigningKey": "

The key-signing key (KSK) that the request creates.

", "KeySigningKeys$member": null } }, "KeySigningKeyAlreadyExists": { - "base": "

You've already created a key signing key (KSK) with this name or with the same customer managed key (CMK) ARN.

", + "base": "

You've already created a key-signing key (KSK) with this name or with the same customer managed customer master key (CMK) ARN.

", "refs": { } }, "KeySigningKeyInParentDSRecord": { - "base": "

The key signing key (KSK) is specified in a parent DS record.

", + "base": "

The key-signing key (KSK) is specified in a parent DS record.

", "refs": { } }, "KeySigningKeyInUse": { - "base": "

The key signing key (KSK) that you specified can't be deactivated because it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, or add or enable another KSK.

", + "base": "

The key-signing key (KSK) that you specified can't be deactivated because it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, or add or enable another KSK.

", "refs": { } }, "KeySigningKeyWithActiveStatusNotFound": { - "base": "

A key signing key (KSK) with ACTIVE status wasn't found.

", + "base": "

A key-signing key (KSK) with ACTIVE status wasn't found.

", "refs": { } }, "KeySigningKeys": { "base": null, "refs": { - "GetDNSSECResponse$KeySigningKeys": "

The key signing keys (KSKs) in your account.

" + "GetDNSSECResponse$KeySigningKeys": "

The key-signing keys (KSKs) in your account.

" } }, "LastVPCAssociation": { @@ -1533,7 +1533,7 @@ } }, "NoSuchKeySigningKey": { - "base": "

The specified key signing key (KSK) doesn't exist.

", + "base": "

The specified key-signing key (KSK) doesn't exist.

", "refs": { } }, @@ -1704,7 +1704,7 @@ "ListTrafficPolicyInstancesByPolicyResponse$TrafficPolicyInstanceTypeMarker": "

If IsTruncated is true, TrafficPolicyInstanceTypeMarker is the DNS type of the resource record sets that are associated with the first traffic policy instance in the next group of MaxItems traffic policy instances.

", "ListTrafficPolicyInstancesRequest$TrafficPolicyInstanceTypeMarker": "

If the value of IsTruncated in the previous response was true, you have more traffic policy instances. To get more traffic policy instances, submit another ListTrafficPolicyInstances request. For the value of trafficpolicyinstancetype, specify the value of TrafficPolicyInstanceTypeMarker from the previous response, which is the type of the first traffic policy instance in the next group of traffic policy instances.

If the value of IsTruncated in the previous response was false, there are no more traffic policy instances to get.

", "ListTrafficPolicyInstancesResponse$TrafficPolicyInstanceTypeMarker": "

If IsTruncated is true, TrafficPolicyInstanceTypeMarker is the DNS type of the resource record sets that are associated with the first traffic policy instance that Amazon Route 53 will return if you submit another ListTrafficPolicyInstances request.

", - "ResourceRecordSet$Type": "

The DNS record type. For information about different record types and how data is encoded for them, see Supported DNS Resource Record Types in the Amazon Route 53 Developer Guide.

Valid values for basic resource record sets: A | AAAA | CAA | CNAME | MX | NAPTR | NS | PTR | SOA | SPF | SRV | TXT

Values for weighted, latency, geolocation, and failover resource record sets: A | AAAA | CAA | CNAME | MX | NAPTR | PTR | SPF | SRV | TXT. When creating a group of weighted, latency, geolocation, or failover resource record sets, specify the same value for all of the resource record sets in the group.

Valid values for multivalue answer resource record sets: A | AAAA | MX | NAPTR | PTR | SPF | SRV | TXT

SPF records were formerly used to verify the identity of the sender of email messages. However, we no longer recommend that you create resource record sets for which the value of Type is SPF. RFC 7208, Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1, has been updated to say, \"...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues. Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it.\" In RFC 7208, see section 14.1, The SPF DNS Record Type.

Values for alias resource record sets:

  • Amazon API Gateway custom regional APIs and edge-optimized APIs: A

  • CloudFront distributions: A

    If IPv6 is enabled for the distribution, create two resource record sets to route traffic to your distribution, one with a value of A and one with a value of AAAA.

  • Amazon API Gateway environment that has a regionalized subdomain: A

  • ELB load balancers: A | AAAA

  • Amazon S3 buckets: A

  • Amazon Virtual Private Cloud interface VPC endpoints A

  • Another resource record set in this hosted zone: Specify the type of the resource record set that you're creating the alias for. All values are supported except NS and SOA.

    If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't route traffic to a record for which the value of Type is CNAME. This is because the alias record must have the same type as the record you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.
", + "ResourceRecordSet$Type": "

The DNS record type. For information about different record types and how data is encoded for them, see Supported DNS Resource Record Types in the Amazon Route 53 Developer Guide.

Valid values for basic resource record sets: A | AAAA | CAA | CNAME | DS |MX | NAPTR | NS | PTR | SOA | SPF | SRV | TXT

Values for weighted, latency, geolocation, and failover resource record sets: A | AAAA | CAA | CNAME | MX | NAPTR | PTR | SPF | SRV | TXT. When creating a group of weighted, latency, geolocation, or failover resource record sets, specify the same value for all of the resource record sets in the group.

Valid values for multivalue answer resource record sets: A | AAAA | MX | NAPTR | PTR | SPF | SRV | TXT

SPF records were formerly used to verify the identity of the sender of email messages. However, we no longer recommend that you create resource record sets for which the value of Type is SPF. RFC 7208, Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1, has been updated to say, \"...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues. Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it.\" In RFC 7208, see section 14.1, The SPF DNS Record Type.

Values for alias resource record sets:

  • Amazon API Gateway custom regional APIs and edge-optimized APIs: A

  • CloudFront distributions: A

    If IPv6 is enabled for the distribution, create two resource record sets to route traffic to your distribution, one with a value of A and one with a value of AAAA.

  • Amazon API Gateway environment that has a regionalized subdomain: A

  • ELB load balancers: A | AAAA

  • Amazon S3 buckets: A

  • Amazon Virtual Private Cloud interface VPC endpoints A

  • Another resource record set in this hosted zone: Specify the type of the resource record set that you're creating the alias for. All values are supported except NS and SOA.

    If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't route traffic to a record for which the value of Type is CNAME. This is because the alias record must have the same type as the record you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.
", "TestDNSAnswerRequest$RecordType": "

The type of the resource record set.

", "TestDNSAnswerResponse$RecordType": "

The type of the resource record set that you submitted a request for.

", "TrafficPolicy$Type": "

The DNS type of the resource record sets that Amazon Route 53 creates when you use a traffic policy to create a traffic policy instance.

", @@ -1756,7 +1756,7 @@ "base": null, "refs": { "ActivateKeySigningKeyRequest$HostedZoneId": "

A unique string used to identify a hosted zone.

", - "AliasTarget$HostedZoneId": "

Alias resource records sets only: The value used depends on where you want to route traffic:

Amazon API Gateway custom regional APIs and edge-optimized APIs

Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command get-domain-names:

  • For regional APIs, specify the value of regionalHostedZoneId.

  • For edge-optimized APIs, specify the value of distributionHostedZoneId.

Amazon Virtual Private Cloud interface VPC endpoint

Specify the hosted zone ID for your interface endpoint. You can get the value of HostedZoneId using the AWS CLI command describe-vpc-endpoints.

CloudFront distribution

Specify Z2FDTNDATAQYW2.

Alias resource record sets for CloudFront can't be created in a private zone.
Elastic Beanstalk environment

Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see AWS Elastic Beanstalk in the \"AWS Service Endpoints\" chapter of the Amazon Web Services General Reference.

ELB load balancer

Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:

  • Service Endpoints table in the \"Elastic Load Balancing Endpoints and Quotas\" topic in the Amazon Web Services General Reference: Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.

  • AWS Management Console: Go to the Amazon EC2 page, choose Load Balancers in the navigation pane, select the load balancer, and get the value of the Hosted zone field on the Description tab.

  • Elastic Load Balancing API: Use DescribeLoadBalancers to get the applicable value. For more information, see the applicable guide:

  • AWS CLI: Use describe-load-balancers to get the applicable value. For more information, see the applicable guide:

AWS Global Accelerator accelerator

Specify Z2BJ6XQ5FK7U4H.

An Amazon S3 bucket configured as a static website

Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table Amazon S3 Website Endpoints in the Amazon Web Services General Reference.

Another Route 53 resource record set in your hosted zone

Specify the hosted zone ID of your hosted zone. (An alias resource record set can't reference a resource record set in a different hosted zone.)

", + "AliasTarget$HostedZoneId": "

Alias resource records sets only: The value used depends on where you want to route traffic:

Amazon API Gateway custom regional APIs and edge-optimized APIs

Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command get-domain-names:

  • For regional APIs, specify the value of regionalHostedZoneId.

  • For edge-optimized APIs, specify the value of distributionHostedZoneId.

Amazon Virtual Private Cloud interface VPC endpoint

Specify the hosted zone ID for your interface endpoint. You can get the value of HostedZoneId using the AWS CLI command describe-vpc-endpoints.

CloudFront distribution

Specify Z2FDTNDATAQYW2.

Alias resource record sets for CloudFront can't be created in a private zone.
Elastic Beanstalk environment

Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see AWS Elastic Beanstalk endpoints and quotas in the the Amazon Web Services General Reference.

ELB load balancer

Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:

  • Elastic Load Balancing endpoints and quotas topic in the Amazon Web Services General Reference: Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.

  • AWS Management Console: Go to the Amazon EC2 page, choose Load Balancers in the navigation pane, select the load balancer, and get the value of the Hosted zone field on the Description tab.

  • Elastic Load Balancing API: Use DescribeLoadBalancers to get the applicable value. For more information, see the applicable guide:

  • AWS CLI: Use describe-load-balancers to get the applicable value. For more information, see the applicable guide:

AWS Global Accelerator accelerator

Specify Z2BJ6XQ5FK7U4H.

An Amazon S3 bucket configured as a static website

Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table Amazon S3 Website Endpoints in the Amazon Web Services General Reference.

Another Route 53 resource record set in your hosted zone

Specify the hosted zone ID of your hosted zone. (An alias resource record set can't reference a resource record set in a different hosted zone.)

", "AssociateVPCWithHostedZoneRequest$HostedZoneId": "

The ID of the private hosted zone that you want to associate an Amazon VPC with.

Note that you can't associate a VPC with a hosted zone that doesn't have an existing VPC association.

", "ChangeInfo$Id": "

The ID of the request.

", "ChangeResourceRecordSetsRequest$HostedZoneId": "

The ID of the hosted zone that contains the resource record sets that you want to change.

", @@ -1885,7 +1885,7 @@ "refs": { "CreateHealthCheckResponse$Location": "

The unique URL representing the new health check.

", "CreateHostedZoneResponse$Location": "

The unique URL representing the new hosted zone.

", - "CreateKeySigningKeyResponse$Location": "

The unique URL representing the new key signing key (KSK).

", + "CreateKeySigningKeyResponse$Location": "

The unique URL representing the new key-signing key (KSK).

", "CreateQueryLoggingConfigResponse$Location": "

The unique URL representing the new query logging configuration.

", "CreateReusableDelegationSetResponse$Location": "

The unique URL representing the new reusable delegation set.

", "CreateTrafficPolicyInstanceResponse$Location": "

A unique URL that represents a new traffic policy instance.

", @@ -1916,7 +1916,7 @@ "ServeSignature": { "base": null, "refs": { - "DNSSECStatus$ServeSignature": "

Indicates your hosted zone signging status: SIGNING, NOT_SIGNING, or INTERNAL_FAILURE. If the status is INTERNAL_FAILURE, see StatusMessage for information about steps that you can take to correct the problem.

A status INTERNAL_FAILURE means there was an error during a request. Before you can continue to work with DNSSEC signing, including working with key signing keys (KSKs), you must correct the problem by enabling or disabling DNSSEC signing for the hosted zone.

" + "DNSSECStatus$ServeSignature": "

A string that represents the current hosted zone signing status.

Status can have one of the following values:

SIGNING

DNSSEC signing is enabled for the hosted zone.

NOT_SIGNING

DNSSEC signing is not enabled for the hosted zone.

DELETING

DNSSEC signing is in the process of being removed for the hosted zone.

ACTION_NEEDED

There is a problem with signing in the hosted zone that requires you to take action to resolve. For example, the customer managed customer master key (CMK) might have been deleted, or the permissions for the customer managed CMK might have been changed.

INTERNAL_FAILURE

There was an error during a request. Before you can continue to work with DNSSEC signing, including with key-signing keys (KSKs), you must correct the problem by enabling or disabling DNSSEC signing for the hosted zone.

" } }, "ServicePrincipal": { @@ -1928,7 +1928,7 @@ "SigningKeyInteger": { "base": null, "refs": { - "KeySigningKey$Flag": "

An integer that specifies how the key is used. For key signing key (KSK), this value is always 257.

", + "KeySigningKey$Flag": "

An integer that specifies how the key is used. For key-signing key (KSK), this value is always 257.

", "KeySigningKey$SigningAlgorithmType": "

An integer used to represent the signing algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.1.

", "KeySigningKey$DigestAlgorithmType": "

An integer used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.3.

" } @@ -1936,32 +1936,32 @@ "SigningKeyName": { "base": null, "refs": { - "ActivateKeySigningKeyRequest$Name": "

An alphanumeric string used to identify a key signing key (KSK).

", - "CreateKeySigningKeyRequest$Name": "

An alphanumeric string used to identify a key signing key (KSK). Name must be unique for each key signing key in the same hosted zone.

", - "DeactivateKeySigningKeyRequest$Name": "

An alphanumeric string used to identify a key signing key (KSK).

", - "DeleteKeySigningKeyRequest$Name": "

An alphanumeric string used to identify a key signing key (KSK).

", - "KeySigningKey$Name": "

An alphanumeric string used to identify a key signing key (KSK). Name must be unique for each key signing key in the same hosted zone.

" + "ActivateKeySigningKeyRequest$Name": "

A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

", + "CreateKeySigningKeyRequest$Name": "

A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

", + "DeactivateKeySigningKeyRequest$Name": "

A string used to identify a key-signing key (KSK).

", + "DeleteKeySigningKeyRequest$Name": "

A string used to identify a key-signing key (KSK).

", + "KeySigningKey$Name": "

A string used to identify a key-signing key (KSK). Name can include numbers, letters, and underscores (_). Name must be unique for each key-signing key in the same hosted zone.

" } }, "SigningKeyStatus": { "base": null, "refs": { - "CreateKeySigningKeyRequest$Status": "

A string specifying the initial status of the key signing key (KSK). You can set the value to ACTIVE or INACTIVE.

", - "KeySigningKey$Status": "

A string that represents the current key signing key (KSK) status.

Status can have one of the following values:

ACTIVE

The KSK is being used for signing.

INACTIVE

The KSK is not being used for signing.

ACTION_NEEDED

There is an error in the KSK that requires you to take action to resolve.

INTERNAL_FAILURE

There was an error during a request. Before you can continue to work with DNSSEC signing, including actions that involve this KSK, you must correct the problem. For example, you may need to activate or deactivate the KSK.

" + "CreateKeySigningKeyRequest$Status": "

A string specifying the initial status of the key-signing key (KSK). You can set the value to ACTIVE or INACTIVE.

", + "KeySigningKey$Status": "

A string that represents the current key-signing key (KSK) status.

Status can have one of the following values:

ACTIVE

The KSK is being used for signing.

INACTIVE

The KSK is not being used for signing.

DELETING

The KSK is in the process of being deleted.

ACTION_NEEDED

There is a problem with the KSK that requires you to take action to resolve. For example, the customer managed customer master key (CMK) might have been deleted, or the permissions for the customer managed CMK might have been changed.

INTERNAL_FAILURE

There was an error during a request. Before you can continue to work with DNSSEC signing, including actions that involve this KSK, you must correct the problem. For example, you may need to activate or deactivate the KSK.

" } }, "SigningKeyStatusMessage": { "base": null, "refs": { "DNSSECStatus$StatusMessage": "

The status message provided for the following DNSSEC signing status: INTERNAL_FAILURE. The status message includes information about what the problem might be and steps that you can take to correct the issue.

", - "KeySigningKey$StatusMessage": "

The status message provided for the following key signing key (KSK) statuses: ACTION_NEEDED or INTERNAL_FAILURE. The status message includes information about what the problem might be and steps that you can take to correct the issue.

" + "KeySigningKey$StatusMessage": "

The status message provided for the following key-signing key (KSK) statuses: ACTION_NEEDED or INTERNAL_FAILURE. The status message includes information about what the problem might be and steps that you can take to correct the issue.

" } }, "SigningKeyString": { "base": null, "refs": { - "CreateKeySigningKeyRequest$KeyManagementServiceArn": "

The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key Management Service (KMS). The KeyManagementServiceArn must be unique for each key signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the CMK as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

  • DescribeKey

  • GetPublicKey

  • Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

  • \"Service\": \"api-service.dnssec.route53.aws.internal\"

For more information about working with CMK in KMS, see AWS Key Management Service concepts.

", - "KeySigningKey$KmsArn": "

The Amazon resource name (ARN) used to identify the customer managed key (CMK) in AWS Key Management Service (KMS). The KmsArn must be unique for each key signing key (KSK) in a single hosted zone.

You must configure the CMK as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

  • DescribeKey

  • GetPublicKey

  • Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

  • \"Service\": \"api-service.dnssec.route53.aws.internal\"

For more information about working with the customer managed key (CMK) in KMS, see AWS Key Management Service concepts.

", + "CreateKeySigningKeyRequest$KeyManagementServiceArn": "

The Amazon resource name (ARN) for a customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn must be unique for each key-signing key (KSK) in a single hosted zone. To see an example of KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll down to Example.

You must configure the customer managed CMK as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

  • DescribeKey

  • GetPublicKey

  • Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

  • \"Service\": \"api-service.dnssec.route53.aws.internal\"

For more information about working with a customer managed CMK in AWS KMS, see AWS Key Management Service concepts.

", + "KeySigningKey$KmsArn": "

The Amazon resource name (ARN) used to identify the customer managed customer master key (CMK) in AWS Key Management Service (AWS KMS). The KmsArn must be unique for each key-signing key (KSK) in a single hosted zone.

You must configure the CMK as follows:

Status

Enabled

Key spec

ECC_NIST_P256

Key usage

Sign and verify

Key policy

The key policy must give permission for the following actions:

  • DescribeKey

  • GetPublicKey

  • Sign

The key policy must also include the Amazon Route 53 service in the principal for your account. Specify the following:

  • \"Service\": \"api-service.dnssec.route53.aws.internal\"

For more information about working with the customer managed CMK in AWS KMS, see AWS Key Management Service concepts.

", "KeySigningKey$SigningAlgorithmMnemonic": "

A string used to represent the signing algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.1.

", "KeySigningKey$DigestAlgorithmMnemonic": "

A string used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by RFC-8624 Section 3.3.

", "KeySigningKey$DigestValue": "

A cryptographic digest of a DNSKEY resource record (RR). DNSKEY records are used to publish the public key that resolvers can use to verify DNSSEC signatures that are used to secure certain kinds of information provided by the DNS system.

", @@ -2090,8 +2090,8 @@ "base": null, "refs": { "ChangeInfo$SubmittedAt": "

The date and time that the change request was submitted in ISO 8601 format and Coordinated Universal Time (UTC). For example, the value 2017-03-27T17:48:16.751Z represents March 27, 2017 at 17:48:16.751 UTC.

", - "KeySigningKey$CreatedDate": "

The date when the key signing key (KSK) was created.

