Backup is a unified backup service designed to protect Amazon Web Services services and their associated data. Backup simplifies the creation, migration, restoration, and deletion of backups, while also providing reporting and auditing.
", "operations": { "CreateBackupPlan": "Creates a backup plan using a backup plan name and backup rules. A backup plan is a document that contains information that Backup uses to schedule tasks that create recovery points for resources.
If you call CreateBackupPlan with a plan that already exists, you receive an AlreadyExistsException exception.
Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see Assigning resources programmatically.
", + "CreateBackupSelection": "Creates a JSON document that specifies a set of resources to assign to a backup plan. For examples, see Assigning resources programmatically.
", "CreateBackupVault": "Creates a logical container where backups are stored. A CreateBackupVault request includes a name, optionally one or more resource tags, an encryption key, and a request ID.
Do not include sensitive data, such as passport numbers, in the name of a backup vault.
Creates a framework with one or more controls. A framework is a collection of controls that you can use to evaluate your backup practices. By using pre-built customizable controls to define your policies, you can evaluate whether your backup practices comply with your policies and which resources are not yet in compliance.
", "CreateReportPlan": "Creates a report plan. A report plan is a document that contains information about the contents of the report and where Backup will deliver it.
If you call CreateReportPlan with a plan that already exists, you receive an AlreadyExistsException exception.
Returns details about your report jobs.
", "ListReportPlans": "Returns a list of your report plans. For detailed information about a single report plan, use DescribeReportPlan.
Returns a list of jobs that Backup initiated to restore a saved resource, including details about the recovery process.
", - "ListTags": "Returns a list of key-value pairs assigned to a target recovery point, backup plan, or backup vault.
ListTags are currently only supported with Amazon EFS backups.
Returns a list of key-value pairs assigned to a target recovery point, backup plan, or backup vault.
ListTags only works for resource types that support full Backup management of their backups. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table.
Sets a resource-based policy that is used to manage access permissions on the target backup vault. Requires a backup vault name and an access policy document in JSON format.
", "PutBackupVaultLockConfiguration": "Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.
Backup Vault Lock has yet to receive a third-party assessment for SEC 17a-4(f) and CFTC.
Turns on notifications on a backup vault for the specified topic and events.
", @@ -65,7 +65,7 @@ "UpdateBackupPlan": "Updates an existing backup plan identified by its backupPlanId with the input document in JSON format. The new version is uniquely identified by a VersionId.
Updates an existing framework identified by its FrameworkName with the input document in JSON format.
Updates whether the Amazon Web Services account is opted in to cross-account backup. Returns an error if the account is not an Organizations management account. Use the DescribeGlobalSettings API to determine the current settings.
Sets the transition lifecycle of a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
Does not support continuous backups.
", + "UpdateRecoveryPointLifecycle": "Sets the transition lifecycle of a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
This operation does not support continuous backups.
", "UpdateRegionSettings": "Updates the current service opt-in settings for the Region. If service-opt-in is enabled for a service, Backup tries to protect that service's resources in this Region, when the resource is included in an on-demand backup or scheduled backup plan. Otherwise, Backup does not try to protect that service's resources in this Region. Use the DescribeRegionSettings API to determine the resource types that are supported.
Updates an existing report plan identified by its ReportPlanName with the input document in JSON format.
An ARN that uniquely identifies a resource. The format of the ARN depends on the resource type.
", "BackupPlansListMember$BackupPlanArn": "An Amazon Resource Name (ARN) that uniquely identifies a backup plan; for example, arn:aws:backup:us-east-1:123456789012:plan:8F81F553-3A74-4A3F-B93D-B3360DC80C50.
An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
The server-side encryption key that is used to protect your backups; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
A server-side encryption key you can specify to encrypt your backups from services that support full Backup management; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. If you specify a key, you must specify its ARN, not its alias. If you do not specify a key, Backup creates a KMS key for you by default.
To learn which Backup services support full Backup management and how Backup handles encryption for backups from services that do not yet support full Backup, see Encryption for backups in Backup
", "CopyAction$DestinationBackupVaultArn": "An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
An Amazon Resource Name (ARN) that uniquely identifies a source copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.
An ARN that uniquely identifies a source recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.
An array of events that indicate the status of jobs to back up resources to the backup vault.
", - "PutBackupVaultNotificationsInput$BackupVaultEvents": "An array of events that indicate the status of jobs to back up resources to the backup vault.
For common use cases and code samples, see Using Amazon SNS to track Backup events.
The following events are supported:
BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED
COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED
RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED
Ignore the list below because it includes deprecated events. Refer to the list above.
An array of events that indicate the status of jobs to back up resources to the backup vault.
For common use cases and code samples, see Using Amazon SNS to track Backup events.
The following events are supported:
BACKUP_JOB_STARTED | BACKUP_JOB_COMPLETED
COPY_JOB_STARTED | COPY_JOB_SUCCESSFUL | COPY_JOB_FAILED
RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED
S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED
Ignore the list below because it includes deprecated events. Refer to the list above.
Contains DeleteAt and MoveToColdStorageAt timestamps, which are used to specify a lifecycle for a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", + "base": "Contains DeleteAt and MoveToColdStorageAt timestamps, which are used to specify a lifecycle for a recovery point.
The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", "refs": { "DescribeRecoveryPointOutput$CalculatedLifecycle": "A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
A CalculatedLifecycle object containing DeleteAt and MoveToColdStorageAt timestamps.
An operation applied to a key-value pair used to assign resources to your backup plan. Condition only supports StringEquals. For more flexible assignment options, incluidng StringLike and the ability to exclude resources from your backup plan, use Conditions (with an \"s\" on the end) for your BackupSelection .
An operation applied to a key-value pair used to assign resources to your backup plan. Condition only supports StringEquals. For more flexible assignment options, including StringLike and the ability to exclude resources from your backup plan, use Conditions (with an \"s\" on the end) for your BackupSelection .
Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", + "base": "Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", "refs": { - "BackupRule$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", - "BackupRuleInput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", + "BackupRule$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", + "BackupRuleInput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", "CopyAction$Lifecycle": null, - "DescribeRecoveryPointOutput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", - "RecoveryPointByBackupVault$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", - "StartBackupJobInput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
", + "DescribeRecoveryPointOutput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", + "RecoveryPointByBackupVault$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", + "StartBackupJobInput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
", "StartCopyJobInput$Lifecycle": null, - "UpdateRecoveryPointLifecycleInput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
", - "UpdateRecoveryPointLifecycleOutput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “expire after days” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only Amazon EFS file system backups can be transitioned to cold storage.
" + "UpdateRecoveryPointLifecycleInput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
", + "UpdateRecoveryPointLifecycleOutput$Lifecycle": "The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.
Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.
Only resource types that support full Backup management can transition their backups to cold storage. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.
" } }, "LimitExceededException": { @@ -1155,8 +1155,8 @@ "DescribeRestoreJobOutput$ExpectedCompletionTimeMinutes": "The amount of time in minutes that a job restoring a recovery point is expected to take.
", "Lifecycle$MoveToColdStorageAfterDays": "Specifies the number of days after creation that a recovery point is moved to cold storage.
", "Lifecycle$DeleteAfterDays": "Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays.
The Backup Vault Lock configuration that specifies the minimum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to retain certain data for at least seven years (2555 days).
If this parameter is not specified, Vault Lock will not enforce a minimum retention period.
If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already saved in the vault prior to Vault Lock are not affected.
", - "PutBackupVaultLockConfigurationInput$MaxRetentionDays": "The Backup Vault Lock configuration that specifies the maximum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to destroy certain data after retaining it for four years (1460 days).
If this parameter is not included, Vault Lock does not enforce a maximum retention period on the recovery points in the vault. If this parameter is included without a value, Vault Lock will not enforce a maximum retention period.
If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already saved in the vault prior to Vault Lock are not affected.
", + "PutBackupVaultLockConfigurationInput$MinRetentionDays": "The Backup Vault Lock configuration that specifies the minimum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to retain certain data for at least seven years (2555 days).
If this parameter is not specified, Vault Lock will not enforce a minimum retention period.
If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. The shortest minimum retention period you can specify is 1 day. Recovery points already saved in the vault prior to Vault Lock are not affected.
", + "PutBackupVaultLockConfigurationInput$MaxRetentionDays": "The Backup Vault Lock configuration that specifies the maximum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to destroy certain data after retaining it for four years (1460 days).
If this parameter is not included, Vault Lock does not enforce a maximum retention period on the recovery points in the vault. If this parameter is included without a value, Vault Lock will not enforce a maximum retention period.
If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job's retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. The longest maximum retention period you can specify is 36500 days (approximately 100 years). Recovery points already saved in the vault prior to Vault Lock are not affected.
", "PutBackupVaultLockConfigurationInput$ChangeableForDays": "The Backup Vault Lock configuration that specifies the number of days before the lock date. For example, setting ChangeableForDays to 30 on Jan. 1, 2022 at 8pm UTC will set the lock date to Jan. 31, 2022 at 8pm UTC.
Backup enforces a 72-hour cooling-off period before Vault Lock takes effect and becomes immutable. Therefore, you must set ChangeableForDays to 3 or greater.
Before the lock date, you can delete Vault Lock from the vault using DeleteBackupVaultLockConfiguration or change the Vault Lock configuration using PutBackupVaultLockConfiguration. On and after the lock date, the Vault Lock becomes immutable and cannot be changed or deleted.
If this parameter is not specified, you can delete Vault Lock from the vault using DeleteBackupVaultLockConfiguration or change the Vault Lock configuration using PutBackupVaultLockConfiguration at any time.
The size, in bytes, of a backup.
", "RecoveryPointByResource$BackupSizeBytes": "The size, in bytes, of a backup.
", @@ -1394,8 +1394,8 @@ "DescribeProtectedResourceOutput$ResourceType": "The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon EBS volume or an Amazon RDS database.
", "DescribeRecoveryPointOutput$ResourceType": "The type of Amazon Web Services resource to save as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database.
", "DescribeRestoreJobOutput$ResourceType": "Returns metadata associated with a restore job listed by resource type.
", - "ListBackupJobsInput$ByResourceType": "Returns only backup jobs for the specified resources:
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
RDS for Amazon Relational Database Service
Aurora for Amazon Aurora
Storage Gateway for Storage Gateway
Returns only backup jobs for the specified resources:
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
RDS for Amazon Relational Database Service
Aurora for Amazon Aurora
Storage Gateway for Storage Gateway
Returns only backup jobs for the specified resources:
Aurora for Amazon Aurora
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
S3 for Amazon S3
VirtualMachine for virtual machines
Returns only backup jobs for the specified resources:
Aurora for Amazon Aurora
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
S3 for Amazon S3
VirtualMachine for virtual machines
Returns only recovery points that match the specified resource type.
", "ProtectedResource$ResourceType": "The type of Amazon Web Services resource; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
", "RecoveryPointByBackupVault$ResourceType": "The type of Amazon Web Services resource saved as a recovery point; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
", @@ -1403,7 +1403,7 @@ "ResourceTypeOptInPreference$key": null, "ResourceTypes$member": null, "RestoreJobsListMember$ResourceType": "The resource type of the listed restore jobs; for example, an Amazon Elastic Block Store (Amazon EBS) volume or an Amazon Relational Database Service (Amazon RDS) database. For Windows Volume Shadow Copy Service (VSS) backups, the only supported resource type is Amazon EC2.
