Release v1.42.16 (2021-11-30) (#4192)

Release v1.42.16 (2021-11-30)
===

### Service Client Updates
* `service/accessanalyzer`: Updates service API and documentation
* `service/backup-gateway`: Adds new service
* `service/ec2`: Updates service API and documentation
  * This release adds support for Is4gen and Im4gn instances. This release also adds a new subnet attribute, enableLniAtDeviceIndex, to support local network interfaces, which are logical networking components that connect an EC2 instance to your on-premises network.
* `service/fsx`: Updates service API, documentation, and paginators
* `service/glue`: Updates service API and documentation
  * Support for DataLake transactions
* `service/iot`: Updates service API and documentation
  * Added the ability to enable/disable IoT Fleet Indexing for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
* `service/iottwinmaker`: Adds new service
* `service/kafka`: Updates service API, documentation, and paginators
* `service/kinesis`: Updates service API and documentation
  * Amazon Kinesis Data Streams now supports on demand streams.
* `service/lakeformation`: Updates service API, documentation, and paginators
* `service/outposts`: Updates service API and documentation
* `service/redshift-data`: Updates service API and documentation
* `service/s3`: Updates service API, documentation, and examples
  * Introduce Amazon S3 Glacier Instant Retrieval storage class and a new setting in S3 Object Ownership to disable ACLs for bucket and the objects in it.
* `service/snowball`: Updates service API and documentation
  * Tapeball is to integrate tape gateway onto snowball, it enables customer to transfer local data on the tape to snowball,and then ingest the data into tape gateway on the cloud.
* `service/storagegateway`: Updates service API and documentation
  * Added gateway type VTL_SNOW. Added new SNOWBALL HostEnvironment for gateways running on a Snowball device. Added new field HostEnvironmentId to serve as an identifier for the HostEnvironment on which the gateway is running.
* `service/workspaces-web`: Adds new service

CHANGELOG.md

@@ -1,3 +1,31 @@
+Release v1.42.16 (2021-11-30)
+===
+
+### Service Client Updates
+* `service/accessanalyzer`: Updates service API and documentation
+* `service/backup-gateway`: Adds new service
+* `service/ec2`: Updates service API and documentation
+  * This release adds support for Is4gen and Im4gn instances. This release also adds a new subnet attribute, enableLniAtDeviceIndex, to support local network interfaces, which are logical networking components that connect an EC2 instance to your on-premises network.
+* `service/fsx`: Updates service API, documentation, and paginators
+* `service/glue`: Updates service API and documentation
+  * Support for DataLake transactions
+* `service/iot`: Updates service API and documentation
+  * Added the ability to enable/disable IoT Fleet Indexing for Device Defender and Named Shadow information, and search them through IoT Fleet Indexing APIs.
+* `service/iottwinmaker`: Adds new service
+* `service/kafka`: Updates service API, documentation, and paginators
+* `service/kinesis`: Updates service API and documentation
+  * Amazon Kinesis Data Streams now supports on demand streams.
+* `service/lakeformation`: Updates service API, documentation, and paginators
+* `service/outposts`: Updates service API and documentation
+* `service/redshift-data`: Updates service API and documentation
+* `service/s3`: Updates service API, documentation, and examples
+  * Introduce Amazon S3 Glacier Instant Retrieval storage class and a new setting in S3 Object Ownership to disable ACLs for bucket and the objects in it.
+* `service/snowball`: Updates service API and documentation
+  * Tapeball is to integrate tape gateway onto snowball, it enables customer to transfer local data on the tape to snowball,and then ingest the data into tape gateway on the cloud.
+* `service/storagegateway`: Updates service API and documentation
+  * Added gateway type VTL_SNOW. Added new SNOWBALL HostEnvironment for gateways running on a Snowball device. Added new field HostEnvironmentId to serve as an identifier for the HostEnvironment on which the gateway is running.
+* `service/workspaces-web`: Adds new service
+
 Release v1.42.15 (2021-11-29)
 ===
 

aws/version.go

@@ -5,4 +5,4 @@ package aws
 const SDKName = "aws-sdk-go"
 
 // SDKVersion is the version of this SDK
-const SDKVersion = "1.42.15"
+const SDKVersion = "1.42.16"

models/apis/accessanalyzer/2019-11-01/api-2.json

@@ -2151,9 +2151,19 @@
           "locationName":"nextToken"
         },
         "policyDocument":{"shape":"PolicyDocument"},
-        "policyType":{"shape":"PolicyType"}
+        "policyType":{"shape":"PolicyType"},
+        "validatePolicyResourceType":{"shape":"ValidatePolicyResourceType"}
       }
     },
+    "ValidatePolicyResourceType":{
+      "type":"string",
+      "enum":[
+        "AWS::S3::Bucket",
+        "AWS::S3::AccessPoint",
+        "AWS::S3::MultiRegionAccessPoint",
+        "AWS::S3ObjectLambda::AccessPoint"
+      ]
+    },
     "ValidatePolicyResponse":{
       "type":"structure",
       "required":["findings"],

models/apis/accessanalyzer/2019-11-01/docs-2.json

@@ -1004,15 +1004,15 @@
       }
     },
     "SecretsManagerSecretConfiguration": {
-      "base": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. If you specify an empty string for the KMS key ID, the access preview uses the default CMK of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>",
+      "base": "<p>The configuration for a Secrets Manager secret. For more information, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_CreateSecret.html\">CreateSecret</a>.</p> <p>You can propose a configuration for a new secret or an existing secret that you own by specifying the secret policy and optional KMS encryption key. If the configuration is for an existing secret and you do not specify the secret policy, the access preview uses the existing policy for the secret. If the access preview is for a new resource and you do not specify the policy, the access preview assumes a secret without a policy. To propose deletion of an existing policy, you can specify an empty string. If the proposed configuration is for a new secret and you do not specify the KMS key ID, the access preview uses the Amazon Web Services managed key <code>aws/secretsmanager</code>. If you specify an empty string for the KMS key ID, the access preview uses the Amazon Web Services managed key of the Amazon Web Services account. For more information about secret policy limits, see <a href=\"https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_limits.html\">Quotas for Secrets Manager.</a>.</p>",
       "refs": {
         "Configuration$secretsManagerSecret": "<p>The access control configuration is for a Secrets Manager secret.</p>"
       }
     },
     "SecretsManagerSecretKmsId": {
       "base": null,
       "refs": {
-        "SecretsManagerSecretConfiguration$kmsKeyId": "<p>The proposed ARN, key ID, or alias of the KMS customer master key (CMK).</p>"
+        "SecretsManagerSecretConfiguration$kmsKeyId": "<p>The proposed ARN, key ID, or alias of the KMS key.</p>"
       }
     },
     "SecretsManagerSecretPolicy": {
@@ -1302,6 +1302,12 @@
       "refs": {
       }
     },
+    "ValidatePolicyResourceType": {
+      "base": null,
+      "refs": {
+        "ValidatePolicyRequest$validatePolicyResourceType": "<p>The type of resource to attach to your resource policy. Specify a value for the policy validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose <code>AWS::S3::Bucket</code> for the policy validation resource type.</p> <p>For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.</p>"
+      }
+    },
     "ValidatePolicyResponse": {
       "base": null,
       "refs": {