", - "KeySigningKey$LastModifiedDate": "

The last time that the key signing key (KSK) was changed.

", + "KeySigningKey$CreatedDate": "

The date when the key-signing key (KSK) was created.

", + "KeySigningKey$LastModifiedDate": "

The last time that the key-signing key (KSK) was changed.

", "StatusReport$CheckedTime": "

The date and time that the health checker performed the health check in ISO 8601 format and Coordinated Universal Time (UTC). For example, the value 2017-03-27T17:48:16.751Z represents March 27, 2017 at 17:48:16.751 UTC.

" } }, @@ -2106,7 +2106,7 @@ } }, "TooManyKeySigningKeys": { - "base": "

You've reached the limit for the number of key signing keys (KSKs). Remove at least one KSK, and then try again.

", + "base": "

You've reached the limit for the number of key-signing keys (KSKs). Remove at least one KSK, and then try again.

", "refs": { } }, diff --git a/models/apis/s3control/2018-08-20/api-2.json b/models/apis/s3control/2018-08-20/api-2.json index 480e9ba3715..e228fd3f651 100755 --- a/models/apis/s3control/2018-08-20/api-2.json +++ b/models/apis/s3control/2018-08-20/api-2.json @@ -1628,6 +1628,10 @@ "shape":"S3SetObjectTaggingOperation", "box":true }, + "S3DeleteObjectTagging":{ + "shape":"S3DeleteObjectTaggingOperation", + "box":true + }, "S3InitiateRestoreObject":{ "shape":"S3InitiateRestoreObjectOperation", "box":true @@ -2025,6 +2029,7 @@ "S3PutObjectCopy", "S3PutObjectAcl", "S3PutObjectTagging", + "S3DeleteObjectTagging", "S3InitiateRestoreObject", "S3PutObjectLegalHold", "S3PutObjectRetention" @@ -2420,6 +2425,11 @@ "ObjectLockRetainUntilDate":{"shape":"TimeStamp"} } }, + "S3DeleteObjectTaggingOperation":{ + "type":"structure", + "members":{ + } + }, "S3ExpirationInDays":{ "type":"integer", "min":0 diff --git a/models/apis/s3control/2018-08-20/docs-2.json b/models/apis/s3control/2018-08-20/docs-2.json index 6957c3ba39d..51755d3b1f0 100755 --- a/models/apis/s3control/2018-08-20/docs-2.json +++ b/models/apis/s3control/2018-08-20/docs-2.json @@ -4,7 +4,7 @@ "operations": { "CreateAccessPoint": "

Creates an access point and associates it with the specified bucket. For more information, see Managing Data Access with Amazon S3 Access Points in the Amazon Simple Storage Service Developer Guide.

Using this action with Amazon S3 on Outposts

This action:

  • Requires a virtual private cloud (VPC) configuration as S3 on Outposts only supports VPC style access points.

  • Does not support ACL on S3 on Outposts buckets.

  • Does not support Public Access on S3 on Outposts buckets.

  • Does not support object lock for S3 on Outposts buckets.

For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service Developer Guide .

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to CreateAccessPoint:

", "CreateBucket": "

This API operation creates an Amazon S3 on Outposts bucket. To create an S3 bucket, see Create Bucket in the Amazon Simple Storage Service API.

Creates a new Outposts bucket. By creating the bucket, you become the bucket owner. To create an Outposts bucket, you must have S3 on Outposts. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service Developer Guide.

Not every string is an acceptable bucket name. For information on bucket naming restrictions, see Working with Amazon S3 Buckets.

S3 on Outposts buckets do not support

  • ACLs. Instead, configure access point policies to manage access to buckets.

  • Public access.

  • Object Lock

  • Bucket Location constraint

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your API request, see the Examples section.

The following actions are related to CreateBucket for Amazon S3 on Outposts:

", - "CreateJob": "

S3 Batch Operations performs large-scale Batch Operations on Amazon S3 objects. Batch Operations can run a single operation or action on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon Simple Storage Service Developer Guide.

This operation creates an S3 Batch Operations job.

Related actions include:

", + "CreateJob": "

You can use S3 Batch Operations to perform large-scale batch operations on Amazon S3 objects. Batch Operations can run a single operation on lists of Amazon S3 objects that you specify. For more information, see S3 Batch Operations in the Amazon Simple Storage Service Developer Guide.

This operation creates a S3 Batch Operations job.

Related actions include:

", "DeleteAccessPoint": "

Deletes the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to DeleteAccessPoint:

", "DeleteAccessPointPolicy": "

Deletes the access point policy for the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to DeleteAccessPointPolicy:

", "DeleteBucket": "

This API operation deletes an Amazon S3 on Outposts bucket. To delete an S3 bucket, see DeleteBucket in the Amazon Simple Storage Service API.

Deletes the Amazon S3 on Outposts bucket. All objects (including all object versions and delete markers) in the bucket must be deleted before the bucket itself can be deleted. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service Developer Guide.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

Related Resources

", @@ -13,8 +13,8 @@ "DeleteBucketTagging": "

This operation deletes an Amazon S3 on Outposts bucket's tags. To delete an S3 bucket tags, see DeleteBucketTagging in the Amazon Simple Storage Service API.

Deletes the tags from the Outposts bucket. For more information, see Using Amazon S3 on Outposts in Amazon Simple Storage Service Developer Guide.

To use this operation, you must have permission to perform the PutBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to DeleteBucketTagging:

", "DeleteJobTagging": "

Removes the entire tag set from the specified S3 Batch Operations job. To use this operation, you must have permission to perform the s3:DeleteJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon Simple Storage Service Developer Guide.

Related actions include:

", "DeletePublicAccessBlock": "

Removes the PublicAccessBlock configuration for an AWS account. For more information, see Using Amazon S3 block public access.

Related actions include:

", - "DeleteStorageLensConfiguration": "

Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", - "DeleteStorageLensConfigurationTagging": "

Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", + "DeleteStorageLensConfiguration": "

Deletes the Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", + "DeleteStorageLensConfigurationTagging": "

Deletes the Amazon S3 Storage Lens configuration tags. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", "DescribeJob": "

Retrieves the configuration parameters and status for a Batch Operations job. For more information, see S3 Batch Operations in the Amazon Simple Storage Service Developer Guide.

Related actions include:

", "GetAccessPoint": "

Returns configuration information about the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to GetAccessPoint:

", "GetAccessPointPolicy": "

Returns the access point policy associated with the specified access point.

The following actions are related to GetAccessPointPolicy:

", @@ -25,12 +25,12 @@ "GetBucketTagging": "

This operation gets an Amazon S3 on Outposts bucket's tags. To get an S3 bucket tags, see GetBucketTagging in the Amazon Simple Storage Service API.

Returns the tag set associated with the Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service Developer Guide.

To use this operation, you must have permission to perform the GetBucketTagging action. By default, the bucket owner has this permission and can grant this permission to others.

GetBucketTagging has the following special error:

  • Error code: NoSuchTagSetError

    • Description: There is no tag set associated with the bucket.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to GetBucketTagging:

", "GetJobTagging": "

Returns the tags on an S3 Batch Operations job. To use this operation, you must have permission to perform the s3:GetJobTagging action. For more information, see Controlling access and labeling jobs using tags in the Amazon Simple Storage Service Developer Guide.

Related actions include:

", "GetPublicAccessBlock": "

Retrieves the PublicAccessBlock configuration for an AWS account. For more information, see Using Amazon S3 block public access.

Related actions include:

", - "GetStorageLensConfiguration": "

Gets the Amazon S3 Storage Lens configuration. For more information, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", - "GetStorageLensConfigurationTagging": "

Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", + "GetStorageLensConfiguration": "

Gets the Amazon S3 Storage Lens configuration. For more information, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", + "GetStorageLensConfigurationTagging": "

Gets the tags of Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", "ListAccessPoints": "

Returns a list of the access points currently associated with the specified bucket. You can retrieve up to 1000 access points per call. If the specified bucket has more than 1,000 access points (or the number specified in maxResults, whichever is less), the response will include a continuation token that you can use to list the additional access points.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to ListAccessPoints:

", "ListJobs": "

Lists current S3 Batch Operations jobs and jobs that have ended within the last 30 days for the AWS account making the request. For more information, see S3 Batch Operations in the Amazon Simple Storage Service Developer Guide.

Related actions include:

", "ListRegionalBuckets": "

Returns a list of all Outposts buckets in an Outpost that are owned by the authenticated sender of the request. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service Developer Guide.

For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and x-amz-outpost-id in your request, see the Examples section.

", - "ListStorageLensConfigurations": "

Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", + "ListStorageLensConfigurations": "

Gets a list of Amazon S3 Storage Lens configurations. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:ListStorageLensConfigurations action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", "PutAccessPointPolicy": "

Associates an access policy with the specified access point. Each access point can have only one policy, so a request made to this API replaces any existing policy associated with the specified access point.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to PutAccessPointPolicy:

", "PutBucketLifecycleConfiguration": "

This action puts a lifecycle configuration to an Amazon S3 on Outposts bucket. To put a lifecycle configuration to an S3 bucket, see PutBucketLifecycleConfiguration in the Amazon Simple Storage Service API.

Creates a new lifecycle configuration for the Outposts bucket or replaces an existing lifecycle configuration. Outposts buckets only support lifecycle configurations that delete/expire objects after a certain period of time and abort incomplete multipart uploads. For more information, see Managing Lifecycle Permissions for Amazon S3 on Outposts.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to PutBucketLifecycleConfiguration:

", "PutBucketPolicy": "

This action puts a bucket policy to an Amazon S3 on Outposts bucket. To put a policy on an S3 bucket, see PutBucketPolicy in the Amazon Simple Storage Service API.

Applies an Amazon S3 bucket policy to an Outposts bucket. For more information, see Using Amazon S3 on Outposts in the Amazon Simple Storage Service Developer Guide.

If you are using an identity other than the root user of the AWS account that owns the Outposts bucket, the calling identity must have the PutBucketPolicy permissions on the specified Outposts bucket and belong to the bucket owner's account in order to use this operation.

If you don't have PutBucketPolicy permissions, Amazon S3 returns a 403 Access Denied error. If you have the correct permissions, but you're not using an identity that belongs to the bucket owner's account, Amazon S3 returns a 405 Method Not Allowed error.

As a security precaution, the root user of the AWS account that owns a bucket can always use this operation, even if the policy explicitly denies the root user the ability to perform this action.

For more information about bucket policies, see Using Bucket Policies and User Policies.

All Amazon S3 on Outposts REST API requests for this action require an additional parameter of x-amz-outpost-id to be passed with the request and an S3 on Outposts endpoint hostname prefix instead of s3-control. For an example of the request syntax for Amazon S3 on Outposts that uses the S3 on Outposts endpoint hostname prefix and the x-amz-outpost-id derived using the access point ARN, see the Examples section.

The following actions are related to PutBucketPolicy:

", @@ -38,7 +38,7 @@ "PutJobTagging": "

Sets the supplied tag-set on an S3 Batch Operations job.

A tag is a key-value pair. You can associate S3 Batch Operations tags with any job by sending a PUT request against the tagging subresource that is associated with the job. To modify the existing tag set, you can either replace the existing tag set entirely, or make changes within the existing tag set by retrieving the existing tag set using GetJobTagging, modify that tag set, and use this action to replace the tag set with the one you modified. For more information, see Controlling access and labeling jobs using tags in the Amazon Simple Storage Service Developer Guide.

  • If you send this request with an empty tag set, Amazon S3 deletes the existing tag set on the Batch Operations job. If you use this method, you are charged for a Tier 1 Request (PUT). For more information, see Amazon S3 pricing.

  • For deleting existing tags for your Batch Operations job, a DeleteJobTagging request is preferred because it achieves the same result without incurring charges.

  • A few things to consider about using tags:

    • Amazon S3 limits the maximum number of tags to 50 tags per job.

    • You can associate up to 50 tags with a job as long as they have unique tag keys.

    • A tag key can be up to 128 Unicode characters in length, and tag values can be up to 256 Unicode characters in length.

    • The key and values are case sensitive.

    • For tagging-related restrictions related to characters and encodings, see User-Defined Tag Restrictions in the AWS Billing and Cost Management User Guide.

To use this operation, you must have permission to perform the s3:PutJobTagging action.

Related actions include:

", "PutPublicAccessBlock": "

Creates or modifies the PublicAccessBlock configuration for an AWS account. For more information, see Using Amazon S3 block public access.

Related actions include:

", "PutStorageLensConfiguration": "

Puts an Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfiguration action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", - "PutStorageLensConfigurationTagging": "

Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Working with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", + "PutStorageLensConfigurationTagging": "

Put or replace tags on an existing Amazon S3 Storage Lens configuration. For more information about S3 Storage Lens, see Assessing your storage activity and usage with Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging action. For more information, see Setting permissions to use Amazon S3 Storage Lens in the Amazon Simple Storage Service Developer Guide.

", "UpdateJobPriority": "

Updates an existing S3 Batch Operations job's priority. For more information, see S3 Batch Operations in the Amazon Simple Storage Service Developer Guide.

Related actions include:

", "UpdateJobStatus": "

Updates the status for the specified job. Use this operation to confirm that you want to run a job or to cancel an existing job. For more information, see S3 Batch Operations in the Amazon Simple Storage Service Developer Guide.

Related actions include:

" }, @@ -1065,7 +1065,7 @@ "base": null, "refs": { "LifecycleRuleAndOperator$Prefix": "

Prefix identifying one or more objects to which the rule applies.

", - "LifecycleRuleFilter$Prefix": "

Prefix identifying one or more objects to which the rule applies.

", + "LifecycleRuleFilter$Prefix": "

Prefix identifying one or more objects to which the rule applies.

Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.

", "S3BucketDestination$Prefix": "

The prefix of the destination bucket where the metrics export will be delivered.

" } }, @@ -1216,7 +1216,7 @@ "S3BucketDestination": { "base": "

A container for the bucket where the Amazon S3 Storage Lens metrics export files are located.

", "refs": { - "StorageLensDataExport$S3BucketDestination": "

A container for the bucket where the S3 Storage Lens metrics export will be located.

" + "StorageLensDataExport$S3BucketDestination": "

A container for the bucket where the S3 Storage Lens metrics export will be located.

This bucket must be located in the same Region as the storage lens configuration.

" } }, "S3CannedAccessControlList": { @@ -1238,6 +1238,12 @@ "JobOperation$S3PutObjectCopy": "

Directs the specified job to run a PUT Copy object call on every object in the manifest.

" } }, + "S3DeleteObjectTaggingOperation": { + "base": "

Contains no configuration parameters because the DELETE Object tagging API only accepts the bucket name and key name as parameters, which are defined in the job's manifest.

", + "refs": { + "JobOperation$S3DeleteObjectTagging": "

Directs the specified job to execute a DELETE Object tagging call on every object in the manifest.

" + } + }, "S3ExpirationInDays": { "base": null, "refs": { @@ -1284,7 +1290,7 @@ "S3KeyArnString": { "base": null, "refs": { - "JobManifestLocation$ObjectArn": "

The Amazon Resource Name (ARN) for a manifest object.

" + "JobManifestLocation$ObjectArn": "

The Amazon Resource Name (ARN) for a manifest object.

Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests. For more information, see XML related object key constraints.