", - "StartRestoreJobInput$ResourceType": "Starts a job to restore a recovery point for one of the following resources:
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
RDS for Amazon Relational Database Service
Aurora for Amazon Aurora
Storage Gateway for Storage Gateway
Starts a job to restore a recovery point for one of the following resources:
Aurora for Amazon Aurora
DocumentDB for Amazon DocumentDB (with MongoDB compatibility)
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSx for Amazon FSx
Neptune for Amazon Neptune
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
S3 for Amazon S3
VirtualMachine for virtual machines
Returns whether a DynamoDB recovery point was taken using Backup's advanced DynamoDB backup features.
", - "UpdateRegionSettingsInput$ResourceTypeManagementPreference": "Enables or disables Backup's advanced DynamoDB backup features for the Region.
" + "DescribeRegionSettingsOutput$ResourceTypeManagementPreference": "Returns whether Backup fully manages the backups for a resource type.
For the benefits of full Backup management, see Full Backup management.
For a list of resource types and whether each supports full Backup management, see the Feature availability by resource table.
If \"DynamoDB\":false, you can enable full Backup management for DynamoDB backup by enabling Backup's advanced DynamoDB backup features.
Enables or disables full Backup management of backups for a resource type. To enable full Backup management for DynamoDB along with Backup's advanced DynamoDB backup features, follow the procedure to enable advanced DynamoDB backup programmatically.
" } }, "ResourceTypeOptInPreference": { @@ -1429,7 +1429,7 @@ "ResourceTypes": { "base": null, "refs": { - "GetSupportedResourceTypesOutput$ResourceTypes": "Contains a string with the supported Amazon Web Services resource types:
Aurora for Amazon Aurora
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSX for Amazon FSx
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
Contains a string with the supported Amazon Web Services resource types:
Aurora for Amazon Aurora
DynamoDB for Amazon DynamoDB
EBS for Amazon Elastic Block Store
EC2 for Amazon Elastic Compute Cloud
EFS for Amazon Elastic File System
FSX for Amazon FSx
RDS for Amazon Relational Database Service
Storage Gateway for Storage Gateway
DocDB for Amazon DocumentDB (with MongoDB compatibility)
Neptune for Amazon Neptune
A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional.
", "BackupRuleInput$CompletionWindowMinutes": "A value in minutes after a backup job is successfully started before it must be completed or it will be canceled by Backup. This value is optional.
", "StartBackupJobInput$StartWindowMinutes": "A value in minutes after a backup is scheduled before a job will be canceled if it doesn't start successfully. This value is optional, and the default is 8 hours.
", - "StartBackupJobInput$CompleteWindowMinutes": "A value in minutes during which a successfully started backup must complete, or else AWS Backup will cancel the job. This value is optional. This value begins counting down from when the backup was scheduled. It does not add additional time for StartWindowMinutes, or if the backup started later than scheduled.
A value in minutes during which a successfully started backup must complete, or else Backup will cancel the job. This value is optional. This value begins counting down from when the backup was scheduled. It does not add additional time for StartWindowMinutes, or if the backup started later than scheduled.
The current state of the experiment.
" + "Experiment$status": "The current state of the experiment.
", + "ListExperimentsRequest$status": "Use this optional parameter to limit the returned results to only the experiments with the status that you specify here.
" } }, "ExperimentStopDesiredState": { @@ -672,7 +673,8 @@ "LaunchStatus": { "base": null, "refs": { - "Launch$status": "The current state of the launch.
" + "Launch$status": "The current state of the launch.
", + "ListLaunchesRequest$status": "Use this optional parameter to limit the returned results to only the launches with the status that you specify here.
" } }, "LaunchStopDesiredState": { diff --git a/models/apis/iam/2010-05-08/docs-2.json b/models/apis/iam/2010-05-08/docs-2.json index 9de7d6c29c5..65025974418 100644 --- a/models/apis/iam/2010-05-08/docs-2.json +++ b/models/apis/iam/2010-05-08/docs-2.json @@ -53,7 +53,7 @@ "EnableMFADevice": "Enables the specified MFA device and associates it with the specified IAM user. When enabled, the MFA device is required for every subsequent login by the IAM user associated with the device.
", "GenerateCredentialReport": "Generates a credential report for the Amazon Web Services account. For more information about the credential report, see Getting credential reports in the IAM User Guide.
", "GenerateOrganizationsAccessReport": "Generates a report for service last accessed data for Organizations. You can generate a report for any entities (organization root, organizational unit, or account) or policies in your organization.
To call this operation, you must be signed in using your Organizations management account credentials. You can use your long-term IAM user or root user credentials, or temporary credentials from assuming an IAM role. SCPs must be enabled for your organization root. You must have the required IAM and Organizations permissions. For more information, see Refining permissions using service last accessed data in the IAM User Guide.
You can generate a service last accessed data report for entities by specifying only the entity's path. This data includes a list of services that are allowed by any service control policies (SCPs) that apply to the entity.
You can generate a service last accessed data report for a policy by specifying an entity's path and an optional Organizations policy ID. This data includes a list of services that are allowed by the specified SCP.
For each service in both report types, the data includes the most recent account activity that the policy allows to account principals in the entity or the entity's children. For important information about the data, reporting period, permissions required, troubleshooting, and supported Regions see Reducing permissions using service last accessed data in the IAM User Guide.
The data includes all attempts to access Amazon Web Services, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that an account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
This operation returns a JobId. Use this parameter in the GetOrganizationsAccessReport operation to check the status of the report generation. To check the status of this request, use the JobId parameter in the GetOrganizationsAccessReport operation and test the JobStatus response parameter. When the job is complete, you can retrieve the report.
To generate a service last accessed data report for entities, specify an entity path without specifying the optional Organizations policy ID. The type of entity that you specify determines the data returned in the report.
Root – When you specify the organizations root as the entity, the resulting report lists all of the services allowed by SCPs that are attached to your root. For each service, the report includes data for all accounts in your organization except the management account, because the management account is not limited by SCPs.
OU – When you specify an organizational unit (OU) as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the OU and its parents. For each service, the report includes data for all accounts in the OU or its children. This data excludes the management account, because the management account is not limited by SCPs.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. For each service, the report includes data for only the management account.
Account – When you specify another account as the entity, the resulting report lists all of the services allowed by SCPs that are attached to the account and its parents. For each service, the report includes data for only the specified account.
To generate a service last accessed data report for policies, specify an entity path and the optional Organizations policy ID. The type of entity that you specify determines the data returned for each service.
Root – When you specify the root entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in your organization to which the SCP applies. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to any entities in the organization, then the report will return a list of services with no data.
OU – When you specify an OU entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for all accounts in the OU or its children to which the SCP applies. This means that other accounts outside the OU that are affected by the SCP might not be included in the data. This data excludes the management account, because the management account is not limited by SCPs. If the SCP is not attached to the OU or one of its children, the report will return a list of services with no data.
management account – When you specify the management account, the resulting report lists all Amazon Web Services services, because the management account is not limited by SCPs. If you specify a policy ID in the CLI or API, the policy is ignored. For each service, the report includes data for only the management account.
Account – When you specify another account entity and a policy ID, the resulting report lists all of the services that are allowed by the specified SCP. For each service, the report includes data for only the specified account. This means that other accounts in the organization that are affected by the SCP might not be included in the data. If the SCP is not attached to the account, the report will return a list of services with no data.
Service last accessed data does not use other policy types when determining whether a principal could access a service. These other policy types include identity-based policies, resource-based policies, access control lists, IAM permissions boundaries, and STS assume role policies. It only applies SCP logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service last accessed data, see Reducing policy scope by viewing user activity in the IAM User Guide.
", - "GenerateServiceLastAccessedDetails": "Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for the last 365 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked.
The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:
GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.
The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.
To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.
For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
", + "GenerateServiceLastAccessedDetails": "Generates a report that includes details about when an IAM resource (user, group, role, or policy) was last used in an attempt to access Amazon Web Services services. Recent activity usually appears within four hours. IAM reports activity for at least the last 400 days, or less if your Region began supporting this feature within the last year. For more information, see Regions where data is tracked.
The service last accessed data includes all attempts to access an Amazon Web Services API, not just the successful ones. This includes all attempts that were made using the Amazon Web Services Management Console, the Amazon Web Services API through any of the SDKs, or any of the command line tools. An unexpected entry in the service last accessed data does not mean that your account has been compromised, because the request might have been denied. Refer to your CloudTrail logs as the authoritative source for information about all API calls and whether they were successful or denied access. For more information, see Logging IAM events with CloudTrail in the IAM User Guide.
The GenerateServiceLastAccessedDetails operation returns a JobId. Use this parameter in the following operations to retrieve the following details from your report:
GetServiceLastAccessedDetails – Use this operation for users, groups, roles, or policies to list every Amazon Web Services service that the resource could access using permissions policies. For each service, the response includes information about the most recent access attempt.
The JobId returned by GenerateServiceLastAccessedDetail must be used by the same role within a session, or by the same user when used to call GetServiceLastAccessedDetail.
GetServiceLastAccessedDetailsWithEntities – Use this operation for groups and policies to list information about the associated entities (users or roles) that attempted to access a specific Amazon Web Services service.
To check the status of the GenerateServiceLastAccessedDetails request, use the JobId parameter in the same operations and test the JobStatus response parameter.
For additional information about the permissions policies that allow an identity (user, group, or role) to access specific services, use the ListPoliciesGrantingServiceAccess operation.
Service last accessed data does not use other policy types when determining whether a resource could access a service. These other policy types include resource-based policies, access control lists, Organizations policies, IAM permissions boundaries, and STS assume role policies. It only applies permissions policy logic. For more about the evaluation of policy types, see Evaluating policies in the IAM User Guide.
For more information about service and action last accessed data, see Reducing permissions using service last accessed data in the IAM User Guide.
", "GetAccessKeyLastUsed": "Retrieves information about when the specified access key was last used. The information includes the date and time of last use, along with the Amazon Web Services service and Region that were specified in the last request made with that key.
", "GetAccountAuthorizationDetails": "Retrieves information about all IAM users, groups, roles, and policies in your Amazon Web Services account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account.
Policies returned by this operation are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.
You can optionally filter the results using the Filter parameter. You can paginate the results using the MaxItems and Marker parameters.
Retrieves the password policy for the Amazon Web Services account. This tells you the complexity requirements and mandatory rotation periods for the IAM user passwords in your account. For more information about using a password policy, see Managing an IAM password policy.
", @@ -112,7 +112,7 @@ "ListUserPolicies": "Lists the names of the inline policies embedded in the specified IAM user.
An IAM user can also have managed policies attached to it. To list the managed policies that are attached to a user, use ListAttachedUserPolicies. For more information about policies, see Managed policies and inline policies in the IAM User Guide.
You can paginate the results using the MaxItems and Marker parameters. If there are no inline policies embedded with the specified user, the operation returns an empty list.
Lists the tags that are attached to the specified IAM user. The returned list of tags is sorted by tag key. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
", "ListUsers": "Lists the IAM users that have the specified path prefix. If no path prefix is specified, the operation returns all users in the Amazon Web Services account. If there are none, the operation returns an empty list.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a user, see GetUser.
You can paginate the results using the MaxItems and Marker parameters.
Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view all of the information for a virtual MFA device, see ListVirtualMFADevices.
You can paginate the results using the MaxItems and Marker parameters.
Lists the virtual MFA devices defined in the Amazon Web Services account by assignment status. If you do not specify an assignment status, the operation returns a list of all virtual MFA devices. Assignment status can be Assigned, Unassigned, or Any.
IAM resource-listing operations return a subset of the available attributes for the resource. For example, this operation does not return tags, even though they are an attribute of the returned object. To view tag information for a virtual MFA device, see ListMFADeviceTags.
You can paginate the results using the MaxItems and Marker parameters.
Adds or updates an inline policy document that is embedded in the specified IAM group.
A user can also have managed policies attached to it. To attach a managed policy to a group, use AttachGroupPolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.
For information about the maximum number of inline policies that you can embed in a group, see IAM and STS quotas in the IAM User Guide.
Because policy documents can be large, you should use POST rather than GET when calling PutGroupPolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.
Adds or updates the policy that is specified as the IAM role's permissions boundary. You can use an Amazon Web Services managed policy or a customer managed policy to set the boundary for a role. Use the boundary to control the maximum permissions that the role can have. Setting a permissions boundary is an advanced feature that can affect the permissions for the role.
You cannot set the boundary for a service-linked role.
Policies used as permissions boundaries do not provide permissions. You must also attach a permissions policy to the role. To learn how the effective permissions for a role are evaluated, see IAM JSON policy evaluation logic in the IAM User Guide.
Adds or updates an inline policy document that is embedded in the specified IAM role.
When you embed an inline policy in a role, the inline policy is used as part of the role's access (permissions) policy. The role's trust policy is created at the same time as the role, using CreateRole. You can update a role's trust policy using UpdateAssumeRolePolicy. For more information about IAM roles, see Using roles to delegate permissions and federate identities.
A role can also have a managed policy attached to it. To attach a managed policy to a role, use AttachRolePolicy. To create a new managed policy, use CreatePolicy. For information about policies, see Managed policies and inline policies in the IAM User Guide.
For information about the maximum number of inline policies that you can embed with a role, see IAM and STS quotas in the IAM User Guide.
Because policy documents can be large, you should use POST rather than GET when calling PutRolePolicy. For general information about using the Query API with IAM, see Making query requests in the IAM User Guide.
Removes the specified tags from the IAM server certificate. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
For certificates in a Region supported by Certificate Manager (ACM), we recommend that you don't use IAM server certificates. Instead, use ACM to provision, manage, and deploy your server certificates. For more information about IAM server certificates, Working with server certificates in the IAM User Guide.
Removes the specified tags from the user. For more information about tagging, see Tagging IAM resources in the IAM User Guide.
", "UpdateAccessKey": "Changes the status of the specified access key from Active to Inactive, or vice versa. This operation can be used to disable a user's key as part of a key rotation workflow.
If the UserName is not specified, the user name is determined implicitly based on the Amazon Web Services access key ID used to sign the request. This operation works for access keys under the Amazon Web Services account. Consequently, you can use this operation to manage Amazon Web Services account root user credentials even if the Amazon Web Services account has no associated users.
For information about rotating keys, see Managing keys and certificates in the IAM User Guide.
", - "UpdateAccountPasswordPolicy": "Updates the password policy settings for the Amazon Web Services account.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that parameter when you invoke the operation.
For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.
", + "UpdateAccountPasswordPolicy": "Updates the password policy settings for the Amazon Web Services account.
This operation does not support partial updates. No parameters are required, but if you do not specify a parameter, that parameter's value reverts to its default value. See the Request Parameters section for each parameter's default value. Also note that some parameters do not allow the default parameter to be explicitly set. Instead, to invoke the default value, do not include that parameter when you invoke the operation.
For more information about using a password policy, see Managing an IAM password policy in the IAM User Guide.
", "UpdateAssumeRolePolicy": "Updates the policy that grants an IAM entity permission to assume a role. This is typically referred to as the \"role trust policy\". For more information about roles, see Using roles to delegate permissions and federate identities.
", "UpdateGroup": "Updates the name and/or the path of the specified IAM group.
You should understand the implications of changing a group's path or name. For more information, see Renaming users and groups in the IAM User Guide.
The person making the request (the principal), must have permission to change the role group with the old name and the new name. For example, to change the group named Managers to MGRs, the principal must have a policy that allows them to update both groups. If the principal has permission to update the Managers group, but not the MGRs group, then the update fails. For more information about permissions, see Access management.
Changes the password for the specified IAM user. You can use the CLI, the Amazon Web Services API, or the Users page in the IAM console to change the password for any IAM user. Use ChangePassword to change your own password in the My Security Credentials page in the Amazon Web Services Management Console.
For more information about modifying passwords, see Managing passwords in the IAM User Guide.
", @@ -2296,8 +2296,8 @@ "booleanObjectType": { "base": null, "refs": { - "PasswordPolicy$HardExpiry": "Specifies whether IAM users are prevented from setting a new password after their password has expired.
", - "UpdateAccountPasswordPolicyRequest$HardExpiry": "Prevents IAM users from setting a new password after their password has expired. The IAM user cannot be accessed until an administrator resets the password.
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.
Specifies whether IAM users are prevented from setting a new password via the Amazon Web Services Management Console after their password has expired. The IAM user cannot access the console until an administrator resets the password. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API.
Prevents IAM users who are accessing the account via the Amazon Web Services Management Console from setting a new console password after their password has expired. The IAM user cannot access the console until an administrator resets the password.
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users can change their passwords after they expire and continue to sign in as the user.
In the Amazon Web Services Management Console, the custom password policy option Allow users to change their own password gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM. IAM users with iam:ChangePassword permission and active access keys can reset their own expired console password using the CLI or API.
Allows this new password to be used only once by requiring the specified IAM user to set a new password on next sign-in.
" } }, @@ -2350,7 +2350,7 @@ "PasswordPolicy$RequireNumbers": "Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
", "PasswordPolicy$RequireUppercaseCharacters": "Specifies whether IAM user passwords must contain at least one uppercase character (A to Z).
", "PasswordPolicy$RequireLowercaseCharacters": "Specifies whether IAM user passwords must contain at least one lowercase character (a to z).
", - "PasswordPolicy$AllowUsersToChangePassword": "Specifies whether IAM users are allowed to change their own password.
", + "PasswordPolicy$AllowUsersToChangePassword": "Specifies whether IAM users are allowed to change their own password. Gives IAM users permissions to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy action. This option does not attach a permissions policy to each user, rather the permissions are applied at the account-level for all users by IAM.
Indicates whether passwords in the account expire. Returns true if MaxPasswordAge contains a value greater than 0. Returns false if MaxPasswordAge is 0 or not present.
Specifies whether an action is allowed by a permissions boundary that is applied to an IAM entity (user or role). A value of true means that the permissions boundary does not deny the action. This means that the policy includes an Allow statement that matches the request. In this case, if an identity-based policy also allows the action, the request is allowed. A value of false means that either the requested action is not allowed (implicitly denied) or that the action is explicitly denied by the permissions boundary. In both of these cases, the action is not allowed, regardless of the identity-based policy.
Specifies whether the policy can be attached to an IAM user, group, or role.
", @@ -2360,7 +2360,7 @@ "UpdateAccountPasswordPolicyRequest$RequireNumbers": "Specifies whether IAM user passwords must contain at least one numeric character (0 to 9).
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one numeric character.
Specifies whether IAM user passwords must contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one uppercase character.
Specifies whether IAM user passwords must contain at least one lowercase character from the ISO basic Latin alphabet (a to z).
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that passwords do not require at least one lowercase character.
Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see Letting IAM users change their own passwords in the IAM User Guide.
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.
Allows all IAM users in your account to use the Amazon Web Services Management Console to change their own passwords. For more information, see Permitting IAM users to change their own passwords in the IAM User Guide.
If you do not specify a value for this parameter, then the operation uses the default value of false. The result is that IAM users in the account do not automatically have permissions to change their own password.
Creates an HSM client certificate that an Amazon Redshift cluster will use to connect to the client's HSM in order to store and retrieve the keys used to encrypt the cluster databases.
The command returns a public key, which you must store in the HSM. In addition to creating the HSM certificate, you must create an Amazon Redshift HSM configuration that provides a cluster the information needed to store and use encryption keys in the HSM. For more information, go to Hardware Security Modules in the Amazon Redshift Cluster Management Guide.
", "CreateHsmConfiguration": "Creates an HSM configuration that contains the information required by an Amazon Redshift cluster to store and use database encryption keys in a Hardware Security Module (HSM). After creating the HSM configuration, you can specify it as a parameter when creating a cluster. The cluster will then store its encryption keys in the HSM.
In addition to creating an HSM configuration, you must also create an HSM client certificate. For more information, go to Hardware Security Modules in the Amazon Redshift Cluster Management Guide.
", "CreateScheduledAction": "Creates a scheduled action. A scheduled action contains a schedule and an Amazon Redshift API action. For example, you can create a schedule of when to run the ResizeCluster API operation.
Creates a snapshot copy grant that permits Amazon Redshift to use a customer master key (CMK) from Key Management Service (KMS) to encrypt copied snapshots in a destination region.
For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.
", + "CreateSnapshotCopyGrant": "Creates a snapshot copy grant that permits Amazon Redshift to use an encrypted symmetric key from Key Management Service (KMS) to encrypt copied snapshots in a destination region.
For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.
", "CreateSnapshotSchedule": "Create a snapshot schedule that can be associated to a cluster and which overrides the default system backup schedule.
", "CreateTags": "Adds tags to a cluster.
A resource can have up to 50 tags. If you try to create more than 50 tags for a resource, you will receive an error and the attempt will fail.
If you specify a key that already exists for the resource, the value for that key will be updated with the new value.
", "CreateUsageLimit": "Creates a usage limit for a specified Amazon Redshift feature on a cluster. The usage limit is identified by the returned usage limit identifier.
", @@ -83,7 +83,7 @@ "DescribeTags": "Returns a list of tags. You can return tags from a specific resource by specifying an ARN, or you can return all tags for a given type of resource, such as clusters, snapshots, and so on.
The following are limitations for DescribeTags:
You cannot specify an ARN and a resource-type value together in the same request.
You cannot use the MaxRecords and Marker parameters together with the ARN parameter.
The MaxRecords parameter can be a range from 10 to 50 results to return in a request.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all resources that match any combination of the specified keys and values. For example, if you have owner and environment for tag keys, and admin and test for tag values, all resources that have any combination of those values are returned.
If both tag keys and values are omitted from the request, resources are returned regardless of whether they have tag keys or values associated with them.
", "DescribeUsageLimits": "Shows usage limits on a cluster. Results are filtered based on the combination of input usage limit identifier, cluster identifier, and feature type parameters:
If usage limit identifier, cluster identifier, and feature type are not provided, then all usage limit objects for the current account in the current region are returned.
If usage limit identifier is provided, then the corresponding usage limit object is returned.
If cluster identifier is provided, then all usage limit objects for the specified cluster are returned.
If cluster identifier and feature type are provided, then all usage limit objects for the combination of cluster and feature are returned.
Stops logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster.
", - "DisableSnapshotCopy": "Disables the automatic copying of snapshots from one region to another region for a specified cluster.