" } }, "S3MetadataDirective": { diff --git a/service/applicationautoscaling/api.go b/service/applicationautoscaling/api.go index 2641e2ff3fc..71b0c40d6c4 100644 --- a/service/applicationautoscaling/api.go +++ b/service/applicationautoscaling/api.go @@ -65,8 +65,8 @@ func (c *ApplicationAutoScaling) DeleteScalingPolicyRequest(input *DeleteScaling // not delete the CloudWatch alarm associated with the scaling policy, even // if it no longer has an associated action. // -// For more information, see Delete a Step Scaling Policy (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html#delete-step-scaling-policy) -// and Delete a Target Tracking Scaling Policy (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html#delete-target-tracking-policy) +// For more information, see Delete a step scaling policy (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html#delete-step-scaling-policy) +// and Delete a target tracking scaling policy (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html#delete-target-tracking-policy) // in the Application Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -165,7 +165,7 @@ func (c *ApplicationAutoScaling) DeleteScheduledActionRequest(input *DeleteSched // Deletes the specified scheduled action for an Application Auto Scaling scalable // target. // -// For more information, see Delete a Scheduled Action (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html#delete-scheduled-action) +// For more information, see Delete a scheduled action (https://docs.aws.amazon.com/autoscaling/application/userguide/scheduled-scaling-additional-cli-commands.html#delete-scheduled-action) // in the Application Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -672,8 +672,8 @@ func (c *ApplicationAutoScaling) DescribeScalingPoliciesRequest(input *DescribeS // // You can filter the results using ResourceId, ScalableDimension, and PolicyNames. // -// For more information, see Target Tracking Scaling Policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) -// and Step Scaling Policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) +// For more information, see Target tracking scaling policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) +// and Step scaling policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) // in the Application Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -836,7 +836,8 @@ func (c *ApplicationAutoScaling) DescribeScheduledActionsRequest(input *Describe // You can filter the results using the ResourceId, ScalableDimension, and ScheduledActionNames // parameters. // -// For more information, see Scheduled Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html) +// For more information, see Scheduled scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html) +// and Managing scheduled scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/scheduled-scaling-additional-cli-commands.html) // in the Application Auto Scaling User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1006,8 +1007,8 @@ func (c *ApplicationAutoScaling) PutScalingPolicyRequest(input *PutScalingPolicy // the target tracking policy could instruct the scalable target to scale out // again. // -// For more information, see Target Tracking Scaling Policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) -// and Step Scaling Policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) +// For more information, see Target tracking scaling policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) +// and Step scaling policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) // in the Application Auto Scaling User Guide. // // If a scalable target is deregistered, the scalable target is no longer available @@ -1028,7 +1029,7 @@ func (c *ApplicationAutoScaling) PutScalingPolicyRequest(input *PutScalingPolicy // // * LimitExceededException // A per-account resource limit is exceeded. For more information, see Application -// Auto Scaling Limits (https://docs.aws.amazon.com/ApplicationAutoScaling/latest/userguide/application-auto-scaling-limits.html). +// Auto Scaling service quotas (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-limits.html). // // * ObjectNotFoundException // The specified object could not be found. For any operation that depends on @@ -1128,13 +1129,13 @@ func (c *ApplicationAutoScaling) PutScheduledActionRequest(input *PutScheduledAc // have registered the resource as a scalable target. // // When start and end times are specified with a recurring schedule using a -// cron expression or rates, they form the boundaries of when the recurring +// cron expression or rates, they form the boundaries for when the recurring // action starts and stops. // // To update a scheduled action, specify the parameters that you want to change. // If you don't specify start and end times, the old values are deleted. // -// For more information, see Scheduled Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html) +// For more information, see Scheduled scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html) // in the Application Auto Scaling User Guide. // // If a scalable target is deregistered, the scalable target is no longer available @@ -1155,7 +1156,7 @@ func (c *ApplicationAutoScaling) PutScheduledActionRequest(input *PutScheduledAc // // * LimitExceededException // A per-account resource limit is exceeded. For more information, see Application -// Auto Scaling Limits (https://docs.aws.amazon.com/ApplicationAutoScaling/latest/userguide/application-auto-scaling-limits.html). +// Auto Scaling service quotas (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-limits.html). // // * ObjectNotFoundException // The specified object could not be found. For any operation that depends on @@ -1276,7 +1277,7 @@ func (c *ApplicationAutoScaling) RegisterScalableTargetRequest(input *RegisterSc // // * LimitExceededException // A per-account resource limit is exceeded. For more information, see Application -// Auto Scaling Limits (https://docs.aws.amazon.com/ApplicationAutoScaling/latest/userguide/application-auto-scaling-limits.html). +// Auto Scaling service quotas (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-limits.html). // // * ConcurrentUpdateException // Concurrent updates caused an exception, for example, if you request an update @@ -2121,8 +2122,7 @@ type DescribeScalableTargetsInput struct { NextToken *string `type:"string"` // The identifier of the resource associated with the scalable target. This - // string consists of the resource type and unique identifier. If you specify - // a scalable dimension, you must also specify a resource ID. + // string consists of the resource type and unique identifier. // // * ECS service - The resource type is service and the unique identifier // is the cluster name and service name. Example: service/default/sample-webapp. @@ -2337,8 +2337,7 @@ type DescribeScalingActivitiesInput struct { NextToken *string `type:"string"` // The identifier of the resource associated with the scaling activity. This - // string consists of the resource type and unique identifier. If you specify - // a scalable dimension, you must also specify a resource ID. + // string consists of the resource type and unique identifier. // // * ECS service - The resource type is service and the unique identifier // is the cluster name and service name. Example: service/default/sample-webapp. @@ -2559,8 +2558,7 @@ type DescribeScalingPoliciesInput struct { PolicyNames []*string `type:"list"` // The identifier of the resource associated with the scaling policy. This string - // consists of the resource type and unique identifier. If you specify a scalable - // dimension, you must also specify a resource ID. + // consists of the resource type and unique identifier. // // * ECS service - The resource type is service and the unique identifier // is the cluster name and service name. Example: service/default/sample-webapp. @@ -2784,8 +2782,7 @@ type DescribeScheduledActionsInput struct { NextToken *string `type:"string"` // The identifier of the resource associated with the scheduled action. This - // string consists of the resource type and unique identifier. If you specify - // a scalable dimension, you must also specify a resource ID. + // string consists of the resource type and unique identifier. // // * ECS service - The resource type is service and the unique identifier // is the cluster name and service name. Example: service/default/sample-webapp. @@ -3170,7 +3167,7 @@ func (s *InvalidNextTokenException) RequestID() string { } // A per-account resource limit is exceeded. For more information, see Application -// Auto Scaling Limits (https://docs.aws.amazon.com/ApplicationAutoScaling/latest/userguide/application-auto-scaling-limits.html). +// Auto Scaling service quotas (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-limits.html). type LimitExceededException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -3345,7 +3342,7 @@ func (s *ObjectNotFoundException) RequestID() string { // Only the AWS services that you're using send metrics to Amazon CloudWatch. // To determine whether a desired metric already exists by looking up its namespace // and dimension using the CloudWatch metrics dashboard in the console, follow -// the procedure in Building Dashboards with CloudWatch (https://docs.aws.amazon.com/autoscaling/application/userguide/monitoring-cloudwatch.html) +// the procedure in Building dashboards with CloudWatch (https://docs.aws.amazon.com/autoscaling/application/userguide/monitoring-cloudwatch.html) // in the Application Auto Scaling User Guide. type PredefinedMetricSpecification struct { _ struct{} `type:"structure"` @@ -3437,8 +3434,8 @@ type PutScalingPolicyInput struct { // StepScaling—Not supported for DynamoDB, Amazon Comprehend, Lambda, Amazon // Keyspaces (for Apache Cassandra), or Amazon MSK. // - // For more information, see Target Tracking Scaling Policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) - // and Step Scaling Policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) + // For more information, see Target tracking scaling policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) + // and Step scaling policies (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) // in the Application Auto Scaling User Guide. PolicyType *string `type:"string" enum:"PolicyType"` @@ -3699,7 +3696,7 @@ func (s *PutScalingPolicyOutput) SetPolicyARN(v string) *PutScalingPolicyOutput type PutScheduledActionInput struct { _ struct{} `type:"structure"` - // The date and time for the recurring schedule to end. + // The date and time for the recurring schedule to end, in UTC. EndTime *time.Time `type:"timestamp"` // The identifier of the resource associated with the scheduled action. This @@ -3827,16 +3824,21 @@ type PutScheduledActionInput struct { // // * Cron expressions - "cron(fields)" // - // At expressions are useful for one-time schedules. Specify the time in UTC. + // At expressions are useful for one-time schedules. Cron expressions are useful + // for scheduled actions that run periodically at a specified date and time, + // and rate expressions are useful for scheduled actions that run at a regular + // interval. + // + // At and cron expressions use Universal Coordinated Time (UTC) by default. + // + // The cron format consists of six fields separated by white spaces: [Minutes] + // [Hours] [Day_of_Month] [Month] [Day_of_Week] [Year]. // // For rate expressions, value is a positive integer and unit is minute | minutes // | hour | hours | day | days. // - // For cron expressions, fields is a cron expression. The supported cron format - // consists of six fields separated by white spaces: [Minutes] [Hours] [Day_of_Month] - // [Month] [Day_of_Week] [Year]. - // - // For more information and examples, see Scheduled Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html) + // For more information and examples, see Example scheduled actions for Application + // Auto Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/examples-scheduled-actions.html) // in the Application Auto Scaling User Guide. Schedule *string `min:"1" type:"string"` @@ -3852,8 +3854,16 @@ type PutScheduledActionInput struct { // ServiceNamespace is a required field ServiceNamespace *string `type:"string" required:"true" enum:"ServiceNamespace"` - // The date and time for this scheduled action to start. + // The date and time for this scheduled action to start, in UTC. StartTime *time.Time `type:"timestamp"` + + // Specifies the time zone used when setting a scheduled action by using an + // at or cron expression. If a time zone is not provided, UTC is used by default. + // + // Valid values are the canonical names of the IANA time zones supported by + // Joda-Time (such as Etc/GMT+9 or Pacific/Tahiti). For more information, see + // https://www.joda.org/joda-time/timezones.html (https://www.joda.org/joda-time/timezones.html). + Timezone *string `min:"1" type:"string"` } // String returns the string representation @@ -3890,6 +3900,9 @@ func (s *PutScheduledActionInput) Validate() error { if s.ServiceNamespace == nil { invalidParams.Add(request.NewErrParamRequired("ServiceNamespace")) } + if s.Timezone != nil && len(*s.Timezone) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Timezone", 1)) + } if invalidParams.Len() > 0 { return invalidParams @@ -3945,6 +3958,12 @@ func (s *PutScheduledActionInput) SetStartTime(v time.Time) *PutScheduledActionI return s } +// SetTimezone sets the Timezone field's value. +func (s *PutScheduledActionInput) SetTimezone(v string) *PutScheduledActionInput { + s.Timezone = &v + return s +} + type PutScheduledActionOutput struct { _ struct{} `type:"structure"` } @@ -4045,7 +4064,7 @@ type RegisterScalableTargetInput struct { // // If the service supports service-linked roles, Application Auto Scaling uses // a service-linked role, which it creates if it does not yet exist. For more - // information, see Application Auto Scaling IAM Roles (https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles). + // information, see Application Auto Scaling IAM roles (https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles). RoleARN *string `min:"1" type:"string"` // The scalable dimension associated with the scalable target. This string consists @@ -4128,7 +4147,7 @@ type RegisterScalableTargetInput struct { // * For ScheduledScalingSuspended, while a suspension is in effect, all // scaling activities that involve scheduled actions are suspended. // - // For more information, see Suspending and Resuming Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-suspend-resume-scaling.html) + // For more information, see Suspending and resuming scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-suspend-resume-scaling.html) // in the Application Auto Scaling User Guide. SuspendedState *SuspendedState `type:"structure"` } @@ -4935,7 +4954,7 @@ type ScheduledAction struct { // CreationTime is a required field CreationTime *time.Time `type:"timestamp" required:"true"` - // The date and time that the action is scheduled to end. + // The date and time that the action is scheduled to end, in UTC. EndTime *time.Time `type:"timestamp"` // The identifier of the resource associated with the scaling policy. This string @@ -5061,16 +5080,21 @@ type ScheduledAction struct { // // * Cron expressions - "cron(fields)" // - // At expressions are useful for one-time schedules. Specify the time in UTC. + // At expressions are useful for one-time schedules. Cron expressions are useful + // for scheduled actions that run periodically at a specified date and time, + // and rate expressions are useful for scheduled actions that run at a regular + // interval. + // + // At and cron expressions use Universal Coordinated Time (UTC) by default. + // + // The cron format consists of six fields separated by white spaces: [Minutes] + // [Hours] [Day_of_Month] [Month] [Day_of_Week] [Year]. // // For rate expressions, value is a positive integer and unit is minute | minutes // | hour | hours | day | days. // - // For cron expressions, fields is a cron expression. The supported cron format - // consists of six fields separated by white spaces: [Minutes] [Hours] [Day_of_Month] - // [Month] [Day_of_Week] [Year]. - // - // For more information and examples, see Scheduled Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-scheduled-scaling.html) + // For more information and examples, see Example scheduled actions for Application + // Auto Scaling (https://docs.aws.amazon.com/autoscaling/application/userguide/examples-scheduled-actions.html) // in the Application Auto Scaling User Guide. // // Schedule is a required field @@ -5091,8 +5115,12 @@ type ScheduledAction struct { // ServiceNamespace is a required field ServiceNamespace *string `type:"string" required:"true" enum:"ServiceNamespace"` - // The date and time that the action is scheduled to begin. + // The date and time that the action is scheduled to begin, in UTC. StartTime *time.Time `type:"timestamp"` + + // The time zone used when referring to the date and time of a scheduled action, + // when the scheduled action uses an at or cron expression. + Timezone *string `min:"1" type:"string"` } // String returns the string representation @@ -5165,6 +5193,12 @@ func (s *ScheduledAction) SetStartTime(v time.Time) *ScheduledAction { return s } +// SetTimezone sets the Timezone field's value. +func (s *ScheduledAction) SetTimezone(v string) *ScheduledAction { + s.Timezone = &v + return s +} + // Represents a step adjustment for a StepScalingPolicyConfiguration (https://docs.aws.amazon.com/autoscaling/application/APIReference/API_StepScalingPolicyConfiguration.html). // Describes an adjustment based on the difference between the value of the // aggregated CloudWatch metric and the breach threshold that you've defined @@ -5327,7 +5361,7 @@ type StepScalingPolicyConfiguration struct { // // * Amazon Keyspaces tables // - // * Amazon MSK cluster storage + // * Amazon MSK broker storage Cooldown *int64 `type:"integer"` // The aggregation type for the CloudWatch metrics. Valid values are Minimum, @@ -5519,7 +5553,7 @@ type TargetTrackingScalingPolicyConfiguration struct { // // * Amazon Keyspaces tables // - // * Amazon MSK cluster storage + // * Amazon MSK broker storage ScaleInCooldown *int64 `type:"integer"` // The amount of time, in seconds, to wait for a previous scale-out activity @@ -5563,7 +5597,7 @@ type TargetTrackingScalingPolicyConfiguration struct { // // * Amazon Keyspaces tables // - // * Amazon MSK cluster storage + // * Amazon MSK broker storage ScaleOutCooldown *int64 `type:"integer"` // The target value for the metric. Although this property accepts numbers of diff --git a/service/applicationautoscaling/doc.go b/service/applicationautoscaling/doc.go index 0d163aeadf3..ae6409361ba 100644 --- a/service/applicationautoscaling/doc.go +++ b/service/applicationautoscaling/doc.go @@ -28,7 +28,7 @@ // // * Amazon Keyspaces (for Apache Cassandra) tables // -// * Amazon Managed Streaming for Apache Kafka cluster storage +// * Amazon Managed Streaming for Apache Kafka broker storage // // API Summary // diff --git a/service/applicationautoscaling/errors.go b/service/applicationautoscaling/errors.go index acb9104661a..fd709160648 100644 --- a/service/applicationautoscaling/errors.go +++ b/service/applicationautoscaling/errors.go @@ -42,7 +42,7 @@ const ( // "LimitExceededException". // // A per-account resource limit is exceeded. For more information, see Application - // Auto Scaling Limits (https://docs.aws.amazon.com/ApplicationAutoScaling/latest/userguide/application-auto-scaling-limits.html). + // Auto Scaling service quotas (https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-limits.html). ErrCodeLimitExceededException = "LimitExceededException" // ErrCodeObjectNotFoundException for service response error code diff --git a/service/appmesh/api.go b/service/appmesh/api.go index c6f14b508cb..eac62913f7e 100644 --- a/service/appmesh/api.go +++ b/service/appmesh/api.go @@ -4786,6 +4786,9 @@ func (s *ClientPolicy) SetTls(v *ClientPolicyTls) *ClientPolicy { type ClientPolicyTls struct { _ struct{} `type:"structure"` + // A reference to an object that represents a client's TLS certificate. + Certificate *ClientTlsCertificate `locationName:"certificate" type:"structure"` + // Whether the policy is enforced. The default is True, if a value isn't specified. Enforce *bool `locationName:"enforce" type:"boolean"` @@ -4814,6 +4817,11 @@ func (s *ClientPolicyTls) Validate() error { if s.Validation == nil { invalidParams.Add(request.NewErrParamRequired("Validation")) } + if s.Certificate != nil { + if err := s.Certificate.Validate(); err != nil { + invalidParams.AddNested("Certificate", err.(request.ErrInvalidParams)) + } + } if s.Validation != nil { if err := s.Validation.Validate(); err != nil { invalidParams.AddNested("Validation", err.(request.ErrInvalidParams)) @@ -4826,6 +4834,12 @@ func (s *ClientPolicyTls) Validate() error { return nil } +// SetCertificate sets the Certificate field's value. +func (s *ClientPolicyTls) SetCertificate(v *ClientTlsCertificate) *ClientPolicyTls { + s.Certificate = v + return s +} + // SetEnforce sets the Enforce field's value. func (s *ClientPolicyTls) SetEnforce(v bool) *ClientPolicyTls { s.Enforce = &v @@ -4844,6 +4858,62 @@ func (s *ClientPolicyTls) SetValidation(v *TlsValidationContext) *ClientPolicyTl return s } +// An object that represents the client's certificate. +type ClientTlsCertificate struct { + _ struct{} `type:"structure"` + + // An object that represents a local file certificate. The certificate must + // meet specific requirements and you must have proxy authorization enabled. + // For more information, see Transport Layer Security (TLS) (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html#virtual-node-tls-prerequisites). + File *ListenerTlsFileCertificate `locationName:"file" type:"structure"` + + // A reference to an object that represents a client's TLS Secret Discovery + // Service certificate. + Sds *ListenerTlsSdsCertificate `locationName:"sds" type:"structure"` +} + +// String returns the string representation +func (s ClientTlsCertificate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ClientTlsCertificate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ClientTlsCertificate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ClientTlsCertificate"} + if s.File != nil { + if err := s.File.Validate(); err != nil { + invalidParams.AddNested("File", err.(request.ErrInvalidParams)) + } + } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFile sets the File field's value. +func (s *ClientTlsCertificate) SetFile(v *ListenerTlsFileCertificate) *ClientTlsCertificate { + s.File = v + return s +} + +// SetSds sets the Sds field's value. +func (s *ClientTlsCertificate) SetSds(v *ListenerTlsSdsCertificate) *ClientTlsCertificate { + s.Sds = v + return s +} + // The request contains a client token that was used for a previous update resource // call with different specifications. Try the request again with a new client // token. @@ -10612,7 +10682,8 @@ func (s *ListenerTimeout) SetTcp(v *TcpTimeout) *ListenerTimeout { type ListenerTls struct { _ struct{} `type:"structure"` - // A reference to an object that represents a listener's TLS certificate. + // A reference to an object that represents a listener's Transport Layer Security + // (TLS) certificate. // // Certificate is a required field Certificate *ListenerTlsCertificate `locationName:"certificate" type:"structure" required:"true"` @@ -10627,6 +10698,10 @@ type ListenerTls struct { // // Mode is a required field Mode *string `locationName:"mode" type:"string" required:"true" enum:"ListenerTlsMode"` + + // A reference to an object that represents a listener's Transport Layer Security + // (TLS) validation context. + Validation *ListenerTlsValidationContext `locationName:"validation" type:"structure"` } // String returns the string representation @@ -10653,6 +10728,11 @@ func (s *ListenerTls) Validate() error { invalidParams.AddNested("Certificate", err.(request.ErrInvalidParams)) } } + if s.Validation != nil { + if err := s.Validation.Validate(); err != nil { + invalidParams.AddNested("Validation", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -10672,6 +10752,12 @@ func (s *ListenerTls) SetMode(v string) *ListenerTls { return s } +// SetValidation sets the Validation field's value. +func (s *ListenerTls) SetValidation(v *ListenerTlsValidationContext) *ListenerTls { + s.Validation = v + return s +} + // An object that represents an AWS Certicate Manager (ACM) certificate. type ListenerTlsAcmCertificate struct { _ struct{} `type:"structure"` @@ -10722,6 +10808,10 @@ type ListenerTlsCertificate struct { // A reference to an object that represents a local file certificate. File *ListenerTlsFileCertificate `locationName:"file" type:"structure"` + + // A reference to an object that represents a listener's Secret Discovery Service + // certificate. + Sds *ListenerTlsSdsCertificate `locationName:"sds" type:"structure"` } // String returns the string representation @@ -10747,6 +10837,11 @@ func (s *ListenerTlsCertificate) Validate() error { invalidParams.AddNested("File", err.(request.ErrInvalidParams)) } } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -10766,6 +10861,12 @@ func (s *ListenerTlsCertificate) SetFile(v *ListenerTlsFileCertificate) *Listene return s } +// SetSds sets the Sds field's value. +func (s *ListenerTlsCertificate) SetSds(v *ListenerTlsSdsCertificate) *ListenerTlsCertificate { + s.Sds = v + return s +} + // An object that represents a local file certificate. The certificate must // meet specific requirements and you must have proxy authorization enabled. // For more information, see Transport Layer Security (TLS) (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html#virtual-node-tls-prerequisites). @@ -10828,6 +10929,167 @@ func (s *ListenerTlsFileCertificate) SetPrivateKey(v string) *ListenerTlsFileCer return s } +// An object that represents the listener's Secret Discovery Service certificate. +// The proxy must be configured with a local SDS provider via a Unix Domain +// Socket. See App Mesh TLS documentation (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html) +// for more info. +type ListenerTlsSdsCertificate struct { + _ struct{} `type:"structure"` + + // A reference to an object that represents the name of the secret requested + // from the Secret Discovery Service provider representing Transport Layer Security + // (TLS) materials like a certificate or certificate chain. + // + // SecretName is a required field + SecretName *string `locationName:"secretName" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListenerTlsSdsCertificate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListenerTlsSdsCertificate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListenerTlsSdsCertificate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListenerTlsSdsCertificate"} + if s.SecretName == nil { + invalidParams.Add(request.NewErrParamRequired("SecretName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretName sets the SecretName field's value. +func (s *ListenerTlsSdsCertificate) SetSecretName(v string) *ListenerTlsSdsCertificate { + s.SecretName = &v + return s +} + +// An object that represents a listener's Transport Layer Security (TLS) validation +// context. +type ListenerTlsValidationContext struct { + _ struct{} `type:"structure"` + + // A reference to an object that represents the SANs for a listener's Transport + // Layer Security (TLS) validation context. + SubjectAlternativeNames *SubjectAlternativeNames `locationName:"subjectAlternativeNames" type:"structure"` + + // A reference to where to retrieve the trust chain when validating a peer’s + // Transport Layer Security (TLS) certificate. + // + // Trust is a required field + Trust *ListenerTlsValidationContextTrust `locationName:"trust" type:"structure" required:"true"` +} + +// String returns the string representation +func (s ListenerTlsValidationContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListenerTlsValidationContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListenerTlsValidationContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListenerTlsValidationContext"} + if s.Trust == nil { + invalidParams.Add(request.NewErrParamRequired("Trust")) + } + if s.SubjectAlternativeNames != nil { + if err := s.SubjectAlternativeNames.Validate(); err != nil { + invalidParams.AddNested("SubjectAlternativeNames", err.(request.ErrInvalidParams)) + } + } + if s.Trust != nil { + if err := s.Trust.Validate(); err != nil { + invalidParams.AddNested("Trust", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. +func (s *ListenerTlsValidationContext) SetSubjectAlternativeNames(v *SubjectAlternativeNames) *ListenerTlsValidationContext { + s.SubjectAlternativeNames = v + return s +} + +// SetTrust sets the Trust field's value. +func (s *ListenerTlsValidationContext) SetTrust(v *ListenerTlsValidationContextTrust) *ListenerTlsValidationContext { + s.Trust = v + return s +} + +// An object that represents a listener's Transport Layer Security (TLS) validation +// context trust. +type ListenerTlsValidationContextTrust struct { + _ struct{} `type:"structure"` + + // An object that represents a Transport Layer Security (TLS) validation context + // trust for a local file. + File *TlsValidationContextFileTrust `locationName:"file" type:"structure"` + + // A reference to an object that represents a listener's Transport Layer Security + // (TLS) Secret Discovery Service validation context trust. + Sds *TlsValidationContextSdsTrust `locationName:"sds" type:"structure"` +} + +// String returns the string representation +func (s ListenerTlsValidationContextTrust) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListenerTlsValidationContextTrust) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListenerTlsValidationContextTrust) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListenerTlsValidationContextTrust"} + if s.File != nil { + if err := s.File.Validate(); err != nil { + invalidParams.AddNested("File", err.(request.ErrInvalidParams)) + } + } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFile sets the File field's value. +func (s *ListenerTlsValidationContextTrust) SetFile(v *TlsValidationContextFileTrust) *ListenerTlsValidationContextTrust { + s.File = v + return s +} + +// SetSds sets the Sds field's value. +func (s *ListenerTlsValidationContextTrust) SetSds(v *TlsValidationContextSdsTrust) *ListenerTlsValidationContextTrust { + s.Sds = v + return s +} + // An object that represents the logging information for a virtual node. type Logging struct { _ struct{} `type:"structure"` @@ -11926,6 +12188,90 @@ func (s *ServiceUnavailableException) RequestID() string { return s.RespMetadata.RequestID } +// An object that represents the methods by which a subject alternative name +// on a peer Transport Layer Security (TLS) certificate can be matched. +type SubjectAlternativeNameMatchers struct { + _ struct{} `type:"structure"` + + // The values sent must match the specified values exactly. + // + // Exact is a required field + Exact []*string `locationName:"exact" type:"list" required:"true"` +} + +// String returns the string representation +func (s SubjectAlternativeNameMatchers) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SubjectAlternativeNameMatchers) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SubjectAlternativeNameMatchers) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SubjectAlternativeNameMatchers"} + if s.Exact == nil { + invalidParams.Add(request.NewErrParamRequired("Exact")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetExact sets the Exact field's value. +func (s *SubjectAlternativeNameMatchers) SetExact(v []*string) *SubjectAlternativeNameMatchers { + s.Exact = v + return s +} + +// An object that represents the subject alternative names secured by the certificate. +type SubjectAlternativeNames struct { + _ struct{} `type:"structure"` + + // An object that represents the criteria for determining a SANs match. + // + // Match is a required field + Match *SubjectAlternativeNameMatchers `locationName:"match" type:"structure" required:"true"` +} + +// String returns the string representation +func (s SubjectAlternativeNames) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s SubjectAlternativeNames) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *SubjectAlternativeNames) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "SubjectAlternativeNames"} + if s.Match == nil { + invalidParams.Add(request.NewErrParamRequired("Match")) + } + if s.Match != nil { + if err := s.Match.Validate(); err != nil { + invalidParams.AddNested("Match", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMatch sets the Match field's value. +func (s *SubjectAlternativeNames) SetMatch(v *SubjectAlternativeNameMatchers) *SubjectAlternativeNames { + s.Match = v + return s +} + // Optional metadata that you apply to a resource to assist with categorization // and organization. Each tag consists of a key and an optional value, both // of which you define. Tag keys can have a maximum character length of 128 @@ -12196,11 +12542,17 @@ func (s *TcpTimeout) SetIdle(v *Duration) *TcpTimeout { return s } -// An object that represents a Transport Layer Security (TLS) validation context. +// An object that represents how the proxy will validate its peer during Transport +// Layer Security (TLS) negotiation. type TlsValidationContext struct { _ struct{} `type:"structure"` - // A reference to an object that represents a TLS validation context trust. + // A reference to an object that represents the SANs for a Transport Layer Security + // (TLS) validation context. + SubjectAlternativeNames *SubjectAlternativeNames `locationName:"subjectAlternativeNames" type:"structure"` + + // A reference to where to retrieve the trust chain when validating a peer’s + // Transport Layer Security (TLS) certificate. // // Trust is a required field Trust *TlsValidationContextTrust `locationName:"trust" type:"structure" required:"true"` @@ -12222,6 +12574,11 @@ func (s *TlsValidationContext) Validate() error { if s.Trust == nil { invalidParams.Add(request.NewErrParamRequired("Trust")) } + if s.SubjectAlternativeNames != nil { + if err := s.SubjectAlternativeNames.Validate(); err != nil { + invalidParams.AddNested("SubjectAlternativeNames", err.(request.ErrInvalidParams)) + } + } if s.Trust != nil { if err := s.Trust.Validate(); err != nil { invalidParams.AddNested("Trust", err.(request.ErrInvalidParams)) @@ -12234,14 +12591,20 @@ func (s *TlsValidationContext) Validate() error { return nil } +// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. +func (s *TlsValidationContext) SetSubjectAlternativeNames(v *SubjectAlternativeNames) *TlsValidationContext { + s.SubjectAlternativeNames = v + return s +} + // SetTrust sets the Trust field's value. func (s *TlsValidationContext) SetTrust(v *TlsValidationContextTrust) *TlsValidationContext { s.Trust = v return s } -// An object that represents a TLS validation context trust for an AWS Certicate -// Manager (ACM) certificate. +// An object that represents a Transport Layer Security (TLS) validation context +// trust for an AWS Certicate Manager (ACM) certificate. type TlsValidationContextAcmTrust struct { _ struct{} `type:"structure"` @@ -12327,17 +12690,65 @@ func (s *TlsValidationContextFileTrust) SetCertificateChain(v string) *TlsValida return s } +// An object that represents a Transport Layer Security (TLS) Secret Discovery +// Service validation context trust. The proxy must be configured with a local +// SDS provider via a Unix Domain Socket. See App Mesh TLS documentation (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html) +// for more info. +type TlsValidationContextSdsTrust struct { + _ struct{} `type:"structure"` + + // A reference to an object that represents the name of the secret for a Transport + // Layer Security (TLS) Secret Discovery Service validation context trust. + // + // SecretName is a required field + SecretName *string `locationName:"secretName" type:"string" required:"true"` +} + +// String returns the string representation +func (s TlsValidationContextSdsTrust) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TlsValidationContextSdsTrust) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TlsValidationContextSdsTrust) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TlsValidationContextSdsTrust"} + if s.SecretName == nil { + invalidParams.Add(request.NewErrParamRequired("SecretName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretName sets the SecretName field's value. +func (s *TlsValidationContextSdsTrust) SetSecretName(v string) *TlsValidationContextSdsTrust { + s.SecretName = &v + return s +} + // An object that represents a Transport Layer Security (TLS) validation context // trust. type TlsValidationContextTrust struct { _ struct{} `type:"structure"` - // A reference to an object that represents a TLS validation context trust for - // an AWS Certicate Manager (ACM) certificate. + // A reference to an object that represents a Transport Layer Security (TLS) + // validation context trust for an AWS Certicate Manager (ACM) certificate. Acm *TlsValidationContextAcmTrust `locationName:"acm" type:"structure"` - // An object that represents a TLS validation context trust for a local file. + // An object that represents a Transport Layer Security (TLS) validation context + // trust for a local file. File *TlsValidationContextFileTrust `locationName:"file" type:"structure"` + + // A reference to an object that represents a Transport Layer Security (TLS) + // Secret Discovery Service validation context trust. + Sds *TlsValidationContextSdsTrust `locationName:"sds" type:"structure"` } // String returns the string representation @@ -12363,6 +12774,11 @@ func (s *TlsValidationContextTrust) Validate() error { invalidParams.AddNested("File", err.(request.ErrInvalidParams)) } } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -12382,6 +12798,12 @@ func (s *TlsValidationContextTrust) SetFile(v *TlsValidationContextFileTrust) *T return s } +// SetSds sets the Sds field's value. +func (s *TlsValidationContextTrust) SetSds(v *TlsValidationContextSdsTrust) *TlsValidationContextTrust { + s.Sds = v + return s +} + // The maximum request rate permitted by the App Mesh APIs has been exceeded // for your account. For best results, use an increasing or variable sleep interval // between requests. @@ -13577,13 +13999,18 @@ func (s *VirtualGatewayClientPolicy) SetTls(v *VirtualGatewayClientPolicyTls) *V type VirtualGatewayClientPolicyTls struct { _ struct{} `type:"structure"` + // A reference to an object that represents a virtual gateway's client's Transport + // Layer Security (TLS) certificate. + Certificate *VirtualGatewayClientTlsCertificate `locationName:"certificate" type:"structure"` + // Whether the policy is enforced. The default is True, if a value isn't specified. Enforce *bool `locationName:"enforce" type:"boolean"` // One or more ports that the policy is enforced for. Ports []*int64 `locationName:"ports" type:"list"` - // A reference to an object that represents a TLS validation context. + // A reference to an object that represents a Transport Layer Security (TLS) + // validation context. // // Validation is a required field Validation *VirtualGatewayTlsValidationContext `locationName:"validation" type:"structure" required:"true"` @@ -13605,6 +14032,11 @@ func (s *VirtualGatewayClientPolicyTls) Validate() error { if s.Validation == nil { invalidParams.Add(request.NewErrParamRequired("Validation")) } + if s.Certificate != nil { + if err := s.Certificate.Validate(); err != nil { + invalidParams.AddNested("Certificate", err.(request.ErrInvalidParams)) + } + } if s.Validation != nil { if err := s.Validation.Validate(); err != nil { invalidParams.AddNested("Validation", err.(request.ErrInvalidParams)) @@ -13617,6 +14049,12 @@ func (s *VirtualGatewayClientPolicyTls) Validate() error { return nil } +// SetCertificate sets the Certificate field's value. +func (s *VirtualGatewayClientPolicyTls) SetCertificate(v *VirtualGatewayClientTlsCertificate) *VirtualGatewayClientPolicyTls { + s.Certificate = v + return s +} + // SetEnforce sets the Enforce field's value. func (s *VirtualGatewayClientPolicyTls) SetEnforce(v bool) *VirtualGatewayClientPolicyTls { s.Enforce = &v @@ -13635,6 +14073,63 @@ func (s *VirtualGatewayClientPolicyTls) SetValidation(v *VirtualGatewayTlsValida return s } +// An object that represents the virtual gateway's client's Transport Layer +// Security (TLS) certificate. +type VirtualGatewayClientTlsCertificate struct { + _ struct{} `type:"structure"` + + // An object that represents a local file certificate. The certificate must + // meet specific requirements and you must have proxy authorization enabled. + // For more information, see Transport Layer Security (TLS) (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html#virtual-node-tls-prerequisites). + File *VirtualGatewayListenerTlsFileCertificate `locationName:"file" type:"structure"` + + // A reference to an object that represents a virtual gateway's client's Secret + // Discovery Service certificate. + Sds *VirtualGatewayListenerTlsSdsCertificate `locationName:"sds" type:"structure"` +} + +// String returns the string representation +func (s VirtualGatewayClientTlsCertificate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VirtualGatewayClientTlsCertificate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VirtualGatewayClientTlsCertificate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VirtualGatewayClientTlsCertificate"} + if s.File != nil { + if err := s.File.Validate(); err != nil { + invalidParams.AddNested("File", err.(request.ErrInvalidParams)) + } + } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFile sets the File field's value. +func (s *VirtualGatewayClientTlsCertificate) SetFile(v *VirtualGatewayListenerTlsFileCertificate) *VirtualGatewayClientTlsCertificate { + s.File = v + return s +} + +// SetSds sets the Sds field's value. +func (s *VirtualGatewayClientTlsCertificate) SetSds(v *VirtualGatewayListenerTlsSdsCertificate) *VirtualGatewayClientTlsCertificate { + s.Sds = v + return s +} + // An object that represents the type of virtual gateway connection pool. // // Only one protocol is used at a time and should be the same protocol as the @@ -14208,6 +14703,10 @@ type VirtualGatewayListenerTls struct { // // Mode is a required field Mode *string `locationName:"mode" type:"string" required:"true" enum:"VirtualGatewayListenerTlsMode"` + + // A reference to an object that represents a virtual gateway's listener's Transport + // Layer Security (TLS) validation context. + Validation *VirtualGatewayListenerTlsValidationContext `locationName:"validation" type:"structure"` } // String returns the string representation @@ -14234,6 +14733,11 @@ func (s *VirtualGatewayListenerTls) Validate() error { invalidParams.AddNested("Certificate", err.(request.ErrInvalidParams)) } } + if s.Validation != nil { + if err := s.Validation.Validate(); err != nil { + invalidParams.AddNested("Validation", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -14253,6 +14757,12 @@ func (s *VirtualGatewayListenerTls) SetMode(v string) *VirtualGatewayListenerTls return s } +// SetValidation sets the Validation field's value. +func (s *VirtualGatewayListenerTls) SetValidation(v *VirtualGatewayListenerTlsValidationContext) *VirtualGatewayListenerTls { + s.Validation = v + return s +} + // An object that represents an AWS Certicate Manager (ACM) certificate. type VirtualGatewayListenerTlsAcmCertificate struct { _ struct{} `type:"structure"` @@ -14303,6 +14813,10 @@ type VirtualGatewayListenerTlsCertificate struct { // A reference to an object that represents a local file certificate. File *VirtualGatewayListenerTlsFileCertificate `locationName:"file" type:"structure"` + + // A reference to an object that represents a virtual gateway's listener's Secret + // Discovery Service certificate. + Sds *VirtualGatewayListenerTlsSdsCertificate `locationName:"sds" type:"structure"` } // String returns the string representation @@ -14328,6 +14842,11 @@ func (s *VirtualGatewayListenerTlsCertificate) Validate() error { invalidParams.AddNested("File", err.