If your cluster and its snapshots are encrypted using a customer master key (CMK) from Key Management Service, use DeleteSnapshotCopyGrant to delete the grant that grants Amazon Redshift permission to the CMK in the destination region.
", + "DisableSnapshotCopy": "Disables the automatic copying of snapshots from one region to another region for a specified cluster.
If your cluster and its snapshots are encrypted using an encrypted symmetric key from Key Management Service, use DeleteSnapshotCopyGrant to delete the grant that grants Amazon Redshift permission to the key in the destination region.
", "DisassociateDataShareConsumer": "From a consumer account, remove association for the specified datashare.
", "EnableLogging": "Starts logging information, such as queries and connection attempts, for the specified Amazon Redshift cluster.
", "EnableSnapshotCopy": "Enables the automatic copy of snapshots from one region to another region for a specified cluster.
", @@ -94,7 +94,7 @@ "ModifyAuthenticationProfile": "Modifies an authentication profile.
", "ModifyCluster": "Modifies the settings for a cluster.
You can also change node type and the number of nodes to scale up or down the cluster. When resizing a cluster, you must specify both the number of nodes and the node type even if one of the parameters does not change.
You can add another security or parameter group, or change the admin user password. Resetting a cluster password or modifying the security groups associated with a cluster do not need a reboot. However, modifying a parameter group requires a reboot for parameters to take effect. For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide.
", "ModifyClusterDbRevision": "Modifies the database revision of a cluster. The database revision is a unique revision of the database running in a cluster.
", - "ModifyClusterIamRoles": "Modifies the list of Identity and Access Management (IAM) roles that can be used by the cluster to access other Amazon Web Services services.
A cluster can have up to 10 IAM roles associated at any time.
", + "ModifyClusterIamRoles": "Modifies the list of Identity and Access Management (IAM) roles that can be used by the cluster to access other Amazon Web Services services.
The maximum number of IAM roles that you can associate is subject to a quota. For more information, go to Quotas and limits in the Amazon Redshift Cluster Management Guide.
", "ModifyClusterMaintenance": "Modifies the maintenance settings of a cluster.
", "ModifyClusterParameterGroup": "Modifies the parameters of a parameter group. For the parameters parameter, it can't contain ASCII characters.
For more information about parameters and parameter groups, go to Amazon Redshift Parameter Groups in the Amazon Redshift Cluster Management Guide.
", "ModifyClusterSnapshot": "Modifies the settings for a snapshot.
This exanmple modifies the manual retention period setting for a cluster snapshot.
", @@ -1644,10 +1644,10 @@ "IamRoleArnList": { "base": null, "refs": { - "CreateClusterMessage$IamRoles": "A list of Identity and Access Management (IAM) roles that can be used by the cluster to access other Amazon Web Services services. You must supply the IAM roles in their Amazon Resource Name (ARN) format. You can supply up to 10 IAM roles in a single request.
A cluster can have up to 10 IAM roles associated with it at any time.
", - "ModifyClusterIamRolesMessage$AddIamRoles": "Zero or more IAM roles to associate with the cluster. The roles must be in their Amazon Resource Name (ARN) format. You can associate up to 10 IAM roles with a single cluster in a single request.
", - "ModifyClusterIamRolesMessage$RemoveIamRoles": "Zero or more IAM roles in ARN format to disassociate from the cluster. You can disassociate up to 10 IAM roles from a single cluster in a single request.
", - "RestoreFromClusterSnapshotMessage$IamRoles": "A list of Identity and Access Management (IAM) roles that can be used by the cluster to access other Amazon Web Services services. You must supply the IAM roles in their Amazon Resource Name (ARN) format. You can supply up to 10 IAM roles in a single request.
A cluster can have up to 10 IAM roles associated at any time.
" + "CreateClusterMessage$IamRoles": "A list of Identity and Access Management (IAM) roles that can be used by the cluster to access other Amazon Web Services services. You must supply the IAM roles in their Amazon Resource Name (ARN) format.
The maximum number of IAM roles that you can associate is subject to a quota. For more information, go to Quotas and limits in the Amazon Redshift Cluster Management Guide.
", + "ModifyClusterIamRolesMessage$AddIamRoles": "Zero or more IAM roles to associate with the cluster. The roles must be in their Amazon Resource Name (ARN) format.
", + "ModifyClusterIamRolesMessage$RemoveIamRoles": "Zero or more IAM roles in ARN format to disassociate from the cluster.
", + "RestoreFromClusterSnapshotMessage$IamRoles": "A list of Identity and Access Management (IAM) roles that can be used by the cluster to access other Amazon Web Services services. You must supply the IAM roles in their Amazon Resource Name (ARN) format.
The maximum number of IAM roles that you can associate is subject to a quota. For more information, go to Quotas and limits in the Amazon Redshift Cluster Management Guide.
" } }, "ImportTablesCompleted": { @@ -2758,7 +2758,7 @@ } }, "SnapshotCopyGrant": { - "base": "The snapshot copy grant that grants Amazon Redshift permission to encrypt copied snapshots with the specified customer master key (CMK) from Amazon Web Services KMS in the destination region.
For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.
", + "base": "The snapshot copy grant that grants Amazon Redshift permission to encrypt copied snapshots with the specified encrypted symmetric key from Amazon Web Services KMS in the destination region.
For more information about managing snapshot copy grants, go to Amazon Redshift Database Encryption in the Amazon Redshift Cluster Management Guide.
", "refs": { "CreateSnapshotCopyGrantResult$SnapshotCopyGrant": null, "SnapshotCopyGrantList$member": null @@ -2896,6 +2896,7 @@ "AccountWithRestoreAccess$AccountAlias": "The identifier of an Amazon Web Services support account authorized to restore a snapshot. For Amazon Web Services Support, the identifier is amazon-redshift-support.
The Amazon Resource Name (ARN) of the datashare that the consumer is to use with the account or the namespace.
", "AssociateDataShareConsumerMessage$ConsumerArn": "The Amazon Resource Name (ARN) of the consumer that is associated with the datashare.
", + "AssociateDataShareConsumerMessage$ConsumerRegion": "From a datashare consumer account, associates a datashare with all existing and future namespaces in the specified Amazon Web Services Region.
", "AttributeNameList$member": null, "AttributeValueTarget$AttributeValue": "The value of the attribute.
", "AuthenticationProfile$AuthenticationProfileContent": "The content of the authentication profile in JSON format. The maximum length of the JSON string is determined by a quota for your account.
", @@ -2984,7 +2985,7 @@ "CreateClusterMessage$ClusterType": "The type of the cluster. When cluster type is specified as
single-node, the NumberOfNodes parameter is not required.
multi-node, the NumberOfNodes parameter is required.
Valid Values: multi-node | single-node
Default: multi-node
The node type to be provisioned for the cluster. For information about node types, go to Working with Clusters in the Amazon Redshift Cluster Management Guide.
Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.xlplus | ra3.4xlarge | ra3.16xlarge
The user name associated with the admin user account for the cluster that is being created.
Constraints:
Must be 1 - 128 alphanumeric characters. The user name can't be PUBLIC.
First character must be a letter.
Cannot be a reserved word. A list of reserved words can be found in Reserved Words in the Amazon Redshift Database Developer Guide.
The password associated with the admin user account for the cluster that is being created.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33 to 126) except ' (single quote), \" (double quote), \\, /, @, or space.
The password associated with the admin user account for the cluster that is being created.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33-126) except ' (single quote), \" (double quote), \\, /, or @.
The name of a cluster subnet group to be associated with this cluster.
If this parameter is not provided the resulting cluster will be deployed outside virtual private cloud (VPC).
", "CreateClusterMessage$AvailabilityZone": "The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. For example, if you have several EC2 instances running in a specific Availability Zone, then you might want the cluster to be provisioned in the same zone in order to decrease network latency.
Default: A random, system-chosen Availability Zone in the region that is specified by the endpoint.
Example: us-east-2d
Constraint: The specified Availability Zone must be in the same region as the current endpoint.
", "CreateClusterMessage$PreferredMaintenanceWindow": "The weekly time range (in UTC) during which automated cluster maintenance can occur.
Format: ddd:hh24:mi-ddd:hh24:mi
Default: A 30-minute window selected at random from an 8-hour block of time per region, occurring on a random day of the week. For more information about the time blocks for each region, see Maintenance Windows in Amazon Redshift Cluster Management Guide.
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Minimum 30-minute window.
", @@ -3027,7 +3028,7 @@ "CreateScheduledActionMessage$IamRole": "The IAM role to assume to run the target action. For more information about this parameter, see ScheduledAction.
", "CreateScheduledActionMessage$ScheduledActionDescription": "The description of the scheduled action.
", "CreateSnapshotCopyGrantMessage$SnapshotCopyGrantName": "The name of the snapshot copy grant. This name must be unique in the region for the Amazon Web Services account.
Constraints:
Must contain from 1 to 63 alphanumeric characters or hyphens.
Alphabetic characters must be lowercase.
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Must be unique for all clusters within an Amazon Web Services account.
The unique identifier of the customer master key (CMK) to which to grant Amazon Redshift permission. If no key is specified, the default key is used.
", + "CreateSnapshotCopyGrantMessage$KmsKeyId": "The unique identifier of the encrypted symmetric key to which to grant Amazon Redshift permission. If no key is specified, the default key is used.
", "CreateSnapshotScheduleMessage$ScheduleIdentifier": "A unique identifier for a snapshot schedule. Only alphanumeric characters are allowed for the identifier.
", "CreateSnapshotScheduleMessage$ScheduleDescription": "The description of the snapshot schedule.
", "CreateTagsMessage$ResourceName": "The Amazon Resource Name (ARN) to which you want to add the tag or tags. For example, arn:aws:redshift:us-east-2:123456789:cluster:t1.
The Amazon Resource Name (ARN) of the producer.
", "DataShare$ManagedBy": "The identifier of a datashare to show its managing entity.
", "DataShareAssociation$ConsumerIdentifier": "The name of the consumer accounts that have an association with a producer datashare.
", + "DataShareAssociation$ConsumerRegion": "The Amazon Web Services Region of the consumer accounts that have an association with a producer datashare.
", "DataTransferProgress$Status": "Describes the status of the cluster. While the transfer is in progress the status is transferringdata.
The Amazon Resource Name (ARN) of the datashare to remove authorization from.
", @@ -3148,6 +3150,7 @@ "DisableSnapshotCopyMessage$ClusterIdentifier": "The unique identifier of the source cluster that you want to disable copying of snapshots to a destination region.
Constraints: Must be the valid name of an existing cluster that has cross-region snapshot copy enabled.
", "DisassociateDataShareConsumerMessage$DataShareArn": "The Amazon Resource Name (ARN) of the datashare to remove association for.
", "DisassociateDataShareConsumerMessage$ConsumerArn": "The Amazon Resource Name (ARN) of the consumer that association for the datashare is removed from.
", + "DisassociateDataShareConsumerMessage$ConsumerRegion": "From a datashare consumer account, removes association of a datashare from all the existing and future namespaces in the specified Amazon Web Services Region.
", "EC2SecurityGroup$Status": "The status of the EC2 security group.
", "EC2SecurityGroup$EC2SecurityGroupName": "The name of the EC2 Security Group.
", "EC2SecurityGroup$EC2SecurityGroupOwnerId": "The Amazon Web Services account ID of the owner of the EC2 security group specified in the EC2SecurityGroupName field.
The unique identifier of the cluster to be modified.
Example: examplecluster
The new cluster type.
When you submit your cluster resize request, your existing cluster goes into a read-only mode. After Amazon Redshift provisions a new cluster based on your resize requirements, there will be outage for a period while the old cluster is deleted and your connection is switched to the new cluster. You can use DescribeResize to track the progress of the resize request.
Valid Values: multi-node | single-node
The new node type of the cluster. If you specify a new node type, you must also specify the number of nodes parameter.
For more information about resizing clusters, go to Resizing Clusters in Amazon Redshift in the Amazon Redshift Cluster Management Guide.
Valid Values: ds2.xlarge | ds2.8xlarge | dc1.large | dc1.8xlarge | dc2.large | dc2.8xlarge | ra3.xlplus | ra3.4xlarge | ra3.16xlarge
The new password for the cluster admin user. This change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.
Operations never return the password, so this operation provides a way to regain access to the admin user account for a cluster if the password is lost.
Default: Uses existing setting.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33 to 126) except ' (single quote), \" (double quote), \\, /, @, or space.
The new password for the cluster admin user. This change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.
Operations never return the password, so this operation provides a way to regain access to the admin user account for a cluster if the password is lost.
Default: Uses existing setting.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33-126) except ' (single quote), \" (double quote), \\, /, or @.
The name of the cluster parameter group to apply to this cluster. This change is applied only after the cluster is rebooted. To reboot a cluster use RebootCluster.
Default: Uses existing setting.
Constraints: The cluster parameter group must be in the same parameter group family that matches the cluster version.
", "ModifyClusterMessage$PreferredMaintenanceWindow": "The weekly time range (in UTC) during which system maintenance can occur, if necessary. If system maintenance is necessary during the window, it may result in an outage.
This maintenance window change is made immediately. If the new maintenance window indicates the current time, there must be at least 120 minutes between the current time and end of the window in order to ensure that pending changes are applied.
Default: Uses existing setting.
Format: ddd:hh24:mi-ddd:hh24:mi, for example wed:07:30-wed:08:00.
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Must be at least 30 minutes.
", "ModifyClusterMessage$ClusterVersion": "The new version number of the Amazon Redshift engine to upgrade to.
For major version upgrades, if a non-default cluster parameter group is currently in use, a new cluster parameter group in the cluster parameter group family for the new version must be specified. The new cluster parameter group can be the default for that cluster parameter group family. For more information about parameters and parameter groups, go to Amazon Redshift Parameter Groups in the Amazon Redshift Cluster Management Guide.
Example: 1.0
The source region from which the snapshot was copied.
", "Snapshot$MaintenanceTrackName": "The name of the maintenance track for the snapshot.
", "SnapshotCopyGrant$SnapshotCopyGrantName": "The name of the snapshot copy grant.
", - "SnapshotCopyGrant$KmsKeyId": "The unique identifier of the customer master key (CMK) in Amazon Web Services KMS to which Amazon Redshift is granted permission.
", + "SnapshotCopyGrant$KmsKeyId": "The unique identifier of the encrypted symmetric key in Amazon Web Services KMS to which Amazon Redshift is granted permission.
", "SnapshotCopyGrantMessage$Marker": "An optional parameter that specifies the starting point to return a set of response records. When the results of a DescribeSnapshotCopyGrant request exceed the value specified in MaxRecords, Amazon Web Services returns a value in the Marker field of the response. You can retrieve the next set of response records by providing the returned marker value in the Marker parameter and retrying the request.
Constraints: You can specify either the SnapshotCopyGrantName parameter or the Marker parameter, but not both.
", "SnapshotErrorMessage$SnapshotIdentifier": "A unique identifier for the snapshot returning the error.
", "SnapshotErrorMessage$SnapshotClusterIdentifier": "A unique identifier for the cluster.
", @@ -3758,7 +3761,7 @@ "UsageLimitLimitType": { "base": null, "refs": { - "CreateUsageLimitMessage$LimitType": "The type of limit. Depending on the feature type, this can be based on a time duration or data size. If FeatureType is spectrum, then LimitType must be data-scanned. If FeatureType is concurrency-scaling, then LimitType must be time.
The type of limit. Depending on the feature type, this can be based on a time duration or data size. If FeatureType is spectrum, then LimitType must be data-scanned. If FeatureType is concurrency-scaling, then LimitType must be time. If FeatureType is cross-region-datasharing, then LimitType must be data-scanned.
The type of limit. Depending on the feature type, this can be based on a time duration or data size.
" } }, diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index f8660ca857e..2c6f89af087 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -5726,6 +5726,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ap-southeast-3" : { }, "ca-central-1" : { }, "eu-central-1" : { }, "eu-north-1" : { }, diff --git a/service/backup/api.go b/service/backup/api.go index 846bb09a42b..38cd46d7542 100644 --- a/service/backup/api.go +++ b/service/backup/api.go @@ -156,7 +156,7 @@ func (c *Backup) CreateBackupSelectionRequest(input *CreateBackupSelectionInput) // CreateBackupSelection API operation for AWS Backup. // // Creates a JSON document that specifies a set of resources to assign to a -// backup plan. For examples, see Assigning resources programmatically (https://docs.aws.amazon.com/assigning-resources.html#assigning-resources-json). +// backup plan. For examples, see Assigning resources programmatically (https://docs.aws.amazon.com/aws-backup/latest/devguide/assigning-resources.html#assigning-resources-json). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5324,7 +5324,10 @@ func (c *Backup) ListTagsRequest(input *ListTagsInput) (req *request.Request, ou // Returns a list of key-value pairs assigned to a target recovery point, backup // plan, or backup vault. // -// ListTags are currently only supported with Amazon EFS backups. +// ListTags only works for resource types that support full Backup management +// of their backups. Those resource types are listed in the "Full Backup management" +// section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) +// table. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -6694,14 +6697,17 @@ func (c *Backup) UpdateRecoveryPointLifecycleRequest(input *UpdateRecoveryPointL // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a -// minimum of 90 days. Therefore, the “expire after days” setting must be -// 90 days greater than the “transition to cold after days” setting. The -// “transition to cold after days” setting cannot be changed after a backup -// has been transitioned to cold. +// minimum of 90 days. Therefore, the “retention” setting must be 90 days +// greater than the “transition to cold after days” setting. The “transition +// to cold after days” setting cannot be changed after a backup has been transitioned +// to cold. // -// Only Amazon EFS file system backups can be transitioned to cold storage. +// Only resource types that support full Backup management can transition their +// backups to cold storage. Those resource types are listed in the "Full Backup +// management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) +// table. Backup ignores this expression for other resource types. // -// Does not support continuous backups. +// This operation does not support continuous backups. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7080,12 +7086,15 @@ func (s *AlreadyExistsException) RequestID() string { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a -// minimum of 90 days. Therefore, the “expire after days” setting must be -// 90 days greater than the “transition to cold after days” setting. The -// “transition to cold after days” setting cannot be changed after a backup -// has been transitioned to cold. -// -// Only Amazon EFS file system backups can be transitioned to cold storage. +// minimum of 90 days. Therefore, the “retention” setting must be 90 days +// greater than the “transition to cold after days” setting. The “transition +// to cold after days” setting cannot be changed after a backup has been transitioned +// to cold. +// +// Only resource types that support full Backup management can transition their +// backups to cold storage. Those resource types are listed in the "Full Backup +// management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) +// table. Backup ignores this expression for other resource types. type CalculatedLifecycle struct { _ struct{} `type:"structure"` @@ -7140,7 +7149,7 @@ type Condition struct { // An operation applied to a key-value pair used to assign resources to your // backup plan. Condition only supports StringEquals. For more flexible assignment - // options, incluidng StringLike and the ability to exclude resources from your + // options, including StringLike and the ability to exclude resources from your // backup plan, use Conditions (with an "s" on the end) for your BackupSelection // (https://docs.aws.amazon.com/aws-backup/latest/devguide/API_BackupSelection.html). // @@ -7522,12 +7531,15 @@ type CopyAction struct { // a recovery point transitions to cold storage or is deleted. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, on the console, the “expire after days” - // setting must be 90 days greater than the “transition to cold after days” - // setting. The “transition to cold after days” setting cannot be changed - // after a backup has been transitioned to cold. + // minimum of 90 days. Therefore, on the console, the “retention” setting + // must be 90 days greater than the “transition to cold after days” setting. + // The “transition to cold after days” setting cannot be changed after a + // backup has been transitioned to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` } @@ -10344,12 +10356,15 @@ type DescribeRecoveryPointOutput struct { // according to the lifecycle that you define. // // Backups that are transitioned to cold storage must be stored in cold storage - // for a minimum of 90 days. Therefore, the “expire after days” setting - // must be 90 days greater than the “transition to cold after days” setting. - // The “transition to cold after days” setting cannot be changed after a - // backup has been transitioned to cold. + // for a minimum of 90 days. Therefore, the “retention” setting must be + // 90 days greater than the “transition to cold after days” setting. The + // “transition to cold after days” setting cannot be changed after a backup + // has been transitioned to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // An ARN that uniquely identifies a recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45. @@ -10550,8 +10565,16 @@ func (s DescribeRegionSettingsInput) GoString() string { type DescribeRegionSettingsOutput struct { _ struct{} `type:"structure"` - // Returns whether a DynamoDB recovery point was taken using Backup's advanced - // DynamoDB backup features (https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html). + // Returns whether Backup fully manages the backups for a resource type. + // + // For the benefits of full Backup management, see Full Backup management (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#full-management). + // + // For a list of resource types and whether each supports full Backup management, + // see the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. + // + // If "DynamoDB":false, you can enable full Backup management for DynamoDB backup + // by enabling Backup's advanced DynamoDB backup features (https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html#advanced-ddb-backup-enable-cli). ResourceTypeManagementPreference map[string]*bool `type:"map"` // Returns a list of all services along with the opt-in preferences in the Region. @@ -12152,6 +12175,10 @@ type GetSupportedResourceTypesOutput struct { // * RDS for Amazon Relational Database Service // // * Storage Gateway for Storage Gateway + // + // * DocDB for Amazon DocumentDB (with MongoDB compatibility) + // + // * Neptune for Amazon Neptune ResourceTypes []*string `type:"list"` } @@ -12635,12 +12662,15 @@ func (s *Job) SetStatusMessage(v string) *Job { // a recovery point transitions to cold storage or is deleted. // // Backups transitioned to cold storage must be stored in cold storage for a -// minimum of 90 days. Therefore, on the console, the “expire after days” -// setting must be 90 days greater than the “transition to cold after days” -// setting. The “transition to cold after days” setting cannot be changed -// after a backup has been transitioned to cold. -// -// Only Amazon EFS file system backups can be transitioned to cold storage. +// minimum of 90 days. Therefore, on the console, the “retention” setting +// must be 90 days greater than the “transition to cold after days” setting. +// The “transition to cold after days” setting cannot be changed after a +// backup has been transitioned to cold. +// +// Only resource types that support full Backup management can transition their +// backups to cold storage. Those resource types are listed in the "Full Backup +// management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) +// table. Backup ignores this expression for other resource types. type Lifecycle struct { _ struct{} `type:"structure"` @@ -12782,6 +12812,10 @@ type ListBackupJobsInput struct { // Returns only backup jobs for the specified resources: // + // * Aurora for Amazon Aurora + // + // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) + // // * DynamoDB for Amazon DynamoDB // // * EBS for Amazon Elastic Block Store @@ -12790,11 +12824,17 @@ type ListBackupJobsInput struct { // // * EFS for Amazon Elastic File System // - // * RDS for Amazon Relational Database Service + // * FSx for Amazon FSx // - // * Aurora for Amazon Aurora + // * Neptune for Amazon Neptune + // + // * RDS for Amazon Relational Database Service // // * Storage Gateway for Storage Gateway + // + // * S3 for Amazon S3 + // + // * VirtualMachine for virtual machines ByResourceType *string `location:"querystring" locationName:"resourceType" type:"string"` // Returns only backup jobs that are in the specified state. @@ -13506,6 +13546,10 @@ type ListCopyJobsInput struct { // Returns only backup jobs for the specified resources: // + // * Aurora for Amazon Aurora + // + // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) + // // * DynamoDB for Amazon DynamoDB // // * EBS for Amazon Elastic Block Store @@ -13514,11 +13558,17 @@ type ListCopyJobsInput struct { // // * EFS for Amazon Elastic File System // - // * RDS for Amazon Relational Database Service + // * FSx for Amazon FSx // - // * Aurora for Amazon Aurora + // * Neptune for Amazon Neptune + // + // * RDS for Amazon Relational Database Service // // * Storage Gateway for Storage Gateway + // + // * S3 for Amazon S3 + // + // * VirtualMachine for virtual machines ByResourceType *string `location:"querystring" locationName:"resourceType" type:"string"` // Returns only copy jobs that are in the specified state. @@ -15209,7 +15259,9 @@ type PutBackupVaultLockConfigurationInput struct { // the maximum retention period. If the job's retention period is longer than // that maximum retention period, then the vault fails the backup or copy job, // and you should either modify your lifecycle settings or use a different vault. - // Recovery points already saved in the vault prior to Vault Lock are not affected. + // The longest maximum retention period you can specify is 36500 days (approximately + // 100 years). Recovery points already saved in the vault prior to Vault Lock + // are not affected. MaxRetentionDays *int64 `type:"long"` // The Backup Vault Lock configuration that specifies the minimum retention @@ -15225,7 +15277,8 @@ type PutBackupVaultLockConfigurationInput struct { // minimum retention period. If the job's retention period is shorter than that // minimum retention period, then the vault fails that backup or copy job, and // you should either modify your lifecycle settings or use a different vault. - // Recovery points already saved in the vault prior to Vault Lock are not affected. + // The shortest minimum retention period you can specify is 1 day. Recovery + // points already saved in the vault prior to Vault Lock are not affected. MinRetentionDays *int64 `type:"long"` } @@ -15326,6 +15379,8 @@ type PutBackupVaultNotificationsInput struct { // // * RESTORE_JOB_STARTED | RESTORE_JOB_COMPLETED | RECOVERY_POINT_MODIFIED // + // * S3_BACKUP_OBJECT_FAILED | S3_RESTORE_OBJECT_FAILED + // // Ignore the list below because it includes deprecated events. Refer to the // list above. // @@ -15488,12 +15543,15 @@ type RecoveryPointByBackupVault struct { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, the “expire after days” setting must be - // 90 days greater than the “transition to cold after days” setting. The - // “transition to cold after days” setting cannot be changed after a backup - // has been transitioned to cold. + // minimum of 90 days. Therefore, the “retention” setting must be 90 days + // greater than the “transition to cold after days” setting. The “transition + // to cold after days” setting cannot be changed after a backup has been transitioned + // to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // An Amazon Resource Name (ARN) that uniquely identifies a recovery point; @@ -16474,12 +16532,15 @@ type Rule struct { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, the “expire after days” setting must be - // 90 days greater than the “transition to cold after days” setting. The - // “transition to cold after days” setting cannot be changed after a backup - // has been transitioned to cold. + // minimum of 90 days. Therefore, the “retention” setting must be 90 days + // greater than the “transition to cold after days” setting. The “transition + // to cold after days” setting cannot be changed after a backup has been transitioned + // to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // An array of key-value pair strings that are assigned to resources that are @@ -16621,12 +16682,15 @@ type RuleInput struct { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, the “expire after days” setting must be - // 90 days greater than the “transition to cold after days” setting. The - // “transition to cold after days” setting cannot be changed after a backup - // has been transitioned to cold. + // minimum of 90 days. Therefore, the “retention” setting must be 90 days + // greater than the “transition to cold after days” setting. The “transition + // to cold after days” setting cannot be changed after a backup has been transitioned + // to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // To help organize your resources, you can assign your own metadata to the @@ -17071,10 +17135,9 @@ type StartBackupJobInput struct { BackupVaultName *string `type:"string" required:"true"` // A value in minutes during which a successfully started backup must complete, - // or else AWS Backup will cancel the job. This value is optional. This value - // begins counting down from when the backup was scheduled. It does not add - // additional time for StartWindowMinutes, or if the backup started later than - // scheduled. + // or else Backup will cancel the job. This value is optional. This value begins + // counting down from when the backup was scheduled. It does not add additional + // time for StartWindowMinutes, or if the backup started later than scheduled. CompleteWindowMinutes *int64 `type:"long"` // Specifies the IAM role ARN used to create the target recovery point; for @@ -17093,12 +17156,15 @@ type StartBackupJobInput struct { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, the “expire after days” setting must be - // 90 days greater than the “transition to cold after days” setting. The - // “transition to cold after days” setting cannot be changed after a backup - // has been transitioned to cold. + // minimum of 90 days. Therefore, the “retention” setting must be 90 days + // greater than the “transition to cold after days” setting. The “transition + // to cold after days” setting cannot be changed after a backup has been transitioned + // to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // To help organize your resources, you can assign your own metadata to the @@ -17288,12 +17354,15 @@ type StartCopyJobInput struct { // a recovery point transitions to cold storage or is deleted. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, on the console, the “expire after days” - // setting must be 90 days greater than the “transition to cold after days” - // setting. The “transition to cold after days” setting cannot be changed - // after a backup has been transitioned to cold. + // minimum of 90 days. Therefore, on the console, the “retention” setting + // must be 90 days greater than the “transition to cold after days” setting. + // The “transition to cold after days” setting cannot be changed after a + // backup has been transitioned to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // An ARN that uniquely identifies a recovery point to use for the copy job; @@ -17587,6 +17656,10 @@ type StartRestoreJobInput struct { // Starts a job to restore a recovery point for one of the following resources: // + // * Aurora for Amazon Aurora + // + // * DocumentDB for Amazon DocumentDB (with MongoDB compatibility) + // // * DynamoDB for Amazon DynamoDB // // * EBS for Amazon Elastic Block Store @@ -17595,11 +17668,17 @@ type StartRestoreJobInput struct { // // * EFS for Amazon Elastic File System // - // * RDS for Amazon Relational Database Service + // * FSx for Amazon FSx // - // * Aurora for Amazon Aurora + // * Neptune for Amazon Neptune + // + // * RDS for Amazon Relational Database Service // // * Storage Gateway for Storage Gateway + // + // * S3 for Amazon S3 + // + // * VirtualMachine for virtual machines ResourceType *string `type:"string"` } @@ -18311,10 +18390,10 @@ type UpdateRecoveryPointLifecycleInput struct { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, the “expire after days” setting must be - // 90 days greater than the “transition to cold after days” setting. The - // “transition to cold after days” setting cannot be changed after a backup - // has been transitioned to cold. + // minimum of 90 days. Therefore, the “retention” setting must be 90 days + // greater than the “transition to cold after days” setting. The “transition + // to cold after days” setting cannot be changed after a backup has been transitioned + // to cold. Lifecycle *Lifecycle `type:"structure"` // An Amazon Resource Name (ARN) that uniquely identifies a recovery point; @@ -18397,12 +18476,15 @@ type UpdateRecoveryPointLifecycleOutput struct { // according to the lifecycle that you define. // // Backups transitioned to cold storage must be stored in cold storage for a - // minimum of 90 days. Therefore, the “expire after days” setting must be - // 90 days greater than the “transition to cold after days” setting. The - // “transition to cold after days” setting cannot be changed after a backup - // has been transitioned to cold. + // minimum of 90 days. Therefore, the “retention” setting must be 90 days + // greater than the “transition to cold after days” setting. The “transition + // to cold after days” setting cannot be changed after a backup has been transitioned + // to cold. // - // Only Amazon EFS file system backups can be transitioned to cold storage. + // Only resource types that support full Backup management can transition their + // backups to cold storage. Those resource types are listed in the "Full Backup + // management" section of the Feature availability by resource (https://docs.aws.amazon.com/aws-backup/latest/devguide/whatisbackup.html#features-by-resource) + // table. Backup ignores this expression for other resource types. Lifecycle *Lifecycle `type:"structure"` // An Amazon Resource Name (ARN) that uniquely identifies a recovery point; @@ -18455,8 +18537,11 @@ func (s *UpdateRecoveryPointLifecycleOutput) SetRecoveryPointArn(v string) *Upda type UpdateRegionSettingsInput struct { _ struct{} `type:"structure"` - // Enables or disables Backup's advanced DynamoDB backup features (https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html) - // for the Region. + // Enables or disables full Backup management of backups for a resource type. + // To enable full Backup management for DynamoDB along with Backup's advanced + // DynamoDB backup features (https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html), + // follow the procedure to enable advanced DynamoDB backup programmatically + // (https://docs.aws.amazon.com/aws-backup/latest/devguide/advanced-ddb-backup.html#advanced-ddb-backup-enable-cli). ResourceTypeManagementPreference map[string]*bool `type:"map"` // Updates the list of services along with the opt-in preferences for the Region. @@ -18704,8 +18789,14 @@ type VaultListMember struct { // If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters. CreatorRequestId *string `type:"string"` - // The server-side encryption key that is used to protect your backups; for - // example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. + // A server-side encryption key you can specify to encrypt your backups from + // services that support full Backup management; for example, arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab. + // If you specify a key, you must specify its ARN, not its alias. If you do + // not specify a key, Backup creates a KMS key for you by default. + // + // To learn which Backup services support full Backup management and how Backup + // handles encryption for backups from services that do not yet support full + // Backup, see Encryption for backups in Backup (https://docs.aws.amazon.com/aws-backup/latest/devguide/encryption.html) EncryptionKeyArn *string `type:"string"` // The date and time when Backup Vault Lock configuration becomes immutable, @@ -19025,6 +19116,12 @@ const ( // VaultEventBackupPlanModified is a VaultEvent enum value VaultEventBackupPlanModified = "BACKUP_PLAN_MODIFIED" + + // VaultEventS3BackupObjectFailed is a VaultEvent enum value + VaultEventS3BackupObjectFailed = "S3_BACKUP_OBJECT_FAILED" + + // VaultEventS3RestoreObjectFailed is a VaultEvent enum value + VaultEventS3RestoreObjectFailed = "S3_RESTORE_OBJECT_FAILED" ) // VaultEvent_Values returns all elements of the VaultEvent enum @@ -19045,5 +19142,7 @@ func VaultEvent_Values() []string { VaultEventRecoveryPointModified, VaultEventBackupPlanCreated, VaultEventBackupPlanModified, + VaultEventS3BackupObjectFailed, + VaultEventS3RestoreObjectFailed, } } diff --git a/service/cloudwatchevidently/api.go b/service/cloudwatchevidently/api.go index 9b57357456f..6a1732adaed 100644 --- a/service/cloudwatchevidently/api.go +++ b/service/cloudwatchevidently/api.go @@ -573,6 +573,9 @@ func (c *CloudWatchEvidently) DeleteExperimentRequest(input *DeleteExperimentInp // API operation DeleteExperiment for usage and error information. // // Returned Error Types: +// * ValidationException +// The value of a parameter in the request caused an error. +// // * InternalServerException // Unexpected error while processing the request. Retry the request. // @@ -1061,6 +1064,9 @@ func (c *CloudWatchEvidently) GetExperimentRequest(input *GetExperimentInput) (r // * ThrottlingException // The request was denied because of request throttling. Retry the request. // +// * ValidationException +// The value of a parameter in the request caused an error. +// // * ResourceNotFoundException // The request references a resource that does not exist. // @@ -1327,6 +1333,9 @@ func (c *CloudWatchEvidently) GetLaunchRequest(input *GetLaunchInput) (req *requ // * ThrottlingException // The request was denied because of request throttling. Retry the request. // +// * ValidationException +// The value of a parameter in the request caused an error. +// // * ResourceNotFoundException // The request references a resource that does not exist. // @@ -1511,6 +1520,9 @@ func (c *CloudWatchEvidently) ListExperimentsRequest(input *ListExperimentsInput // * ResourceNotFoundException // The request references a resource that does not exist. // +// * AccessDeniedException +// You do not have sufficient permissions to perform this action. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/evidently-2021-02-01/ListExperiments func (c *CloudWatchEvidently) ListExperiments(input *ListExperimentsInput) (*ListExperimentsOutput, error) { req, out := c.ListExperimentsRequest(input) @@ -2349,6 +2361,9 @@ func (c *CloudWatchEvidently) StartLaunchRequest(input *StartLaunchInput) (req * // * ValidationException // The value of a parameter in the request caused an error. // +// * ConflictException +// A resource was in an inconsistent state during an update or a deletion. +// // * ServiceQuotaExceededException // The request would cause a service quota to be exceeded. // @@ -6858,6 +6873,10 @@ type ListExperimentsInput struct { // // Project is a required field Project *string `location:"uri" locationName:"project" type:"string" required:"true"` + + // Use this optional parameter to limit the returned results to only the experiments + // with the status that you specify here. + Status *string `location:"querystring" locationName:"status" type:"string" enum:"ExperimentStatus"` } // String returns the string representation. @@ -6918,6 +6937,12 @@ func (s *ListExperimentsInput) SetProject(v string) *ListExperimentsInput { return s } +// SetStatus sets the Status field's value. +func (s *ListExperimentsInput) SetStatus(v string) *ListExperimentsInput { + s.Status = &v + return s +} + type ListExperimentsOutput struct { _ struct{} `type:"structure"` @@ -7090,6 +7115,10 @@ type ListLaunchesInput struct { // // Project is a required field Project *string `location:"uri" locationName:"project" type:"string" required:"true"` + + // Use this optional parameter to limit the returned results to only the launches + // with the status that you specify here. + Status *string `location:"querystring" locationName:"status" type:"string" enum:"LaunchStatus"` } // String returns the string representation. @@ -7150,6 +7179,12 @@ func (s *ListLaunchesInput) SetProject(v string) *ListLaunchesInput { return s } +// SetStatus sets the Status field's value. +func (s *ListLaunchesInput) SetStatus(v string) *ListLaunchesInput { + s.Status = &v + return s +} + type ListLaunchesOutput struct { _ struct{} `type:"structure"` @@ -7451,7 +7486,9 @@ type MetricDefinitionConfig struct { // The entity, such as a user or session, that does an action that causes a // metric value to be recorded. An example is userDetails.userID. - EntityIdKey *string `locationName:"entityIdKey" min:"1" type:"string"` + // + // EntityIdKey is a required field + EntityIdKey *string `locationName:"entityIdKey" min:"1" type:"string" required:"true"` // The EventBridge event pattern that defines how the metric is recorded. // @@ -7460,13 +7497,17 @@ type MetricDefinitionConfig struct { EventPattern aws.JSONValue `locationName:"eventPattern" type:"jsonvalue"` // A name for the metric. - Name *string `locationName:"name" min:"1" type:"string"` + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` // A label for the units that the metric is measuring. UnitLabel *string `locationName:"unitLabel" min:"1" type:"string"` // The value that is tracked to produce the metric. - ValueKey *string `locationName:"valueKey" min:"1" type:"string"` + // + // ValueKey is a required field + ValueKey *string `locationName:"valueKey" min:"1" type:"string" required:"true"` } // String returns the string representation. @@ -7490,15 +7531,24 @@ func (s MetricDefinitionConfig) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *MetricDefinitionConfig) Validate() error { invalidParams := request.ErrInvalidParams{Context: "MetricDefinitionConfig"} + if s.EntityIdKey == nil { + invalidParams.Add(request.NewErrParamRequired("EntityIdKey")) + } if s.EntityIdKey != nil && len(*s.EntityIdKey) < 1 { invalidParams.Add(request.NewErrParamMinLen("EntityIdKey", 1)) } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } if s.UnitLabel != nil && len(*s.UnitLabel) < 1 { invalidParams.Add(request.NewErrParamMinLen("UnitLabel", 1)) } + if s.ValueKey == nil { + invalidParams.Add(request.NewErrParamRequired("ValueKey")) + } if s.ValueKey != nil && len(*s.ValueKey) < 1 { invalidParams.Add(request.NewErrParamMinLen("ValueKey", 1)) } diff --git a/service/iam/api.go b/service/iam/api.go index 4c5f41c92c1..9ef2c48899c 100644 --- a/service/iam/api.go +++ b/service/iam/api.go @@ -5421,9 +5421,9 @@ func (c *IAM) GenerateServiceLastAccessedDetailsRequest(input *GenerateServiceLa // Generates a report that includes details about when an IAM resource (user, // group, role, or policy) was last used in an attempt to access Amazon Web // Services services. Recent activity usually appears within four hours. IAM -// reports activity for the last 365 days, or less if your Region began supporting -// this feature within the last year. For more information, see Regions where -// data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). +// reports activity for at least the last 400 days, or less if your Region began +// supporting this feature within the last year. For more information, see Regions +// where data is tracked (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_access-advisor.html#access-advisor_tracking-period). // // The service last accessed data includes all attempts to access an Amazon // Web Services API, not just the successful ones. This includes all attempts @@ -12378,8 +12378,8 @@ func (c *IAM) ListVirtualMFADevicesRequest(input *ListVirtualMFADevicesInput) (r // // IAM resource-listing operations return a subset of the available attributes // for the resource. For example, this operation does not return tags, even -// though they are an attribute of the returned object. To view all of the information -// for a virtual MFA device, see ListVirtualMFADevices. +// though they are an attribute of the returned object. To view tag information +// for a virtual MFA device, see ListMFADeviceTags. // // You can paginate the results using the MaxItems and Marker parameters. // @@ -15991,12 +15991,12 @@ func (c *IAM) UpdateAccountPasswordPolicyRequest(input *UpdateAccountPasswordPol // // Updates the password policy settings for the Amazon Web Services account. // -// * This operation does not support partial updates. No parameters are required, -// but if you do not specify a parameter, that parameter's value reverts -// to its default value. See the Request Parameters section for each parameter's -// default value. Also note that some parameters do not allow the default -// parameter to be explicitly set. Instead, to invoke the default value, -// do not include that parameter when you invoke the operation. +// This operation does not support partial updates. No parameters are required, +// but if you do not specify a parameter, that parameter's value reverts to +// its default value. See the Request Parameters section for each parameter's +// default value. Also note that some parameters do not allow the default parameter +// to be explicitly set. Instead, to invoke the default value, do not include +// that parameter when you invoke the operation. // // For more information about using a password policy, see Managing an IAM password // policy (https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_ManagingPasswordPolicies.html) @@ -32263,7 +32263,11 @@ func (s *OrganizationsDecisionDetail) SetAllowedByOrganizations(v bool) *Organiz type PasswordPolicy struct { _ struct{} `type:"structure"` - // Specifies whether IAM users are allowed to change their own password. + // Specifies whether IAM users are allowed to change their own password. Gives + // IAM users permissions to iam:ChangePassword for only their user and to the + // iam:GetAccountPasswordPolicy action. This option does not attach a permissions + // policy to each user, rather the permissions are applied at the account-level + // for all users by IAM. AllowUsersToChangePassword *bool `type:"boolean"` // Indicates whether passwords in the account expire. Returns true if MaxPasswordAge @@ -32271,8 +32275,11 @@ type PasswordPolicy struct { // not present. ExpirePasswords *bool `type:"boolean"` - // Specifies whether IAM users are prevented from setting a new password after - // their password has expired. + // Specifies whether IAM users are prevented from setting a new password via + // the Amazon Web Services Management Console after their password has expired. + // The IAM user cannot access the console until an administrator resets the + // password. IAM users with iam:ChangePassword permission and active access + // keys can reset their own expired console password using the CLI or API. HardExpiry *bool `type:"boolean"` // The number of days that an IAM user password is valid. @@ -38115,8 +38122,8 @@ type UpdateAccountPasswordPolicyInput struct { _ struct{} `type:"structure"` // Allows all IAM users in your account to use the Amazon Web Services Management - // Console to change their own passwords. For more information, see Letting - // IAM users change their own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html) + // Console to change their own passwords. For more information, see Permitting + // IAM users to change their own passwords (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_enable-user-change.html) // in the IAM User Guide. // // If you do not specify a value for this parameter, then the operation uses @@ -38124,12 +38131,22 @@ type UpdateAccountPasswordPolicyInput struct { // not automatically have permissions to change their own password. AllowUsersToChangePassword *bool `type:"boolean"` - // Prevents IAM users from setting a new password after their password has expired. - // The IAM user cannot be accessed until an administrator resets the password. + // Prevents IAM users who are accessing