(request.ErrInvalidParams)) } } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -14347,6 +14866,12 @@ func (s *VirtualGatewayListenerTlsCertificate) SetFile(v *VirtualGatewayListener return s } +// SetSds sets the Sds field's value. +func (s *VirtualGatewayListenerTlsCertificate) SetSds(v *VirtualGatewayListenerTlsSdsCertificate) *VirtualGatewayListenerTlsCertificate { + s.Sds = v + return s +} + // An object that represents a local file certificate. The certificate must // meet specific requirements and you must have proxy authorization enabled. // For more information, see Transport Layer Security (TLS) (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html#virtual-node-tls-prerequisites). @@ -14409,6 +14934,167 @@ func (s *VirtualGatewayListenerTlsFileCertificate) SetPrivateKey(v string) *Virt return s } +// An object that represents the virtual gateway's listener's Secret Discovery +// Service certificate.The proxy must be configured with a local SDS provider +// via a Unix Domain Socket. See App Mesh TLS documentation (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html) +// for more info. +type VirtualGatewayListenerTlsSdsCertificate struct { + _ struct{} `type:"structure"` + + // A reference to an object that represents the name of the secret secret requested + // from the Secret Discovery Service provider representing Transport Layer Security + // (TLS) materials like a certificate or certificate chain. + // + // SecretName is a required field + SecretName *string `locationName:"secretName" type:"string" required:"true"` +} + +// String returns the string representation +func (s VirtualGatewayListenerTlsSdsCertificate) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VirtualGatewayListenerTlsSdsCertificate) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VirtualGatewayListenerTlsSdsCertificate) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VirtualGatewayListenerTlsSdsCertificate"} + if s.SecretName == nil { + invalidParams.Add(request.NewErrParamRequired("SecretName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretName sets the SecretName field's value. +func (s *VirtualGatewayListenerTlsSdsCertificate) SetSecretName(v string) *VirtualGatewayListenerTlsSdsCertificate { + s.SecretName = &v + return s +} + +// An object that represents a virtual gateway's listener's Transport Layer +// Security (TLS) validation context. +type VirtualGatewayListenerTlsValidationContext struct { + _ struct{} `type:"structure"` + + // A reference to an object that represents the SANs for a virtual gateway listener's + // Transport Layer Security (TLS) validation context. + SubjectAlternativeNames *SubjectAlternativeNames `locationName:"subjectAlternativeNames" type:"structure"` + + // A reference to where to retrieve the trust chain when validating a peer’s + // Transport Layer Security (TLS) certificate. + // + // Trust is a required field + Trust *VirtualGatewayListenerTlsValidationContextTrust `locationName:"trust" type:"structure" required:"true"` +} + +// String returns the string representation +func (s VirtualGatewayListenerTlsValidationContext) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VirtualGatewayListenerTlsValidationContext) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VirtualGatewayListenerTlsValidationContext) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VirtualGatewayListenerTlsValidationContext"} + if s.Trust == nil { + invalidParams.Add(request.NewErrParamRequired("Trust")) + } + if s.SubjectAlternativeNames != nil { + if err := s.SubjectAlternativeNames.Validate(); err != nil { + invalidParams.AddNested("SubjectAlternativeNames", err.(request.ErrInvalidParams)) + } + } + if s.Trust != nil { + if err := s.Trust.Validate(); err != nil { + invalidParams.AddNested("Trust", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. +func (s *VirtualGatewayListenerTlsValidationContext) SetSubjectAlternativeNames(v *SubjectAlternativeNames) *VirtualGatewayListenerTlsValidationContext { + s.SubjectAlternativeNames = v + return s +} + +// SetTrust sets the Trust field's value. +func (s *VirtualGatewayListenerTlsValidationContext) SetTrust(v *VirtualGatewayListenerTlsValidationContextTrust) *VirtualGatewayListenerTlsValidationContext { + s.Trust = v + return s +} + +// An object that represents a virtual gateway's listener's Transport Layer +// Security (TLS) validation context trust. +type VirtualGatewayListenerTlsValidationContextTrust struct { + _ struct{} `type:"structure"` + + // An object that represents a Transport Layer Security (TLS) validation context + // trust for a local file. + File *VirtualGatewayTlsValidationContextFileTrust `locationName:"file" type:"structure"` + + // A reference to an object that represents a virtual gateway's listener's Transport + // Layer Security (TLS) Secret Discovery Service validation context trust. + Sds *VirtualGatewayTlsValidationContextSdsTrust `locationName:"sds" type:"structure"` +} + +// String returns the string representation +func (s VirtualGatewayListenerTlsValidationContextTrust) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VirtualGatewayListenerTlsValidationContextTrust) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VirtualGatewayListenerTlsValidationContextTrust) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VirtualGatewayListenerTlsValidationContextTrust"} + if s.File != nil { + if err := s.File.Validate(); err != nil { + invalidParams.AddNested("File", err.(request.ErrInvalidParams)) + } + } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetFile sets the File field's value. +func (s *VirtualGatewayListenerTlsValidationContextTrust) SetFile(v *VirtualGatewayTlsValidationContextFileTrust) *VirtualGatewayListenerTlsValidationContextTrust { + s.File = v + return s +} + +// SetSds sets the Sds field's value. +func (s *VirtualGatewayListenerTlsValidationContextTrust) SetSds(v *VirtualGatewayTlsValidationContextSdsTrust) *VirtualGatewayListenerTlsValidationContextTrust { + s.Sds = v + return s +} + // An object that represents logging information. type VirtualGatewayLogging struct { _ struct{} `type:"structure"` @@ -14722,7 +15408,12 @@ func (s *VirtualGatewayStatus) SetStatus(v string) *VirtualGatewayStatus { type VirtualGatewayTlsValidationContext struct { _ struct{} `type:"structure"` - // A reference to an object that represents a TLS validation context trust. + // A reference to an object that represents the SANs for a virtual gateway's + // listener's Transport Layer Security (TLS) validation context. + SubjectAlternativeNames *SubjectAlternativeNames `locationName:"subjectAlternativeNames" type:"structure"` + + // A reference to where to retrieve the trust chain when validating a peer’s + // Transport Layer Security (TLS) certificate. // // Trust is a required field Trust *VirtualGatewayTlsValidationContextTrust `locationName:"trust" type:"structure" required:"true"` @@ -14744,6 +15435,11 @@ func (s *VirtualGatewayTlsValidationContext) Validate() error { if s.Trust == nil { invalidParams.Add(request.NewErrParamRequired("Trust")) } + if s.SubjectAlternativeNames != nil { + if err := s.SubjectAlternativeNames.Validate(); err != nil { + invalidParams.AddNested("SubjectAlternativeNames", err.(request.ErrInvalidParams)) + } + } if s.Trust != nil { if err := s.Trust.Validate(); err != nil { invalidParams.AddNested("Trust", err.(request.ErrInvalidParams)) @@ -14756,14 +15452,20 @@ func (s *VirtualGatewayTlsValidationContext) Validate() error { return nil } +// SetSubjectAlternativeNames sets the SubjectAlternativeNames field's value. +func (s *VirtualGatewayTlsValidationContext) SetSubjectAlternativeNames(v *SubjectAlternativeNames) *VirtualGatewayTlsValidationContext { + s.SubjectAlternativeNames = v + return s +} + // SetTrust sets the Trust field's value. func (s *VirtualGatewayTlsValidationContext) SetTrust(v *VirtualGatewayTlsValidationContextTrust) *VirtualGatewayTlsValidationContext { s.Trust = v return s } -// An object that represents a TLS validation context trust for an AWS Certicate -// Manager (ACM) certificate. +// An object that represents a Transport Layer Security (TLS) validation context +// trust for an AWS Certicate Manager (ACM) certificate. type VirtualGatewayTlsValidationContextAcmTrust struct { _ struct{} `type:"structure"` @@ -14849,17 +15551,67 @@ func (s *VirtualGatewayTlsValidationContextFileTrust) SetCertificateChain(v stri return s } +// An object that represents a virtual gateway's listener's Transport Layer +// Security (TLS) Secret Discovery Service validation context trust. The proxy +// must be configured with a local SDS provider via a Unix Domain Socket. See +// App Mesh TLS documentation (https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html) +// for more info. +type VirtualGatewayTlsValidationContextSdsTrust struct { + _ struct{} `type:"structure"` + + // A reference to an object that represents the name of the secret for a virtual + // gateway's Transport Layer Security (TLS) Secret Discovery Service validation + // context trust. + // + // SecretName is a required field + SecretName *string `locationName:"secretName" type:"string" required:"true"` +} + +// String returns the string representation +func (s VirtualGatewayTlsValidationContextSdsTrust) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s VirtualGatewayTlsValidationContextSdsTrust) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *VirtualGatewayTlsValidationContextSdsTrust) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "VirtualGatewayTlsValidationContextSdsTrust"} + if s.SecretName == nil { + invalidParams.Add(request.NewErrParamRequired("SecretName")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSecretName sets the SecretName field's value. +func (s *VirtualGatewayTlsValidationContextSdsTrust) SetSecretName(v string) *VirtualGatewayTlsValidationContextSdsTrust { + s.SecretName = &v + return s +} + // An object that represents a Transport Layer Security (TLS) validation context // trust. type VirtualGatewayTlsValidationContextTrust struct { _ struct{} `type:"structure"` - // A reference to an object that represents a TLS validation context trust for - // an AWS Certicate Manager (ACM) certificate. + // A reference to an object that represents a Transport Layer Security (TLS) + // validation context trust for an AWS Certicate Manager (ACM) certificate. Acm *VirtualGatewayTlsValidationContextAcmTrust `locationName:"acm" type:"structure"` - // An object that represents a TLS validation context trust for a local file. + // An object that represents a Transport Layer Security (TLS) validation context + // trust for a local file. File *VirtualGatewayTlsValidationContextFileTrust `locationName:"file" type:"structure"` + + // A reference to an object that represents a virtual gateway's Transport Layer + // Security (TLS) Secret Discovery Service validation context trust. + Sds *VirtualGatewayTlsValidationContextSdsTrust `locationName:"sds" type:"structure"` } // String returns the string representation @@ -14885,6 +15637,11 @@ func (s *VirtualGatewayTlsValidationContextTrust) Validate() error { invalidParams.AddNested("File", err.(request.ErrInvalidParams)) } } + if s.Sds != nil { + if err := s.Sds.Validate(); err != nil { + invalidParams.AddNested("Sds", err.(request.ErrInvalidParams)) + } + } if invalidParams.Len() > 0 { return invalidParams @@ -14904,6 +15661,12 @@ func (s *VirtualGatewayTlsValidationContextTrust) SetFile(v *VirtualGatewayTlsVa return s } +// SetSds sets the Sds field's value. +func (s *VirtualGatewayTlsValidationContextTrust) SetSds(v *VirtualGatewayTlsValidationContextSdsTrust) *VirtualGatewayTlsValidationContextTrust { + s.Sds = v + return s +} + // An object that represents the type of virtual node connection pool. // // Only one protocol is used at a time and should be the same protocol as the diff --git a/service/iotwireless/api.go b/service/iotwireless/api.go index c4f8b6c03ed..3b734e21412 100644 --- a/service/iotwireless/api.go +++ b/service/iotwireless/api.go @@ -7728,6 +7728,10 @@ type GetWirelessGatewayCertificateOutput struct { // The ID of the certificate associated with the wireless gateway. IotCertificateId *string `min:"1" type:"string"` + + // The ID of the certificate associated with the wireless gateway and used for + // LoRaWANNetworkServer endpoint. + LoRaWANNetworkServerCertificateId *string `min:"1" type:"string"` } // String returns the string representation @@ -7746,6 +7750,12 @@ func (s *GetWirelessGatewayCertificateOutput) SetIotCertificateId(v string) *Get return s } +// SetLoRaWANNetworkServerCertificateId sets the LoRaWANNetworkServerCertificateId field's value. +func (s *GetWirelessGatewayCertificateOutput) SetLoRaWANNetworkServerCertificateId(v string) *GetWirelessGatewayCertificateOutput { + s.LoRaWANNetworkServerCertificateId = &v + return s +} + type GetWirelessGatewayFirmwareInformationInput struct { _ struct{} `type:"structure"` @@ -9906,8 +9916,7 @@ type SendDataToWirelessDeviceInput struct { PayloadData *string `type:"string" required:"true"` // The transmit mode to use to send data to the wireless device. Can be: 0 for - // UM (unacknowledge mode), 1 for AM (acknowledge mode), or 2 for (TM) transparent - // mode. + // UM (unacknowledge mode) or 1 for AM (acknowledge mode). // // TransmitMode is a required field TransmitMode *int64 `type:"integer" required:"true"` @@ -10179,7 +10188,7 @@ type SidewalkAccountInfoWithFingerprint struct { // The Sidewalk Amazon ID. AmazonId *string `type:"string"` - // Fingerprint for Sidewalk application server private key. + // The fingerprint of the Sidewalk application server private key. Fingerprint *string `min:"64" type:"string" sensitive:"true"` } @@ -11378,12 +11387,16 @@ func (s *WirelessMetadata) SetSidewalk(v *SidewalkSendDataToDevice) *WirelessMet const ( // ExpressionTypeRuleName is a ExpressionType enum value ExpressionTypeRuleName = "RuleName" + + // ExpressionTypeMqttTopic is a ExpressionType enum value + ExpressionTypeMqttTopic = "MqttTopic" ) // ExpressionType_Values returns all elements of the ExpressionType enum func ExpressionType_Values() []string { return []string{ ExpressionTypeRuleName, + ExpressionTypeMqttTopic, } } diff --git a/service/locationservice/api.go b/service/locationservice/api.go index 9e4f89a26fb..d15eca6fd2e 100644 --- a/service/locationservice/api.go +++ b/service/locationservice/api.go @@ -8211,9 +8211,8 @@ type MapConfiguration struct { // Specifies the map style selected from an available data provider. // - // Valid styles: VectorEsriLightGrayCanvas, VectorEsriLight, VectorEsriStreets, - // VectorEsriNavigation, VectorEsriDarkGrayCanvas, VectorEsriLightGrayCanvas, - // VectorHereBerlin + // Valid styles: VectorEsriStreets, VectorEsriTopographic, VectorEsriNavigation, + // VectorEsriDarkGrayCanvas, VectorEsriLightGrayCanvas, VectorHereBerlin. // // When using HERE as your data provider, and selecting the Style VectorHereBerlin, // you may not use HERE Maps for Asset Management. See the AWS Service Terms diff --git a/service/lookoutforvision/api.go b/service/lookoutforvision/api.go index 9c2a060f222..2bf44fd52af 100644 --- a/service/lookoutforvision/api.go +++ b/service/lookoutforvision/api.go @@ -65,7 +65,10 @@ func (c *LookoutForVision) CreateDatasetRequest(input *CreateDatasetInput) (req // // To have a project with separate training and test datasets, call CreateDataset // twice. On the first call, specify train for the value of DatasetType. On -// the second call, specify test for the value of DatasetType. of dataset with +// the second call, specify test for the value of DatasetType. +// +// This operation requires permissions to perform the lookoutvision:CreateDataset +// operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -181,6 +184,10 @@ func (c *LookoutForVision) CreateModelRequest(input *CreateModelInput) (req *req // After training completes, the evaluation metrics are stored at the location // specified in OutputConfig. // +// This operation requires permissions to perform the lookoutvision:CreateModel +// operation. If you want to tag your model, you also require permission to +// the lookoutvision:TagResource operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -283,6 +290,9 @@ func (c *LookoutForVision) CreateProjectRequest(input *CreateProjectInput) (req // Creates an empty Amazon Lookout for Vision project. After you create the // project, add a dataset by calling CreateDataset. // +// This operation requires permissions to perform the lookoutvision:CreateProject +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -400,6 +410,9 @@ func (c *LookoutForVision) DeleteDatasetRequest(input *DeleteDatasetInput) (req // It might take a while to delete the dataset. To check the current status, // check the Status field in the response from a call to DescribeDataset. // +// This operation requires permissions to perform the lookoutvision:DeleteDataset +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -497,6 +510,9 @@ func (c *LookoutForVision) DeleteModelRequest(input *DeleteModelInput) (req *req // Deletes an Amazon Lookout for Vision model. You can't delete a running model. // To stop a running model, use the StopModel operation. // +// This operation requires permissions to perform the lookoutvision:DeleteModel +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -596,8 +612,12 @@ func (c *LookoutForVision) DeleteProjectRequest(input *DeleteProjectInput) (req // To delete a project, you must first delete each version of the model associated // with the project. To delete a model use the DeleteModel operation. // -// The training and test datasets are deleted automatically for you. The images -// referenced by the training and test datasets aren't deleted. +// You also have to delete the dataset(s) associated with the model. For more +// information, see DeleteDataset. The images referenced by the training and +// test datasets aren't deleted. +// +// This operation requires permissions to perform the lookoutvision:DeleteProject +// operation. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -695,6 +715,9 @@ func (c *LookoutForVision) DescribeDatasetRequest(input *DescribeDatasetInput) ( // // Describe an Amazon Lookout for Vision dataset. // +// This operation requires permissions to perform the lookoutvision:DescribeDataset +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -791,6 +814,9 @@ func (c *LookoutForVision) DescribeModelRequest(input *DescribeModelInput) (req // // Describes a version of an Amazon Lookout for Vision model. // +// This operation requires permissions to perform the lookoutvision:DescribeModel +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -887,6 +913,9 @@ func (c *LookoutForVision) DescribeProjectRequest(input *DescribeProjectInput) ( // // Describes an Amazon Lookout for Vision project. // +// This operation requires permissions to perform the lookoutvision:DescribeProject +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -992,6 +1021,9 @@ func (c *LookoutForVision) DetectAnomaliesRequest(input *DetectAnomaliesInput) ( // model uses. If you are not using a model, use the StopModel operation to // stop your model. // +// This operation requires permissions to perform the lookoutvision:DetectAnomalies +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1096,6 +1128,9 @@ func (c *LookoutForVision) ListDatasetEntriesRequest(input *ListDatasetEntriesIn // Line contains the anomaly information for a single image, including the image // location and the assigned label. // +// This operation requires permissions to perform the lookoutvision:ListDatasetEntries +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1250,6 +1285,9 @@ func (c *LookoutForVision) ListModelsRequest(input *ListModelsInput) (req *reque // // Lists the versions of a model in an Amazon Lookout for Vision project. // +// This operation requires permissions to perform the lookoutvision:ListModels +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1404,6 +1442,9 @@ func (c *LookoutForVision) ListProjectsRequest(input *ListProjectsInput) (req *r // // Lists the Amazon Lookout for Vision projects in your AWS account. // +// This operation requires permissions to perform the lookoutvision:ListProjects +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1506,6 +1547,106 @@ func (c *LookoutForVision) ListProjectsPagesWithContext(ctx aws.Context, input * return p.Err() } +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lookoutvision-2020-11-20/ListTagsForResource +func (c *LookoutForVision) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "GET", + HTTPPath: "/2020-11-20/tags/{resourceArn}", + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for Amazon Lookout for Vision. +// +// Returns a list of tags attached to the specified Amazon Lookout for Vision +// model. +// +// This operation requires permissions to perform the lookoutvision:ListTagsForResource +// operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Lookout for Vision's +// API operation ListTagsForResource for usage and error information. +// +// Returned Error Types: +// * AccessDeniedException +// You are not authorized to perform the action. +// +// * InternalServerException +// Amazon Lookout for Vision experienced a service issue. Try your call again. +// +// * ValidationException +// An input validation error occured. For example, invalid characters in a project +// name, or if a pagination token is invalid. +// +// * ConflictException +// The update or deletion of a resource caused an inconsistent state. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * ThrottlingException +// Amazon Lookout for Vision is temporarily unable to process the request. Try +// your call again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lookoutvision-2020-11-20/ListTagsForResource +func (c *LookoutForVision) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + return out, req.Send() +} + +// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsForResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LookoutForVision) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opStartModel = "StartModel" // StartModelRequest generates a "aws/request.Request" representing the @@ -1560,6 +1701,9 @@ func (c *LookoutForVision) StartModelRequest(input *StartModelInput) (req *reque // You are charged for the amount of time that the model is running. To stop // a running model, call StopModel. // +// This operation requires permissions to perform the lookoutvision:StartModel +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1662,6 +1806,9 @@ func (c *LookoutForVision) StopModelRequest(input *StopModelInput) (req *request // Stops a running model. The operation might take a while to complete. To check // the current status, call DescribeModel. // +// This operation requires permissions to perform the lookoutvision:StopModel +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1712,6 +1859,215 @@ func (c *LookoutForVision) StopModelWithContext(ctx aws.Context, input *StopMode return out, req.Send() } +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lookoutvision-2020-11-20/TagResource +func (c *LookoutForVision) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/2020-11-20/tags/{resourceArn}", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for Amazon Lookout for Vision. +// +// Adds one or more key-value tags to an Amazon Lookout for Vision model. For +// more information, see Tagging a model in the Amazon Lookout for Vision Developer +// Guide. +// +// This operation requires permissions to perform the lookoutvision:TagResource +// operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Lookout for Vision's +// API operation TagResource for usage and error information. +// +// Returned Error Types: +// * AccessDeniedException +// You are not authorized to perform the action. +// +// * InternalServerException +// Amazon Lookout for Vision experienced a service issue. Try your call again. +// +// * ValidationException +// An input validation error occured. For example, invalid characters in a project +// name, or if a pagination token is invalid. +// +// * ConflictException +// The update or deletion of a resource caused an inconsistent state. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * ThrottlingException +// Amazon Lookout for Vision is temporarily unable to process the request. Try +// your call again. +// +// * ServiceQuotaExceededException +// A service quota was exceeded the allowed limit. For more information, see +// Limits in Amazon Lookout for Vision in the Amazon Lookout for Vision Developer +// Guide. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lookoutvision-2020-11-20/TagResource +func (c *LookoutForVision) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LookoutForVision) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lookoutvision-2020-11-20/UntagResource +func (c *LookoutForVision) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "DELETE", + HTTPPath: "/2020-11-20/tags/{resourceArn}", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for Amazon Lookout for Vision. +// +// Removes one or more tags from an Amazon Lookout for Vision model. For more +// information, see Tagging a model in the Amazon Lookout for Vision Developer +// Guide. +// +// This operation requires permissions to perform the lookoutvision:UntagResource +// operation. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon Lookout for Vision's +// API operation UntagResource for usage and error information. +// +// Returned Error Types: +// * AccessDeniedException +// You are not authorized to perform the action. +// +// * InternalServerException +// Amazon Lookout for Vision experienced a service issue. Try your call again. +// +// * ValidationException +// An input validation error occured. For example, invalid characters in a project +// name, or if a pagination token is invalid. +// +// * ConflictException +// The update or deletion of a resource caused an inconsistent state. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * ThrottlingException +// Amazon Lookout for Vision is temporarily unable to process the request. Try +// your call again. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/lookoutvision-2020-11-20/UntagResource +func (c *LookoutForVision) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *LookoutForVision) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUpdateDatasetEntries = "UpdateDatasetEntries" // UpdateDatasetEntriesRequest generates a "aws/request.Request" representing the @@ -1763,6 +2119,9 @@ func (c *LookoutForVision) UpdateDatasetEntriesRequest(input *UpdateDatasetEntri // Updating a dataset might take a while to complete. To check the current status, // call DescribeDataset and check the Status field in the response. // +// This operation requires permissions to perform the lookoutvision:UpdateDatasetEntries +// operation. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2073,7 +2432,7 @@ type CreateModelInput struct { ClientToken *string `location:"header" locationName:"X-Amzn-Client-Token" min:"1" type:"string" idempotencyToken:"true"` // A description for the version of the model. - Description *ModelDescription `type:"structure"` + Description *string `min:"1" type:"string"` // The identifier of the AWS Key Management Service (AWS KMS) customer master // key (CMK) to use for encypting the model. If this parameter is not specified, @@ -2089,6 +2448,9 @@ type CreateModelInput struct { // // ProjectName is a required field ProjectName *string `location:"uri" locationName:"projectName" min:"1" type:"string" required:"true"` + + // A set of tags (key-value pairs) that you want to attach to the model. + Tags []*Tag `type:"list"` } // String returns the string representation @@ -2107,6 +2469,9 @@ func (s *CreateModelInput) Validate() error { if s.ClientToken != nil && len(*s.ClientToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1)) } + if s.Description != nil && len(*s.Description) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Description", 1)) + } if s.KmsKeyId != nil && len(*s.KmsKeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KmsKeyId", 1)) } @@ -2119,16 +2484,21 @@ func (s *CreateModelInput) Validate() error { if s.ProjectName != nil && len(*s.ProjectName) < 1 { invalidParams.Add(request.NewErrParamMinLen("ProjectName", 1)) } - if s.Description != nil { - if err := s.Description.Validate(); err != nil { - invalidParams.AddNested("Description", err.(request.ErrInvalidParams)) - } - } if s.OutputConfig != nil { if err := s.OutputConfig.Validate(); err != nil { invalidParams.AddNested("OutputConfig", err.(request.ErrInvalidParams)) } } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -2143,8 +2513,8 @@ func (s *CreateModelInput) SetClientToken(v string) *CreateModelInput { } // SetDescription sets the Description field's value. -func (s *CreateModelInput) SetDescription(v *ModelDescription) *CreateModelInput { - s.Description = v +func (s *CreateModelInput) SetDescription(v string) *CreateModelInput { + s.Description = &v return s } @@ -2166,6 +2536,12 @@ func (s *CreateModelInput) SetProjectName(v string) *CreateModelInput { return s } +// SetTags sets the Tags field's value. +func (s *CreateModelInput) SetTags(v []*Tag) *CreateModelInput { + s.Tags = v + return s +} + type CreateModelOutput struct { _ struct{} `type:"structure"` @@ -2202,7 +2578,7 @@ type CreateProjectInput struct { // token is active for 8 hours. ClientToken *string `location:"header" locationName:"X-Amzn-Client-Token" min:"1" type:"string" idempotencyToken:"true"` - // S nsme for the project. + // The name for the project. // // ProjectName is a required field ProjectName *string `min:"1" type:"string" required:"true"` @@ -3708,6 +4084,70 @@ func (s *ListProjectsOutput) SetProjects(v []*ProjectMetadata) *ListProjectsOutp return s } +type ListTagsForResourceInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the model for which you want to list tags. + // + // ResourceArn is a required field + ResourceArn *string `location:"uri" locationName:"resourceArn" min:"1" type:"string" required:"true"` +} + +// String returns the string representation +func (s ListTagsForResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListTagsForResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput { + s.ResourceArn = &v + return s +} + +type ListTagsForResourceOutput struct { + _ struct{} `type:"structure"` + + // A map of tag keys and values attached to the specified model. + Tags []*Tag `type:"list"` +} + +// String returns the string representation +func (s ListTagsForResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s ListTagsForResourceOutput) GoString() string { + return s.String() +} + +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { + s.Tags = v + return s +} + // Describes an Amazon Lookout for Vision model. type ModelDescription struct { _ struct{} `type:"structure"` @@ -3761,40 +4201,6 @@ func (s ModelDescription) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *ModelDescription) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "ModelDescription"} - if s.Description != nil && len(*s.Description) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Description", 1)) - } - if s.KmsKeyId != nil && len(*s.KmsKeyId) < 1 { - invalidParams.Add(request.NewErrParamMinLen("KmsKeyId", 1)) - } - if s.ModelVersion != nil && len(*s.ModelVersion) < 1 { - invalidParams.Add(request.NewErrParamMinLen("ModelVersion", 1)) - } - if s.EvaluationManifest != nil { - if err := s.EvaluationManifest.Validate(); err != nil { - invalidParams.AddNested("EvaluationManifest", err.(request.ErrInvalidParams)) - } - } - if s.EvaluationResult != nil { - if err := s.EvaluationResult.Validate(); err != nil { - invalidParams.AddNested("EvaluationResult", err.(request.ErrInvalidParams)) - } - } - if s.OutputConfig != nil { - if err := s.OutputConfig.Validate(); err != nil { - invalidParams.AddNested("OutputConfig", err.(request.ErrInvalidParams)) - } - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetCreationTimestamp sets the CreationTimestamp field's value. func (s *ModelDescription) SetCreationTimestamp(v time.Time) *ModelDescription { s.CreationTimestamp = &v @@ -3883,7 +4289,8 @@ type ModelMetadata struct { // The version of the model. ModelVersion *string `min:"1" type:"string"` - // Performance metrics for the model. Created during training. + // Performance metrics for the model. Not available until training has successfully + // completed. Performance *ModelPerformance `type:"structure"` // The status of the model. @@ -4056,28 +4463,6 @@ func (s OutputS3Object) GoString() string { return s.String() } -// Validate inspects the fields of the type to determine if they are valid. -func (s *OutputS3Object) Validate() error { - invalidParams := request.ErrInvalidParams{Context: "OutputS3Object"} - if s.Bucket == nil { - invalidParams.Add(request.NewErrParamRequired("Bucket")) - } - if s.Bucket != nil && len(*s.Bucket) < 3 { - invalidParams.Add(request.NewErrParamMinLen("Bucket", 3)) - } - if s.Key == nil { - invalidParams.Add(request.NewErrParamRequired("Key")) - } - if s.Key != nil && len(*s.Key) < 1 { - invalidParams.Add(request.NewErrParamMinLen("Key", 1)) - } - - if invalidParams.Len() > 0 { - return invalidParams - } - return nil -} - // SetBucket sets the Bucket field's value. func (s *OutputS3Object) SetBucket(v string) *OutputS3Object { s.Bucket = &v @@ -4595,6 +4980,142 @@ func (s *StopModelOutput) SetStatus(v string) *StopModelOutput { return s } +// A key and value pair that is attached to the specified Amazon Lookout for +// Vision model. +type Tag struct { + _ struct{} `type:"structure"` + + // The key of the tag that is attached to the specified model. + // + // Key is a required field + Key *string `min:"1" type:"string" required:"true"` + + // The value of the tag that is attached to the specified model. + // + // Value is a required field + Value *string `type:"string" required:"true"` +} + +// String returns the string representation +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.Key == nil { + invalidParams.Add(request.NewErrParamRequired("Key")) + } + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + if s.Value == nil { + invalidParams.Add(request.NewErrParamRequired("Value")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Tag) SetKey(v string) *Tag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *Tag) SetValue(v string) *Tag { + s.Value = &v + return s +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the model to assign the tags. + // + // ResourceArn is a required field + ResourceArn *string `location:"uri" locationName:"resourceArn" min:"1" type:"string" required:"true"` + + // The key-value tags to assign to the model. + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` +} + +// String returns the string representation +func (s TagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput { + s.ResourceArn = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v + return s +} + +type TagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s TagResourceOutput) GoString() string { + return s.String() +} + // Amazon Lookout for Vision is temporarily unable to process the request. Try // your call again. type ThrottlingException struct { @@ -4661,6 +5182,76 @@ func (s *ThrottlingException) RequestID() string { return s.RespMetadata.RequestID } +type UntagResourceInput struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the model from which you want to remove + // tags. + // + // ResourceArn is a required field + ResourceArn *string `location:"uri" locationName:"resourceArn" min:"1" type:"string" required:"true"` + + // A list of the keys of the tags that you want to remove. + // + // TagKeys is a required field + TagKeys []*string `location:"querystring" locationName:"tagKeys" type:"list" required:"true"` +} + +// String returns the string representation +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput { + s.ResourceArn = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s UntagResourceOutput) GoString() string { + return s.String() +} + type UpdateDatasetEntriesInput struct { _ struct{} `type:"structure"` diff --git a/service/lookoutforvision/lookoutforvisioniface/interface.go b/service/lookoutforvision/lookoutforvisioniface/interface.go index 53e1068955b..723283a1319 100644 --- a/service/lookoutforvision/lookoutforvisioniface/interface.go +++ b/service/lookoutforvision/lookoutforvisioniface/interface.go @@ -121,6 +121,10 @@ type LookoutForVisionAPI interface { ListProjectsPages(*lookoutforvision.ListProjectsInput, func(*lookoutforvision.ListProjectsOutput, bool) bool) error ListProjectsPagesWithContext(aws.Context, *lookoutforvision.ListProjectsInput, func(*lookoutforvision.ListProjectsOutput, bool) bool, ...request.Option) error + ListTagsForResource(*lookoutforvision.ListTagsForResourceInput) (*lookoutforvision.ListTagsForResourceOutput, error) + ListTagsForResourceWithContext(aws.Context, *lookoutforvision.ListTagsForResourceInput, ...request.Option) (*lookoutforvision.ListTagsForResourceOutput, error) + ListTagsForResourceRequest(*lookoutforvision.ListTagsForResourceInput) (*request.Request, *lookoutforvision.ListTagsForResourceOutput) + StartModel(*lookoutforvision.StartModelInput) (*lookoutforvision.StartModelOutput, error) StartModelWithContext(aws.Context, *lookoutforvision.StartModelInput, ...request.Option) (*lookoutforvision.StartModelOutput, error) StartModelRequest(*lookoutforvision.StartModelInput) (*request.Request, *lookoutforvision.StartModelOutput) @@ -129,6 +133,14 @@ type LookoutForVisionAPI interface { StopModelWithContext(aws.Context, *lookoutforvision.StopModelInput, ...request.Option) (*lookoutforvision.StopModelOutput, error) StopModelRequest(*lookoutforvision.StopModelInput) (*request.Request, *lookoutforvision.StopModelOutput) + TagResource(*lookoutforvision.TagResourceInput) (*lookoutforvision.TagResourceOutput, error) + TagResourceWithContext(aws.Context, *lookoutforvision.TagResourceInput, ...request.Option) (*lookoutforvision.TagResourceOutput, error) + TagResourceRequest(*lookoutforvision.TagResourceInput) (*request.Request, *lookoutforvision.TagResourceOutput) + + UntagResource(*lookoutforvision.UntagResourceInput) (*lookoutforvision.UntagResourceOutput, error) + UntagResourceWithContext(aws.Context, *lookoutforvision.UntagResourceInput, ...request.Option) (*lookoutforvision.UntagResourceOutput, error) + UntagResourceRequest(*lookoutforvision.UntagResourceInput) (*request.Request, *lookoutforvision.UntagResourceOutput) + UpdateDatasetEntries(*lookoutforvision.UpdateDatasetEntriesInput) (*lookoutforvision.UpdateDatasetEntriesOutput, error) UpdateDatasetEntriesWithContext(aws.Context, *lookoutforvision.UpdateDatasetEntriesInput, ...request.Option) (*lookoutforvision.UpdateDatasetEntriesOutput, error) UpdateDatasetEntriesRequest(*lookoutforvision.UpdateDatasetEntriesInput) (*request.Request, *lookoutforvision.UpdateDatasetEntriesOutput) diff --git a/service/medialive/api.go b/service/medialive/api.go index 6e2ab19eb09..c0dd9c03217 100644 --- a/service/medialive/api.go +++ b/service/medialive/api.go @@ -13473,6 +13473,21 @@ func (s *FrameCaptureGroupSettings) SetDestination(v *OutputLocationRef) *FrameC return s } +// Frame Capture Hls Settings +type FrameCaptureHlsSettings struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s FrameCaptureHlsSettings) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s FrameCaptureHlsSettings) GoString() string { + return s.String() +} + // Frame Capture Output Settings type FrameCaptureOutputSettings struct { _ struct{} `type:"structure"` @@ -13504,9 +13519,7 @@ type FrameCaptureSettings struct { // The frequency at which to capture frames for inclusion in the output. May // be specified in either seconds or milliseconds, as specified by captureIntervalUnits. - // - // CaptureInterval is a required field - CaptureInterval *int64 `locationName:"captureInterval" min:"1" type:"integer" required:"true"` + CaptureInterval *int64 `locationName:"captureInterval" min:"1" type:"integer"` // Unit for the frame capture interval. CaptureIntervalUnits *string `locationName:"captureIntervalUnits" type:"string" enum:"FrameCaptureIntervalUnit"` @@ -13525,9 +13538,6 @@ func (s FrameCaptureSettings) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *FrameCaptureSettings) Validate() error { invalidParams := request.ErrInvalidParams{Context: "FrameCaptureSettings"} - if s.CaptureInterval == nil { - invalidParams.Add(request.NewErrParamRequired("CaptureInterval")) - } if s.CaptureInterval != nil && *s.CaptureInterval < 1 { invalidParams.Add(request.NewErrParamMinValue("CaptureInterval", 1)) } @@ -15710,6 +15720,9 @@ type HlsSettings struct { // Fmp4 Hls Settings Fmp4HlsSettings *Fmp4HlsSettings `locationName:"fmp4HlsSettings" type:"structure"` + // Frame Capture Hls Settings + FrameCaptureHlsSettings *FrameCaptureHlsSettings `locationName:"frameCaptureHlsSettings" type:"structure"` + // Standard Hls Settings StandardHlsSettings *StandardHlsSettings `locationName:"standardHlsSettings" type:"structure"` } @@ -15756,6 +15769,12 @@ func (s *HlsSettings) SetFmp4HlsSettings(v *Fmp4HlsSettings) *HlsSettings { return s } +// SetFrameCaptureHlsSettings sets the FrameCaptureHlsSettings field's value. +func (s *HlsSettings) SetFrameCaptureHlsSettings(v *FrameCaptureHlsSettings) *HlsSettings { + s.FrameCaptureHlsSettings = v + return s +} + // SetStandardHlsSettings sets the StandardHlsSettings field's value. func (s *HlsSettings) SetStandardHlsSettings(v *StandardHlsSettings) *HlsSettings { s.StandardHlsSettings = v diff --git a/service/organizations/api.go b/service/organizations/api.go index ea19d416905..174527bf82f 100644 --- a/service/organizations/api.go +++ b/service/organizations/api.go @@ -3485,7 +3485,7 @@ func (c *Organizations) DeregisterDelegatedAdministratorRequest(input *Deregiste // You can run this action only for AWS services that support this feature. // For a current list of services that support it, see the column Supports Delegated // Administrator in the table at AWS Services that you can use with AWS Organizations -// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html) +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) // in the AWS Organizations User Guide. // // This operation can be called only from the organization's management account. @@ -5540,18 +5540,46 @@ func (c *Organizations) DisableAWSServiceAccessRequest(input *DisableAWSServiceA // can still perform operations in older accounts until the service completes // its clean-up from AWS Organizations. // -// We recommend that you disable integration between AWS Organizations and the -// specified AWS service by using the console or commands that are provided -// by the specified service. Doing so ensures that the other service is aware -// that it can clean up any resources that are required only for the integration. -// How the service cleans up its resources in the organization's accounts depends -// on that service. For more information, see the documentation for the other -// AWS service. +// We strongly recommend that you don't use this command to disable integration +// between AWS Organizations and the specified AWS service. Instead, use the +// console or commands that are provided by the specified service. This lets +// the trusted service perform any required initialization when enabling trusted +// access, such as creating any required resources and any required clean up +// of resources when disabling trusted access. +// +// For information about how to disable trusted service access to your organization +// using the trusted service, see the Learn more link under the Supports Trusted +// Access column at AWS services that you can use with AWS Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html). +// on this page. +// +// If you disable access by using this command, it causes the following actions +// to occur: +// +// * The service can no longer create a service-linked role in the accounts +// in your organization. This means that the service can't perform operations +// on your behalf on any new accounts in your organization. The service can +// still perform operations in older accounts until the service completes +// its clean-up from AWS Organizations. +// +// * The service can no longer perform tasks in the member accounts in the +// organization, unless those operations are explicitly permitted by the +// IAM policies that are attached to your roles. This includes any data aggregation +// from the member accounts to the management account, or to a delegated +// administrator account, where relevant. +// +// * Some services detect this and clean up any remaining data or resources +// related to the integration, while other services stop accessing the organization +// but leave any historical data and configuration in place to support a +// possible re-enabling of the integration. +// +// Using the other service's console or commands to disable the integration +// ensures that the other service is aware that it can clean up any resources +// that are required only for the integration. How the service cleans up its +// resources in the organization's accounts depends on that service. For more +// information, see the documentation for the other AWS service. // // After you perform the DisableAWSServiceAccess operation, the specified service -// can no longer perform operations in your organization's accounts unless the -// operations are explicitly permitted by the IAM policies that are attached -// to your roles. +// can no longer perform operations in your organization's accounts // // For more information about integrating other services with AWS Organizations, // including the list of services that work with Organizations, see Integrating @@ -7592,6 +7620,11 @@ func (c *Organizations) LeaveOrganizationRequest(input *LeaveOrganizationInput) // when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) // in the AWS Organizations User Guide. // +// * The account that you want to leave must not be a delegated administrator +// account for any AWS service enabled for your organization. If the account +// is a delegated administrator, you must first change the delegated administrator +// account to another account that is remaining in the organization. +// // * You can leave an organization only after you enable IAM user access // to billing in your account. For more information, see Activating Access // to the Billing and Cost Management Console (http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/grantaccess.html#ControllingAccessWebsite-Activate) @@ -12480,7 +12513,7 @@ func (c *Organizations) RegisterDelegatedAdministratorRequest(input *RegisterDel // You can run this action only for AWS services that support this feature. // For a current list of services that support it, see the column Supports Delegated // Administrator in the table at AWS Services that you can use with AWS Organizations -// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrated-services-list.html) +// (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services_list.html) // in the AWS Organizations User Guide. // // This operation can be called only from the organization's management account. @@ -12838,6 +12871,11 @@ func (c *Organizations) RemoveAccountFromOrganizationRequest(input *RemoveAccoun // when all required account information has not yet been provided (http://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html#leave-without-all-info) // in the AWS Organizations User Guide. // +// * The account that you want to leave must not be a delegated administrator +// account for any AWS service enabled for your organization. If the account +// is a delegated administrator, you must first change the delegated administrator +// account to another account that is remaining in the organization. +// // * After the account leaves the organization, all tags that were attached // to the account object in the organization are deleted. AWS accounts outside // of an organization do not support tags. @@ -14569,8 +14607,8 @@ type Account struct { // The Amazon Resource Name (ARN) of the account. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // The email address associated with the AWS account. @@ -18141,8 +18179,8 @@ type Handshake struct { // The Amazon Resource Name (ARN) of a handshake. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // The date and time that the handshake expires. If the recipient of the handshake @@ -20934,8 +20972,8 @@ type Organization struct { // The Amazon Resource Name (ARN) of an organization. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // @@ -20964,8 +21002,8 @@ type Organization struct { // account for the organization. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. MasterAccountArn *string `type:"string"` // The email address that is associated with the AWS account that is designated @@ -21098,8 +21136,8 @@ type OrganizationalUnit struct { // The Amazon Resource Name (ARN) of this OU. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // The unique identifier (ID) associated with this OU. @@ -21629,8 +21667,8 @@ type PolicySummary struct { // The Amazon Resource Name (ARN) of the policy. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // A boolean value that indicates whether the specified policy is an AWS managed @@ -21713,8 +21751,8 @@ type PolicyTargetSummary struct { // The Amazon Resource Name (ARN) of the policy target. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // The friendly name of the policy target. @@ -22126,8 +22164,8 @@ type Root struct { // The Amazon Resource Name (ARN) of the root. // // For more information about ARNs in Organizations, see ARN Formats Supported - // by Organizations (https://docs.aws.amazon.com/organizations/latest/userguide/orgs_permissions.html#orgs-permissions-arns) - // in the AWS Organizations User Guide. + // by Organizations (https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsorganizations.html#awsorganizations-resources-for-iam-policies) + // in the AWS Service Authorization Reference. Arn *string `type:"string"` // The unique identifier (ID) for the root. diff --git a/service/rdsdataservice/api.go b/service/rdsdataservice/api.go index b10eeec0a7d..19e4269ebb7 100644 --- a/service/rdsdataservice/api.go +++ b/service/rdsdataservice/api.go @@ -1357,6 +1357,8 @@ type ExecuteStatementInput struct { ResultSetOptions *ResultSetOptions `locationName:"resultSetOptions" type:"structure"` // The name of the database schema. + // + // Currently, the schema parameter isn't supported. Schema *string `locationName:"schema" type:"string"` // The name or ARN of the secret that enables access to the DB cluster. @@ -2062,21 +2064,26 @@ type SqlParameter struct { // The name of the parameter. Name *string `locationName:"name" type:"string"` - // A hint that specifies the correct object type for data type mapping. + // A hint that specifies the correct object type for data type mapping. Possible + // values are as follows: // - // Values: + // * DATE - The corresponding String parameter value is sent as an object + // of DATE type to the database. The accepted format is YYYY-MM-DD. // // * DECIMAL - The corresponding String parameter value is sent as an object // of DECIMAL type to the database. // - // * TIMESTAMP - The corresponding String parameter value is sent as an object - // of TIMESTAMP type to the database. The accepted format is YYYY-MM-DD HH:MM:SS[.FFF]. + // * JSON - The corresponding String parameter value is sent as an object + // of JSON type to the database. // // * TIME - The corresponding String parameter value is sent as an object // of TIME type to the database. The accepted format is HH:MM:SS[.FFF]. // - // * DATE - The corresponding String parameter value is sent as an object - // of DATE type to the database. The accepted format is YYYY-MM-DD. + // * TIMESTAMP - The corresponding String parameter value is sent as an object + // of TIMESTAMP type to the database. The accepted format is YYYY-MM-DD HH:MM:SS[.FFF]. + // + // * UUID - The corresponding String parameter value is sent as an object + // of UUID type to the database. TypeHint *string `locationName:"typeHint" type:"string" enum:"TypeHint"` // The value of the parameter. @@ -2364,41 +2371,49 @@ func (s *Value) SetStructValue(v *StructValue) *Value { } const ( - // DecimalReturnTypeDoubleOrLong is a DecimalReturnType enum value - DecimalReturnTypeDoubleOrLong = "DOUBLE_OR_LONG" - // DecimalReturnTypeString is a DecimalReturnType enum value DecimalReturnTypeString = "STRING" + + // DecimalReturnTypeDoubleOrLong is a DecimalReturnType enum value + DecimalReturnTypeDoubleOrLong = "DOUBLE_OR_LONG" ) // DecimalReturnType_Values returns all elements of the DecimalReturnType enum func DecimalReturnType_Values() []string { return []string{ - DecimalReturnTypeDoubleOrLong, DecimalReturnTypeString, + DecimalReturnTypeDoubleOrLong, } } const ( + // TypeHintJson is a TypeHint enum value + TypeHintJson = "JSON" + + // TypeHintUuid is a TypeHint enum value + TypeHintUuid = "UUID" + + // TypeHintTimestamp is a TypeHint enum value + TypeHintTimestamp = "TIMESTAMP" + // TypeHintDate is a TypeHint enum value TypeHintDate = "DATE" - // TypeHintDecimal is a TypeHint enum value - TypeHintDecimal = "DECIMAL" - // TypeHintTime is a TypeHint enum value TypeHintTime = "TIME" - // TypeHintTimestamp is a TypeHint enum value - TypeHintTimestamp = "TIMESTAMP" + // TypeHintDecimal is a TypeHint enum value + TypeHintDecimal = "DECIMAL" ) // TypeHint_Values returns all elements of the TypeHint enum func TypeHint_Values() []string { return []string{ + TypeHintJson, + TypeHintUuid, + TypeHintTimestamp, TypeHintDate, - TypeHintDecimal, TypeHintTime, - TypeHintTimestamp, + TypeHintDecimal, } } diff --git a/service/rdsdataservice/doc.go b/service/rdsdataservice/doc.go index a0965996aa0..a35faa13339 100644 --- a/service/rdsdataservice/doc.go +++ b/service/rdsdataservice/doc.go @@ -11,9 +11,6 @@ // Aurora Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/data-api.html) // in the Amazon Aurora User Guide. // -// If you have questions or comments related to the Data API, send email to -// Rds-data-api-feedback@amazon.com (mailto:Rds-data-api-feedback@amazon.com). -// // See https://docs.aws.amazon.com/goto/WebAPI/rds-data-2018-08-01 for more information on this service. // // See rdsdataservice package documentation for more information. diff --git a/service/route53/api.go b/service/route53/api.go index 34ec3edaf95..34b282735ed 100644 --- a/service/route53/api.go +++ b/service/route53/api.go @@ -57,7 +57,7 @@ func (c *Route53) ActivateKeySigningKeyRequest(input *ActivateKeySigningKeyInput // ActivateKeySigningKey API operation for Amazon Route 53. // -// Activates a key signing key (KSK) so that it can be used for signing by DNSSEC. +// Activates a key-signing key (KSK) so that it can be used for signing by DNSSEC. // This operation changes the KSK status to ACTIVE. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -73,10 +73,10 @@ func (c *Route53) ActivateKeySigningKeyRequest(input *ActivateKeySigningKeyInput // at the same time that you did. Retry the request. // // * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey" -// The specified key signing key (KSK) doesn't exist. +// The specified key-signing key (KSK) doesn't exist. // // * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" -// The key signing key (KSK) status isn't valid or another KSK has the status +// The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. // // * ErrCodeInvalidSigningStatus "InvalidSigningStatus" @@ -884,7 +884,7 @@ func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (r // CreateKeySigningKey API operation for Amazon Route 53. // -// Creates a new key signing key (KSK) associated with a hosted zone. You can +// Creates a new key-signing key (KSK) associated with a hosted zone. You can // only have two KSKs per hosted zone. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -909,7 +909,7 @@ func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (r // signing. // // * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" -// The key signing key (KSK) status isn't valid or another KSK has the status +// The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. // // * ErrCodeInvalidSigningStatus "InvalidSigningStatus" @@ -917,14 +917,14 @@ func (c *Route53) CreateKeySigningKeyRequest(input *CreateKeySigningKeyInput) (r // change the status to enable DNSSEC or disable DNSSEC. // // * ErrCodeInvalidKeySigningKeyName "InvalidKeySigningKeyName" -// The key signing key (KSK) name that you specified isn't a valid name. +// The key-signing key (KSK) name that you specified isn't a valid name. // // * ErrCodeKeySigningKeyAlreadyExists "KeySigningKeyAlreadyExists" -// You've already created a key signing key (KSK) with this name or with the -// same customer managed key (CMK) ARN. +// You've already created a key-signing key (KSK) with this name or with the +// same customer managed customer master key (CMK) ARN. // // * ErrCodeTooManyKeySigningKeys "TooManyKeySigningKeys" -// You've reached the limit for the number of key signing keys (KSKs). Remove +// You've reached the limit for the number of key-signing keys (KSKs). Remove // at least one KSK, and then try again. // // * ErrCodeConcurrentModification "ConcurrentModification" @@ -1780,7 +1780,7 @@ func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyI // DeactivateKeySigningKey API operation for Amazon Route 53. // -// Deactivates a key signing key (KSK) so that it will not be used for signing +// Deactivates a key-signing key (KSK) so that it will not be used for signing // by DNSSEC. This operation changes the KSK status to INACTIVE. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -1796,10 +1796,10 @@ func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyI // at the same time that you did. Retry the request. // // * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey" -// The specified key signing key (KSK) doesn't exist. +// The specified key-signing key (KSK) doesn't exist. // // * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" -// The key signing key (KSK) status isn't valid or another KSK has the status +// The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. // // * ErrCodeInvalidSigningStatus "InvalidSigningStatus" @@ -1807,12 +1807,12 @@ func (c *Route53) DeactivateKeySigningKeyRequest(input *DeactivateKeySigningKeyI // change the status to enable DNSSEC or disable DNSSEC. // // * ErrCodeKeySigningKeyInUse "KeySigningKeyInUse" -// The key signing key (KSK) that you specified can't be deactivated because +// The key-signing key (KSK) that you specified can't be deactivated because // it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, // or add or enable another KSK. // // * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord" -// The key signing key (KSK) is specified in a parent DS record. +// The key-signing key (KSK) is specified in a parent DS record. // // See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/DeactivateKeySigningKey func (c *Route53) DeactivateKeySigningKey(input *DeactivateKeySigningKeyInput) (*DeactivateKeySigningKeyOutput, error) { @@ -2120,7 +2120,7 @@ func (c *Route53) DeleteKeySigningKeyRequest(input *DeleteKeySigningKeyInput) (r // DeleteKeySigningKey API operation for Amazon Route 53. // -// Deletes a key signing key (KSK). Before you can delete a KSK, you must deactivate +// Deletes a key-signing key (KSK). Before you can delete a KSK, you must deactivate // it. The KSK must be deactived before you can delete it regardless of whether // the hosted zone is enabled for DNSSEC signing. // @@ -2137,10 +2137,10 @@ func (c *Route53) DeleteKeySigningKeyRequest(input *DeleteKeySigningKeyInput) (r // at the same time that you did. Retry the request. // // * ErrCodeNoSuchKeySigningKey "NoSuchKeySigningKey" -// The specified key signing key (KSK) doesn't exist. +// The specified key-signing key (KSK) doesn't exist. // // * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" -// The key signing key (KSK) status isn't valid or another KSK has the status +// The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. // // * ErrCodeInvalidSigningStatus "InvalidSigningStatus" @@ -2708,7 +2708,7 @@ func (c *Route53) DisableHostedZoneDNSSECRequest(input *DisableHostedZoneDNSSECI // DisableHostedZoneDNSSEC API operation for Amazon Route 53. // // Disables DNSSEC signing in a specific hosted zone. This action does not deactivate -// any key signing keys (KSKs) that are active in the hosted zone. +// any key-signing keys (KSKs) that are active in the hosted zone. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2729,13 +2729,13 @@ func (c *Route53) DisableHostedZoneDNSSECRequest(input *DisableHostedZoneDNSSECI // at the same time that you did. Retry the request. // // * ErrCodeKeySigningKeyInParentDSRecord "KeySigningKeyInParentDSRecord" -// The key signing key (KSK) is specified in a parent DS record. +// The key-signing key (KSK) is specified in a parent DS record. // // * ErrCodeDNSSECNotFound "DNSSECNotFound" // The hosted zone doesn't have any DNSSEC resources. // // * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" -// The key signing key (KSK) status isn't valid or another KSK has the status +// The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. // // * ErrCodeInvalidKMSArn "InvalidKMSArn" @@ -2941,7 +2941,7 @@ func (c *Route53) EnableHostedZoneDNSSECRequest(input *EnableHostedZoneDNSSECInp // at the same time that you did. Retry the request. // // * ErrCodeKeySigningKeyWithActiveStatusNotFound "KeySigningKeyWithActiveStatusNotFound" -// A key signing key (KSK) with ACTIVE status wasn't found. +// A key-signing key (KSK) with ACTIVE status wasn't found. // // * ErrCodeInvalidKMSArn "InvalidKMSArn" // The KeyManagementServiceArn that you specified isn't valid to use with DNSSEC @@ -2955,7 +2955,7 @@ func (c *Route53) EnableHostedZoneDNSSECRequest(input *EnableHostedZoneDNSSECInp // The hosted zone doesn't have any DNSSEC resources. // // * ErrCodeInvalidKeySigningKeyStatus "InvalidKeySigningKeyStatus" -// The key signing key (KSK) status isn't valid or another KSK has the status +// The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. // // See also, https://docs.aws.amazon.com/goto/WebAPI/route53-2013-04-01/EnableHostedZoneDNSSEC @@ -3203,6 +3203,8 @@ func (c *Route53) GetCheckerIpRangesRequest(input *GetCheckerIpRangesInput) (req // GetCheckerIpRanges API operation for Amazon Route 53. // +// Route 53 does not perform authorization for this API because it retrieves +// information that is already available to the public. // // GetCheckerIpRanges still works, but we recommend that you download ip-ranges.json, // which includes IP address ranges for all AWS services. For more information, @@ -3282,7 +3284,7 @@ func (c *Route53) GetDNSSECRequest(input *GetDNSSECInput) (req *request.Request, // GetDNSSEC API operation for Amazon Route 53. // // Returns information about DNSSEC for a specific hosted zone, including the -// key signing keys (KSKs) and zone signing keys (ZSKs) in the hosted zone. +// key-signing keys (KSKs) in the hosted zone. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3367,6 +3369,9 @@ func (c *Route53) GetGeoLocationRequest(input *GetGeoLocationInput) (req *reques // Gets information about whether a specified geographic location is supported // for Amazon Route 53 geolocation resource record sets. // +// Route 53 does not perform authorization for this API because it retrieves +// information that is already available to the public. +// // Use the following syntax to determine whether a continent is supported for // geolocation: // @@ -4557,6 +4562,9 @@ func (c *Route53) ListGeoLocationsRequest(input *ListGeoLocationsInput) (req *re // the subdivisions for that country are listed in alphabetical order immediately // after the corresponding country. // +// Route 53 does not perform authorization for this API because it retrieves +// information that is already available to the public. +// // For a list of supported geolocation codes, see the GeoLocation (https://docs.aws.amazon.com/Route53/latest/APIReference/API_GeoLocation.html) // data type. // @@ -6801,7 +6809,9 @@ type ActivateKeySigningKeyInput struct { // HostedZoneId is a required field HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"` - // An alphanumeric string used to identify a key signing key (KSK). + // A string used to identify a key-signing key (KSK). Name can include numbers, + // letters, and underscores (_). Name must be unique for each key-signing key + // in the same hosted zone. // // Name is a required field Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"` @@ -6902,8 +6912,9 @@ type AlarmIdentifier struct { // determine whether this health check is healthy, the region that the alarm // was created in. // - // For the current list of CloudWatch regions, see Amazon CloudWatch (https://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region) - // in the AWS Service Endpoints chapter of the Amazon Web Services General Reference. + // For the current list of CloudWatch regions, see Amazon CloudWatch endpoints + // and quotas (https://docs.aws.amazon.com/general/latest/gr/cw_region.html) + // in the Amazon Web Services General Reference. // // Region is a required field Region *string `min:"1" type:"string" required:"true" enum:"CloudWatchRegion"` @@ -7199,21 +7210,20 @@ type AliasTarget struct { // // Specify the hosted zone ID for the region that you created the environment // in. The environment must have a regionalized subdomain. For a list of regions - // and the corresponding hosted zone IDs, see AWS Elastic Beanstalk (https://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region) - // in the "AWS Service Endpoints" chapter of the Amazon Web Services General - // Reference. + // and the corresponding hosted zone IDs, see AWS Elastic Beanstalk endpoints + // and quotas (https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) + // in the the Amazon Web Services General Reference. // // ELB load balancer // // Specify the value of the hosted zone ID for the load balancer. Use the following // methods to get the hosted zone ID: // - // * Service Endpoints (https://docs.aws.amazon.com/general/latest/gr/elb.html) - // table in the "Elastic Load Balancing Endpoints and Quotas" topic in the - // Amazon Web Services General Reference: Use the value that corresponds - // with the region that you created your load balancer in. Note that there - // are separate columns for Application and Classic Load Balancers and for - // Network Load Balancers. + // * Elastic Load Balancing endpoints and quotas (https://docs.aws.amazon.com/general/latest/gr/elb.html) + // topic in the Amazon Web Services General Reference: Use the value that + // corresponds with the region that you created your load balancer in. Note + // that there are separate columns for Application and Classic Load Balancers + // and for Network Load Balancers. // // * AWS Management Console: Go to the Amazon EC2 page, choose Load Balancers // in the navigation pane, select the load balancer, and get the value of @@ -8230,13 +8240,13 @@ type CreateKeySigningKeyInput struct { // HostedZoneId is a required field HostedZoneId *string `type:"string" required:"true"` - // The Amazon resource name (ARN) for a customer managed key (CMK) in AWS Key - // Management Service (KMS). The KeyManagementServiceArn must be unique for - // each key signing key (KSK) in a single hosted zone. To see an example of - // KeyManagementServiceArn that grants the correct permissions for DNSSEC, scroll - // down to Example. + // The Amazon resource name (ARN) for a customer managed customer master key + // (CMK) in AWS Key Management Service (AWS KMS). The KeyManagementServiceArn + // must be unique for each key-signing key (KSK) in a single hosted zone. To + // see an example of KeyManagementServiceArn that grants the correct permissions + // for DNSSEC, scroll down to Example. // - // You must configure the CMK as follows: + // You must configure the customer managed CMK as follows: // // Status // @@ -8265,19 +8275,20 @@ type CreateKeySigningKeyInput struct { // // * "Service": "api-service.dnssec.route53.aws.internal" // - // For more information about working with CMK in KMS, see AWS Key Management - // Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html). + // For more information about working with a customer managed CMK in AWS KMS, + // see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html). // // KeyManagementServiceArn is a required field KeyManagementServiceArn *string `type:"string" required:"true"` - // An alphanumeric string used to identify a key signing key (KSK). Name must - // be unique for each key signing key in the same hosted zone. + // A string used to identify a key-signing key (KSK). Name can include numbers, + // letters, and underscores (_). Name must be unique for each key-signing key + // in the same hosted zone. // // Name is a required field Name *string `min:"3" type:"string" required:"true"` - // A string specifying the initial status of the key signing key (KSK). You + // A string specifying the initial status of the key-signing key (KSK). You // can set the value to ACTIVE or INACTIVE. // // Status is a required field @@ -8367,12 +8378,12 @@ type CreateKeySigningKeyOutput struct { // ChangeInfo is a required field ChangeInfo *ChangeInfo `type:"structure" required:"true"` - // The key signing key (KSK) that the request creates. + // The key-signing key (KSK) that the request creates. // // KeySigningKey is a required field