the account via the Amazon Web Services + // Management Console from setting a new console password after their password + // has expired. The IAM user cannot access the console until an administrator + // resets the password. // // If you do not specify a value for this parameter, then the operation uses // the default value of false. The result is that IAM users can change their // passwords after they expire and continue to sign in as the user. + // + // In the Amazon Web Services Management Console, the custom password policy + // option Allow users to change their own password gives IAM users permissions + // to iam:ChangePassword for only their user and to the iam:GetAccountPasswordPolicy + // action. This option does not attach a permissions policy to each user, rather + // the permissions are applied at the account-level for all users by IAM. IAM + // users with iam:ChangePassword permission and active access keys can reset + // their own expired console password using the CLI or API. HardExpiry *bool `type:"boolean"` // The number of days that an IAM user password is valid. diff --git a/service/redshift/api.go b/service/redshift/api.go index 127d8e1ffc2..c05a31f425a 100644 --- a/service/redshift/api.go +++ b/service/redshift/api.go @@ -2287,8 +2287,8 @@ func (c *Redshift) CreateSnapshotCopyGrantRequest(input *CreateSnapshotCopyGrant // CreateSnapshotCopyGrant API operation for Amazon Redshift. // -// Creates a snapshot copy grant that permits Amazon Redshift to use a customer -// master key (CMK) from Key Management Service (KMS) to encrypt copied snapshots +// Creates a snapshot copy grant that permits Amazon Redshift to use an encrypted +// symmetric key from Key Management Service (KMS) to encrypt copied snapshots // in a destination region. // // For more information about managing snapshot copy grants, go to Amazon Redshift @@ -9175,9 +9175,9 @@ func (c *Redshift) DisableSnapshotCopyRequest(input *DisableSnapshotCopyInput) ( // Disables the automatic copying of snapshots from one region to another region // for a specified cluster. // -// If your cluster and its snapshots are encrypted using a customer master key -// (CMK) from Key Management Service, use DeleteSnapshotCopyGrant to delete -// the grant that grants Amazon Redshift permission to the CMK in the destination +// If your cluster and its snapshots are encrypted using an encrypted symmetric +// key from Key Management Service, use DeleteSnapshotCopyGrant to delete the +// grant that grants Amazon Redshift permission to the key in the destination // region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -10398,7 +10398,9 @@ func (c *Redshift) ModifyClusterIamRolesRequest(input *ModifyClusterIamRolesInpu // Modifies the list of Identity and Access Management (IAM) roles that can // be used by the cluster to access other Amazon Web Services services. // -// A cluster can have up to 10 IAM roles associated at any time. +// The maximum number of IAM roles that you can associate is subject to a quota. +// For more information, go to Quotas and limits (https://docs.aws.amazon.com/redshift/latest/mgmt/amazon-redshift-limits.html) +// in the Amazon Redshift Cluster Management Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13248,6 +13250,10 @@ type AssociateDataShareConsumerInput struct { // datashare. ConsumerArn *string `type:"string"` + // From a datashare consumer account, associates a datashare with all existing + // and future namespaces in the specified Amazon Web Services Region. + ConsumerRegion *string `type:"string"` + // The Amazon Resource Name (ARN) of the datashare that the consumer is to use // with the account or the namespace. // @@ -13298,6 +13304,12 @@ func (s *AssociateDataShareConsumerInput) SetConsumerArn(v string) *AssociateDat return s } +// SetConsumerRegion sets the ConsumerRegion field's value. +func (s *AssociateDataShareConsumerInput) SetConsumerRegion(v string) *AssociateDataShareConsumerInput { + s.ConsumerRegion = &v + return s +} + // SetDataShareArn sets the DataShareArn field's value. func (s *AssociateDataShareConsumerInput) SetDataShareArn(v string) *AssociateDataShareConsumerInput { s.DataShareArn = &v @@ -16210,10 +16222,11 @@ type CreateClusterInput struct { // A list of Identity and Access Management (IAM) roles that can be used by // the cluster to access other Amazon Web Services services. You must supply - // the IAM roles in their Amazon Resource Name (ARN) format. You can supply - // up to 10 IAM roles in a single request. + // the IAM roles in their Amazon Resource Name (ARN) format. // - // A cluster can have up to 10 IAM roles associated with it at any time. + // The maximum number of IAM roles that you can associate is subject to a quota. + // For more information, go to Quotas and limits (https://docs.aws.amazon.com/redshift/latest/mgmt/amazon-redshift-limits.html) + // in the Amazon Redshift Cluster Management Guide. IamRoles []*string `locationNameList:"IamRoleArn" type:"list"` // The Key Management Service (KMS) key ID of the encryption key that you want @@ -16245,8 +16258,8 @@ type CreateClusterInput struct { // // * Must contain one number. // - // * Can be any printable ASCII character (ASCII code 33 to 126) except ' - // (single quote), " (double quote), \, /, @, or space. + // * Can be any printable ASCII character (ASCII code 33-126) except ' (single + // quote), " (double quote), \, /, or @. // // MasterUserPassword is a required field MasterUserPassword *string `type:"string" required:"true"` @@ -18004,8 +18017,8 @@ func (s *CreateScheduledActionOutput) SetTargetAction(v *ScheduledActionType) *C type CreateSnapshotCopyGrantInput struct { _ struct{} `type:"structure"` - // The unique identifier of the customer master key (CMK) to which to grant - // Amazon Redshift permission. If no key is specified, the default key is used. + // The unique identifier of the encrypted symmetric key to which to grant Amazon + // Redshift permission. If no key is specified, the default key is used. KmsKeyId *string `type:"string"` // The name of the snapshot copy grant. This name must be unique in the region @@ -18083,8 +18096,8 @@ type CreateSnapshotCopyGrantOutput struct { _ struct{} `type:"structure"` // The snapshot copy grant that grants Amazon Redshift permission to encrypt - // copied snapshots with the specified customer master key (CMK) from Amazon - // Web Services KMS in the destination region. + // copied snapshots with the specified encrypted symmetric key from Amazon Web + // Services KMS in the destination region. // // For more information about managing snapshot copy grants, go to Amazon Redshift // Database Encryption (https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html) @@ -18393,7 +18406,8 @@ type CreateUsageLimitInput struct { // The type of limit. Depending on the feature type, this can be based on a // time duration or data size. If FeatureType is spectrum, then LimitType must // be data-scanned. If FeatureType is concurrency-scaling, then LimitType must - // be time. + // be time. If FeatureType is cross-region-datasharing, then LimitType must + // be data-scanned. // // LimitType is a required field LimitType *string `type:"string" required:"true" enum:"UsageLimitLimitType"` @@ -18673,6 +18687,10 @@ type DataShareAssociation struct { // datashare. ConsumerIdentifier *string `type:"string"` + // The Amazon Web Services Region of the consumer accounts that have an association + // with a producer datashare. + ConsumerRegion *string `type:"string"` + // The creation date of the datashare that is associated. CreatedDate *time.Time `type:"timestamp"` @@ -18707,6 +18725,12 @@ func (s *DataShareAssociation) SetConsumerIdentifier(v string) *DataShareAssocia return s } +// SetConsumerRegion sets the ConsumerRegion field's value. +func (s *DataShareAssociation) SetConsumerRegion(v string) *DataShareAssociation { + s.ConsumerRegion = &v + return s +} + // SetCreatedDate sets the CreatedDate field's value. func (s *DataShareAssociation) SetCreatedDate(v time.Time) *DataShareAssociation { s.CreatedDate = &v @@ -25258,6 +25282,11 @@ type DisassociateDataShareConsumerInput struct { // is removed from. ConsumerArn *string `type:"string"` + // From a datashare consumer account, removes association of a datashare from + // all the existing and future namespaces in the specified Amazon Web Services + // Region. + ConsumerRegion *string `type:"string"` + // The Amazon Resource Name (ARN) of the datashare to remove association for. // // DataShareArn is a required field @@ -25305,6 +25334,12 @@ func (s *DisassociateDataShareConsumerInput) SetConsumerArn(v string) *Disassoci return s } +// SetConsumerRegion sets the ConsumerRegion field's value. +func (s *DisassociateDataShareConsumerInput) SetConsumerRegion(v string) *DisassociateDataShareConsumerInput { + s.ConsumerRegion = &v + return s +} + // SetDataShareArn sets the DataShareArn field's value. func (s *DisassociateDataShareConsumerInput) SetDataShareArn(v string) *DisassociateDataShareConsumerInput { s.DataShareArn = &v @@ -27434,8 +27469,7 @@ type ModifyClusterIamRolesInput struct { _ struct{} `type:"structure"` // Zero or more IAM roles to associate with the cluster. The roles must be in - // their Amazon Resource Name (ARN) format. You can associate up to 10 IAM roles - // with a single cluster in a single request. + // their Amazon Resource Name (ARN) format. AddIamRoles []*string `locationNameList:"IamRoleArn" type:"list"` // The unique identifier of the cluster for which you want to associate or disassociate @@ -27448,8 +27482,7 @@ type ModifyClusterIamRolesInput struct { // the cluster when the cluster was last modified. DefaultIamRoleArn *string `type:"string"` - // Zero or more IAM roles in ARN format to disassociate from the cluster. You - // can disassociate up to 10 IAM roles from a single cluster in a single request. + // Zero or more IAM roles in ARN format to disassociate from the cluster. RemoveIamRoles []*string `locationNameList:"IamRoleArn" type:"list"` } @@ -27703,8 +27736,8 @@ type ModifyClusterInput struct { // // * Must contain one number. // - // * Can be any printable ASCII character (ASCII code 33 to 126) except ' - // (single quote), " (double quote), \, /, @, or space. + // * Can be any printable ASCII character (ASCII code 33-126) except ' (single + // quote), " (double quote), \, /, or @. MasterUserPassword *string `type:"string"` // The new identifier for the cluster. @@ -31390,10 +31423,11 @@ type RestoreFromClusterSnapshotInput struct { // A list of Identity and Access Management (IAM) roles that can be used by // the cluster to access other Amazon Web Services services. You must supply - // the IAM roles in their Amazon Resource Name (ARN) format. You can supply - // up to 10 IAM roles in a single request. + // the IAM roles in their Amazon Resource Name (ARN) format. // - // A cluster can have up to 10 IAM roles associated at any time. + // The maximum number of IAM roles that you can associate is subject to a quota. + // For more information, go to Quotas and limits (https://docs.aws.amazon.com/redshift/latest/mgmt/amazon-redshift-limits.html) + // in the Amazon Redshift Cluster Management Guide. IamRoles []*string `locationNameList:"IamRoleArn" type:"list"` // The Key Management Service (KMS) key ID of the encryption key that you want @@ -33272,8 +33306,8 @@ func (s *Snapshot) SetVpcId(v string) *Snapshot { } // The snapshot copy grant that grants Amazon Redshift permission to encrypt -// copied snapshots with the specified customer master key (CMK) from Amazon -// Web Services KMS in the destination region. +// copied snapshots with the specified encrypted symmetric key from Amazon Web +// Services KMS in the destination region. // // For more information about managing snapshot copy grants, go to Amazon Redshift // Database Encryption (https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-db-encryption.html) @@ -33281,7 +33315,7 @@ func (s *Snapshot) SetVpcId(v string) *Snapshot { type SnapshotCopyGrant struct { _ struct{} `type:"structure"` - // The unique identifier of the customer master key (CMK) in Amazon Web Services + // The unique identifier of the encrypted symmetric key in Amazon Web Services // KMS to which Amazon Redshift is granted permission. KmsKeyId *string `type:"string"` @@ -34838,6 +34872,9 @@ const ( // UsageLimitFeatureTypeConcurrencyScaling is a UsageLimitFeatureType enum value UsageLimitFeatureTypeConcurrencyScaling = "concurrency-scaling" + + // UsageLimitFeatureTypeCrossRegionDatasharing is a UsageLimitFeatureType enum value + UsageLimitFeatureTypeCrossRegionDatasharing = "cross-region-datasharing" ) // UsageLimitFeatureType_Values returns all elements of the UsageLimitFeatureType enum @@ -34845,6 +34882,7 @@ func UsageLimitFeatureType_Values() []string { return []string{ UsageLimitFeatureTypeSpectrum, UsageLimitFeatureTypeConcurrencyScaling, + UsageLimitFeatureTypeCrossRegionDatasharing, } }