KeySigningKey *KeySigningKey `type:"structure" required:"true"` - // The unique URL representing the new key signing key (KSK). + // The unique URL representing the new key-signing key (KSK). // // Location is a required field Location *string `location:"header" locationName:"Location" type:"string" required:"true"` @@ -9059,14 +9070,34 @@ func (s *CreateVPCAssociationAuthorizationOutput) SetVPC(v *VPC) *CreateVPCAssoc type DNSSECStatus struct { _ struct{} `type:"structure"` - // Indicates your hosted zone signging status: SIGNING, NOT_SIGNING, or INTERNAL_FAILURE. - // If the status is INTERNAL_FAILURE, see StatusMessage for information about - // steps that you can take to correct the problem. + // A string that represents the current hosted zone signing status. + // + // Status can have one of the following values: + // + // SIGNING + // + // DNSSEC signing is enabled for the hosted zone. + // + // NOT_SIGNING + // + // DNSSEC signing is not enabled for the hosted zone. + // + // DELETING + // + // DNSSEC signing is in the process of being removed for the hosted zone. + // + // ACTION_NEEDED // - // A status INTERNAL_FAILURE means there was an error during a request. Before - // you can continue to work with DNSSEC signing, including working with key - // signing keys (KSKs), you must correct the problem by enabling or disabling - // DNSSEC signing for the hosted zone. + // There is a problem with signing in the hosted zone that requires you to take + // action to resolve. For example, the customer managed customer master key + // (CMK) might have been deleted, or the permissions for the customer managed + // CMK might have been changed. + // + // INTERNAL_FAILURE + // + // There was an error during a request. Before you can continue to work with + // DNSSEC signing, including with key-signing keys (KSKs), you must correct + // the problem by enabling or disabling DNSSEC signing for the hosted zone. ServeSignature *string `min:"1" type:"string"` // The status message provided for the following DNSSEC signing status: INTERNAL_FAILURE. @@ -9105,7 +9136,7 @@ type DeactivateKeySigningKeyInput struct { // HostedZoneId is a required field HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"` - // An alphanumeric string used to identify a key signing key (KSK). + // A string used to identify a key-signing key (KSK). // // Name is a required field Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"` @@ -9362,7 +9393,7 @@ type DeleteKeySigningKeyInput struct { // HostedZoneId is a required field HostedZoneId *string `location:"uri" locationName:"HostedZoneId" type:"string" required:"true"` - // An alphanumeric string used to identify a key signing key (KSK). + // A string used to identify a key-signing key (KSK). // // Name is a required field Name *string `location:"uri" locationName:"Name" min:"3" type:"string" required:"true"` @@ -10147,8 +10178,12 @@ type GeoLocationDetails struct { // The name of the country. CountryName *string `min:"1" type:"string"` - // The code for the subdivision. Route 53 currently supports only states in - // the United States. + // The code for the subdivision, such as a particular state within the United + // States. For a list of US state abbreviations, see Appendix B: Two–Letter + // State and Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm) + // on the United States Postal Service website. For a list of all supported + // subdivision codes, use the ListGeoLocations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListGeoLocations.html) + // API. SubdivisionCode *string `min:"1" type:"string"` // The full name of the subdivision. Route 53 currently supports only states @@ -10461,7 +10496,7 @@ func (s *GetDNSSECInput) SetHostedZoneId(v string) *GetDNSSECInput { type GetDNSSECOutput struct { _ struct{} `type:"structure"` - // The key signing keys (KSKs) in your account. + // The key-signing keys (KSKs) in your account. // // KeySigningKeys is a required field KeySigningKeys []*KeySigningKey `type:"list" required:"true"` @@ -10521,12 +10556,12 @@ type GetGeoLocationInput struct { // standard 3166-1 alpha-2 (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). CountryCode *string `location:"querystring" locationName:"countrycode" min:"1" type:"string"` - // For SubdivisionCode, Amazon Route 53 supports only states of the United States. - // For a list of state abbreviations, see Appendix B: Two–Letter State and - // Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm) on the - // United States Postal Service website. - // - // If you specify subdivisioncode, you must also specify US for CountryCode. + // The code for the subdivision, such as a particular state within the United + // States. For a list of US state abbreviations, see Appendix B: Two–Letter + // State and Possession Abbreviations (https://pe.usps.com/text/pub28/28apb.htm) + // on the United States Postal Service website. For a list of all supported + // subdivision codes, use the ListGeoLocations (https://docs.aws.amazon.com/Route53/latest/APIReference/API_ListGeoLocations.html) + // API. SubdivisionCode *string `location:"querystring" locationName:"subdivisioncode" min:"1" type:"string"` } @@ -11576,7 +11611,7 @@ type HealthCheck struct { // HealthCheckVersion is a required field HealthCheckVersion *int64 `min:"1" type:"long" required:"true"` - // The identifier that Amazon Route 53assigned to the health check when you + // The identifier that Amazon Route 53 assigned to the health check when you // created it. When you add or update a resource record set, you use this value // to specify which health check to use. The value can be up to 64 characters // long. @@ -12380,7 +12415,7 @@ func (s *HostedZoneSummary) SetOwner(v *HostedZoneOwner) *HostedZoneSummary { return s } -// A key signing key (KSK) is a complex type that represents a public/private +// A key-signing key (KSK) is a complex type that represents a public/private // key pair. The private key is used to generate a digital signature for the // zone signing key (ZSK). The public key is stored in the DNS and is used to // authenticate the ZSK. A KSK is always associated with a hosted zone; it cannot @@ -12388,7 +12423,7 @@ func (s *HostedZoneSummary) SetOwner(v *HostedZoneOwner) *HostedZoneSummary { type KeySigningKey struct { _ struct{} `type:"structure"` - // The date when the key signing key (KSK) was created. + // The date when the key-signing key (KSK) was created. CreatedDate *time.Time `type:"timestamp"` // A string that represents a DNSKEY record. @@ -12411,7 +12446,7 @@ type KeySigningKey struct { // system. DigestValue *string `type:"string"` - // An integer that specifies how the key is used. For key signing key (KSK), + // An integer that specifies how the key is used. For key-signing key (KSK), // this value is always 257. Flag *int64 `type:"integer"` @@ -12419,9 +12454,9 @@ type KeySigningKey struct { // used to calculate the value is described in RFC-4034 Appendix B (https://tools.ietf.org/rfc/rfc4034.txt). KeyTag *int64 `type:"integer"` - // The Amazon resource name (ARN) used to identify the customer managed key - // (CMK) in AWS Key Management Service (KMS). The KmsArn must be unique for - // each key signing key (KSK) in a single hosted zone. + // The Amazon resource name (ARN) used to identify the customer managed customer + // master key (CMK) in AWS Key Management Service (AWS KMS). The KmsArn must + // be unique for each key-signing key (KSK) in a single hosted zone. // // You must configure the CMK as follows: // @@ -12452,15 +12487,16 @@ type KeySigningKey struct { // // * "Service": "api-service.dnssec.route53.aws.internal" // - // For more information about working with the customer managed key (CMK) in - // KMS, see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html). + // For more information about working with the customer managed CMK in AWS KMS, + // see AWS Key Management Service concepts (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html). KmsArn *string `type:"string"` - // The last time that the key signing key (KSK) was changed. + // The last time that the key-signing key (KSK) was changed. LastModifiedDate *time.Time `type:"timestamp"` - // An alphanumeric string used to identify a key signing key (KSK). Name must - // be unique for each key signing key in the same hosted zone. + // A string used to identify a key-signing key (KSK). Name can include numbers, + // letters, and underscores (_). Name must be unique for each key-signing key + // in the same hosted zone. Name *string `min:"3" type:"string"` // The public key, represented as a Base64 encoding, as required by RFC-4034 @@ -12475,7 +12511,7 @@ type KeySigningKey struct { // the guidelines provided by RFC-8624 Section 3.1 (https://tools.ietf.org/html/rfc8624#section-3.1). SigningAlgorithmType *int64 `type:"integer"` - // A string that represents the current key signing key (KSK) status. + // A string that represents the current key-signing key (KSK) status. // // Status can have one of the following values: // @@ -12487,9 +12523,16 @@ type KeySigningKey struct { // // The KSK is not being used for signing. // + // DELETING + // + // The KSK is in the process of being deleted. + // // ACTION_NEEDED // - // There is an error in the KSK that requires you to take action to resolve. + // There is a problem with the KSK that requires you to take action to resolve. + // For example, the customer managed customer master key (CMK) might have been + // deleted, or the permissions for the customer managed CMK might have been + // changed. // // INTERNAL_FAILURE // @@ -12498,7 +12541,7 @@ type KeySigningKey struct { // the problem. For example, you may need to activate or deactivate the KSK. Status *string `min:"5" type:"string"` - // The status message provided for the following key signing key (KSK) statuses: + // The status message provided for the following key-signing key (KSK) statuses: // ACTION_NEEDED or INTERNAL_FAILURE. The status message includes information // about what the problem might be and steps that you can take to correct the // issue. @@ -15378,8 +15421,8 @@ type ResourceRecordSet struct { // data is encoded for them, see Supported DNS Resource Record Types (https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) // in the Amazon Route 53 Developer Guide. // - // Valid values for basic resource record sets: A | AAAA | CAA | CNAME | MX - // | NAPTR | NS | PTR | SOA | SPF | SRV | TXT + // Valid values for basic resource record sets: A | AAAA | CAA | CNAME | DS + // |MX | NAPTR | NS | PTR | SOA | SPF | SRV | TXT // // Values for weighted, latency, geolocation, and failover resource record sets: // A | AAAA | CAA | CNAME | MX | NAPTR | PTR | SPF | SRV | TXT. When creating diff --git a/service/route53/errors.go b/service/route53/errors.go index 1a3b3d1a362..96084006169 100644 --- a/service/route53/errors.go +++ b/service/route53/errors.go @@ -199,13 +199,13 @@ const ( // ErrCodeInvalidKeySigningKeyName for service response error code // "InvalidKeySigningKeyName". // - // The key signing key (KSK) name that you specified isn't a valid name. + // The key-signing key (KSK) name that you specified isn't a valid name. ErrCodeInvalidKeySigningKeyName = "InvalidKeySigningKeyName" // ErrCodeInvalidKeySigningKeyStatus for service response error code // "InvalidKeySigningKeyStatus". // - // The key signing key (KSK) status isn't valid or another KSK has the status + // The key-signing key (KSK) status isn't valid or another KSK has the status // INTERNAL_FAILURE. ErrCodeInvalidKeySigningKeyStatus = "InvalidKeySigningKeyStatus" @@ -240,20 +240,20 @@ const ( // ErrCodeKeySigningKeyAlreadyExists for service response error code // "KeySigningKeyAlreadyExists". // - // You've already created a key signing key (KSK) with this name or with the - // same customer managed key (CMK) ARN. + // You've already created a key-signing key (KSK) with this name or with the + // same customer managed customer master key (CMK) ARN. ErrCodeKeySigningKeyAlreadyExists = "KeySigningKeyAlreadyExists" // ErrCodeKeySigningKeyInParentDSRecord for service response error code // "KeySigningKeyInParentDSRecord". // - // The key signing key (KSK) is specified in a parent DS record. + // The key-signing key (KSK) is specified in a parent DS record. ErrCodeKeySigningKeyInParentDSRecord = "KeySigningKeyInParentDSRecord" // ErrCodeKeySigningKeyInUse for service response error code // "KeySigningKeyInUse". // - // The key signing key (KSK) that you specified can't be deactivated because + // The key-signing key (KSK) that you specified can't be deactivated because // it's the only KSK for a currently-enabled DNSSEC. Disable DNSSEC signing, // or add or enable another KSK. ErrCodeKeySigningKeyInUse = "KeySigningKeyInUse" @@ -261,7 +261,7 @@ const ( // ErrCodeKeySigningKeyWithActiveStatusNotFound for service response error code // "KeySigningKeyWithActiveStatusNotFound". // - // A key signing key (KSK) with ACTIVE status wasn't found. + // A key-signing key (KSK) with ACTIVE status wasn't found. ErrCodeKeySigningKeyWithActiveStatusNotFound = "KeySigningKeyWithActiveStatusNotFound" // ErrCodeLastVPCAssociation for service response error code @@ -327,7 +327,7 @@ const ( // ErrCodeNoSuchKeySigningKey for service response error code // "NoSuchKeySigningKey". // - // The specified key signing key (KSK) doesn't exist. + // The specified key-signing key (KSK) doesn't exist. ErrCodeNoSuchKeySigningKey = "NoSuchKeySigningKey" // ErrCodeNoSuchQueryLoggingConfig for service response error code @@ -428,7 +428,7 @@ const ( // ErrCodeTooManyKeySigningKeys for service response error code // "TooManyKeySigningKeys". // - // You've reached the limit for the number of key signing keys (KSKs). Remove + // You've reached the limit for the number of key-signing keys (KSKs). Remove // at least one KSK, and then try again. ErrCodeTooManyKeySigningKeys = "TooManyKeySigningKeys" diff --git a/service/s3control/api.go b/service/s3control/api.go index 1ca267178b4..2667b84d968 100644 --- a/service/s3control/api.go +++ b/service/s3control/api.go @@ -300,13 +300,13 @@ func (c *S3Control) CreateJobRequest(input *CreateJobInput) (req *request.Reques // CreateJob API operation for AWS S3 Control. // -// S3 Batch Operations performs large-scale Batch Operations on Amazon S3 objects. -// Batch Operations can run a single operation or action on lists of Amazon -// S3 objects that you specify. For more information, see S3 Batch Operations +// You can use S3 Batch Operations to perform large-scale batch operations on +// Amazon S3 objects. Batch Operations can run a single operation on lists of +// Amazon S3 objects that you specify. For more information, see S3 Batch Operations // (https://docs.aws.amazon.com/AmazonS3/latest/dev/batch-ops-basics.html) in // the Amazon Simple Storage Service Developer Guide. // -// This operation creates an S3 Batch Operations job. +// This operation creates a S3 Batch Operations job. // // Related actions include: // @@ -318,6 +318,8 @@ func (c *S3Control) CreateJobRequest(input *CreateJobInput) (req *request.Reques // // * UpdateJobStatus (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_UpdateJobStatus.html) // +// * JobOperation (https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_JobOperation.html) +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1216,7 +1218,8 @@ func (c *S3Control) DeleteStorageLensConfigurationRequest(input *DeleteStorageLe // DeleteStorageLensConfiguration API operation for AWS S3 Control. // // Deletes the Amazon S3 Storage Lens configuration. For more information about -// S3 Storage Lens, see Working with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) +// S3 Storage Lens, see Assessing your storage activity and usage with Amazon +// S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) // in the Amazon Simple Storage Service Developer Guide. // // To use this action, you must have permission to perform the s3:DeleteStorageLensConfiguration @@ -1300,7 +1303,8 @@ func (c *S3Control) DeleteStorageLensConfigurationTaggingRequest(input *DeleteSt // DeleteStorageLensConfigurationTagging API operation for AWS S3 Control. // // Deletes the Amazon S3 Storage Lens configuration tags. For more information -// about S3 Storage Lens, see Working with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) +// about S3 Storage Lens, see Assessing your storage activity and usage with +// Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) // in the Amazon Simple Storage Service Developer Guide. // // To use this action, you must have permission to perform the s3:DeleteStorageLensConfigurationTagging @@ -2374,7 +2378,7 @@ func (c *S3Control) GetStorageLensConfigurationRequest(input *GetStorageLensConf // GetStorageLensConfiguration API operation for AWS S3 Control. // // Gets the Amazon S3 Storage Lens configuration. For more information, see -// Working with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) +// Assessing your storage activity and usage with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) // in the Amazon Simple Storage Service Developer Guide. // // To use this action, you must have permission to perform the s3:GetStorageLensConfiguration @@ -2457,7 +2461,8 @@ func (c *S3Control) GetStorageLensConfigurationTaggingRequest(input *GetStorageL // GetStorageLensConfigurationTagging API operation for AWS S3 Control. // // Gets the tags of Amazon S3 Storage Lens configuration. For more information -// about S3 Storage Lens, see Working with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) +// about S3 Storage Lens, see Assessing your storage activity and usage with +// Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) // in the Amazon Simple Storage Service Developer Guide. // // To use this action, you must have permission to perform the s3:GetStorageLensConfigurationTagging @@ -2994,7 +2999,8 @@ func (c *S3Control) ListStorageLensConfigurationsRequest(input *ListStorageLensC // ListStorageLensConfigurations API operation for AWS S3 Control. // // Gets a list of Amazon S3 Storage Lens configurations. For more information -// about S3 Storage Lens, see Working with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) +// about S3 Storage Lens, see Assessing your storage activity and usage with +// Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) // in the Amazon Simple Storage Service Developer Guide. // // To use this action, you must have permission to perform the s3:ListStorageLensConfigurations @@ -3840,8 +3846,8 @@ func (c *S3Control) PutStorageLensConfigurationTaggingRequest(input *PutStorageL // PutStorageLensConfigurationTagging API operation for AWS S3 Control. // // Put or replace tags on an existing Amazon S3 Storage Lens configuration. -// For more information about S3 Storage Lens, see Working with Amazon S3 Storage -// Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) +// For more information about S3 Storage Lens, see Assessing your storage activity +// and usage with Amazon S3 Storage Lens (https://docs.aws.amazon.com/AmazonS3/latest/dev/storage_lens.html) // in the Amazon Simple Storage Service Developer Guide. // // To use this action, you must have permission to perform the s3:PutStorageLensConfigurationTagging @@ -7855,6 +7861,10 @@ type JobManifestLocation struct { // The Amazon Resource Name (ARN) for a manifest object. // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). + // // ObjectArn is a required field ObjectArn *string `min:"1" type:"string" required:"true"` @@ -7976,6 +7986,10 @@ type JobOperation struct { // in the manifest. LambdaInvoke *LambdaInvokeOperation `type:"structure"` + // Directs the specified job to execute a DELETE Object tagging call on every + // object in the manifest. + S3DeleteObjectTagging *S3DeleteObjectTaggingOperation `type:"structure"` + // Directs the specified job to initiate restore requests for every archived // object in the manifest. S3InitiateRestoreObject *S3InitiateRestoreObjectOperation `type:"structure"` @@ -8063,6 +8077,12 @@ func (s *JobOperation) SetLambdaInvoke(v *LambdaInvokeOperation) *JobOperation { return s } +// SetS3DeleteObjectTagging sets the S3DeleteObjectTagging field's value. +func (s *JobOperation) SetS3DeleteObjectTagging(v *S3DeleteObjectTaggingOperation) *JobOperation { + s.S3DeleteObjectTagging = v + return s +} + // SetS3InitiateRestoreObject sets the S3InitiateRestoreObject field's value. func (s *JobOperation) SetS3InitiateRestoreObject(v *S3InitiateRestoreObjectOperation) *JobOperation { s.S3InitiateRestoreObject = v @@ -8537,6 +8557,10 @@ type LifecycleRuleFilter struct { And *LifecycleRuleAndOperator `type:"structure"` // Prefix identifying one or more objects to which the rule applies. + // + // Replacement must be made for object keys containing special characters (such + // as carriage returns) when using XML requests. For more information, see XML + // related object key constraints (https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-keys.html#object-key-xml-related-constraints). Prefix *string `type:"string"` Tag *S3Tag `type:"structure"` @@ -10887,6 +10911,23 @@ func (s *S3CopyObjectOperation) SetUnModifiedSinceConstraint(v time.Time) *S3Cop return s } +// Contains no configuration parameters because the DELETE Object tagging API +// only accepts the bucket name and key name as parameters, which are defined +// in the job's manifest. +type S3DeleteObjectTaggingOperation struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation +func (s S3DeleteObjectTaggingOperation) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation +func (s S3DeleteObjectTaggingOperation) GoString() string { + return s.String() +} + type S3Grant struct { _ struct{} `type:"structure"` @@ -11839,6 +11880,8 @@ type StorageLensDataExport struct { // A container for the bucket where the S3 Storage Lens metrics export will // be located. // + // This bucket must be located in the same Region as the storage lens configuration. + // // S3BucketDestination is a required field S3BucketDestination *S3BucketDestination `type:"structure" required:"true"` } @@ -12619,6 +12662,9 @@ const ( // OperationNameS3putObjectTagging is a OperationName enum value OperationNameS3putObjectTagging = "S3PutObjectTagging" + // OperationNameS3deleteObjectTagging is a OperationName enum value + OperationNameS3deleteObjectTagging = "S3DeleteObjectTagging" + // OperationNameS3initiateRestoreObject is a OperationName enum value OperationNameS3initiateRestoreObject = "S3InitiateRestoreObject" @@ -12636,6 +12682,7 @@ func OperationName_Values() []string { OperationNameS3putObjectCopy, OperationNameS3putObjectAcl, OperationNameS3putObjectTagging, + OperationNameS3deleteObjectTagging, OperationNameS3initiateRestoreObject, OperationNameS3putObjectLegalHold, OperationNameS3putObjectRetention,